From dc8abe95f071cbcc80145912f9caf795b328b48b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 18:58:52 +0200 Subject: [PATCH 001/316] Update list_user.html - coffee typo --- web/templates/admin/list_user.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/admin/list_user.html b/web/templates/admin/list_user.html index 066513ee..0bcbddd7 100644 --- a/web/templates/admin/list_user.html +++ b/web/templates/admin/list_user.html @@ -81,7 +81,7 @@
Donate - Buy us a coffe + Buy us a coffee
Wiki From ef5ef951940ed7bcf3f47f02e2695104b7f23c6b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 28 Jun 2023 15:22:05 +0200 Subject: [PATCH 002/316] get deb12 exim conf --- bin/v-make-separated-ip-for-email | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index a26c68e3..a25fc6dd 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -138,7 +138,7 @@ check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template) if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup - cp /usr/local/vesta/install/debian/11/exim/exim4.conf.template-RC /etc/exim4/exim4.conf.template + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template From 7ee011a9d3b6c72183a455fe9d68c2ed9ea35c1a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Jul 2023 14:41:38 +0200 Subject: [PATCH 003/316] Update v-import-cpanel-backup --- bin/v-import-cpanel-backup | 45 +++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 02383018..4faad31e 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -269,28 +269,29 @@ cd $sk_mdir for sk_maild in $(ls -1) do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then - if [ -d "$sk_maild" ]; then - for sk_mail_account in $(ls $sk_maild/) - do - - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - echo "Set password for ${sk_mail_account}@${sk_maild}" - pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') - newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" - newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" - # echo $newline - escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') - escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') - sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd - sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf - done - fi + if [ -d "$sk_maild" ]; then + for sk_mail_account in $(ls $sk_maild/) + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + # echo $newline + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + fi + done + fi #else # this only detect default dirs account new, cur, tmp etc # maybe can do something with this, but on most cpanel default account have only spam. From 12d6e59a7ec278e34117f674739988db20eca0d1 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Jul 2023 14:50:16 +0200 Subject: [PATCH 004/316] Update v-import-cpanel-backup --- bin/v-import-cpanel-backup | 44 ++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 4faad31e..f92ae5af 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -271,25 +271,25 @@ do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then if [ -d "$sk_maild" ]; then for sk_mail_account in $(ls $sk_maild/) - do - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then - echo "Set password for ${sk_mail_account}@${sk_maild}" - pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') - newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" - newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" - # echo $newline - escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') - escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') - sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd - sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf - fi + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + else + echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + fi done fi #else @@ -368,7 +368,9 @@ tput setaf 4 echo "##############################" echo "cPanel Backup restored" echo "Review your content and report any fail" -# echo "I reset mail password not posible restore it yet." -# echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then + echo "I reset mail password not posible restore it yet." + echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +fi echo "##############################" tput sgr0 From 5d2f0d68e0a707f3a1db593a755bc3e86a0a5dad Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 29 Jul 2023 14:40:19 +0200 Subject: [PATCH 005/316] Removing sury repo from multi-php-install.sh for Debian 8 and 9 --- src/deb/for-download/tools/multi-php-install.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 88528e92..4d86050d 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -95,12 +95,8 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - if [ $debian_version -eq 8 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ jessie main" > /etc/apt/sources.list.d/php.list' - fi - if [ $debian_version -eq 9 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/php.list' + if [ $debian_version -ge 10 ]; then + wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi if [ $debian_version -eq 10 ]; then sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' From 843d4a94e2ae6df08654090f95fd19d3c3914ac3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 8 Aug 2023 15:41:25 +0200 Subject: [PATCH 006/316] Update install_rate_limit_tpl.sh --- .../for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 8710008c..3cae3526 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -54,4 +54,4 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl -service nginx restart +systemctl restart nginx From e82378c9358ae98ec0b4c50722890b9fd9f7c33f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 15:45:37 +0200 Subject: [PATCH 007/316] v-grep LF ending --- bin/v-grep | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/bin/v-grep b/bin/v-grep index 3e467129..045751a5 100644 --- a/bin/v-grep +++ b/bin/v-grep @@ -1,21 +1,21 @@ -#!/bin/bash -# info: calling myvesta_grep PHP function -# options: PARAMETERS -# -# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - - -if [ -p /dev/stdin ]; then - STDIN=$(cat -) - if [ ! -z "$STDIN" ]; then - echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" - exit $? - fi -fi - -php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" -exit $? +#!/bin/bash +# info: calling myvesta_grep PHP function +# options: PARAMETERS +# +# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" + exit $? + fi +fi + +php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" +exit $? From 4d7ce60f39e675982bfdaf443e88be9b7e206787 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 20:11:40 +0200 Subject: [PATCH 008/316] deb12 fixes in postinst --- src/deb/vesta/postinst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 09195d4c..9b074aaf 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -26,7 +26,7 @@ fi # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Patching exim4.conf for: smtputf8_advertise_hosts -if [ "$release" -gt 10 ]; then +if [ "$release" -ge 11 ]; then if [ -f "/etc/exim4/exim4.conf.template" ]; then if ! grep -q 'smtputf8_advertise_hosts' /etc/exim4/exim4.conf.template; then echo 'Patching exim4.conf for: smtputf8_advertise_hosts' @@ -47,7 +47,7 @@ if [ -f "/etc/exim4/exim4.conf.template" ]; then fi # Making sure yescrypt is disabled -if [ "$release" -eq 11 ]; then +if [ "$release" -ge 11 ]; then sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password fi @@ -66,13 +66,18 @@ if [ "$release" -eq 11 ]; then ADD=" hosts_try_fastopen = \!\*.l.google.com" sed -i "s#$FIND#$FIND\n$ADD#g" /etc/exim4/exim4.conf.template systemctl restart exim4 - - sed -i "s/net.ipv4.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv4/tcp_window_scaling fi fi fi +if [ "$release" -ge 11 ]; then + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi +fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then From cb52ef65b41ca1da71114cb6ba0e5249a0ae8166 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 20:14:34 +0200 Subject: [PATCH 009/316] postinst removing tabs indent --- src/deb/vesta/postinst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 9b074aaf..d1c92a8c 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -71,12 +71,12 @@ if [ "$release" -eq 11 ]; then fi if [ "$release" -ge 11 ]; then - check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) - if [ "$check_grep" -gt 0 ]; then - echo "=== Removing net.ipv4.tcp_window_scaling" - sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv4/tcp_window_scaling - fi + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi fi # Adding Barracuda RBL to SpamAssassin From 0213d749eeebd6a46477afd9c554206741054763 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:03:16 +0200 Subject: [PATCH 010/316] Update exim_forwarding.patch --- src/deb/for-download/tools/patches/exim_forwarding.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/patches/exim_forwarding.patch b/src/deb/for-download/tools/patches/exim_forwarding.patch index 1fa6d408..dcefe327 100644 --- a/src/deb/for-download/tools/patches/exim_forwarding.patch +++ b/src/deb/for-download/tools/patches/exim_forwarding.patch @@ -6,7 +6,7 @@ + warn !authenticated = * + hosts = !+relay_from_hosts -+ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} ++ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + deny message = Restricted characters in address From bb79f9f8c01b49c10c862f09e5e263927c78d323 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Aug 2023 20:50:20 +0200 Subject: [PATCH 011/316] deb12 nginx http2 on; --- install/debian/12/nginx/nginx.conf | 2 +- install/debian/12/templates/web/nginx/force-https-legacy.stpl | 3 ++- install/debian/12/templates/web/nginx/force-https-public.stpl | 3 ++- .../12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl | 3 ++- install/debian/12/templates/web/nginx/force-https.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting-legacy.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting-public.stpl | 3 ++- .../12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting.stpl | 3 ++- install/debian/12/templates/web/nginx/private-force-https.stpl | 3 ++- install/debian/12/templates/web/nginx/private-hosting.stpl | 3 ++- 11 files changed, 21 insertions(+), 11 deletions(-) diff --git a/install/debian/12/nginx/nginx.conf b/install/debian/12/nginx/nginx.conf index 6d5e36ba..6efe2337 100644 --- a/install/debian/12/nginx/nginx.conf +++ b/install/debian/12/nginx/nginx.conf @@ -100,7 +100,7 @@ http { # SSL PCI Compliance ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl index 79e55a26..bea7d86c 100644 --- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssll + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-public.stpl b/install/debian/12/templates/web/nginx/force-https-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/force-https-public.stpl +++ b/install/debian/12/templates/web/nginx/force-https-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https.stpl b/install/debian/12/templates/web/nginx/force-https.stpl index 33fab443..55f41002 100644 --- a/install/debian/12/templates/web/nginx/force-https.stpl +++ b/install/debian/12/templates/web/nginx/force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.stpl b/install/debian/12/templates/web/nginx/hosting-legacy.stpl index a34b4bf1..efdd3b87 100644 --- a/install/debian/12/templates/web/nginx/hosting-legacy.stpl +++ b/install/debian/12/templates/web/nginx/hosting-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-public.stpl b/install/debian/12/templates/web/nginx/hosting-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/hosting-public.stpl +++ b/install/debian/12/templates/web/nginx/hosting-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting.stpl b/install/debian/12/templates/web/nginx/hosting.stpl index 755caadf..5745311e 100644 --- a/install/debian/12/templates/web/nginx/hosting.stpl +++ b/install/debian/12/templates/web/nginx/hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-force-https.stpl b/install/debian/12/templates/web/nginx/private-force-https.stpl index 64094fb8..bf805683 100644 --- a/install/debian/12/templates/web/nginx/private-force-https.stpl +++ b/install/debian/12/templates/web/nginx/private-force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-hosting.stpl b/install/debian/12/templates/web/nginx/private-hosting.stpl index fd9471bd..8e5b3f7b 100644 --- a/install/debian/12/templates/web/nginx/private-hosting.stpl +++ b/install/debian/12/templates/web/nginx/private-hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; From 658680095bae44d5495219282f4e752ef5403ee0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Aug 2023 20:52:13 +0200 Subject: [PATCH 012/316] http2 typo --- install/debian/12/templates/web/nginx/force-https-legacy.stpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl index bea7d86c..8e636db3 100644 --- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%proxy_ssl_port% ssll + listen %ip%:%proxy_ssl_port% ssl; http2 on; server_name %domain_idn% %alias_idn%; From c32036e53181d11e9b693ead4651d2973413d572 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 11:23:57 +0200 Subject: [PATCH 013/316] Handling tailf watcher processes in v-clean-garbage --- bin/v-clean-garbage | 19 +++++++++++++++++++ bin/v-commander | 19 ------------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 72e8560e..6dc006ae 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -21,6 +21,14 @@ source /usr/local/vesta/func/main.sh # Action # #----------------------------------------------------------# +# turn off tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') +fi + rm /var/backups/* > /dev/null 2>&1 rm /var/cache/apt/archives/* > /dev/null 2>&1 cd /var/log @@ -41,6 +49,9 @@ find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete find /var/log/exim4/ -type f -exec truncate -s 0 {} \; +truncate -s 0 /*.log +rm /panic-*.log +rm /var/log/panic-*.log clean_home() { nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete @@ -74,6 +85,14 @@ if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban fi +# turn on tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & +fi + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-commander b/bin/v-commander index 06a5f737..e0850737 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -354,32 +354,13 @@ do echo "=============================" echo "== cleaning trash" df -m - ps -Af | grep tailf | grep -v "grep tailf" - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') - fi echo "------" ps -Af | grep tailf | grep -v "grep tailf" echo "------" - sleep 2 - truncate -s 0 /*.log - rm /panic-*.log - rm /var/log/panic-*.log /usr/local/vesta/bin/v-clean-garbage - sleep 2 - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & - fi echo "--------------" df -m echo "--------------" - sleep 2 ps -Af | grep tailf | grep -v "grep tailf" fi From b80a9756213305c30f5cfc86fb71cfee65aa076d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 11:37:04 +0200 Subject: [PATCH 014/316] Muting some unnecessary cleaning errors --- bin/v-clean-garbage | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 6dc006ae..a53cace8 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -49,9 +49,9 @@ find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete find /var/log/exim4/ -type f -exec truncate -s 0 {} \; -truncate -s 0 /*.log -rm /panic-*.log -rm /var/log/panic-*.log +truncate -s 0 /*.log > /dev/null 2>&1 +rm /panic-*.log > /dev/null 2>&1 +rm /var/log/panic-*.log > /dev/null 2>&1 clean_home() { nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete From 34c0588b76c31bdee93c679bbb1407dafd186c3c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:05:26 +0200 Subject: [PATCH 015/316] ignoring nohup messages --- bin/v-clean-garbage | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index a53cace8..323ee80d 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -87,10 +87,10 @@ fi # turn on tailf watcher process if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 & fi if [ -f "/usr/local/bin/tailf_exim.php" ]; then - nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & fi #----------------------------------------------------------# From 8d467b98abcd44ec7561c86af8149a9d987b150b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:39:44 +0200 Subject: [PATCH 016/316] Muting some unnecessary cleaning errors --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 323ee80d..e588904c 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -54,7 +54,7 @@ rm /panic-*.log > /dev/null 2>&1 rm /var/log/panic-*.log > /dev/null 2>&1 clean_home() { - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1 find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 From 022f3078f51df8000f99312beffb1c091366183b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 6 Sep 2023 14:45:40 +0200 Subject: [PATCH 017/316] Fixing 'dh key too small' in dovecot --- src/deb/vesta/postinst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d1c92a8c..3f237f10 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,17 @@ fi # echo "1" > /usr/local/vesta/data/upgrades/show_changelog # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Fixing 'dh key too small' in dovecot +if [ -f "/var/log/dovecot.log" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log; then + if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then + echo "== Fixing 'dh key too small' in dovecot" + echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf + systemctl restart dovecot + fi + fi +fi + # Patching exim4.conf for: smtputf8_advertise_hosts if [ "$release" -ge 11 ]; then if [ -f "/etc/exim4/exim4.conf.template" ]; then From 06527b4d49be97366926173bfd90a4b566a773a7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Sep 2023 01:12:08 +0200 Subject: [PATCH 018/316] Update postinst --- src/deb/vesta/postinst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 3f237f10..e53fee72 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -26,8 +26,8 @@ fi # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Fixing 'dh key too small' in dovecot -if [ -f "/var/log/dovecot.log" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then - if grep -q 'dh key too small' /var/log/dovecot.log; then +if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log.1; then if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then echo "== Fixing 'dh key too small' in dovecot" echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf From c43b3b09766e2d09033e9a4ab7faf34f3893de60 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 16 Sep 2023 01:11:30 +0200 Subject: [PATCH 019/316] Check if source user is suspended --- bin/v-move-domain-and-database-to-account | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index d055e361..7524d229 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user + USER_TO=$user #----------------------------------------------------------# From 39a4dffbcece94e04f626b6ac6f1274aadb7876e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 16 Sep 2023 01:20:19 +0200 Subject: [PATCH 020/316] Check if source user is suspended --- bin/v-change-domain-owner | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 8f267307..c3f8bcfa 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user #----------------------------------------------------------# # Action # From 1709e9ae3d2ffa3c8ae8f748fba6b53833250c58 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 24 Sep 2023 16:58:29 +0200 Subject: [PATCH 021/316] Disabling SpamAssassin on Deb12 --- bin/v-commander | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index e0850737..073c6d72 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -241,8 +241,13 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" - systemctl stop spamassassin.service - systemctl disable spamassassin.service + if [ "$release" -lt 12 ]; then + systemctl stop spamassassin.service + systemctl disable spamassassin.service + else + systemctl stop spamd.service + systemctl disable spamd.service + fi sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template From 98d8ab7f29b3e00208ecb50f203b45859fbd8019 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 27 Sep 2023 09:32:23 +0200 Subject: [PATCH 022/316] v-list-sys-services: detection for official mariadb repo installation --- bin/v-list-sys-services | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services index 3d876101..d23a92a7 100755 --- a/bin/v-list-sys-services +++ b/bin/v-list-sys-services @@ -301,6 +301,10 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then service='mariadb' proc_name='mariadbd' fi + if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then + service='mariadb' + proc_name='mariadbd' + fi if [ -d "/etc/sysconfig" ]; then service='mysqld' proc_name='mysqld' From c8fcc089a7e861931eda36e7b5f29b755b57e07d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 30 Sep 2023 15:20:47 +0200 Subject: [PATCH 023/316] Clean /home/*/tmp/ in v-clean-garbage --- bin/v-clean-garbage | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index e588904c..55dc98c3 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,6 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -exec rm {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 8a323f6447eda009cd2eaabee120a9ea3add653e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 30 Sep 2023 15:23:27 +0200 Subject: [PATCH 024/316] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 55dc98c3..d987a6c2 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,7 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -exec rm {} \; + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 33e6263e3d2f0d8198400d971bd7e8459ef51c7a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 00:32:27 +0200 Subject: [PATCH 025/316] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index d987a6c2..c46a2b55 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,7 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 3d503f4e1410271c276517c8ebb3fb0623d95dd9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 14:19:41 +0200 Subject: [PATCH 026/316] Update v-clean-garbage --- bin/v-clean-garbage | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index c46a2b55..80d7f165 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -29,6 +29,7 @@ if [ -f "/usr/local/bin/tailf_exim.php" ]; then kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') fi +find /tmp/ -type f -mtime +7 -delete rm /var/backups/* > /dev/null 2>&1 rm /var/cache/apt/archives/* > /dev/null 2>&1 cd /var/log @@ -45,6 +46,8 @@ find /var/log/ -type f -name "*.4" -delete find /var/log/ -type f -name "*.5" -delete find /var/log/ -type f -name "*.6" -delete find /var/log/ -type f -name "*.7" -delete +find /var/log/ -type f -name "*.8" -delete +find /var/log/ -type f -name "*.9" -delete find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete From 85bbc56cbdae66b44a8d65b9607b54d90b6f342d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 14:55:49 +0200 Subject: [PATCH 027/316] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index a25fc6dd..49d31f45 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -148,6 +148,8 @@ if [ "$check_grep" -eq 0 ]; then sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template + /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template' + /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template' touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour touch /etc/exim4/limit_per_email_account_max_recipients touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour From e1fe2ba0944829a08d42702f2f7dbc07f8a91fde Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 15:07:43 +0200 Subject: [PATCH 028/316] Patching exim4.conf for: Helo name contains a ip address --- install/debian/12/exim/exim4.conf.template | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index e6abbe8e..9c670fed 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -109,16 +109,19 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept From 64fa7d9e5865398e8c4c97a2cf115635d532576c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 15:12:40 +0200 Subject: [PATCH 029/316] Update exim4.conf.template --- install/debian/12/exim/exim4.conf.template | 1 - 1 file changed, 1 deletion(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 9c670fed..27fca98a 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -112,7 +112,6 @@ acl_check_mail: drop !authenticated = * message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s From b5d57baa294a4382bcec456dbc58ae78ed6df16f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Oct 2023 10:47:40 +0200 Subject: [PATCH 030/316] Update vst-install-debian.sh --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e7c9a0a9..47e8ede0 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -286,7 +286,7 @@ set_default_value 'postgresql' 'no' set_default_value 'mongodb' 'no' set_default_value 'exim' 'yes' set_default_value 'dovecot' 'yes' -if [ $memory -lt 1500000 ]; then +if [ $memory -lt 2500000 ]; then set_default_value 'clamd' 'no' set_default_value 'spamd' 'no' else From 1099b0c2672eb124c2c47698271d9a8c178a9fef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 4 Oct 2023 11:34:09 +0200 Subject: [PATCH 031/316] Update install_rate_limit_tpl.sh --- .../tools/rate-limit-tpl/install_rate_limit_tpl.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 3cae3526..1d128f7a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi @@ -22,6 +22,12 @@ if [ "$grepc" -eq 1 ]; then echo "=== Decrease addr zone to 1mb to nginx.conf" fi +grepc=$(grep -c 'zone=zone_site:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'zone_site' to nginx.conf" +fi + grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 1 ]; then sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf From 5fb32ef55f265a43cf7a8b8a8e5ea93b609ca76a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 4 Oct 2023 14:56:19 +0200 Subject: [PATCH 032/316] Delete pool.d conf file for all PHP versions --- bin/v-delete-web-domain | 48 ++++++++++++++++------------------------- 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 75399766..43362e34 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then rm $fpmconf echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log fi -fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi + +for PHPV in /etc/php/*; do + if [ -d "${PHPV}" ]; then + # PHPVER=$(basename ${PHPV}) + POOLD="${PHPV}/fpm/pool.d" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + POOLD="${PHPV}/fpm/pool.d-ioncube" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + fi +done # Deleting domain from web.conf sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf From baa93199e86851718feb5ec3fdf7418aa4c460f3 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Fri, 6 Oct 2023 11:35:11 +0200 Subject: [PATCH 033/316] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 71d9f5a9..a2e7a3de 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@

Features of myVesta

From 2aca86432fd8534df9fcb3387b748de3a4219cfe Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 8 Feb 2024 21:26:03 +0100 Subject: [PATCH 092/316] imapsync tools --- .../tools/imapsync/create-mail-sync.sh | 38 +++++++++---- .../tools/imapsync/import-from-file.sh | 56 +++++++++++++++++++ 2 files changed, 83 insertions(+), 11 deletions(-) create mode 100644 src/deb/for-download/tools/imapsync/import-from-file.sh diff --git a/src/deb/for-download/tools/imapsync/create-mail-sync.sh b/src/deb/for-download/tools/imapsync/create-mail-sync.sh index e325754e..94762505 100644 --- a/src/deb/for-download/tools/imapsync/create-mail-sync.sh +++ b/src/deb/for-download/tools/imapsync/create-mail-sync.sh @@ -35,18 +35,35 @@ fi TESTOPT="" if [[ $TEST -eq 1 ]]; then - TESTOPT="--justlogin" + TESTOPT="--justlogin" fi if [ ! -d "accounts" ]; then mkdir accounts fi if [ -f "accounts/$EMAIL" ]; then - echo "********* $EMAIL ALREADY EXISTS !!! ************" + echo "********* EMAIL $EMAIL ALREADY EXISTS !!! ************" exit 1; exit fi +euser=$(echo $EMAIL | cut -d '@' -f 1) +domain=$(echo $EMAIL | cut -d '@' -f 2) +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +if [ "$user" != "" ]; then + echo "=== Email '$EMAIL' has username email part '$euser', domain is '$domain', and belongs to myVesta account: $user" + if [ ! -d "/home/$user/mail/$domain" ]; then + echo "======= Creating '$domail' in MAIL section" + /usr/local/vesta/bin/v-add-mail-domain "$user" "$domain" + fi + if [ ! -d "/home/$user/mail/$domain/$euser" ]; then + echo "======= Creating '$euser' mail account for domain '$domain'" + /usr/local/vesta/bin/v-add-mail-account "$user" "$domain" "$euser" "$PASS2" + echo "" + fi +fi + + echo "Writing to: accounts/$EMAIL" echo "#!/bin/bash @@ -67,21 +84,20 @@ exit; chmod a=rwx accounts/$EMAIL if [[ $TEST -eq 0 ]]; then - exit 0; + exit 0; fi accounts/$EMAIL RET=$? if [ $RET -eq 0 ]; then - # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" - sed -i "s/--justlogin//g" accounts/$EMAIL - echo "--- OK! ---" - echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log + # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" + sed -i "s/--justlogin//g" accounts/$EMAIL + echo "--- OK! ---" + echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log else - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - rm accounts/$EMAIL + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + rm accounts/$EMAIL + read -p "=== Press ENTER to continue ===" entered fi exit $RET; diff --git a/src/deb/for-download/tools/imapsync/import-from-file.sh b/src/deb/for-download/tools/imapsync/import-from-file.sh new file mode 100644 index 00000000..ac0c42f4 --- /dev/null +++ b/src/deb/for-download/tools/imapsync/import-from-file.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# +# This script reads email and password=s in following format: +# email1 pass +# email2 pass +# email3 pass + +# The first parameter is the text file from which we read emails and passwords +# The second parameter is SMTP Hostname +# The third parameter is domain if lines contains only username part + + +host='' +if [ $# -gt 1 ]; then + host=$2 +else + echo "Usage: ./import-from-file.sh 'FILE' 'SMTPHOST' ['DOMAIN']" + exit 1; +fi + +domain='' +if [ $# -gt 2 ]; then + domain=$3 +fi + +end_of_file=0 +while [[ $end_of_file == 0 ]]; do + + read -r line + end_of_file=$? + + if [ "$line" == "" ]; then + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + continue + fi + + email=$(echo "$line" | awk '{print $1}') + pass=$(echo "$line" | awk '{print $2}') + + if [[ $email != *"@"* ]]; then + email="$email@$domain" + fi + + echo "Extracted: '$email' = '$pass'" + + ./create-mail-sync.sh "$host" "$email" "$pass" + + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + +done < $1 From 7e209c543d408ab5f23be0b18988ce84042e0273 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:05:59 +0100 Subject: [PATCH 093/316] Update v-backup-users Prevent removing valid licenses when vestacp.com is offline. Licences are free now - https://forum.myvestacp.com/viewtopic.php?t=949 --- bin/v-backup-users | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-backup-users b/bin/v-backup-users index 16a93d6d..05550ded 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -37,7 +37,7 @@ fi log=$VESTA/log/backup.log -$BIN/v-check-vesta-license >/dev/null +# $BIN/v-check-vesta-license >/dev/null touch $log if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then From a7def7b190a88dacdd82704295e872a04e5d604b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:10:58 +0100 Subject: [PATCH 094/316] Changelog --- Changelog.md | 4 ++++ src/deb/latest.txt | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 6908b0e2..d0df650b 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +Version 0.9.9-0-7 [27-Feb-2024] +================================================== +* Few bugs fixed + Version 0.9.9-0-6 [22-Jan-2024] ================================================== * Few bugs fixed diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 0f8dc00c..8170ab75 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-6 +vesta-0.9.9-0-7 \ No newline at end of file From 6819f21c3e7eca1be628f600945725c542ec0c85 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 15:49:33 +0100 Subject: [PATCH 095/316] Update v-commander --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 2bf2242d..8a68cd38 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -274,6 +274,7 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then systemctl stop spamassassin.service systemctl disable spamassassin.service From 138a30755f226bc2d3ef77d30e7d183466538211 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 16:43:05 +0100 Subject: [PATCH 096/316] Update v-commander --- bin/v-commander | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 8a68cd38..e1f209b1 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -18,6 +18,7 @@ echo "======================= mvVesta-commander ================================ if [ -f /root/kernelupdate ]; then rm /root/kernelupdate fi +apt_updated=0 apt_upgraded=0 quit_on_empty=0 @@ -88,8 +89,8 @@ myhelp() { echo "inst nginx-rate-limit = install nginx-rate-limit templates" echo "dis fb = stop and disable fail2ban" echo "dis dove = stop and disable dovecot" - echo "dis spam = stop and disable spam" - echo "dis clam = stop and disable clamav" + echo "dis spam = stop and disable spamassassin" + echo "dis clam = stop and disable ClamAV" echo "p 7.0 = set default php 7.0" echo "p 7.3 = set default php 7.3" echo "p 7.4 = set default php 7.4" @@ -99,9 +100,22 @@ myhelp() { echo "check fc = check if FreshClam is up" echo "-----------------------------" echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" + echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "-----------------------------" } +apt_update() { + echo "=============================" + echo "== running: apt-get update" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 10 ]; then + apt-get update + else + apt-get update --allow-releaseinfo-change + fi + apt_updated=1 +} + COUNTER=0 while true @@ -162,14 +176,7 @@ do if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then - echo "=============================" - echo "== running: apt-get update" - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 10 ]; then - apt-get update - else - apt-get update --allow-releaseinfo-change - fi + apt_update fi if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then @@ -584,4 +591,17 @@ do /root/install-new-roundcube.sh fi + if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then + if [ ! -f "/root/.ssh/id_rsa.pub" ]; then + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + fi + echo "=== YOUR id_rsa.pub IS BELOW ===" + cat /root/.ssh/id_rsa.pub + echo "======" + fi + + if [ $numargs -eq 1 ]; then + exit; + fi + done From e6bf09c6085d697fea8fe181e4703c896346be3e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 16:48:48 +0100 Subject: [PATCH 097/316] Update v-commander --- bin/v-commander | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index e1f209b1..824a4377 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -13,7 +13,9 @@ fi source /etc/profile PATH=$PATH:/usr/local/vesta/bin && export PATH -echo "======================= mvVesta-commander ================================" +if [ $SHOWHEADER -eq 1 ]; then + echo "======================= mvVesta-commander ================================" +fi if [ -f /root/kernelupdate ]; then rm /root/kernelupdate @@ -600,7 +602,7 @@ do echo "======" fi - if [ $numargs -eq 1 ]; then + if [ $numargs -gt 0 ]; then exit; fi From 0ae1ea6adcb48f9a7fe9dd4331c9094a9ca4a137 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 17:22:18 +0100 Subject: [PATCH 098/316] Update v-commander --- bin/v-commander | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-commander b/bin/v-commander index 824a4377..3d495476 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -595,7 +595,7 @@ do if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then if [ ! -f "/root/.ssh/id_rsa.pub" ]; then - ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null fi echo "=== YOUR id_rsa.pub IS BELOW ===" cat /root/.ssh/id_rsa.pub From fa165a00206ac67d6a8a768f8c9b0ca462ac4885 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 14 Mar 2024 20:24:47 +0100 Subject: [PATCH 099/316] Update v-fix-user-permissions --- bin/v-fix-user-permissions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index ae798992..e55b5e0f 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -44,7 +44,7 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \; find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \; find /home/$user/mail/*/ -type f -exec chmod u+rw {} \; find /home/$user/mail/*/ -type f -exec chmod g+rw {} \; - +find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; From dd18d6dd6dda04b9a0b0e7c5bb9a22eb84cefaf8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 29 Mar 2024 14:51:56 +0100 Subject: [PATCH 100/316] Blocking xmlrpc.php and wp-config.php in nginx-rate-limit templatre for WP --- .../tools/rate-limit-tpl/force-https-firewall-wordpress.stpl | 2 ++ .../tools/rate-limit-tpl/hosting-firewall-wordpress.stpl | 2 ++ .../tools/rate-limit-tpl/hosting-firewall-wordpress.tpl | 2 ++ 3 files changed, 6 insertions(+) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl index e8b5b228..b263d6b5 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -79,6 +79,8 @@ server { proxy_pass https://%ip%:%web_ssl_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl index e8b5b228..b263d6b5 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl @@ -79,6 +79,8 @@ server { proxy_pass https://%ip%:%web_ssl_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl index 49da9387..7203b88c 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl @@ -76,6 +76,8 @@ server { proxy_pass http://%ip%:%web_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} From 20695198f4acddcaa5d7bd98ebdecd6a1f63ca1c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 29 Mar 2024 17:17:22 +0100 Subject: [PATCH 101/316] tpl CRLF to LF --- .../force-https-firewall-wordpress.tpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl index c9cf1189..5a463370 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl @@ -1,8 +1,8 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From 55e0fcb5dee50afe68a0e829ab1333483e6c231f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:48:56 +0200 Subject: [PATCH 102/316] Update v-clean-garbage: restart exim4 --- bin/v-clean-garbage | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 80d7f165..4cfc1f33 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -97,6 +97,12 @@ if [ -f "/usr/local/bin/tailf_exim.php" ]; then nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & fi +exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim') +if [ $exim_installed -gt 0 ]; then + systemctl restart exim4 +fi + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# From dd825b96cb2a14b1f624a96eaaaf2bfc86cb0bd7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:55:48 +0200 Subject: [PATCH 103/316] Update latest.txt - 0.9.9-0-8 --- src/deb/latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 8170ab75..9bd24024 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-7 \ No newline at end of file +vesta-0.9.9-0-8 From 8cc35b43eb4dfde3abc8ff5c71783345a53bcfc6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:08:14 +0200 Subject: [PATCH 104/316] Update header.html --- web/templates/header.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/header.html b/web/templates/header.html index 7f317f94..37905032 100644 --- a/web/templates/header.html +++ b/web/templates/header.html @@ -4,7 +4,7 @@ myVesta - <?=__($TAB)?> - + From 63c4826ac0ea031245b1ff1429852c85694bc7cd Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 15:22:20 +0200 Subject: [PATCH 105/316] Update v-commander --- bin/v-commander | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 3d495476..1747a5ec 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -119,15 +119,20 @@ apt_update() { } COUNTER=0 +HAS_PARAMETERS=0 while true do COUNTER=$((COUNTER + 1)) if [ $COUNTER -le $numargs ]; then + HAS_PARAMETERS=1 answer=$1 shift else + if [ $HAS_PARAMETERS -eq 1 ]; then + exit; + fi read -p 'What to do: ' answer fi @@ -602,8 +607,4 @@ do echo "======" fi - if [ $numargs -gt 0 ]; then - exit; - fi - done From 583a1e5cc7ed3e9657730f55c148df46922a2264 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 19:56:50 +0200 Subject: [PATCH 106/316] Update v-commander --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 1747a5ec..f6a9cf7d 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -149,6 +149,7 @@ do if [ "$answer" = 'quit-on-empty' ]; then echo "== the script will quit on next enter" quit_on_empty=1 + HAS_PARAMETERS=0 fi From 929241c5f787f301da3a6ace160d979729e98d11 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 20:10:05 +0200 Subject: [PATCH 107/316] Version 0.9.9-0-9 --- Changelog.md | 9 +++------ src/deb/latest.txt | 2 +- src/deb/vesta/postinst | 4 ++-- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/Changelog.md b/Changelog.md index d0df650b..f9d95b6c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,15 +1,12 @@ -Version 0.9.9-0-7 [27-Feb-2024] +Version 0.9.9-0-9 [05-Apr-2024] ================================================== +* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) * Few bugs fixed -Version 0.9.9-0-6 [22-Jan-2024] +Version 0.9.9-0-5 to 0.9.9-0-8 ================================================== * Few bugs fixed -Version 0.9.9-0-5 [08-Oct-2023] -================================================== -* Many bugfixes - Version 0.9.9-0-4 [27-Jun-2023] ================================================== * Support for Debian 12 ( in mutual cooperation with @HestiaCP ) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 9bd24024..df77dd74 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-8 +vesta-0.9.9-0-9 \ No newline at end of file diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index e53fee72..4d414655 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -22,8 +22,8 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then fi # show changelog after update -# echo "1" > /usr/local/vesta/data/upgrades/show_changelog -# chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +echo "1" > /usr/local/vesta/data/upgrades/show_changelog +chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Fixing 'dh key too small' in dovecot if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then From 40afd5b5c84719eeff4f2ce34bba5051ee631e10 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 9 Apr 2024 16:44:05 +0200 Subject: [PATCH 108/316] Create v-edit-domain-php-ini --- bin/v-edit-domain-php-ini | 80 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 bin/v-edit-domain-php-ini diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini new file mode 100644 index 00000000..027547fe --- /dev/null +++ b/bin/v-edit-domain-php-ini @@ -0,0 +1,80 @@ +#!/bin/bash +# info: Edit php.ini for certain domain +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain) + +if [ -z "$fpm_ver" ]; then + echo "PHP version for domain $domain could not be determined." + exit 1 +fi + +config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf" + +if command -v mcedit >/dev/null; then + mcedit "$config_file" +else + nano "$config_file" +fi + +echo "Restarting PHP-FPM service for PHP version $fpm_ver..." +echo "" +systemctl restart php${fpm_ver}-fpm + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 1; From f540cf9f2ab872e1fff74246723c68678b4c1f26 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 11 Apr 2024 12:18:39 +0200 Subject: [PATCH 109/316] Update v-edit-domain-php-ini --- bin/v-edit-domain-php-ini | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 027547fe..83d52613 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -70,8 +70,9 @@ else fi echo "Restarting PHP-FPM service for PHP version $fpm_ver..." -echo "" systemctl restart php${fpm_ver}-fpm +echo "The PHP-FPM service for PHP version 7.0 has been restarted successfully." +echo "" #----------------------------------------------------------# # Vesta # From 6514ea1d388dfcc5a5707c8a57cbc93d502c9073 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 11 Apr 2024 15:43:41 +0200 Subject: [PATCH 110/316] Create v-edit-php-ini --- bin/v-edit-php-ini | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 bin/v-edit-php-ini diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini new file mode 100644 index 00000000..4806a48f --- /dev/null +++ b/bin/v-edit-php-ini @@ -0,0 +1,62 @@ +#!/bin/bash +# info: Edit php.ini for a specific PHP version + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# List available PHP versions and store them into an array +mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php) + +echo "Available PHP versions:" +PS3="Please select the PHP version you want to edit php.ini for: " + +select php_version in "${php_versions[@]}"; do + if [[ -n $php_version ]]; then + break + else + echo "Invalid choice. Please try again." + fi +done + +# Define path to the php.ini file +php_ini_path="/etc/php/${php_version}/fpm/php.ini" + +# Check if php.ini exists for the selected version +if [[ ! -f "$php_ini_path" ]]; then + echo "The php.ini file for the selected PHP version ($php_version) does not exist." + exit 1 +fi + +# Determine the text editor to use +if command -v mcedit >/dev/null 2>&1; then + editor_cmd="mcedit" +elif command -v nano >/dev/null 2>&1; then + editor_cmd="nano" +else + echo "No supported text editor found. Please install 'mcedit' or 'nano'." + exit 1 +fi + +# Open php.ini for the chosen PHP version in the selected editor +echo "Opening $php_ini_path in editor $editor_cmd..." +$editor_cmd "$php_ini_path" + +# Restart the PHP-FPM service for the selected version +echo "Restarting the PHP-FPM service for PHP version $php_version..." +systemctl restart php${php_version}-fpm + +echo "The PHP-FPM service for PHP version $php_version has been restarted successfully." + +#----------------------------------------------------------# +# Exit # +#----------------------------------------------------------# + +exit From 9d6582460684939c414321c2f608dcef094e6f76 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:41:56 +0200 Subject: [PATCH 111/316] v-edit-php tuning --- bin/v-edit-domain-php-ini | 11 ++++++++--- bin/v-edit-php-ini | 10 +++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 83d52613..351f34bc 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -69,13 +69,18 @@ else nano "$config_file" fi -echo "Restarting PHP-FPM service for PHP version $fpm_ver..." +echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" systemctl restart php${fpm_ver}-fpm -echo "The PHP-FPM service for PHP version 7.0 has been restarted successfully." +if [ $? -ne 0 ]; then + systemctl status php${fpm_ver}-fpm + check_result $E_RESTART "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" +else + echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." +fi echo "" #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# -exit 1; +exit 0; diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 4806a48f..696b60ec 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -52,11 +52,15 @@ $editor_cmd "$php_ini_path" # Restart the PHP-FPM service for the selected version echo "Restarting the PHP-FPM service for PHP version $php_version..." systemctl restart php${php_version}-fpm - -echo "The PHP-FPM service for PHP version $php_version has been restarted successfully." +if [ $? -ne 0 ]; then + systemctl status php${php_version}-fpm + check_result $E_RESTART "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" +else + echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." +fi #----------------------------------------------------------# # Exit # #----------------------------------------------------------# -exit +exit 0; From cc3437c287cf5ae1bbdb769fdd910b0db19411ef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:50:26 +0200 Subject: [PATCH 112/316] v-edit-php return fix --- bin/v-edit-domain-php-ini | 5 ++++- bin/v-edit-php-ini | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 351f34bc..890ce047 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -73,7 +73,10 @@ echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" systemctl restart php${fpm_ver}-fpm if [ $? -ne 0 ]; then systemctl status php${fpm_ver}-fpm - check_result $E_RESTART "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "=========================" + echo "" + echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." fi diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 696b60ec..4874b8a0 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -54,7 +54,10 @@ echo "Restarting the PHP-FPM service for PHP version $php_version..." systemctl restart php${php_version}-fpm if [ $? -ne 0 ]; then systemctl status php${php_version}-fpm - check_result $E_RESTART "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "=========================" + echo "" + echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." fi From 9b0f9e5876b7cf6d38cc69e158a55cb4f8888b58 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:55:41 +0200 Subject: [PATCH 113/316] Version 0.9.9-0-10 --- Changelog.md | 5 +++++ bin/v-edit-domain-php-ini | 1 + bin/v-edit-php-ini | 1 + src/deb/latest.txt | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index f9d95b6c..b13f0080 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,8 @@ +Version 0.9.9-0-10 [11-Apr-2024] +================================================== +* Introducing v-edit-php-ini command +* Introducing v-edit-domain-php-ini command + Version 0.9.9-0-9 [05-Apr-2024] ================================================== * Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 890ce047..9eadfcee 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -76,6 +76,7 @@ if [ $? -ne 0 ]; then echo "=========================" echo "" echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 4874b8a0..0155e6bb 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -57,6 +57,7 @@ if [ $? -ne 0 ]; then echo "=========================" echo "" echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." diff --git a/src/deb/latest.txt b/src/deb/latest.txt index df77dd74..bc58cb6b 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-9 \ No newline at end of file +vesta-0.9.9-0-10 \ No newline at end of file From 65d4f0e65ee2d4442551b93dd19e55135ff4641b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 19 Apr 2024 09:12:57 +0200 Subject: [PATCH 114/316] deb12 exim4: message_linelength_limit = 1G Preventing exim4 error: message has lines too long for transport --- install/debian/12/exim/exim4.conf.template | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 81746a7a..aeb83726 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -355,6 +355,7 @@ remote_smtp: dkim_strict = 0 hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G procmail: driver = pipe From 05f5288d9b7dc2014e4fb624077a3476fbe1c8d9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Apr 2024 13:14:36 +0200 Subject: [PATCH 115/316] Update v-clone-website: --skip-plugins --skip-themes --- bin/v-clone-website | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 0daf403c..049b0cf4 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -421,10 +421,10 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi sudo -H -u$TO_USER wp cache flush sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force From dcd0bf2d64dcfe8e24a32f6ab8271a0724fc1de0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Apr 2024 13:56:28 +0200 Subject: [PATCH 116/316] Update v-clone-website: wp-cli to use proper php version --- bin/v-clone-website | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 049b0cf4..44252313 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -419,16 +419,17 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi - sudo -H -u$TO_USER wp cache flush - sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force - sudo -H -u$TO_USER wp config shuffle-salts + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- From 66ae5580cdeb7d4c188c97a5aa22cf25f0c89910 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 20:28:05 +0200 Subject: [PATCH 117/316] Fix mailadress and subject --- func/db.