From b5ccfbed8271e03e7c0f1bd6f3700261bbbc760d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 16 Jun 2023 23:10:48 +0200 Subject: [PATCH 001/348] debian12 vesta_compile.sh fixes --- src/deb/for-download/tools/multi-php-install.sh | 3 +++ src/deb/vesta_compile.sh | 17 ++++++++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 764f56cf..88528e92 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -108,6 +108,9 @@ if [ "$inst_repo" -eq 1 ]; then if [ $debian_version -eq 11 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' fi + if [ $debian_version -eq 12 ]; then + sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list' + fi apt update apt upgrade -y press_enter "=== Press enter to continue ===============================================================================" diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index 8b1bd1f1..af7d2f56 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -58,10 +58,10 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.21.2' -OPENSSL_V='1.1.1l' +NGINX_V='1.25.1' +OPENSSL_V='1.1.1u' PCRE_V='8.45' -ZLIB_V='1.2.11' +ZLIB_V='1.2.13' PHP_V='5.6.40' # Generate Links for sourcecode @@ -76,7 +76,13 @@ ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz' PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz' # Set package dependencies for compiling -SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + +if [ "$release" -lt 12 ]; then + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' +else + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync' +fi function press_enter { if [ $wait_to_press_enter -eq 1 ]; then @@ -121,7 +127,7 @@ if [ $run_apt_update_and_install -eq 1 ]; then apt-get -qq install -y $SOFTWARE # Fix for Debian PHP Envroiment - if [ ! -e /usr/local/include/curl ]; then + if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi press_enter "=== Press enter to continue ===============================================================================" @@ -252,6 +258,7 @@ EOF press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***" vi $PATH_OF_APT_REPO_ROOT/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/9/deb_signing.key From af61d62c47bd0ec57e5659f806d7fbff58a0c390 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 14:46:05 +0200 Subject: [PATCH 002/348] debian12 php8.2 templates --- ...-FPM-74-public.sh => PHP-FPM-82-public.sh} | 44 ++++++++++++------- ...-74-public.stpl => PHP-FPM-82-public.stpl} | 12 +---- ...PM-74-public.tpl => PHP-FPM-82-public.tpl} | 12 +---- .../apache2/{PHP-FPM-74.sh => PHP-FPM-82.sh} | 44 ++++++++++++------- .../{PHP-FPM-74.stpl => PHP-FPM-82.stpl} | 12 +---- .../{PHP-FPM-74.tpl => PHP-FPM-82.tpl} | 12 +---- 6 files changed, 66 insertions(+), 70 deletions(-) rename install/debian/12/templates/web/apache2/{PHP-FPM-74-public.sh => PHP-FPM-82-public.sh} (79%) mode change 100755 => 100644 rename install/debian/12/templates/web/apache2/{PHP-FPM-74-public.stpl => PHP-FPM-82-public.stpl} (77%) rename install/debian/12/templates/web/apache2/{PHP-FPM-74-public.tpl => PHP-FPM-82-public.tpl} (74%) rename install/debian/12/templates/web/apache2/{PHP-FPM-74.sh => PHP-FPM-82.sh} (79%) mode change 100755 => 100644 rename install/debian/12/templates/web/apache2/{PHP-FPM-74.stpl => PHP-FPM-82.stpl} (77%) rename install/debian/12/templates/web/apache2/{PHP-FPM-74.tpl => PHP-FPM-82.tpl} (74%) diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-74-public.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh old mode 100755 new mode 100644 similarity index 79% rename from install/debian/12/templates/web/apache2/PHP-FPM-74-public.sh rename to install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh index e72bb003..a4deb752 --- a/install/debian/12/templates/web/apache2/PHP-FPM-74-public.sh +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh @@ -8,7 +8,7 @@ docroot="$5" pool_conf="[$2] -listen = /run/php/php7.4-fpm-$2.sock +listen = /run/php/php8.2-fpm-$2.sock listen.owner = $1 listen.group = $1 listen.mode = 0666 @@ -47,6 +47,8 @@ pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 @@ -78,23 +80,11 @@ if [ -f "$pool_file_73" ]; then systemctl restart php7.3-fpm fi -write_file=0 -if [ ! -f "$pool_file_74" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_74) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_74 +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 systemctl reset-failed php7.4-fpm systemctl restart php7.4-fpm fi -if [ -f "/etc/php/7.4/fpm/pool.d/www.conf" ]; then - rm /etc/php/7.4/fpm/pool.d/www.conf -fi if [ -f "$pool_file_80" ]; then rm $pool_file_80 @@ -102,4 +92,28 @@ if [ -f "$pool_file_80" ]; then systemctl restart php8.0-fpm fi +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + exit 0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-74-public.stpl b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl similarity index 77% rename from install/debian/12/templates/web/apache2/PHP-FPM-74-public.stpl rename to install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl index fdbc26f9..809e7f33 100644 --- a/install/debian/12/templates/web/apache2/PHP-FPM-74-public.stpl +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl @@ -17,24 +17,16 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none SSLCertificateFile %ssl_crt% SSLCertificateKeyFile %ssl_key% %ssl_ca_str%SSLCertificateChainFile %ssl_ca% -# -# RMode config -# RUidGid %user% %group% -# RGroups www-data -# -# -# AssignUserID %user% %group% -# - SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-74-public.tpl b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl similarity index 74% rename from install/debian/12/templates/web/apache2/PHP-FPM-74-public.tpl rename to install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl index 614f20c3..679d1409 100644 --- a/install/debian/12/templates/web/apache2/PHP-FPM-74-public.tpl +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl @@ -16,19 +16,11 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch -# -# RMode config -# RUidGid %user% %group% -# RGroups www-data -# -# -# AssignUserID %user% %group% -# - SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-74.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82.sh old mode 100755 new mode 100644 similarity index 79% rename from install/debian/12/templates/web/apache2/PHP-FPM-74.sh rename to install/debian/12/templates/web/apache2/PHP-FPM-82.sh index e72bb003..a4deb752 --- a/install/debian/12/templates/web/apache2/PHP-FPM-74.sh +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.sh @@ -8,7 +8,7 @@ docroot="$5" pool_conf="[$2] -listen = /run/php/php7.4-fpm-$2.sock +listen = /run/php/php8.2-fpm-$2.sock listen.owner = $1 listen.group = $1 listen.mode = 0666 @@ -47,6 +47,8 @@ pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 @@ -78,23 +80,11 @@ if [ -f "$pool_file_73" ]; then systemctl restart php7.3-fpm fi -write_file=0 -if [ ! -f "$pool_file_74" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_74) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_74 +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 systemctl reset-failed php7.4-fpm systemctl restart php7.4-fpm fi -if [ -f "/etc/php/7.4/fpm/pool.d/www.conf" ]; then - rm /etc/php/7.4/fpm/pool.d/www.conf -fi if [ -f "$pool_file_80" ]; then rm $pool_file_80 @@ -102,4 +92,28 @@ if [ -f "$pool_file_80" ]; then systemctl restart php8.0-fpm fi +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + exit 0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-74.stpl b/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl similarity index 77% rename from install/debian/12/templates/web/apache2/PHP-FPM-74.stpl rename to install/debian/12/templates/web/apache2/PHP-FPM-82.stpl index df607247..e0d04794 100644 --- a/install/debian/12/templates/web/apache2/PHP-FPM-74.stpl +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl @@ -17,24 +17,16 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none SSLCertificateFile %ssl_crt% SSLCertificateKeyFile %ssl_key% %ssl_ca_str%SSLCertificateChainFile %ssl_ca% -# -# RMode config -# RUidGid %user% %group% -# RGroups www-data -# -# -# AssignUserID %user% %group% -# - SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-74.tpl b/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl similarity index 74% rename from install/debian/12/templates/web/apache2/PHP-FPM-74.tpl rename to install/debian/12/templates/web/apache2/PHP-FPM-82.tpl index 7b6e2cb5..eba95935 100644 --- a/install/debian/12/templates/web/apache2/PHP-FPM-74.tpl +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl @@ -16,19 +16,11 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch -# -# RMode config -# RUidGid %user% %group% -# RGroups www-data -# -# -# AssignUserID %user% %group% -# - SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/" + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 From 698069d708d13193ff7f11aea791950f1d9c63fc Mon Sep 17 00:00:00 2001 From: myvesta Date: Sat, 17 Jun 2023 14:49:42 +0200 Subject: [PATCH 003/348] Making php8.2 templates executable --- install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh | 0 install/debian/12/templates/web/apache2/PHP-FPM-82.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh mode change 100644 => 100755 install/debian/12/templates/web/apache2/PHP-FPM-82.sh diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh old mode 100644 new mode 100755 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82.sh old mode 100644 new mode 100755 From f6cb92c20ac8e5bf4a592c4e95edbe578b6d4bb0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 15:09:34 +0200 Subject: [PATCH 004/348] Debian12 installer script, first fix --- bin/v-install-unsigned-ssl | 11 ++- install/vst-install-debian.sh | 144 ++++++++++++++++++++++++---------- 2 files changed, 111 insertions(+), 44 deletions(-) diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 6b0e7c4a..ae14b68b 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,6 +52,8 @@ fi # Action # #----------------------------------------------------------# + + email="info@$domain" TMPLOC="/home/$user/tmp/$domain" @@ -62,8 +64,13 @@ mkdir $TMPLOC # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" $TMPLOC/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:) +if [ "$release" -lt 12 ]; then + key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:) +else + key_start=$(grep -n "BEGIN PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:) +fi # Adding SSL certificate cd $TMPLOC diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4349a56d..5ded7a23 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -19,7 +19,19 @@ release=$(cat /etc/debian_version | tr "." "\n" | head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" -if [ "$release" -eq 11 ]; then +if [ "$release" -eq 12 ]; then + software="nginx apache2 apache2-utils + libapache2-mod-fcgid php-fpm php + php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats + vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mariadb-server mariadb-common + mariadb-client postgresql postgresql-contrib phppgadmin phpmyadmin mc + flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl + unrar-free vim-common net-tools unzip iptables" +elif [ "$release" -eq 11 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats @@ -922,7 +934,7 @@ if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf - if [ "$release" -eq 9 ] || [ "$release" -eq 10 ] || [ "$release" -eq 11 ]; then + if [ "$release" -gt 8 ]; then if [ "$phpfpm" = 'yes' ]; then echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf fi @@ -1014,15 +1026,31 @@ if [ "$release" -eq 11 ]; then ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.sh /usr/local/vesta/data/templates/web/apache2/default.sh - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl - ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.stpl - ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl +fi +if [ "$release" -eq 12 ]; then + echo "== Symlink missing templates" + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl + + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl fi echo "== Set nameservers address" @@ -1045,12 +1073,17 @@ $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null echo "== Generating myVesta unsigned SSL certificate" $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ - 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + 'San Francisco' 'myVesta Control Panel' 'IT' > /tmp/vst.pem # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) +if [ "$release" -lt 12 ]; then + key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) +else + key_start=$(grep -n "BEGIN PRIVATE KEY" /tmp/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END PRIVATE KEY" /tmp/vst.pem |cut -f 1 -d:) +fi cd $VESTA/ssl sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt @@ -1134,10 +1167,16 @@ fi if [ "$phpfpm" = 'yes' ]; then echo "=== Configure PHP-FPM" - if [ "$release" -eq 11 ]; then - cp -f $vestacp/php-fpm/www.conf /etc/php/7.4/fpm/pool.d/www.conf - #update-rc.d php7.4-fpm defaults - currentservice='php7.4-fpm' + if [ "$release" -eq 12 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf + #update-rc.d php8.2-fpm defaults + currentservice='php8.2-fpm' + ensure_startup $currentservice + ensure_start $currentservice + elif [ "$release" -eq 11 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf + #update-rc.d php8.2-fpm defaults + currentservice='php8.2-fpm' ensure_startup $currentservice ensure_start $currentservice elif [ "$release" -eq 10 ]; then @@ -1305,7 +1344,7 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php fi - if [ "$release" -eq 11 ]; then + if [ "$release" -gt 10 ]; then echo "=== Configure phpMyAdmin (Debian11 custom part)" # Set config and log directory sed -i "s|define('CONFIG_DIR', '');|define('CONFIG_DIR', '/etc/phpmyadmin/');|" /usr/share/phpmyadmin/libraries/vendor_config.php @@ -1518,14 +1557,12 @@ if [ "$exim" = 'yes' ] && { [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; } the /etc/roundcube/plugins/password/config.inc.php mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql chmod a+r /etc/roundcube/main.inc.php - if [ "$release" -eq 8 ] || [ "$release" -eq 9 ] || [ "$release" -eq 10 ] || [ "$release" -eq 11 ]; then - mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php - mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php - chmod 640 /etc/roundcube/debian-db-roundcube.php - chmod 640 /etc/roundcube/config.inc.php - chown root:www-data /etc/roundcube/debian-db-roundcube.php - chown root:www-data /etc/roundcube/config.inc.php - fi + mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php + mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/config.inc.php + chown root:www-data /etc/roundcube/debian-db-roundcube.php + chown root:www-data /etc/roundcube/config.inc.php sed -i "s#^\$config\['smtp_user'\].*#\$config\['smtp_user'\] = '%u';#g" /etc/roundcube/defaults.inc.php sed -i "s#^\$config\['smtp_pass'\].*#\$config\['smtp_pass'\] = '%p';#g" /etc/roundcube/defaults.inc.php if [ "$release" -eq 8 ]; then @@ -1594,7 +1631,7 @@ fi #----------------------------------------------------------# echo "=== Configure Admin User" -if [ "$release" -eq 11 ]; then +if [ "$release" -gt 10 ]; then echo "=== Switching to sha512" sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password fi @@ -1716,14 +1753,27 @@ if [ "$release" -eq 10 ]; then fi fi if [ "$release" -eq 11 ]; then - if [ -f "/etc/php/7.4/fpm/pool.d/$servername.conf" ]; then + if [ -f "/etc/php/8.2/fpm/pool.d/$servername.conf" ]; then echo "== FPM pool.d $servername tweaks" - sed -i "/^group =/c\group = www-data" /etc/php/7.4/fpm/pool.d/$servername.conf - sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.4/fpm/pool.d/$servername.conf - sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.4/fpm/pool.d/$servername.conf - sed -i "s|80M|800M|g" /etc/php/7.4/fpm/pool.d/$servername.conf - sed -i "s|256M|512M|g" /etc/php/7.4/fpm/pool.d/$servername.conf - service php7.4-fpm restart + sed -i "/^group =/c\group = www-data" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + service php8.2-fpm restart + ln -s /var/lib/roundcube /var/lib/roundcube/webmail + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' + fi +fi +if [ "$release" -eq 12 ]; then + if [ -f "/etc/php/8.2/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" + sed -i "/^group =/c\group = www-data" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + service php8.2-fpm restart ln -s /var/lib/roundcube /var/lib/roundcube/webmail /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' fi @@ -1785,7 +1835,10 @@ if [ "$release" -eq 10 ]; then apt-get -y install php7.3-apcu php7.3-mbstring php7.3-bcmath php7.3-curl php7.3-gd php7.3-intl php7.3-mysql php7.3-mysqlnd php7.3-pdo php7.3-soap php7.3-json php7.3-xml php7.3-zip php7.3-memcache php7.3-memcached php7.3-zip php7.3-imagick php7.3-imap fi if [ "$release" -eq 11 ]; then - apt-get -y install php7.4-apcu php7.4-mbstring php7.4-bcmath php7.4-curl php7.4-gd php7.4-intl php7.4-mysql php7.4-mysqlnd php7.4-pdo php7.4-soap php7.4-json php7.4-xml php7.4-zip php7.4-memcache php7.4-memcached php7.4-zip php7.4-imagick php7.4-imap + apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-json php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap +fi +if [ "$release" -eq 12 ]; then + apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-json php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap fi touch /var/log/php-mail.log @@ -1824,15 +1877,22 @@ fi if [ "$release" -eq 11 ]; then if [ $memory -lt 10000000 ]; then - echo "=== Patching php7.4-vps" - patch /etc/php/7.4/fpm/php.ini < $vestacp/php/php7.4-vps.patch + echo "=== Patching php8.2-vps" + patch /etc/php/8.2/fpm/php.ini < $vestacp/php/php8.2-vps.patch fi if [ $memory -gt 9999999 ]; then - echo "=== Patching php7.4-dedi" - patch /etc/php/7.4/fpm/php.ini < $vestacp/php/php7.4-dedi.patch + echo "=== Patching php8.2-dedi" + patch /etc/php/8.2/fpm/php.ini < $vestacp/php/php8.2-dedi.patch fi - update-alternatives --set php /usr/bin/php7.4 - service php7.4-fpm restart + update-alternatives --set php /usr/bin/php8.2 + service php8.2-fpm restart +fi + +if [ "$release" -eq 12 ]; then + echo "=== Patching php8.2" + patch /etc/php/8.2/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch + update-alternatives --set php /usr/bin/php8.2 + service php8.2-fpm restart fi # echo "=== Patching rcube_vcard.php" @@ -1928,7 +1988,7 @@ fi echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf -if [ "$release" -eq 10 ] || [ "$release" -eq 11 ]; then +if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" fi echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf From f3322275887ed0f49cf98b5d6226b44de3951d63 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 15:11:30 +0200 Subject: [PATCH 005/348] v-install-unsigned-ssl deb12 fix --- bin/v-install-unsigned-ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index ae14b68b..3395e4f2 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,7 +52,7 @@ fi # Action # #----------------------------------------------------------# - +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) email="info@$domain" From 420c0d097f8921fb1e68957f5eb88852bce31149 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 15:23:15 +0200 Subject: [PATCH 006/348] Reverting mistakenly changed 7.4 to 8.2 for deb12 --- install/vst-install-debian.sh | 50 +++++++++++++++++------------------ 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 5ded7a23..ede116ec 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1026,15 +1026,15 @@ if [ "$release" -eq 11 ]; then ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/default.sh - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl - ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl - ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.tpl fi if [ "$release" -eq 12 ]; then echo "== Symlink missing templates" @@ -1174,9 +1174,9 @@ if [ "$phpfpm" = 'yes' ]; then ensure_startup $currentservice ensure_start $currentservice elif [ "$release" -eq 11 ]; then - cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf - #update-rc.d php8.2-fpm defaults - currentservice='php8.2-fpm' + cp -f $vestacp/php-fpm/www.conf /etc/php/7.4/fpm/pool.d/www.conf + #update-rc.d php7.4-fpm defaults + currentservice='php7.4-fpm' ensure_startup $currentservice ensure_start $currentservice elif [ "$release" -eq 10 ]; then @@ -1753,14 +1753,14 @@ if [ "$release" -eq 10 ]; then fi fi if [ "$release" -eq 11 ]; then - if [ -f "/etc/php/8.2/fpm/pool.d/$servername.conf" ]; then + if [ -f "/etc/php/7.4/fpm/pool.d/$servername.conf" ]; then echo "== FPM pool.d $servername tweaks" - sed -i "/^group =/c\group = www-data" /etc/php/8.2/fpm/pool.d/$servername.conf - sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.2/fpm/pool.d/$servername.conf - sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.2/fpm/pool.d/$servername.conf - sed -i "s|80M|800M|g" /etc/php/8.2/fpm/pool.d/$servername.conf - sed -i "s|256M|512M|g" /etc/php/8.2/fpm/pool.d/$servername.conf - service php8.2-fpm restart + sed -i "/^group =/c\group = www-data" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/7.4/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/7.4/fpm/pool.d/$servername.conf + service php7.4-fpm restart ln -s /var/lib/roundcube /var/lib/roundcube/webmail /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' fi @@ -1835,7 +1835,7 @@ if [ "$release" -eq 10 ]; then apt-get -y install php7.3-apcu php7.3-mbstring php7.3-bcmath php7.3-curl php7.3-gd php7.3-intl php7.3-mysql php7.3-mysqlnd php7.3-pdo php7.3-soap php7.3-json php7.3-xml php7.3-zip php7.3-memcache php7.3-memcached php7.3-zip php7.3-imagick php7.3-imap fi if [ "$release" -eq 11 ]; then - apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-json php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap + apt-get -y install php7.4-apcu php7.4-mbstring php7.4-bcmath php7.4-curl php7.4-gd php7.4-intl php7.4-mysql php7.4-mysqlnd php7.4-pdo php7.4-soap php7.4-json php7.4-xml php7.4-zip php7.4-memcache php7.4-memcached php7.4-zip php7.4-imagick php7.4-imap fi if [ "$release" -eq 12 ]; then apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-json php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap @@ -1877,15 +1877,15 @@ fi if [ "$release" -eq 11 ]; then if [ $memory -lt 10000000 ]; then - echo "=== Patching php8.2-vps" - patch /etc/php/8.2/fpm/php.ini < $vestacp/php/php8.2-vps.patch + echo "=== Patching php7.4-vps" + patch /etc/php/7.4/fpm/php.ini < $vestacp/php/php7.4-vps.patch fi if [ $memory -gt 9999999 ]; then - echo "=== Patching php8.2-dedi" - patch /etc/php/8.2/fpm/php.ini < $vestacp/php/php8.2-dedi.patch + echo "=== Patching php7.4-dedi" + patch /etc/php/7.4/fpm/php.ini < $vestacp/php/php7.4-dedi.patch fi - update-alternatives --set php /usr/bin/php8.2 - service php8.2-fpm restart + update-alternatives --set php /usr/bin/php7.4 + service php7.4-fpm restart fi if [ "$release" -eq 12 ]; then From 58c2793e94e53e40bb27dbb4ac7a3d9ff2763bbc Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 15:59:47 +0200 Subject: [PATCH 007/348] vesta-nginx-deb12 conf fix --- src/deb/for-download/nginx/nginx-deb12.conf | 128 ++++++++++++++++++++ src/deb/vesta_compile.sh | 6 +- 2 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 src/deb/for-download/nginx/nginx-deb12.conf diff --git a/src/deb/for-download/nginx/nginx-deb12.conf b/src/deb/for-download/nginx/nginx-deb12.conf new file mode 100644 index 00000000..67f5c5bd --- /dev/null +++ b/src/deb/for-download/nginx/nginx-deb12.conf @@ -0,0 +1,128 @@ +user admin; +worker_processes 1; +error_log /usr/local/vesta/log/nginx-error.log; +pid /var/run/vesta-nginx.pid; + +events { + worker_connections 128; + use epoll; +} + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 3m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + access_log /usr/local/vesta/log/nginx-access.log main; + + + # SSL PCI Compliance + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_session_cache shared:SSL:10m; + ssl_prefer_server_ciphers on; + + + # Mime settings + include /usr/local/vesta/nginx/conf/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript application/javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + fastcgi_read_timeout 300; + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Vhost + server { + listen 8083; + server_name _; + root /usr/local/vesta/web; + charset utf-8; + + # Fix error "The plain HTTP request was sent to HTTPS port" + error_page 497 https://$host:$server_port$request_uri; + + # ssl on; + ssl_certificate /usr/local/vesta/ssl/certificate.crt; + ssl_certificate_key /usr/local/vesta/ssl/certificate.key; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + error_page 404 /error/404/index.html; + error_page 403 /error/index.html; + error_page 500 /error/index.html; + + location / { + expires max; + index index.php; + } + + location /error/ { + expires max; + index index.html; + } + + location /rrd/ { + expires off; + internal; + } + + location /backup/ { + root /; + internal; + } + + location ~ \.php$ { + include /usr/local/vesta/nginx/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/vesta/web/$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_pass unix:/var/run/vesta-php.sock; + fastcgi_intercept_errors on; + break; + } + } +} diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index af7d2f56..a80316d9 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -541,7 +541,11 @@ if [ "$NGINX_B" = true ]; then echo "=== Get nginx.conf" cd $BUILD_DIR/vesta-nginx_$VESTA_V - cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + if [ "$release" -lt 12 ]; then + cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + else + cp /root/vesta/src/deb/for-download/nginx/nginx-deb12.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + fi # if [ $BUILDING_NOW -eq 1 ]; then echo "=== copy binary" From 159755e053054f732aa21dc88773381ff731edda Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 16:25:06 +0200 Subject: [PATCH 008/348] deb12 spamassassin temporary fix --- install/vst-install-debian.sh | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ede116ec..8d7720e0 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -966,7 +966,11 @@ if [ "$exim" = 'yes' ]; then echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $VESTA/conf/vesta.conf fi if [ "$spamd" = 'yes' ]; then - echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + if [ "$release" -lt 12 ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + else + echo "ANTISPAM_SYSTEM='spamd'" >> $VESTA/conf/vesta.conf + fi fi if [ "$dovecot" = 'yes' ]; then echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf @@ -1514,12 +1518,15 @@ fi if [ "$spamd" = 'yes' ]; then echo "=== Configure SpamAssassin" #update-rc.d spamassassin defaults - sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin + if [ "$release" -lt 12 ]; then + sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin + currentservice='spamassassin' + else + currentservice='spamd' + fi wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf - currentservice='spamassassin' ensure_startup $currentservice - # ensure_start $currentservice - systemctl restart spamassassin + systemctl restart $currentservice fi From 83092b8ac889d7afb5010ed54e50079bde873335 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 17:51:26 +0200 Subject: [PATCH 009/348] Fix for deb12 xxd install and php8.2 in default package --- install/debian/12/packages/default.pkg | 2 +- install/vst-install-debian.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/install/debian/12/packages/default.pkg b/install/debian/12/packages/default.pkg index 45a34c96..cd1cbba1 100644 --- a/install/debian/12/packages/default.pkg +++ b/install/debian/12/packages/default.pkg @@ -1,4 +1,4 @@ -WEB_TEMPLATE='PHP-FPM-74' +WEB_TEMPLATE='PHP-FPM-82' PROXY_TEMPLATE='hosting' DNS_TEMPLATE='default' WEB_DOMAINS='unlimited' diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 8d7720e0..902dc8d3 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -30,7 +30,7 @@ if [ "$release" -eq 12 ]; then flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl - unrar-free vim-common net-tools unzip iptables" + unrar-free vim-common net-tools unzip iptables xxd" elif [ "$release" -eq 11 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php @@ -1845,7 +1845,7 @@ if [ "$release" -eq 11 ]; then apt-get -y install php7.4-apcu php7.4-mbstring php7.4-bcmath php7.4-curl php7.4-gd php7.4-intl php7.4-mysql php7.4-mysqlnd php7.4-pdo php7.4-soap php7.4-json php7.4-xml php7.4-zip php7.4-memcache php7.4-memcached php7.4-zip php7.4-imagick php7.4-imap fi if [ "$release" -eq 12 ]; then - apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-json php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap + apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap fi touch /var/log/php-mail.log From 89c86b84fdefeb8802854a1e682543610f54be72 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 18:03:49 +0200 Subject: [PATCH 010/348] deb12 new exim4 conf --- install/debian/12/exim/exim4.conf.template | 47 +- install/debian/12/exim/exim4.conf.template-RC | 446 ------------------ install/vst-install-debian.sh | 4 + 3 files changed, 43 insertions(+), 454 deletions(-) delete mode 100644 install/debian/12/exim/exim4.conf.template-RC diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 4b3c0dd9..7658b313 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -12,6 +12,10 @@ disable_ipv6=true add_environment=<; PATH=/bin:/usr/bin keep_environment= +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + domainlist local_domains = dsearch;/etc/exim4/domains/ domainlist relay_to_domains = dsearch;/etc/exim4/domains/ hostlist relay_from_hosts = 127.0.0.1 @@ -25,7 +29,12 @@ acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_mime = acl_check_mime -recipients_max = 15 +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 recipients_max_reject = true # log_selector = +smtp_connection @@ -69,11 +78,19 @@ acl_not_smtp = acl_not_smtp begin acl acl_not_smtp: - deny message = Web site is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period - ratelimit = 40 / 1h / $authenticated_id + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id warn ratelimit = 0 / 1h / strict / $authenticated_id - log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes accept @@ -109,11 +126,24 @@ acl_check_mail: acl_check_rcpt: accept hosts = : - deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period - ratelimit = 40 / 1h / $authenticated_id + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id warn ratelimit = 0 / 1h / strict / $authenticated_id - log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + set acl_m3 = yes deny message = Restricted characters in address domains = +local_domains @@ -313,7 +343,8 @@ begin transports remote_smtp: driver = smtp - #helo_data = $sender_address_domain + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" dkim_domain = DKIM_DOMAIN dkim_selector = mail dkim_private_key = DKIM_PRIVATE_KEY diff --git a/install/debian/12/exim/exim4.conf.template-RC b/install/debian/12/exim/exim4.conf.template-RC deleted file mode 100644 index 36ba2a0d..00000000 --- a/install/debian/12/exim/exim4.conf.template-RC +++ /dev/null @@ -1,446 +0,0 @@ -###################################################################### -# # -# Exim configuration file for Vesta Control Panel # -# # -###################################################################### - -#SPAMASSASSIN = yes -#SPAM_SCORE = 50 -#CLAMD = yes - -disable_ipv6=true -add_environment=<; PATH=/bin:/usr/bin -keep_environment= - -#local_interfaces = 0.0.0.0 -#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} -#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" - -domainlist local_domains = dsearch;/etc/exim4/domains/ -domainlist relay_to_domains = dsearch;/etc/exim4/domains/ -hostlist relay_from_hosts = 127.0.0.1 -hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf -hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf -no_local_from_check -untrusted_set_sender = * -acl_smtp_connect = acl_check_spammers -acl_smtp_mail = acl_check_mail -acl_smtp_rcpt = acl_check_rcpt -acl_smtp_data = acl_check_data -acl_smtp_mime = acl_check_mime - -LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 -LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 -LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 -LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 - -recipients_max = 150 -recipients_max_reject = true - -# log_selector = +smtp_connection -smtp_accept_max = 50 -smtp_accept_max_per_host = 4 - -.ifdef SPAMASSASSIN -spamd_address = 127.0.0.1 783 -.endif - -.ifdef CLAMD -av_scanner = clamd: /var/run/clamav/clamd.ctl -.endif - -tls_advertise_hosts = * -tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt -tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key - -daemon_smtp_ports = 25 : 465 : 587 : 2525 -tls_on_connect_ports = 465 -never_users = root -host_lookup = * -rfc1413_hosts = * -rfc1413_query_timeout = 0s -ignore_bounce_errors_after = 2d -timeout_frozen_after = 7d - -DKIM_DOMAIN = ${lc:${domain:$h_from:}} -DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem -DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} - - - -###################################################################### -# ACL CONFIGURATION # -# Specifies access control lists for incoming SMTP mail # -###################################################################### - -acl_not_smtp = acl_not_smtp - -begin acl - -acl_not_smtp: - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = yes - - accept - -acl_check_spammers: - accept hosts = +whitelist - - drop message = Your host in blacklist on this server. - log_message = Host in blacklist - hosts = +spammers - - accept - - -acl_check_mail: - deny condition = ${if eq{$sender_helo_name}{}} - message = HELO required before MAIL - - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid - condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} - condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} - delay = 45s - - drop condition = ${if isip{$sender_helo_name}} - message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} - message = $interface_address is _my_ address - - accept - - -acl_check_rcpt: - accept hosts = : - - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = no - - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} - set acl_m3 = yes - - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - - require verify = sender - - accept hosts = +relay_from_hosts - control = submission - - accept authenticated = * - control = submission/domain= - - deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text - hosts = !+whitelist - dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} - - require message = relay not permitted - domains = +local_domains : +relay_to_domains - - deny message = smtp auth requried - sender_domains = +local_domains - !authenticated = * - - require verify = recipient - -.ifdef CLAMD - warn set acl_m0 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} - set acl_m0 = yes -.endif - -.ifdef SPAMASSASSIN - warn set acl_m1 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} - set acl_m1 = yes -.endif - - accept - - -acl_check_data: - - deny senders = /etc/exim4/deny_senders - -.ifdef CLAMD - deny message = Message contains a virus ($malware_name) and has been rejected - malware = */defer_ok - condition = ${if eq{$acl_m0}{yes}{yes}{no}} -.endif - -.ifdef SPAMASSASSIN - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${if < {$message_size}{600K}} - condition = ${if eq{$acl_m1}{yes}{yes}{no}} - spam = nobody:true/defer_ok - add_header = X-Spam-Score: $spam_score_int - add_header = X-Spam-Bar: $spam_bar - add_header = X-Spam-Report: $spam_report - set acl_m2 = $spam_score_int - - warn condition = ${if !eq{$acl_m2}{} {yes}{no}} - condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} - add_header = X-Spam-Status: Yes - message = SpamAssassin detected spam (from $sender_address to $recipients). -.endif - - accept - - -acl_check_mime: - deny message = Blacklisted file extension detected - condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} - - accept - - - -###################################################################### -# AUTHENTICATION CONFIGURATION # -###################################################################### -begin authenticators - -dovecot_plain: - driver = dovecot - public_name = PLAIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - -dovecot_login: - driver = dovecot - public_name = LOGIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - - - -###################################################################### -# ROUTERS CONFIGURATION # -# Specifies how addresses are handled # -###################################################################### -begin routers - -#smarthost: -# driver = manualroute -# domains = ! +local_domains -# transport = remote_smtp -# route_list = * smartrelay.vestacp.com -# no_more -# no_verify - -dnslookup: - driver = dnslookup - domains = !+local_domains - transport = remote_smtp - no_more - -localuser_spam: - driver = accept - transport = local_spam_delivery - condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} - -userforward: - driver = redirect - check_local_user - file = $home/.forward - require_files = ${local_part}:+${home}/.forward - domains = +local_domains - allow_filter - no_verify - no_expn - check_ancestor - file_transport = address_file - pipe_transport = address_pipe - reply_transport = address_reply - -procmail: - driver = accept - check_local_user - require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail - transport = procmail - no_verify - -autoreplay: - driver = accept - require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg - condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} - retry_use_local_part - transport = userautoreply - unseen - -aliases: - driver = redirect - headers_add = X-redirected: yes - data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - require_files = /etc/exim4/domains/$domain/aliases - redirect_router = dnslookup - pipe_transport = address_pipe - unseen - -localuser_fwd_only: - driver = accept - transport = devnull - condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} - -localuser: - driver = accept - transport = local_delivery - condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} - -catchall: - driver = redirect - headers_add = X-redirected: yes - require_files = /etc/exim4/domains/$domain/aliases - data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - file_transport = local_delivery - redirect_router = dnslookup - -terminate_alias: - driver = accept - transport = devnull - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} - - - -###################################################################### -# TRANSPORTS CONFIGURATION # -###################################################################### -begin transports - -remote_smtp: - driver = smtp - #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} - #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" - dkim_domain = DKIM_DOMAIN - dkim_selector = mail - dkim_private_key = DKIM_PRIVATE_KEY - dkim_canon = relaxed - dkim_strict = 0 - hosts_try_fastopen = !*.l.google.com - hosts_try_chunking = !93.188.3.0/24 - -procmail: - driver = pipe - command = "/usr/bin/procmail -d $local_part" - return_path_add - delivery_date_add - envelope_to_add - user = $local_part - initgroups - return_output - -local_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_warn_threshold = 75% - -local_spam_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota_warn_threshold = 75% - -address_pipe: - driver = pipe - return_output - -address_file: - driver = appendfile - delivery_date_add - envelope_to_add - return_path_add - -address_reply: - driver = autoreply - -userautoreply: - driver = autoreply - file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg - from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" - headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit - subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" - to = "${sender_address}" - -devnull: - driver = appendfile - file = /dev/null - - - -###################################################################### -# RETRY CONFIGURATION # -###################################################################### -begin retry - -# Address or Domain Error Retries -# ----------------- ----- ------- -* * F,2h,15m; G,16h,1h,1.5; F,4d,6h - - - -###################################################################### -# REWRITE CONFIGURATION # -###################################################################### -begin rewrite - - - -###################################################################### diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 902dc8d3..614ace71 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1426,6 +1426,10 @@ if [ "$exim" = 'yes' ]; then cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ cp -f $vestacp/exim/deny_senders /etc/exim4/ touch /etc/exim4/white-blocks.conf + touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_email_account_max_recipients + touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_hosting_account_max_recipients if [ "$spamd" = 'yes' ]; then sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template From b535c863d6c9aa157616d5fa37ded62012ee17a2 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 18:12:35 +0200 Subject: [PATCH 011/348] deb12 spamd install --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 614ace71..6573edce 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -30,7 +30,7 @@ if [ "$release" -eq 12 ]; then flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl - unrar-free vim-common net-tools unzip iptables xxd" + unrar-free vim-common net-tools unzip iptables xxd spamd" elif [ "$release" -eq 11 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php From a6fdb87f7db17dc7adf5b6f371d4c546c9377a37 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 18:24:33 +0200 Subject: [PATCH 012/348] v-list-sys-services deb12 mariadb detection fix --- bin/v-list-sys-services | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services index cddb59be..3d876101 100755 --- a/bin/v-list-sys-services +++ b/bin/v-list-sys-services @@ -297,7 +297,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then if [ "$service" = 'mysql' ]; then proc_name='mysqld' release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -eq 11 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then + if [ "$release" -gt 10 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then service='mariadb' proc_name='mariadbd' fi From d52e27cc05db80a2de7754d9b8f1b76621755a85 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 18:50:27 +0200 Subject: [PATCH 013/348] deb12 install rsyslog --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 6573edce..627a4219 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -30,7 +30,7 @@ if [ "$release" -eq 12 ]; then flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl - unrar-free vim-common net-tools unzip iptables xxd spamd" + unrar-free vim-common net-tools unzip iptables xxd spamd rsyslog" elif [ "$release" -eq 11 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php From c74dfde17013d5b608631675bb8d11c12337a684 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 19:01:26 +0200 Subject: [PATCH 014/348] deb12 exim4 smtputf8_advertise_hosts --- install/debian/12/exim/exim4.conf.template | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 7658b313..c168ec34 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -11,6 +11,7 @@ disable_ipv6=true add_environment=<; PATH=/bin:/usr/bin keep_environment= +smtputf8_advertise_hosts = #local_interfaces = 0.0.0.0 #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} From ce5fac9b07e9a84dc51a89dbd2446d8c61f7c785 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 20:49:36 +0200 Subject: [PATCH 015/348] deb12 nginx listen ssl --- bin/v-change-vesta-port | 1 + src/deb/for-download/nginx/nginx-deb12.conf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-change-vesta-port b/bin/v-change-vesta-port index 3f386654..7ea7827e 100755 --- a/bin/v-change-vesta-port +++ b/bin/v-change-vesta-port @@ -41,6 +41,7 @@ is_int_format_valid "$port" 'port number' #----------------------------------------------------------# sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf +sed -i "s|$oldport ssl;|$port ssl;|g" $VESTA/nginx/conf/nginx.conf if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php fi diff --git a/src/deb/for-download/nginx/nginx-deb12.conf b/src/deb/for-download/nginx/nginx-deb12.conf index 67f5c5bd..cf236824 100644 --- a/src/deb/for-download/nginx/nginx-deb12.conf +++ b/src/deb/for-download/nginx/nginx-deb12.conf @@ -78,7 +78,7 @@ http { # Vhost server { - listen 8083; + listen 8083 ssl; server_name _; root /usr/local/vesta/web; charset utf-8; From 93a6d0b6e97c4f2caf397878540f552838ebc88c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 17 Jun 2023 23:00:40 +0200 Subject: [PATCH 016/348] deb12 fail2ban auth.log fix --- install/vst-install-debian.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 627a4219..ab47493c 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1630,6 +1630,13 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local fi + if [ ! -e /var/log/auth.log ]; then + # Debian workaround: auth logging was moved to systemd + # We took this fix from HestiaCP + touch /var/log/auth.log + chmod 640 /var/log/auth.log + chown root:adm /var/log/auth.log + fi #update-rc.d fail2ban defaults currentservice='fail2ban' ensure_startup $currentservice From 599ce37116afeb7f2d1138b2252eeab0a87fa0d7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 18 Jun 2023 19:11:55 +0200 Subject: [PATCH 017/348] exim4 fix for Tainted filename for search for aliases --- install/debian/12/exim/exim4.conf.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index c168ec34..6964df9d 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -143,7 +143,7 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + ondition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes deny message = Restricted characters in address From 1d89e935e14da52f4146b08e030d7b0bd1f7637a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 18 Jun 2023 19:13:09 +0200 Subject: [PATCH 018/348] Update exim4.conf.template --- install/debian/12/exim/exim4.conf.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 6964df9d..e6abbe8e 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -143,7 +143,7 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts - ondition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes deny message = Restricted characters in address From 82956ffa9e73f4dedee973912333d62334dd48b6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 18 Jun 2023 22:00:38 +0200 Subject: [PATCH 019/348] Setting up rsyslog for deb12 --- install/vst-install-debian.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ab47493c..5bbfc93b 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -833,6 +833,12 @@ fi echo "=== Enabling daemon autostart" rm -f /usr/sbin/policy-rc.d +if [ "$release" -gt 11 ]; then + echo "=== Setting up rsyslog" + currentservice='rsyslog' + ensure_startup $currentservice + ensure_start $currentservice +fi #----------------------------------------------------------# # Configure system # From b3336ba630807a5aa85867d52c687ba591960f65 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 19 Jun 2023 00:14:37 +0200 Subject: [PATCH 020/348] Update exim4.conf.template-RC deb11 --- install/debian/11/exim/exim4.conf.template-RC | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/debian/11/exim/exim4.conf.template-RC b/install/debian/11/exim/exim4.conf.template-RC index e16099bd..5a4d0414 100644 --- a/install/debian/11/exim/exim4.conf.template-RC +++ b/install/debian/11/exim/exim4.conf.template-RC @@ -145,7 +145,7 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes deny message = Restricted characters in address From fdff356aa726c9883b6b7b080c972b403d470de2 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 25 Jun 2023 23:50:21 +0200 Subject: [PATCH 021/348] Switching signing apt key to "gpg --dearmor" --- install/vst-install-debian.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 5bbfc93b..bea5eb78 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -18,6 +18,7 @@ os='debian' release=$(cat /etc/debian_version | tr "." "\n" | head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" +ARCH="amd64" if [ "$release" -eq 12 ]; then software="nginx apache2 apache2-utils @@ -581,15 +582,19 @@ apt-get -y upgrade check_result $? 'apt-get upgrade failed' echo "=== Installing nginx repo" -apt=/etc/apt/sources.list.d -echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list -wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key -apt-key add /tmp/nginx_signing.key +apt="/etc/apt/sources.list.d" +# echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list +# wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key +# apt-key add /tmp/nginx_signing.key +echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list +curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1 echo "=== Installing myVesta repo" -echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list -wget $CHOST/deb_signing.key -O deb_signing.key -apt-key add deb_signing.key +# echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list +# wget $CHOST/deb_signing.key -O deb_signing.key +# apt-key add deb_signing.key +echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/myvesta-keyring.gpg] https://$RHOST/$codename/ $codename vesta" > $apt/vesta.list +curl -s $CHOST/deb_signing.key | gpg --dearmor | tee /usr/share/keyrings/myvesta-keyring.gpg > /dev/null 2>&1 # Installing jessie backports if [ "$release" -eq 8 ]; then From ebd100521f3786b58540358d3cfac456fd213aef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 26 Jun 2023 00:01:52 +0200 Subject: [PATCH 022/348] Temporary ProFTPD fix for Debian12 --- install/vst-install-debian.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index bea5eb78..d8cb251d 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1261,6 +1261,12 @@ if [ "$proftpd" = 'yes' ]; then currentservice='proftpd' ensure_startup $currentservice ensure_start $currentservice + + # Temporary ProFTPD fix for Debian12 + if [ "$release" -eq 12 ]; then + systemctl disable --now proftpd.socket + systemctl enable --now proftpd.service + fi fi From d41ca3276130e1474f3505b5984fccd93259c0d9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 26 Jun 2023 10:21:16 +0200 Subject: [PATCH 023/348] Update install-new-roundcube.sh 1.6.1 --- src/deb/for-download/tools/install-new-roundcube.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index 6311563e..a4404fc4 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -3,7 +3,7 @@ USER='webmail' DOMAIN='' # enter domain or subdomain -VERSION='1.6.0' +VERSION='1.6.1' DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz" LOGINMESSAGE1='Click here for NEW Webmail' From 473277dd2972ec746489cfc40ad643e225008c44 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 26 Jun 2023 14:39:45 +0200 Subject: [PATCH 024/348] Update install-new-roundcube.sh - deleting filter plugin --- src/deb/for-download/tools/install-new-roundcube.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index a4404fc4..55bdd320 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -175,10 +175,10 @@ if [ -d "/home/$USER/web/$DOMAIN/public_html/plugins/password" ]; then cp /usr/share/roundcube/plugins/password/drivers/vesta.php /home/$USER/web/$DOMAIN/public_html/plugins/password/drivers/vesta.php fi -wget -nv https://c.myvestacp.com/tools/roundcube-filters.tgz -O /root/roundcube-filters.tgz -tar --directory /home/$USER/web/$DOMAIN/public_html/plugins -xzf /root/roundcube-filters.tgz +# wget -nv https://c.myvestacp.com/tools/roundcube-filters.tgz -O /root/roundcube-filters.tgz +# tar --directory /home/$USER/web/$DOMAIN/public_html/plugins -xzf /root/roundcube-filters.tgz +# sed -i "s/\$config\['plugins'\] = \[/\$config['plugins'] = ['filters', /g" /home/$USER/web/$DOMAIN/public_html/config/config.inc.php -sed -i "s/\$config\['plugins'\] = \[/\$config['plugins'] = ['filters', /g" /home/$USER/web/$DOMAIN/public_html/config/config.inc.php echo "\$config['session_lifetime'] = 1080;" >> /home/$USER/web/$DOMAIN/public_html/config/config.inc.php fix_ownership From c41a540494ed552875752ba0a1257cc554cf20f0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 26 Jun 2023 14:45:37 +0200 Subject: [PATCH 025/348] Update install-new-roundcube.sh --- .../tools/install-new-roundcube.sh | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index 55bdd320..8838e0ab 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -140,6 +140,27 @@ if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl" ]; then apt install -y php7.4-imap echo "================================" fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-80.tpl" ]; then + echo "================================" + echo "== Installing php8.0-imap module" + apt update + apt install -y php8.0-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-81.tpl" ]; then + echo "================================" + echo "== Installing php8.1-imap module" + apt update + apt install -y php8.1-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl" ]; then + echo "================================" + echo "== Installing php8.2-imap module" + apt update + apt install -y php8.2-imap + echo "================================" +fi echo "-------------------------------------" echo "Go to:" @@ -147,6 +168,7 @@ echo "https://${DOMAIN}/installer/" echo "... and finish the Roundcube installation." echo "" echo "You will be asked for:" +echo "Database host: localhost" echo "Database user: $DATABASE_NAME" echo "Database name: $DATABASE_NAME" echo "Database pass: $DATABASE_PASSWORD" @@ -183,9 +205,11 @@ echo "\$config['session_lifetime'] = 1080;" >> /home/$USER/web/$DOMAIN/public_ht fix_ownership -check_grep=$(grep -c 'color: white; font-size: 12pt' /usr/share/roundcube/skins/larry/templates/login.html) -if [ "$check_grep" -eq 0 ]; then - sed -i "s||

$LOGINMESSAGE1
$LOGINMESSAGE2


\n\n|g" /usr/share/roundcube/skins/larry/templates/login.html +if [ -f "/usr/share/roundcube/skins/larry/templates/login.html" ]; then + check_grep=$(grep -c 'color: white; font-size: 12pt' /usr/share/roundcube/skins/larry/templates/login.html) + if [ "$check_grep" -eq 0 ]; then + sed -i "s||

$LOGINMESSAGE1
$LOGINMESSAGE2


\n\n|g" /usr/share/roundcube/skins/larry/templates/login.html + fi fi check_grep=$(grep -c 'MAIL_URL=' /usr/local/vesta/conf/vesta.conf) From ac98e1d9aa284bc3abe0d2abf33fa2a8071ed2ce Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 26 Jun 2023 21:52:43 +0200 Subject: [PATCH 026/348] Patching spamassassin dns_server --- install/vst-install-debian.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index d8cb251d..b4f5e0cc 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1545,6 +1545,9 @@ if [ "$spamd" = 'yes' ]; then else currentservice='spamd' fi + echo "=== Patching spamassassin dns_server" + sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf + wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf ensure_startup $currentservice systemctl restart $currentservice From a6eedcc6a97610909eb61c923d888de40f276628 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 26 Jun 2023 22:00:46 +0200 Subject: [PATCH 027/348] Creating spamassassin /nonexistent folder --- install/vst-install-debian.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index b4f5e0cc..e7c9a0a9 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1545,6 +1545,12 @@ if [ "$spamd" = 'yes' ]; then else currentservice='spamd' fi + + echo "=== Creating spamassassin /nonexistent folder" + mkdir /nonexistent + mkdir /nonexistent/.spamassassin + chown -R nobody:debian-spamd /nonexistent + echo "=== Patching spamassassin dns_server" sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf From fb3e1e52e07043c27e897173aef79c1d0da2159d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 12:20:28 +0200 Subject: [PATCH 028/348] Update barracuda.cf --- src/deb/for-download/tools/spamassassin/barracuda.cf | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/deb/for-download/tools/spamassassin/barracuda.cf b/src/deb/for-download/tools/spamassassin/barracuda.cf index 4491d645..1c0706c3 100644 --- a/src/deb/for-download/tools/spamassassin/barracuda.cf +++ b/src/deb/for-download/tools/spamassassin/barracuda.cf @@ -1,15 +1,9 @@ header IN_BCUDA_RBL rbleval:check_rbl('bcuda', 'b.barracudacentral.org') describe IN_BCUDA_RBL Received via a relay listed by Barracuda BRBL tflags IN_BCUDA_RBL net +score RCVD_IN_BCUDA_RBL 2.00 -header RCVD_IN_BCUDA_RELAY rbleval:check_rbl_results_for('bcuda', '127.0.0.2') +header RCVD_IN_BCUDA_RELAY rbleval:check_rbl_sub('bcuda', '127.0.0.2') describe RCVD_IN_BCUDA_RELAY BCUDA: relay ip is convicted spammer tflags RCVD_IN_BCUDA_RELAY net - -score RCVD_IN_BCUDA_RBL 1.00 score RCVD_IN_BCUDA_RELAY 3.00 - -header IN_BCUDA_HOP rbleval:check_rbl('bcuda-notfirsthop', 'b.barracudacentral.org') -describe IN_BCUDA_HOP Received via a relay listed by Barracuda BRBL -tflags IN_BCUDA_HOP net -score RCVD_IN_BCUDA_HOP 1.00 From e095751b8b4d471d59b88726489e942de1b32a3d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 13:09:12 +0200 Subject: [PATCH 029/348] Update barracuda.cf - correcting scores --- src/deb/for-download/tools/spamassassin/barracuda.cf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deb/for-download/tools/spamassassin/barracuda.cf b/src/deb/for-download/tools/spamassassin/barracuda.cf index 1c0706c3..4d5aa0c4 100644 --- a/src/deb/for-download/tools/spamassassin/barracuda.cf +++ b/src/deb/for-download/tools/spamassassin/barracuda.cf @@ -1,9 +1,9 @@ header IN_BCUDA_RBL rbleval:check_rbl('bcuda', 'b.barracudacentral.org') describe IN_BCUDA_RBL Received via a relay listed by Barracuda BRBL tflags IN_BCUDA_RBL net -score RCVD_IN_BCUDA_RBL 2.00 +score RCVD_IN_BCUDA_RBL 1.00 header RCVD_IN_BCUDA_RELAY rbleval:check_rbl_sub('bcuda', '127.0.0.2') describe RCVD_IN_BCUDA_RELAY BCUDA: relay ip is convicted spammer tflags RCVD_IN_BCUDA_RELAY net -score RCVD_IN_BCUDA_RELAY 3.00 +score RCVD_IN_BCUDA_RELAY 4.00 From 9290ba6071ceb9345e25a6a19b04a2bbcd015816 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 15:22:30 +0200 Subject: [PATCH 030/348] Version 0.9.9-0-4 --- src/deb/latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 321145a8..8ebe40d1 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-3 \ No newline at end of file +vesta-0.9.9-0-4 From d4f0baa4ad3029cbd54ec7d1fec0beb3f76e1921 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 15:24:58 +0200 Subject: [PATCH 031/348] Update Changelog.md --- Changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Changelog.md b/Changelog.md index f8301fd8..ee9e1b65 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +Version 0.9.9-0-4 [27-Jun-2023] +================================================== +* Support for Debian 12 + Version 0.9.9-0-2 [12-Jun-2023] ================================================== * Hosting panel UI perfomance fix From 12c65839c286717b2c70e43d02eb7f7fe7cc0cd1 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 15:28:36 +0200 Subject: [PATCH 032/348] Update Changelog.md --- Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index ee9e1b65..3f5fb37b 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,6 +1,6 @@ Version 0.9.9-0-4 [27-Jun-2023] ================================================== -* Support for Debian 12 +* Support for Debian 12 ( in mutual cooperation with @HestiaCP ) Version 0.9.9-0-2 [12-Jun-2023] ================================================== From dc8abe95f071cbcc80145912f9caf795b328b48b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Jun 2023 18:58:52 +0200 Subject: [PATCH 033/348] Update list_user.html - coffee typo --- web/templates/admin/list_user.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/admin/list_user.html b/web/templates/admin/list_user.html index 066513ee..0bcbddd7 100644 --- a/web/templates/admin/list_user.html +++ b/web/templates/admin/list_user.html @@ -81,7 +81,7 @@
Donate - Buy us a coffe + Buy us a coffee
Wiki From ef5ef951940ed7bcf3f47f02e2695104b7f23c6b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 28 Jun 2023 15:22:05 +0200 Subject: [PATCH 034/348] get deb12 exim conf --- bin/v-make-separated-ip-for-email | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index a26c68e3..a25fc6dd 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -138,7 +138,7 @@ check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template) if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup - cp /usr/local/vesta/install/debian/11/exim/exim4.conf.template-RC /etc/exim4/exim4.conf.template + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template From 7ee011a9d3b6c72183a455fe9d68c2ed9ea35c1a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Jul 2023 14:41:38 +0200 Subject: [PATCH 035/348] Update v-import-cpanel-backup --- bin/v-import-cpanel-backup | 45 +++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 02383018..4faad31e 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -269,28 +269,29 @@ cd $sk_mdir for sk_maild in $(ls -1) do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then - if [ -d "$sk_maild" ]; then - for sk_mail_account in $(ls $sk_maild/) - do - - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - echo "Set password for ${sk_mail_account}@${sk_maild}" - pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') - newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" - newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" - # echo $newline - escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') - escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') - sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd - sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf - done - fi + if [ -d "$sk_maild" ]; then + for sk_mail_account in $(ls $sk_maild/) + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + # echo $newline + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + fi + done + fi #else # this only detect default dirs account new, cur, tmp etc # maybe can do something with this, but on most cpanel default account have only spam. From 12d6e59a7ec278e34117f674739988db20eca0d1 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Jul 2023 14:50:16 +0200 Subject: [PATCH 036/348] Update v-import-cpanel-backup --- bin/v-import-cpanel-backup | 44 ++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 4faad31e..f92ae5af 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -271,25 +271,25 @@ do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then if [ -d "$sk_maild" ]; then for sk_mail_account in $(ls $sk_maild/) - do - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then - echo "Set password for ${sk_mail_account}@${sk_maild}" - pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') - newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" - newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" - # echo $newline - escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') - escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') - sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd - sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf - fi + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + else + echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + fi done fi #else @@ -368,7 +368,9 @@ tput setaf 4 echo "##############################" echo "cPanel Backup restored" echo "Review your content and report any fail" -# echo "I reset mail password not posible restore it yet." -# echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then + echo "I reset mail password not posible restore it yet." + echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +fi echo "##############################" tput sgr0 From 5d2f0d68e0a707f3a1db593a755bc3e86a0a5dad Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 29 Jul 2023 14:40:19 +0200 Subject: [PATCH 037/348] Removing sury repo from multi-php-install.sh for Debian 8 and 9 --- src/deb/for-download/tools/multi-php-install.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 88528e92..4d86050d 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -95,12 +95,8 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - if [ $debian_version -eq 8 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ jessie main" > /etc/apt/sources.list.d/php.list' - fi - if [ $debian_version -eq 9 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/php.list' + if [ $debian_version -ge 10 ]; then + wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi if [ $debian_version -eq 10 ]; then sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' From 843d4a94e2ae6df08654090f95fd19d3c3914ac3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 8 Aug 2023 15:41:25 +0200 Subject: [PATCH 038/348] Update install_rate_limit_tpl.sh --- .../for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 8710008c..3cae3526 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -54,4 +54,4 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl -service nginx restart +systemctl restart nginx From e82378c9358ae98ec0b4c50722890b9fd9f7c33f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 15:45:37 +0200 Subject: [PATCH 039/348] v-grep LF ending --- bin/v-grep | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/bin/v-grep b/bin/v-grep index 3e467129..045751a5 100644 --- a/bin/v-grep +++ b/bin/v-grep @@ -1,21 +1,21 @@ -#!/bin/bash -# info: calling myvesta_grep PHP function -# options: PARAMETERS -# -# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - - -if [ -p /dev/stdin ]; then - STDIN=$(cat -) - if [ ! -z "$STDIN" ]; then - echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" - exit $? - fi -fi - -php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" -exit $? +#!/bin/bash +# info: calling myvesta_grep PHP function +# options: PARAMETERS +# +# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" + exit $? + fi +fi + +php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" +exit $? From 4d7ce60f39e675982bfdaf443e88be9b7e206787 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 20:11:40 +0200 Subject: [PATCH 040/348] deb12 fixes in postinst --- src/deb/vesta/postinst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 09195d4c..9b074aaf 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -26,7 +26,7 @@ fi # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Patching exim4.conf for: smtputf8_advertise_hosts -if [ "$release" -gt 10 ]; then +if [ "$release" -ge 11 ]; then if [ -f "/etc/exim4/exim4.conf.template" ]; then if ! grep -q 'smtputf8_advertise_hosts' /etc/exim4/exim4.conf.template; then echo 'Patching exim4.conf for: smtputf8_advertise_hosts' @@ -47,7 +47,7 @@ if [ -f "/etc/exim4/exim4.conf.template" ]; then fi # Making sure yescrypt is disabled -if [ "$release" -eq 11 ]; then +if [ "$release" -ge 11 ]; then sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password fi @@ -66,13 +66,18 @@ if [ "$release" -eq 11 ]; then ADD=" hosts_try_fastopen = \!