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/func/db.sh b/func/db.sh index 20230fec..58a339ee 100644 --- a/func/db.sh +++ b/func/db.sh @@ -29,6 +29,9 @@ mysql_connect() { mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1 if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\ $SENDMAIL -s "$subj" $email fi @@ -59,6 +62,9 @@ mysql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi @@ -82,6 +88,9 @@ psql_connect() { psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi @@ -103,6 +112,9 @@ psql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi From 4acfa26de55171931d3a9fe6764f46e46e0a082e Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 20:28:31 +0200 Subject: [PATCH 118/316] Fix emailadres and subject --- func/rebuild.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/func/rebuild.sh b/func/rebuild.sh index b4a5f73d..ae267e8b 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -610,6 +610,9 @@ rebuild_pgsql_database() { if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then echo "Error: postgresql config parsing failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: postgresql config parsing failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email fi log_event "$E_PARSING" "$ARGUMENTS" @@ -621,6 +624,9 @@ rebuild_pgsql_database() { if [ '0' -ne "$?" ]; then echo "Error: Connection failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: Connection failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Database connection to PostgreSQL host $HOST failed" |\ $SENDMAIL -s "$subj" $email fi From 806ebf1db6e45b9fa481b0a16b1bf47e2a991017 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 21:21:32 +0200 Subject: [PATCH 119/316] disable root login phpmyadmin --- install/vst-install-debian.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 9ba1a2ec..e85517d8 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1364,6 +1364,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi if [ "$release" -gt 10 ]; then echo "=== Configure phpMyAdmin (Debian11 custom part)" @@ -1381,6 +1384,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi fi From 763eea5c5873962f8a07391b65934888f265afbf Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 15 May 2024 19:42:42 +0200 Subject: [PATCH 120/316] Update install-new-roundcube.sh - version 1.6.6 --- src/deb/for-download/tools/install-new-roundcube.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index 8838e0ab..0f6a343a 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -3,7 +3,7 @@ USER='webmail' DOMAIN='' # enter domain or subdomain -VERSION='1.6.1' +VERSION='1.6.6' DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz" LOGINMESSAGE1='Click here for NEW Webmail' From 81f507b3c4cb9fd22168b7cce4bf99a2043f4e2a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 16 May 2024 12:15:20 +0200 Subject: [PATCH 121/316] nodejs templates ssl fix --- .../node-app-3000-no-https-force.stpl | 7 ++++--- .../node-app-3000-pass-to-https.stpl | 5 +++-- .../tools/nodejs-nginx-templates/node-app-3000.stpl | 7 ++++--- .../node-app-4000-and-websocket-6001.stpl | 5 +++-- .../node-app-also-handle-static-files-3000.stpl | 5 +++-- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index d66f80be..f0814ded 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -41,7 +42,7 @@ server { } - location ~ /\.ht {return 404;} + location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index 27dd354b..dc18c496 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index d66f80be..f0814ded 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -41,7 +42,7 @@ server { } - location ~ /\.ht {return 404;} + location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index d8a23009..c58ef84a 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index a6a0b744..39e58f1f 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; From 491ac6255c38c202baf2d2eaedfc081c1572a592 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:49:06 +0200 Subject: [PATCH 122/316] Create v-run-wpcli --- bin/v-run-wpcli | 77 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 bin/v-run-wpcli diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli new file mode 100644 index 00000000..3504ebe1 --- /dev/null +++ b/bin/v-run-wpcli @@ -0,0 +1,77 @@ +#!/bin/bash +# info: Run WP CLI command for a specific domain +# options: DOMAIN WP_CLI_COMMAND + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +wp_command=${@:2} # Sve nakon prvog argumenta smatra se delom WP CLI komande + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER wp $wp_command + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From 9cf91d5535c8888b84e8b86cefe1204431f156c5 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:49:54 +0200 Subject: [PATCH 123/316] Create v-add-wordpress-admin --- bin/v-add-wordpress-admin | 75 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 bin/v-add-wordpress-admin diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin new file mode 100644 index 00000000..a5fb98a6 --- /dev/null +++ b/bin/v-add-wordpress-admin @@ -0,0 +1,75 @@ +#!/bin/bash +# info: Add a WordPress admin user to a specific domain +# options: DOMAIN USERNAME PASSWORD EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +username=$2 +password=$3 +email=$4 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +# Check if WP CLI is installed and install it if not +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER wp user create $username $email --role=administrator --user_pass="$password" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From abc2377dade85b108dad0d3521c9d41214e6723a Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:50:50 +0200 Subject: [PATCH 124/316] Update v-run-wpcli --- bin/v-run-wpcli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli index 3504ebe1..8937642a 100644 --- a/bin/v-run-wpcli +++ b/bin/v-run-wpcli @@ -19,7 +19,7 @@ SILENT_MODE=1 # Argument definition domain=$1 -wp_command=${@:2} # Sve nakon prvog argumenta smatra se delom WP CLI komande +wp_command=${@:2} user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) USER=$user From e51cd34f77125494963aea14ae887380b9bb03b9 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:51:42 +0200 Subject: [PATCH 125/316] Update v-add-wordpress-admin --- bin/v-add-wordpress-admin | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index a5fb98a6..4fc71c05 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -53,7 +53,11 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi -# Check if WP CLI is installed and install it if not +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + if ! command -v wp &> /dev/null; then echo "WP CLI is not installed. Installing..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp From 75ffd02ff9d1e605be1f5c9fecd0eb92e440c910 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 14:16:53 +0200 Subject: [PATCH 126/316] nodejs tpl fix --- .../nodejs-nginx-templates/node-app-3000-no-https-force.stpl | 2 +- .../nodejs-nginx-templates/node-app-3000-pass-to-https.stpl | 2 +- .../tools/nodejs-nginx-templates/node-app-3000.stpl | 2 +- .../node-app-4000-and-websocket-6001.stpl | 2 +- .../node-app-also-handle-static-files-3000.stpl | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index f0814ded..30ceab98 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index dc18c496..1387a879 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index f0814ded..30ceab98 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index c58ef84a..70fa2866 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index 39e58f1f..415b6f9c 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; From 21f7a509cb33ab2be181acdbb0dca19e42fee663 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 14:38:21 +0200 Subject: [PATCH 127/316] nginx nodejs tpl CRLF to LF --- .../node-app-3000-no-https-force.stpl | 106 +++++++++--------- .../nodejs-nginx-templates/node-app-3000.stpl | 106 +++++++++--------- 2 files changed, 106 insertions(+), 106 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index 30ceab98..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,54 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index 30ceab98..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,54 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file From c3985ba95e468d038d2a7e2e67b9e6ca0006d32d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 15:26:39 +0200 Subject: [PATCH 128/316] Create v-backup-user-now --- bin/v-backup-user-now | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 bin/v-backup-user-now diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now new file mode 100644 index 00000000..3a20b4ce --- /dev/null +++ b/bin/v-backup-user-now @@ -0,0 +1,5 @@ +#!/bin/bash + +export ALLOW_BACKUP_ANYTIME='yes' + +nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 From f99bcf874630e6591917db8ef6a8615ba21352bd Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 09:19:22 +0200 Subject: [PATCH 129/316] Update v-migrate-site-to-https --- bin/v-migrate-site-to-https | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6c6c8653..de3a068c 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -102,13 +102,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN" TO_REPLACE2="https://www.$FROM_DOMAIN" if [ $IT_IS_WP -eq 0 ]; then - if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then - echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/" - exit 7 - fi - if [ ! -f "/usr/bin/php7.0" ]; then - echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0" - exit 8 + if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then + if [ ! -f "/usr/bin/git" ]; then + apt-get update > /dev/null 2>&1 + apt-get -y install git > /dev/null 2>&1 + fi + cd /root + git clone https://github.com/interconnectit/Search-Replace-DB.git fi else if [ ! -f "/usr/local/bin/wp" ]; then @@ -164,9 +164,9 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC if [ $IT_IS_WP -eq 0 ]; then echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" From a8435cab14187fc5ecc42798a3cc3dea17c5b35f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 12:37:26 +0200 Subject: [PATCH 130/316] hosting-firewall-wordpress-2 --- .../force-https-firewall-wordpress-2.stpl | 95 +++++++++++++++++++ .../force-https-firewall-wordpress-2.tpl | 8 ++ .../hosting-firewall-wordpress-2.stpl | 95 +++++++++++++++++++ .../hosting-firewall-wordpress-2.tpl | 92 ++++++++++++++++++ .../rate-limit-tpl/install_rate_limit_tpl.sh | 5 + 5 files changed, 295 insertions(+) create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl new file mode 100644 index 00000000..44f6162c --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl @@ -0,0 +1,92 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 4a910d0f..8f4d4e88 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -71,4 +71,9 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordp wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl + systemctl restart nginx From 7a13c03e9a91cd40934519e91138223f4d8b89ac Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:48:11 +0200 Subject: [PATCH 131/316] Update v-migrate-site-to-https to use $phpver --- bin/v-migrate-site-to-https | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index de3a068c..6f28e2f7 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -94,6 +94,8 @@ if [ "$DB_EXISTS" = "no" ]; then exit 6 fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN") + # ----------- CHECK ------------- FROM_REPLACE1="http://$FROM_DOMAIN" @@ -170,9 +172,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi echo "===== DONE ====" From 8a8422539c71f8104d645b5b4f43396c69f04ab5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:52:46 +0200 Subject: [PATCH 132/316] Update v-migrate-site-to-https to use $phpver --- bin/v-migrate-site-to-https | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6f28e2f7..b6f4295b 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -172,9 +172,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi echo "===== DONE ====" From 6a72798abae0065e7f1535e6fd7947ecee871823 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:55:10 +0200 Subject: [PATCH 133/316] Update v-clone-website to use $phpver --- bin/v-clone-website | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 44252313..f0db7246 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -422,14 +422,14 @@ else phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- From 67b8376608ad35bc4b9e1ce7baa3627889a23d8a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 14:02:52 +0200 Subject: [PATCH 134/316] Update v-add-wordpress-admin to use $phpver --- bin/v-add-wordpress-admin | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 4fc71c05..3814e51a 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -65,12 +65,14 @@ if ! command -v wp &> /dev/null; then echo "WP CLI installed successfully." fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + #----------------------------------------------------------# # Action # #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER wp user create $username $email --role=administrator --user_pass="$password" +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; #----------------------------------------------------------# # Vesta # From d59c4fafe270856fd3468b563c7e990d5b576915 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 14:11:17 +0200 Subject: [PATCH 135/316] Update v-run-wpcli to use $phpver --- bin/v-run-wpcli | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli index 8937642a..3ab4b4e5 100644 --- a/bin/v-run-wpcli +++ b/bin/v-run-wpcli @@ -63,12 +63,14 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + #----------------------------------------------------------# # Action # #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER wp $wp_command +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; #----------------------------------------------------------# # Vesta # From 30fb3d6a6c8bd88acb59fc0a85430c2e5b76df0a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 15:05:43 +0200 Subject: [PATCH 136/316] Update v-delete-user: rm -rf /hdd/home/$user --- bin/v-delete-user | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-delete-user b/bin/v-delete-user index c452f0a0..120b1f72 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,6 +94,9 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user +if [ -f "/hdd/home/$user" ]; then + rm -rf /hdd/home/$user +fi rm -f /var/spool/mail/$user rm -f /var/spool/cron/$user rm -f /var/spool/cron/crontabs/$user From 357b20cc52bebfc8910c67688489218c642c5c9d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 30 May 2024 17:01:39 +0200 Subject: [PATCH 137/316] Rename v-run-wpcli to v-run-wp-cli --- bin/{v-run-wpcli => v-run-wp-cli} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename bin/{v-run-wpcli => v-run-wp-cli} (100%) diff --git a/bin/v-run-wpcli b/bin/v-run-wp-cli similarity index 100% rename from bin/v-run-wpcli rename to bin/v-run-wp-cli From edf1f616b249009af6d03a29e6ea3f04fa46e9eb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 17:23:43 +0200 Subject: [PATCH 138/316] Update v-run-wp-cli: removing --skip-plugins and --skip-themes --- bin/v-run-wp-cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 3ab4b4e5..672832ab 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -70,7 +70,7 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command #----------------------------------------------------------# # Vesta # From 72baf4c702d7c34f2b83d47e19a8ed27c65a4200 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 17:29:18 +0200 Subject: [PATCH 139/316] Version 0.9.9-0-11 --- Changelog.md | 6 ++++++ src/deb/latest.txt | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index b13f0080..9c679c51 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,9 @@ +Version 0.9.9-0-11 [30-May-2024] +================================================== +* Introducing v-run-wp-cli command +* Introducing v-add-wordpress-admin command +* Few bugs fixed + Version 0.9.9-0-10 [11-Apr-2024] ================================================== * Introducing v-edit-php-ini command diff --git a/src/deb/latest.txt b/src/deb/latest.txt index bc58cb6b..4b6e56b5 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-10 \ No newline at end of file +vesta-0.9.9-0-11 \ No newline at end of file From 7fa725b893d9d476e621d10a529de90c0f219b90 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 19:35:12 +0200 Subject: [PATCH 140/316] Update Changelog.md --- Changelog.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Changelog.md b/Changelog.md index 9c679c51..7d22747a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,13 +1,13 @@ Version 0.9.9-0-11 [30-May-2024] ================================================== -* Introducing v-run-wp-cli command -* Introducing v-add-wordpress-admin command +* Introducing v-run-wp-cli command ( @isscbta ) +* Introducing v-add-wordpress-admin command ( @isscbta ) * Few bugs fixed Version 0.9.9-0-10 [11-Apr-2024] ================================================== -* Introducing v-edit-php-ini command -* Introducing v-edit-domain-php-ini command +* Introducing v-edit-php-ini command ( @isscbta ) +* Introducing v-edit-domain-php-ini command ( @isscbta ) Version 0.9.9-0-9 [05-Apr-2024] ================================================== From c1f7c91953f0c06d2d6d5984c98ddc14574975ba Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:55:33 +0200 Subject: [PATCH 141/316] Added support for PHP 8.3 --- bin/v-activate-rocket-nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index bd4145cc..de8f6c5f 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -126,7 +126,7 @@ else chown $user:$user /home/$user/web/$domain/cron.log case $fpm_ver in - 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) + 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1" ;; esac From 7ff828bf1444d5f36899b328675e757e6fe98bfe Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 12 Aug 2024 12:45:58 +0200 Subject: [PATCH 142/316] Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */ --- bin/v-import-cpanel-backup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index f92ae5af..a70213dd 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,9 +157,11 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" From 574fff064249b5acc3c67009e6a5d249027a609d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:44:30 +0200 Subject: [PATCH 143/316] Update multi-php-install.sh - removing buster sury repo --- src/deb/for-download/tools/multi-php-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index bea7774f..bf5da7b7 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -103,9 +103,9 @@ if [ "$inst_repo" -eq 1 ]; then if [ $debian_version -ge 10 ]; then wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi - if [ $debian_version -eq 10 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' - fi + # if [ $debian_version -eq 10 ]; then + # sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + # fi if [ $debian_version -eq 11 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' fi From 1ee49205769ac2ef2957f089839c2d647940bb8c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:49:46 +0200 Subject: [PATCH 144/316] Update multi-php-install.sh --- src/deb/for-download/tools/multi-php-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index bf5da7b7..6a65a888 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -100,7 +100,7 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - if [ $debian_version -ge 10 ]; then + if [ $debian_version -ge 11 ]; then wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi # if [ $debian_version -eq 10 ]; then From 6e7954db5522f247e4431bbd25df2b8ef7246695 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 15 Aug 2024 10:19:34 +0200 Subject: [PATCH 145/316] Fixing Issue #185 --- install/debian/10/templates/web/awstats/awstats.tpl | 2 +- install/debian/11/templates/web/awstats/awstats.tpl | 2 +- install/debian/12/templates/web/awstats/awstats.tpl | 2 +- install/debian/8/templates/web/awstats/awstats.tpl | 2 +- install/debian/9/templates/web/awstats/awstats.tpl | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/install/debian/10/templates/web/awstats/awstats.tpl b/install/debian/10/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/10/templates/web/awstats/awstats.tpl +++ b/install/debian/10/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/11/templates/web/awstats/awstats.tpl b/install/debian/11/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/11/templates/web/awstats/awstats.tpl +++ b/install/debian/11/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/12/templates/web/awstats/awstats.tpl b/install/debian/12/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/12/templates/web/awstats/awstats.tpl +++ b/install/debian/12/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/8/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/8/templates/web/awstats/awstats.tpl +++ b/install/debian/8/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/9/templates/web/awstats/awstats.tpl b/install/debian/9/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/9/templates/web/awstats/awstats.tpl +++ b/install/debian/9/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" From b9f89d0416f326d1a4a902bc332288a41d56b815 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 23 Aug 2024 15:54:57 +0200 Subject: [PATCH 146/316] Update v-make-separated-ip-for-email - fix for deb 10 and 11 --- bin/v-make-separated-ip-for-email | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 49d31f45..17a0d0ca 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -139,6 +139,15 @@ if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 11 ]; then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + if [ "$release" -lt 12 ]; then + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template + fi + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template @@ -168,9 +177,10 @@ if [ "$check_grep" -eq 0 ]; then fi systemctl restart exim4 if [ $? -ne 0 ]; then + systemctl status exim4 cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template systemctl restart exim4 - echo "=== Patching failed, aborting" + echo "=== Patching failed, old exim conf returned, exim4 restarted again." exit 1 fi echo "=== Patching successful" From a99ae91c21758075726433f8449c035b78480bce Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:22:56 +0200 Subject: [PATCH 147/316] Update v-update-firewall: $FIREWALL_STATEFUL conf variable --- bin/v-update-firewall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-update-firewall b/bin/v-update-firewall index d3a46686..142cb39b 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp echo "$iptables -F INPUT" >> $tmp # Enabling stateful support -if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then +if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then str="$iptables -A INPUT -m state" str="$str --state ESTABLISHED,RELATED -j ACCEPT" echo "$str" >> $tmp From 3ed2cfa07b25f71a71fcf9ba266ce615328339d6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:37:34 +0300 Subject: [PATCH 148/316] Removing whitespace in php patch --- src/deb/for-download/tools/patches/php8.2.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/patches/php8.2.patch b/src/deb/for-download/tools/patches/php8.2.patch index 1083a720..ed127499 100644 --- a/src/deb/for-download/tools/patches/php8.2.patch +++ b/src/deb/for-download/tools/patches/php8.2.patch @@ -5,7 +5,7 @@ ; It receives a comma-delimited list of function names. ; https://php.net/disable-functions -disable_functions = -+ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ; This directive allows you to disable certain classes. ; It receives a comma-delimited list of class names. From c32bd2c7098d9b1a70dda272b90dcabfa00e3c28 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 19 Sep 2024 17:32:22 +0200 Subject: [PATCH 149/316] Generate random root password instead of using admin password --- bin/v-commander | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index f6a9cf7d..834fb38b 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -535,11 +535,11 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" - adminline=$(grep '^admin:' /etc/shadow) - adminline=${adminline:6} - adminline="root:$adminline" - sed -i "s#^root:.*#$adminline#" /etc/shadow - echo "root password is now the same as admin password." + root_password=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32) + hashed_root_password=$(openssl passwd -6 "$root_password") + sed -i "s#^root:.*#root:$hashed_root_password#" /etc/shadow + echo "Root password is now a new random password." + echo "New root password: $root_password" echo "--------------------" grep '^root:' /etc/shadow grep '^admin:' /etc/shadow @@ -549,7 +549,6 @@ do echo "--------------------" fi - if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then echo "=============================" echo "== Rebooting the server" From c148a1ed79d6a46f18270137f6d2d24693432d00 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 19 Sep 2024 19:01:21 +0200 Subject: [PATCH 150/316] Create v-get-dns-config --- bin/v-get-dns-config | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 bin/v-get-dns-config diff --git a/bin/v-get-dns-config b/bin/v-get-dns-config new file mode 100644 index 00000000..d759c489 --- /dev/null +++ b/bin/v-get-dns-config @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Get domain DNS config.db file content +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DNS_FILE="/home/$user/conf/dns/$domain.db" + +if [ -f "$DNS_FILE" ]; then + cat "$DNS_FILE" +else + echo "DNS configuration file for $domain does not exist." + exit 1 +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From 76ad95da649ae2c2f9219d15e9c6b6dd8edff1ca Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 26 Sep 2024 20:00:41 +0200 Subject: [PATCH 151/316] Update vst-install-debian.sh - removing phppgadmin --- install/vst-install-debian.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e85517d8..75dfd1d7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -27,7 +27,7 @@ if [ "$release" -eq 12 ]; then vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core roundcube-mysql roundcube-plugins mariadb-server mariadb-common - mariadb-client postgresql postgresql-contrib phppgadmin phpmyadmin mc + mariadb-client postgresql postgresql-contrib phpmyadmin mc flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl @@ -1118,7 +1118,9 @@ if [ "$nginx" = 'yes' ]; then cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ - cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + if [ "$release" -lt 12 ]; then + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + fi cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ @@ -1404,10 +1406,12 @@ if [ "$postgresql" = 'yes' ]; then sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + if [ "$release" -lt 12 ]; then + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + fi + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi - cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi From e79acf1828ba57df6da5454eaf3191113f828ecb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 7 Oct 2024 20:04:46 +0200 Subject: [PATCH 152/316] v-make-main-apache-log --- bin/v-make-main-apache-log | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 bin/v-make-main-apache-log diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log new file mode 100644 index 00000000..dc124064 --- /dev/null +++ b/bin/v-make-main-apache-log @@ -0,0 +1,20 @@ +#!/bin/bash + +touch /var/log/apache2/time.log +# truncate -s 0 /var/log/apache2/time.log +chmod 0640 /var/log/apache2/time.log +chown root:adm /var/log/apache2/time.log +find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\"" time|g' /etc/apache2/apache2.conf +fi +systemctl restart apache2 + +if [ ! -f "/root/analyze-traffic-per-time.php" ]; then + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-time.php -O /root/analyze-traffic-per-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-time.php -O /root/analyze-traffic-per-site-sort-by-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-hits.php -O /root/analyze-traffic-per-site-sort-by-hits.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-time.php -O /root/analyze-traffic-per-ip-sort-by-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-hits.php -O /root/analyze-traffic-per-ip-sort-by-hits.php +fi From acfc563a6c8f469cb8e98c7b681fb9cf821fd476 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 14 Oct 2024 17:51:26 +0200 Subject: [PATCH 153/316] Logging apache pid in v-make-main-apache-log --- bin/v-make-main-apache-log | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log index dc124064..96e91877 100644 --- a/bin/v-make-main-apache-log +++ b/bin/v-make-main-apache-log @@ -7,7 +7,7 @@ chown root:adm /var/log/apache2/time.log find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then - sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\"" time|g' /etc/apache2/apache2.conf + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf fi systemctl restart apache2 From 24371b8bbfa16ee3e9137f29b0f37420cb9afabc Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Oct 2024 22:12:23 +0200 Subject: [PATCH 154/316] Update v-clone-website: adding --EXCLUDE_UPLOADS parameter --- bin/v-clone-website | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index f0db7246..8670ee3a 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -313,6 +313,7 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL" echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT" echo "SEARCH_FOR_CONFIGS_DATABASE_NAME = $SEARCH_FOR_CONFIGS_DATABASE_NAME" echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME" +echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS" echo "===============================================================================" read -p "=== Press Enter to continue ===" @@ -373,14 +374,22 @@ cd /root/temp mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql +rm $FROM_DATABASE_NAME.sql + +EXCLUDE='' +if [ ! -z "$EXCLUDE_UPLOADS" ]; then + EXCLUDE="--exclude '/wp-content/uploads/*'" +fi echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER" if [ "$SITE_SUBFOLDER" != ".." ]; then - echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run else - echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run fi echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER" chown -R $TO_USER:$TO_USER $TO_FOLDER From da84a0b9131ddbc42d0e7fc3f6311181b9fbeb54 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Oct 2024 18:08:09 +0200 Subject: [PATCH 155/316] v-fix-php-ini-disable-functions --- bin/v-fix-php-ini-disable-functions | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 bin/v-fix-php-ini-disable-functions diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions new file mode 100644 index 00000000..1324bfa2 --- /dev/null +++ b/bin/v-fix-php-ini-disable-functions @@ -0,0 +1,28 @@ +#!/bin/bash + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +echo "=== Fixing php.ini files to have the correct disable_functions line" + +export NOTFOUNDVAL="exec,system,passthru,shell_exec" +export LINEBEGINSWITH="disable_functions =" +export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" + +echo "== Fixing existing lines" +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; done' _ + +export NOTFOUNDVAL2="^$LINEBEGINSWITH" +export REMOVELINETHATCONTAINS=$LINEBEGINSWITH + +echo "== Adding missing lines" +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; done' _ + +echo "== Restarting all PHP-FPM services" +systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + +echo "=== Everything done." +exit 0 From afc6b62d5cd927377d5a435232bbdd21078996f8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Oct 2024 20:57:20 +0200 Subject: [PATCH 156/316] v-fix-php-ini-disable-dunctions exclude patching --- bin/v-fix-php-ini-disable-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions index 1324bfa2..a9d572f6 100644 --- a/bin/v-fix-php-ini-disable-functions +++ b/bin/v-fix-php-ini-disable-functions @@ -13,13 +13,13 @@ export LINEBEGINSWITH="disable_functions =" export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" echo "== Fixing existing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ export NOTFOUNDVAL2="^$LINEBEGINSWITH" export REMOVELINETHATCONTAINS=$LINEBEGINSWITH echo "== Adding missing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ echo "== Restarting all PHP-FPM services" systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart From 89fc5a1ebd94be9ab0588a2386f81ee6739ed44f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:07:38 +0100 Subject: [PATCH 157/316] SRS support for Exim4 --- bin/v-add-srs-support-to-exim | 65 ++++++++++++++++++++++ install/debian/12/exim/exim4.conf.template | 40 ++++++++++++- install/vst-install-debian.sh | 12 +++- 3 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 bin/v-add-srs-support-to-exim diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim new file mode 100644 index 00000000..39d92e63 --- /dev/null +++ b/bin/v-add-srs-support-to-exim @@ -0,0 +1,65 @@ +#!/bin/bash + +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +echo "=== Addind SRS support to Exim4 ===" +# SRS support is taken from HestiaCP + +if [ ! -f "/etc/exim4/srs.conf" ]; then + echo "= Generating SRS KEY" + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf +fi + +if [ -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then + echo "= Backing up /etc/exim4/exim4.conf.template" + cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs +fi + +if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf" + v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Patching \"dnslookup:\" block" + /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more' +fi + +if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks" + v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"remote_forwarded_smtp:\" block" + v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' +fi + +echo "= Restarting exim4 service" +systemctl restart exim4 + +if [ $? -ne 0 ]; then + systemctl status exim4 + cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template + systemctl restart exim4 + echo "=== Patching failed, old exim conf returned, exim4 restarted again." + exit 1 +fi +echo "=== SRS support was added successfully. ===" + +exit 0 diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index aeb83726..ff0d7ab3 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -13,6 +13,8 @@ add_environment=<; PATH=/bin:/usr/bin keep_environment= smtputf8_advertise_hosts = +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + #local_interfaces = 0.0.0.0 #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} #smtp_banner = "$smtp_active_hostname ESMTP $tod_full" @@ -267,8 +269,11 @@ begin routers dnslookup: driver = dnslookup - domains = !+local_domains - transport = remote_smtp + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} no_more localuser_spam: @@ -305,6 +310,23 @@ autoreplay: transport = userautoreply unseen +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + aliases: driver = redirect headers_add = X-redirected: yes @@ -357,6 +379,20 @@ remote_smtp: hosts_try_chunking = !93.188.3.0/24 message_linelength_limit = 1G +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + procmail: driver = pipe command = "/usr/bin/procmail -d $local_part" diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 75dfd1d7..62277e06 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -131,7 +131,11 @@ help() { # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - LENGTH=32 + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 @@ -1465,6 +1469,12 @@ if [ "$exim" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template fi + # Generating SRS KEY - the code is taken from HestiaCP + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf + chmod 640 /etc/exim4/exim4.conf.template rm -rf /etc/exim4/domains mkdir -p /etc/exim4/domains From 24d84de6d282d9a5fd2e40531fe180fb9597b495 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Nov 2024 23:58:05 +0100 Subject: [PATCH 158/316] Update v-fix-php-ini-disable-functions --- bin/v-fix-php-ini-disable-functions | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions index a9d572f6..3bce868f 100644 --- a/bin/v-fix-php-ini-disable-functions +++ b/bin/v-fix-php-ini-disable-functions @@ -3,26 +3,33 @@ whoami=$(whoami) if [ "$whoami" != "root" ]; then echo "You must be root to execute this script" - exit 1 + exit 1; fi +if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi; + echo "=== Fixing php.ini files to have the correct disable_functions line" export NOTFOUNDVAL="exec,system,passthru,shell_exec" export LINEBEGINSWITH="disable_functions =" export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" -echo "== Fixing existing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ export NOTFOUNDVAL2="^$LINEBEGINSWITH" export REMOVELINETHATCONTAINS=$LINEBEGINSWITH -echo "== Adding missing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ -echo "== Restarting all PHP-FPM services" -systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart +if [ -f "/tmp/patched" ]; then + rm /tmp/patched -echo "=== Everything done." -exit 0 + echo "== Restarting all PHP-FPM services" + systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + + echo "=== Everything done." +else + echo "=== Everything is already correct." +fi + +exit 0; From 46d2a729a1a1e1bdfd9e8b9196a513df576f15ad Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 17:22:47 +0100 Subject: [PATCH 159/316] Update v-clean-garbage --- bin/v-clean-garbage | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 4cfc1f33..a3dfecbc 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -14,6 +14,10 @@ if [ "$whoami" != "root" ]; then exit 1 fi +echo "===== Before cleaning =====" +df -h +echo "===========================" + # Includes source /usr/local/vesta/func/main.sh @@ -107,7 +111,13 @@ fi # Vesta # #----------------------------------------------------------# -echo "=== Garbage cleaned ===" +echo "" +echo "***** Garbage cleaned *****" +echo "" +echo "===== After cleaning ======" +df -h +echo "===========================" + log_event "$OK" "$ARGUMENTS" From f5027aff5de0ad022dce6ec094af6c0f7fd673b6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 18:03:09 +0100 Subject: [PATCH 160/316] Update v-clean-garbage --- bin/v-clean-garbage | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index a3dfecbc..64484db1 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -69,6 +69,8 @@ clean_home() { find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name "*.php" -not -name ".htaccess" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; From 5eb06073199717272bb5be3ce35b6fa364db28d0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 18:23:52 +0100 Subject: [PATCH 161/316] Update exim4.conf.template - avoid ACL error failed to expand ACL string "${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}": failed to open /etc/exim4/domains//aliases for linear search: No such file or directory --- install/debian/12/exim/exim4.conf.template | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index ff0d7ab3..15264797 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -147,6 +147,7 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes From 60ce986ece4739f3e3d76e2b69e1b6dc7885004e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 18:11:14 +0100 Subject: [PATCH 162/316] Update v-add-srs-support-to-exim --- bin/v-add-srs-support-to-exim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 39d92e63..5113c693 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -25,7 +25,7 @@ if [ ! -f "/etc/exim4/srs.conf" ]; then chown root:Debian-exim /etc/exim4/srs.conf fi -if [ -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then +if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then echo "= Backing up /etc/exim4/exim4.conf.template" cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs fi From de2305b3ffe31da361f3f8be906693e53a165b8d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 18:36:32 +0100 Subject: [PATCH 163/316] Update vst-install-debian.sh --- install/vst-install-debian.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 62277e06..625278bc 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1436,7 +1436,7 @@ if [ "$named" = 'yes' ]; then sed -i "s#/etc/bind/\*\* r,#/etc/bind/\*\* rw,\n /home/\*\* rwm,#g" /etc/apparmor.d/usr.sbin.named # service apparmor status >/dev/null 2>&1 # if [ $? -ne 0 ]; then - service apparmor restart + systemctl restart apparmor # fi fi # update-rc.d bind9 defaults @@ -1489,7 +1489,8 @@ if [ "$exim" = 'yes' ]; then #update-rc.d exim4 defaults currentservice='exim4' ensure_startup $currentservice - ensure_start $currentservice + systemctl restart $currentservice + # ensure_start $currentservice fi From 5e9cf711e61fae62fdb4f8e09fa5faec73708a19 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 19:43:49 +0100 Subject: [PATCH 164/316] Add some loops due to 403 errors durring LE request in some random cases Credits to HestiaCP - https://github.com/hestiacp/hestiacp/pull/4622 --- bin/v-add-letsencrypt-domain | 51 +++++++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 1f1f5a6e..97e555fa 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -154,6 +154,11 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do done payload=$(echo "$payload"|sed "s/,$//") payload=$payload']}' +# validation='pending' +# # Start counter to avoid infinite loop +# i=0 +# while [ "$validation" = 'pending' ]; do +# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$url" "$payload" "$nonce") @@ -168,10 +173,19 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n') echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log +validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') +echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 201 ]]; then echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt new auth status $status" fi +# # Exit the loop after 5 attempts +# i=$((i + 1)) +# if [ $i -gt 5 ]; then +# break +# fi +# sleep 2 +# done # Requesting authorization token / STEP 3 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log @@ -276,19 +290,30 @@ for auth in $authz; do # Doing pol check on status i=1 while [ "$validation" = 'pending' ]; do - echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log - payload='{}' - echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log - answer=$(query_le_v2 "$url" "$payload" "$nonce") - echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log - url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") - echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log - validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") - echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log - nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') - echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log - status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') - echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + i=0 + while true; do + echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log + payload='{}' + echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$url" "$payload" "$nonce") + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then + break + fi + i=$((i + 1)) + if ((i > 30)); then + break + fi + sleep 2 + done if [[ "$status" -ne 200 ]]; then echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt validation status $status" From e8c912513d89d426691e40c3d79d39db834f0be9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:19:52 +0100 Subject: [PATCH 165/316] Support for PHP 8.4 --- .../tools/apache-fpm-tpl/PHP-FPM-84-public.sh | 133 ++++++++++++++++++ .../apache-fpm-tpl/PHP-FPM-84-public.stpl | 36 +++++ .../apache-fpm-tpl/PHP-FPM-84-public.tpl | 30 ++++ .../tools/apache-fpm-tpl/PHP-FPM-84.sh | 133 ++++++++++++++++++ .../tools/apache-fpm-tpl/PHP-FPM-84.stpl | 36 +++++ .../tools/apache-fpm-tpl/PHP-FPM-84.tpl | 30 ++++ .../for-download/tools/multi-php-install.sh | 35 ++++- 7 files changed, 432 insertions(+), 1 deletion(-) create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 6a65a888..cc024202 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -14,6 +14,7 @@ inst_80=0 inst_81=0 inst_82=0 inst_83=0 +inst_84=0 ####################################################################### @@ -60,8 +61,11 @@ fi if [ $# -gt 10 ]; then inst_83=${11} fi +if [ $# -gt 11 ]; then + inst_84=${12} +fi -if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ]; then +if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ] || [ $inst_84 -eq 1 ]; then inst_repo=1 fi @@ -92,6 +96,7 @@ echo "inst_80=$inst_80" echo "inst_81=$inst_81" echo "inst_82=$inst_82" echo "inst_83=$inst_83" +echo "inst_84=$inst_84" echo "wait_to_press_enter=$wait_to_press_enter" press_enter "=== Press enter to continue ===============================================================================" @@ -372,6 +377,33 @@ if [ "$inst_83" -eq 1 ]; then press_enter "=== PHP 8.3 installed, press enter to continue ===============================================================================" fi +if [ "$inst_84" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.4 ===============================================================================" + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + update-rc.d php8.4-fpm defaults + a2enconf php8.4-fpm + a2dismod php8.4 + apt-get -y remove libapache2-mod-php8.4 + systemctl restart apache2 + cp -r /etc/php/8.4/ /root/vst_install_backups/php8.4/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + echo "=== Patching php.ini for php8.4" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.4.patch + patch /etc/php/8.4/fpm/php.ini < /root/php8.4.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.4/fpm/php.ini + fi + service php8.4-fpm restart + press_enter "=== PHP 8.4 installed, press enter to continue ===============================================================================" +fi + apt update > /dev/null 2>&1 apt upgrade -y > /dev/null 2>&1 @@ -389,6 +421,7 @@ if [ $debian_version -ge 10 ]; then a2dismod php8.1 > /dev/null 2>&1 a2dismod php8.2 > /dev/null 2>&1 a2dismod php8.3 > /dev/null 2>&1 + a2dismod php8.4 > /dev/null 2>&1 a2dismod mpm_prefork > /dev/null 2>&1 a2enmod mpm_event > /dev/null 2>&1 apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 From 2cbf37e4d121328035b603d796a71ffd445bb4f5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:40:57 +0100 Subject: [PATCH 166/316] Temporarily disabling php8.4-memcache, memcached, imagick --- src/deb/for-download/tools/multi-php-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index cc024202..b3e3afc4 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -379,7 +379,8 @@ fi if [ "$inst_84" -eq 1 ]; then press_enter "=== Press enter to install PHP 8.4 ===============================================================================" - apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip + # php8.4-memcache php8.4-memcached php8.4-imagick update-rc.d php8.4-fpm defaults a2enconf php8.4-fpm a2dismod php8.4 From a7d7c3686c00ed816a6455b7f94f7725e73ffe39 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:26:36 +0100 Subject: [PATCH 167/316] Update v-add-srs-support-to-exim: compatibility for Debian < 12 --- bin/v-add-srs-support-to-exim | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 5113c693..b31be1e8 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -50,6 +50,16 @@ if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' fi +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 11 ]; then + echo "= Removing \"smtputf8_advertise_hosts\" line for Debian < 11" + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template +fi +if [ "$release" -lt 12 ]; then + echo "= Removing \"message_linelength_limit\" line for Debian < 12" + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template +fi + echo "= Restarting exim4 service" systemctl restart exim4 From 8c477c39bf4571f68973c5797f140c6b2ae1e063 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:49:14 +0100 Subject: [PATCH 168/316] Update v-add-srs-support-to-exim: Block execution in Exim < 4.96 --- bin/v-add-srs-support-to-exim | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index b31be1e8..85f1f908 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -14,6 +14,14 @@ gen_pass() { echo "$PASS" } +eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') +eximversioni="${eximversion%%[^0-9]+([0-9])}" +eximversionf="${eximversion##+([0-9])[^0-9]}" +if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + exit 1; +fi + echo "=== Addind SRS support to Exim4 ===" # SRS support is taken from HestiaCP @@ -50,15 +58,10 @@ if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' fi -release=$(cat /etc/debian_version | tr "." "\n" | head -n1) -if [ "$release" -lt 11 ]; then - echo "= Removing \"smtputf8_advertise_hosts\" line for Debian < 11" - sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template -fi -if [ "$release" -lt 12 ]; then - echo "= Removing \"message_linelength_limit\" line for Debian < 12" - sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template -fi +touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_email_account_max_recipients +touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_hosting_account_max_recipients echo "= Restarting exim4 service" systemctl restart exim4 From 15b5996e4f8aad15e770d1400ae23d5dbff0cf2a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:56:10 +0100 Subject: [PATCH 169/316] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 17a0d0ca..35799b26 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -1,4 +1,4 @@ -#!/bin/bash + #!