\*.l.google.com" sed -i "s#$FIND#$FIND\n$ADD#g" /etc/exim4/exim4.conf.template systemctl restart exim4 - - sed -i "s/net.ipv4.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv4/tcp_window_scaling fi fi fi +if [ "$release" -ge 11 ]; then + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi +fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then From cb52ef65b41ca1da71114cb6ba0e5249a0ae8166 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 9 Aug 2023 20:14:34 +0200 Subject: [PATCH 041/348] postinst removing tabs indent --- src/deb/vesta/postinst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 9b074aaf..d1c92a8c 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -71,12 +71,12 @@ if [ "$release" -eq 11 ]; then fi if [ "$release" -ge 11 ]; then - check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) - if [ "$check_grep" -gt 0 ]; then - echo "=== Removing net.ipv4.tcp_window_scaling" - sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv4/tcp_window_scaling - fi + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi fi # Adding Barracuda RBL to SpamAssassin From 0213d749eeebd6a46477afd9c554206741054763 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:03:16 +0200 Subject: [PATCH 042/348] Update exim_forwarding.patch --- src/deb/for-download/tools/patches/exim_forwarding.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/patches/exim_forwarding.patch b/src/deb/for-download/tools/patches/exim_forwarding.patch index 1fa6d408..dcefe327 100644 --- a/src/deb/for-download/tools/patches/exim_forwarding.patch +++ b/src/deb/for-download/tools/patches/exim_forwarding.patch @@ -6,7 +6,7 @@ + warn !authenticated = * + hosts = !+relay_from_hosts -+ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} ++ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + deny message = Restricted characters in address From bb79f9f8c01b49c10c862f09e5e263927c78d323 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Aug 2023 20:50:20 +0200 Subject: [PATCH 043/348] deb12 nginx http2 on; --- install/debian/12/nginx/nginx.conf | 2 +- install/debian/12/templates/web/nginx/force-https-legacy.stpl | 3 ++- install/debian/12/templates/web/nginx/force-https-public.stpl | 3 ++- .../12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl | 3 ++- install/debian/12/templates/web/nginx/force-https.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting-legacy.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting-public.stpl | 3 ++- .../12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl | 3 ++- install/debian/12/templates/web/nginx/hosting.stpl | 3 ++- install/debian/12/templates/web/nginx/private-force-https.stpl | 3 ++- install/debian/12/templates/web/nginx/private-hosting.stpl | 3 ++- 11 files changed, 21 insertions(+), 11 deletions(-) diff --git a/install/debian/12/nginx/nginx.conf b/install/debian/12/nginx/nginx.conf index 6d5e36ba..6efe2337 100644 --- a/install/debian/12/nginx/nginx.conf +++ b/install/debian/12/nginx/nginx.conf @@ -100,7 +100,7 @@ http { # SSL PCI Compliance ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl index 79e55a26..bea7d86c 100644 --- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssll + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-public.stpl b/install/debian/12/templates/web/nginx/force-https-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/force-https-public.stpl +++ b/install/debian/12/templates/web/nginx/force-https-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https.stpl b/install/debian/12/templates/web/nginx/force-https.stpl index 33fab443..55f41002 100644 --- a/install/debian/12/templates/web/nginx/force-https.stpl +++ b/install/debian/12/templates/web/nginx/force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.stpl b/install/debian/12/templates/web/nginx/hosting-legacy.stpl index a34b4bf1..efdd3b87 100644 --- a/install/debian/12/templates/web/nginx/hosting-legacy.stpl +++ b/install/debian/12/templates/web/nginx/hosting-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-public.stpl b/install/debian/12/templates/web/nginx/hosting-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/hosting-public.stpl +++ b/install/debian/12/templates/web/nginx/hosting-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting.stpl b/install/debian/12/templates/web/nginx/hosting.stpl index 755caadf..5745311e 100644 --- a/install/debian/12/templates/web/nginx/hosting.stpl +++ b/install/debian/12/templates/web/nginx/hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-force-https.stpl b/install/debian/12/templates/web/nginx/private-force-https.stpl index 64094fb8..bf805683 100644 --- a/install/debian/12/templates/web/nginx/private-force-https.stpl +++ b/install/debian/12/templates/web/nginx/private-force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-hosting.stpl b/install/debian/12/templates/web/nginx/private-hosting.stpl index fd9471bd..8e5b3f7b 100644 --- a/install/debian/12/templates/web/nginx/private-hosting.stpl +++ b/install/debian/12/templates/web/nginx/private-hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; From 658680095bae44d5495219282f4e752ef5403ee0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Aug 2023 20:52:13 +0200 Subject: [PATCH 044/348] http2 typo --- install/debian/12/templates/web/nginx/force-https-legacy.stpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl index bea7d86c..8e636db3 100644 --- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%proxy_ssl_port% ssll + listen %ip%:%proxy_ssl_port% ssl; http2 on; server_name %domain_idn% %alias_idn%; From c32036e53181d11e9b693ead4651d2973413d572 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 11:23:57 +0200 Subject: [PATCH 045/348] Handling tailf watcher processes in v-clean-garbage --- bin/v-clean-garbage | 19 +++++++++++++++++++ bin/v-commander | 19 ------------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 72e8560e..6dc006ae 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -21,6 +21,14 @@ source /usr/local/vesta/func/main.sh # Action # #----------------------------------------------------------# +# turn off tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') +fi + rm /var/backups/* > /dev/null 2>&1 rm /var/cache/apt/archives/* > /dev/null 2>&1 cd /var/log @@ -41,6 +49,9 @@ find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete find /var/log/exim4/ -type f -exec truncate -s 0 {} \; +truncate -s 0 /*.log +rm /panic-*.log +rm /var/log/panic-*.log clean_home() { nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete @@ -74,6 +85,14 @@ if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban fi +# turn on tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & +fi + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-commander b/bin/v-commander index 06a5f737..e0850737 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -354,32 +354,13 @@ do echo "=============================" echo "== cleaning trash" df -m - ps -Af | grep tailf | grep -v "grep tailf" - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') - fi echo "------" ps -Af | grep tailf | grep -v "grep tailf" echo "------" - sleep 2 - truncate -s 0 /*.log - rm /panic-*.log - rm /var/log/panic-*.log /usr/local/vesta/bin/v-clean-garbage - sleep 2 - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & - fi echo "--------------" df -m echo "--------------" - sleep 2 ps -Af | grep tailf | grep -v "grep tailf" fi From b80a9756213305c30f5cfc86fb71cfee65aa076d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 11:37:04 +0200 Subject: [PATCH 046/348] Muting some unnecessary cleaning errors --- bin/v-clean-garbage | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 6dc006ae..a53cace8 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -49,9 +49,9 @@ find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete find /var/log/exim4/ -type f -exec truncate -s 0 {} \; -truncate -s 0 /*.log -rm /panic-*.log -rm /var/log/panic-*.log +truncate -s 0 /*.log > /dev/null 2>&1 +rm /panic-*.log > /dev/null 2>&1 +rm /var/log/panic-*.log > /dev/null 2>&1 clean_home() { nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete From 34c0588b76c31bdee93c679bbb1407dafd186c3c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:05:26 +0200 Subject: [PATCH 047/348] ignoring nohup messages --- bin/v-clean-garbage | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index a53cace8..323ee80d 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -87,10 +87,10 @@ fi # turn on tailf watcher process if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 & fi if [ -f "/usr/local/bin/tailf_exim.php" ]; then - nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & fi #----------------------------------------------------------# From 8d467b98abcd44ec7561c86af8149a9d987b150b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 23 Aug 2023 14:39:44 +0200 Subject: [PATCH 048/348] Muting some unnecessary cleaning errors --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 323ee80d..e588904c 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -54,7 +54,7 @@ rm /panic-*.log > /dev/null 2>&1 rm /var/log/panic-*.log > /dev/null 2>&1 clean_home() { - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1 find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 From 022f3078f51df8000f99312beffb1c091366183b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 6 Sep 2023 14:45:40 +0200 Subject: [PATCH 049/348] Fixing 'dh key too small' in dovecot --- src/deb/vesta/postinst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d1c92a8c..3f237f10 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,17 @@ fi # echo "1" > /usr/local/vesta/data/upgrades/show_changelog # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Fixing 'dh key too small' in dovecot +if [ -f "/var/log/dovecot.log" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log; then + if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then + echo "== Fixing 'dh key too small' in dovecot" + echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf + systemctl restart dovecot + fi + fi +fi + # Patching exim4.conf for: smtputf8_advertise_hosts if [ "$release" -ge 11 ]; then if [ -f "/etc/exim4/exim4.conf.template" ]; then From 06527b4d49be97366926173bfd90a4b566a773a7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Sep 2023 01:12:08 +0200 Subject: [PATCH 050/348] Update postinst --- src/deb/vesta/postinst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 3f237f10..e53fee72 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -26,8 +26,8 @@ fi # chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Fixing 'dh key too small' in dovecot -if [ -f "/var/log/dovecot.log" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then - if grep -q 'dh key too small' /var/log/dovecot.log; then +if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log.1; then if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then echo "== Fixing 'dh key too small' in dovecot" echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf From c43b3b09766e2d09033e9a4ab7faf34f3893de60 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 16 Sep 2023 01:11:30 +0200 Subject: [PATCH 051/348] Check if source user is suspended --- bin/v-move-domain-and-database-to-account | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index d055e361..7524d229 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user + USER_TO=$user #----------------------------------------------------------# From 39a4dffbcece94e04f626b6ac6f1274aadb7876e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 16 Sep 2023 01:20:19 +0200 Subject: [PATCH 052/348] Check if source user is suspended --- bin/v-change-domain-owner | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 8f267307..c3f8bcfa 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user #----------------------------------------------------------# # Action # From 1709e9ae3d2ffa3c8ae8f748fba6b53833250c58 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 24 Sep 2023 16:58:29 +0200 Subject: [PATCH 053/348] Disabling SpamAssassin on Deb12 --- bin/v-commander | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index e0850737..073c6d72 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -241,8 +241,13 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" - systemctl stop spamassassin.service - systemctl disable spamassassin.service + if [ "$release" -lt 12 ]; then + systemctl stop spamassassin.service + systemctl disable spamassassin.service + else + systemctl stop spamd.service + systemctl disable spamd.service + fi sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template From 98d8ab7f29b3e00208ecb50f203b45859fbd8019 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 27 Sep 2023 09:32:23 +0200 Subject: [PATCH 054/348] v-list-sys-services: detection for official mariadb repo installation --- bin/v-list-sys-services | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services index 3d876101..d23a92a7 100755 --- a/bin/v-list-sys-services +++ b/bin/v-list-sys-services @@ -301,6 +301,10 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then service='mariadb' proc_name='mariadbd' fi + if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then + service='mariadb' + proc_name='mariadbd' + fi if [ -d "/etc/sysconfig" ]; then service='mysqld' proc_name='mysqld' From c8fcc089a7e861931eda36e7b5f29b755b57e07d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 30 Sep 2023 15:20:47 +0200 Subject: [PATCH 055/348] Clean /home/*/tmp/ in v-clean-garbage --- bin/v-clean-garbage | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index e588904c..55dc98c3 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,6 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -exec rm {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 8a323f6447eda009cd2eaabee120a9ea3add653e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 30 Sep 2023 15:23:27 +0200 Subject: [PATCH 056/348] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 55dc98c3..d987a6c2 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,7 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -exec rm {} \; + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 33e6263e3d2f0d8198400d971bd7e8459ef51c7a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 00:32:27 +0200 Subject: [PATCH 057/348] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index d987a6c2..c46a2b55 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -63,7 +63,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +5 -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; From 3d503f4e1410271c276517c8ebb3fb0623d95dd9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 14:19:41 +0200 Subject: [PATCH 058/348] Update v-clean-garbage --- bin/v-clean-garbage | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index c46a2b55..80d7f165 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -29,6 +29,7 @@ if [ -f "/usr/local/bin/tailf_exim.php" ]; then kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') fi +find /tmp/ -type f -mtime +7 -delete rm /var/backups/* > /dev/null 2>&1 rm /var/cache/apt/archives/* > /dev/null 2>&1 cd /var/log @@ -45,6 +46,8 @@ find /var/log/ -type f -name "*.4" -delete find /var/log/ -type f -name "*.5" -delete find /var/log/ -type f -name "*.6" -delete find /var/log/ -type f -name "*.7" -delete +find /var/log/ -type f -name "*.8" -delete +find /var/log/ -type f -name "*.9" -delete find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete From 85bbc56cbdae66b44a8d65b9607b54d90b6f342d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 14:55:49 +0200 Subject: [PATCH 059/348] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index a25fc6dd..49d31f45 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -148,6 +148,8 @@ if [ "$check_grep" -eq 0 ]; then sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template + /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template' + /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template' touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour touch /etc/exim4/limit_per_email_account_max_recipients touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour From e1fe2ba0944829a08d42702f2f7dbc07f8a91fde Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 15:07:43 +0200 Subject: [PATCH 060/348] Patching exim4.conf for: Helo name contains a ip address --- install/debian/12/exim/exim4.conf.template | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index e6abbe8e..9c670fed 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -109,16 +109,19 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept From 64fa7d9e5865398e8c4c97a2cf115635d532576c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 1 Oct 2023 15:12:40 +0200 Subject: [PATCH 061/348] Update exim4.conf.template --- install/debian/12/exim/exim4.conf.template | 1 - 1 file changed, 1 deletion(-) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 9c670fed..27fca98a 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -112,7 +112,6 @@ acl_check_mail: drop !authenticated = * message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s From b5d57baa294a4382bcec456dbc58ae78ed6df16f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Oct 2023 10:47:40 +0200 Subject: [PATCH 062/348] Update vst-install-debian.sh --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e7c9a0a9..47e8ede0 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -286,7 +286,7 @@ set_default_value 'postgresql' 'no' set_default_value 'mongodb' 'no' set_default_value 'exim' 'yes' set_default_value 'dovecot' 'yes' -if [ $memory -lt 1500000 ]; then +if [ $memory -lt 2500000 ]; then set_default_value 'clamd' 'no' set_default_value 'spamd' 'no' else From 1099b0c2672eb124c2c47698271d9a8c178a9fef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 4 Oct 2023 11:34:09 +0200 Subject: [PATCH 063/348] Update install_rate_limit_tpl.sh --- .../tools/rate-limit-tpl/install_rate_limit_tpl.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 3cae3526..1d128f7a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi @@ -22,6 +22,12 @@ if [ "$grepc" -eq 1 ]; then echo "=== Decrease addr zone to 1mb to nginx.conf" fi +grepc=$(grep -c 'zone=zone_site:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'zone_site' to nginx.conf" +fi + grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 1 ]; then sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf From 5fb32ef55f265a43cf7a8b8a8e5ea93b609ca76a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 4 Oct 2023 14:56:19 +0200 Subject: [PATCH 064/348] Delete pool.d conf file for all PHP versions --- bin/v-delete-web-domain | 48 ++++++++++++++++------------------------- 1 file changed, 18 insertions(+), 30 deletions(-) diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 75399766..43362e34 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then rm $fpmconf echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log fi -fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi + +for PHPV in /etc/php/*; do + if [ -d "${PHPV}" ]; then + # PHPVER=$(basename ${PHPV}) + POOLD="${PHPV}/fpm/pool.d" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + POOLD="${PHPV}/fpm/pool.d-ioncube" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + fi +done # Deleting domain from web.conf sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf From baa93199e86851718feb5ec3fdf7418aa4c460f3 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Fri, 6 Oct 2023 11:35:11 +0200 Subject: [PATCH 065/348] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 71d9f5a9..a2e7a3de 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@

Features of myVesta

    -
  • Support for Debian 10 and 11 (Debian 11 is recommended, but previous Debian releases are also supported)
    • +
  • Support for Debian 11 and 12 (Debian 12 is recommended, but previous Debian releases are also supported)
  • Support for MySQL 8
  • nginx templates that can prevent denial-of-service on your server
  • Support for multi-PHP versions
    • From fd57420a70080ed861e9ba299445e4b7fd89252e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 13:28:52 +0200 Subject: [PATCH 066/348] Delete current SSL before v-install-unsigned-ssl --- bin/v-install-unsigned-ssl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 3395e4f2..8df023c9 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,6 +52,8 @@ fi # Action # #----------------------------------------------------------# +/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) email="info@$domain" From 9c233e92a6a2fd1cb21d4b8fc649c071f420b2b7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 15:21:43 +0200 Subject: [PATCH 067/348] v-restart-web: systemctl instead of service --- bin/v-restart-web | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-restart-web b/bin/v-restart-web index ab1afe6c..db0146d9 100755 --- a/bin/v-restart-web +++ b/bin/v-restart-web @@ -64,7 +64,9 @@ fi # Resart web system if reload didn't work if [ "$rc" -ne 0 ]; then - service $WEB_SYSTEM restart >/dev/null 2>&1 + # service $WEB_SYSTEM restart >/dev/null 2>&1 + systemctl reset-failed + systemctl restart $WEB_SYSTEM >/dev/null 2>&1 if [ $? -ne 0 ]; then send_email_report check_result $E_RESTART "$WEB_SYSTEM restart failed" From af7b658bfbefd20f7205dcdffddd412b062fbf9e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 15:33:46 +0200 Subject: [PATCH 068/348] v-restart-web: systemctl instead of service --- bin/v-restart-web | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-restart-web b/bin/v-restart-web index db0146d9..2b17ad9f 100755 --- a/bin/v-restart-web +++ b/bin/v-restart-web @@ -65,7 +65,7 @@ fi # Resart web system if reload didn't work if [ "$rc" -ne 0 ]; then # service $WEB_SYSTEM restart >/dev/null 2>&1 - systemctl reset-failed + systemctl reset-failed $WEB_SYSTEM systemctl restart $WEB_SYSTEM >/dev/null 2>&1 if [ $? -ne 0 ]; then send_email_report From 1848c36784fa29fe226ccf59160704e591f17402 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 15:45:34 +0200 Subject: [PATCH 069/348] Update v-suspend-web-domain, allowing restart=no --- bin/v-suspend-web-domain | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain index 7bd658ce..d36f5a65 100755 --- a/bin/v-suspend-web-domain +++ b/bin/v-suspend-web-domain @@ -80,12 +80,14 @@ fi update_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED' 'yes' increase_user_value "$user" '$SUSPENDED_WEB' -# Restarting web server -$BIN/v-restart-web $restart -check_result $? "Web restart failed" >/dev/null - -$BIN/v-restart-proxy $restart -check_result $? "Proxy restart failed" >/dev/null +if [ "$restart" = "yes" ]; then + # Restarting web server + $BIN/v-restart-web $restart + check_result $? "Web restart failed" >/dev/null + + $BIN/v-restart-proxy $restart + check_result $? "Proxy restart failed" >/dev/null +fi # Logging log_event "$OK" "$ARGUMENTS" From a4acb57e54edae1c094104971be1da0342f1268a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 16:28:08 +0200 Subject: [PATCH 070/348] Fixing removing certificates during apache reload v-suspend-web-domain on line 49 is triggering apache/nginx reload... that is doing it in the background... and on line 64, we were previously doing 'mv' for certificates... If the reload lasts too long it in the background, certificates will vanish because of 'mv' on line 64. This fix will avoid this collision by doing 'cp' instead of 'mv', then sleeping for 10 sec, and then removing certificates. We will call this bug "Nemanja Puhalo's bug" because he hit this bug first. --- bin/v-change-domain-owner | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index c3f8bcfa..09ae9bcc 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -60,11 +60,11 @@ if [ ! -z "$web_data" ]; then ssl_key=$VESTA/data/users/$owner/ssl/$domain.key ssl_ca=$VESTA/data/users/$owner/ssl/$domain.ca ssl_pem=$VESTA/data/users/$owner/ssl/$domain.pem - mv $ssl_crt $VESTA/data/users/$user/ssl/ - mv $ssl_key $VESTA/data/users/$user/ssl/ - mv $ssl_ca $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1 - mv $ssl_pem $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1 - rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* + cp $ssl_crt $VESTA/data/users/$user/ssl/ + cp $ssl_key $VESTA/data/users/$user/ssl/ + cp $ssl_ca $VESTA/data/users/$user/ssl/ > /dev/null 2>&1 + cp $ssl_pem $VESTA/data/users/$user/ssl/ > /dev/null 2>&1 + # rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* fi # Check ftp user account @@ -86,6 +86,15 @@ if [ ! -z "$web_data" ]; then find $HOMEDIR/$user/web/$domain -user $owner \ -exec chown -h $user:$user {} \; + if [ "$SSL" = 'yes' ]; then + sleep 10 + rm $ssl_crt + rm $ssl_key + rm $ssl_ca > /dev/null 2>&1 + rm $ssl_pem > /dev/null 2>&1 + rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* + fi + # Rebuild config $BIN/v-unsuspend-web-domain $user $domain no >> /dev/null 2>&1 $BIN/v-rebuild-web-domains $owner no From 8748ffc85b7d9a842b0dfb0490ead973bfa72887 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 16:45:13 +0200 Subject: [PATCH 071/348] Update v-suspend-web-domain --- bin/v-suspend-web-domain | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain index d36f5a65..c9120122 100755 --- a/bin/v-suspend-web-domain +++ b/bin/v-suspend-web-domain @@ -17,6 +17,10 @@ domain=$2 domain_idn=$2 restart=$3 +if [ -z "$restart" ]; then + restart='yes' +fi + # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh From 3f3cfece06a8c188047f730e4a50a58d85b7c36c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 16:55:33 +0200 Subject: [PATCH 072/348] Update Changelog.md --- Changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Changelog.md b/Changelog.md index 3f5fb37b..e139e122 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +Version 0.9.9-0-5 [08-Oct-2023] +================================================== +* Many bugfixes + Version 0.9.9-0-4 [27-Jun-2023] ================================================== * Support for Debian 12 ( in mutual cooperation with @HestiaCP ) From bf8411fa08d9f99d176c28f096ec91a35294f3b6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 8 Oct 2023 16:56:38 +0200 Subject: [PATCH 073/348] Update latest.txt: version 0.9.9-0-5 --- src/deb/latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 8ebe40d1..93fae7fa 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-4 +vesta-0.9.9-0-5 From 946a1953d9bd14905bd6de95fdad2c07f7e1ca25 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 13 Oct 2023 11:56:50 +0200 Subject: [PATCH 074/348] v-update-mail-domains-disk - even mail account is symlinked --- bin/v-update-mail-domains-disk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk index ca93627f..1dae64cf 100755 --- a/bin/v-update-mail-domains-disk +++ b/bin/v-update-mail-domains-disk @@ -41,7 +41,8 @@ for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do for account in $accounts; do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi From 2f0807e8eedf6e83634790033682a7cf8fe58105 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 18 Oct 2023 14:46:55 +0200 Subject: [PATCH 075/348] Update v-commander: redis installer conf fix --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 073c6d72..2ab8dc17 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -446,6 +446,7 @@ do sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf sed -i "s|^save |# save |g" /etc/redis/redis.conf + sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf if [ $memory -lt 15000000 ]; then sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf else From bfdefc50e31b77af475f69043493ddcd48c03c23 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 2 Nov 2023 10:47:51 +0100 Subject: [PATCH 076/348] nginx rate-limit improvements --- ...https-firewall-burst-2-speed-2-conn-4.stpl | 3 +- .../force-https-firewall-burst-2-speed-2.stpl | 3 +- .../force-https-firewall-burst-2.stpl | 3 +- .../force-https-firewall-wordpress.stpl | 87 +++++++++++++++++++ .../force-https-firewall-wordpress.tpl | 8 ++ .../rate-limit-tpl/force-https-firewall.stpl | 3 +- .../rate-limit-tpl/install_rate_limit_tpl.sh | 8 +- 7 files changed, 110 insertions(+), 5 deletions(-) create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl index d770ac6a..1f67154e 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl index a2f7f9f2..dfd00270 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl index 6118fa82..6d632713 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl new file mode 100644 index 00000000..3b2c23b9 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl new file mode 100644 index 00000000..c9cf1189 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl index b4468a6a..db6ab623 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 1d128f7a..ce5f6d93 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi @@ -28,6 +28,12 @@ if [ "$grepc" -eq 0 ]; then echo "=== Added rate_limit 'zone_site' to nginx.conf" fi +grepc=$(grep -c 'zone=wfone:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'zone_site' to nginx.conf" +fi + grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 1 ]; then sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf From c87de2631b487c2afe525ef5ab8084497b980cfb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:01:03 +0100 Subject: [PATCH 077/348] Fix to download force-https-firewall-wordpress.stpl --- .../tools/rate-limit-tpl/install_rate_limit_tpl.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index ce5f6d93..bf5f1ec8 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -66,4 +66,7 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl + systemctl restart nginx From 911dc91268af7264eb5290e9bb43cad24b5c5b15 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:03:54 +0100 Subject: [PATCH 078/348] Fix message: Added rate_limit 'wfone' to nginx.conf --- .../for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index bf5f1ec8..0477be4e 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -31,7 +31,7 @@ fi grepc=$(grep -c 'zone=wfone:1m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;|g' /etc/nginx/nginx.conf - echo "=== Added rate_limit 'zone_site' to nginx.conf" + echo "=== Added rate_limit 'wfone' to nginx.conf" fi grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) From 3d8880e5592d32ca1812f1abd8163f9332ac056b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:08:13 +0100 Subject: [PATCH 079/348] Rotating places for limit_conn_zone --- .../for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 0477be4e..91384b58 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi From 88f52ec9a4c67df3f22d6fabfc12ac60397a99da Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 2 Nov 2023 11:33:19 +0100 Subject: [PATCH 080/348] Adding limit_conn zone_site 15; to wordpress tpl --- .../rate-limit-tpl/force-https-firewall-wordpress.stpl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl index 3b2c23b9..7fcad160 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -23,36 +23,42 @@ server { location /wp-admin/ { limit_conn addr 24; + limit_conn zone_site 30; limit_req zone=one burst=40 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } location /wp-json/ { limit_conn addr 8; + limit_conn zone_site 15; limit_req zone=one burst=40 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } location @wordfence_lh { limit_conn addr 8; + limit_conn zone_site 15; limit_req zone=wfone burst=120; proxy_pass https://%ip%:%web_ssl_port%; } location @wordfence_route { limit_conn addr 8; + limit_conn zone_site 15; limit_req zone=wfone burst=120; proxy_pass https://%ip%:%web_ssl_port%; } location @wordfence_sync { limit_conn addr 8; + limit_conn zone_site 15; limit_req zone=wfone burst=120; proxy_pass https://%ip%:%web_ssl_port%; } location /wp-json/wordfence/ { limit_conn addr 8; + limit_conn zone_site 15; limit_req zone=wfone burst=120; proxy_pass https://%ip%:%web_ssl_port%; } From 5e525f88981bab97df6307c2250768da60beaab8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 2 Nov 2023 14:27:15 +0100 Subject: [PATCH 081/348] nginx rate limit fixes for http:// templates --- ...sting-firewall-burst-2-speed-2-conn-4.stpl | 3 +- ...osting-firewall-burst-2-speed-2-conn-4.tpl | 3 +- .../hosting-firewall-burst-2-speed-2.stpl | 3 +- .../hosting-firewall-burst-2-speed-2.tpl | 3 +- .../hosting-firewall-burst-2.stpl | 3 +- .../hosting-firewall-burst-2.tpl | 3 +- .../hosting-firewall-wordpress.stpl | 93 +++++++++++++++++++ .../hosting-firewall-wordpress.tpl | 90 ++++++++++++++++++ .../rate-limit-tpl/hosting-firewall.stpl | 3 +- .../tools/rate-limit-tpl/hosting-firewall.tpl | 3 +- .../rate-limit-tpl/install_rate_limit_tpl.sh | 2 + 11 files changed, 201 insertions(+), 8 deletions(-) create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl index df269ad4..8435a72b 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl index 13657bd3..2cc5c781 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl index 8e0a0f5a..856ebd56 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl index a4035844..5bf3fbf8 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl index 9649671d..5d42830f 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl index 9e0edcf8..e57dbd1a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl new file mode 100644 index 00000000..7fcad160 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl new file mode 100644 index 00000000..0e196744 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl index 21acb34b..42bc195b 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl index 9438e532..177a71c6 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 91384b58..4a910d0f 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -68,5 +68,7 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-s wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl systemctl restart nginx From 803cde4c89c0e249828c79d982a4a6c9eb22f54c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 3 Nov 2023 17:08:22 +0100 Subject: [PATCH 082/348] CRLF to LF for nginx-rate-.limit templates for WordPresd --- .../force-https-firewall-wordpress.stpl | 186 +++++++++--------- .../hosting-firewall-wordpress.stpl | 186 +++++++++--------- .../hosting-firewall-wordpress.tpl | 180 ++++++++--------- 3 files changed, 276 insertions(+), 276 deletions(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl index 7fcad160..e8b5b228 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -1,93 +1,93 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - # ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 5; - limit_conn zone_site 15; - limit_req zone=one burst=14 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-admin/ { - limit_conn addr 24; - limit_conn zone_site 30; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_lh { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_route { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_sync { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl index 7fcad160..e8b5b228 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl @@ -1,93 +1,93 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - # ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 5; - limit_conn zone_site 15; - limit_req zone=one burst=14 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-admin/ { - limit_conn addr 24; - limit_conn zone_site 30; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_lh { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_route { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_sync { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl index 0e196744..49da9387 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl @@ -1,90 +1,90 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 5; - limit_conn zone_site 15; - limit_req zone=one burst=14 delay=7; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-admin/ { - limit_conn addr 24; - limit_conn zone_site 30; - limit_req zone=one burst=40 delay=7; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-json/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=one burst=40 delay=7; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_lh { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_route { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_sync { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} - +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + From 7993d50276e233a19a7d973960df3e2e7cda9cfb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 5 Nov 2023 15:17:34 +0100 Subject: [PATCH 083/348] v-install-wordpress to put force-https-firewall-wordpress nginx template --- bin/v-install-wordpress | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 70f3fc7b..5758e358 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -104,11 +104,23 @@ else PROTOCOL='https' fi +TPL_CHANGED=0; + if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then PROTOCOL='https' - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" fi +else + if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" From 562ad763dd8961cd561b46e95aac5badb2475893 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 5 Nov 2023 15:25:01 +0100 Subject: [PATCH 084/348] v-commander: install nginx-rate-limit templates --- bin/v-commander | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 2ab8dc17..28f97e84 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -78,12 +78,13 @@ myhelp() { echo "q = quit" echo "h = help" echo "-----------------------------" - echo "inst v = install myVesta" - echo "inst p = install multi-php" - echo "inst pgw = install php-gate" - echo "inst r = install new Roundcube" - echo "inst memcached = install memcached" - echo "inst redis = install Redis" + echo "inst v = install myVesta" + echo "inst p = install multi-php" + echo "inst pgw = install php-gate" + echo "inst r = install new Roundcube" + echo "inst memcached = install memcached" + echo "inst redis = install Redis" + echo "inst nginx-rate-limit = install nginx-rate-limit templates" echo "dis fb = stop and disable fail2ban" echo "dis dove = stop and disable dovecot" echo "dis spam = stop and disable spam" @@ -459,6 +460,15 @@ do echo "-------------------" fi + if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then + echo "=============================" + echo "== Installing inst nginx-rate-limit templates" + curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh + bash install_rate_limit_tpl.sh + echo "== nginx-rate-limit templates installed." + echo "-------------------" + fi + if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then echo "== Checking if FreshClam is up" clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running') From fff40883dd8eac776192fe795145b181b61ad8d8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 12 Nov 2023 19:18:00 +0100 Subject: [PATCH 085/348] webp smush nginx template --- .../nginx-templates/hosting-webp-smush.stpl | 56 +++++++++++++++++++ .../nginx-templates/hosting-webp-smush.tpl | 52 +++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl create mode 100644 src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl new file mode 100644 index 00000000..7597746c --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # #ssl_on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + # BEGIN SMUSH-WEBP + location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { + root %sdocroot%; + add_header Vary Accept; + expires max; + set $image_path $2; + if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { + break; + } + if ($http_accept !~* "webp") { + break; + } + # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; + try_files /wp-content/smush-webp/$image_path.webp $uri =404; + } + # END SMUSH-WEBP + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl new file mode 100644 index 00000000..7e408254 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + # BEGIN SMUSH-WEBP + location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { + root %sdocroot%; + add_header Vary Accept; + expires max; + set $image_path $2; + if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { + break; + } + if ($http_accept !~* "webp") { + break; + } + # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; + try_files /wp-content/smush-webp/$image_path.webp $uri =404; + } + # END SMUSH-WEBP + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + From fc05c6535944a392a07b3e3981148f35bd215a95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 12 Nov 2023 19:45:02 +0100 Subject: [PATCH 086/348] Create wp-super-cache.tpl --- .../for-download/tools/nginx-templates/wp-super-cache.tpl | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From 9985fcbea5a8289d5693d839e6dd0a0769da412b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 12 Nov 2023 19:45:58 +0100 Subject: [PATCH 087/348] Create wp-super-cache.stpl --- .../tools/nginx-templates/wp-super-cache.stpl | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl new file mode 100644 index 00000000..3bed6ce3 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + set $cache_uri $request_uri; + set $caching 'ON'; + + # POST requests and urls with a query string should always go to PHP + if ($request_method = POST) { + set $caching 'OFF'; + } + + if ($query_string ~* "(fb_action_ids=|fb_action_types=|fb_source=|fbclid=|utm_source=|utm_campaign=|utm_medium=|utm_expid=|utm_term=|utm_content=|utm_id=|utm_source_platform=|utm_creative_format=|utm_marketing_tactic=|_ga=|gclid=|campaignid=|adgroupid=|adid=|gbraid=|wbraid=|_gl=|gclsrc=|gdfms=|gdftrk=|gdffi=|_ke=|_kx=|trk_contact=|trk_msg=|trk_module=|trk_sid=|mc_cid=|mc_eid=|mkwid=|pcrid=|mtm_source=|mtm_medium=|mtm_campaign=|mtm_keyword=|mtm_cid=|mtm_content=|msclkid=|epik=|pp=|pk_source=|pk_medium=|pk_campaign=|pk_keyword=|pk_cid=|pk_content=|redirect_log_mongo_id=|redirect_mongo_id=|sb_referer_host=)") { + set $query_string_cachable 1; + } + + if ($query_string != "") { + set $query_string_cacheable 1$query_string_cacheable; + } + + if ($query_string_cacheable = 11) { + set $caching 'ON'; + } + + if ($query_string_cacheable = 1) { + set $caching 'OFF'; + } + + # Don't cache uris containing the following segments + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0–9_-]+-sitemap([0–9]+)?.xml)") { + set $caching 'OFF'; + } + + # Don't use the cache for logged-in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0–9]+|wp-postpass|wordpress_logged_in") { + set $caching 'OFF'; + } + + if ($caching = 'ON') { + set $cachefile "/wp-content/cache/supercache/$http_host/$cache_uri/index-https.html"; + set $cachestatus 'HIT'; + } + + if ($caching = 'OFF') { + set $cachestatus 'MISS'; + } + + add_header X-Cache-Status $cachestatus; + add_header X-Cache-File $cachefile; + + location / { + try_files $cachefile @fallback; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} From 25749e8025167dbb5c2763949ad54ca26b7c293d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 17 Nov 2023 10:06:42 +0100 Subject: [PATCH 088/348] Update fix-fpm-poold.sh --- src/deb/for-download/tools/patches/fix-fpm-poold.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/patches/fix-fpm-poold.sh b/src/deb/for-download/tools/patches/fix-fpm-poold.sh index 94566768..311ef9cd 100644 --- a/src/deb/for-download/tools/patches/fix-fpm-poold.sh +++ b/src/deb/for-download/tools/patches/fix-fpm-poold.sh @@ -16,10 +16,10 @@ if [ -d "/etc/php" ]; then find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" - OLDVAL='pm.max_children = 8' + OLDVAL='pm.max_children = ' NEWVAL='pm.max_children = 3' - find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" - find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" OLDVAL='request_terminate_timeout = ' NEWVAL='request_terminate_timeout = 360s' From c4eb89e4fdb0bc9f8459c238e97a13f3caae4475 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sat, 25 Nov 2023 11:41:04 +0100 Subject: [PATCH 089/348] Update install-rocket-nginx.sh --- src/deb/for-download/tools/install-rocket-nginx.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh index 20364f80..47768b11 100644 --- a/src/deb/for-download/tools/install-rocket-nginx.sh +++ b/src/deb/for-download/tools/install-rocket-nginx.sh @@ -1,5 +1,10 @@ #!