/bin/bash # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users # options: MAIL_HOSTNAME MAIL_IP @@ -45,7 +45,7 @@ is_domain_format_valid "$MAIL_HOSTNAME" is_ip_format_valid "$MAIL_IP" HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME") -if [ -z "$HOST_USER" ]; then +if [ -z "$HOST_USER" ]; then echo "Error: hostname $HOSTNAME is not created as web domain" exit 4 fi @@ -140,14 +140,18 @@ if [ "$check_grep" -eq 0 ]; then mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 11 ]; then - sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template - fi - if [ "$release" -lt 12 ]; then + eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') + eximversioni="${eximversion%%[^0-9]+([0-9])}" + eximversionf="${eximversion##+([0-9])[^0-9]}" + if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi + if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 94 ]; then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template From 0f71df9a951f3b49c9d30bb97b87bea11b3e5dc3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:59:43 +0100 Subject: [PATCH 170/316] Create exim4.conf.template.without-srs --- .../12/exim/exim4.conf.template.without-srs | 451 ++++++++++++++++++ 1 file changed, 451 insertions(+) create mode 100644 install/debian/12/exim/exim4.conf.template.without-srs diff --git a/install/debian/12/exim/exim4.conf.template.without-srs b/install/debian/12/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/12/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### From 74fecc45d36c4f0b802cefa874d3d298b2cf4f2c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:02:05 +0100 Subject: [PATCH 171/316] Update v-add-srs-support-to-exim --- bin/v-add-srs-support-to-exim | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 85f1f908..4b7789ea 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -15,10 +15,9 @@ gen_pass() { } eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') -eximversioni="${eximversion%%[^0-9]+([0-9])}" -eximversionf="${eximversion##+([0-9])[^0-9]}" -if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then +if (( $(echo "$eximversion < 4.96" | bc -l) )); then echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + echo "You have Exim $eximversion" exit 1; fi From a2ed0dbf7ac43dc37d3c57987cee3ab2e71edf04 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:03:53 +0100 Subject: [PATCH 172/316] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 35799b26..15e42c05 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -141,14 +141,12 @@ if [ "$check_grep" -eq 0 ]; then cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') - eximversioni="${eximversion%%[^0-9]+([0-9])}" - eximversionf="${eximversion##+([0-9])[^0-9]}" - if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + if (( $(echo "$eximversion < 4.96" | bc -l) )); then cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi - if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 94 ]; then + if (( $(echo "$eximversion < 4.94" | bc -l) )); then sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template fi From 015b3c4571d3972cd3c2fb072e9f2fa921944ac5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:17:29 +0100 Subject: [PATCH 173/316] nginx deny rules conf --- bin/v-add-firewall-ban | 5 +++++ bin/v-delete-firewall-ban | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index a1eed13e..3bdc8170 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -72,6 +72,11 @@ $iptables -I fail2ban-$chain 1 -s $ip \ # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban index 52f3403d..cb5b352c 100755 --- a/bin/v-delete-firewall-ban +++ b/bin/v-delete-firewall-ban @@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # From 6a35d14f0cdb122cb217d2177f9f157182a843c6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 19 Nov 2024 21:59:09 +0100 Subject: [PATCH 174/316] Update v-add-firewall-ban: nginx deny rules conf --- bin/v-add-firewall-ban | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index 3bdc8170..80143132 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -74,8 +74,10 @@ chmod 660 $conf # nginx deny rules conf if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then - echo "deny $ip;" >> /etc/nginx/conf.d/block.conf - systemctl reload nginx + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx + fi fi #----------------------------------------------------------# From af8c07194454a50c7bc44ae79bdb64973b9aa6e4 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 25 Nov 2024 11:25:22 +0100 Subject: [PATCH 175/316] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 64484db1..36b50830 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -70,7 +70,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 - find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name "*.php" -not -name ".htaccess" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; From 00ef25524d815242290beeaca19e35277742a599 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:04:37 +0100 Subject: [PATCH 176/316] Create v-blacklist-email-domain --- bin/v-blacklist-email-domain | 133 +++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 bin/v-blacklist-email-domain diff --git a/bin/v-blacklist-email-domain b/bin/v-blacklist-email-domain new file mode 100644 index 00000000..a72a17a9 --- /dev/null +++ b/bin/v-blacklist-email-domain @@ -0,0 +1,133 @@ +#!/bin/bash +# info: Add a domain to exim4 and spamassassin blacklist +# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a domain already exists in a file +check_domain_exists() { + local domain=$1 + local file=$2 + grep -qE "^${domain}$" "$file" +} + +# Function to check if a SpamAssassin entry already exists +check_spamassassin_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add domain to file +add_domain_to_file() { + local domain=$1 + local file=$2 + echo "$domain" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for Exim4 +EXIM_ENTRY_MAIN="$DOMAIN" +EXIM_ENTRY_SUB="*.$DOMAIN" + +# Prepare entries for SpamAssassin +SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}" +SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE." + else + echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE." + fi +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From aa92b6a2706def542eafdfc34c3ec6f35ab1ce35 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:07 +0100 Subject: [PATCH 177/316] Create v-blacklist-email-account --- bin/v-blacklist-email-account | 102 ++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 bin/v-blacklist-email-account diff --git a/bin/v-blacklist-email-account b/bin/v-blacklist-email-account new file mode 100644 index 00000000..59ec9cf8 --- /dev/null +++ b/bin/v-blacklist-email-account @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Add a specific email address to exim4 and spamassassin blacklist +# usage: v-blacklist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-blacklist-email EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Prepare entries for Exim4 and SpamAssassin +EXIM_ENTRY="$EMAIL" +SPAMASSASSIN_ENTRY="blacklist_from $EMAIL" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then + add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE." +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 92ddd343a2706620e297decddfcc97c2c38cdce5 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:30 +0100 Subject: [PATCH 178/316] Create v-whitelist-email-domain --- bin/v-whitelist-email-domain | 119 +++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 bin/v-whitelist-email-domain diff --git a/bin/v-whitelist-email-domain b/bin/v-whitelist-email-domain new file mode 100644 index 00000000..9d877ad4 --- /dev/null +++ b/bin/v-whitelist-email-domain @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a domain to SpamAssassin whitelist +# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a SpamAssassin whitelist entry already exists +check_whitelist_exists() { + local entry=$1 + local file=$2 + grep -qF "whitelist_from $entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklist_exists() { + local domain=$1 + local file=$2 + grep -qE "blacklist_from.*${domain}$" "$file" +} + +# Function to add whitelist entry to file +add_whitelist_to_file() { + local entry=$1 + local file=$2 + echo "whitelist_from $entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY_MAIN="*@${DOMAIN}" +WHITELIST_ENTRY_SUB="*.$DOMAIN" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the domain is already blacklisted +if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $DOMAIN. It is already blacklisted." + exit 1 +fi + +# Add the main entry +if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +# Add the subdomain entry if needed +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 62b0e672a66211c3ec0c5f57d1687f4b015a9e63 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:50 +0100 Subject: [PATCH 179/316] Create v-whitelist-email-account --- bin/v-whitelist-email-account | 119 ++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 bin/v-whitelist-email-account diff --git a/bin/v-whitelist-email-account b/bin/v-whitelist-email-account new file mode 100644 index 00000000..4a6e6329 --- /dev/null +++ b/bin/v-whitelist-email-account @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a specific email address to SpamAssassin whitelist +# usage: v-whitelist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklisted() { + local pattern=$1 + local file=$2 + grep -qE "blacklist_from.*${pattern}" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-whitelist-email-account EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Extract the domain from the email address +DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}') + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY="whitelist_from $EMAIL" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the email address or its domain is already blacklisted +if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. It is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted." + exit 1 +fi + +# Add the email to whitelist if not already present +if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 2e66899997a4ea3c1326b436eb88871e303c9f4d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:06:50 +0100 Subject: [PATCH 180/316] Create v-cd-www --- bin/v-cd-www | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 bin/v-cd-www diff --git a/bin/v-cd-www b/bin/v-cd-www new file mode 100644 index 00000000..449b5fa2 --- /dev/null +++ b/bin/v-cd-www @@ -0,0 +1,69 @@ +#!/bin/bash +# info: Change directory to the public_html folder of a domain +# usage: v-cd-www DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + echo "This script must be sourced to change the current directory." + echo "Usage: source v-cd-www DOMAIN" + exit 1 +fi + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + return 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "Domain $domain doesn't exist" + return 1 +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User $user doesn't exist" + return 1 +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain $domain doesn't have a public_html directory" + return 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "/home/$user/web/$domain/public_html" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +return 0 From 82803093d6836274fb971df28a6b189087e13c91 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:07:40 +0100 Subject: [PATCH 181/316] Update v-cd-www --- bin/v-cd-www | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-cd-www b/bin/v-cd-www index 449b5fa2..01e9c221 100644 --- a/bin/v-cd-www +++ b/bin/v-cd-www @@ -1,6 +1,6 @@ #!/bin/bash # info: Change directory to the public_html folder of a domain -# usage: v-cd-www DOMAIN +# usage: source v-cd-www DOMAIN #----------------------------------------------------------# # Variable&Function # From 33377836662a2ebfe87cfee7370355de9c406c26 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Dec 2024 18:35:57 +0100 Subject: [PATCH 182/316] v-cd-www alias --- bin/{v-cd-www => v-change-dir-www} | 0 install/vst-install-debian.sh | 2 ++ 2 files changed, 2 insertions(+) rename bin/{v-cd-www => v-change-dir-www} (100%) diff --git a/bin/v-cd-www b/bin/v-change-dir-www similarity index 100% rename from bin/v-cd-www rename to bin/v-change-dir-www diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 625278bc..cb6ee921 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2064,6 +2064,8 @@ echo "================================================================" # Removing old PHP sessions files crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +echo "alias v-cd-www='source /usr/local/vesta/bin/change-dir-www'" >> /root/.bash_profile + #----------------------------------------------------------# # myVesta Access Info # #----------------------------------------------------------# From 0639e7765f9452cadfa260183546aff5686953e9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Dec 2024 18:52:53 +0100 Subject: [PATCH 183/316] Update vst-install-debian.sh --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index cb6ee921..47153ade 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2064,7 +2064,7 @@ echo "================================================================" # Removing old PHP sessions files crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - -echo "alias v-cd-www='source /usr/local/vesta/bin/change-dir-www'" >> /root/.bash_profile +echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile #----------------------------------------------------------# # myVesta Access Info # From 2daa635cdef0618ddb9543963ff2a0ffd47e593d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:47:21 +0100 Subject: [PATCH 184/316] Update v-change-dir-www --- bin/v-change-dir-www | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www index 01e9c221..4a44eac2 100644 --- a/bin/v-change-dir-www +++ b/bin/v-change-dir-www @@ -20,6 +20,7 @@ fi # Importing system environment source /etc/profile +PATH=$PATH:/usr/local/vesta/bin && export PATH SILENT_MODE=1 From 9fdfe2760a31df12ba56e9c1692ee14c207b63db Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Dec 2024 15:50:07 +0100 Subject: [PATCH 185/316] Update v-change-dir-www --- bin/v-change-dir-www | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www index 4a44eac2..1f230099 100644 --- a/bin/v-change-dir-www +++ b/bin/v-change-dir-www @@ -28,17 +28,18 @@ SILENT_MODE=1 domain=$1 user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) + +if [ -z "$user" ]; then + echo "Domain $domain doesn't exist" + return 1 +fi + USER=$user # Includes source /usr/local/vesta/func/main.sh source /usr/local/vesta/func/domain.sh -if [ -z "$user" ]; then - check_result $E_NOTEXIST "Domain $domain doesn't exist" - return 1 -fi - #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# From 0e881c911b9713e7e11cf255cbd59c7512229eef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:46:47 +0100 Subject: [PATCH 186/316] Update v-update-firewall - skip CentOS block --- bin/v-update-firewall | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bin/v-update-firewall b/bin/v-update-firewall index 142cb39b..6d359f07 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then fi # Saving rules to the master iptables file -if [ -d "/etc/sysconfig" ]; then - /sbin/iptables-save > /etc/sysconfig/iptables - if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then - /sbin/chkconfig iptables on - fi -else +# if [ -d "/etc/sysconfig" ]; then +# /sbin/iptables-save > /etc/sysconfig/iptables +# if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then +# /sbin/chkconfig iptables on +# fi +# else /sbin/iptables-save > /etc/iptables.rules preup="/etc/network/if-pre-up.d/iptables" if [ ! -e "$preup" ]; then @@ -178,7 +178,7 @@ else echo "exit 0" >> $preup chmod +x $preup fi -fi +# fi # Worarkound for OpenVZ if [ -e "/proc/vz/veinfo" ]; then From c1072ec9e40368f7454e7b5e94a512d1a0df87ed Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 13 Dec 2024 11:34:12 +0100 Subject: [PATCH 187/316] Update v-clone-website --- bin/v-clone-website | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-clone-website b/bin/v-clone-website index 8670ee3a..0a25f6a7 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -20,6 +20,7 @@ if [ $# -lt 2 ]; then echo "--TO_DATABASE_USERNAME=..." echo "--TO_DATABASE_PASSWORD=..." echo "--SITE_SUBFOLDER=..." + echo "--EXCLUDE_UPLOADS=1 (or do not set it)" exit 1 fi From c5e54643734df52da4d43d6bcae50a9a0016507f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 3 Jan 2025 17:16:07 +0100 Subject: [PATCH 188/316] Update v-restore-user: permissions fix --- bin/v-restore-user | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-restore-user b/bin/v-restore-user index af451d88..a2dab574 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -417,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then # Restoring web domain data chown $user $tmpdir chmod u+w $HOMEDIR/$user/web/$domain + chmod 0755 $tmpdir/web/$domain sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \ 2> $HOMEDIR/$user/web/$domain/restore_errors.log @@ -618,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then chown $user $tmpdir chmod u+w $HOMEDIR/$user/mail/$domain_idn + chmod 0755 $tmpdir/mail/$domain sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then From 7937088e9cc219a635b15712d04facdd85658558 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 3 Jan 2025 18:09:06 +0100 Subject: [PATCH 189/316] Update index.php: Prevent recreation of token by shitty browser add-ons --- web/login/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/login/index.php b/web/login/index.php index 18841344..5de05451 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -1,5 +1,7 @@ Date: Mon, 10 Feb 2025 15:51:42 +0100 Subject: [PATCH 190/316] Update v-clone-website: mysqldump --max_allowed_packet=1024M --- bin/v-clone-website | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 0a25f6a7..0258e39a 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -372,7 +372,7 @@ if [ -d "/root/temp" ]; then fi mkdir -p /root/temp cd /root/temp -mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql +mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql rm $FROM_DATABASE_NAME.sql From 32aae7dbff1794f969a4f8726ddb425e90661d43 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 20 Feb 2025 14:02:27 +0100 Subject: [PATCH 191/316] Update multi-php-install.sh: bringing back php8.4-memcached & imagick --- src/deb/for-download/tools/multi-php-install.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index b3e3afc4..70d589cc 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -118,7 +118,7 @@ if [ "$inst_repo" -eq 1 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list' fi apt update - apt upgrade -y + # apt upgrade -y press_enter "=== Press enter to continue ===============================================================================" fi @@ -379,8 +379,7 @@ fi if [ "$inst_84" -eq 1 ]; then press_enter "=== Press enter to install PHP 8.4 ===============================================================================" - apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip - # php8.4-memcache php8.4-memcached php8.4-imagick + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick update-rc.d php8.4-fpm defaults a2enconf php8.4-fpm a2dismod php8.4 From 039dc4a561bc803c966094b6fd1720414c9a7dfa Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Feb 2025 22:51:44 +0100 Subject: [PATCH 192/316] SpamHaus DNSBL removed from exim4 --- Changelog.md | 5 +++++ install/debian/10/exim/dnsbl.conf | 1 - install/debian/11/exim/dnsbl.conf | 1 - install/debian/12/exim/dnsbl.conf | 1 - install/debian/8/exim/dnsbl.conf | 1 - install/debian/9/exim/dnsbl.conf | 1 - install/vst-install-debian.sh | 1 + src/deb/latest.txt | 2 +- src/deb/vesta/postinst | 6 ++++++ 9 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Changelog.md b/Changelog.md index 7d22747a..36478469 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,8 @@ +Version 0.9.9-0-12 [28-Feb-2025] +================================================== +* SpamHaus DNSBL removed from exim4 +* A lot of small bugs fixed + Version 0.9.9-0-11 [30-May-2024] ================================================== * Introducing v-run-wp-cli command ( @isscbta ) diff --git a/install/debian/10/exim/dnsbl.conf b/install/debian/10/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/10/exim/dnsbl.conf +++ b/install/debian/10/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/11/exim/dnsbl.conf b/install/debian/11/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/11/exim/dnsbl.conf +++ b/install/debian/11/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/12/exim/dnsbl.conf b/install/debian/12/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/12/exim/dnsbl.conf +++ b/install/debian/12/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/8/exim/dnsbl.conf b/install/debian/8/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/8/exim/dnsbl.conf +++ b/install/debian/8/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/9/exim/dnsbl.conf b/install/debian/9/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/9/exim/dnsbl.conf +++ b/install/debian/9/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 47153ade..850b91f7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2037,6 +2037,7 @@ touch /usr/local/vesta/data/upgrades/enable_cookie_httponly touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply touch /usr/local/vesta/data/upgrades/freshclam_start touch /usr/local/vesta/data/upgrades/barracuda_rbl +touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed # Secret URL secretquery='' diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 4b6e56b5..c1732bff 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-11 \ No newline at end of file +vesta-0.9.9-0-12 \ No newline at end of file diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 4d414655..9f8ee3e8 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,12 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Removing SpamHaus DNSBL +if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then + sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf + touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +fi + # Fixing 'dh key too small' in dovecot if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then if grep -q 'dh key too small' /var/log/dovecot.log.1; then From dc1979461e649f330707e1bd782dd28b21150114 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 11 Mar 2025 00:18:05 +0100 Subject: [PATCH 193/316] Update v-make-main-apache-log --- bin/v-make-main-apache-log | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log index 96e91877..6a6dfadd 100644 --- a/bin/v-make-main-apache-log +++ b/bin/v-make-main-apache-log @@ -11,10 +11,4 @@ if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i fi systemctl restart apache2 -if [ ! -f "/root/analyze-traffic-per-time.php" ]; then - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-time.php -O /root/analyze-traffic-per-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-time.php -O /root/analyze-traffic-per-site-sort-by-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-hits.php -O /root/analyze-traffic-per-site-sort-by-hits.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-time.php -O /root/analyze-traffic-per-ip-sort-by-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-hits.php -O /root/analyze-traffic-per-ip-sort-by-hits.php -fi +wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php From 24908aede144d562daaf830b578f7761c55040c3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:22:54 +0100 Subject: [PATCH 194/316] Update v-move-folder-and-make-symlink --- bin/v-move-folder-and-make-symlink | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index 81561a97..2ee241fa 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -66,19 +66,20 @@ fi # Action # #----------------------------------------------------------# -rsync -a "$FROMFOLDER/" "$TOFOLDER/" -# with slashes on the end of the path of both folders -if [ "$?" -ne 0 ]; then - echo "Error happened, aborting" - exit 1 -fi - if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1 # with slashes on the end of the path of the folder fi +# rsync -a "$FROMFOLDER/" "$TOFOLDER/" +mv "$FROMFOLDER" "$TOFOLDER" +# with slashes on the end of the path of both folders +if [ "$?" -ne 0 ]; then + echo "Error happened, aborting" + exit 1 +fi + rm -rf "$FROMFOLDER" # without slash on the end of the path of the folder From 4437f6f0dac75831169d291a0ee41cd084340310 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:25:04 +0100 Subject: [PATCH 195/316] Update v-move-folder-and-make-symlink --- bin/v-move-folder-and-make-symlink | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index 2ee241fa..c8b54779 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -73,8 +73,9 @@ if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then fi # rsync -a "$FROMFOLDER/" "$TOFOLDER/" -mv "$FROMFOLDER" "$TOFOLDER" # with slashes on the end of the path of both folders + +mv "$FROMFOLDER" "$TOFOLDER" if [ "$?" -ne 0 ]; then echo "Error happened, aborting" exit 1 From 01e4890a97e49b1cc99507794e30aa2f8dd12c9f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 31 Mar 2025 16:41:43 +0200 Subject: [PATCH 196/316] Update multi-php-install.sh: Fixing disable_functions line --- src/deb/for-download/tools/multi-php-install.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 70d589cc..aa1b7353 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -405,8 +405,8 @@ if [ "$inst_84" -eq 1 ]; then fi -apt update > /dev/null 2>&1 -apt upgrade -y > /dev/null 2>&1 +# apt update > /dev/null 2>&1 +# apt upgrade -y > /dev/null 2>&1 if [ $debian_version -ge 10 ]; then a2dismod ruid2 > /dev/null 2>&1 @@ -454,6 +454,10 @@ if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then echo "=== upgrading tailf_apache_error.php done." sleep 3 echo "" - echo "Everything done." - echo "" fi + +# Fixing php.ini files to have the correct disable_functions line +/usr/local/vesta/bin/v-fix-php-ini-disable-functions + +echo "Everything done." +echo "" From 57f179ad05b1ac1cd261d7a0d476f1ff7c8b0b62 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 20:23:46 +0200 Subject: [PATCH 197/316] When deleting a domain, also delete the database if the domain has a database. --- bin/v-delete-database-of-domain | 69 +++++++++++++++++++++++++++++++++ bin/v-delete-domain | 7 ++-- 2 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 bin/v-delete-database-of-domain diff --git a/bin/v-delete-database-of-domain b/bin/v-delete-database-of-domain new file mode 100644 index 00000000..30fd18c0 --- /dev/null +++ b/bin/v-delete-database-of-domain @@ -0,0 +1,69 @@ +#!/bin/bash +# info: delete database if domain has database +# options: DOMAIN +# +# The function for deleting database if domain has database + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +RET=$OK + +# echo "=================================" +r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain) +# echo $r +eval $r +# echo "=================================" + +if [ ! -z "$DATABASE_NAME" ]; then + echo "=== v-delete-database $USER $DATABASE_NAME" + /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME + if [ $? -ne 0 ]; then + echo "=== v-delete-database failed" + RET=$E_NOTEXIST + fi +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +log_event "$RET" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-domain b/bin/v-delete-domain index b6294679..1ca3373b 100755 --- a/bin/v-delete-domain +++ b/bin/v-delete-domain @@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user" if [ ! -z "$WEB_SYSTEM" ]; then str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf) if [ ! -z "$str" ]; then + $BIN/v-delete-database-of-domain $domain domain_found='yes' $BIN/v-delete-web-domain $user $domain 'no' - check_result $? "can't suspend web" > /dev/null + check_result $? "can't delete web" > /dev/null fi fi @@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-dns-domain $user $domain 'no' - check_result $? "can't suspend dns" > /dev/null + check_result $? "can't delete dns" > /dev/null fi fi @@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-mail-domain $user $domain - check_result $? "can't suspend mail" > /dev/null + check_result $? "can't delete mail" > /dev/null fi fi From a86f76de091d904cf7e117a374124285aea78a6e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 23:20:42 +0200 Subject: [PATCH 198/316] Update db.sh - mysqldump --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB --- func/db.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/func/db.sh b/func/db.sh index 58a339ee..7e4f4d97 100644 --- a/func/db.sh +++ b/func/db.sh @@ -58,7 +58,7 @@ mysql_query() { mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then From 8bdfade3d4a9a978a94ce741cab7f520b81bfdae Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 23:55:21 +0200 Subject: [PATCH 199/316] Update vst-install-debian.sh --- install/vst-install-debian.sh | 55 +++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 850b91f7..1c1a6da7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -753,31 +753,36 @@ if [ "$mysql" = 'no' ]; then fi if [ "$mysql8" = 'yes' ]; then echo "=== Preparing MySQL 8 apt repo" - software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') - software=$(echo "$software" | sed -e 's/exim4//') - #software="$software php-mysql roundcube-mysql" - echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list - echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list - echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list - echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list - echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - - # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 - key="467B942D3A79BD29" - readonly key - GNUPGHOME="$(mktemp -d)" - export GNUPGHOME - for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) - do - gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break - done - gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg - gpgconf --kill all - rm -rf "${GNUPGHOME}" - unset GNUPGHOME + if [ "$release" -lt 12 ]; then + software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') + software=$(echo "$software" | sed -e 's/exim4//') + #software="$software php-mysql roundcube-mysql" + echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list + echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list + echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list + echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list + echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + + # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 + key="467B942D3A79BD29" + readonly key + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) + do + gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break + done + gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg + gpgconf --kill all + rm -rf "${GNUPGHOME}" + unset GNUPGHOME + else + wget https://dev.mysql.com/get/mysql-apt-config_0.8.30-1_all.deb + dpkg -i mysql-apt-config_0.8.30-1_all.deb + fi mpass=$(gen_pass) debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass" From 0d86e2ca4081e2a83eea05f416d82a0bb7d92fdf Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 24 Apr 2025 22:31:47 +0200 Subject: [PATCH 200/316] Calculate size of directories on /hdd too --- bin/v-update-mail-domain-disk | 3 ++- bin/v-update-mail-domains-disk | 4 ++-- bin/v-update-web-domain-disk | 8 ++++++++ bin/v-update-web-domains-disk | 7 ++++++- func/main.sh | 11 +++++++++++ 5 files changed, 29 insertions(+), 4 deletions(-) diff --git a/bin/v-update-mail-domain-disk b/bin/v-update-mail-domain-disk index 451dbd37..be5502e7 100755 --- a/bin/v-update-mail-domain-disk +++ b/bin/v-update-mail-domain-disk @@ -49,7 +49,8 @@ dom_diks=0 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk index 1dae64cf..807218e3 100755 --- a/bin/v-update-mail-domains-disk +++ b/bin/v-update-mail-domains-disk @@ -35,9 +35,9 @@ fi #----------------------------------------------------------# # Starting loop -for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'mail' 'DOMAIN'); do dom_diks=0 - accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT') + accounts=$(list_objects "mail/$domain" 'ACCOUNT') for account in $accounts; do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then diff --git a/bin/v-update-web-domain-disk b/bin/v-update-web-domain-disk index ac851b92..1bee4685 100755 --- a/bin/v-update-web-domain-disk +++ b/bin/v-update-web-domain-disk @@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi +# Defining hdd home directory +home_dir="/hdd$HOMEDIR/$user/web/$domain/" + +# Checking home directory exist +if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-web-domains-disk b/bin/v-update-web-domains-disk index 5951f289..5ee58abf 100755 --- a/bin/v-update-web-domains-disk +++ b/bin/v-update-web-domains-disk @@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Domain loop -for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'web' 'DOMAIN'); do home_dir="$HOMEDIR/$user/web/$domain/" if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi + home_dir="/hdd$HOMEDIR/$user/web/$domain/" + if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) + fi update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage" done diff --git a/func/main.sh b/func/main.sh index 10de469a..447a6b35 100644 --- a/func/main.sh +++ b/func/main.sh @@ -359,6 +359,17 @@ search_objects() { IFS="$OLD_IFS" } +# List objects +list_objects() { + OLD_IFS="$IFS" + IFS=$'\n' + for line in $(cat $USER_DATA/$1.conf); do + eval $line + eval echo \$$2 + done + IFS="$OLD_IFS" +} + # Get user value get_user_value() { grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}' From 73884322616a5ed7402e005fe9d5754c0da6c394 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Apr 2025 13:52:35 +0200 Subject: [PATCH 201/316] parse_object_kv_list_non_eval() --- func/main.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/func/main.sh b/func/main.sh index 447a6b35..03773920 100644 --- a/func/main.sh +++ b/func/main.sh @@ -1154,3 +1154,82 @@ check_if_service_exists() { echo "0" fi } + +# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl. +# Inspired by HestiaCP function and improved +parse_object_kv_list_non_eval() { + # Let's combine all the parameters into one string, replace the new lines with a space + local str="${*//$'\n'/ }" + str=${str//\\\'/---QUOTE---} + str=${str//\\\"/---DQUOTE---} + local backup_str=$str + + local key val match i length length_val prefix position cut + i=0 + # Searching for key='value' blocks + # Loop until we find the next key='value' + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done + + # Terminate function if we don't expect strings with double apostrophes + if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then + return; + fi + + # Searching for key="value" blocks + str=$backup_str + i=0 + # Loop until we find the next key="value" + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done +} From 6dccbb8276ef0ed6fa2102a83c90675c7520e260 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 7 May 2025 10:37:06 +0200 Subject: [PATCH 202/316] Update vst-install-debian.sh: mysql-apt-config_0.8.34-1_all.deb --- install/vst-install-debian.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 1c1a6da7..3a60c85c 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -780,8 +780,9 @@ if [ "$mysql8" = 'yes' ]; then rm -rf "${GNUPGHOME}" unset GNUPGHOME else - wget https://dev.mysql.com/get/mysql-apt-config_0.8.30-1_all.deb - dpkg -i mysql-apt-config_0.8.30-1_all.deb + # check latest on: https://dev.mysql.com/downloads/repo/apt/ + wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb + dpkg -i mysql-apt-config_0.8.34-1_all.deb fi mpass=$(gen_pass) From 83d12510e32997a0787a3508b08d111e4a7ec4ca Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 12 May 2025 17:27:13 +0200 Subject: [PATCH 203/316] Update v-add-letsencrypt-domain: Detecting valid status on wildcard variant --- bin/v-add-letsencrypt-domain | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 97e555fa..a7c7fbb8 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -308,6 +308,11 @@ for auth in $authz; do if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then break fi + if [ "$wildcard" = 'yes' ]; then + if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then + break + fi + fi i=$((i + 1)) if ((i > 30)); then break From d3fb4e13d593c0c9317afd3add1f3e62bc0a6e7b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 14 May 2025 14:50:22 +0200 Subject: [PATCH 204/316] v-move-domain-and-database-to-account: Update wordfence-waf.php Update v-move-domain-and-database-to-account Update v-delete-web-domain: deleting /hdd/home/$user/web/$domain Update v-delete-user: deleting /hdd/home/$user Update v-delete-mail-domain: removing /hdd/home/$user/mail/$domain_idn Update v-change-domain-owner: moving /hdd/home/$owner/web/$domain Update v-change-domain-owner: moving /hdd/home/$owner/mail/$domain Update v-move-folder-and-make-symlink: debug and additional checking --- bin/v-change-domain-owner | 8 +++++ bin/v-delete-mail-domain | 3 ++ bin/v-delete-user | 2 +- bin/v-delete-web-domain | 3 ++ bin/v-move-domain-and-database-to-account | 44 ++++++++++++++++------- bin/v-move-folder-and-make-symlink | 12 +++++++ 6 files changed, 59 insertions(+), 13 deletions(-) diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 09ae9bcc..ed5fa5a4 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -82,6 +82,10 @@ if [ ! -z "$web_data" ]; then # Move data mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/ + if [ -d "/hdd/home/$owner/web/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain + fi + # Change ownership find $HOMEDIR/$user/web/$domain -user $owner \ -exec chown -h $user:$user {} \; @@ -152,6 +156,10 @@ if [ ! -z "$mail_data" ]; then # Move data mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/ + if [ -d "/hdd/home/$owner/mail/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain + fi + # Change ownership find $HOMEDIR/$user/mail/$domain -user $owner \ -exec chown -h $user {} \; diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index ee727aa9..9be565bb 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn rm -rf $HOMEDIR/$user/conf/mail/$domain rm -rf $HOMEDIR/$user/mail/$domain_idn + if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then + rm -rf /hdd/home/$user/mail/$domain_idn + fi fi # Deleting dkim dns record diff --git a/bin/v-delete-user b/bin/v-delete-user index 120b1f72..cdf809eb 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,7 +94,7 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user -if [ -f "/hdd/home/$user" ]; then +if [ -d "/hdd/home/$user" ]; then rm -rf /hdd/home/$user fi rm -f /var/spool/mail/$user diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 43362e34..e64dd9a7 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -130,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error* # Deleting directory rm -rf $HOMEDIR/$user/web/$domain +if [ -d "/hdd/home/$user/web/$domain" ]; then + rm -rf /hdd/home/$user/web/$domain +fi #----------------------------------------------------------# diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index 08180d99..383fd26e 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -92,31 +92,51 @@ fi # Update Wordfence WAF Path # #----------------------------------------------------------# -# Path to .user.ini file -user_ini="$USER_DATA/web/$domain/public_html/.user.ini" +filepath="/home/USER_TO/web/$domain/public_html/.user.ini" +filename=$(basename $filepath) -# Check if .user.ini exists -if [ -f "$user_ini" ]; then - echo "Updating .user.ini with new user path..." +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." # Temporary file for modification tmp_file=$(mktemp) # Change path from old USER to new USER_TO - sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$user_ini" > "$tmp_file" + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" - # Check if replacement was successful and update .user.ini + # Check if replacement was successful and update file if [ $? -eq 0 ]; then - mv "$tmp_file" "$user_ini" - echo ".user.ini updated successfully." + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." else - echo "Failed to update .user.ini file." + echo "Failed to update $filename file." rm "$tmp_file" # Deletes temporary file fi -else - echo ".user.ini does not exist, no changes made." fi +filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php" +filename=$(basename $filepath) + +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" + + # Check if replacement was successful and update file + if [ $? -eq 0 ]; then + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." + else + echo "Failed to update $filename file." + rm "$tmp_file" # Deletes temporary file + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index c8b54779..ccd66b7c 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -19,6 +19,8 @@ fi FROMFOLDER=$1 TOFOLDER=$2 +echo "Executing: v-move-folder-and-make-symlink $1 $2" + # Includes source $VESTA/func/main.sh @@ -26,6 +28,16 @@ source $VESTA/func/main.sh # Verifications # #----------------------------------------------------------# +if [ -z "$FROMFOLDER" ]; then + echo "First parameter is empty, aborting" + exit 1 +fi + +if [ -z "$TOFOLDER" ]; then + echo "Second parameter is empty, aborting" + exit 1 +fi + # Trimming the ending slash, just in case FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::') TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::') From 451b025f1f52641196d71feeec2f835ed6aebadb Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Fri, 23 May 2025 14:04:03 +0200 Subject: [PATCH 205/316] Create v-delete-mails --- bin/v-delete-mails | 127 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 bin/v-delete-mails diff --git a/bin/v-delete-mails b/bin/v-delete-mails new file mode 100644 index 00000000..24ac68e5 --- /dev/null +++ b/bin/v-delete-mails @@ -0,0 +1,127 @@ +#!/bin/bash +# info: delete old emails (by mtime) for user/domain/account, with optional scope +# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE +# SCOPE: all – clean every Maildir folder (cur, new, tmp, custom subfolders) +# trash – clean only Trash/Junk/Spam folders + +# load Vesta functions & config +source "$VESTA/func/main.sh" +source "$VESTA/conf/vesta.conf" + +# read arguments +user="$1" +domain="$2" +account="$3" +mtime="$4" +scope="$5" + +# verify argument count +check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE' + +# validate scope +if [[ "$scope" != "all" && "$scope" != "trash" ]]; then + echo "ERROR: SCOPE must be 'all' or 'trash'." + exit 1 +fi + +# validate logical combinations +if [[ "$user" == "all" ]]; then + if [[ "$domain" != "all" || "$account" != "all" ]]; then + echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'." + exit 1 + fi +elif [[ "$domain" == "all" && "$account" != "all" ]]; then + echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'." + exit 1 +fi + +# build a detailed summary for the warning +declare -a summary_parts +if [[ "$user" == "all" ]]; then + summary_parts+=("all users") +else + summary_parts+=("user '$user'") +fi + +if [[ "$domain" == "all" ]]; then + summary_parts+=("all domains") +else + summary_parts+=("domain '$domain'") +fi + +if [[ "$account" == "all" ]]; then + summary_parts+=("all accounts") +else + summary_parts+=("account '$account'") +fi + +# join with commas +summary=$(printf ", %s" "${summary_parts[@]}") +summary=${summary:2} + +# only warn if any of them is 'all' or if mtime is 'all' +if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then + echo "WARNING: This will delete emails older than '$mtime' days for ${summary}." + read -p "Are you sure? (yes/no): " confirm + [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; } +fi + +# function to delete emails +delete_emails() { + local u="$1" d="$2" a="$3" + local maildir="/home/$u/mail/$d/$a" + + [[ ! -d "$maildir" ]] && return + + echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime" + + # build find predicates + if [[ "$scope" == "all" ]]; then + folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" ) + else + folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" ) + fi + + # assemble and run find + if [[ "$mtime" == "all" ]]; then + find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null + else + find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null + fi +} + +# collect users +if [[ "$user" == "all" ]]; then + users=$(v-list-users plain | awk '{print $1}') +else + users="$user" +fi + +# iterate through users, domains, accounts +for u in $users; do + if [[ "$domain" == "all" ]]; then + domains=$(v-list-mail-domains "$u" plain | awk '{print $1}') + else + domains="$domain" + fi + + for d in $domains; do + if [[ "$account" == "all" ]]; then + accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}') + else + accounts="$account" + fi + + for a in $accounts; do + delete_emails "$u" "$d" "$a" + done + done +done + +# restart dovecot to refresh mailbox state +systemctl restart dovecot + +# log the action (status first, then message) +log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account" + +exit 0 From cb6e8e4926d264fed06b96b8c34d4dd3a5c48f15 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 24 May 2025 13:31:57 +0200 Subject: [PATCH 206/316] nginx block-firewall.conf when user block 80,443 in Firewall --- bin/v-add-firewall-rule | 10 ++++++++++ bin/v-change-firewall-rule | 10 ++++++++++ bin/v-delete-firewall-rule | 9 +++++++++ 3 files changed, 29 insertions(+) diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule index 6fb867d3..b815778b 100755 --- a/bin/v-add-firewall-rule +++ b/bin/v-add-firewall-rule @@ -83,6 +83,16 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-firewall-rule b/bin/v-change-firewall-rule index d2502bce..aad2ec38 100755 --- a/bin/v-change-firewall-rule +++ b/bin/v-change-firewall-rule @@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'" str="$str TIME='$time' DATE='$date'" +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting old rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf @@ -74,6 +76,14 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + NEWIP=$ip + parse_object_kv_list_non_eval "$oldvalues" + sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 8f646644..61f7602d 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # From 4c495a1d691bf97042a51f34fc69506cde72e606 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Tue, 15 Oct 2024 17:47:13 +0200 Subject: [PATCH 207/316] Update index.php --- web/edit/server/index.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/web/edit/server/index.php b/web/edit/server/index.php index 49c577d8..eed4baab 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -339,7 +339,8 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); + $v_backup_port = escapeshellarg($_POST['v_backup_port']); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -347,12 +348,12 @@ if (!empty($_POST['save'])) { if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username']; if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password']; if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath']; + if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port']; $v_backup_new = 'yes'; $v_backup_adv = 'yes'; $v_backup_remote_adv = 'yes'; } } - // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { From ff7bc2baa5e3e2f7b12ebd3f1002e47144ba3f9e Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Tue, 15 Oct 2024 17:50:47 +0200 Subject: [PATCH 208/316] Update edit_server.html --- web/templates/admin/edit_server.html | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index b5da08de..888b081f 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -641,6 +641,17 @@

+ + + + + + + + "> +

+ + From fa8dd64c5a33fb55e219870a60e424538c31d3ab Mon Sep 17 00:00:00 2001 From: myvesta Date: Sun, 25 May 2025 13:51:13 +0200 Subject: [PATCH 209/316] Adding ProFTPD jail rule to Fail2Ban --- install/vst-install-debian.sh | 14 ++++++++++++++ src/deb/vesta/postinst | 29 ++++++++++++++++++++++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 3a60c85c..ad10b341 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1690,6 +1690,20 @@ if [ "$fail2ban" = 'yes' ]; then chmod 640 /var/log/auth.log chown root:adm /var/log/auth.log fi + if [ "$proftpd" = 'yes' ]; then + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fi + #update-rc.d fail2ban defaults currentservice='fail2ban' ensure_startup $currentservice diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 9f8ee3e8..dc5c64c2 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,29 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Adding ProFTPD to Fail2Ban +if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then + if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then + echo "== Adding ProFTPD to Fail2Ban" + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') + if [ $fail2ban_running -eq 1 ]; then + echo "== Restarting Fail2Ban" + systemctl restart fail2ban + fi + fi +fi + # Removing SpamHaus DNSBL if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf @@ -163,7 +186,11 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then echo "== Enabling TLS for ProFTPD FTPS" wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf - systemctl restart proftpd + proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running') + if [ $proftpd_running -eq 1 ]; then + echo "== Restarting ProFTPD" + systemctl restart proftpd + fi fi fi fi From de5365280f6778cfa92ab653aa0c8319b9663ed1 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 28 May 2025 17:11:55 +0200 Subject: [PATCH 210/316] Adding myVesta rules to SpamAssassin --- install/vst-install-debian.sh | 9 ++++++++ src/deb/vesta/postinst | 43 +++++++++++++++++++++++++++++++++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ad10b341..ff19d1d5 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1581,6 +1581,15 @@ if [ "$spamd" = 'yes' ]; then echo "=== Patching spamassassin dns_server" sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf + echo "== Adding myVesta rules to SpamAssassin" + cat < /etc/spamassassin/myvesta.cf +score RCVD_IN_RP_SAFE 0 +score RCVD_IN_RP_CERTIFIED 0 +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf ensure_startup $currentservice systemctl restart $currentservice diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index dc5c64c2..523678e3 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,41 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Adding myVesta rules to SpamAssassin +if [ -d "/etc/spamassassin" ]; then + spamassassin_modified=0 + if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then + touch /etc/spamassassin/myvesta.cf + fi + if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then + echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin" + echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf + echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf + spamassassin_modified=1 + fi + if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then + echo "== Adding SPF_FAIL myVesta rules to SpamAssassin" + cat <> /etc/spamassassin/myvesta.cf +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + spamassassin_modified=1 + fi + + if [ $spamassassin_modified -eq 1 ]; then + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') + if [ $spamassassin_running -eq 1 ]; then + echo "== Restarting SpamAssassin" + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi + fi + fi +fi + # Adding ProFTPD to Fail2Ban if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then @@ -122,14 +157,18 @@ fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin') - spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin' | grep -c 'running') + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') if [ $spamassassin_installed -eq 1 ]; then echo "== Adding Barracuda RBL to SpamAssassin" wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf fi if [ $spamassassin_running -eq 1 ]; then echo "== Restarting SpamAssassin" - systemctl restart spamassassin + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi fi touch /usr/local/vesta/data/upgrades/barracuda_rbl fi From 92029a97335afed541fce852d64d1eb577e8c13f Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 30 May 2025 22:08:44 +0200 Subject: [PATCH 211/316] v-import-cpanel-backup: /*!999999\- enable the sandbox mode */ fix --- bin/v-import-cpanel-backup | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index a70213dd..43e8c3bf 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,11 +157,15 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + fi mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + fi mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" From 5ca293c9b2c61b27e4123e903291064db861bb21 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 31 May 2025 22:01:57 +0200 Subject: [PATCH 212/316] Session DISABLE_IP_CHECK --- bin/v-list-sys-config | 3 ++- web/inc/main.php | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index 127f2176..a0fdbbbc 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -54,7 +54,8 @@ json_list() { "SOFTACULOUS": "'$SOFTACULOUS'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'", "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", - "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'", + "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'" } }' } diff --git a/web/inc/main.php b/web/inc/main.php index 26df863e..f13e4142 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -38,8 +38,13 @@ if(!isset($_SESSION['user_combined_ip'])){ $_SESSION['user_combined_ip'] = $user_combined_ip; } +$SKIP_IP_CHECK = false; +if (isset($_SESSION['DISABLE_IP_CHECK']) && $_SESSION['DISABLE_IP_CHECK'] == 'yes') { + $SKIP_IP_CHECK = true; +} + // Checking user to use session from the same IP he has been logged in -if($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){ +if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $SKIP_IP_CHECK==false) { session_destroy(); session_start(); $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; From 435a3627653dd1a942824a418a91e91da0978dd8 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 1 Jun 2025 14:44:18 +0200 Subject: [PATCH 213/316] Converting CRLF to LF in a few files --- .../10/templates/web/nginx/private-hosting.sh | 22 +- .../11/templates/web/nginx/private-hosting.sh | 22 +- .../12/templates/web/nginx/private-hosting.sh | 22 +- src/deb/ioncube/copyright | 486 +++++++++--------- web/list/firewall/banlist/ip_info.php | 328 ++++++------ 5 files changed, 440 insertions(+), 440 deletions(-) diff --git a/install/debian/10/templates/web/nginx/private-hosting.sh b/install/debian/10/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/10/templates/web/nginx/private-hosting.sh +++ b/install/debian/10/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/templates/web/nginx/private-hosting.sh b/install/debian/11/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/11/templates/web/nginx/private-hosting.sh +++ b/install/debian/11/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/private-hosting.sh b/install/debian/12/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/12/templates/web/nginx/private-hosting.sh +++ b/install/debian/12/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/src/deb/ioncube/copyright b/src/deb/ioncube/copyright index bd92bd81..c62257d2 100644 --- a/src/deb/ioncube/copyright +++ b/src/deb/ioncube/copyright @@ -1,243 +1,243 @@ -LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE -OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) - -YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE -LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP -LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU -DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY -AND/OR USE THE LOADER SOFTWARE. - -DEFINITIONS - -The following definitions shall apply in this document: - -LOADER shall mean the ionCube PHP Loader software package or collection -of Loaders, including any modifications or upgrades to the software, used for -executing PHP scripts previously encoded with the ionCube PHP Encoder -software to render them non-humanly readable, and any associated -documentation or electronic or online materials relating to the software. - -ENCODER shall mean any ionCube PHP Encoder software or service used for the -purpose of producing non-humanly readable encoded files from PHP scripts. - -ENCODED FILE shall mean a non-humanly readable file produced by the -Encoder and being derived from humanly readable PHP script source. - -PROVIDER shall mean ionCube Ltd. - -USER/YOU shall mean any entity who has downloaded or obtained through any -other means a version of the Loader software. - - -1 LICENSE ENTITLEMENT - -1.1 The Loader is provided without charge. Title to the Loader does not pass -to the user in any circumstances. The Loader is supplied as object code. - -1.2 The provider grants a personal, non-transferable, non-exclusive licence to -use the Loader in accordance with the terms and conditions of this Licence -Agreement. - -1.3 The installation or downloading and use of the Loader entitles the user -to install and use the Loader for its own internal lawful purposes. - - -2 DISTRIBUTION - -2.1 The Loader may be freely distributed to third parties alone or as -part of a distribution containing other items provided that this license -is also included. - -2.2 The Loader may under no circumstances be branded as another product, -whether distributed or not. - -2.3 Distribution as part of a commercial product is permitted provided such -distribution is in accordance with clauses 2.1 and 2.2 with respect to the -Loader. - - -3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION - -Except insofar as the user is permitted to do so in accordance with applicable -law: - -3.1 Any analysis of the Loader and embedded data by any means and by -any entity whether human or otherwise and including but without limitation to -discover details of internal operation, to reverse engineer, to de-compile -object code, or to modify for the purposes of modifying behaviour is -forbidden. - -3.2 Any analysis of encoded files by any means and by any entity whether human -or otherwise and including but without limitation to discover details of file -format or for the purposes of modifying behaviour or scope of their usage is -forbidden. - - -4 WARRANTY - -THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED -WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE -DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED -OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN -CONJUNCTION WITH ANY OTHER PRODUCT. - - -5 LIMITATION OF LIABILITY - -5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY -PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER -CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE -AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS -EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL -WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING -FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR -OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY -LAW. - -5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT -ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS -A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS -OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE -PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH -DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS -TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. - -5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS -LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE -PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. - -5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY -E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY -THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING -TRANSMISSION. - - -6 BUG FIXING AND PRODUCT SUPPORT - -6.1 The provider will use reasonable endeavours to provide support to users. -The provider will at their discretion only provide support for the latest -release. - -6.2 Support comprises of fault reporting via tickets and fault diagnosis, -recommendations on workarounds, and where reasonably possible a timely -resolution. - -6.3 The user accepts that on occasion the ability of the provider to meet -anticipated or published support schedules may be impaired due to, but without -limitation, Internet service provider failures or software failures that -affect the ability to communicate for an indeterminate period. - -6.4 The provider reserves the right to refuse to provide support at any time. - -6.5 The provider wishes to maintain and offer a product of the highest -possible quality, and accordingly may from time to time and at its discretion -make product changes for the purpose of correcting behaviour in variance to -the published specification or the user's reasonable expectations. - -6.6 The provider reserves the right to charge for support where the user does -not have a valid support plan in place, or where the support offered exceeds -the scope of the active support plan. - - -7 PRODUCT UPGRADES - -7.1 The provider may from time to time release product upgrades. These will -be provided free of charge and attempts made to provide a timely notification -to customers of the existence of any new release. - - -8 ERRORS AND OMISSIONS - -Whilst reasonable endeavours are made to ensure the accuracy of documentation -concerning the details of the Loader, the user accepts the possibility of -inaccuracies in information presented in any format, including email -communications and online services. The provider shall under no circumstances -be liable for any events that arise as a result of unintentional inaccuracies -or omissions. - - -9 USER INDEMNITY - -You agree to fully indemnify, defend and hold the provider harmless -immediately upon demand from and against all actions, liability, claims, -losses, damages, costs and expenses (including legal/attorney fees) incurred -by the provider arising directly or indirectly as a result of your breach of -this Licence Agreement. - - -10 INTELLECTUAL PROPERTY RIGHTS - -10.1 The user acknowledges that the Loader and associated documentation and -materials contain proprietary information of the provider and are and shall -remain the exclusive property of the provider and/or its licensors and all -title, copyright, trade marks, trade names, patents and other intellectual -property rights therein of whatever nature shall remain the sole property of -the provider and/or its licensors. - -10.2 No title to or rights of ownership, copyright or other intellectual -property in the Loader is transferred to the user (other than the licence -rights expressly granted in this Licence Agreement). - - -11 TERMINATION - -11.1 The provider reserves the right to terminate this Licence Agreement -immediately by notice in writing against the user if the user is in breach of -any terms and conditions of this Licence Agreement. - -11.2 Termination of this Licence Agreement for any reason shall be without -prejudice to any other rights or remedies of the provider which may have -arisen on or before the date of termination under this Licence Agreement or in -law. - -11.3 The provisions of the following clauses shall survive any termination of -this agreement; clause 3, 5, 10 and 13. - - -12 GENERAL - -12.1 The provider reserves the right to transfer or assign all or any of its -rights and duties and responsibilities set out in this Licence Agreement to -another party. - -12.2 Headings have been included for convenience only and will not be used in -construing any provision of this Licence Agreement. - -12.3 No delay or failure by the provider to exercise any powers, rights or -remedies under this Licence Agreement will operate as a waiver of them nor -will any single or partial exercise of any such powers, rights or remedies -include any other or further exercise of them. - -12.4 If any part of this Licence Agreement is found by a court of competent -jurisdiction or other competent authority to be invalid, unlawful or -unenforceable then such part shall be severed from the remainder of this -Licence Agreement which will continue to be valid and enforceable to the -fullest extent permitted by applicable law. - -12.5 This Licence Agreement including the documents or other sources referred -to herein supersede all prior representations, understandings and agreements -between the user and the provider relating to the Loader and sets forth the -entire agreement and understanding between the user and the provider relating -to the Loader. - -12.6 Nothing in this Licence Agreement shall be deemed to constitute a -partnership between you and the provider nor constitute either party being an -agent of the other party. - -12.7 This Agreement does not create any rights or benefits enforceable by any -person not a party to it (within the meaning of the U.K.Contracts (Rights of -Third Parties) Act 1999) except that a person who under clause 12.1 is a -permitted successor or assignee of the rights or benefits of the provider may -enforce such rights or benefits. - - -13 GOVERNING LAW AND JURISDICTION - -This License Agreement and any issues relating thereto shall be construed and -interpreted in accordance with the laws of England and subject to the -exclusive jurisdiction of the English courts. - -Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 +LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE +OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) + +YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE +LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP +LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU +DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY +AND/OR USE THE LOADER SOFTWARE. + +DEFINITIONS + +The following definitions shall apply in this document: + +LOADER shall mean the ionCube PHP Loader software package or collection +of Loaders, including any modifications or upgrades to the software, used for +executing PHP scripts previously encoded with the ionCube PHP Encoder +software to render them non-humanly readable, and any associated +documentation or electronic or online materials relating to the software. + +ENCODER shall mean any ionCube PHP Encoder software or service used for the +purpose of producing non-humanly readable encoded files from PHP scripts. + +ENCODED FILE shall mean a non-humanly readable file produced by the +Encoder and being derived from humanly readable PHP script source. + +PROVIDER shall mean ionCube Ltd. + +USER/YOU shall mean any entity who has downloaded or obtained through any +other means a version of the Loader software. + + +1 LICENSE ENTITLEMENT + +1.1 The Loader is provided without charge. Title to the Loader does not pass +to the user in any circumstances. The Loader is supplied as object code. + +1.2 The provider grants a personal, non-transferable, non-exclusive licence to +use the Loader in accordance with the terms and conditions of this Licence +Agreement. + +1.3 The installation or downloading and use of the Loader entitles the user +to install and use the Loader for its own internal lawful purposes. + + +2 DISTRIBUTION + +2.1 The Loader may be freely distributed to third parties alone or as +part of a distribution containing other items provided that this license +is also included. + +2.2 The Loader may under no circumstances be branded as another product, +whether distributed or not. + +2.3 Distribution as part of a commercial product is permitted provided such +distribution is in accordance with clauses 2.1 and 2.2 with respect to the +Loader. + + +3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION + +Except insofar as the user is permitted to do so in accordance with applicable +law: + +3.1 Any analysis of the Loader and embedded data by any means and by +any entity whether human or otherwise and including but without limitation to +discover details of internal operation, to reverse engineer, to de-compile +object code, or to modify for the purposes of modifying behaviour is +forbidden. + +3.2 Any analysis of encoded files by any means and by any entity whether human +or otherwise and including but without limitation to discover details of file +format or for the purposes of modifying behaviour or scope of their usage is +forbidden. + + +4 WARRANTY + +THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED +WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE +DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED +OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN +CONJUNCTION WITH ANY OTHER PRODUCT. + + +5 LIMITATION OF LIABILITY + +5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY +PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER +CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE +AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS +EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL +WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING +FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR +OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY +LAW. + +5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT +ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS +A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS +OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE +PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH +DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS +TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. + +5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS +LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE +PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. + +5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY +E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY +THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING +TRANSMISSION. + + +6 BUG FIXING AND PRODUCT SUPPORT + +6.1 The provider will use reasonable endeavours to provide support to users. +The provider will at their discretion only provide support for the latest +release. + +6.2 Support comprises of fault reporting via tickets and fault diagnosis, +recommendations on workarounds, and where reasonably possible a timely +resolution. + +6.3 The user accepts that on occasion the ability of the provider to meet +anticipated or published support schedules may be impaired due to, but without +limitation, Internet service provider failures or software failures that +affect the ability to communicate for an indeterminate period. + +6.4 The provider reserves the right to refuse to provide support at any time. + +6.5 The provider wishes to maintain and offer a product of the highest +possible quality, and accordingly may from time to time and at its discretion +make product changes for the purpose of correcting behaviour in variance to +the published specification or the user's reasonable expectations. + +6.6 The provider reserves the right to charge for support where the user does +not have a valid support plan in place, or where the support offered exceeds +the scope of the active support plan. + + +7 PRODUCT UPGRADES + +7.1 The provider may from time to time release product upgrades. These will +be provided free of charge and attempts made to provide a timely notification +to customers of the existence of any new release. + + +8 ERRORS AND OMISSIONS + +Whilst reasonable endeavours are made to ensure the accuracy of documentation +concerning the details of the Loader, the user accepts the possibility of +inaccuracies in information presented in any format, including email +communications and online services. The provider shall under no circumstances +be liable for any events that arise as a result of unintentional inaccuracies +or omissions. + + +9 USER INDEMNITY + +You agree to fully indemnify, defend and hold the provider harmless +immediately upon demand from and against all actions, liability, claims, +losses, damages, costs and expenses (including legal/attorney fees) incurred +by the provider arising directly or indirectly as a result of your breach of +this Licence Agreement. + + +10 INTELLECTUAL PROPERTY RIGHTS + +10.1 The user acknowledges that the Loader and associated documentation and +materials contain proprietary information of the provider and are and shall +remain the exclusive property of the provider and/or its licensors and all +title, copyright, trade marks, trade names, patents and other intellectual +property rights therein of whatever nature shall remain the sole property of +the provider and/or its licensors. + +10.2 No title to or rights of ownership, copyright or other intellectual +property in the Loader is transferred to the user (other than the licence +rights expressly granted in this Licence Agreement). + + +11 TERMINATION + +11.1 The provider reserves the right to terminate this Licence Agreement +immediately by notice in writing against the user if the user is in breach of +any terms and conditions of this Licence Agreement. + +11.2 Termination of this Licence Agreement for any reason shall be without +prejudice to any other rights or remedies of the provider which may have +arisen on or before the date of termination under this Licence Agreement or in +law. + +11.3 The provisions of the following clauses shall survive any termination of +this agreement; clause 3, 5, 10 and 13. + + +12 GENERAL + +12.1 The provider reserves the right to transfer or assign all or any of its +rights and duties and responsibilities set out in this Licence Agreement to +another party. + +12.2 Headings have been included for convenience only and will not be used in +construing any provision of this Licence Agreement. + +12.3 No delay or failure by the provider to exercise any powers, rights or +remedies under this Licence Agreement will operate as a waiver of them nor +will any single or partial exercise of any such powers, rights or remedies +include any other or further exercise of them. + +12.4 If any part of this Licence Agreement is found by a court of competent +jurisdiction or other competent authority to be invalid, unlawful or +unenforceable then such part shall be severed from the remainder of this +Licence Agreement which will continue to be valid and enforceable to the +fullest extent permitted by applicable law. + +12.5 This Licence Agreement including the documents or other sources referred +to herein supersede all prior representations, understandings and agreements +between the user and the provider relating to the Loader and sets forth the +entire agreement and understanding between the user and the provider relating +to the Loader. + +12.6 Nothing in this Licence Agreement shall be deemed to constitute a +partnership between you and the provider nor constitute either party being an +agent of the other party. + +12.7 This Agreement does not create any rights or benefits enforceable by any +person not a party to it (within the meaning of the U.K.Contracts (Rights of +Third Parties) Act 1999) except that a person who under clause 12.1 is a +permitted successor or assignee of the rights or benefits of the provider may +enforce such rights or benefits. + + +13 GOVERNING LAW AND JURISDICTION + +This License Agreement and any issues relating thereto shall be construed and +interpreted in accordance with the laws of England and subject to the +exclusive jurisdiction of the English courts. + +Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php index cf7607bf..e7888a75 100644 --- a/web/list/firewall/banlist/ip_info.php +++ b/web/list/firewall/banlist/ip_info.php @@ -1,164 +1,164 @@ - 'http://lists.blocklist.de/lists/all.txt', - 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', - 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', - 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', - 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', - 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', - 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', - ]; - $today = date('Y-m-d'); - - foreach ($lists as $code => $url) { - $cache_tag = 'ip-blacklist-' . $code . '-cache'; - - // init cache - if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; - - // invalidate cache if clear_cache parameter is 1 - if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; - - // if cache is not updated, fetch new data and save to cache - if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { - $new_cache_data = fetchURL($url, $url_result); - if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); - $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; - } - - // check ip - $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { - if (str_contains($item, '/')) return cidrMatch($ip, $item); - if ($ip == $item) return true; - return false; - }); - - $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; - $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; - $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; - } - - return $check_results; -} - -// Check token -if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { - die("Wrong token"); -} - -$ip = $_REQUEST['ip']; - -// Validate IP format -if (filter_var($ip, FILTER_VALIDATE_IP) === false) { - die('GENERAL ERROR
BAD_IP_FORMAT'); -} - -// Query host -$host = gethostbyaddr($ip); - -// Query blocklists -$result_blocklists = ''; -$ip_check = checkIP($ip); -if ($ip_check) { - foreach ($ip_check as $list_code => $list_results) { - $result_blocklists .= '
'; - $result_blocklists .= $list_results['found'] ? '' : ''; - $result_blocklists .= ' '.$list_code.' '; - $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; - $result_blocklists .= '
'; - } -} - -// Query location -$url = 'https://api.db-ip.com/v2/free/'.$ip; -$result = fetchURL($url); -$result_array = json_decode($result, true); -if (!is_array($result_array)) { - die('GENERAL ERROR
BAD_JSON'); -} -if (!empty($result_array['errorCode'])) { - die('GENERAL ERROR
'.$result_array['errorCode']); -} - -// Output -echo " -
-
".__('Host')."
-
".$host."
-
".__('Banlist')."
-
".$result_blocklists."
-
".__('Continent')."
-
".$result_array['continentName']." [".$result_array['continentCode']."]
-
".__('Country')."
-
".$result_array['countryName']." [".$result_array['countryCode']."]
-
".__('State / Province')."
-
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
-
".__('City / Locality')."
-
".$result_array['city']."
-
-"; + 'http://lists.blocklist.de/lists/all.txt', + 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', + 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', + 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', + 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', + 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', + 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', + ]; + $today = date('Y-m-d'); + + foreach ($lists as $code => $url) { + $cache_tag = 'ip-blacklist-' . $code . '-cache'; + + // init cache + if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; + + // invalidate cache if clear_cache parameter is 1 + if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; + + // if cache is not updated, fetch new data and save to cache + if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { + $new_cache_data = fetchURL($url, $url_result); + if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); + $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; + } + + // check ip + $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { + if (str_contains($item, '/')) return cidrMatch($ip, $item); + if ($ip == $item) return true; + return false; + }); + + $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; + $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; + $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; + } + + return $check_results; +} + +// Check token +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token"); +} + +$ip = $_REQUEST['ip']; + +// Validate IP format +if (filter_var($ip, FILTER_VALIDATE_IP) === false) { + die('GENERAL ERROR
BAD_IP_FORMAT'); +} + +// Query host +$host = gethostbyaddr($ip); + +// Query blocklists +$result_blocklists = ''; +$ip_check = checkIP($ip); +if ($ip_check) { + foreach ($ip_check as $list_code => $list_results) { + $result_blocklists .= '
'; + $result_blocklists .= $list_results['found'] ? '' : ''; + $result_blocklists .= ' '.$list_code.' '; + $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; + $result_blocklists .= '
'; + } +} + +// Query location +$url = 'https://api.db-ip.com/v2/free/'.$ip; +$result = fetchURL($url); +$result_array = json_decode($result, true); +if (!is_array($result_array)) { + die('GENERAL ERROR
BAD_JSON'); +} +if (!empty($result_array['errorCode'])) { + die('GENERAL ERROR
'.$result_array['errorCode']); +} + +// Output +echo " +
+
".__('Host')."
+
".$host."
+
".__('Banlist')."
+
".$result_blocklists."
+
".__('Continent')."
+
".$result_array['continentName']." [".$result_array['continentCode']."]
+
".__('Country')."
+
".$result_array['countryName']." [".$result_array['countryCode']."]
+
".__('State / Province')."
+
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
+
".__('City / Locality')."
+
".$result_array['city']."
+
+"; From 72252c561e8447b55d107a9d7be73baeb410363d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 1 Jun 2025 20:25:23 +0200 Subject: [PATCH 214/316] Small bug fix in main.php --- func/main.php | 1 + 1 file changed, 1 insertion(+) diff --git a/func/main.php b/func/main.php index 22834d42..4628c92a 100644 --- a/func/main.php +++ b/func/main.php @@ -53,6 +53,7 @@ function myvesta_check_args ($requried_arguments, $arguments) { $argument_counter=count($argv); $argument_counter--; $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]); + $command=$argv[0]; // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n"); if ($argument_counter<$requried_arguments) { $arguments=str_replace(" ", "' '", $arguments); From a3895aea0dd63526630cc44adbe5ed6234e3ba8d Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 2 Jun 2025 14:58:54 +0200 Subject: [PATCH 215/316] v-clear-fail2ban --- bin/v-clean-garbage | 7 ++++++ bin/v-clear-fail2ban | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 bin/v-clear-fail2ban diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 36b50830..11e29122 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -90,6 +90,13 @@ if [ $fail2ban_running -eq 1 ]; then fi if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + systemctl restart nginx + fi + fi fi if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban diff --git a/bin/v-clear-fail2ban b/bin/v-clear-fail2ban new file mode 100644 index 00000000..ab3ab30c --- /dev/null +++ b/bin/v-clear-fail2ban @@ -0,0 +1,59 @@ +#!/bin/bash +# info: Clean fail2ban database +# options: NONE +# +# The function is cleaning fail2ban database + +#----------------------------------------------------------# +# Verifications & Variable & Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# check if fail2ban is installed +fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban') +if [ $fail2ban_installed -eq 0 ]; then + echo "Fail2ban is not installed" + exit 1 +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Cleaning fail2ban database +fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') +if [ $fail2ban_running -eq 1 ]; then + echo "== Stopping fail2ban" + systemctl stop fail2ban +fi +if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then + echo "== Cleaning fail2ban database" + rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "== Cleaning nginx block.conf" + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting nginx" + systemctl restart nginx + fi + fi +fi +if [ $fail2ban_running -eq 1 ]; then + echo "== Starting fail2ban" + systemctl start fail2ban +fi + +echo "== Done, fail2ban database cleaned" + +log_event "$OK" "$ARGUMENTS" + +exit From 213ccd47df509c0bddc3554d8aa149adbbe076a2 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 3 Jun 2025 21:22:38 +0200 Subject: [PATCH 216/316] v-install-wordpress: Almost always use https --- bin/v-install-wordpress | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 5758e358..202919d0 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -95,19 +95,22 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1) # Action # #----------------------------------------------------------# -PROTOCOL='http' -if [ -z "$SKIP_LE" ]; then - if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then - /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" - fi -else - PROTOCOL='https' +PROTOCOL='https' + +if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then + echo "== Trying to install LetsEncrypt for domain $domain" + /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" +fi + +if [ ! -z "$FORCE_HTTP" ]; then + # Switch to http:// only if --FORCE_HTTP parameter is set + echo "== Force http://" + PROTOCOL='http' fi TPL_CHANGED=0; -if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then - PROTOCOL='https' +if [ "$PROTOCOL" = "https" ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" @@ -116,7 +119,8 @@ if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" fi -else +fi +if [ "$PROTOCOL" = "http" ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" @@ -147,11 +151,11 @@ sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user=" mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" echo "=================================================================" -echo "Installation is complete. Your username/password is listed below." +echo "Your WordPress installation is complete." echo "" -echo "Site: $PROTOCOL://$domain/" +echo "Website URL: $PROTOCOL://$domain/" echo "" -echo "Login: $PROTOCOL://$domain/wp-admin/" +echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/" echo "Username: $wpadmin" echo "Password: $password" echo "" From 4932dd3bb4908e8e3439497b456719fc7260a7e3 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 14:53:49 +0200 Subject: [PATCH 217/316] Fix dkim record deletion command in v-delete-mail-domain-dkim script --- bin/v-delete-mail-domain-dkim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-delete-mail-domain-dkim b/bin/v-delete-mail-domain-dkim index f11e48d4..7cfbab58 100755 --- a/bin/v-delete-mail-domain-dkim +++ b/bin/v-delete-mail-domain-dkim @@ -48,7 +48,7 @@ fi # Deleting dns record if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') + dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}') for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done From 8d9a3e1ca0f6c570f87daefce71b4d0a12b4b763 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 16:23:42 +0200 Subject: [PATCH 218/316] v-change-user-package switched to parse_object_kv_list_non_eval --- bin/v-change-user-package | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-change-user-package b/bin/v-change-user-package index d0de98db..012d2f1f 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -23,7 +23,7 @@ is_package_avalable() { usr_data=$(cat $USER_DATA/user.conf) IFS=$'\n' for key in $usr_data; do - eval ${key%%=*}=${key#*=} + parse_object_kv_list_non_eval $key done WEB_DOMAINS='0' @@ -76,8 +76,8 @@ is_package_avalable() { } change_user_package() { - eval $(cat $USER_DATA/user.conf) - eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") + parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf) + parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") echo "FNAME='$FNAME' LNAME='$LNAME' PACKAGE='$package' From 89b7538fadfcc7d32f970c3cae5b650ee82bd7c4 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 17:08:08 +0200 Subject: [PATCH 219/316] Enhance package validation --- bin/v-add-user-package | 5 ++++- bin/v-change-user-package | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 0cab1a3d..e9fe210a 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -28,7 +28,7 @@ is_package_new() { } is_package_consistent() { - source $pkg_dir/$package.pkg + parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg) if [ "$WEB_DOMAINS" != 'unlimited' ]; then is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi @@ -63,6 +63,9 @@ is_package_consistent() { is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } diff --git a/bin/v-change-user-package b/bin/v-change-user-package index 012d2f1f..1e088bcc 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -16,6 +16,7 @@ force=$3 # Includes source $VESTA/func/main.sh +source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf is_package_avalable() { @@ -35,7 +36,7 @@ is_package_avalable() { pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\ grep -v DATE) - eval $pkg_data + parse_object_kv_list_non_eval $pkg_data # Checking usage agains package limits if [ "$WEB_DOMAINS" != 'unlimited' ]; then @@ -73,6 +74,10 @@ is_package_avalable() { check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" fi fi + + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } change_user_package() { From 0fd5be1d28557267490d911d64b3e26bb5baa060 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 20:36:05 +0200 Subject: [PATCH 220/316] Activating FileManager licence for all users --- install/vst-install-debian.sh | 3 ++- src/deb/vesta/postinst | 5 +++++ web/templates/file_manager/main.php | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ff19d1d5..ef4bc374 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2089,10 +2089,11 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf +echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf echo "================================================================" # Removing old PHP sessions files -crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 523678e3..107bd6f6 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,11 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then + echo "== Adding FileManager license to vesta.conf" + echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf +fi + # Adding myVesta rules to SpamAssassin if [ -d "/etc/spamassassin" ]; then spamassassin_modified=0 diff --git a/web/templates/file_manager/main.php b/web/templates/file_manager/main.php index 2e82f811..dd9095f7 100644 --- a/web/templates/file_manager/main.php +++ b/web/templates/file_manager/main.php @@ -19,6 +19,7 @@ +
©
From 85f39364a435c2834220b61ab9c06dd01c7ddc62 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 20:47:57 +0200 Subject: [PATCH 221/316] v-commander: stop setting a root password --- bin/v-commander | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 834fb38b..f04b3a17 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -101,7 +101,7 @@ myhelp() { echo "m def = install php-memcached if needed" echo "check fc = check if FreshClam is up" echo "-----------------------------" - echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" + echo "enable-ssh-root-password-login = Allow root password authentication via SSH" echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "-----------------------------" } @@ -535,18 +535,11 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" - root_password=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32) - hashed_root_password=$(openssl passwd -6 "$root_password") - sed -i "s#^root:.*#root:$hashed_root_password#" /etc/shadow - echo "Root password is now a new random password." - echo "New root password: $root_password" - echo "--------------------" - grep '^root:' /etc/shadow - grep '^admin:' /etc/shadow - echo "--------------------" echo "Port 22 opened in Firewall for all IP addresses." /usr/local/vesta/bin/v-unsuspend-firewall-rule "11" echo "--------------------" + echo "Type 'passwd' in the terminal to set the root password." + echo "--------------------" fi if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then From 6d752d93f589a0d357a130f4eab2b3de7956fa26 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 07:53:20 +0200 Subject: [PATCH 222/316] Adding v-cd-www alias to root bash profile --- install/vst-install-debian.sh | 6 +++++- src/deb/vesta/postinst | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ef4bc374..18a25f10 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2089,13 +2089,17 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf +echo "== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf echo "================================================================" # Removing old PHP sessions files cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) -echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +if [ -f "/root/.bash_profile" ]; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +fi #----------------------------------------------------------# # myVesta Access Info # diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 107bd6f6..68252789 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -30,6 +30,13 @@ if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf fi +if [ -f "/root/.bash_profile" ]; then + if ! grep -q "v-cd-www" /root/.bash_profile; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile + fi +fi + # Adding myVesta rules to SpamAssassin if [ -d "/etc/spamassassin" ]; then spamassassin_modified=0 From 413787070aec1eff85ad198c2a5aa0dad9dbaddb Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 08:08:27 +0200 Subject: [PATCH 223/316] Skip prompt to continue in vst-install-debian.sh if all required variables are set --- install/vst-install-debian.sh | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 18a25f10..f6de9e70 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -491,10 +491,16 @@ echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue [y/n]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 + prompt_to_continue=1; + if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then + prompt_to_continue=0; + fi + if [ $prompt_to_continue -eq 1 ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi fi # Asking for contact email @@ -2081,7 +2087,6 @@ if [ "$port" != "8083" ]; then $VESTA/bin/v-change-vesta-port $port fi -echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" @@ -2089,15 +2094,15 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf -echo "== Adding FileManager license to vesta.conf" +echo "=== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf -echo "================================================================" # Removing old PHP sessions files -cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) +touch /var/spool/cron/crontabs/root +echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root if [ -f "/root/.bash_profile" ]; then - echo "== Adding v-cd-www alias to root bash profile" + echo "=== Adding v-cd-www alias to root bash profile" echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile fi From c5d0619a6b2f8ff2fadfc92be5a6d7ed8dbb35b1 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 14:46:58 +0200 Subject: [PATCH 224/316] Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl --- bin/v-install-unsigned-ssl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 8df023c9..9ac2f188 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,7 +52,9 @@ fi # Action # #----------------------------------------------------------# -/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then + /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +fi release=$(cat /etc/debian_version | tr "." "\n" | head -n1) From 2fe4ce2ae4535ffb0bbd673294bed67b04b4c05c Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 16 Jun 2025 15:49:34 +0200 Subject: [PATCH 225/316] v-change-db-password-to-wordpress --- bin/v-change-db-password-to-all-wordpress | 43 ++++++++++ bin/v-change-db-password-to-wordpress | 100 ++++++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 bin/v-change-db-password-to-all-wordpress create mode 100644 bin/v-change-db-password-to-wordpress diff --git a/bin/v-change-db-password-to-all-wordpress b/bin/v-change-db-password-to-all-wordpress new file mode 100644 index 00000000..b31edb80 --- /dev/null +++ b/bin/v-change-db-password-to-all-wordpress @@ -0,0 +1,43 @@ +#!/bin/bash +# info: change db password to all wordpress databases +# options: +# +# The command is used for changing db password to all wordpress databases on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + /usr/local/vesta/bin/v-change-db-password-to-wordpress $domain + echo "--------------------------------" + fi + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-db-password-to-wordpress b/bin/v-change-db-password-to-wordpress new file mode 100644 index 00000000..d7ce1782 --- /dev/null +++ b/bin/v-change-db-password-to-wordpress @@ -0,0 +1,100 @@ +#!/bin/bash +# info: change db password to wordpress database +# options: +# +# The command is used for changing db password to wordpress database. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +if [ -z "$user" ]; then + echo "ERROR: Domain $domain not found" + exit 1; +fi + +if [ ! -d "/home/$user" ]; then + echo "ERROR: User $user doesn't exist"; + exit 1; +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "ERROR: Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo "=== Domain: $domain" + wp_config_path="/home/$user/web/$domain/public_html/wp-config.php" + if grep -q $'\r' $wp_config_path; then + echo "=== removing CRLF from wp-config.php" + tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path + chown $user:$user $wp_config_path + fi + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") + new_password=$(generate_password) + echo "DB name: $db_name" + echo "New DB password: $new_password" + # echo "executing: /usr/local/vesta/bin/v-change-database-password \"$user\" \"$db_name\" \"$new_password\"" + /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" + if [ $? -ne 0 ]; then + echo "*************** ERROR: Failed to change database password ***************" + exit 1; + fi + line="define('DB_PASSWORD', '$new_password');" + chattr -i $wp_config_path + sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path + new_password_line=$(grep "DB_PASSWORD" $wp_config_path) + echo "New DB password line: $new_password_line" + if [ "$new_password_line" != "$line" ]; then + echo "*************** ERROR: line in wp-config.php is not what we expected ***************" + echo "Expected: $line" + echo "Actual : $new_password_line" + echo "*************** ERROR: Please check wp-config.php manually ***************" + exit 1; + fi +else + echo "ERROR: WP-config.php not found" + exit 1; +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit From 819450ca5c1de0646037f8734a103a1870ea39ea Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 16 Jun 2025 17:23:28 +0200 Subject: [PATCH 226/316] Create v-fix-wp-core --- bin/v-fix-wp-core | 90 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 bin/v-fix-wp-core diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core new file mode 100644 index 00000000..5bef3232 --- /dev/null +++ b/bin/v-fix-wp-core @@ -0,0 +1,90 @@ +#!/bin/bash +# info: fix compromised wp-admin and wp-includes +# options: DOMAIN [CACHE_DIR] +# +# Replaces wp-admin and wp-includes with clean copies that match +# the WordPress core version detected on the site. +# +# Example: +# v-fix-wp-core example.com +# v-fix-wp-core example.com /srv/wp-cache + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Arguments +DOMAIN="$1" +CACHE_DIR="${2-/srv/wp-cache}" # default cache location + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# +check_args '1' "$#" 'DOMAIN [CACHE_DIR]' +is_format_valid 'domain' + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace +trap 'rm -rf "$TMP_DIR"' EXIT + +# 1etermine WP version +WP_VERSION="$(v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +check_result $? "cannot detect WP version" > /dev/null +if [ -z "$WP_VERSION" ]; then + check_result 1 "empty WP version string" +fi +echo "Detected WordPress version $WP_VERSION" + +# 2ind site owner and path +USER="$(v-search-domain-owner "$DOMAIN")" +check_result $? "cannot find domain owner" > /dev/null +SITE_PATH="/home/$USER/web/$DOMAIN/public_html" +if [ ! -d "$SITE_PATH" ]; then + check_result 1 "site path $SITE_PATH does not exist" +fi + +# ensure cached core is present +CACHE_PATH="$CACHE_DIR/$WP_VERSION" +if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then + echo "Cache for $WP_VERSION missing, downloading ZIP..." + + mkdir -p "$CACHE_PATH" + ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip" + ZIP_FILE="$TMP_DIR/wp.zip" + + curl -fSL "$ZIP_URL" -o "$ZIP_FILE" + check_result $? "download failed" > /dev/null + + unzip -q "$ZIP_FILE" -d "$TMP_DIR" + check_result $? "unzip failed" > /dev/null + + mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" + mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" +fi + +# backup current core folders +TIMESTAMP="$(date +%Y%m%d%H%M%S)" +BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" +mkdir -p "$BACKUP_DIR" +mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" +mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" +check_result $? "backup failed" > /dev/null +echo "Old core folders moved to $BACKUP_DIR" + +# deploy clean core +rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" +rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" +check_result $? "rsync failed" > /dev/null + +# fix permissions +v-fix-website-permissions $DOMAIN + +echo "Done, wp-admin and wp-includes replaced for $DOMAIN" +exit From 4f871db1fc52dd1e357ddb2d7e5566c2f916072c Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 16 Jun 2025 17:28:34 +0200 Subject: [PATCH 227/316] Update v-fix-wp-core --- bin/v-fix-wp-core | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 5bef3232..67d91f40 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -75,6 +75,7 @@ BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" +chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -85,6 +86,7 @@ check_result $? "rsync failed" > /dev/null # fix permissions v-fix-website-permissions $DOMAIN +chown -R www-data:www-data "$BACKUP_DIR" echo "Done, wp-admin and wp-includes replaced for $DOMAIN" exit From 59053e2ffd745754350609d4eb797cd8ea6121ca Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:07:17 +0200 Subject: [PATCH 228/316] Update v-fix-wp-core --- bin/v-fix-wp-core | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 67d91f40..e852da4d 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -67,6 +67,7 @@ if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" + cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/" fi # backup current core folders @@ -75,6 +76,12 @@ BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" + +for f in "$SITE_PATH"/*.php; do + [[ $(basename "$f") == "wp-config.php" ]] && continue + mv "$f" "$BACKUP_DIR/" +done + chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -84,6 +91,12 @@ rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" check_result $? "rsync failed" > /dev/null +for corephp in "$CACHE_PATH"/*.php; do + base=$(basename "$corephp") + [ "$base" = "wp-config.php" ] && continue + rsync -a "$corephp" "$SITE_PATH/$base" +done + # fix permissions v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" From e8cbaa742f454bdc0e1b2552100e9e43098d8fec Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:23:04 +0200 Subject: [PATCH 229/316] Create v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 115 ++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 bin/v-change-wp-admins-pass diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass new file mode 100644 index 00000000..0b55082d --- /dev/null +++ b/bin/v-change-wp-admins-pass @@ -0,0 +1,115 @@ +#!