/bin/bash +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl + echo "Updating apt, please wait..." apt-get update > /dev/null 2>&1 @@ -17,9 +22,6 @@ fi cd rocket-nginx cp rocket-nginx.ini.disabled rocket-nginx.ini php rocket-parser.php -/usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}' - -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl +if [ -f "/etc/nginx/rocket-nginx/conf.d/default.conf" ]; then + /usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}' +fi From f4beb1c8f11247209d7666cc8c94e7747fd8d8eb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Dec 2023 11:48:32 +0100 Subject: [PATCH 090/348] Update vst-install-debian.sh, MAX_DBUSER_LEN=80 --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 47e8ede0..9ba1a2ec 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2034,8 +2034,8 @@ echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" + echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf fi -echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf echo "================================================================" From 328f6f293cdec07f18090abc09112c2ab5f06c98 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 20 Dec 2023 21:23:34 +0100 Subject: [PATCH 091/348] Disable hosts_try_fastopen for all hosts --- install/debian/11/exim/exim4.conf.template | 2 +- install/debian/11/exim/exim4.conf.template-RC | 2 +- install/debian/12/exim/exim4.conf.template | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/install/debian/11/exim/exim4.conf.template b/install/debian/11/exim/exim4.conf.template index cbc2e75f..3f09a2e8 100644 --- a/install/debian/11/exim/exim4.conf.template +++ b/install/debian/11/exim/exim4.conf.template @@ -322,7 +322,7 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = !*.l.google.com + hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 procmail: diff --git a/install/debian/11/exim/exim4.conf.template-RC b/install/debian/11/exim/exim4.conf.template-RC index 5a4d0414..82b97d4e 100644 --- a/install/debian/11/exim/exim4.conf.template-RC +++ b/install/debian/11/exim/exim4.conf.template-RC @@ -353,7 +353,7 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = !*.l.google.com + hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 procmail: diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 27fca98a..81746a7a 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -353,7 +353,7 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = !*.l.google.com + hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 procmail: From 91f6ae080a0e1c1133d4e0b86a8a0dfdb97217a9 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 28 Dec 2023 16:01:09 +0100 Subject: [PATCH 092/348] Update Wordfence WAF Path --- bin/v-move-domain-and-database-to-account | 34 +++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index 7524d229..6ed2f6d8 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -88,6 +88,40 @@ if [ $? -ne 0 ]; then RET=$E_NOTEXIST fi +#----------------------------------------------------------# +# Update Wordfence WAF Path # +#----------------------------------------------------------# + +# Path to .user.ini file +user_ini="$USER_DATA/web/$domain/public_html/.user.ini" + +# Check if .user.ini exists +if [ -f "$user_ini" ]; then + echo "Updating .user.ini with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$user_ini" > "$tmp_file" + + # Check if replacement was successful and update .user.ini + if [ $? -eq 0 ]; then + mv "$tmp_file" "$user_ini" + echo ".user.ini updated successfully." + else + echo "Failed to update .user.ini file." + rm "$tmp_file" # Deletes temporary file + fi +else + echo ".user.ini does not exist, no changes made." +fi + +#----------------------------------------------------------# +# Exit # +#----------------------------------------------------------# + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# From fa71d3a1c6e1f055c50f392c70bc0363ec50be79 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 28 Dec 2023 16:01:34 +0100 Subject: [PATCH 093/348] Update Wordfence WAF Path --- bin/v-move-domain-and-database-to-account | 4 ---- 1 file changed, 4 deletions(-) diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index 6ed2f6d8..08180d99 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -117,10 +117,6 @@ else echo ".user.ini does not exist, no changes made." fi -#----------------------------------------------------------# -# Exit # -#----------------------------------------------------------# - #----------------------------------------------------------# # Vesta # From 0beaa0abda62427709c3a4decbe8ad37b635abe3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 28 Dec 2023 20:11:10 +0100 Subject: [PATCH 094/348] Update multi-php-install.sh: install phpgate --- src/deb/for-download/tools/multi-php-install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 4d86050d..0064aa1b 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -361,3 +361,7 @@ if [ $debian_version -ge 10 ]; then apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 service apache2 restart fi + +if [ -f "/usr/share/phpgate/phpgate.php" ]; then + v-commander 'u' 'inst memcached' 'm' 'inst pgw' 'q' +fi From e1053b1c9a7dcda7595e13b5a5d48453c69125f7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 28 Dec 2023 20:26:36 +0100 Subject: [PATCH 095/348] Update multi-php-install.sh: upgrading tailf_apache_error.php --- .../for-download/tools/multi-php-install.sh | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 0064aa1b..9983172c 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -363,5 +363,24 @@ if [ $debian_version -ge 10 ]; then fi if [ -f "/usr/share/phpgate/phpgate.php" ]; then - v-commander 'u' 'inst memcached' 'm' 'inst pgw' 'q' + echo "=== upgrading phpgate" + v-commander 'inst memcached' 'm' 'inst pgw' 'q' +fi + +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + echo "=== upgrading tailf_apache_error.php" + wget -nv http://dl.myvestacp.com/vesta/tailf.php -O /usr/local/bin/tailf.php + wget -nv http://dl.myvestacp.com/vesta/tailf_apache_error.php -O /usr/local/bin/tailf_apache_error.php + wget -nv http://dl.myvestacp.com/vesta/see-apache-processlist-once.sh -O /usr/local/bin/see-apache-processlist-once.sh + wget -nv http://dl.myvestacp.com/vesta/see-mysql-processlist-once.sh -O /usr/local/bin/see-mysql-processlist-once.sh + chmod u+x /usr/local/bin/see-apache-processlist-once.sh + chmod u+x /usr/local/bin/see-mysql-processlist-once.sh + + # ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" + # echo $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') + sleep 1 + # ps -Af | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" + # sleep 1 + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & fi From cecb7cf56ae8b0c40e3b47c4f2275fd314b4e7dc Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 28 Dec 2023 21:15:39 +0100 Subject: [PATCH 096/348] Update multi-php-install.sh --- src/deb/for-download/tools/multi-php-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 9983172c..f6f80c02 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -364,7 +364,7 @@ fi if [ -f "/usr/share/phpgate/phpgate.php" ]; then echo "=== upgrading phpgate" - v-commander 'inst memcached' 'm' 'inst pgw' 'q' + /usr/local/vesta/bin/v-commander 'inst memcached' 'm' 'inst pgw' 'q' fi if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then From 6800013edb6581f8ce1e1b1fa20cf418a0ff20ee Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 28 Dec 2023 21:21:31 +0100 Subject: [PATCH 097/348] Update v-commander --- bin/v-commander | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 28f97e84..a3abef30 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -425,8 +425,8 @@ do memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) apt-get update apt-get -y install memcached - apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") - apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") + apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") + apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") if [ $memory -lt 15000000 ]; then sed -i "s/-m 64/-m 256/" /etc/memcached.conf else From f344c0b1d5378f258db58702e498734ace234b3b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 28 Dec 2023 21:22:34 +0100 Subject: [PATCH 098/348] Update multi-php-install.sh --- src/deb/for-download/tools/multi-php-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index f6f80c02..fb0720a1 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -364,7 +364,7 @@ fi if [ -f "/usr/share/phpgate/phpgate.php" ]; then echo "=== upgrading phpgate" - /usr/local/vesta/bin/v-commander 'inst memcached' 'm' 'inst pgw' 'q' + /usr/local/vesta/bin/v-commander 'm' 'inst pgw' 'q' fi if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then From f39dc8edce97f8d720db58b736ebf0f2f328eae2 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 28 Dec 2023 21:42:09 +0100 Subject: [PATCH 099/348] Update multi-php-install.sh --- src/deb/for-download/tools/multi-php-install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index fb0720a1..d1b36ced 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -365,6 +365,8 @@ fi if [ -f "/usr/share/phpgate/phpgate.php" ]; then echo "=== upgrading phpgate" /usr/local/vesta/bin/v-commander 'm' 'inst pgw' 'q' + echo "=== upgrading phpgate done." + echo "" fi if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then @@ -383,4 +385,6 @@ if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then # ps -Af | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" # sleep 1 nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & + echo "=== upgrading tailf_apache_error.php done." + echo "" fi From 5e72ead3b305351c89dbfb3cb90210ffd4e24faa Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 3 Jan 2024 19:19:47 +0100 Subject: [PATCH 100/348] Create v-fix-website-permissions --- bin/v-fix-website-permissions | 69 +++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 bin/v-fix-website-permissions diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions new file mode 100644 index 00000000..006194e4 --- /dev/null +++ b/bin/v-fix-website-permissions @@ -0,0 +1,69 @@ +#!/bin/bash +# info: v-fix-website-permissions +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Ensure the directory exists and can be changed into +cd /home/$USER/web/$domain || { echo "Error: Cannot change directory to /home/$USER/web/$domain. Directory does not exist."; exit 1; } + +echo "Updating permissions for /home/$USER/web/$domain/public_html/..." +find public_html/ -type d -exec chmod 755 {} + +find public_html/ -type f -exec chmod 644 {} + +chown -R $USER:$USER public_html/ + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "Permissions for $domain have been successfully updated." + +exit From a55b1601036e39702df90dcf7499a103638eb258 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Sat, 6 Jan 2024 11:39:49 +0100 Subject: [PATCH 101/348] Added: Email rate limit --- bin/v-commander | 52 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index a3abef30..2bf2242d 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -60,23 +60,24 @@ check_status() { myhelp() { echo "---------- Press: -----------" - echo "u = apt-get update" - echo "g = apt-get upgrade" + echo "a = Activate Email rate limit" + echo "b = bash" echo "c = check status" + echo "d = df -h" echo "e = make sure Apache is in mpm_event" - echo "s = download sury.org apt-get key" + echo "f = free -h" + echo "g = apt-get upgrade" + echo "h = help" echo "m = install php-memcached" echo "p = set version of php as default" + echo "q = quit" + echo "r = reboot" + echo "s = download sury.org apt-get key" + echo "t = clean the trash" + echo "u = apt-get update" echo "v = update myVesta" echo "vo = update myVesta without 'apt-get update'" - echo "t = clean the trash" echo "w = w" - echo "d = df -h" - echo "f = free -h" - echo "b = bash" - echo "r = reboot" - echo "q = quit" - echo "h = help" echo "-----------------------------" echo "inst v = install myVesta" echo "inst p = install multi-php" @@ -129,6 +130,37 @@ do quit_on_empty=1 fi + + if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then + mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_email_account_max_recipients + touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_hosting_account_max_recipients + + check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template + fi + + check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template + fi + + check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template + fi + + systemctl restart exim4 + echo "Email rate limit activated." + fi + + + if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then echo "=============================" echo "== running: apt-get update" From 942b46a6574abf1e637488c34da74c0aff5c790d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 7 Jan 2024 21:51:00 +0100 Subject: [PATCH 102/348] v-php-func takes STDIN only if --stdin parameter is passed --- bin/v-grep | 12 +++++++++--- bin/v-php-func | 2 +- bin/v-sed | 12 +++++++++--- func/bash-to-php-interpreter.php | 33 +++++++++++++++++++++----------- 4 files changed, 41 insertions(+), 18 deletions(-) diff --git a/bin/v-grep b/bin/v-grep index 045751a5..9ea821e5 100644 --- a/bin/v-grep +++ b/bin/v-grep @@ -9,13 +9,19 @@ #----------------------------------------------------------# -if [ -p /dev/stdin ]; then +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then STDIN=$(cat -) if [ ! -z "$STDIN" ]; then - echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" + shift; + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" exit $? fi fi -php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" +if [ "$1" == "--stdin" ]; then + shift; + php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" +else + php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" +fi exit $? diff --git a/bin/v-php-func b/bin/v-php-func index 0c789863..925cc91e 100644 --- a/bin/v-php-func +++ b/bin/v-php-func @@ -9,7 +9,7 @@ #----------------------------------------------------------# -if [ -p /dev/stdin ]; then +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then STDIN=$(cat -) if [ ! -z "$STDIN" ]; then echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php "$@" diff --git a/bin/v-sed b/bin/v-sed index 9d1a82ee..16e8ad2b 100644 --- a/bin/v-sed +++ b/bin/v-sed @@ -9,13 +9,19 @@ #----------------------------------------------------------# -if [ -p /dev/stdin ]; then +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then STDIN=$(cat -) if [ ! -z "$STDIN" ]; then - echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" + shift; + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" exit $? fi fi -php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" +if [ "$1" == "--stdin" ]; then + shift; + php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" +else + php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" +fi exit $? diff --git a/func/bash-to-php-interpreter.php b/func/bash-to-php-interpreter.php index 4c1e9dc5..b437c3c9 100644 --- a/func/bash-to-php-interpreter.php +++ b/func/bash-to-php-interpreter.php @@ -7,13 +7,22 @@ else $SHLVL=3; if (!isset($argv)) exit(5); -stream_set_blocking(STDIN, false); -$myvesta_stdin=''; -$myvesta_f = fopen( 'php://stdin', 'r' ); -while( $myvesta_line = fgets( $myvesta_f ) ) { - $myvesta_stdin .= $myvesta_line; +$argv_start=1; +$STDIN_ENABLED=false; +if ($argv[1]=='--stdin') { + $STDIN_ENABLED=true; + $argv_start++; +} + +$myvesta_stdin=''; +if ($STDIN_ENABLED==true) { + stream_set_blocking(STDIN, false); + $myvesta_f = fopen( 'php://stdin', 'r' ); + while( $myvesta_line = fgets( $myvesta_f ) ) { + $myvesta_stdin .= $myvesta_line; + } + fclose( $myvesta_f ); } -fclose( $myvesta_f ); include ("/usr/local/vesta/func/main.php"); include ("/usr/local/vesta/func/string.php"); @@ -21,9 +30,9 @@ include ("/usr/local/vesta/func/string.php"); $counter=count($argv); if ($counter<2) myvesta_throw_error(2, 'Function is missing'); -$func=$argv[1]; +$func=$argv[$argv_start]; if (!function_exists($func)) { - $func="myvesta_".$argv[1]; + $func="myvesta_".$argv[$argv_start]; if (!function_exists($func)) myvesta_throw_error(2, 'Function does not exists'); } @@ -36,10 +45,12 @@ $params=array(); $added=0; $stdin_content=''; $myvesta_stdin_from_file=''; - $myvesta_stdin_return_not_found=false; +$myvesta_stdin_return_not_found=false; if ($myvesta_stdin!='' && $insert_stdin_at_position===false) {$params[]=$myvesta_stdin; $added++;} -for ($i=2; $i<$counter; $i++) { +$argv_start++; + +for ($i=$argv_start; $i<$counter; $i++) { $argv[$i]=myvesta_fix_backslashes($argv[$i]); //if ($insert_stdin_at_position!==false && $myvesta_stdin=='') if ($insert_stdin_at_position==$added) {$stdin_content=$argv[$i]; $added++; continue;} $params[]=$argv[$i]; @@ -48,7 +59,7 @@ for ($i=2; $i<$counter; $i++) { //print_r($params); exit; if ($insert_stdin_at_position!=false) { - if ($myvesta_stdin=='') { + if ($myvesta_stdin=='' && isset($params[$insert_stdin_at_position])) { $file_or_stdin=$params[$insert_stdin_at_position]; if (!file_exists($file_or_stdin)) { $myvesta_stdin_return_not_found=true; From db6ba149c6401cd9edb6ab1c8cd635c801ff3d7e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 7 Jan 2024 22:16:40 +0100 Subject: [PATCH 103/348] Apache templates for PHP 8.3 --- .../tools/apache-fpm-tpl/PHP-FPM-83-public.sh | 126 ++++++++++++++++++ .../apache-fpm-tpl/PHP-FPM-83-public.stpl | 36 +++++ .../apache-fpm-tpl/PHP-FPM-83-public.tpl | 30 +++++ .../tools/apache-fpm-tpl/PHP-FPM-83.sh | 126 ++++++++++++++++++ .../tools/apache-fpm-tpl/PHP-FPM-83.stpl | 36 +++++ .../tools/apache-fpm-tpl/PHP-FPM-83.tpl | 30 +++++ 6 files changed, 384 insertions(+) create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh new file mode 100644 index 00000000..38b23122 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh @@ -0,0 +1,126 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.3-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.3/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_83" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_83) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi +if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.3/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl new file mode 100644 index 00000000..cceed0ee --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl new file mode 100644 index 00000000..ac952817 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh new file mode 100644 index 00000000..38b23122 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh @@ -0,0 +1,126 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.3-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.3/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_83" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_83) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi +if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.3/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl new file mode 100644 index 00000000..f043bfa8 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl new file mode 100644 index 00000000..9b5bf916 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + From 08d0db0c6f13dd364773186f22476d70be08c3d5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 7 Jan 2024 22:19:17 +0100 Subject: [PATCH 104/348] php8.3 templetes typo fix --- src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh | 2 +- src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh index 38b23122..f5e7c6fd 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh @@ -49,7 +49,7 @@ pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh index 38b23122..f5e7c6fd 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh @@ -49,7 +49,7 @@ pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" if [ -f "$pool_file_56" ]; then rm $pool_file_56 From 8ef3fb03573eb0a264f622d55b7b957448d63425 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 7 Jan 2024 22:35:06 +0100 Subject: [PATCH 105/348] PHP 8.3 support --- .../for-download/tools/multi-php-install.sh | 37 ++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index d1b36ced..b4432ea1 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -13,6 +13,7 @@ inst_74=0 inst_80=0 inst_81=0 inst_82=0 +inst_83=0 ####################################################################### @@ -56,8 +57,11 @@ fi if [ $# -gt 9 ]; then inst_82=${10} fi +if [ $# -gt 10 ]; then + inst_83=${11} +fi -if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ]; then +if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ]; then inst_repo=1 fi @@ -87,6 +91,7 @@ echo "inst_74=$inst_74" echo "inst_80=$inst_80" echo "inst_81=$inst_81" echo "inst_82=$inst_82" +echo "inst_83=$inst_83" echo "wait_to_press_enter=$wait_to_press_enter" press_enter "=== Press enter to continue ===============================================================================" @@ -340,6 +345,33 @@ if [ "$inst_82" -eq 1 ]; then press_enter "=== PHP 8.2 installed, press enter to continue ===============================================================================" fi +if [ "$inst_83" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.3 ===============================================================================" + apt -y install php8.3-mbstring php8.3-bcmath php8.3-cli php8.3-curl php8.3-fpm php8.3-gd php8.3-intl php8.3-mysql php8.3-soap php8.3-xml php8.3-zip php8.3-memcache php8.3-memcached php8.3-imagick + update-rc.d php8.3-fpm defaults + a2enconf php8.3-fpm + a2dismod php8.3 + apt-get -y remove libapache2-mod-php8.3 + systemctl restart apache2 + cp -r /etc/php/8.3/ /root/vst_install_backups/php8.3/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh + echo "=== Patching php.ini for php8.3" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.3.patch + patch /etc/php/8.3/fpm/php.ini < /root/php8.3.