/bin/bash +# info: interactively change WordPress admin passwords for a given domain +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-change-wp-admin-pass DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +wp_path="/home/$user/web/$domain/public_html" +if [ ! -f "$wp_path/wp-config.php" ]; then + echo "WordPress is not installed on this domain." + exit 1 +fi + +# make sure WP-CLI exists +if ! command -v wp >/dev/null 2>&1; then + echo "WP-CLI is not installed, installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp +fi + +# detect PHP for this domain +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +if command -v "php$phpver" >/dev/null 2>&1; then + php_bin=$(command -v "php$phpver") +else + php_bin=$(command -v php) +fi +[ -z "$php_bin" ] && { echo "Could not find a PHP binary."; exit 1; } + +# WP-CLI wrapper (array keeps spaces intact) +wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) + +# simple random 10-char generator (letters and digits) +gen_pass() { + tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) + +if [ -z "$admin_list" ]; then + echo "No administrator accounts found." + exit 0 +fi + +printf "%-6s %-20s %s\n" "ID" "Username" "Email" +echo "$admin_list" | while IFS=',' read -r id login email; do + printf "%-6s %-20s %s\n" "$id" "$login" "$email" +done + +echo +echo "You will be asked for each admin whether you want to change the password." + +# interactive loop +while IFS=',' read -r id login email; do + [ -n "$email" ] && prompt_target="$login <$email>" || prompt_target="$login" + + while true; do + read -r -p "Change the password for $prompt_target? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) + new_pass=$(gen_pass) + if "${wp_run[@]}" user update "$id" --user_pass="$new_pass" --quiet; then + echo "Password for $prompt_target has been changed to: $new_pass" + else + echo "Failed to change password for $prompt_target." + fi + break + ;; + [Nn]* ) + echo "Skipping $prompt_target." + break + ;; + * ) + echo "Please answer y or n." + ;; + esac + done +done <<< "$admin_list" + +echo +echo "Done." +exit 0 From aa2f5e4fbb59a7f0c19ae3c50b7856cc3ff2ac4d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:40:10 +0200 Subject: [PATCH 230/316] Update v-fix-wp-core --- bin/v-fix-wp-core | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index e852da4d..8bf3277b 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -35,7 +35,7 @@ TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace trap 'rm -rf "$TMP_DIR"' EXIT # 1etermine WP version -WP_VERSION="$(v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" check_result $? "cannot detect WP version" > /dev/null if [ -z "$WP_VERSION" ]; then check_result 1 "empty WP version string" @@ -43,7 +43,7 @@ fi echo "Detected WordPress version $WP_VERSION" # 2ind site owner and path -USER="$(v-search-domain-owner "$DOMAIN")" +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" check_result $? "cannot find domain owner" > /dev/null SITE_PATH="/home/$USER/web/$DOMAIN/public_html" if [ ! -d "$SITE_PATH" ]; then @@ -98,7 +98,7 @@ for corephp in "$CACHE_PATH"/*.php; do done # fix permissions -v-fix-website-permissions $DOMAIN +/usr/local/vesta/bin/v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" echo "Done, wp-admin and wp-includes replaced for $DOMAIN" From a8e39817fcb8c9d30dc02cb85fa2f22634030987 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:40:47 +0200 Subject: [PATCH 231/316] Create v-desinfect-wp --- bin/v-desinfect-wp | 89 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 bin/v-desinfect-wp diff --git a/bin/v-desinfect-wp b/bin/v-desinfect-wp new file mode 100644 index 00000000..e1ddc65d --- /dev/null +++ b/bin/v-desinfect-wp @@ -0,0 +1,89 @@ +#!/bin/bash +# info: disinfect a WordPress site with several maintenance commands +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +# make sure all Vesta helper scripts are reachable +export PATH="/usr/local/vesta/bin:$PATH" +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-desinfect-wp DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +# choose the correct admin-password script (with or without the “s”) +if [ -x /usr/local/vesta/bin/v-change-wp-admin-pass ]; then + admin_pass_script="/usr/local/vesta/bin/v-change-wp-admin-pass" +elif [ -x /usr/local/vesta/bin/v-change-wp-admins-pass ]; then + admin_pass_script="/usr/local/vesta/bin/v-change-wp-admins-pass" +else + admin_pass_script="" +fi + +# absolute paths to maintenance scripts, in desired order +declare -a tasks=( + "/usr/local/vesta/bin/v-change-db-password-to-wordpress" + "/usr/local/vesta/bin/v-fix-wp-core" + "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +) + +# append the admin script if we found one +[ -n "$admin_pass_script" ] && tasks+=("$admin_pass_script") + +# -------------------------------------------------------- # +# execution strategy # +# -------------------------------------------------------- # + +echo +read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty + +if [[ "$run_all" =~ ^[Yy]$ ]]; then + echo "Running all maintenance steps for $domain" + automatic=true +else + echo + echo "Selective mode. You will be asked for each step." + automatic=false +fi + +for cmd in "${tasks[@]}"; do + if [ ! -x "$cmd" ]; then + echo "Command $cmd not found or not executable, skipping." + continue + fi + + if [ "$automatic" = false ]; then + while true; do + read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi + + echo + echo "=== $(basename "$cmd") $domain ===" + "$cmd" "$domain" +done + +echo +echo "Done." +exit 0 From 8a4b66a135bf956c6acc6ec62430a5b2ebe5b772 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:42:19 +0200 Subject: [PATCH 232/316] Update v-fix-wp-core --- bin/v-fix-wp-core | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 8bf3277b..4240b0ab 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -101,5 +101,5 @@ done /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" -echo "Done, wp-admin and wp-includes replaced for $DOMAIN" +echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" exit From 12dc1a57182fc3c63e7c79ccace891949eb02070 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:49:27 +0200 Subject: [PATCH 233/316] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 0b55082d..9351e4a1 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -31,7 +31,7 @@ if [ ! -f "$wp_path/wp-config.php" ]; then exit 1 fi -# make sure WP-CLI exists +# ensure WP-CLI exists if ! command -v wp >/dev/null 2>&1; then echo "WP-CLI is not installed, installing..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp @@ -50,7 +50,7 @@ fi # WP-CLI wrapper (array keeps spaces intact) wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) -# simple random 10-char generator (letters and digits) +# random 10-character password generator (letters and digits) gen_pass() { tr -dc 'A-Za-z0-9' Date: Tue, 17 Jun 2025 01:20:05 +0200 Subject: [PATCH 234/316] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 153 ++++++++++++------------------------ 1 file changed, 50 insertions(+), 103 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 9351e4a1..f7aa5245 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -1,128 +1,75 @@ #!/bin/bash -# info: interactively change WordPress admin passwords for a given domain +# info: disinfect a WordPress site with several maintenance commands # options: DOMAIN -# -------------------------------------------------------- # -# variables and checks # -# -------------------------------------------------------- # +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# +DOMAIN="$1" +VESTA="/usr/local/vesta" + +# absolute paths to maintenance scripts +CHANGE_DB_PASS="/usr/local/vesta/bin/v-change-db-password-to-wordpress" +FIX_CORE="/usr/local/vesta/bin/v-fix-wp-core" +WF_SCAN="/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +ADMIN_PASS="/usr/local/vesta/bin/v-change-wp-admins-pass" + +TASKS=( + "$CHANGE_DB_PASS" + "$FIX_CORE" + "$WF_SCAN" + "$ADMIN_PASS" +) + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# if [ "$(whoami)" != "root" ]; then echo "You must be root to run this command." exit 1 fi -source /etc/profile - -domain="$1" -if [ -z "$domain" ]; then - echo "Usage: v-change-wp-admin-pass DOMAIN" +if [ -z "$DOMAIN" ]; then + echo "Usage: v-desinfect-wp DOMAIN" exit 1 fi -user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") -if [ -z "$user" ]; then - echo "Domain $domain does not exist." +if ! "$VESTA/bin/v-search-domain-owner" "$DOMAIN" >/dev/null 2>&1; then + echo "Domain $DOMAIN does not exist." exit 1 fi -wp_path="/home/$user/web/$domain/public_html" -if [ ! -f "$wp_path/wp-config.php" ]; then - echo "WordPress is not installed on this domain." - exit 1 -fi - -# ensure WP-CLI exists -if ! command -v wp >/dev/null 2>&1; then - echo "WP-CLI is not installed, installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp -fi - -# detect PHP for this domain -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") -if command -v "php$phpver" >/dev/null 2>&1; then - php_bin=$(command -v "php$phpver") -else - php_bin=$(command -v php) -fi -[ -z "$php_bin" ] && { echo "Could not find a PHP binary."; exit 1; } - -# WP-CLI wrapper (array keeps spaces intact) -wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) - -# random 10-character password generator (letters and digits) -gen_pass() { - tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) +for CMD in "${TASKS[@]}"; do + if [ ! -x "$CMD" ]; then + echo "Command $CMD not found or not executable, skipping." + continue + fi -if [ -z "$admin_list" ]; then - echo "No administrator accounts found." - exit 0 -fi + if [ "$AUTOMATIC" = false ]; then + while true; do + read -r -p "Run $(basename "$CMD") for $DOMAIN? (y/n) " YN < /dev/tty + case "$YN" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$CMD")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi -printf "%-6s %-20s %s\n" "ID" "Username" "Email" -echo "$admin_list" | while IFS=',' read -r id login email; do - printf "%-6s %-20s %s\n" "$id" "$login" "$email" + echo + echo "=== $(basename "$CMD") $DOMAIN ===" + "$CMD" "$DOMAIN" done -echo -echo "You will be asked for each admin whether you want to change the password." - -# interactive loop -while IFS=',' read -r id login email; do - [ -n "$email" ] && prompt_target="$login <$email>" || prompt_target="$login" - - while true; do - read -r -p "Change the password for $prompt_target? (y/n) " yn < /dev/tty - case "$yn" in - [Yy]* ) - new_pass=$(gen_pass) - if "${wp_run[@]}" user update "$id" --user_pass="$new_pass" --quiet; then - echo "Password for $prompt_target has been changed to: $new_pass" - else - echo "Failed to change password for $prompt_target." - fi - break - ;; - [Nn]* ) - echo "Skipping $prompt_target." - break - ;; - * ) - echo "Please answer y or n." - ;; - esac - done -done <<< "$admin_list" - -# -------------------------------------------------------- # -# flush cache and refresh all security salts # -# -------------------------------------------------------- # - -echo -echo "Flushing cache and refreshing salts..." - -"${wp_run[@]}" cache flush -"${wp_run[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force -"${wp_run[@]}" config shuffle-salts - -echo "Cache flushed and salts refreshed." - echo echo "Done." exit 0 From 31413a8f7301ed055c0df73feeb4185f6890dfce Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 01:56:02 +0200 Subject: [PATCH 235/316] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 152 ++++++++++++++++++++++++------------ 1 file changed, 104 insertions(+), 48 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index f7aa5245..0249efb7 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -1,75 +1,131 @@ #!/bin/bash -# info: disinfect a WordPress site with several maintenance commands +# info: interactively delete or change WordPress admin passwords for a given domain # options: DOMAIN +# +# d → delete user (with content reassignment) +# c → change password (random 10-char alnum) +# s → skip #----------------------------------------------------------# # Variable & Function # #----------------------------------------------------------# +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + DOMAIN="$1" -VESTA="/usr/local/vesta" +[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; } -# absolute paths to maintenance scripts -CHANGE_DB_PASS="/usr/local/vesta/bin/v-change-db-password-to-wordpress" -FIX_CORE="/usr/local/vesta/bin/v-fix-wp-core" -WF_SCAN="/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" -ADMIN_PASS="/usr/local/vesta/bin/v-change-wp-admins-pass" +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } -TASKS=( - "$CHANGE_DB_PASS" - "$FIX_CORE" - "$WF_SCAN" - "$ADMIN_PASS" -) +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# -if [ "$(whoami)" != "root" ]; then - echo "You must be root to run this command." - exit 1 +# ensure WP-CLI binary +if ! command -v wp >/dev/null 2>&1; then + echo "WP-CLI is not installed, installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp fi -if [ -z "$DOMAIN" ]; then - echo "Usage: v-desinfect-wp DOMAIN" - exit 1 -fi +PHPVER=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$DOMAIN") +PHP_BIN=$(command -v "php$PHPVER" 2>/dev/null || command -v php) +[ -z "$PHP_BIN" ] && { echo "Could not find a PHP binary."; exit 1; } -if ! "$VESTA/bin/v-search-domain-owner" "$DOMAIN" >/dev/null 2>&1; then - echo "Domain $DOMAIN does not exist." - exit 1 -fi +# WP-CLI wrapper +WP_RUN=(sudo -u "$USER" "$PHP_BIN" /usr/local/bin/wp --skip-plugins --skip-themes) + +# random 10-char password +gen_pass() { tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) +[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } - if [ "$AUTOMATIC" = false ]; then - while true; do - read -r -p "Run $(basename "$CMD") for $DOMAIN? (y/n) " YN < /dev/tty - case "$YN" in - [Yy]* ) break ;; - [Nn]* ) echo "Skipping $(basename "$CMD")."; continue 2 ;; - * ) echo "Please answer y or n." ;; - esac - done - fi - - echo - echo "=== $(basename "$CMD") $DOMAIN ===" - "$CMD" "$DOMAIN" +printf "%-6s %-20s %s\n" "ID" "Username" "Email" +echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do + printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" done +echo +echo "For each admin choose: (d) delete, (c) change password, (s) skip." + +# interactive loop +echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do + [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" + while true; do + read -r -p "Action for $TARGET [d/c/s]? " ACT < /dev/tty + case "$ACT" in + [Dd]* ) + read -r -p "Really DELETE $TARGET? (y/n) " CONF < /dev/tty + if [[ "$CONF" =~ ^[Yy]$ ]]; then + # build an array of OTHER admin usernames + mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') + if [ "${#OTHER_USERS[@]}" -eq 0 ]; then + echo "Cannot delete the only administrator account." + break + fi + DEFAULT_USER="${OTHER_USERS[0]}" + echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" + while true; do + read -r -p "Reassign content to which username? [default $DEFAULT_USER] " REASSIGN < /dev/tty + REASSIGN=${REASSIGN:-$DEFAULT_USER} + if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then + break + else + echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" + fi + done + # delete by username, reassign by username + "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes >/dev/null 2>&1 + echo "$TARGET deleted (content reassigned to $REASSIGN)." + else + echo "Deletion cancelled." + fi + break + ;; + [Cc]* ) + NEW_PASS=$(gen_pass) + if "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --quiet; then + echo "Password for $TARGET changed to: $NEW_PASS" + else + echo "Failed to change password for $TARGET." + fi + break + ;; + [Ss]* ) + echo "Skipping $TARGET." + break + ;; + * ) echo "Please answer d, c, or s." ;; + esac + done +done + +#----------------------------------------------------------# +# flush cache and refresh all security salts # +#----------------------------------------------------------# + +echo +echo "Flushing cache and refreshing salts..." + +"${WP_RUN[@]}" cache flush +"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force +"${WP_RUN[@]}" config shuffle-salts + +echo "Cache flushed and salts refreshed." + echo echo "Done." exit 0 From 596bce582f627d14b5ff0f0422773e7a894b4f2f Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 11:43:48 +0200 Subject: [PATCH 236/316] Jailing v-run-wp-cli --- bin/v-run-wp-cli | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 672832ab..ebe654f6 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -63,6 +63,9 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi +mkdir -p /home/$user/.wp-cli +chown $user:$user /home/$user/.wp-cli + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# @@ -70,7 +73,11 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command +sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log + +echo "WP CLI: Done." +echo "To see Warning/Error log: " +echo "cat /home/$user/web/$domain/wp-cli-error.log" #----------------------------------------------------------# # Vesta # From d1c48504adcf33fe068d065997f189d354399ff6 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 14:02:31 +0200 Subject: [PATCH 237/316] v-run-wp-cli --- bin/v-run-wp-cli | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index ebe654f6..9325d47d 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -75,9 +75,9 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") cd /home/$USER/web/$domain/public_html sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log -echo "WP CLI: Done." -echo "To see Warning/Error log: " -echo "cat /home/$user/web/$domain/wp-cli-error.log" +# echo "WP CLI: Done." +# echo "To see Warning/Error log: " +# echo "cat /home/$user/web/$domain/wp-cli-error.log" #----------------------------------------------------------# # Vesta # From c8f9601a356df33ba8c13b24ac178352b6e91931 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 15:56:56 +0200 Subject: [PATCH 238/316] v-fix-wp-core: BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/ --- bin/v-fix-wp-core | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 4240b0ab..1dd87b71 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -17,6 +17,8 @@ DOMAIN="$1" CACHE_DIR="${2-/srv/wp-cache}" # default cache location +QUARANTINE_DIR="/srv/wp-quarantine" + # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -72,7 +74,7 @@ fi # backup current core folders TIMESTAMP="$(date +%Y%m%d%H%M%S)" -BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" +BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" From b13b25602c1901cea81a37ed64516bd64f8f41fe Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 19:29:58 +0200 Subject: [PATCH 239/316] Use wp-cli from git repo if available --- bin/v-run-wp-cli | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 9325d47d..31730f63 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -58,6 +58,12 @@ if ! command -v wp &> /dev/null; then echo "WP CLI installed successfully." fi +wpcli="/usr/local/bin/wp" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" +fi + if [ ! -d "/home/$user/web/$domain/public_html" ]; then # echo "Domain doesn't exist"; exit 1; @@ -73,7 +79,7 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log # echo "WP CLI: Done." # echo "To see Warning/Error log: " From e46c7e4e60e3a225777de5c89ad527b4e0c8afd5 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 22:22:16 +0200 Subject: [PATCH 240/316] v-get-wp-cli and terminal $COLUMNS fix --- bin/v-get-wp-cli | 44 ++++++++++++++++++++++++++++++++++++++++++++ bin/v-run-wp-cli | 15 +++++++++------ 2 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 bin/v-get-wp-cli diff --git a/bin/v-get-wp-cli b/bin/v-get-wp-cli new file mode 100644 index 00000000..c097a024 --- /dev/null +++ b/bin/v-get-wp-cli @@ -0,0 +1,44 @@ +#!/bin/bash +# info: Download WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +cd wp-cli/ +sudo -H -u www-data composer install + +# Fix terminal columns issue for WP CLI +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "= WP CLI installed successfully." + +exit 0; \ No newline at end of file diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 31730f63..1a0e2adc 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -62,11 +62,8 @@ wpcli="/usr/local/bin/wp" if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - # echo "Domain doesn't exist"; - exit 1; + COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') + echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS fi mkdir -p /home/$user/.wp-cli @@ -81,6 +78,12 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") cd /home/$USER/web/$domain/public_html sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +return_code=$? + +if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then + rm /usr/local/bin/wp-cli/COLUMNS +fi + # echo "WP CLI: Done." # echo "To see Warning/Error log: " # echo "cat /home/$user/web/$domain/wp-cli-error.log" @@ -89,4 +92,4 @@ sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pc # Vesta # #----------------------------------------------------------# -exit 0; +exit $return_code; From 2e2b4b2f58544c57aeaf2b0cfd6256af3d288195 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 19 Jun 2025 15:57:50 +0200 Subject: [PATCH 241/316] v-backup-user-now skip LA limit --- bin/v-backup-user | 3 +++ bin/v-backup-user-now | 1 + 2 files changed, 4 insertions(+) diff --git a/bin/v-backup-user b/bin/v-backup-user index 0db5d376..f6629c9e 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -22,6 +22,9 @@ source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/conf/vesta.conf +if [ ! -z "$NOW" ]; then + BACKUP_LA_LIMIT=50 +fi #----------------------------------------------------------# # Verifications # diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now index 3a20b4ce..10eecd87 100644 --- a/bin/v-backup-user-now +++ b/bin/v-backup-user-now @@ -1,5 +1,6 @@ #!/bin/bash export ALLOW_BACKUP_ANYTIME='yes' +export NOW='yes' nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 From 761da8150b869df8392d2644a9a9e23a32a0cace Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 20 Jun 2025 17:54:04 +0200 Subject: [PATCH 242/316] Visual improvements for v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 0249efb7..44870b58 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -65,11 +65,12 @@ echo "For each admin choose: (d) delete, (c) change password, (s) skip." echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" while true; do - read -r -p "Action for $TARGET [d/c/s]? " ACT < /dev/tty + echo "-------------------------------------" + read -r -p "Action for \"$TARGET\" [d/c/s]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE $TARGET? (y/n) " CONF < /dev/tty - if [[ "$CONF" =~ ^[Yy]$ ]]; then + read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty + if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') if [ "${#OTHER_USERS[@]}" -eq 0 ]; then From 294c8ba516a3242d444b19c0156b874c9eb77027 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 21 Jun 2025 15:57:21 +0200 Subject: [PATCH 243/316] Setting chmod 600 for all php files --- ...hange-database-password-for-all-wordpress} | 2 +- ... v-change-database-password-for-wordpress} | 11 +++-- ...ns-pass => v-change-wordpress-admins-pass} | 16 +++++--- bin/{v-desinfect-wp => v-desinfect-wordpress} | 18 ++------ bin/v-fix-user-permissions | 1 + bin/v-fix-website-permissions | 26 ++++++++++-- ...v-fix-website-permissions-for-all-websites | 41 +++++++++++++++++++ bin/{v-fix-wp-core => v-fix-wordpress-core} | 0 bin/v-unlock-wordpress | 2 + 9 files changed, 90 insertions(+), 27 deletions(-) rename bin/{v-change-db-password-to-all-wordpress => v-change-database-password-for-all-wordpress} (93%) rename bin/{v-change-db-password-to-wordpress => v-change-database-password-for-wordpress} (92%) rename bin/{v-change-wp-admins-pass => v-change-wordpress-admins-pass} (93%) rename bin/{v-desinfect-wp => v-desinfect-wordpress} (77%) create mode 100644 bin/v-fix-website-permissions-for-all-websites rename bin/{v-fix-wp-core => v-fix-wordpress-core} (100%) diff --git a/bin/v-change-db-password-to-all-wordpress b/bin/v-change-database-password-for-all-wordpress similarity index 93% rename from bin/v-change-db-password-to-all-wordpress rename to bin/v-change-database-password-for-all-wordpress index b31edb80..ad922cc2 100644 --- a/bin/v-change-db-password-to-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -26,7 +26,7 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - /usr/local/vesta/bin/v-change-db-password-to-wordpress $domain + /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user echo "--------------------------------" fi done diff --git a/bin/v-change-db-password-to-wordpress b/bin/v-change-database-password-for-wordpress similarity index 92% rename from bin/v-change-db-password-to-wordpress rename to bin/v-change-database-password-for-wordpress index d7ce1782..e318edde 100644 --- a/bin/v-change-db-password-to-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -1,8 +1,8 @@ #!/bin/bash -# info: change db password to wordpress database +# info: change database password for wordpress # options: # -# The command is used for changing db password to wordpress database. +# The command is used for changing database password for wordpress. #----------------------------------------------------------# @@ -21,7 +21,12 @@ source /etc/profile # Argument definition domain=$1 -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi USER=$user if [ -z "$user" ]; then diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wordpress-admins-pass similarity index 93% rename from bin/v-change-wp-admins-pass rename to bin/v-change-wordpress-admins-pass index 44870b58..9028cd10 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wordpress-admins-pass @@ -59,14 +59,14 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do done echo -echo "For each admin choose: (d) delete, (c) change password, (s) skip." +echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit." # interactive loop -echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do +while IFS=',' read -r ID LOGIN EMAIL; do [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" while true; do echo "-------------------------------------" - read -r -p "Action for \"$TARGET\" [d/c/s]? " ACT < /dev/tty + read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty @@ -109,15 +109,20 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do echo "Skipping $TARGET." break ;; - * ) echo "Please answer d, c, or s." ;; + [Xx]* ) + echo "Exiting." + exit 0 + ;; + * ) echo "Please answer d, c, s, or x." ;; esac done -done +done <<< "$ADMIN_LIST_CSV" #----------------------------------------------------------# # flush cache and refresh all security salts # #----------------------------------------------------------# +echo "-------------------------------------" echo echo "Flushing cache and refreshing salts..." @@ -129,4 +134,5 @@ echo "Cache flushed and salts refreshed." echo echo "Done." + exit 0 diff --git a/bin/v-desinfect-wp b/bin/v-desinfect-wordpress similarity index 77% rename from bin/v-desinfect-wp rename to bin/v-desinfect-wordpress index e1ddc65d..4de2f779 100644 --- a/bin/v-desinfect-wp +++ b/bin/v-desinfect-wordpress @@ -27,25 +27,15 @@ if [ -z "$user" ]; then exit 1 fi -# choose the correct admin-password script (with or without the “s”) -if [ -x /usr/local/vesta/bin/v-change-wp-admin-pass ]; then - admin_pass_script="/usr/local/vesta/bin/v-change-wp-admin-pass" -elif [ -x /usr/local/vesta/bin/v-change-wp-admins-pass ]; then - admin_pass_script="/usr/local/vesta/bin/v-change-wp-admins-pass" -else - admin_pass_script="" -fi - # absolute paths to maintenance scripts, in desired order declare -a tasks=( - "/usr/local/vesta/bin/v-change-db-password-to-wordpress" - "/usr/local/vesta/bin/v-fix-wp-core" + "/usr/local/vesta/bin/v-change-database-password-for-wordpress" + "/usr/local/vesta/bin/v-change-wordpress-admins-pass" + "/usr/local/vesta/bin/v-fix-wordpress-core" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" + "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) -# append the admin script if we found one -[ -n "$admin_pass_script" ] && tasks+=("$admin_pass_script") - # -------------------------------------------------------- # # execution strategy # # -------------------------------------------------------- # diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index e55b5e0f..991ada62 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -52,6 +52,7 @@ find /home/$user/conf/ -type d -exec chown root:root {} \; find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; +find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} + echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index a63954eb..c79fe443 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -18,7 +18,13 @@ source /etc/profile # Argument definition domain=$1 -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user # Includes source /usr/local/vesta/func/main.sh @@ -27,8 +33,6 @@ if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" fi -USER=$user - #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# @@ -54,14 +58,28 @@ fi # Going to domain directory cd /home/$USER/web/$domain +# Ownership check +if [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + + echo "Updating permissions for /home/$USER/web/$domain/public_html/" find public_html/ -type d -exec chmod 755 {} + find public_html/ -type f -exec chmod 644 {} + chown -R $USER:$USER public_html/ +# Setting chmod 600 for all php files +echo "= Setting chmod 600 for all php files" +find -name "*.php" -type f -exec chmod 600 {} + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# echo "Permissions for $domain have been successfully updated." -exit +exit 0 diff --git a/bin/v-fix-website-permissions-for-all-websites b/bin/v-fix-website-permissions-for-all-websites new file mode 100644 index 00000000..9b1501bd --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites @@ -0,0 +1,41 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-wp-core b/bin/v-fix-wordpress-core similarity index 100% rename from bin/v-fix-wp-core rename to bin/v-fix-wordpress-core diff --git a/bin/v-unlock-wordpress b/bin/v-unlock-wordpress index 1e2cccc6..4a2c42c3 100644 --- a/bin/v-unlock-wordpress +++ b/bin/v-unlock-wordpress @@ -58,6 +58,8 @@ chown -R $user:$user public_html/ rm public_html/wp-content/uploads/.htaccess +/usr/local/vesta/bin/v-fix-website-permissions $domain + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# From 97e5fc06772b9dec38f9989ac5eff7c91e5c6674 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 21 Jun 2025 17:26:32 +0200 Subject: [PATCH 244/316] v-change-database-password-for-all-wordpress: Using existing password for $db_user --- ...change-database-password-for-all-wordpress | 5 +++++ bin/v-change-database-password-for-wordpress | 22 +++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index ad922cc2..e129497c 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -19,6 +19,8 @@ source $VESTA/func/main.sh # Action # #----------------------------------------------------------# +touch /root/remember-db-user-pass.txt + for user in $(grep '@' /etc/passwd |cut -f1 -d:); do if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then continue; @@ -33,6 +35,9 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do done +# cat /root/remember-db-user-pass.txt +rm /root/remember-db-user-pass.txt + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index e318edde..dd7a3a91 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -69,10 +69,28 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then chown $user:$user $wp_config_path fi db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") - new_password=$(generate_password) + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + new_password='' + found_existing_password=0 + if [ -f "/root/remember-db-user-pass.txt" ]; then + db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt) + if [ -n "$db_user_pass" ]; then + new_password=$(echo "$db_user_pass" | cut -d':' -f2) + echo "= Using existing password for $db_user" + found_existing_password=1 + fi + fi + + if [ -z "$new_password" ]; then + new_password=$(generate_password) + fi + echo "DB name: $db_name" + echo "DB user: $db_user" echo "New DB password: $new_password" - # echo "executing: /usr/local/vesta/bin/v-change-database-password \"$user\" \"$db_name\" \"$new_password\"" + if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then + echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + fi /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" if [ $? -ne 0 ]; then echo "*************** ERROR: Failed to change database password ***************" From fd6eb44bae7fa3852f7465084a57a1d485fca533 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 22 Jun 2025 22:45:19 +0200 Subject: [PATCH 245/316] .gitignore: exclude data, conf, log --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 6701a887..fe0574ad 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ *.gz .vscode .DS_Store +data +conf +log \ No newline at end of file From d37473b5e86b4f890b276d2d2f7df19e3e131a8c Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 22 Jun 2025 23:53:53 +0200 Subject: [PATCH 246/316] Using v-wp-cli in v-change-wordpress-admin-passwords --- ...ins-pass => v-change-wordpress-admin-passwords} | 14 ++------------ bin/v-desinfect-wordpress | 2 +- 2 files changed, 3 insertions(+), 13 deletions(-) rename bin/{v-change-wordpress-admins-pass => v-change-wordpress-admin-passwords} (89%) diff --git a/bin/v-change-wordpress-admins-pass b/bin/v-change-wordpress-admin-passwords similarity index 89% rename from bin/v-change-wordpress-admins-pass rename to bin/v-change-wordpress-admin-passwords index 9028cd10..5a6a4e3f 100644 --- a/bin/v-change-wordpress-admins-pass +++ b/bin/v-change-wordpress-admin-passwords @@ -5,6 +5,7 @@ # d → delete user (with content reassignment) # c → change password (random 10-char alnum) # s → skip +# x → exit #----------------------------------------------------------# # Variable & Function # @@ -22,19 +23,8 @@ USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" WP_PATH="/home/$USER/web/$DOMAIN/public_html" [ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } -# ensure WP-CLI binary -if ! command -v wp >/dev/null 2>&1; then - echo "WP-CLI is not installed, installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp -fi - -PHPVER=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$DOMAIN") -PHP_BIN=$(command -v "php$PHPVER" 2>/dev/null || command -v php) -[ -z "$PHP_BIN" ] && { echo "Could not find a PHP binary."; exit 1; } - # WP-CLI wrapper -WP_RUN=(sudo -u "$USER" "$PHP_BIN" /usr/local/bin/wp --skip-plugins --skip-themes) +WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' Date: Mon, 23 Jun 2025 15:55:28 +0200 Subject: [PATCH 247/316] v-change-wordpress-admin-passwords: default = y --- bin/v-change-wordpress-admin-passwords | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 5a6a4e3f..c51c9270 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -59,7 +59,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty + read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') From 09465e5fba65dbff78f89cbc39991ff669c42983 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 23 Jun 2025 21:53:55 +0200 Subject: [PATCH 248/316] v-change-database-password-for-all-wordpress: first optional argument to specify a $user --- bin/v-change-database-password-for-all-wordpress | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index e129497c..2741e960 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -15,6 +15,11 @@ source /etc/profile # Includes source $VESTA/func/main.sh +only_user=''; +if [ ! -z "$1" ]; then + only_user=$1 +fi + #----------------------------------------------------------# # Action # #----------------------------------------------------------# @@ -26,6 +31,12 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do continue; fi + if [ ! -z "$only_user" ]; then + if [ "$only_user" != "$user" ]; then + continue; + fi + fi + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user @@ -33,6 +44,10 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do fi done + if [ ! -z "$only_user" ]; then + break; + fi + done # cat /root/remember-db-user-pass.txt From f77f8e8b784e6a138d90a61cdbf7e7ea5f83eff3 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 24 Jun 2025 15:37:21 +0200 Subject: [PATCH 249/316] $SKIP_OWNERSHIP_CHECK in v-fix-website-permissions, v-fix-wordpress-core --- bin/v-fix-website-permissions | 2 +- bin/v-fix-wordpress-core | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index c79fe443..0131b7c8 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -59,7 +59,7 @@ fi cd /home/$USER/web/$domain # Ownership check -if [ -f "public_html/index.php" ]; then +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then owner=$(stat -c '%U' "public_html/index.php") if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 1dd87b71..2549017b 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -84,7 +84,7 @@ for f in "$SITE_PATH"/*.php; do mv "$f" "$BACKUP_DIR/" done -chown -R www-data:www-data "$BACKUP_DIR" +# chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -100,8 +100,8 @@ for corephp in "$CACHE_PATH"/*.php; do done # fix permissions -/usr/local/vesta/bin/v-fix-website-permissions $DOMAIN -chown -R www-data:www-data "$BACKUP_DIR" +SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN +# chown -R www-data:www-data "$BACKUP_DIR" echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" exit From 451c9944b90f4d48ffb10e9788e827f6dd768a0b Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 25 Jun 2025 17:32:23 +0200 Subject: [PATCH 250/316] v-fix-wordpress-core: move .user.ini --- bin/v-fix-wordpress-core | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 2549017b..7a511747 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -83,6 +83,9 @@ for f in "$SITE_PATH"/*.php; do [[ $(basename "$f") == "wp-config.php" ]] && continue mv "$f" "$BACKUP_DIR/" done +if [ -f "$SITE_PATH/.user.ini" ]; then + mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/" +fi # chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null From e8b5b5a836662d2c07f2d0fc3cf704d585a504bc Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 26 Jun 2025 18:05:11 +0200 Subject: [PATCH 251/316] v-update-document-errors-files --- bin/v-update-document-errors-files | 48 ++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 bin/v-update-document-errors-files diff --git a/bin/v-update-document-errors-files b/bin/v-update-document-errors-files new file mode 100644 index 00000000..c044a80a --- /dev/null +++ b/bin/v-update-document-errors-files @@ -0,0 +1,48 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html + chown $user:$user /home/$user/web/$domain/document_errors/* + chmod 644 /home/$user/web/$domain/document_errors/* + done + +done + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit From 6cce5ecadda43c4ac94a1a094ed67111ff8fde0d Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 26 Jun 2025 22:26:14 +0200 Subject: [PATCH 252/316] chmod .env files to 600 --- bin/v-fix-website-permissions | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 0131b7c8..7dd36a62 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -76,6 +76,7 @@ chown -R $USER:$USER public_html/ # Setting chmod 600 for all php files echo "= Setting chmod 600 for all php files" find -name "*.php" -type f -exec chmod 600 {} + +find -name ".env" -type f -exec chmod 600 {} + #----------------------------------------------------------# # Vesta # From 1567383b4923b9f2ac567223e5ccfdd9e2f996a8 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 28 Jun 2025 16:49:18 +0200 Subject: [PATCH 253/316] v-run-wp-cli: Parameter 'PHP' to force specified PHP version --- bin/v-run-wp-cli | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 1a0e2adc..d03afc6a 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -69,7 +69,11 @@ fi mkdir -p /home/$user/.wp-cli chown $user:$user /home/$user/.wp-cli -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +if [ -z "$PHP" ]; then + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +else + phpver=$PHP +fi #----------------------------------------------------------# # Action # From 2fd60fc29d7ca08dc0bbe03b8b09e1ed0053e972 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 29 Jun 2025 17:16:50 +0200 Subject: [PATCH 254/316] VERBOSE_MODE in v-run-wp-cli --- bin/v-run-wp-cli | 3 +++ func/main.sh | 3 +++ 2 files changed, 6 insertions(+) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index d03afc6a..ef4f6e10 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -36,10 +36,13 @@ fi # Verifications # #----------------------------------------------------------# +VERBOSE_MODE=1 + check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' is_format_valid 'domain' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +is_object_unsuspended 'web' 'DOMAIN' "$domain" if [ ! -d "/home/$user" ]; then # echo "User doesn't exist"; diff --git a/func/main.sh b/func/main.sh index 03773920..27c4dcbe 100644 --- a/func/main.sh +++ b/func/main.sh @@ -254,6 +254,9 @@ is_object_unsuspended() { spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'") fi if [ ! -z "$spnd" ]; then + if [ ! -z "$VERBOSE_MODE" ]; then + echo "Error: $(basename $1) $3 is suspended" + fi check_result $E_SUSPENDED "$(basename $1) $3 is suspended" fi } From b8b75f0dde93a0304b6306c83664f97a33a3771d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 29 Jun 2025 00:59:18 +0200 Subject: [PATCH 255/316] v-change-wordpress-admin-passwords --- bin/v-change-wordpress-admin-passwords | 46 ++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index c51c9270..89122a2d 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -25,6 +25,13 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" # WP-CLI wrapper WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) + --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2) [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } printf "%-6s %-20s %s\n" "ID" "Username" "Email" @@ -59,7 +70,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty + # read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty + CONF="y" if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') @@ -70,7 +82,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do DEFAULT_USER="${OTHER_USERS[0]}" echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do - read -r -p "Reassign content to which username? [default $DEFAULT_USER] " REASSIGN < /dev/tty + read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break @@ -79,8 +91,13 @@ while IFS=',' read -r ID LOGIN EMAIL; do fi done # delete by username, reassign by username - "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes >/dev/null 2>&1 - echo "$TARGET deleted (content reassigned to $REASSIGN)." + "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes + if [ $? -eq 0 ]; then + echo "$TARGET deleted (content reassigned to $REASSIGN)." + else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + echo "Failed to delete $TARGET." + fi else echo "Deletion cancelled." fi @@ -88,9 +105,14 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - if "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --quiet; then - echo "Password for $TARGET changed to: $NEW_PASS" + "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes + if [ $? -eq 0 ]; then + echo "Password for username '$TARGET' changed to: $NEW_PASS" + echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log echo "Failed to change password for $TARGET." fi break @@ -125,4 +147,14 @@ echo "Cache flushed and salts refreshed." echo echo "Done." +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + read -r -p "== Press Enter to continue..." +fi + exit 0 From d20bc94866c2891ff96e669cc9143f9972a9a196 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 1 Jul 2025 10:03:32 +0200 Subject: [PATCH 256/316] v-fix-website-permissions: chown for .php and .env files --- bin/v-fix-website-permissions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 7dd36a62..3a73d13a 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -77,6 +77,8 @@ chown -R $USER:$USER public_html/ echo "= Setting chmod 600 for all php files" find -name "*.php" -type f -exec chmod 600 {} + find -name ".env" -type f -exec chmod 600 {} + +find -name "*.php" -type f -exec chown $USER:$USER {} + +find -name ".env" -type f -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From 54abc58c4e96c45173554dc351e94f8f11c8796d Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 10 Jul 2025 17:49:15 +0200 Subject: [PATCH 257/316] v-change-wordpress-admin-passwords: accept integer as id of user, support for custom php version --- bin/v-change-wordpress-admin-passwords | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 89122a2d..c81cbfcb 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -24,7 +24,12 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" [ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } # WP-CLI wrapper -WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +if [ ! -z "$PHP" ]; then + WP_RUN=(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +else + WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +fi + return_code=$? if [ $return_code -ne 0 ]; then @@ -86,9 +91,11 @@ while IFS=',' read -r ID LOGIN EMAIL; do REASSIGN=${REASSIGN:-$DEFAULT_USER} if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break - else - echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" fi + if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then + break + fi + echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes From acc87125f09083b5d171a5c9f7505a3c5b9a6b00 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 10:34:38 +0200 Subject: [PATCH 258/316] v-change-wordpress-admin-passwords: ability to run v-run-wp-cli on choosen PHP version --- bin/v-change-wordpress-admin-passwords | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index c81cbfcb..1802bd9f 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -25,9 +25,9 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" # WP-CLI wrapper if [ ! -z "$PHP" ]; then - WP_RUN=(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" else - WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" fi return_code=$? @@ -54,9 +54,9 @@ if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt fi -ADMIN_LIST_CSV=$("${WP_RUN[@]}" user list --role=administrator \ - --fields=ID,user_login,user_email \ - --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2) +RUN="$WP_RUN user list --role=administrator --fields=ID,user_login,user_email --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2" +ADMIN_LIST_CSV=$(eval "$RUN") + [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } printf "%-6s %-20s %s\n" "ID" "Username" "Email" @@ -98,7 +98,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username - "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes + RUN="$WP_RUN user delete $LOGIN --reassign=$REASSIGN --yes --skip-plugins --skip-themes" + eval "$RUN" if [ $? -eq 0 ]; then echo "$TARGET deleted (content reassigned to $REASSIGN)." else @@ -112,7 +113,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes + RUN="$WP_RUN user update $LOGIN --user_pass=$NEW_PASS --skip-plugins --skip-themes" + eval "$RUN" if [ $? -eq 0 ]; then echo "Password for username '$TARGET' changed to: $NEW_PASS" echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt @@ -145,9 +147,12 @@ echo "-------------------------------------" echo echo "Flushing cache and refreshing salts..." -"${WP_RUN[@]}" cache flush -"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force -"${WP_RUN[@]}" config shuffle-salts +RUN="$WP_RUN cache flush" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts" +eval "$RUN" echo "Cache flushed and salts refreshed." From 420a978572585868477bd6a32f6b2ccb64ea21dc Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 11:41:28 +0200 Subject: [PATCH 259/316] v-install-wordpress: Support for IDN format domains --- bin/v-install-wordpress | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 202919d0..3f21d172 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -57,8 +57,17 @@ if [ -z "$database" ]; then fi fi +# Convert domain to IDN if available +if command -v idn2 >/dev/null 2>&1; then + database=$(idn2 "$database") + idn_domain=$(idn2 "$domain") +elif command -v idn >/dev/null 2>&1; then + database=$(idn "$database") + idn_domain=$(idn "$domain") +fi + if [ -z "$email" ]; then - email="info@$domain"; + email="info@$idn_domain"; fi if [ ! -d "/home/$user" ]; then From bf54a85a51fd391b8d17b1483ff54bd9dab1dbf4 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 16:37:09 +0200 Subject: [PATCH 260/316] Added functions to check if a domain or user is unsuspended in main.sh --- func/main.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/func/main.sh b/func/main.sh index 27c4dcbe..4dfc087b 100644 --- a/func/main.sh +++ b/func/main.sh @@ -1236,3 +1236,26 @@ parse_object_kv_list_non_eval() { fi done } + +# Return OK (0) if domain is unsupended +# Parameters: +# $1 - user +# $2 - domain +return_ok_if_domain_is_unsuspended() { + spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} + +# Return OK (0) if user is unsupended +# Parameters: +# $1 - user +return_ok_if_user_is_unsuspended() { + spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} From cdf10aede168cde0e17e7f418855dc8c751497e1 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 12 Jul 2025 14:07:08 +0200 Subject: [PATCH 261/316] v-change-wordpress-admin-passwords: enhance admin reassignment logic to handle default user selection --- bin/v-change-wordpress-admin-passwords | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 1802bd9f..591ff27c 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -59,9 +59,14 @@ ADMIN_LIST_CSV=$(eval "$RUN") [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } +DEFAULT_USER="" + printf "%-6s %-20s %s\n" "ID" "Username" "Email" echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" + if [ "$PID" = "1" ]; then + DEFAULT_USER="$PLOGIN" + fi done echo @@ -84,11 +89,14 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Cannot delete the only administrator account." break fi - DEFAULT_USER="${OTHER_USERS[0]}" + if [ "$DEFAULT_USER" = "" ]; then + DEFAULT_USER="${OTHER_USERS[0]}" + fi echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} + DEFAULT_USER=$REASSIGN if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break fi From aa6263c0ac49f9fbfabc383d375acada9c834240 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:25:07 +0200 Subject: [PATCH 262/316] Create wprocket-webp-express-force-https.stpl WEBP Express NGINX support with Rocket-NGINX --- .../wprocket-webp-express-force-https.stpl | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl new file mode 100644 index 00000000..0d3eca17 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%; + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + # Serve WebP if browser supports it + location ~* ^/wp-content/.*\.(png|jpe?g)$ { + add_header Vary Accept; + expires 365d; + + if ($http_accept !~* "webp") { + break; + } + + try_files + /wp-content/webp-express/webp-images/doc-root/$uri.webp + $uri.webp + @webp_on_demand; + } + + # Route .webp requests to converter if not found + location @webp_on_demand { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow .webp passthrough (trigger php fallback if not found) + location ~* ^/wp-content/.*\.(png|jpe?g)\.webp$ { + try_files + $uri + @webp_realizer; + } + + location @webp_realizer { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow PHP access to WebP Express WOD handler + location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { + proxy_pass https://148.113.209.199:8443; + } + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} From 59db959b9a0670575f13dfb11eb8d9ebe07f3dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:26:08 +0200 Subject: [PATCH 263/316] Update wprocket-webp-express-force-https.stpl --- .../wprocket-webp-express-force-https.stpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl index 0d3eca17..d504a6a1 100644 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -43,7 +43,7 @@ server { # Allow PHP access to WebP Express WOD handler location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { - proxy_pass https://148.113.209.199:8443; + proxy_pass https://%ip%:%web_ssl_port%; } location / { From 7511baa62863537d4f75d60712fbe1800dcb8b57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:27:04 +0200 Subject: [PATCH 264/316] Create wprocket-webp-express-force-https.tpl --- .../wprocket-webp-express-force-https.tpl | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From a48621a88ec17c38753380276f63d829ed1ddc02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 19:00:48 +0200 Subject: [PATCH 265/316] Update wprocket-webp-express-force-https.stpl rocket include must go bellow webp rules --- .../wprocket-webp-express-force-https.stpl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl index d504a6a1..2a6a7671 100644 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -7,8 +7,6 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; root %sdocroot%; - # Rocket-Nginx configuration - include rocket-nginx/conf.d/default.conf; # Serve WebP if browser supports it location ~* ^/wp-content/.*\.(png|jpe?g)$ { @@ -45,7 +43,10 @@ server { location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { proxy_pass https://%ip%:%web_ssl_port%; } - + + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + location / { proxy_pass https://%ip%:%web_ssl_port%; } From 29236cfb03b050df39bce02f8a113e3529d5fd3d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 13 Jul 2025 22:16:46 +0200 Subject: [PATCH 266/316] Enhance proxy template selection in v-activate-rocket-nginx to include wprocket-webp-express-force-https option and update install script to download corresponding templates. --- bin/v-activate-rocket-nginx | 12 +++++++----- src/deb/for-download/tools/install-rocket-nginx.sh | 2 ++ .../wprocket-webp-express-force-https.tpl | 8 ++++++++ 3 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index de8f6c5f..8b562c9b 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -75,18 +75,20 @@ fi # Changing Proxy Template # Check if the proxy template is already set correctly current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}') -if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then +if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then echo "Proxy Template is already set up correctly" else # Prompt the user to choose whether to force HTTPS or not - echo "Do you want to force-https in your Proxy Template or not (y/n):" + echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):" read answer # Change the proxy template based on the user's choice - if [ "$answer" == "y" ]; then - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" - else + if [ "$answer" == "h" ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting" + elif [ "$answer" == "f" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" + elif [ "$answer" == "w" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https" fi echo "Proxy Template is ready" diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh index 47768b11..ca1f8b2a 100644 --- a/src/deb/for-download/tools/install-rocket-nginx.sh +++ b/src/deb/for-download/tools/install-rocket-nginx.sh @@ -4,6 +4,8 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl h wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl echo "Updating apt, please wait..." apt-get update > /dev/null 2>&1 diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From 98600537fc54e76f67633a4bb9ec8fcb952d173c Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 16:32:21 +0200 Subject: [PATCH 267/316] v-change-wordpress-admin-passwords: modified user deletion and password update commands to use user ID instead of username. --- bin/v-add-wordpress-admin | 5 +++++ bin/v-change-wordpress-admin-passwords | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 3814e51a..67f58bf4 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -12,6 +12,11 @@ if [ "$whoami" != "root" ]; then exit 1 fi +if [ "$#" -lt 4 ]; then + echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]" + exit 1 +fi + # Importing system environment source /etc/profile diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 591ff27c..ba3dec2b 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -106,7 +106,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username - RUN="$WP_RUN user delete $LOGIN --reassign=$REASSIGN --yes --skip-plugins --skip-themes" + RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes" eval "$RUN" if [ $? -eq 0 ]; then echo "$TARGET deleted (content reassigned to $REASSIGN)." @@ -121,7 +121,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - RUN="$WP_RUN user update $LOGIN --user_pass=$NEW_PASS --skip-plugins --skip-themes" + RUN="$WP_RUN user update $ID --user_pass=$NEW_PASS --skip-plugins --skip-themes" eval "$RUN" if [ $? -eq 0 ]; then echo "Password for username '$TARGET' changed to: $NEW_PASS" @@ -147,6 +147,18 @@ while IFS=',' read -r ID LOGIN EMAIL; do done done <<< "$ADMIN_LIST_CSV" +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo + read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty + if [ -z "$SAVE_PASSWORDS" ]; then + SAVE_PASSWORDS="n" + fi + if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then + rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + fi +fi + #----------------------------------------------------------# # flush cache and refresh all security salts # #----------------------------------------------------------# From 1571d60b2f96c99bc386ee102b9599b6c98da87e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 17:16:25 +0200 Subject: [PATCH 268/316] Update v-fix-website-permissions to allow dynamic php file permissions based on user-defined settings --- bin/v-fix-website-permissions | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 3a73d13a..4b92df2f 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -73,10 +73,15 @@ find public_html/ -type d -exec chmod 755 {} + find public_html/ -type f -exec chmod 644 {} + chown -R $USER:$USER public_html/ +php_chmod="600" +if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) +fi + # Setting chmod 600 for all php files echo "= Setting chmod 600 for all php files" -find -name "*.php" -type f -exec chmod 600 {} + -find -name ".env" -type f -exec chmod 600 {} + +find -name "*.php" -type f -exec chmod $php_chmod {} + +find -name ".env" -type f -exec chmod $php_chmod {} + find -name "*.php" -type f -exec chown $USER:$USER {} + find -name ".env" -type f -exec chown $USER:$USER {} + From ca9a93982343928a696f54db2d9713348a42e04e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 18:17:43 +0200 Subject: [PATCH 269/316] Refactor v-change-wordpress-admin-passwords to streamline admin list processing by using a here-string for input --- bin/v-change-wordpress-admin-passwords | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index ba3dec2b..7c4fabdb 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -62,12 +62,12 @@ ADMIN_LIST_CSV=$(eval "$RUN") DEFAULT_USER="" printf "%-6s %-20s %s\n" "ID" "Username" "Email" -echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do +while IFS=',' read -r PID PLOGIN PEMAIL; do printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" if [ "$PID" = "1" ]; then DEFAULT_USER="$PLOGIN" fi -done +done <<< "$ADMIN_LIST_CSV" echo echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit." From f16c7e4c3fff4aa83ee4640f9608dee16b73530b Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 13:12:20 +0200 Subject: [PATCH 270/316] New command: v-delete-inactive-wordpress-plugins-and-themes --- ...lete-inactive-wordpress-plugins-and-themes | 165 ++++++++++++++++++ bin/v-desinfect-wordpress | 1 + 2 files changed, 166 insertions(+) create mode 100644 bin/v-delete-inactive-wordpress-plugins-and-themes diff --git a/bin/v-delete-inactive-wordpress-plugins-and-themes b/bin/v-delete-inactive-wordpress-plugins-and-themes new file mode 100644 index 00000000..e9b1715c --- /dev/null +++ b/bin/v-delete-inactive-wordpress-plugins-and-themes @@ -0,0 +1,165 @@ +#!/bin/bash +# info: delete inactive WordPress plugins and themes +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +# WP-CLI wrapper +if [ ! -z "$PHP" ]; then + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +else + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +fi + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 +echo "Inactive WordPress plugins for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes" +PLUGINS_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2) + +DEACTIVATED_PLUGINS_LIST_CSV="" + +if [ ! -z "$PLUGINS_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME" + fi + done <<< "$PLUGINS_LIST_CSV" +else + echo "No plugins found." +fi + +if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME" + file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php" + if [ -d "$folder" ] || [ -f "$file" ]; then + destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN" + if [ -d "$folder" ]; then + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + elif [ -f "$file" ]; then + source_path="$file" + destination_path="$destination_base_folder/$NAME.php" + fi + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + if [ -f "$destination_path" ]; then + echo "= File $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder or file $file not found - it does not exist?" + fi + fi + done <<< "$PLUGINS_LIST_CSV" + fi +fi + +echo "" +echo "Inactive WordPress themes for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes" +THEMES_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2) + +DEACTIVATED_THEMES_LIST_CSV="" + +if [ ! -z "$THEMES_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME" + fi + done <<< "$THEMES_LIST_CSV" +else + echo "No themes found." +fi + +if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME" + if [ -d "$folder" ]; then + destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN" + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder not found - it does not exist?" + fi + fi + done <<< "$THEMES_LIST_CSV" + fi +fi + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All deactivated plugins and themes moved to quarantine." + echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN" +else + echo "= No deactivated plugins or themes found." +fi +exit 0; diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index 04583c1e..dbcda395 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -32,6 +32,7 @@ declare -a tasks=( "/usr/local/vesta/bin/v-change-database-password-for-wordpress" "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" "/usr/local/vesta/bin/v-fix-wordpress-core" + "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) From 7191baa1c9edcb812b4e79431ae46f729d843c6b Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 13:53:20 +0200 Subject: [PATCH 271/316] v-change-wordpress-admin-passwords: improve error handling --- bin/v-change-wordpress-admin-passwords | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 7c4fabdb..6ab4ad0e 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -30,14 +30,6 @@ else WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" fi -return_code=$? - -if [ $return_code -ne 0 ]; then - echo "WP-CLI error:" - cat /home/$USER/web/$DOMAIN/wp-cli-error.log - exit $return_code -fi - # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' Date: Tue, 15 Jul 2025 17:48:08 +0200 Subject: [PATCH 272/316] v-fix-website-permissions: only modify those that are not already set correctly --- bin/v-fix-website-permissions | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 4b92df2f..03798a15 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,9 +69,9 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d -exec chmod 755 {} + -find public_html/ -type f -exec chmod 644 {} + -chown -R $USER:$USER public_html/ +find public_html/ -type d ! -perm 755 -exec chmod 755 {} + +find public_html/ -type f ! -perm 644 -exec chmod 644 {} + +find public_html/ ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" if [ -f "/home/$USER/web/$domain/php_chmod" ]; then @@ -79,11 +79,11 @@ if [ -f "/home/$USER/web/$domain/php_chmod" ]; then fi # Setting chmod 600 for all php files -echo "= Setting chmod 600 for all php files" -find -name "*.php" -type f -exec chmod $php_chmod {} + -find -name ".env" -type f -exec chmod $php_chmod {} + -find -name "*.php" -type f -exec chown $USER:$USER {} + -find -name ".env" -type f -exec chown $USER:$USER {} + +echo "= Setting chmod $php_chmod for all php files" +find -name "*.php" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -name ".env" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + +find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From b88f0e56bf8e33ca6d77c0fbd0c419881452960e Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 18:44:02 +0200 Subject: [PATCH 273/316] New command: v-delete-wordpress-uploads-php-files --- bin/v-delete-wordpress-uploads-php-files | 70 ++++++++++++++++++++++++ bin/v-desinfect-wordpress | 1 + 2 files changed, 71 insertions(+) create mode 100644 bin/v-delete-wordpress-uploads-php-files diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files new file mode 100644 index 00000000..4ef12f1e --- /dev/null +++ b/bin/v-delete-wordpress-uploads-php-files @@ -0,0 +1,70 @@ +#!/bin/bash +# info: delete PHP files from WordPress uploads folder +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 + +files=$(find wp-content/uploads/ -type f -name "*.php") + +if [ -z "$files" ]; then + echo "= No PHP files found in WordPress uploads folder." + exit 0; +fi + +echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :" +echo "-------------------------------------" +echo "$files" +echo "-------------------------------------" + +while true; do + read -r -p "Do you want to delete these files? (y/n): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" + break; + fi + if [ "$RESPONSE" == "n" ] || [ "$RESPONSE" == "N" ]; then + break; + fi +done + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All PHP files moved to quarantine." + echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN" +else + echo "= No PHP files found in WordPress uploads folder." +fi + +exit 0; \ No newline at end of file diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index dbcda395..fcdc2f66 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -33,6 +33,7 @@ declare -a tasks=( "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" "/usr/local/vesta/bin/v-fix-wordpress-core" "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" + "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) From 29f030205e05648c1e82a110837fc892b4e4edf0 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 12:50:25 +0200 Subject: [PATCH 274/316] v-fix-website-permissions: exclude specific file types from permission changes to avoid altering 'Change' file attribute --- bin/v-fix-website-permissions | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 03798a15..bc0d1ba5 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,8 +69,8 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d ! -perm 755 -exec chmod 755 {} + -find public_html/ -type f ! -perm 644 -exec chmod 644 {} + +find public_html/ -type d ! \( -name "*.php" -o -name "*.env" \) ! -perm 755 -exec chmod 755 {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + find public_html/ ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" @@ -80,8 +80,7 @@ fi # Setting chmod 600 for all php files echo "= Setting chmod $php_chmod for all php files" -find -name "*.php" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + -find -name ".env" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + From a5f2e6acd5b78fe24c2d791c31dcbd0aa5554ec2 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 12:52:43 +0200 Subject: [PATCH 275/316] v-fix-website-permissions: exclude specific file types from permission changes to avoid altering 'Change' file attribute --- bin/v-fix-website-permissions | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index bc0d1ba5..93b9d662 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,20 +69,24 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d ! \( -name "*.php" -o -name "*.env" \) ! -perm 755 -exec chmod 755 {} + +# Fixing permissions +find public_html/ -type d ! -perm 755 -exec chmod 755 {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + -find public_html/ ! -user $USER -exec chown $USER:$USER {} + +# Fixing ownership +find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" if [ -f "/home/$USER/web/$domain/php_chmod" ]; then php_chmod=$(cat /home/$USER/web/$domain/php_chmod) fi -# Setting chmod 600 for all php files -echo "= Setting chmod $php_chmod for all php files" +# Setting chmod 600 for all .php and .env files +echo "= Setting chmod $php_chmod for all .php and .env files" +# Fixing permissions find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + -find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + -find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + +# Fixing ownership +find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From 3801e8d6cf43ecbeb52e1de97ea1c2e137799112 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 13:57:37 +0200 Subject: [PATCH 276/316] v-delete-wordpress-uploads-php-files: set default response to 'yes' for moving files to quarantine --- bin/v-delete-wordpress-uploads-php-files | 34 ++++++++++-------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files index 4ef12f1e..ce72c0c4 100644 --- a/bin/v-delete-wordpress-uploads-php-files +++ b/bin/v-delete-wordpress-uploads-php-files @@ -38,26 +38,20 @@ echo "-------------------------------------" echo "$files" echo "-------------------------------------" -while true; do - read -r -p "Do you want to delete these files? (y/n): " RESPONSE < /dev/tty - if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ]; then - for file in $files; do - source_file="/home/$USER/web/$DOMAIN/public_html/$file" - destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" - destination_folder=$(dirname "$destination_file") - mkdir -p "$destination_folder" - chown $USER:$USER "$destination_folder" - mv "$source_file" "$destination_file" - echo "= File $source_file moved to $destination_file" - quarantined=1; - done - chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" - break; - fi - if [ "$RESPONSE" == "n" ] || [ "$RESPONSE" == "N" ]; then - break; - fi -done +read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty +if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" +fi echo "" if [ $quarantined -eq 1 ]; then From 403dd654009a7afb2d953c9f0fe8d2d0fa02f358 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 15:35:46 +0200 Subject: [PATCH 277/316] v-change-database-password-for-wordpress: enhance database name and user retrieval to support both single and double quotes in wp-config.php --- bin/v-change-database-password-for-wordpress | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index dd7a3a91..0c84f80b 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -70,6 +70,12 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then fi db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + if [ -z "$db_name" ]; then + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+") + fi + if [ -z "$db_user" ]; then + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+") + fi new_password='' found_existing_password=0 if [ -f "/root/remember-db-user-pass.txt" ]; then From a976a3bc3f0d46f28059e2df3fcc84501846f9b8 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 17:53:38 +0200 Subject: [PATCH 278/316] v-change-database-password-for-wordpress: fixing a bug in temporary password storage --- bin/v-change-database-password-for-all-wordpress | 4 +++- bin/v-change-database-password-for-wordpress | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index 2741e960..1a364307 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -51,7 +51,9 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do done # cat /root/remember-db-user-pass.txt -rm /root/remember-db-user-pass.txt +if [ -f "/root/remember-db-user-pass.txt" ]; then + rm /root/remember-db-user-pass.txt +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index 0c84f80b..7f31b181 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -94,8 +94,11 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then echo "DB name: $db_name" echo "DB user: $db_user" echo "New DB password: $new_password" - if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then + if [ $found_existing_password -eq 0 ]; then + touch /root/remember-db-user-pass.txt echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + chown root:root /root/remember-db-user-pass.txt + chmod 600 /root/remember-db-user-pass.txt fi /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" if [ $? -ne 0 ]; then @@ -126,4 +129,4 @@ fi # Logging log_event "$OK" "$ARGUMENTS" -exit +exit 0; From 9eade5a7df4759d0d4a90862fe1e1892f74e8e58 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 19:21:18 +0200 Subject: [PATCH 279/316] v-fix-wordpress-core: support for custom PHP version --- bin/v-fix-wordpress-core | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 7a511747..2bcd6c34 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -37,7 +37,12 @@ TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace trap 'rm -rf "$TMP_DIR"' EXIT # 1etermine WP version -WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +if [ -z "$PHP" ]; then + WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +else + WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +fi + check_result $? "cannot detect WP version" > /dev/null if [ -z "$WP_VERSION" ]; then check_result 1 "empty WP version string" From f64968ba918e10040325315eaaa5e8f09657d72b Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 17 Jul 2025 14:36:37 +0200 Subject: [PATCH 280/316] v-change-wordpress-admin-passwords: add option to skip content reassignment during user deletion --- bin/v-change-wordpress-admin-passwords | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 6ab4ad0e..eae5b078 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -81,6 +81,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do while true; do echo "-------------------------------------" read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty + skip=0; case "$ACT" in [Dd]* ) # read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty @@ -97,17 +98,25 @@ while IFS=',' read -r ID LOGIN EMAIL; do fi echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do - read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty + read -r -p "Reassign content to which username? [default: $DEFAULT_USER, s: skip] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} DEFAULT_USER=$REASSIGN if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break fi + if [[ "$REASSIGN" =~ ^[Ss]$ ]]; then + echo "Skipping reassignment." + skip=1; + break + fi if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then break fi echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done + if [ $skip -eq 1 ]; then + break + fi # delete by username, reassign by username RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes" eval "$RUN" From 7799cd3322e4e2b416cba968e5540a505b8c8289 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 22 Jul 2025 14:18:10 +0200 Subject: [PATCH 281/316] v-update-deb-package: change target Debian version to 'trixie' and update dependencies for NGINX, OpenSSL, and Zlib --- src/deb/vesta_compile.sh | 46 ++++++++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index a80316d9..c645aa4c 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -7,8 +7,8 @@ build_deb_package=1 add_deb_to_apt_repo=0 -TARGET_DEB_NAME='bookworm' -TARGET_DEB_VER='12' +TARGET_DEB_NAME='trixie' +TARGET_DEB_VER='13' run_apt_update_and_install=1 wait_to_press_enter=1 @@ -31,8 +31,8 @@ fi MAINTAINER_EMAIL='info@myvestacp.com' -TARGET_DEB_NAME_MAIN='bookworm' -TARGET_DEB_VER_MAIN='12' +TARGET_DEB_NAME_MAIN='trixie' +TARGET_DEB_VER_MAIN='13' # Set compiling directory BUILD_DIR="/usr/src/$TARGET_DEB_NAME" @@ -58,10 +58,10 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.25.1' -OPENSSL_V='1.1.1u' +NGINX_V='1.29.0' +OPENSSL_V='1.1.1w' PCRE_V='8.45' -ZLIB_V='1.2.13' +ZLIB_V='1.3.1' PHP_V='5.6.40' # Generate Links for sourcecode @@ -130,6 +130,9 @@ if [ $run_apt_update_and_install -eq 1 ]; then if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi + if [ "$release" -eq 13 ]; then + ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl + fi press_enter "=== Press enter to continue ===============================================================================" fi @@ -258,6 +261,7 @@ EOF press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***" vi $PATH_OF_APT_REPO_ROOT/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/13/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key @@ -442,6 +446,34 @@ if [ "$CWEB_B" = true ]; then fi tar -czf fail2ban.tar.gz fail2ban/ + if [ -f "dovecot.tar.gz" ]; then + rm dovecot.tar.gz + fi + tar -czf dovecot.tar.gz dovecot/ + echo "=== All done for Debian12" + ########## + cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/13 + + if [ -f "packages.tar.gz" ]; then + rm packages.tar.gz + fi + tar -czf packages.tar.gz packages/ + + if [ -f "templates.tar.gz" ]; then + rm templates.tar.gz + fi + tar -czf templates.tar.gz templates/ + + if [ -f "firewall.tar.gz" ]; then + rm firewall.tar.gz + fi + tar -czf firewall.tar.gz firewall/ + + if [ -f "fail2ban.tar.gz" ]; then + rm fail2ban.tar.gz + fi + tar -czf fail2ban.tar.gz fail2ban/ + if [ -f "dovecot.tar.gz" ]; then rm dovecot.tar.gz fi From b3758430c653c3c031273d85f3fd44d154fe265c Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 22 Jul 2025 16:30:23 +0200 Subject: [PATCH 282/316] v-update-php-version: upgrade PHP to 8.4.10 and update download link; add additional dependencies for Debian 13 --- src/deb/vesta_compile.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index c645aa4c..0d899cb3 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -62,7 +62,7 @@ NGINX_V='1.29.0' OPENSSL_V='1.1.1w' PCRE_V='8.45' ZLIB_V='1.3.1' -PHP_V='5.6.40' +PHP_V='8.4.10' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' @@ -73,7 +73,7 @@ OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz' PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download' # Zlib moved archives to Github ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz' -PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz' +PHP='https://www.php.net/distributions/php-'$PHP_V'.tar.gz' # Set package dependencies for compiling release=$(cat /etc/debian_version | tr "." "\n" | head -n1) @@ -81,7 +81,7 @@ release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' else - SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync' + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync libsqlite3-dev libonig-dev' fi function press_enter { @@ -130,7 +130,7 @@ if [ $run_apt_update_and_install -eq 1 ]; then if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi - if [ "$release" -eq 13 ]; then + if [ ! -e /usr/local/include/curl ] && [ "$release" -eq 13 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi press_enter "=== Press enter to continue ===============================================================================" @@ -530,7 +530,7 @@ if [ "$NGINX_B" = true ]; then --with-openssl-opt=no-weak-ssl-ciphers \ --with-openssl-opt=no-ssl3 \ --with-pcre=../pcre-$PCRE_V \ - --with-pcre-jit \ + --with-pcre-jit \ --with-zlib=../zlib-$ZLIB_V # Check install directory and remove if exists @@ -625,11 +625,10 @@ if [ "$PHP_B" = true ]; then --with-zlib \ --with-fpm-user=admin \ --with-fpm-group=admin \ - --with-mysql \ --with-mysqli \ --with-curl \ --enable-mbstring \ - --with-mysql-sock=/var/run/mysqld/mysqld.sock + --with-mysql-sock=/var/run/mysqld/mysqld.sock # Check install directory and remove if exists if [ -d $INSTALL_DIR/php ]; then @@ -637,7 +636,7 @@ if [ "$PHP_B" = true ]; then fi press_enter "=== Press enter to compile PHP ===============================================================================" - + make && make install press_enter "=== Press enter to continue ===============================================================================" From 77b6506baeca26e71dcba0eb367c9f66b213da83 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 14:02:52 +0200 Subject: [PATCH 283/316] v-update-deb-package: update completion message for Debian 13 --- src/deb/vesta_compile.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index 0d899cb3..08bc163b 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -478,7 +478,7 @@ if [ "$CWEB_B" = true ]; then rm dovecot.tar.gz fi tar -czf dovecot.tar.gz dovecot/ - echo "=== All done for Debian12" + echo "=== All done for Debian13" ########## cp /root/vesta/install/vst-install-debian.sh $PATH_OF_C_WEB_FOLDER_ROOT/vst-install-debian.sh From 30581ea672b0bcce6d2605a6138d1085c60aaf67 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 22:37:09 +0200 Subject: [PATCH 284/316] v-change-wordpress-admin-passwords: enhance output messages for password change confirmation --- bin/v-change-wordpress-admin-passwords | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index eae5b078..bca23ad8 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -160,8 +160,15 @@ while IFS=',' read -r ID LOGIN EMAIL; do done <<< "$ADMIN_LIST_CSV" if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "" + echo "" echo "-------------------------------------" - echo + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + echo "" read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty if [ -z "$SAVE_PASSWORDS" ]; then SAVE_PASSWORDS="n" @@ -191,14 +198,4 @@ echo "Cache flushed and salts refreshed." echo echo "Done." -if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then - echo "-------------------------------------" - echo "For website $DOMAIN - new wp-admin passwords have been set." - echo "-------------------------------------" - cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - echo "-------------------------------------" - echo "" - read -r -p "== Press Enter to continue..." -fi - exit 0 From 4e8bac8dda0670066c3b8cd880bfb388cb550a25 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 23:34:07 +0200 Subject: [PATCH 285/316] v-update-firewall-rules: improve nginx configuration handling for deleting rules, as well as for suspended and unsuspended rules --- bin/v-delete-firewall-rule | 2 +- bin/v-suspend-firewall-rule | 9 +++++++++ bin/v-unsuspend-firewall-rule | 13 +++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 61f7602d..10fd0fb9 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -45,7 +45,7 @@ $BIN/v-update-firewall if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then parse_object_kv_list_non_eval "$oldvalues" if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then - sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf systemctl restart nginx fi fi diff --git a/bin/v-suspend-firewall-rule b/bin/v-suspend-firewall-rule index 67f14cec..9191fed0 100755 --- a/bin/v-suspend-firewall-rule +++ b/bin/v-suspend-firewall-rule @@ -32,12 +32,21 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-firewall-rule b/bin/v-unsuspend-firewall-rule index be6320d4..f0e00c96 100755 --- a/bin/v-unsuspend-firewall-rule +++ b/bin/v-unsuspend-firewall-rule @@ -32,12 +32,25 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # From d017fbbe0700a61adb45a8494b1f6656655ffff3 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 25 Jul 2025 16:37:45 +0200 Subject: [PATCH 286/316] v-fix-website-permissions: improve error messages for non-existent user and domain directories --- bin/v-fix-website-permissions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 93b9d662..13c6775d 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -42,12 +42,12 @@ is_format_valid 'domain' is_object_valid 'user' 'USER' "$user" if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; + echo "Error: Folder /home/$user doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; exit 1; fi From 5fb7862b39b7437777fd1c57bc35c9c588854ac4 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 26 Jul 2025 21:36:10 +0200 Subject: [PATCH 287/316] Replace direct calls to 'wp' with 'v-run-wp-cli' --- bin/v-add-wordpress-admin | 16 ++++------ bin/v-clone-website | 22 ++++++------- bin/v-install-wordfence-cli | 0 bin/v-install-wordpress | 29 +++++++++++------ bin/{v-get-wp-cli => v-install-wp-cli} | 24 ++++++++++++-- bin/v-migrate-site-to-https | 22 +++++++++---- bin/v-run-wp-cli | 44 +++++++++++++++++++------- 7 files changed, 108 insertions(+), 49 deletions(-) create mode 100644 bin/v-install-wordfence-cli rename bin/{v-get-wp-cli => v-install-wp-cli} (60%) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 67f58bf4..20585485 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -63,21 +63,19 @@ if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then exit 1; fi -if ! command -v wp &> /dev/null; then - echo "WP CLI is not installed. Installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp - echo "WP CLI installed successfully." +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi - -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# # Action # #----------------------------------------------------------# -cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; +/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes; #----------------------------------------------------------# # Vesta # diff --git a/bin/v-clone-website b/bin/v-clone-website index 0258e39a..0e089465 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -265,10 +265,12 @@ if [ $IT_IS_WP -eq 0 ]; then git clone https://github.com/interconnectit/Search-Replace-DB.git fi else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli + fi + if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi fi @@ -429,17 +431,15 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else - phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") - cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; fi - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli new file mode 100644 index 00000000..e69de29b diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 3f21d172..ba4d38c2 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -71,12 +71,12 @@ if [ -z "$email" ]; then fi if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; + echo "= Error: Folder /home/$user doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; + echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist"; exit 1; fi @@ -138,24 +138,35 @@ fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" -if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR -sudo -H -u$user wp core download -sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +/usr/local/vesta/bin/v-run-wp-cli $domain core download +if [ ! -f "$WORKINGDIR/index.php" ]; then + echo "= WordPress installation failed: WordPress core download failed." + exit 1; +fi + +/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +if [ ! -f "$WORKINGDIR/wp-config.php" ]; then + echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found." + exit 1; +fi password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12) wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n -sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR +/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" diff --git a/bin/v-get-wp-cli b/bin/v-install-wp-cli similarity index 60% rename from bin/v-get-wp-cli rename to bin/v-install-wp-cli index c097a024..e9be765d 100644 --- a/bin/v-get-wp-cli +++ b/bin/v-install-wp-cli @@ -24,10 +24,16 @@ if [ ! -f "/usr/local/bin/composer" ]; then fi if [ -d "/usr/local/bin/wp-cli" ]; then - echo "= Removing old WP CLI..." + echo "= Removing old myVesta WP CLI..." rm -rf /usr/local/bin/wp-cli fi +echo "= Installing classic WP CLI..." +wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp +chmod +x /usr/local/bin/wp + +echo "= Installing myVesta WP CLI..." + cd /usr/local/bin git clone https://github.com/wp-cli/wp-cli.git @@ -36,9 +42,21 @@ chown -R www-data:www-data wp-cli cd wp-cli/ sudo -H -u www-data composer install +echo "= Installing search-replace-command package..." +sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command + # Fix terminal columns issue for WP CLI +echo "= Fixing terminal columns issue for WP CLI..." /usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' -echo "= WP CLI installed successfully." +echo "" -exit 0; \ No newline at end of file +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] || [ -f "/usr/local/bin/wp" ]; then + echo "= WP CLI installed successfully." + echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index b6f4295b..1df0f0d5 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,6 +40,14 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; +fi + FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' FROM_DATABASE_PASSWORD='' @@ -113,10 +121,12 @@ if [ $IT_IS_WP -eq 0 ]; then git clone https://github.com/interconnectit/Search-Replace-DB.git fi else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli + fi + if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi fi @@ -172,9 +182,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; fi echo "===== DONE ====" diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index ef4f6e10..c0c37d25 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -45,28 +45,37 @@ is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'web' 'DOMAIN' "$domain" if [ ! -d "/home/$user" ]; then - # echo "User doesn't exist"; + echo "= User doesn't exist"; exit 1; fi -if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - echo 'Please install WordPress first.' +if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo '= Please install WordPress first.' exit 1; fi -if ! command -v wp &> /dev/null; then - echo "WP CLI is not installed. Installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp - echo "WP CLI installed successfully." +wpcli="" + +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli fi -wpcli="/usr/local/bin/wp" +if [ -f "/usr/local/bin/wp" ]; then + wpcli="/usr/local/bin/wp" + WP_CLI_PACKAGES_DIR="" +fi -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ -z "$USE_WP_CLI_BUNDLED" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS + WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages" +fi + +if [ -z "$wpcli" ]; then + echo "= WP CLI is not installed. Please install it manually." + exit 1; fi mkdir -p /home/$user/.wp-cli @@ -83,7 +92,20 @@ fi #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log + +if [ -z "$OPEN_BASEDIR" ]; then + OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp" +fi + +if [ -z "$DISABLE_FUNCTIONS" ]; then + DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" +fi + +if [ -z "$SHOW_ERRORS" ]; then + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +else + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command +fi return_code=$? From 35653eec54bb105cc383a5cbd255fc1ad0791d32 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 26 Jul 2025 22:00:22 +0200 Subject: [PATCH 288/316] Add WordFence CLI installation script --- bin/v-desinfect-wordpress | 5 +++++ bin/v-install-wordfence-cli | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index fcdc2f66..51ee217e 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -27,6 +27,11 @@ if [ -z "$user" ]; then exit 1 fi +if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then + echo "= WordFence CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wordfence-cli +fi + # absolute paths to maintenance scripts, in desired order declare -a tasks=( "/usr/local/vesta/bin/v-change-database-password-for-wordpress" diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli index e69de29b..fc6ca0b5 100644 --- a/bin/v-install-wordfence-cli +++ b/bin/v-install-wordfence-cli @@ -0,0 +1,37 @@ +#!/bin/bash +# info: Script for installing WordFence CLI +# options: NONE + +if ! command -v git &> /dev/null; then + echo "= Git is not installed. Installing..." + apt-get update > /dev/null 2>&1 + apt-get install -y git +fi + +cd /root + +if [ ! -d "myvesta-wordfence-cli" ]; then + git clone https://github.com/isscbta/myvesta-wordfence-cli.git + cd ~/myvesta-wordfence-cli/ +else + cd ~/myvesta-wordfence-cli/ + git pull +fi + +echo "" +echo "----------------------------------------------------------------" +echo "" +echo "Which Docker container do you want to install for WordFence CLI?" +echo "1. WordFence CLI official Docker container" +echo "2. WordFence CLI Docker container maintained by myVesta" +read -r -p "Enter your choice: " choice < /dev/tty + +if [ "$choice" == "1" ]; then + bash wf-cli-install.sh +fi + +if [ "$choice" == "2" ]; then + bash wf-cli-install-our-image.sh +fi + +exit 0; From 95ed753b0b1bb3bf8bd7aad2631bc55093f22092 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 27 Jul 2025 18:07:14 +0200 Subject: [PATCH 289/316] Separating v-install-wp-cli-myvesta. Update v-run-wp-cli to display error log if PHP Fatal Error occured. Updating v-run-wp-cli to use standard wp-cli, making v-run-wp-cli-myvesta for myvesta version of wp-cli. --- bin/v-install-wp-cli | 39 ++---------------------- bin/v-install-wp-cli-myvesta | 58 ++++++++++++++++++++++++++++++++++++ bin/v-run-wp-cli | 18 +++++++---- bin/v-run-wp-cli-myvesta | 8 +++++ 4 files changed, 81 insertions(+), 42 deletions(-) create mode 100644 bin/v-install-wp-cli-myvesta create mode 100644 bin/v-run-wp-cli-myvesta diff --git a/bin/v-install-wp-cli b/bin/v-install-wp-cli index e9be765d..17df71e8 100644 --- a/bin/v-install-wp-cli +++ b/bin/v-install-wp-cli @@ -12,46 +12,11 @@ if [ "$whoami" != "root" ]; then exit 1 fi -# Importing system environment -source /etc/profile - -if [ ! -f "/usr/local/bin/composer" ]; then - echo "= Composer is not installed. Installing..." - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" - php composer-setup.php --install-dir=/usr/local/bin --filename=composer - php -r "unlink('composer-setup.php');" - echo "= Composer installed successfully." -fi - -if [ -d "/usr/local/bin/wp-cli" ]; then - echo "= Removing old myVesta WP CLI..." - rm -rf /usr/local/bin/wp-cli -fi - -echo "= Installing classic WP CLI..." +echo "= Installing WP CLI by downloading phar file..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp chmod +x /usr/local/bin/wp -echo "= Installing myVesta WP CLI..." - -cd /usr/local/bin -git clone https://github.com/wp-cli/wp-cli.git - -chown -R www-data:www-data wp-cli - -cd wp-cli/ -sudo -H -u www-data composer install - -echo "= Installing search-replace-command package..." -sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command - -# Fix terminal columns issue for WP CLI -echo "= Fixing terminal columns issue for WP CLI..." -/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' - -echo "" - -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] || [ -f "/usr/local/bin/wp" ]; then +if [ -f "/usr/local/bin/wp" ]; then echo "= WP CLI installed successfully." echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" exit 0; diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta new file mode 100644 index 00000000..f619626f --- /dev/null +++ b/bin/v-install-wp-cli-myvesta @@ -0,0 +1,58 @@ +#!/bin/bash +# info: Download myVesta WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old myVesta WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +echo "= Installing myVesta WP CLI..." + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +cd wp-cli/ +sudo -H -u www-data composer install + +echo "= Installing search-replace-command package..." +sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command + +# Fix terminal columns issue for WP CLI +echo "= Fixing terminal columns issue for WP CLI..." +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI installed successfully." + echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= myVesta WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index c0c37d25..999e30a8 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -61,12 +61,19 @@ if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php /usr/local/vesta/bin/v-install-wp-cli fi +output='terminal' +if [ -t 1 ]; then + output='terminal' +else + output='file' +fi + if [ -f "/usr/local/bin/wp" ]; then wpcli="/usr/local/bin/wp" WP_CLI_PACKAGES_DIR="" fi -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ -z "$USE_WP_CLI_BUNDLED" ]; then +if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS @@ -113,10 +120,11 @@ if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then rm /usr/local/bin/wp-cli/COLUMNS fi -# echo "WP CLI: Done." -# echo "To see Warning/Error log: " -# echo "cat /home/$user/web/$domain/wp-cli-error.log" - +if [ -z "$SHOW_ERRORS" ]; then + if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then + cat /home/$user/web/$domain/wp-cli-error.log + fi +fi #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta new file mode 100644 index 00000000..e250a8ee --- /dev/null +++ b/bin/v-run-wp-cli-myvesta @@ -0,0 +1,8 @@ +#!