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.3/fpm/php.ini + fi + service php8.3-fpm restart + press_enter "=== PHP 8.3 installed, press enter to continue ===============================================================================" +fi + apt update > /dev/null 2>&1 apt upgrade -y > /dev/null 2>&1 @@ -386,5 +418,8 @@ if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then # sleep 1 nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & echo "=== upgrading tailf_apache_error.php done." + sleep 3 + echo "" + echo "Everything done." echo "" fi From add9c5c5e77eb9fd20915443e3cca84834f26aae Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 7 Jan 2024 22:36:29 +0100 Subject: [PATCH 106/348] php8.3 installer fix --- src/deb/for-download/tools/multi-php-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index b4432ea1..bea7774f 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -388,6 +388,7 @@ if [ $debian_version -ge 10 ]; then a2dismod php8.0 > /dev/null 2>&1 a2dismod php8.1 > /dev/null 2>&1 a2dismod php8.2 > /dev/null 2>&1 + a2dismod php8.3 > /dev/null 2>&1 a2dismod mpm_prefork > /dev/null 2>&1 a2enmod mpm_event > /dev/null 2>&1 apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 From c3720e5d5e5b909616934806941a7f54b39eb4e5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 7 Jan 2024 23:47:44 +0100 Subject: [PATCH 107/348] Fixing typo in secure_login.php Thanks to @gathlete - https://forum.myvestacp.com/viewtopic.php?t=928 --- web/inc/secure_login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php index 3dcdb0ae..d21a4322 100644 --- a/web/inc/secure_login.php +++ b/web/inc/secure_login.php @@ -59,7 +59,7 @@ function prevent_post_csrf ($hard_check=false) { if (isset($_SERVER['HTTP_ORIGIN']) == false) return; } else { if (isset($_SERVER['HTTP_HOST']) == false) $_SERVER['HTTP_HOST'] = ''; - if (isset($_SERVER['SERVER_PORT']) == false) $_SERVER['HTTP_PORT'] = ''; + if (isset($_SERVER['SERVER_PORT']) == false) $_SERVER['SERVER_PORT'] = ''; if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = ''; } $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']); From bdde36d4e3a3c7c2ff47332775cb7521aebd72e1 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 8 Jan 2024 09:34:57 +0100 Subject: [PATCH 108/348] Update v-fix-website-permissions --- bin/v-fix-website-permissions | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 006194e4..28a3cb9f 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -23,7 +23,6 @@ USER=$user # Includes source /usr/local/vesta/func/main.sh -source /usr/local/vesta/func/domain.sh if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" @@ -36,7 +35,6 @@ fi check_args '1' "$#" 'DOMAIN' is_format_valid 'domain' is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" if [ ! -d "/home/$user" ]; then echo "User doesn't exist"; @@ -54,9 +52,9 @@ fi #----------------------------------------------------------# # Ensure the directory exists and can be changed into -cd /home/$USER/web/$domain || { echo "Error: Cannot change directory to /home/$USER/web/$domain. Directory does not exist."; exit 1; } +cd /home/$USER/web/$domain -echo "Updating permissions for /home/$USER/web/$domain/public_html/..." +echo "Updating permissions for /home/$USER/web/$domain/public_html/" find public_html/ -type d -exec chmod 755 {} + find public_html/ -type f -exec chmod 644 {} + chown -R $USER:$USER public_html/ From ecf419cb88ec3054c71ae55802d57132a9b36dbf Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 8 Jan 2024 09:39:24 +0100 Subject: [PATCH 109/348] Update v-fix-website-permissions --- bin/v-fix-website-permissions | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 28a3cb9f..08f948fc 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -19,15 +19,16 @@ source /etc/profile domain=$1 user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" fi +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# @@ -51,7 +52,7 @@ fi # Action # #----------------------------------------------------------# -# Ensure the directory exists and can be changed into +# Going to domain directory cd /home/$USER/web/$domain echo "Updating permissions for /home/$USER/web/$domain/public_html/" From f400b401d2d958d08fa5374ecd40264ba49fa8b7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 8 Jan 2024 09:41:12 +0100 Subject: [PATCH 110/348] Update v-fix-website-permissions --- bin/v-fix-website-permissions | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 08f948fc..5db797a7 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -12,8 +12,9 @@ if [ "$whoami" != "root" ]; then exit 1 fi -# Importing system environment +# Importing system environment and includes source /etc/profile +source /usr/local/vesta/func/main.sh # Argument definition domain=$1 @@ -26,9 +27,6 @@ fi USER=$user -# Includes -source /usr/local/vesta/func/main.sh - #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# From 1a6562eb87076f03061a7c3713302744a60b9848 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 8 Jan 2024 09:43:54 +0100 Subject: [PATCH 111/348] Update v-fix-website-permissions --- bin/v-fix-website-permissions | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 5db797a7..0ab95459 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -1,5 +1,5 @@ #!/bin/bash -# info: v-fix-website-permissions +# info: Fixing chown and chmod permissions in the public_html directory # options: DOMAIN #----------------------------------------------------------# @@ -45,7 +45,6 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi - #----------------------------------------------------------# # Action # #----------------------------------------------------------# From 003f35810b6118a2171ad0acd05e8662f6c4badc Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 8 Jan 2024 09:49:04 +0100 Subject: [PATCH 112/348] Update v-fix-website-permissions --- bin/v-fix-website-permissions | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 0ab95459..a63954eb 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -12,15 +12,17 @@ if [ "$whoami" != "root" ]; then exit 1 fi -# Importing system environment and includes +# Importing system environment source /etc/profile -source /usr/local/vesta/func/main.sh # Argument definition domain=$1 user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +# Includes +source /usr/local/vesta/func/main.sh + if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" fi From b0b3a9403f50252ac63bb0d888f66307cc95902e Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 15 Jan 2024 17:08:52 +0100 Subject: [PATCH 113/348] Update Wordfence WAF Path --- bin/v-clone-website | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/bin/v-clone-website b/bin/v-clone-website index 46623db4..dfac1c25 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -431,6 +431,33 @@ else sudo -H -u$TO_USER wp config shuffle-salts fi +# ----------- Update Wordfence WAF Path ------------- + +# Path to .user.ini file +user_ini="$TO_USER/web/$TO_DOMAIN/public_html/.user.ini" + +# Check if .user.ini exists +if [ -f "$user_ini" ]; then + echo "Updating .user.ini with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$FROM_USER/public_html|/home/$TO_USER/public_html|g" "$user_ini" > "$tmp_file" + + # Check if replacement was successful and update .user.ini + if [ $? -eq 0 ]; then + mv "$tmp_file" "$user_ini" + echo ".user.ini updated successfully." + else + echo "Failed to update .user.ini file." + rm "$tmp_file" # Deletes temporary file + fi +else + echo ".user.ini does not exist, no changes made." +fi + echo "===== DONE ====" echo "You can visit http://$TO_DOMAIN/" From cf1eacde1d9c83ad7409149647194193f5861d69 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 15 Jan 2024 17:52:06 +0100 Subject: [PATCH 114/348] Update Wordfence WAF Path --- bin/v-clone-website | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index dfac1c25..afb37904 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -433,18 +433,18 @@ fi # ----------- Update Wordfence WAF Path ------------- -# Path to .user.ini file -user_ini="$TO_USER/web/$TO_DOMAIN/public_html/.user.ini" +# Path to .user.ini file in the new domain directory +user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini" # Check if .user.ini exists if [ -f "$user_ini" ]; then - echo "Updating .user.ini with new user path..." + echo "Updating .user.ini with new path..." # Temporary file for modification tmp_file=$(mktemp) - # Change path from old USER to new USER_TO - sed "s|/home/$FROM_USER/public_html|/home/$TO_USER/public_html|g" "$user_ini" > "$tmp_file" + # Change path from old domain to new domain + sed "s|/home/$FROM_USER/web/$FROM_DOMAIN/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" "$user_ini" > "$tmp_file" # Check if replacement was successful and update .user.ini if [ $? -eq 0 ]; then From a43eef9c9b553074e2a0849438bd2475b55722b5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 15 Jan 2024 18:06:36 +0100 Subject: [PATCH 115/348] Updating WAF path in v-clone-website --- bin/v-clone-website | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index afb37904..0daf403c 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -440,22 +440,15 @@ user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini" if [ -f "$user_ini" ]; then echo "Updating .user.ini with new path..." - # Temporary file for modification - tmp_file=$(mktemp) - # Change path from old domain to new domain - sed "s|/home/$FROM_USER/web/$FROM_DOMAIN/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" "$user_ini" > "$tmp_file" + sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini # Check if replacement was successful and update .user.ini if [ $? -eq 0 ]; then - mv "$tmp_file" "$user_ini" echo ".user.ini updated successfully." else echo "Failed to update .user.ini file." - rm "$tmp_file" # Deletes temporary file fi -else - echo ".user.ini does not exist, no changes made." fi echo "===== DONE ====" From 834fcfcf127ded21b5eab3a1afaa859603af04e5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 22 Jan 2024 18:42:14 +0100 Subject: [PATCH 116/348] php8.3 fpm www.conf --- .../tools/default-pool.d/8.3/www.conf | 490 ++++++++++++++++++ 1 file changed, 490 insertions(+) create mode 100644 src/deb/for-download/tools/default-pool.d/8.3/www.conf diff --git a/src/deb/for-download/tools/default-pool.d/8.3/www.conf b/src/deb/for-download/tools/default-pool.d/8.3/www.conf new file mode 100644 index 00000000..f18939a3 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/8.3/www.conf @@ -0,0 +1,490 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of the child processes. This can be used only if the master +; process running user is root. It is set after the child process is created. +; The user and group can be specified either by their name or by their numeric +; IDs. +; Note: If the user is root, the executable needs to be started with +; --allow-to-run-as-root option to work. +; Default Values: The user is set to master process running user by default. +; If the group is not set, the user's group is used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php8.3-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: Owner is set to the master process running user. If the group +; is not set, the owner's group is used. Mode is set to 0660. +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Set the associated the route table (FIB). FreeBSD only +; Default Value: -1 +;listen.setfib = 1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or +; PROC_TRACE_CTL procctl for FreeBSD) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/8.3/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{milli}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" + +; A list of request_uri values which should be filtered from the access log. +; +; As a security precuation, this setting will be ignored if: +; - the request method is not GET or HEAD; or +; - there is a request body; or +; - there are query parameters; or +; - the response code is outwith the successful range of 200 to 299 +; +; Note: The paths are matched against the output of the access.format tag "%r". +; On common configurations, this may look more like SCRIPT_NAME than the +; expected pre-rewrite URI. +; +; Default Value: not set +;access.suppress_path[] = /ping +;access.suppress_path[] = /health_check.php + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M From e9317fc0ae3e6bb0aebdd76a7594bcf1c1d3c871 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 22 Jan 2024 18:44:18 +0100 Subject: [PATCH 117/348] Update latest.txt to 0.9.9-0-6 --- src/deb/latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 93fae7fa..0f8dc00c 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-5 +vesta-0.9.9-0-6 From 22463fd0f1621f1089117de985c99514fca90730 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 22 Jan 2024 18:47:27 +0100 Subject: [PATCH 118/348] Update Changelog.md to 0.9.9-0-6 --- Changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Changelog.md b/Changelog.md index e139e122..6908b0e2 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +Version 0.9.9-0-6 [22-Jan-2024] +================================================== +* Few bugs fixed + Version 0.9.9-0-5 [08-Oct-2023] ================================================== * Many bugfixes From 7274147d3687d59036719b56a34b6a8ce47d8e64 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Jan 2024 16:14:14 +0100 Subject: [PATCH 119/348] v-list-php --- bin/v-list-php | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 bin/v-list-php diff --git a/bin/v-list-php b/bin/v-list-php new file mode 100644 index 00000000..345d7979 --- /dev/null +++ b/bin/v-list-php @@ -0,0 +1,76 @@ +#!/bin/bash +# info: list of installed php versions +# options: [FORMAT] +# +# The function for obtaining the list of installed PHP versions. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + counter=$(echo "$phpversions" | wc -l) + i=1 + echo '[' + for phpversion in $phpversions; do + if [ "$i" -lt "$counter" ]; then + echo -e "\t\"$phpversion\"," + else + echo -e "\t\"$phpversion\"" + fi + (( ++i)) + done + echo "]" +} + +# shell list function +shell_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# PLAIN list function +plain_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# CSV list function +csv_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Defining system phpversions +phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit From 11ab87212305d8628fbd740d481fe328c3ff1602 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Jan 2024 16:17:11 +0100 Subject: [PATCH 120/348] Update v-list-php --- bin/v-list-php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-list-php b/bin/v-list-php index 345d7979..fe57ffb9 100644 --- a/bin/v-list-php +++ b/bin/v-list-php @@ -57,7 +57,7 @@ csv_list() { # Action # #----------------------------------------------------------# -# Defining system phpversions +# Oobtaining the list of installed PHP versions phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort) # Listing data From db7e663c2c85538d2082e11bbebe6fd4e5fc4436 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 26 Jan 2024 22:56:37 +0100 Subject: [PATCH 121/348] Update v-list-php --- bin/v-list-php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-list-php b/bin/v-list-php index fe57ffb9..846e40de 100644 --- a/bin/v-list-php +++ b/bin/v-list-php @@ -57,7 +57,7 @@ csv_list() { # Action # #----------------------------------------------------------# -# Oobtaining the list of installed PHP versions +# Obtaining the list of installed PHP-FPM versions phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort) # Listing data From 560fa67c4bb20db2f459b710dcfdc308dcd47ba6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 26 Jan 2024 23:36:51 +0100 Subject: [PATCH 122/348] v-list-php-apache --- bin/v-list-php-apache | 91 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 bin/v-list-php-apache diff --git a/bin/v-list-php-apache b/bin/v-list-php-apache new file mode 100644 index 00000000..e2e431b1 --- /dev/null +++ b/bin/v-list-php-apache @@ -0,0 +1,91 @@ +#!/bin/bash +# info: list of installed php versions that have Apache template. +# options: [FORMAT] +# +# The function obtains the list of installed PHP versions that have Apache template. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + counter=$(echo "$phpversions" | wc -l) + i=1 + echo '[' + for phpversion in $phpversions; do + if [ "$i" -lt "$counter" ]; then + echo -e "\t\"$phpversion\"," + else + echo -e "\t\"$phpversion\"" + fi + (( ++i)) + done + echo "]" +} + +# shell list function +shell_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# PLAIN list function +plain_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# CSV list function +csv_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +echo_phpversions_list() { + for element in "${phpversions_list[@]}"; do + echo "$element" + done +} + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Obtaining the list of installed PHP-FPM versions +fpmphpversions=$(/usr/local/vesta/bin/v-list-php) + +for phpversion in $fpmphpversions; do + phpversiontpl=${phpversion//./} + tpl="/usr/local/vesta/data/templates/web/apache2/PHP-FPM-$phpversiontpl.tpl" + if [ -f "$tpl" ]; then + phpversions_list+=("$phpversion") + fi +done + +phpversions=$(echo_phpversions_list) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit From edfea0d25906da0a699139b76c46c2f42972b494 Mon Sep 17 00:00:00 2001 From: vaspar Date: Fri, 2 Feb 2024 16:36:40 +0200 Subject: [PATCH 123/348] Get quick info about a banned IP (Host, Banlist, Location) --- web/css/styles.min.css | 26 +++ web/inc/i18n/en.php | 1 + web/js/app.js | 39 +++++ web/list/firewall/banlist/ip_info.php | 164 ++++++++++++++++++ .../admin/list_firewall_banlist.html | 2 +- 5 files changed, 231 insertions(+), 1 deletion(-) create mode 100644 web/list/firewall/banlist/ip_info.php diff --git a/web/css/styles.min.css b/web/css/styles.min.css index 374b458c..d84a6a85 100644 --- a/web/css/styles.min.css +++ b/web/css/styles.min.css @@ -4236,3 +4236,29 @@ div.ui-dialog + div div{ padding: 5px 10px !important; border-radius: 13px; } + +.get-ip-info-btn { + cursor: pointer; + margin-left: 10px; +} +.get-ip-info-btn:hover { + color: #000000; +} +.get-ip-info-btn + .get-ip-info-result { + margin: 10px 0; +} +.get-ip-info-btn + .get-ip-info-result dl dt { + font-weight: bold; +} +.get-ip-info-btn + .get-ip-info-result dl dd { + margin: 0 0 10px 0; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-triangle { + color: red; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-check-circle { + color: green; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-circle { + color: orange; +} diff --git a/web/inc/i18n/en.php b/web/inc/i18n/en.php index 39c3bfff..09ae210f 100644 --- a/web/inc/i18n/en.php +++ b/web/inc/i18n/en.php @@ -377,6 +377,7 @@ $LANG['en'] = array( 'ErrorLog' => 'ErrorLog', 'Download AccessLog' => 'Download AccessLog', 'Download ErrorLog' => 'Download ErrorLog', + 'Continent' => 'Continent', 'Country' => 'Country', '2 letter code' => '2 letter code', 'State / Province' => 'State / Province', diff --git a/web/js/app.js b/web/js/app.js index 9ba909a5..978b7d09 100644 --- a/web/js/app.js +++ b/web/js/app.js @@ -1072,3 +1072,42 @@ function elementHideShow(elementToHideOrShow){ el.style.display = el.style.display === 'none' ? 'block' : 'none'; } +(function($) { + $(document).ready(function() { + $('.get-ip-info-btn').click(function() { + var token = $('#token').attr('token'); + var index = $(this).attr('data-index'); + var btn_el = $('.get-ip-info-btn[data-index="' + index + '"]'); + var result_el = $('.get-ip-info-btn[data-index="' + index + '"] + .get-ip-info-result'); + var ip = btn_el.attr('data-ip'); + + var url_params = new URLSearchParams(window.location.search); + var clear_cache = url_params.get('clear_cache'); + + if (!$.trim(result_el.html())) { + result_el.html(''); + + $.ajax({ + method: "POST", + url: "/list/firewall/banlist/ip_info.php", + data: { ip: ip, clear_cache: clear_cache, token: token }, + cache: false, + error: function(jqXHR, textStatus, errorThrown) { + result_el.html('GENERAL ERROR
    ' + errorThrown); + }, + success: function(result_data) { + if (btn_el.find('i').hasClass('fa-times')) { + result_el.html(result_data); + } + } + }); + + btn_el.find('i').removeClass('fa-search').addClass('fa-times'); + } + else { + result_el.html(''); + btn_el.find('i').removeClass('fa-times').addClass('fa-search'); + } + }); + }); +})(jQuery); diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php new file mode 100644 index 00000000..cf7607bf --- /dev/null +++ b/web/list/firewall/banlist/ip_info.php @@ -0,0 +1,164 @@ + 'http://lists.blocklist.de/lists/all.txt', + 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', + 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', + 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', + 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', + 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', + 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', + ]; + $today = date('Y-m-d'); + + foreach ($lists as $code => $url) { + $cache_tag = 'ip-blacklist-' . $code . '-cache'; + + // init cache + if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; + + // invalidate cache if clear_cache parameter is 1 + if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; + + // if cache is not updated, fetch new data and save to cache + if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { + $new_cache_data = fetchURL($url, $url_result); + if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); + $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; + } + + // check ip + $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { + if (str_contains($item, '/')) return cidrMatch($ip, $item); + if ($ip == $item) return true; + return false; + }); + + $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; + $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; + $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; + } + + return $check_results; +} + +// Check token +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token"); +} + +$ip = $_REQUEST['ip']; + +// Validate IP format +if (filter_var($ip, FILTER_VALIDATE_IP) === false) { + die('GENERAL ERROR
    BAD_IP_FORMAT'); +} + +// Query host +$host = gethostbyaddr($ip); + +// Query blocklists +$result_blocklists = ''; +$ip_check = checkIP($ip); +if ($ip_check) { + foreach ($ip_check as $list_code => $list_results) { + $result_blocklists .= '
    '; + $result_blocklists .= $list_results['found'] ? '' : ''; + $result_blocklists .= ' '.$list_code.' '; + $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; + $result_blocklists .= '
    '; + } +} + +// Query location +$url = 'https://api.db-ip.com/v2/free/'.$ip; +$result = fetchURL($url); +$result_array = json_decode($result, true); +if (!is_array($result_array)) { + die('GENERAL ERROR
    BAD_JSON'); +} +if (!empty($result_array['errorCode'])) { + die('GENERAL ERROR
    '.$result_array['errorCode']); +} + +// Output +echo " +
    +
    ".__('Host')."