/bin/bash + +if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta +fi + +USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" From ef8d033b60e0dd6e1a1a9fa2bad9eaf7d7dd0e0f Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 30 Jul 2025 16:18:20 +0200 Subject: [PATCH 290/316] Enhance v-run-wp-cli and v-run-wp-cli-myvesta to check for file age and update if older than 30 days --- bin/v-run-wp-cli | 18 ++++++++++++++++-- bin/v-run-wp-cli-myvesta | 13 +++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 999e30a8..e4a3d4a7 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -61,7 +61,21 @@ if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php /usr/local/vesta/bin/v-install-wp-cli fi -output='terminal' +if [ -z "$USE_WP_CLI_MYVESTA" ]; then + if [ -f "/usr/local/bin/wp" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)." + echo "= Updating WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli + fi + fi +fi + if [ -t 1 ]; then output='terminal' else @@ -73,7 +87,7 @@ if [ -f "/usr/local/bin/wp" ]; then WP_CLI_PACKAGES_DIR="" fi -if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then +if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta index e250a8ee..5947edfa 100644 --- a/bin/v-run-wp-cli-myvesta +++ b/bin/v-run-wp-cli-myvesta @@ -5,4 +5,17 @@ if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then /usr/local/vesta/bin/v-install-wp-cli-myvesta fi +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)." + echo "= Updating myVesta WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta + fi +fi + USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" From 48944af1826e8bb2dd1540094b6bf561003f207f Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 30 Jul 2025 18:14:25 +0200 Subject: [PATCH 291/316] Update v-install-wp-cli-myvesta to set PHP version dynamically based on the oldest installed version and revert to the current version after installation --- bin/v-install-wp-cli-myvesta | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta index f619626f..b65479f6 100644 --- a/bin/v-install-wp-cli-myvesta +++ b/bin/v-install-wp-cli-myvesta @@ -35,12 +35,33 @@ git clone https://github.com/wp-cli/wp-cli.git chown -R www-data:www-data wp-cli +ver_ge() { + # usage: ver_ge 7.2 5.6 --> returns true if $1 is greater than or equal to $2 + [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ] +} + +current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+') + +php_versions=$(/usr/local/vesta/bin/v-list-php) +for php_version in $php_versions; do + if ver_ge "$php_version" "7.2"; then + oldest_allowed_php_version=$php_version + break + fi +done + +echo "= Setting PHP version to $oldest_allowed_php_version" +update-alternatives --set php /usr/bin/php$oldest_allowed_php_version + cd wp-cli/ sudo -H -u www-data composer install echo "= Installing search-replace-command package..." sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command +echo "= Setting PHP version to $current_php_version" +update-alternatives --set php /usr/bin/php$current_php_version + # Fix terminal columns issue for WP CLI echo "= Fixing terminal columns issue for WP CLI..." /usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' From 46a6ebafb0ad8a4a09008a21859b6dd2b0d3f9eb Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 19:42:16 +0200 Subject: [PATCH 292/316] Enhance v-commander to check for kernel updates and reboot requirements --- bin/v-commander | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index f04b3a17..72607c95 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -201,11 +201,9 @@ do apt_upgraded=1 kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log) - if [ $kernelupdate -gt 0 ]; then + if [ $kernelupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then touch /root/kernelupdate - echo "== kernel is updated" - else - echo "== kernel is not updated" + echo "== kernel is updated, reboot is required!" fi fi From cc09de9b6ec7e6104e5451ca2274822f3eaa8651 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 19:46:28 +0200 Subject: [PATCH 293/316] v-fix-website-permissions: checks for php_chmod conf files --- bin/v-fix-website-permissions | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 13c6775d..5c1eaca3 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -77,6 +77,15 @@ find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" +if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) +fi +if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) +fi +if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) +fi if [ -f "/home/$USER/web/$domain/php_chmod" ]; then php_chmod=$(cat /home/$USER/web/$domain/php_chmod) fi From c1f2a02fb8a05f9147e8bbc4d6dffaed6bb0e97e Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 20:08:17 +0200 Subject: [PATCH 294/316] Implement cron job for fixing website permissions --- install/vst-install-debian.sh | 4 +++- src/deb/vesta/postinst | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index f6de9e70..9517e4ef 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1894,7 +1894,9 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -service cron restart +command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +$VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" +systemctl restart cron.service echo "== Building inititall rrd images" $VESTA/bin/v-update-sys-rrd diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 68252789..d8a22ee1 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -21,10 +21,20 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then mkdir -p /usr/local/vesta/data/upgrades fi +VESTA="/usr/local/vesta" + # show changelog after update echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Fixing permissions for all websites +if ! grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Fixing permissions for all websites" + command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" + $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" + systemctl restart cron.service +fi + if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then echo "== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf From 97548e55fb76e9fd10913a0caedb08f535c9cb43 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 3 Aug 2025 15:00:29 +0200 Subject: [PATCH 295/316] Removing temporary Docker container network interfaces from RRD --- bin/v-update-sys-rrd-net | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bin/v-update-sys-rrd-net b/bin/v-update-sys-rrd-net index e9c642e4..d59eefd9 100755 --- a/bin/v-update-sys-rrd-net +++ b/bin/v-update-sys-rrd-net @@ -35,13 +35,15 @@ if [ ! -d "$RRD/net" ]; then mkdir $RRD/net fi +find $RRD/net -name "veth*" -delete + # Parsing network interfaces ndev=$(cat /proc/net/dev) ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g") # Parsing excludes if [ -z "$RRD_IFACE_EXCLUDE" ]; then - RRD_IFACE_EXCLUDE='lo' + RRD_IFACE_EXCLUDE='lo,' fi for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do ifaces=$(echo "$ifaces" |grep -vw "$exclude" ) @@ -62,6 +64,8 @@ for iface in $ifaces; do RRA:MAX:0.5:6:700 \ RRA:MAX:0.5:24:775 \ RRA:MAX:0.5:288:797 + else + touch $RRD/net/$iface.rrd fi # Parsing device stats @@ -112,6 +116,8 @@ for iface in $ifaces; do done +find $RRD/net -name "*.png" -mtime +1 -delete +find $RRD/net -name "*.rrd" -mtime +1 -delete #----------------------------------------------------------# # Vesta # From d18967e627f654fc980457ead8bd35d5466bd9e6 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 11:07:07 +0200 Subject: [PATCH 296/316] Refactor v-run-wp-cli to simplify WP CLI installation check by removing redundant file check for boot-fs.php --- bin/v-run-wp-cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index e4a3d4a7..b1e4e6aa 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -56,7 +56,7 @@ fi wpcli="" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then +if [ ! -f "/usr/local/bin/wp" ]; then echo "= WP CLI is not installed. Installing..." /usr/local/vesta/bin/v-install-wp-cli fi From 8680995e66e820258bfaede558a5e144120856a8 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 15:19:22 +0200 Subject: [PATCH 297/316] Avoid 600 permissions for Apache-less variant --- bin/v-fix-user-permissions | 8 ++++---- bin/v-fix-website-permissions | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index 991ada62..47690477 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -49,10 +49,10 @@ find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; -find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + -find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + -find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; -find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} + +for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" +done echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 5c1eaca3..186075a1 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -28,6 +28,7 @@ USER=$user # Includes source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" @@ -77,6 +78,11 @@ find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" + +if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" +fi + if [ -f "/home/php_chmod" ]; then php_chmod=$(cat /home/php_chmod) fi From 4dc1e73612d07e80aad72c533d7fd10ed253834e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 16:42:07 +0200 Subject: [PATCH 298/316] Remove redundant WP CLI installation checks from multiple scripts --- bin/v-add-wordpress-admin | 8 -------- bin/v-clone-website | 8 -------- bin/v-install-wordpress | 8 -------- bin/v-migrate-site-to-https | 15 --------------- 4 files changed, 39 deletions(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 20585485..60778fb2 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -63,14 +63,6 @@ if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then exit 1; fi -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi - #----------------------------------------------------------# # Action # #----------------------------------------------------------# diff --git a/bin/v-clone-website b/bin/v-clone-website index 0e089465..9bebbffd 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -264,14 +264,6 @@ if [ $IT_IS_WP -eq 0 ]; then cd /root git clone https://github.com/interconnectit/Search-Replace-DB.git fi -else - if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli - fi - if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; - fi fi CREATE_TO_DATABASE=0 diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index ba4d38c2..f23afa74 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -138,14 +138,6 @@ fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi - WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 1df0f0d5..c15a521e 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,13 +40,6 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' @@ -120,14 +113,6 @@ if [ $IT_IS_WP -eq 0 ]; then cd /root git clone https://github.com/interconnectit/Search-Replace-DB.git fi -else - if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli - fi - if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; - fi fi From a183cabdc7ece59d29c37f0c3064779adb52c140 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 16:50:52 +0200 Subject: [PATCH 299/316] v-install-wordpress: avoid changing nginx proxy template in apache-less variant --- bin/v-install-wordpress | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index f23afa74..25e38f3e 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -119,20 +119,22 @@ fi TPL_CHANGED=0; -if [ "$PROTOCOL" = "https" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" +if [ "$WEB_SYSTEM" != 'nginx' ]; then + if [ "$PROTOCOL" = "https" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" - fi -fi -if [ "$PROTOCOL" = "http" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + if [ "$PROTOCOL" = "http" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi fi From 5008c2c778595f0a73d3e78bc55d7a62d37fe371 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 7 Aug 2025 18:29:11 +0200 Subject: [PATCH 300/316] Refactor v-fix-website-permissions to introduce conditional checks for PHP and symlink ownership adjustments, allowing for more flexible permission management based on configuration files. --- bin/v-fix-website-permissions | 108 +++++++++++++++++++++++++--------- 1 file changed, 79 insertions(+), 29 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 186075a1..fca37e15 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -68,40 +68,90 @@ if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then fi fi +echo "Updating permissions for /home/$USER/web/$domain/" -echo "Updating permissions for /home/$USER/web/$domain/public_html/" -# Fixing permissions -find public_html/ -type d ! -perm 755 -exec chmod 755 {} + -find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + -# Fixing ownership -find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + -find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + - -php_chmod="600" - -if [ "$WEB_SYSTEM" = 'nginx' ]; then - php_chmod="644" +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 fi -if [ -f "/home/php_chmod" ]; then - php_chmod=$(cat /home/php_chmod) -fi -if [ -f "/home/$USER/php_chmod" ]; then - php_chmod=$(cat /home/$USER/php_chmod) -fi -if [ -f "/home/$USER/web/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/php_chmod) -fi -if [ -f "/home/$USER/web/$domain/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/$domain/php_chmod) +# === General files and directories permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + # New way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +else + # Old way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} + fi -# Setting chmod 600 for all .php and .env files -echo "= Setting chmod $php_chmod for all .php and .env files" -# Fixing permissions -find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + -# Fixing ownership -find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +# === Symlinks ownership === +symlink_chown_allowed=1 +if [ -f "/home/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi + +if [ "$symlink_chown_allowed" -eq 1 ]; then + find -type l ! -user $USER -exec chown -h $USER:$USER {} + +fi #----------------------------------------------------------# # Vesta # From efe0045c5f7a7fa12ded564a4e7ee49df38cf152 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 7 Aug 2025 19:03:30 +0200 Subject: [PATCH 301/316] Introduction of v-fix-website-permissions-only-php script --- bin/v-fix-website-permissions | 6 +- ...site-permissions-for-all-websites-only-php | 44 +++++++ bin/v-fix-website-permissions-only-php | 121 ++++++++++++++++++ install/vst-install-debian.sh | 2 +- src/deb/vesta/postinst | 19 ++- 5 files changed, 184 insertions(+), 8 deletions(-) create mode 100644 bin/v-fix-website-permissions-for-all-websites-only-php create mode 100644 bin/v-fix-website-permissions-only-php diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index fca37e15..50b143c8 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -1,6 +1,6 @@ #!/bin/bash -# info: Fixing chown and chmod permissions in the public_html directory -# options: DOMAIN +# info: Fixing chown and chmod permissions for a website +# options: DOMAIN [USER] #----------------------------------------------------------# # Variable&Function # @@ -68,7 +68,7 @@ if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then fi fi -echo "Updating permissions for /home/$USER/web/$domain/" +echo "Updating permissions and ownership for /home/$USER/web/$domain/" php_chmod_allowed=1 if [ -f "/home/php_chmod_disabled" ]; then diff --git a/bin/v-fix-website-permissions-for-all-websites-only-php b/bin/v-fix-website-permissions-for-all-websites-only-php new file mode 100644 index 00000000..a89d2416 --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites-only-php @@ -0,0 +1,44 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log +truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1 + echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-website-permissions-only-php b/bin/v-fix-website-permissions-only-php new file mode 100644 index 00000000..cf548e6b --- /dev/null +++ b/bin/v-fix-website-permissions-only-php @@ -0,0 +1,121 @@ +#!/bin/bash +# info: Fixing PHP and .env permissions and ownership for a website +# options: DOMAIN [USER] + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "Error: Folder /home/$user doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Going to domain directory +cd /home/$USER/web/$domain + +# Ownership check +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + +echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/" + +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "PHP and .env permissions and ownership for $domain have been successfully updated." + +exit 0 diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 9517e4ef..1c8f2e1b 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1894,7 +1894,7 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" systemctl restart cron.service diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d8a22ee1..f5f79877 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -27,10 +27,21 @@ VESTA="/usr/local/vesta" echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog -# Fixing permissions for all websites -if ! grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Fixing permissions for all websites" - command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin + systemctl restart cron.service + fi +fi + +# Fixing PHP and .env permissions and ownership for all websites +if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Fixing PHP and .env permissions and ownership for all websites" + command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" systemctl restart cron.service fi From 4fff4b498553e2545c674427296d271a0d16ee5f Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Sun, 10 Aug 2025 11:48:54 +0000 Subject: [PATCH 302/316] Fix PHP 5.6 array index and implode compatibility issues Co-authored-by: peca --- web/add/dns/index.php | 12 ++++++++++-- web/add/mail/index.php | 9 +++++++-- web/add/web/index.php | 6 +++++- web/upload/UploadHandler.php | 9 +++++++-- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/web/add/dns/index.php b/web/add/dns/index.php index 7c18faab..06ca9547 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,7 +80,11 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + } unset($v_domain); } } @@ -128,7 +132,11 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); + } unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index c761139c..5fe9b6ff 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,8 +186,13 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + } else { + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + } unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/web/index.php b/web/add/web/index.php index d77b8f40..f8953f19 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,7 +323,11 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + } $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 48f40b23..581f9741 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1095,8 +1095,13 @@ class UploadHandler } } if (count($failed_versions)) { - $file->error = $this->get_error_message('image_resize') - .' ('.implode($failed_versions,', ').')'; + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $file->error = $this->get_error_message('image_resize') + .' ('.implode($failed_versions,', ').')'; + } else { + $file->error = $this->get_error_message('image_resize') + .' ('.implode(', ', $failed_versions).')'; + } } // Free memory: $this->destroy_image_object($file_path); From be756306b084aa808dcd4328303a316f0a4a3a10 Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Sun, 10 Aug 2025 12:13:20 +0000 Subject: [PATCH 303/316] Remove PHP version-specific code for array access and string formatting Co-authored-by: peca --- web/add/dns/index.php | 12 ++---------- web/add/mail/index.php | 9 ++------- web/add/web/index.php | 6 +----- web/upload/UploadHandler.php | 9 ++------- 4 files changed, 7 insertions(+), 29 deletions(-) diff --git a/web/add/dns/index.php b/web/add/dns/index.php index 06ca9547..b9e47abe 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,11 +80,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); unset($v_domain); } } @@ -132,11 +128,7 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index 5fe9b6ff..6a8b6e9f 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,13 +186,8 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; - } else { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; - } + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/web/index.php b/web/add/web/index.php index f8953f19..e11cff23 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,11 +323,7 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 581f9741..ce8863bb 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1095,13 +1095,8 @@ class UploadHandler } } if (count($failed_versions)) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $file->error = $this->get_error_message('image_resize') - .' ('.implode($failed_versions,', ').')'; - } else { - $file->error = $this->get_error_message('image_resize') - .' ('.implode(', ', $failed_versions).')'; - } + $file->error = $this->get_error_message('image_resize') + .' ('.implode(', ', $failed_versions).')'; } // Free memory: $this->destroy_image_object($file_path); From 457e5c862ee820cf03558f6ea6b34290d16ca9ac Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 12 Aug 2025 13:58:17 +0200 Subject: [PATCH 304/316] Add cron job for disk usage snapshot --- bin/v-df-snapshot-diff | 102 +++++++++++++++++++++++++++++++++ bin/v-df-snapshot-logs-cleaner | 11 ++++ bin/v-df-snapshot-make | 20 +++++++ install/vst-install-debian.sh | 4 ++ src/deb/vesta/postinst | 14 +++++ 5 files changed, 151 insertions(+) create mode 100644 bin/v-df-snapshot-diff create mode 100644 bin/v-df-snapshot-logs-cleaner create mode 100644 bin/v-df-snapshot-make diff --git a/bin/v-df-snapshot-diff b/bin/v-df-snapshot-diff new file mode 100644 index 00000000..ee427bd2 --- /dev/null +++ b/bin/v-df-snapshot-diff @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Make a diff between two snapshots of the disk usage +# options: FILE1 FILE2 + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Let's declare three associative arrays +declare -A FILE1 +declare -A FILE2 +declare -A FILED + +file1=$1 +file2=$2 + +if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file1="/usr/local/vesta/data/df/$file1" +fi + +if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file2="/usr/local/vesta/data/df/$file2" +fi + +if [ ! -f "$file1" ]; then + echo "File $file1 not found" + exit 1 +fi + +if [ ! -f "$file2" ]; then + echo "File $file2 not found" + exit 1 +fi + +timestamp=$(date +%Y-%m-%d-%H-%M-%S) +mkdir -p /usr/local/vesta/data/df-diff +file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt" +file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt" +file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt" +touch $file0 + +# Let's load the first file and fill the array FILE1 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE1["$DIRECTORY"]="$SIZE" +done < "$file1" + +# Let's load the second file and fill the array FILE2 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE2["$DIRECTORY"]="$SIZE" +done < "$file2" + +# We iterate through FILE1 and look for the matching key in FILE2 +for k in "${!FILE1[@]}"; do + if [[ -v FILE2["$k"] ]]; then + # If there is the same folder (KEY) in FILE2 + DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} )) + FILED["$k"]=$DIFF + echo -e "${DIFF}\t${k}" >> $file0 + else + # If the folder (KEY) is not found in FILE2 + FILED["$k"]=${FILE1["$k"]} + echo -e "${FILE1["$k"]}\t${k}" >> $file0 + fi +done + +# sorted by size +sort -nr -k1,1 $file0 > $file0s + +# sorted by folders +while IFS=$'\t' read SIZE DIRECTORY; do + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f +done < "$file2" + +chmod 600 $file0 $file0s $file0f +chown root:root $file0 $file0s $file0f + +echo "Done." +echo "You can do:" +echo "mcview $file0" +echo "mcview $file0s" +echo "mcview $file0f" +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):" +head -n 30 $file0s +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by folders (in MB):" +head -n 30 $file0f +echo "--------------------------------" + +exit 0 diff --git a/bin/v-df-snapshot-logs-cleaner b/bin/v-df-snapshot-logs-cleaner new file mode 100644 index 00000000..63275034 --- /dev/null +++ b/bin/v-df-snapshot-logs-cleaner @@ -0,0 +1,11 @@ +#!/bin/bash +# info: Clean up old snapshots of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" +mkdir -p $folder +find $folder -type f -mtime +30 -delete + +folder="/usr/local/vesta/data/df-diff" +mkdir -p $folder +find $folder -type f -mtime +30 -delete diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make new file mode 100644 index 00000000..51c41e9d --- /dev/null +++ b/bin/v-df-snapshot-make @@ -0,0 +1,20 @@ +#!/bin/bash +# info: Make a snapshot of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" + +mkdir -p $folder +timestamp=$(date +%Y-%m-%d-%H-%M-%S) +du --max-depth=1 -c -m -x / > $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=2 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=3 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=6 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /var/log >> $folder/snapshot-$timestamp.txt + +chmod 600 $folder/snapshot-$timestamp.txt +chown root:root $folder/snapshot-$timestamp.txt + +exit 0 diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 1c8f2e1b..e8208113 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1896,6 +1896,10 @@ command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-make" +$VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" +$VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" systemctl restart cron.service echo "== Building inititall rrd images" diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index f5f79877..ac034e82 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -38,6 +38,20 @@ if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/user fi fi +# Adding cron job for disk usage snapshot +if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot" + command="sudo $VESTA/bin/v-df-snapshot-make" + $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" + systemctl restart cron.service +fi +if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot logs cleaner" + command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" + $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" + systemctl restart cron.service +fi + # Fixing PHP and .env permissions and ownership for all websites if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then echo "== Fixing PHP and .env permissions and ownership for all websites" From ace0e0e2bfdca963d6670bdc80783018a632a5d4 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 14 Aug 2025 19:36:57 +0200 Subject: [PATCH 305/316] SSL fix for Apache 2.4.65+ --- install/vst-install-debian.sh | 6 ++++++ src/deb/vesta/postinst | 14 ++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e8208113..419acf59 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1145,6 +1145,12 @@ if [ "$nginx" = 'yes' ]; then echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains + + if [ "$apache" = 'yes' ]; then + # SSL fix for Apache 2.4.65+ + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + fi + #update-rc.d nginx defaults #service nginx start currentservice='nginx' diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index ac034e82..da830507 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -27,6 +27,20 @@ VESTA="/usr/local/vesta" echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# SSL fix for Apache 2.4.65+ +if [ "$release" -ge 11 ]; then + if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then + echo "== Fixing SSL for Apache 2.4.65+" + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting Nginx" + systemctl restart nginx + fi + fi +fi + +# Fixing cron job for fix-website-permissions-for-all-websites if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" From 930bf7ed2b9f7326b93d59b5e9ee6b9a098155b6 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 17:28:32 +0200 Subject: [PATCH 306/316] Version 0.9.9-0-13 --- Changelog.md | 196 +++++++++++++++++++++++++++++---------------- src/deb/latest.txt | 2 +- 2 files changed, 128 insertions(+), 70 deletions(-) diff --git a/Changelog.md b/Changelog.md index 36478469..dae97aa5 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,20 +1,78 @@ -Version 0.9.9-0-12 [28-Feb-2025] +Version 0.9.9-0-13 [2025-08-15] +================================================== +* Improvement: Activating FileManager licence for all users (credits to Official VestaCP) +* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta) +* Improvement: Added support for PHP 8.3 and 8.4 +* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP) +* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) +* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot) +* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request') +* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12 +* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel +* Improvement: v-install-wordpress: Support for IDN format domains +* Security: Adding ProFTPD jail rule to Fail2Ban +* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites +* Security: Introducing a new command: v-fix-php-ini-disable-functions +* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering) +* Improvement: When deleting a domain, also delete the database if the domain has a database +* Bugfix: Removing temporary Docker container network interfaces from RRD +* Introducing v-run-wp-cli-myvesta that knows the correct terminal width +* Introducing a new command: v-cd-www alias for v-change-dir-www +* Introducing a new command: v-clear-fail2ban +* Introducing a new command: v-get-dns-config (to print zone file in bind9 format) +* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute) +* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command +* Security: Enhance package validation, in v-change-user-package switched 'eval' replaced with 'parse_object_kv_list_non_eval' +* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp' +* Improvement: v-install-wordpress: Almost always use https +* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables in the command line +* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions) +* Security: v-commander: removing the ability to set a root password +* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script +* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff) +* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta) +* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta) +* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync' +* Improvement: Calculate the size of directories on /hdd too +* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php +* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant +* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M +* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons +* Bugfix: v-restore-user: permissions fix while restoring backup +* Bugfix: Add some loops due to 403 errors during LE request in some random cases +* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter +* Bugfix: vst-install-debian.sh - removing phppgadmin +* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers) +* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde) +* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */ +* Bugfix: Small PHP syntax fixes in the admin panel +* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic) +* Improvement: Added functions to check if a domain or user is unsuspended in main.sh +* Introducing a new command: v-update-document-errors-files +* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night +* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old +* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl +* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant +* Added to .gitignore excludes for 'data', 'conf', and 'log' folders +* And many other minor bugfixes and improvements... + +Version 0.9.9-0-12 [2025-02-28] ================================================== * SpamHaus DNSBL removed from exim4 * A lot of small bugs fixed -Version 0.9.9-0-11 [30-May-2024] +Version 0.9.9-0-11 [2024-05-30] ================================================== * Introducing v-run-wp-cli command ( @isscbta ) * Introducing v-add-wordpress-admin command ( @isscbta ) * Few bugs fixed -Version 0.9.9-0-10 [11-Apr-2024] +Version 0.9.9-0-10 [2024-04-11] ================================================== * Introducing v-edit-php-ini command ( @isscbta ) * Introducing v-edit-domain-php-ini command ( @isscbta ) -Version 0.9.9-0-9 [05-Apr-2024] +Version 0.9.9-0-9 [2024-04-05] ================================================== * Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) * Few bugs fixed @@ -23,31 +81,31 @@ Version 0.9.9-0-5 to 0.9.9-0-8 ================================================== * Few bugs fixed -Version 0.9.9-0-4 [27-Jun-2023] +Version 0.9.9-0-4 [2023-06-27] ================================================== * Support for Debian 12 ( in mutual cooperation with @HestiaCP ) -Version 0.9.9-0-2 [12-Jun-2023] +Version 0.9.9-0-2 [2023-06-12] ================================================== * Hosting panel UI perfomance fix -Version 0.9.9-0 [05-Jun-2023] +Version 0.9.9-0 [2023-06-05] ================================================== * Redesign of hosting panel * Fix for WP_CACHE_KEY_SALTs in v-clone-website command * Fix for "Helo name contains a ip address" in Exim4 * Fix for Exim4 for punycode domains (in collaboration with @HestiaCP ) -Version 0.9.8-26-62 [05-Apr-2023] +Version 0.9.8-26-62 [2023-04-05] ================================================== * Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP ) -Version 0.9.8-26-61 [04-Apr-2023] +Version 0.9.8-26-61 [2023-04-04] ================================================== * Many bugfixes * Hotfix for LetsEncrypt to prevent Apache falling -Version 0.9.8-26-60 [12-Feb-2023] +Version 0.9.8-26-60 [2023-02-12] ================================================== * New script: v-commander (useful for maintaining the server) * New script: v-activate-rocket-nginx (serve WP-Rocket cache directly from nginx) @@ -55,7 +113,7 @@ Version 0.9.8-26-60 [12-Feb-2023] * v-clone-website: By default cloning to database: user_domain_com (instead of cloning to database: user_old_db_migrated) * Many minor bugfixes -Version 0.9.8-26-59 [01-Feb-2023] +Version 0.9.8-26-59 [2023-02-01] ================================================== * Support for PHP 8.2 * New script: v-move-folder-and-make-symlink @@ -63,82 +121,82 @@ Version 0.9.8-26-59 [01-Feb-2023] * v-install-wordpress: Installing WordPress to user_domain_com database instead of installing to user_wp database * Many minor bugfixes -Version 0.9.8-26-58 [12-Jul-2022] +Version 0.9.8-26-58 [2022-07-12] ================================================== * [Security] hash_equals() in /reset/mail/ (credits to @divinity76 ) * Avoid out-of-memory while downloading large log files from panel (credits to @divinity76 ) * Fix for an boring PHP Notice in vesta-php -Version 0.9.8-26-57 [06-Jul-2022] +Version 0.9.8-26-57 [2022-07-06] ================================================== * Fix for GMail SMTP timeouts on Debian11 * [Security] Fix for Local Sed Injection Vulnerability ( credits to @cleemy-desu-wayo ) -Version 0.9.8-26-56 [28-May-2022] +Version 0.9.8-26-56 [2022-05-28] ================================================== * Adding Barracuda RBL to SpamAssassin * Fixing insane HTML form bug in List backup items page * Script for easy adding second IP address for SMTP authenticated users only (v-make-separated-ip-for-email) -Version 0.9.8-26-55 [26-Apr-2022] +Version 0.9.8-26-55 [2022-04-26] ================================================== * Support for MySQL 8 * [Security] Preventing brute-force resetting password (thanks to HestiaCP @hestiacp for fix) * Many minor bugfixes -Version 0.9.8-26-54 [17-Dec-2021] +Version 0.9.8-26-54 [2021-12-17] ================================================== * Checking if FreshClam is started after installation -Version 0.9.8-26-53 [12-Dec-2021] +Version 0.9.8-26-53 [2021-12-12] ================================================== * Support for PHP 8.1 * Function to ensure that pool.d folders are not empty -Version 0.9.8-26-52 [23-Nov-2021] +Version 0.9.8-26-52 [2021-11-23] ================================================== * Fix for not to match wildcard "*domains" and "databases*" while restoring * Added memcached to v-list-sys-services -Version 0.9.8-26-51 [14-Nov-2021] +Version 0.9.8-26-51 [2021-11-14] ================================================== * Many fixes for "List services" page (v-list-sys-services function) -Version 0.9.8-26-50 [07-Nov-2021] +Version 0.9.8-26-50 [2021-11-07] ================================================== * Many small bugfixes and CSRF fixes -Version 0.9.8-26-49 [17-Jul-2021] +Version 0.9.8-26-49 [2021-07-17] ================================================== * Support for Debian 11 -Version 0.9.8-26-48 [11-Jul-2021] +Version 0.9.8-26-48 [2021-07-11] ================================================== * Fixed two bugs in LetsEncrypt generating process -Version 0.9.8-26-47 [30-May-2021] +Version 0.9.8-26-47 [2021-05-30] ================================================== * Enabling TLS for ProFTPD FTPS * More logical "Restore backup" template -Version 0.9.8-26-46 [17-Apr-2021] +Version 0.9.8-26-46 [2021-04-17] ================================================== * [Feature] Updating CloudFlare IP addresses -Version 0.9.8-26-45 [13-Apr-2021] +Version 0.9.8-26-45 [2021-04-13] ================================================== * [Feature] Logging whole LetsEncrypt process to /usr/local/vesta/log/letsencrypt.log and /usr/local/vesta/log/letsencrypt_cron.log * [Feature] Warn admin once (by sending email) if LetsEncrypt renewing failed for server hostname * [Bugfix] Correct truncating of CA LetsEncrypt certificate (thanks to HestiaCP @hestiacp for fix) -Version 0.9.8-26-44 [04-Apr-2021] +Version 0.9.8-26-44 [2021-04-04] ================================================== * [Security] Preventing denial-of-service in openssl library in vesta-nginx service (CVE-2021-3449) * [Security] Preventing admin to install non-vesta packages from vesta admin panel user interface (Credits to: Numan Türle @numanturle) * [Bugfix] Preventing multiple execution of v-backup-users * [UserInterface] CSS fix for Apache status table (Credits to: Milos Spasic) -Version 0.9.8-26-43 [15-Mar-2021] +Version 0.9.8-26-43 [2021-03-15] ================================================== * [Security] fix for: CSRF remote code execution in UploadHandler.php - CVE-2021-28379 (Credits to: Fady Osman @fady_othman) * [Security] fix for: Local privilege escalation from user account to admin account via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix) @@ -148,62 +206,62 @@ Version 0.9.8-26-43 [15-Mar-2021] * [Security] fix for: Admin to root escalation in v-activate-vesta-license (Credits to: Numan Türle @numanturle) * [Security] Ensure HTML will not be displayed in list log page (Credits to: Kristan Kenney @kristankenney, thanks to HestiaCP @hestiacp for fix) -Version 0.9.8-26-42 [26-Feb-2021] +Version 0.9.8-26-42 [2021-02-26] ================================================== * [Feature] Support for PHP 8.0, see: https://forum.myvestacp.com/viewtopic.php?f=18&t=52 * [Bugfix] Making sure Apache is in mpm_event mode -Version 0.9.8-26-41 [11-Feb-2021] +Version 0.9.8-26-41 [2021-02-11] ================================================== * Few bugfixes -Version 0.9.8-26-40 [08-Feb-2021] +Version 0.9.8-26-40 [2021-02-08] ================================================== * Few bugfixes -Version 0.9.8-26-39 [12-Dec-2020] +Version 0.9.8-26-39 [2020-12-12] ================================================== * [Security] Fixing useless issue with tokens in "download backup" and "loginas" functions (thanks to HestiaCP for fixes) * [Security] Fixing XSS in /list/rrd/?period= value -Version 0.9.8-26-38 [05-Dec-2020] +Version 0.9.8-26-38 [2020-12-05] ================================================== * [Security] Fixing Apache status public access (thanks to HestiaCP for letting us know) -Version 0.9.8-26-37 [26-Oct-2020] +Version 0.9.8-26-37 [2020-10-26] ================================================== * [Bugfix] Fixing LetsEncrypt deprecated GET method for ACME v2 (thanks to @moucho) * [Bugfix] Fixing Roundcube to send via authenticated SMTP user instead via php -Version 0.9.8-26-36 [10-Sep-2020] +Version 0.9.8-26-36 [2020-09-10] ================================================== * [Bugfix] Checking necessary available disk space before doing backup * [Security] Disabling login with 'root' -Version 0.9.8-26-35 [23-Aug-2020] +Version 0.9.8-26-35 [2020-08-23] ================================================== * [Feature] Limiting max recipients per email to 15, in order to prevent mass spamming * [Bugfix] While restoring backup, only exclude logs folder from root, not in public_html -Version 0.9.8-26-34 [19-Aug-2020] +Version 0.9.8-26-34 [2020-08-19] ================================================== * [Bugfix] Split long DNS TXT entries into 255 chunks -Version 0.9.8-26-33 [16-Aug-2020] +Version 0.9.8-26-33 [2020-08-16] ================================================== * [Feature] Ability to set some domain to send emails from another IP (command: v-make-separated-ip-for-email-domain) -Version 0.9.8-26-32 [02-Aug-2020] +Version 0.9.8-26-32 [2020-08-02] ================================================== * [Feature] v-replace-in-file command introduced * [Security] Making sure new myVesta commands can be called only by root -Version 0.9.8-26-31 [30-Jul-2020] +Version 0.9.8-26-31 [2020-07-30] ================================================== * [Feature] v-import-cpanel-backup command moved to vesta-bin folder (becoming standard myVesta command) * Starting to log auto-update output -Version 0.9.8-26-30 [26-Jul-2020] +Version 0.9.8-26-30 [2020-07-26] ================================================== * New ASCII logo in installer * Deleted favicon when user don't know secret-url of hosting panel @@ -211,14 +269,14 @@ Version 0.9.8-26-30 [26-Jul-2020] * [bugfix] Minor fix of URL for templates in v-update-dns-templates * [bugfix] Minor fixes in installer -Version 0.9.8-26-29 [21-Jul-2020] +Version 0.9.8-26-29 [2020-07-21] ================================================== * [Feature] v-clone-website command moved to vesta-bin folder (becoming standard myVesta command) * [Feature] v-migrate-site-to-https command moved to vesta-bin folder (becoming standard myVesta command) * [Bugfix] Fix for ClamAV socket * Changing Vesta to myVesta in title of hosting panel pages -Version 0.9.8-26-28 [15-Jul-2020] +Version 0.9.8-26-28 [2020-07-15] ================================================== * [Feature] v-install-wordpress command introduced * [Feature] v-move-domain-and-database-to-account command introduced @@ -226,37 +284,37 @@ Version 0.9.8-26-28 [15-Jul-2020] * [Bugfix] Fix for LetsEncrypt issuing in apache-less variant (nginx + php-fpm variant) * [Bugfix] Fix for configuring phpMyAdmin DB in apache-less variant (nginx + php-fpm variant) -Version 0.9.8-26-27 [05-Jul-2020] +Version 0.9.8-26-27 [2020-07-05] ================================================== * [Feature] Admins now see changelog when they open myVesta panel after myVesta get updated (changelog will dissapear on next refresh) * [Bugfix] Better control of opened SMTP concurrent connections (preventing denial-of-service of SMTP) on fresh installed servers - https://github.com/myvesta/vesta/commit/c57b15b5daca2a0ea88ee6a89a2ff5a4ef47d2a3 * Second tuning of php-fpm pool.d config files (perfomances and limits) -Version 0.9.8-26-26 [27-Jun-2020] +Version 0.9.8-26-26 [2020-06-27] ================================================== * [Feature] Self-signed SSL will be automaticaly added when you add new domain (CloudFlare is fine with that, you don't need LetsEncrypt anymore if you use CloudFlare as reverse-proxy(CDN+Firewall), just set "Full" in SSL section on CloudFlare) * [Feature] Script for adding self-signed SSL to desired domain [v-install-unsigned-ssl] * From now, on fresh installed server, default backup cron goes at Saturday at 01 AM (instead of everyday at 05 AM) * New favicon for hosting panel -Version 0.9.8-26-25 [23-Jun-2020] +Version 0.9.8-26-25 [2020-06-23] ================================================== * [Security] Fixing unnecessary slash in nginx configs for phpmyadmin and roundcube (Credits to Bernardo Berg @bberg1984 for finding this issue!) * [Security] Adding escapeshellarg on few more places in php code (Credits to Talha Günay and @Lupul for finding these places) -Version 0.9.8-26-24 [22-Jun-2020] +Version 0.9.8-26-24 [2020-06-22] ================================================== * [Bugfix] nginx + php-fpm installer variant now finally works -Version 0.9.8-26-23 [14-Jun-2020] +Version 0.9.8-26-23 [2020-06-14] ================================================== * Adding label that LetsEncrypt can be added when you Edit domain -Version 0.9.8-26-22 [13-Jun-2020] +Version 0.9.8-26-22 [2020-06-13] ================================================== * [Bugfix] Checking (in order to delete) php7.4 pool config file while deleting domain -Version 0.9.8-26-21 [13-Jun-2020] +Version 0.9.8-26-21 [2020-06-13] ================================================== * [Feature] Blocking executable files inside archives in received emails (ClamAV) * [Bugfix] Removing ability to schedule LetsEncrypt issuing while adding new domain (because it can fall in infinite loop whole day) @@ -265,82 +323,82 @@ Version 0.9.8-26-21 [13-Jun-2020] * [Bugfix] Script that removes depricated 'ssl on;' in nginx templates * [Security] Ensure UPDATE_SSL_SCRIPT is not set in some config files -Version 0.9.8-26-20 [01-Jun-2020] +Version 0.9.8-26-20 [2020-06-01] ================================================== * [Bugfix] Script that will ensure that Apache2 will always stay in mpm_event mode * [Bugfix] Ensure config files will not be overwritten while updating vesta-nginx package * [Bugfix] Fixing URL in v-update-web-templates script * [Feature] Additional rates for nginx anti-denial-of-service templates -Version 0.9.8-26-19 [15-May-2020] +Version 0.9.8-26-19 [2020-05-15] ================================================== * [Bugfix] Do not match subdomains while restoring domain [v-restore-user] -Version 0.9.8-26-18 [15-May-2020] +Version 0.9.8-26-18 [2020-05-15] ================================================== * [Bugfix] Fixing NS parameters in v-add-dns-on-web-alias -Version 0.9.8-26-17 [15-May-2020] +Version 0.9.8-26-17 [2020-05-15] ================================================== * [Bugfix] Reverting default clamav socket path * [Bugfix] Put mail_max_userip_connections = 50 in dovecot -Version 0.9.8-26-16 [15-May-2020] +Version 0.9.8-26-16 [2020-05-15] ================================================== * [Bugfix] Allow quick restarting of nginx if acme-challenge should be added many times * [Bugfix] Enabling email notification to fresh installed servers about backup success status * [Bugfix] Timeout 10 sec for apache2 status -Version 0.9.8-26-15 [09-May-2020] +Version 0.9.8-26-15 [2020-05-09] ================================================== * [Feature] nginx templates that can prevent denial-of-service on your server * First tuning php-fpm pool.d config files (perfomances and limits) * New logo -Version 0.9.8-26-14 [08-May-2020] +Version 0.9.8-26-14 [2020-05-08] ================================================== * v-clone-website script switched to parameters * Display new version in console while updating myVesta -Version 0.9.8-26-13 [07-May-2020] +Version 0.9.8-26-13 [2020-05-07] ================================================== * [Feature] Put build date and version in right-bottom corner of control panel -Version 0.9.8-26-12 [07-May-2020] +Version 0.9.8-26-12 [2020-05-07] ================================================== * [Feature] Put build date and version while compiling myVesta * [Feature] Office365 DNS template * [Feature] Yandex DNS template * ProFTPD MaxIstances = 100 for fresh installed servers -Version 0.9.8-26-11 [01-May-2020] +Version 0.9.8-26-11 [2020-05-01] ================================================== * [Feature] Skipping LE renewing after 7 failed attempts * [Bugfix] Keep conf files during auto-update * [Bugfix] Do not restart apache while preparing letsencrypt acme challenge * [Bugfix] Set ALLOW_BACKUP_ANYTIME='yes' for fresh installed servers -Version 0.9.8-26-10 [11-Apr-2020] +Version 0.9.8-26-10 [2020-04-11] ================================================== * [Feature] Creating v-normalize-restored-user script (normalize NS1, NS2 and IP of account that is backuped on other server and restored on this server) * Tweak for hostname FPM conf * [Security] Forbid changing root password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) * [Security] Importing system enviroment in v-change-user-password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) -Version 0.9.8-26-9 [23-Mar-2020] +Version 0.9.8-26-9 [2020-03-23] ================================================== * [Security] Preventing manipulation with $SERVER['HTTP_HOST'] (Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog) -Version 0.9.8-26-8 [23-Mar-2020] +Version 0.9.8-26-8 [2020-03-23] ================================================== * [Security] Temporary fix for parsing backup conf (Credits to @dreiggy - https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/) -Version 0.9.8-26-7 [18-Mar-2020] +Version 0.9.8-26-7 [2020-03-18] ================================================== * [Bugfix] Fix that avoid LetsEncrypt domain validation timeout * [Bugfix] Set timeout in v-list-sys-web-status script -Version 0.9.8-26-6 [21-Feb-2020] +Version 0.9.8-26-6 [2020-02-21] ================================================== * [Bugfix] mail-wrapper.php from now works * [Feature] Introducing NOTIFY_ADMIN_FULL_BACKUP, email notification about backup success status @@ -348,7 +406,7 @@ Version 0.9.8-26-6 [21-Feb-2020] * [Feature] Introducing force-https-webmail-phpmyadmin nginx template * [Feature] Trigger for /root/update_firewall_custom.sh -Version 0.9.8-26-5 [10-Feb-2020] +Version 0.9.8-26-5 [2020-02-10] ================================================== * [Security] sudoers fix for Debian10 * [Feature] [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-migrate-site-to-https) @@ -357,7 +415,7 @@ Version 0.9.8-26-5 [10-Feb-2020] * [Bugfix] Roundcube force https * [Bugfix] Exim compatibility with Loopia for Debian10 -Version 0.9.8-26-4 [07-Jan-2020] +Version 0.9.8-26-4 [2020-01-07] ================================================== * [Feature] Allow whitelisting specific IP for /api/ * [Feature] Allow whitelisting specific IP to avoid secret_url @@ -365,11 +423,11 @@ Version 0.9.8-26-4 [07-Jan-2020] * [Bugfix] apparmor install fix again * [Bugfix] Turning off MariaDB SQL strict mode -Version 0.9.8-26-3 [26-Nov-2019] +Version 0.9.8-26-3 [2019-11-26] ================================================== * [Bugfix] Better check if session cron already added -Version 0.9.8-26-2 [15-Nov-2019] +Version 0.9.8-26-2 [2019-11-15] ================================================== * [Feature] Support for sub-sub-sub-sub versions :)) * [Bugfix] Support for longer username of email accounts @@ -377,7 +435,7 @@ Version 0.9.8-26-2 [15-Nov-2019] * [Bugfix] Trying to fix ClamAV broken socket * Moving to myvestacp.com -Version 0.9.8-26 [28-Sep-2019] +Version 0.9.8-26 [2019-09-28] ================================================== * [Bugfix] Let's Encrypt HTTP/2 support (by @serghey-rodin) * [Bugfix] Fixing broken autoreply output diff --git a/src/deb/latest.txt b/src/deb/latest.txt index c1732bff..dcb1761c 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-12 \ No newline at end of file +vesta-0.9.9-0-13 \ No newline at end of file From 7dbb74b6bf075358dd59a7d219147fc2eb10185e Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 17:47:12 +0200 Subject: [PATCH 307/316] Increase changelog display limit from 30 to 100 entries in user index page --- web/list/user/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/list/user/index.php b/web/list/user/index.php index da708edc..4e5ac369 100644 --- a/web/list/user/index.php +++ b/web/list/user/index.php @@ -22,7 +22,7 @@ if ($user == 'admin') { if ($show_changelog_value_int==1) { $changelog=''; $changelog_arr=file("/usr/local/vesta/Changelog.md"); - for ($i=0; $i<30; $i++) { + for ($i=0; $i<100; $i++) { if (trim($changelog_arr[$i])=="") break; if ($i>1) $changelog.="\n"; $changelog.=$changelog_arr[$i]; From 37e6a295ba427c992fe46439def2229e11e9bebb Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 19:56:34 +0200 Subject: [PATCH 308/316] Adding /usr/local/vesta/data/upgrades/ files that will prevent fixes to be repeated on next updates --- install/vst-install-debian.sh | 3 ++ src/deb/vesta/postinst | 69 +++++++++++++++++++---------------- 2 files changed, 41 insertions(+), 31 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 419acf59..25364c90 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1149,6 +1149,7 @@ if [ "$nginx" = 'yes' ]; then if [ "$apache" = 'yes' ]; then # SSL fix for Apache 2.4.65+ echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + touch /usr/local/vesta/data/upgrades/fixssl.conf fi #update-rc.d nginx defaults @@ -2085,6 +2086,8 @@ touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply touch /usr/local/vesta/data/upgrades/freshclam_start touch /usr/local/vesta/data/upgrades/barracuda_rbl touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +touch /usr/local/vesta/data/upgrades/v-df-snapshot-make +touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php # Secret URL secretquery='' diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index da830507..186f54d5 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -28,49 +28,56 @@ echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # SSL fix for Apache 2.4.65+ -if [ "$release" -ge 11 ]; then - if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then - echo "== Fixing SSL for Apache 2.4.65+" - echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf - nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') - if [ $nginx_running -eq 1 ]; then - echo "== Restarting Nginx" - systemctl restart nginx +if [ ! -f "/usr/local/vesta/data/upgrades/fixssl.conf" ]; then + if [ "$release" -ge 11 ]; then + if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then + echo "== Fixing SSL for Apache 2.4.65+" + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + touch /usr/local/vesta/data/upgrades/fixssl.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting Nginx" + systemctl restart nginx + fi fi fi fi -# Fixing cron job for fix-website-permissions-for-all-websites -if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then - if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" - sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf - sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin - sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf - sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin +# Adding cron job for disk usage snapshot +if [ ! -f "/usr/local/vesta/data/upgrades/v-df-snapshot-make" ]; then + if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot" + command="sudo $VESTA/bin/v-df-snapshot-make" + $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/v-df-snapshot-make + systemctl restart cron.service + fi + if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot logs cleaner" + command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" + $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/v-df-snapshot-make systemctl restart cron.service fi fi -# Adding cron job for disk usage snapshot -if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Adding cron job for disk usage snapshot" - command="sudo $VESTA/bin/v-df-snapshot-make" - $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" - systemctl restart cron.service -fi -if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Adding cron job for disk usage snapshot logs cleaner" - command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" - $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" - systemctl restart cron.service -fi - # Fixing PHP and .env permissions and ownership for all websites -if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then +if [ ! -f "/usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php" ]; then + # Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin + systemctl restart cron.service + fi + fi echo "== Fixing PHP and .env permissions and ownership for all websites" command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php systemctl restart cron.service fi From 3faa448a32b1679b48b0acf3d150f060e50c3cb9 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 20:05:56 +0200 Subject: [PATCH 309/316] Update Changelog for version 0.9.9-0-13 --- Changelog.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Changelog.md b/Changelog.md index dae97aa5..617bc9c3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,8 +4,8 @@ Version 0.9.9-0-13 [2025-08-15] * Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta) * Improvement: Added support for PHP 8.3 and 8.4 * SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP) -* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) -* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot) +* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) +* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot]) * Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request') * Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12 * Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel @@ -22,7 +22,7 @@ Version 0.9.9-0-13 [2025-08-15] * Introducing a new command: v-get-dns-config (to print zone file in bind9 format) * Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute) * Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command -* Security: Enhance package validation, in v-change-user-package switched 'eval' replaced with 'parse_object_kv_list_non_eval' +* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval' * Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp' * Improvement: v-install-wordpress: Almost always use https * Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables in the command line From 04453ebca2a23227018c6cbb4a5a060046078b7c Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 17 Aug 2025 14:40:53 +0200 Subject: [PATCH 310/316] v-df-snapshot-make tweaks and snapshot for /hdd --- bin/v-df-snapshot-make | 46 +++++++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make index 51c41e9d..985aab15 100644 --- a/bin/v-df-snapshot-make +++ b/bin/v-df-snapshot-make @@ -6,13 +6,45 @@ folder="/usr/local/vesta/data/df" mkdir -p $folder timestamp=$(date +%Y-%m-%d-%H-%M-%S) -du --max-depth=1 -c -m -x / > $folder/snapshot-$timestamp.txt -du --max-depth=1 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=2 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=3 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=6 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=1 -c -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt -du --max-depth=1 -c -m -x /var/log >> $folder/snapshot-$timestamp.txt + +du --max-depth=1 -m -x / > $folder/snapshot-$timestamp.txt + +du --max-depth=6 -m -x /home > $folder/snapshot-temp.txt +for i in {2..7}; do + while IFS= read -r line; do + count=0 + for (( j=0; j<${#line}; j++ )); do + if [[ ${line:j:1} == "/" ]]; then + ((count++)) + fi + done + if [ $count -eq $i ]; then + printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt + fi + done < $folder/snapshot-temp.txt +done +rm $folder/snapshot-temp.txt + +if [ -d "/hdd" ]; then + du --max-depth=7 -m -x /hdd > $folder/snapshot-temp.txt + for i in {1..8}; do + while IFS= read -r line; do + count=0 + for (( j=0; j<${#line}; j++ )); do + if [[ ${line:j:1} == "/" ]]; then + ((count++)) + fi + done + if [ $count -eq $i ]; then + printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt + fi + done < $folder/snapshot-temp.txt + done + rm $folder/snapshot-temp.txt +fi + +du --max-depth=1 -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -m -x /var/log >> $folder/snapshot-$timestamp.txt chmod 600 $folder/snapshot-$timestamp.txt chown root:root $folder/snapshot-$timestamp.txt From 87267eb18fea1772414b1481eb16971252abf4e9 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 14:47:20 +0200 Subject: [PATCH 311/316] v-commander: Add functionality to renew nginx GPG key and add Freexian repository --- bin/v-commander | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/bin/v-commander b/bin/v-commander index 72607c95..502f9f03 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -76,6 +76,7 @@ myhelp() { echo "q = quit" echo "r = reboot" echo "s = download sury.org apt-get key" + echo "n = download nginx gpg key" echo "t = clean the trash" echo "u = apt-get update" echo "v = update myVesta" @@ -219,6 +220,33 @@ do fi fi + if [ "$answer" = 'n' ] || [ "$answer" = 'N' ]; then + if [ -f "/etc/apt/sources.list.d/nginx.list" ]; then + echo "=============================" + echo "== renewing nginx gpg key" + apt-get update + apt-get -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring + curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null + echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list + fi + fi + + if [ "$answer" = 'freexian' ] || [ "$answer" = 'FREEXIAN' ]; then + if [ "$release" -lt 11 ]; then + echo "=============================" + echo "== adding Freexian repository" + apt-get update + apt-get install lsb-release + wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb + cat /etc/apt/sources.list + mv /etc/apt/sources.list /etc/apt/sources.list.old + echo "deb http://deb.freexian.com/extended-lts `lsb_release -cs` main contrib non-free" > /etc/apt/sources.list + rm /etc/apt/sources.list.d/hetzner* + else + echo "== Freexian is not supported on Debian 11 or higher" + fi + fi + if [ "$answer" = 'e def' ] || [ "$answer" = 'E DEF' ]; then release=$(cat /etc/debian_version | tr "." "\n" | head -n1) echo "=============================" From 63972e22664bcd3e97ecd8e97c9dc8eaf2cff287 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 14:57:07 +0200 Subject: [PATCH 312/316] v-commander: Enhance reboot requirement check to include dbus updates --- bin/v-commander | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-commander b/bin/v-commander index 502f9f03..87d7f88a 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -202,7 +202,8 @@ do apt_upgraded=1 kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log) - if [ $kernelupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then + dbusupdate=$(grep -c ' dbus:a' /var/log/apt/history.log) + if [ $kernelupdate -gt 0 ] || [ $dbusupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then touch /root/kernelupdate echo "== kernel is updated, reboot is required!" fi From 37c99361f7693a9d3e8cbdc1f43f099b5f401693 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:01:25 +0200 Subject: [PATCH 313/316] v-commander: Add Freexian repository --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 87d7f88a..ff99d0b0 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -77,6 +77,7 @@ myhelp() { echo "r = reboot" echo "s = download sury.org apt-get key" echo "n = download nginx gpg key" + echo "freexian = add Freexian repository" echo "t = clean the trash" echo "u = apt-get update" echo "v = update myVesta" From b4e10ed96876b077e70e123f6444d377185ec456 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:06:17 +0200 Subject: [PATCH 314/316] v-commander: disabling ClamAV --- bin/v-commander | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-commander b/bin/v-commander index ff99d0b0..a7fbf454 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -307,6 +307,9 @@ do systemctl stop clamav-daemon.service systemctl disable clamav-daemon.service + systemctl stop clamav-daemon.socket + systemctl disable clamav-daemon.socket + systemctl stop clamav-freshclam.service systemctl disable clamav-freshclam.service From a475e7114545d1f6357c73250aaa91fb24f9adf9 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:24:54 +0200 Subject: [PATCH 315/316] Update vesta_compile.sh to set NGINX version to 1.29.1 and PHP version to 8.4.11 --- src/deb/vesta_compile.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index 08bc163b..2d0e4874 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -58,11 +58,12 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.29.0' + +NGINX_V='1.29.1' +PHP_V='8.4.11' OPENSSL_V='1.1.1w' PCRE_V='8.45' ZLIB_V='1.3.1' -PHP_V='8.4.10' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' From 5ea346a3458a46d53b746b1bffff1d39356cb044 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:43:59 +0200 Subject: [PATCH 316/316] Debian 13 installation files --- install/debian/13/apache2/apache2.conf | 95 ++ install/debian/13/apache2/status.conf | 8 + install/debian/13/bind/named.conf | 12 + install/debian/13/clamav/clamd.conf | 61 ++ install/debian/13/deb_signing.key | 41 + install/debian/13/dovecot/conf.d/10-auth.conf | 4 + .../debian/13/dovecot/conf.d/10-logging.conf | 1 + install/debian/13/dovecot/conf.d/10-mail.conf | 4 + .../debian/13/dovecot/conf.d/10-master.conf | 29 + install/debian/13/dovecot/conf.d/10-ssl.conf | 3 + .../13/dovecot/conf.d/15-mailboxes.conf | 30 + install/debian/13/dovecot/conf.d/20-imap.conf | 58 ++ install/debian/13/dovecot/conf.d/20-pop3.conf | 91 ++ .../dovecot/conf.d/auth-passwdfile.conf.ext | 9 + install/debian/13/dovecot/dovecot.conf | 4 + install/debian/13/exim/deny_senders | 1 + install/debian/13/exim/dnsbl.conf | 1 + install/debian/13/exim/exim4.conf.template | 487 ++++++++++ .../13/exim/exim4.conf.template.without-srs | 451 ++++++++++ install/debian/13/exim/spam-blocks.conf | 0 .../debian/13/fail2ban/action.d/vesta.conf | 9 + .../debian/13/fail2ban/filter.d/vesta.conf | 10 + install/debian/13/fail2ban/jail.local | 39 + install/debian/13/firewall/ports.conf | 17 + install/debian/13/firewall/rules.conf | 11 + install/debian/13/logrotate/apache2 | 19 + install/debian/13/logrotate/dovecot | 12 + install/debian/13/logrotate/nginx | 13 + install/debian/13/logrotate/vesta | 7 + install/debian/13/mysql/my-large.cnf | 51 ++ install/debian/13/mysql/my-medium.cnf | 49 + install/debian/13/mysql/my-small.cnf | 49 + install/debian/13/nginx/nginx.conf | 140 +++ install/debian/13/nginx/phpmyadmin.inc | 18 + install/debian/13/nginx/phppgadmin.inc | 11 + install/debian/13/nginx/status.conf | 9 + install/debian/13/nginx/webmail.inc | 15 + install/debian/13/packages/default.pkg | 18 + install/debian/13/pga/config.inc.php | 159 ++++ install/debian/13/pga/phppgadmin.conf | 31 + install/debian/13/php-fpm/www.conf | 11 + install/debian/13/php/php7.3-dedi.patch | 78 ++ install/debian/13/php/php7.3-vps.patch | 78 ++ install/debian/13/php/php7.4-dedi.patch | 78 ++ install/debian/13/php/php7.4-vps.patch | 78 ++ install/debian/13/pma/apache.conf | 42 + install/debian/13/pma/config.inc.php | 146 +++ install/debian/13/pma/create_tables.sql | 385 ++++++++ install/debian/13/pma/pma.sh | 167 ++++ install/debian/13/postgresql/pg_hba.conf | 11 + install/debian/13/proftpd/proftpd.conf | 38 + install/debian/13/proftpd/tls.conf | 63 ++ install/debian/13/roundcube/apache.conf | 40 + install/debian/13/roundcube/config.inc.php | 33 + install/debian/13/roundcube/db.inc.php | 66 ++ install/debian/13/roundcube/main.inc.php | 850 ++++++++++++++++++ install/debian/13/roundcube/vesta.php | 73 ++ install/debian/13/sudo/admin | 8 + install/debian/13/templates/dns/child-ns.tpl | 14 + install/debian/13/templates/dns/default.tpl | 18 + install/debian/13/templates/dns/gmail.tpl | 12 + install/debian/13/templates/dns/office365.tpl | 22 + install/debian/13/templates/dns/yandex.tpl | 16 + .../web/apache2/PHP-FPM-84-public.sh | 133 +++ .../web/apache2/PHP-FPM-84-public.stpl | 36 + .../web/apache2/PHP-FPM-84-public.tpl | 30 + .../13/templates/web/apache2/PHP-FPM-84.sh | 133 +++ .../13/templates/web/apache2/PHP-FPM-84.stpl | 36 + .../13/templates/web/apache2/PHP-FPM-84.tpl | 30 + .../13/templates/web/awstats/awstats.tpl | 133 +++ .../debian/13/templates/web/awstats/index.tpl | 10 + .../debian/13/templates/web/awstats/nav.tpl | 23 + .../debian/13/templates/web/nginx/caching.sh | 19 + .../13/templates/web/nginx/caching.stpl | 44 + .../debian/13/templates/web/nginx/caching.tpl | 42 + .../web/nginx/force-https-legacy.stpl | 40 + .../web/nginx/force-https-legacy.tpl | 8 + .../web/nginx/force-https-public.stpl | 40 + .../web/nginx/force-https-public.tpl | 8 + .../nginx/force-https-webmail-phpmyadmin.stpl | 64 ++ .../nginx/force-https-webmail-phpmyadmin.tpl | 8 + .../13/templates/web/nginx/force-https.stpl | 40 + .../13/templates/web/nginx/force-https.tpl | 8 + .../13/templates/web/nginx/hosting-legacy.sh | 11 + .../templates/web/nginx/hosting-legacy.stpl | 40 + .../13/templates/web/nginx/hosting-legacy.tpl | 36 + .../templates/web/nginx/hosting-public.stpl | 40 + .../13/templates/web/nginx/hosting-public.tpl | 36 + .../web/nginx/hosting-webmail-phpmyadmin.stpl | 64 ++ .../web/nginx/hosting-webmail-phpmyadmin.tpl | 60 ++ .../debian/13/templates/web/nginx/hosting.sh | 11 + .../13/templates/web/nginx/hosting.stpl | 40 + .../debian/13/templates/web/nginx/hosting.tpl | 36 + .../web/nginx/php-fpm/cms_made_simple.stpl | 55 ++ .../web/nginx/php-fpm/cms_made_simple.tpl | 52 ++ .../web/nginx/php-fpm/codeigniter2.stpl | 60 ++ .../web/nginx/php-fpm/codeigniter2.tpl | 57 ++ .../web/nginx/php-fpm/codeigniter3.stpl | 55 ++ .../web/nginx/php-fpm/codeigniter3.tpl | 52 ++ .../web/nginx/php-fpm/datalife_engine.stpl | 126 +++ .../web/nginx/php-fpm/datalife_engine.tpl | 123 +++ .../templates/web/nginx/php-fpm/default.stpl | 54 ++ .../templates/web/nginx/php-fpm/default.tpl | 51 ++ .../templates/web/nginx/php-fpm/dokuwiki.stpl | 71 ++ .../templates/web/nginx/php-fpm/dokuwiki.tpl | 67 ++ .../templates/web/nginx/php-fpm/drupal6.stpl | 94 ++ .../templates/web/nginx/php-fpm/drupal6.tpl | 91 ++ .../templates/web/nginx/php-fpm/drupal7.stpl | 94 ++ .../templates/web/nginx/php-fpm/drupal7.tpl | 91 ++ .../templates/web/nginx/php-fpm/drupal8.stpl | 94 ++ .../templates/web/nginx/php-fpm/drupal8.tpl | 91 ++ .../templates/web/nginx/php-fpm/joomla.stpl | 62 ++ .../13/templates/web/nginx/php-fpm/joomla.tpl | 59 ++ .../templates/web/nginx/php-fpm/laravel.stpl | 54 ++ .../templates/web/nginx/php-fpm/laravel.tpl | 50 ++ .../templates/web/nginx/php-fpm/magento.stpl | 197 ++++ .../templates/web/nginx/php-fpm/magento.tpl | 194 ++++ .../13/templates/web/nginx/php-fpm/modx.stpl | 68 ++ .../13/templates/web/nginx/php-fpm/modx.tpl | 65 ++ .../templates/web/nginx/php-fpm/moodle.stpl | 89 ++ .../13/templates/web/nginx/php-fpm/moodle.tpl | 87 ++ .../templates/web/nginx/php-fpm/no-php.stpl | 46 + .../13/templates/web/nginx/php-fpm/no-php.tpl | 43 + .../13/templates/web/nginx/php-fpm/odoo.stpl | 69 ++ .../13/templates/web/nginx/php-fpm/odoo.tpl | 66 ++ .../templates/web/nginx/php-fpm/opencart.stpl | 58 ++ .../templates/web/nginx/php-fpm/opencart.tpl | 54 ++ .../templates/web/nginx/php-fpm/owncloud.stpl | 84 ++ .../templates/web/nginx/php-fpm/owncloud.tpl | 81 ++ .../13/templates/web/nginx/php-fpm/piwik.stpl | 72 ++ .../13/templates/web/nginx/php-fpm/piwik.tpl | 69 ++ .../templates/web/nginx/php-fpm/pyrocms.stpl | 65 ++ .../templates/web/nginx/php-fpm/pyrocms.tpl | 62 ++ .../13/templates/web/nginx/php-fpm/sendy.stpl | 88 ++ .../13/templates/web/nginx/php-fpm/sendy.tpl | 86 ++ .../web/nginx/php-fpm/wordpress.stpl | 54 ++ .../templates/web/nginx/php-fpm/wordpress.tpl | 51 ++ .../web/nginx/php-fpm/wordpress2.stpl | 66 ++ .../web/nginx/php-fpm/wordpress2.tpl | 63 ++ .../web/nginx/php-fpm/wordpress2_rewrite.stpl | 71 ++ .../web/nginx/php-fpm/wordpress2_rewrite.tpl | 67 ++ .../web/nginx/private-force-https.stpl | 40 + .../web/nginx/private-force-https.tpl | 8 + .../13/templates/web/nginx/private-hosting.sh | 11 + .../templates/web/nginx/private-hosting.stpl | 42 + .../templates/web/nginx/private-hosting.tpl | 38 + .../13/templates/web/nginx/proxy_ip.tpl | 9 + .../13/templates/web/php-fpm/default.tpl | 21 + .../13/templates/web/php-fpm/no-php.tpl | 20 + .../13/templates/web/php-fpm/socket.tpl | 24 + .../web/skel/document_errors/403.html | 29 + .../web/skel/document_errors/404.html | 28 + .../web/skel/document_errors/50x.html | 29 + .../templates/web/skel/public_html/index.html | 26 + .../templates/web/skel/public_html/robots.txt | 3 + .../web/skel/public_shtml/index.html | 26 + .../web/skel/public_shtml/robots.txt | 3 + .../debian/13/templates/web/suspend/.htaccess | 2 + .../13/templates/web/suspend/index.html | 25 + .../13/templates/web/webalizer/webalizer.tpl | 110 +++ install/debian/13/vsftpd/vsftpd.conf | 26 + install/vst-install-debian.sh | 62 +- 162 files changed, 9861 insertions(+), 2 deletions(-) create mode 100644 install/debian/13/apache2/apache2.conf create mode 100644 install/debian/13/apache2/status.conf create mode 100644 install/debian/13/bind/named.conf create mode 100644 install/debian/13/clamav/clamd.conf create mode 100644 install/debian/13/deb_signing.key create mode 100644 install/debian/13/dovecot/conf.d/10-auth.conf create mode 100644 install/debian/13/dovecot/conf.d/10-logging.conf create mode 100644 install/debian/13/dovecot/conf.d/10-mail.conf create mode 100644 install/debian/13/dovecot/conf.d/10-master.conf create mode 100644 install/debian/13/dovecot/conf.d/10-ssl.conf create mode 100644 install/debian/13/dovecot/conf.d/15-mailboxes.conf create mode 100644 install/debian/13/dovecot/conf.d/20-imap.conf create mode 100644 install/debian/13/dovecot/conf.d/20-pop3.conf create mode 100644 install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext create mode 100644 install/debian/13/dovecot/dovecot.conf create mode 100644 install/debian/13/exim/deny_senders create mode 100644 install/debian/13/exim/dnsbl.conf create mode 100644 install/debian/13/exim/exim4.conf.template create mode 100644 install/debian/13/exim/exim4.conf.template.without-srs create mode 100644 install/debian/13/exim/spam-blocks.conf create mode 100644 install/debian/13/fail2ban/action.d/vesta.conf create mode 100644 install/debian/13/fail2ban/filter.d/vesta.conf create mode 100644 install/debian/13/fail2ban/jail.local create mode 100644 install/debian/13/firewall/ports.conf create mode 100644 install/debian/13/firewall/rules.conf create mode 100644 install/debian/13/logrotate/apache2 create mode 100644 install/debian/13/logrotate/dovecot create mode 100644 install/debian/13/logrotate/nginx create mode 100644 install/debian/13/logrotate/vesta create mode 100644 install/debian/13/mysql/my-large.cnf create mode 100644 install/debian/13/mysql/my-medium.cnf create mode 100644 install/debian/13/mysql/my-small.cnf create mode 100644 install/debian/13/nginx/nginx.conf create mode 100644 install/debian/13/nginx/phpmyadmin.inc create mode 100644 install/debian/13/nginx/phppgadmin.inc create mode 100644 install/debian/13/nginx/status.conf create mode 100644 install/debian/13/nginx/webmail.inc create mode 100644 install/debian/13/packages/default.pkg create mode 100644 install/debian/13/pga/config.inc.php create mode 100644 install/debian/13/pga/phppgadmin.conf create mode 100644 install/debian/13/php-fpm/www.conf create mode 100644 install/debian/13/php/php7.3-dedi.patch create mode 100644 install/debian/13/php/php7.3-vps.patch create mode 100644 install/debian/13/php/php7.4-dedi.patch create mode 100644 install/debian/13/php/php7.4-vps.patch create mode 100644 install/debian/13/pma/apache.conf create mode 100644 install/debian/13/pma/config.inc.php create mode 100644 install/debian/13/pma/create_tables.sql create mode 100644 install/debian/13/pma/pma.sh create mode 100644 install/debian/13/postgresql/pg_hba.conf create mode 100644 install/debian/13/proftpd/proftpd.conf create mode 100644 install/debian/13/proftpd/tls.conf create mode 100644 install/debian/13/roundcube/apache.conf create mode 100644 install/debian/13/roundcube/config.inc.php create mode 100644 install/debian/13/roundcube/db.inc.php create mode 100644 install/debian/13/roundcube/main.inc.php create mode 100644 install/debian/13/roundcube/vesta.php create mode 100644 install/debian/13/sudo/admin create mode 100644 install/debian/13/templates/dns/child-ns.tpl create mode 100644 install/debian/13/templates/dns/default.tpl create mode 100644 install/debian/13/templates/dns/gmail.tpl create mode 100644 install/debian/13/templates/dns/office365.tpl create mode 100644 install/debian/13/templates/dns/yandex.tpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84.sh create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84.stpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84.tpl create mode 100644 install/debian/13/templates/web/awstats/awstats.tpl create mode 100644 install/debian/13/templates/web/awstats/index.tpl create mode 100644 install/debian/13/templates/web/awstats/nav.tpl create mode 100644 install/debian/13/templates/web/nginx/caching.sh create mode 100644 install/debian/13/templates/web/nginx/caching.stpl create mode 100644 install/debian/13/templates/web/nginx/caching.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https-legacy.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https-legacy.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https-public.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https-public.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting-legacy.sh create mode 100644 install/debian/13/templates/web/nginx/hosting-legacy.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting-legacy.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting-public.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting-public.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting.sh create mode 100644 install/debian/13/templates/web/nginx/hosting.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/default.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/default.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/joomla.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/joomla.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/laravel.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/laravel.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/magento.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/magento.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/modx.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/modx.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/moodle.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/moodle.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/no-php.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/no-php.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/odoo.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/odoo.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/opencart.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/opencart.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/piwik.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/piwik.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/sendy.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/sendy.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl create mode 100644 install/debian/13/templates/web/nginx/private-force-https.stpl create mode 100644 install/debian/13/templates/web/nginx/private-force-https.tpl create mode 100644 install/debian/13/templates/web/nginx/private-hosting.sh create mode 100644 install/debian/13/templates/web/nginx/private-hosting.stpl create mode 100644 install/debian/13/templates/web/nginx/private-hosting.tpl create mode 100644 install/debian/13/templates/web/nginx/proxy_ip.tpl create mode 100644 install/debian/13/templates/web/php-fpm/default.tpl create mode 100644 install/debian/13/templates/web/php-fpm/no-php.tpl create mode 100644 install/debian/13/templates/web/php-fpm/socket.tpl create mode 100644 install/debian/13/templates/web/skel/document_errors/403.html create mode 100644 install/debian/13/templates/web/skel/document_errors/404.html create mode 100644 install/debian/13/templates/web/skel/document_errors/50x.html create mode 100644 install/debian/13/templates/web/skel/public_html/index.html create mode 100644 install/debian/13/templates/web/skel/public_html/robots.txt create mode 100644 install/debian/13/templates/web/skel/public_shtml/index.html create mode 100644 install/debian/13/templates/web/skel/public_shtml/robots.txt create mode 100644 install/debian/13/templates/web/suspend/.htaccess create mode 100644 install/debian/13/templates/web/suspend/index.html create mode 100644 install/debian/13/templates/web/webalizer/webalizer.tpl create mode 100644 install/debian/13/vsftpd/vsftpd.conf diff --git a/install/debian/13/apache2/apache2.conf b/install/debian/13/apache2/apache2.conf new file mode 100644 index 00000000..2be3e50d --- /dev/null +++ b/install/debian/13/apache2/apache2.conf @@ -0,0 +1,95 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 900 +ProxyTimeout 900 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/debian/13/apache2/status.conf b/install/debian/13/apache2/status.conf new file mode 100644 index 00000000..0d82a356 --- /dev/null +++ b/install/debian/13/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + # Allow from all + diff --git a/install/debian/13/bind/named.conf b/install/debian/13/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/debian/13/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/debian/13/clamav/clamd.conf b/install/debian/13/clamav/clamd.conf new file mode 100644 index 00000000..c636b6d3 --- /dev/null +++ b/install/debian/13/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean true +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 2M +MaxFileSize 2M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/debian/13/deb_signing.key b/install/debian/13/deb_signing.key new file mode 100644 index 00000000..d279abbd --- /dev/null +++ b/install/debian/13/deb_signing.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/13/dovecot/conf.d/10-auth.conf b/install/debian/13/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/debian/13/dovecot/conf.d/10-logging.conf b/install/debian/13/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/debian/13/dovecot/conf.d/10-mail.conf b/install/debian/13/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/debian/13/dovecot/conf.d/10-master.conf b/install/debian/13/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/debian/13/dovecot/conf.d/10-ssl.conf b/install/debian/13/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..3aaff6ee --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + mail_max_userip_connections = 50 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/debian/13/dovecot/dovecot.conf b/install/debian/13/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/debian/13/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/debian/13/exim/deny_senders b/install/debian/13/exim/deny_senders new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/install/debian/13/exim/deny_senders @@ -0,0 +1 @@ + diff --git a/install/debian/13/exim/dnsbl.conf b/install/debian/13/exim/dnsbl.conf new file mode 100644 index 00000000..279bafcd --- /dev/null +++ b/install/debian/13/exim/dnsbl.conf @@ -0,0 +1 @@ +bl.spamcop.net diff --git a/install/debian/13/exim/exim4.conf.template b/install/debian/13/exim/exim4.conf.template new file mode 100644 index 00000000..15264797 --- /dev/null +++ b/install/debian/13/exim/exim4.conf.template @@ -0,0 +1,487 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/13/exim/exim4.conf.template.without-srs b/install/debian/13/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/13/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/13/exim/spam-blocks.conf b/install/debian/13/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/debian/13/fail2ban/action.d/vesta.conf b/install/debian/13/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/debian/13/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/13/fail2ban/filter.d/vesta.conf b/install/debian/13/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..36ec1001 --- /dev/null +++ b/install/debian/13/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccessful Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/debian/13/fail2ban/jail.local b/install/debian/13/fail2ban/jail.local new file mode 100644 index 00000000..eccea068 --- /dev/null +++ b/install/debian/13/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/13/firewall/ports.conf b/install/debian/13/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/13/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/13/firewall/rules.conf b/install/debian/13/firewall/rules.conf new file mode 100644 index 00000000..6da5a1c4 --- /dev/null +++ b/install/debian/13/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/debian/13/logrotate/apache2 b/install/debian/13/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/debian/13/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/debian/13/logrotate/dovecot b/install/debian/13/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/debian/13/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/debian/13/logrotate/nginx b/install/debian/13/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/debian/13/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/debian/13/logrotate/vesta b/install/debian/13/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/debian/13/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/debian/13/mysql/my-large.cnf b/install/debian/13/mysql/my-large.cnf new file mode 100644 index 00000000..b056c316 --- /dev/null +++ b/install/debian/13/mysql/my-large.cnf @@ -0,0 +1,51 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-medium.cnf b/install/debian/13/mysql/my-medium.cnf new file mode 100644 index 00000000..33aa04c2 --- /dev/null +++ b/install/debian/13/mysql/my-medium.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-small.cnf b/install/debian/13/mysql/my-small.cnf new file mode 100644 index 00000000..857f48ce --- /dev/null +++ b/install/debian/13/mysql/my-small.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/nginx/nginx.conf b/install/debian/13/nginx/nginx.conf new file mode 100644 index 00000000..6efe2337 --- /dev/null +++ b/install/debian/13/nginx/nginx.conf @@ -0,0 +1,140 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +timer_resolution 50ms; #In order to free some CPU cycles +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 2a06:98c0::/29; + set_real_ip_from 2c0f:f248::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/debian/13/nginx/phpmyadmin.inc b/install/debian/13/nginx/phpmyadmin.inc new file mode 100644 index 00000000..cdfc93c4 --- /dev/null +++ b/install/debian/13/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/debian/13/nginx/phppgadmin.inc b/install/debian/13/nginx/phppgadmin.inc new file mode 100644 index 00000000..47cfcf4e --- /dev/null +++ b/install/debian/13/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/13/nginx/status.conf b/install/debian/13/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/debian/13/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/debian/13/nginx/webmail.inc b/install/debian/13/nginx/webmail.inc new file mode 100644 index 00000000..768c9049 --- /dev/null +++ b/install/debian/13/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/13/packages/default.pkg b/install/debian/13/packages/default.pkg new file mode 100644 index 00000000..cd1cbba1 --- /dev/null +++ b/install/debian/13/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='PHP-FPM-82' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='unlimited' +WEB_ALIASES='unlimited' +DNS_DOMAINS='unlimited' +DNS_RECORDS='unlimited' +MAIL_DOMAINS='unlimited' +MAIL_ACCOUNTS='unlimited' +DATABASES='unlimited' +CRON_JOBS='unlimited' +DISK_QUOTA='unlimited' +BANDWIDTH='unlimited' +NS='YOURHOSTNAME1,YOURHOSTNAME2' +SHELL='nologin' +BACKUPS='2' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/debian/13/pga/config.inc.php b/install/debian/13/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/debian/13/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/debian/13/pga/phppgadmin.conf b/install/debian/13/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/debian/13/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/debian/13/php-fpm/www.conf b/install/debian/13/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/debian/13/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/debian/13/php/php7.3-dedi.patch b/install/debian/13/php/php7.3-dedi.patch new file mode 100644 index 00000000..c044e002 --- /dev/null +++ b/install/debian/13/php/php7.3-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.3-vps.patch b/install/debian/13/php/php7.3-vps.patch new file mode 100644 index 00000000..803b93e8 --- /dev/null +++ b/install/debian/13/php/php7.3-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-dedi.patch b/install/debian/13/php/php7.4-dedi.patch new file mode 100644 index 00000000..3e5bd2fb --- /dev/null +++ b/install/debian/13/php/php7.4-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:25:15.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-vps.patch b/install/debian/13/php/php7.4-vps.patch new file mode 100644 index 00000000..7c52d402 --- /dev/null +++ b/install/debian/13/php/php7.4-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:24:26.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/pma/apache.conf b/install/debian/13/pma/apache.conf new file mode 100644 index 00000000..2a8f69e2 --- /dev/null +++ b/install/debian/13/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/debian/13/pma/config.inc.php b/install/debian/13/pma/config.inc.php new file mode 100644 index 00000000..eafc6d67 --- /dev/null +++ b/install/debian/13/pma/config.inc.php @@ -0,0 +1,146 @@ +> $pmapath1 +sed -i '/savedsearches/d' $pmapath1 +sed -i '/navigationhiding/d' $pmapath1 +sed -i '/users/d' $pmapath1 +sed -i '/controlpass/d' $pmapath1 +sed -i '/favorite/d' $pmapath1 +sed -i '/usergroups/d' $pmapath1 +sed -i '/central_columns/d' $pmapath1 +sed -i '/designer_settings/d' $pmapath1 +sed -i '/export_templates/d' $pmapath1 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1 + +sed -i '/pmadb/d' $pmapath2 +sed -i '/controluser/d' $pmapath2 +sed -i '/bookmarktable/d' $pmapath2 +sed -i '/relation/d' $pmapath2 +sed -i '/userconfig/d' $pmapath2 +sed -i '/table_info/d' $pmapath2 +sed -i '/column_info/d' $pmapath2 +sed -i '/history/d' $pmapath2 +sed -i '/recent/d' $pmapath2 +sed -i '/table_uiprefs/d' $pmapath2 +sed -i '/tracking/d' $pmapath2 +sed -i '/table_coords/d' $pmapath2 +sed -i '/pdf_pages/d' $pmapath2 +sed -i '/designer_coords/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/savedsearches/d' $pmapath2 +sed -i '/navigationhiding/d' $pmapath2 +sed -i '/users/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/favorite/d' $pmapath2 +sed -i '/usergroups/d' $pmapath2 +sed -i '/central_columns/d' $pmapath2 +sed -i '/designer_settings/d' $pmapath2 +sed -i '/export_templates/d' $pmapath2 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2 + +#SOME WORK with DATABASE (table / user) +PMADB=phpmyadmin +PMAUSER=pma + +#DROP USER and TABLE +mysql -uroot < + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 100 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + + + Umask 002 + + IdentLookups off + + AllowOverwrite yes + + AllowAll + + diff --git a/install/debian/13/proftpd/tls.conf b/install/debian/13/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/13/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/13/roundcube/apache.conf b/install/debian/13/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/debian/13/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/debian/13/roundcube/config.inc.php b/install/debian/13/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/debian/13/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/debian/13/roundcube/main.inc.php b/install/debian/13/roundcube/main.inc.php new file mode 100644 index 00000000..91f32000 --- /dev/null +++ b/install/debian/13/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = true; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'elastic'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/debian/13/roundcube/vesta.php b/install/debian/13/roundcube/vesta.php new file mode 100644 index 00000000..b3dd167f --- /dev/null +++ b/install/debian/13/roundcube/vesta.php @@ -0,0 +1,73 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/debian/13/sudo/admin b/install/debian/13/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/debian/13/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/13/templates/dns/child-ns.tpl b/install/debian/13/templates/dns/child-ns.tpl new file mode 100644 index 00000000..42c046e4 --- /dev/null +++ b/install/debian/13/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/default.tpl b/install/debian/13/templates/dns/default.tpl new file mode 100644 index 00000000..e0a37e62 --- /dev/null +++ b/install/debian/13/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/gmail.tpl b/install/debian/13/templates/dns/gmail.tpl new file mode 100644 index 00000000..219c9d24 --- /dev/null +++ b/install/debian/13/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/office365.tpl b/install/debian/13/templates/dns/office365.tpl new file mode 100644 index 00000000..dcf556e1 --- /dev/null +++ b/install/debian/13/templates/dns/office365.tpl @@ -0,0 +1,22 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/yandex.tpl b/install/debian/13/templates/dns/yandex.tpl new file mode 100644 index 00000000..4ce768fe --- /dev/null +++ b/install/debian/13/templates/dns/yandex.tpl @@ -0,0 +1,16 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/awstats/awstats.tpl b/install/debian/13/templates/web/awstats/awstats.tpl new file mode 100644 index 00000000..6bb51c50 --- /dev/null +++ b/install/debian/13/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1" +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/debian/13/templates/web/awstats/index.tpl b/install/debian/13/templates/web/awstats/index.tpl new file mode 100644 index 00000000..9df9bb5c --- /dev/null +++ b/install/debian/13/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/debian/13/templates/web/awstats/nav.tpl b/install/debian/13/templates/web/awstats/nav.tpl new file mode 100644 index 00000000..f29bed68 --- /dev/null +++ b/install/debian/13/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/debian/13/templates/web/nginx/caching.sh b/install/debian/13/templates/web/nginx/caching.sh new file mode 100644 index 00000000..09d8efe7 --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/debian/13/templates/web/nginx/caching.stpl b/install/debian/13/templates/web/nginx/caching.stpl new file mode 100644 index 00000000..f5c9740f --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/caching.tpl b/install/debian/13/templates/web/nginx/caching.tpl new file mode 100644 index 00000000..73de28d5 --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.tpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.stpl b/install/debian/13/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..8e636db3 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.tpl b/install/debian/13/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https-public.stpl b/install/debian/13/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/force-https-public.tpl b/install/debian/13/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https.stpl b/install/debian/13/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..55f41002 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https.tpl b/install/debian/13/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.sh b/install/debian/13/templates/web/nginx/hosting-legacy.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.stpl b/install/debian/13/templates/web/nginx/hosting-legacy.stpl new file mode 100644 index 00000000..efdd3b87 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.tpl b/install/debian/13/templates/web/nginx/hosting-legacy.tpl new file mode 100644 index 00000000..a41d4054 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-public.stpl b/install/debian/13/templates/web/nginx/hosting-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-public.tpl b/install/debian/13/templates/web/nginx/hosting-public.tpl new file mode 100644 index 00000000..f5d8b327 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-public.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..f84f4781 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting.sh b/install/debian/13/templates/web/nginx/hosting.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting.stpl b/install/debian/13/templates/web/nginx/hosting.stpl new file mode 100644 index 00000000..5745311e --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting.tpl b/install/debian/13/templates/web/nginx/hosting.tpl new file mode 100644 index 00000000..61469ad2 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..cf8fad56 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..5931f617 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..3c2793d1 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..bb9a727b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.stpl b/install/debian/13/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.tpl b/install/debian/13/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..a7564705 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6e67a4e0 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..d1096bff --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..d4f96ee3 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..db0b4dde --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.stpl b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..f8ac30c9 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.tpl b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.stpl b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..420aeb9e --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.tpl b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..8594ec94 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..4bb50383 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..e28afcfc --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..52706d21 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..1b803f97 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..1b299343 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..d26ed9f4 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..b92861b0 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..01dfee5b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..a5fc46fb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/private-force-https.stpl b/install/debian/13/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..bf805683 --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/private-force-https.tpl b/install/debian/13/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/private-hosting.sh b/install/debian/13/templates/web/nginx/private-hosting.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/private-hosting.stpl b/install/debian/13/templates/web/nginx/private-hosting.stpl new file mode 100644 index 00000000..8e5b3f7b --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.stpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/private-hosting.tpl b/install/debian/13/templates/web/nginx/private-hosting.tpl new file mode 100644 index 00000000..a8ee840e --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.tpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/proxy_ip.tpl b/install/debian/13/templates/web/nginx/proxy_ip.tpl new file mode 100644 index 00000000..ae195617 --- /dev/null +++ b/install/debian/13/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/debian/13/templates/web/php-fpm/default.tpl b/install/debian/13/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/no-php.tpl b/install/debian/13/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/socket.tpl b/install/debian/13/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/skel/document_errors/403.html b/install/debian/13/templates/web/skel/document_errors/403.html new file mode 100644 index 00000000..9c3f6baa --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/13/templates/web/skel/document_errors/404.html b/install/debian/13/templates/web/skel/document_errors/404.html new file mode 100644 index 00000000..2cee7708 --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/13/templates/web/skel/document_errors/50x.html b/install/debian/13/templates/web/skel/document_errors/50x.html new file mode 100644 index 00000000..85ba648b --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/debian/13/templates/web/skel/public_html/index.html b/install/debian/13/templates/web/skel/public_html/index.html new file mode 100644 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/13/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/13/templates/web/skel/public_html/robots.txt b/install/debian/13/templates/web/skel/public_html/robots.txt new file mode 100644 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/13/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/13/templates/web/skel/public_shtml/index.html b/install/debian/13/templates/web/skel/public_shtml/index.html new file mode 100644 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/13/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/13/templates/web/skel/public_shtml/robots.txt b/install/debian/13/templates/web/skel/public_shtml/robots.txt new file mode 100644 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/13/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/13/templates/web/suspend/.htaccess b/install/debian/13/templates/web/suspend/.htaccess new file mode 100644 index 00000000..5a6df83f --- /dev/null +++ b/install/debian/13/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/debian/13/templates/web/suspend/index.html b/install/debian/13/templates/web/suspend/index.html new file mode 100644 index 00000000..3815354d --- /dev/null +++ b/install/debian/13/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

Temporary under construction

+

This website is temporary under construction.

+
+ We will back again soon. +
+ + diff --git a/install/debian/13/templates/web/webalizer/webalizer.tpl b/install/debian/13/templates/web/webalizer/webalizer.tpl new file mode 100644 index 00000000..068adcfb --- /dev/null +++ b/install/debian/13/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/debian/13/vsftpd/vsftpd.conf b/install/debian/13/vsftpd/vsftpd.conf new file mode 100644 index 00000000..1ca1a992 --- /dev/null +++ b/install/debian/13/vsftpd/vsftpd.conf @@ -0,0 +1,26 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 +use_localtime=YES diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 25364c90..98887225 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -20,7 +20,19 @@ codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" ARCH="amd64" -if [ "$release" -eq 12 ]; then +if [ "$release" -eq 13 ]; then + software="nginx apache2 apache2-utils + libapache2-mod-fcgid php-fpm php + php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats + vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mariadb-server mariadb-common + mariadb-client postgresql postgresql-contrib phpmyadmin mc + flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl + unrar-free vim-common net-tools unzip iptables xxd spamd" +elif [ "$release" -eq 12 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats @@ -1083,6 +1095,22 @@ if [ "$release" -eq 12 ]; then ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl fi +if [ "$release" -eq 13 ]; then + echo "== Symlink missing templates" + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl + + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.tpl +fi echo "== Set nameservers address" sed -i "s/YOURHOSTNAME1/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg @@ -1207,7 +1235,13 @@ fi if [ "$phpfpm" = 'yes' ]; then echo "=== Configure PHP-FPM" - if [ "$release" -eq 12 ]; then + if [ "$release" -eq 13 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/8.4/fpm/pool.d/www.conf + #update-rc.d php8.4-fpm defaults + currentservice='php8.4-fpm' + ensure_startup $currentservice + ensure_start $currentservice + elif [ "$release" -eq 12 ]; then cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf #update-rc.d php8.2-fpm defaults currentservice='php8.2-fpm' @@ -1885,6 +1919,20 @@ if [ "$release" -eq 12 ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' fi fi +if [ "$release" -eq 13 ]; then + if [ -f "/etc/php/8.4/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" + sed -i "/^group =/c\group = www-data" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/8.4/fpm/pool.d/$servername.conf + service php8.4-fpm restart + ln -s /var/lib/roundcube /var/lib/roundcube/webmail + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' + fi +fi + echo "== Adding cron jobs" command="sudo $VESTA/bin/v-update-sys-queue disk" @@ -1953,6 +2001,9 @@ fi if [ "$release" -eq 12 ]; then apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap fi +if [ "$release" -eq 13 ]; then + apt-get -y install php8.4-apcu php8.4-mbstring php8.4-bcmath php8.4-curl php8.4-gd php8.4-intl php8.4-mysql php8.4-mysqlnd php8.4-pdo php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-zip php8.4-imagick php8.4-imap +fi touch /var/log/php-mail.log chmod a=rw /var/log/php-mail.log @@ -2008,6 +2059,13 @@ if [ "$release" -eq 12 ]; then service php8.2-fpm restart fi +if [ "$release" -eq 13 ]; then + echo "=== Patching php8.4" + patch /etc/php/8.4/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch + update-alternatives --set php /usr/bin/php8.4 + service php8.4-fpm restart +fi + # echo "=== Patching rcube_vcard.php" # wget -nv https://c.myvestacp.com/tools/patches/rcube_vcard.patch -O /root/rcube_vcard.patch # patch /usr/share/roundcube/program/lib/Roundcube/rcube_vcard.php < /root/rcube_vcard.patch