    +
    ".$host."
    +
    ".__('Banlist')."
    +
    ".$result_blocklists."
    +
    ".__('Continent')."
    +
    ".$result_array['continentName']." [".$result_array['continentCode']."]
    +
    ".__('Country')."
    +
    ".$result_array['countryName']." [".$result_array['countryCode']."]
    +
    ".__('State / Province')."
    +
    ".$result_array['stateProv']." [".$result_array['stateProvCode']."]
    +
    ".__('City / Locality')."
    +
    ".$result_array['city']."
    +
    +"; diff --git a/web/templates/admin/list_firewall_banlist.html b/web/templates/admin/list_firewall_banlist.html index 72153940..3bc8ccb2 100644 --- a/web/templates/admin/list_firewall_banlist.html +++ b/web/templates/admin/list_firewall_banlist.html @@ -80,7 +80,7 @@
     
    -
    +
From 2aca86432fd8534df9fcb3387b748de3a4219cfe Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 8 Feb 2024 21:26:03 +0100 Subject: [PATCH 124/348] imapsync tools --- .../tools/imapsync/create-mail-sync.sh | 38 +++++++++---- .../tools/imapsync/import-from-file.sh | 56 +++++++++++++++++++ 2 files changed, 83 insertions(+), 11 deletions(-) create mode 100644 src/deb/for-download/tools/imapsync/import-from-file.sh diff --git a/src/deb/for-download/tools/imapsync/create-mail-sync.sh b/src/deb/for-download/tools/imapsync/create-mail-sync.sh index e325754e..94762505 100644 --- a/src/deb/for-download/tools/imapsync/create-mail-sync.sh +++ b/src/deb/for-download/tools/imapsync/create-mail-sync.sh @@ -35,18 +35,35 @@ fi TESTOPT="" if [[ $TEST -eq 1 ]]; then - TESTOPT="--justlogin" + TESTOPT="--justlogin" fi if [ ! -d "accounts" ]; then mkdir accounts fi if [ -f "accounts/$EMAIL" ]; then - echo "********* $EMAIL ALREADY EXISTS !!! ************" + echo "********* EMAIL $EMAIL ALREADY EXISTS !!! ************" exit 1; exit fi +euser=$(echo $EMAIL | cut -d '@' -f 1) +domain=$(echo $EMAIL | cut -d '@' -f 2) +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +if [ "$user" != "" ]; then + echo "=== Email '$EMAIL' has username email part '$euser', domain is '$domain', and belongs to myVesta account: $user" + if [ ! -d "/home/$user/mail/$domain" ]; then + echo "======= Creating '$domail' in MAIL section" + /usr/local/vesta/bin/v-add-mail-domain "$user" "$domain" + fi + if [ ! -d "/home/$user/mail/$domain/$euser" ]; then + echo "======= Creating '$euser' mail account for domain '$domain'" + /usr/local/vesta/bin/v-add-mail-account "$user" "$domain" "$euser" "$PASS2" + echo "" + fi +fi + + echo "Writing to: accounts/$EMAIL" echo "#!/bin/bash @@ -67,21 +84,20 @@ exit; chmod a=rwx accounts/$EMAIL if [[ $TEST -eq 0 ]]; then - exit 0; + exit 0; fi accounts/$EMAIL RET=$? if [ $RET -eq 0 ]; then - # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" - sed -i "s/--justlogin//g" accounts/$EMAIL - echo "--- OK! ---" - echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log + # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" + sed -i "s/--justlogin//g" accounts/$EMAIL + echo "--- OK! ---" + echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log else - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - rm accounts/$EMAIL + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + rm accounts/$EMAIL + read -p "=== Press ENTER to continue ===" entered fi exit $RET; diff --git a/src/deb/for-download/tools/imapsync/import-from-file.sh b/src/deb/for-download/tools/imapsync/import-from-file.sh new file mode 100644 index 00000000..ac0c42f4 --- /dev/null +++ b/src/deb/for-download/tools/imapsync/import-from-file.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# +# This script reads email and password=s in following format: +# email1 pass +# email2 pass +# email3 pass + +# The first parameter is the text file from which we read emails and passwords +# The second parameter is SMTP Hostname +# The third parameter is domain if lines contains only username part + + +host='' +if [ $# -gt 1 ]; then + host=$2 +else + echo "Usage: ./import-from-file.sh 'FILE' 'SMTPHOST' ['DOMAIN']" + exit 1; +fi + +domain='' +if [ $# -gt 2 ]; then + domain=$3 +fi + +end_of_file=0 +while [[ $end_of_file == 0 ]]; do + + read -r line + end_of_file=$? + + if [ "$line" == "" ]; then + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + continue + fi + + email=$(echo "$line" | awk '{print $1}') + pass=$(echo "$line" | awk '{print $2}') + + if [[ $email != *"@"* ]]; then + email="$email@$domain" + fi + + echo "Extracted: '$email' = '$pass'" + + ./create-mail-sync.sh "$host" "$email" "$pass" + + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + +done < $1 From 7e209c543d408ab5f23be0b18988ce84042e0273 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:05:59 +0100 Subject: [PATCH 125/348] Update v-backup-users Prevent removing valid licenses when vestacp.com is offline. Licences are free now - https://forum.myvestacp.com/viewtopic.php?t=949 --- bin/v-backup-users | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-backup-users b/bin/v-backup-users index 16a93d6d..05550ded 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -37,7 +37,7 @@ fi log=$VESTA/log/backup.log -$BIN/v-check-vesta-license >/dev/null +# $BIN/v-check-vesta-license >/dev/null touch $log if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then From a7def7b190a88dacdd82704295e872a04e5d604b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:10:58 +0100 Subject: [PATCH 126/348] Changelog --- Changelog.md | 4 ++++ src/deb/latest.txt | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 6908b0e2..d0df650b 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +Version 0.9.9-0-7 [27-Feb-2024] +================================================== +* Few bugs fixed + Version 0.9.9-0-6 [22-Jan-2024] ================================================== * Few bugs fixed diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 0f8dc00c..8170ab75 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-6 +vesta-0.9.9-0-7 \ No newline at end of file From 6819f21c3e7eca1be628f600945725c542ec0c85 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 15:49:33 +0100 Subject: [PATCH 127/348] Update v-commander --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 2bf2242d..8a68cd38 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -274,6 +274,7 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then systemctl stop spamassassin.service systemctl disable spamassassin.service From 138a30755f226bc2d3ef77d30e7d183466538211 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 16:43:05 +0100 Subject: [PATCH 128/348] Update v-commander --- bin/v-commander | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 8a68cd38..e1f209b1 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -18,6 +18,7 @@ echo "======================= mvVesta-commander ================================ if [ -f /root/kernelupdate ]; then rm /root/kernelupdate fi +apt_updated=0 apt_upgraded=0 quit_on_empty=0 @@ -88,8 +89,8 @@ myhelp() { echo "inst nginx-rate-limit = install nginx-rate-limit templates" echo "dis fb = stop and disable fail2ban" echo "dis dove = stop and disable dovecot" - echo "dis spam = stop and disable spam" - echo "dis clam = stop and disable clamav" + echo "dis spam = stop and disable spamassassin" + echo "dis clam = stop and disable ClamAV" echo "p 7.0 = set default php 7.0" echo "p 7.3 = set default php 7.3" echo "p 7.4 = set default php 7.4" @@ -99,9 +100,22 @@ myhelp() { echo "check fc = check if FreshClam is up" echo "-----------------------------" echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" + echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "-----------------------------" } +apt_update() { + echo "=============================" + echo "== running: apt-get update" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 10 ]; then + apt-get update + else + apt-get update --allow-releaseinfo-change + fi + apt_updated=1 +} + COUNTER=0 while true @@ -162,14 +176,7 @@ do if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then - echo "=============================" - echo "== running: apt-get update" - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 10 ]; then - apt-get update - else - apt-get update --allow-releaseinfo-change - fi + apt_update fi if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then @@ -584,4 +591,17 @@ do /root/install-new-roundcube.sh fi + if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then + if [ ! -f "/root/.ssh/id_rsa.pub" ]; then + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + fi + echo "=== YOUR id_rsa.pub IS BELOW ===" + cat /root/.ssh/id_rsa.pub + echo "======" + fi + + if [ $numargs -eq 1 ]; then + exit; + fi + done From e6bf09c6085d697fea8fe181e4703c896346be3e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 16:48:48 +0100 Subject: [PATCH 129/348] Update v-commander --- bin/v-commander | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index e1f209b1..824a4377 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -13,7 +13,9 @@ fi source /etc/profile PATH=$PATH:/usr/local/vesta/bin && export PATH -echo "======================= mvVesta-commander ================================" +if [ $SHOWHEADER -eq 1 ]; then + echo "======================= mvVesta-commander ================================" +fi if [ -f /root/kernelupdate ]; then rm /root/kernelupdate @@ -600,7 +602,7 @@ do echo "======" fi - if [ $numargs -eq 1 ]; then + if [ $numargs -gt 0 ]; then exit; fi From 0ae1ea6adcb48f9a7fe9dd4331c9094a9ca4a137 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Mar 2024 17:22:18 +0100 Subject: [PATCH 130/348] Update v-commander --- bin/v-commander | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-commander b/bin/v-commander index 824a4377..3d495476 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -595,7 +595,7 @@ do if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then if [ ! -f "/root/.ssh/id_rsa.pub" ]; then - ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null fi echo "=== YOUR id_rsa.pub IS BELOW ===" cat /root/.ssh/id_rsa.pub From fa165a00206ac67d6a8a768f8c9b0ca462ac4885 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 14 Mar 2024 20:24:47 +0100 Subject: [PATCH 131/348] Update v-fix-user-permissions --- bin/v-fix-user-permissions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index ae798992..e55b5e0f 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -44,7 +44,7 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \; find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \; find /home/$user/mail/*/ -type f -exec chmod u+rw {} \; find /home/$user/mail/*/ -type f -exec chmod g+rw {} \; - +find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; From dd18d6dd6dda04b9a0b0e7c5bb9a22eb84cefaf8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 29 Mar 2024 14:51:56 +0100 Subject: [PATCH 132/348] Blocking xmlrpc.php and wp-config.php in nginx-rate-limit templatre for WP --- .../tools/rate-limit-tpl/force-https-firewall-wordpress.stpl | 2 ++ .../tools/rate-limit-tpl/hosting-firewall-wordpress.stpl | 2 ++ .../tools/rate-limit-tpl/hosting-firewall-wordpress.tpl | 2 ++ 3 files changed, 6 insertions(+) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl index e8b5b228..b263d6b5 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -79,6 +79,8 @@ server { proxy_pass https://%ip%:%web_ssl_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl index e8b5b228..b263d6b5 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl @@ -79,6 +79,8 @@ server { proxy_pass https://%ip%:%web_ssl_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl index 49da9387..7203b88c 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl @@ -76,6 +76,8 @@ server { proxy_pass http://%ip%:%web_port%; } + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} From 20695198f4acddcaa5d7bd98ebdecd6a1f63ca1c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 29 Mar 2024 17:17:22 +0100 Subject: [PATCH 133/348] tpl CRLF to LF --- .../force-https-firewall-wordpress.tpl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl index c9cf1189..5a463370 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl @@ -1,8 +1,8 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From 55e0fcb5dee50afe68a0e829ab1333483e6c231f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:48:56 +0200 Subject: [PATCH 134/348] Update v-clean-garbage: restart exim4 --- bin/v-clean-garbage | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 80d7f165..4cfc1f33 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -97,6 +97,12 @@ if [ -f "/usr/local/bin/tailf_exim.php" ]; then nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & fi +exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim') +if [ $exim_installed -gt 0 ]; then + systemctl restart exim4 +fi + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# From dd825b96cb2a14b1f624a96eaaaf2bfc86cb0bd7 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:55:48 +0200 Subject: [PATCH 135/348] Update latest.txt - 0.9.9-0-8 --- src/deb/latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 8170ab75..9bd24024 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-7 \ No newline at end of file +vesta-0.9.9-0-8 From 8cc35b43eb4dfde3abc8ff5c71783345a53bcfc6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 4 Apr 2024 15:08:14 +0200 Subject: [PATCH 136/348] Update header.html --- web/templates/header.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/header.html b/web/templates/header.html index 7f317f94..37905032 100644 --- a/web/templates/header.html +++ b/web/templates/header.html @@ -4,7 +4,7 @@ myVesta - <?=__($TAB)?> - + From 63c4826ac0ea031245b1ff1429852c85694bc7cd Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 15:22:20 +0200 Subject: [PATCH 137/348] Update v-commander --- bin/v-commander | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 3d495476..1747a5ec 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -119,15 +119,20 @@ apt_update() { } COUNTER=0 +HAS_PARAMETERS=0 while true do COUNTER=$((COUNTER + 1)) if [ $COUNTER -le $numargs ]; then + HAS_PARAMETERS=1 answer=$1 shift else + if [ $HAS_PARAMETERS -eq 1 ]; then + exit; + fi read -p 'What to do: ' answer fi @@ -602,8 +607,4 @@ do echo "======" fi - if [ $numargs -gt 0 ]; then - exit; - fi - done From 583a1e5cc7ed3e9657730f55c148df46922a2264 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 19:56:50 +0200 Subject: [PATCH 138/348] Update v-commander --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 1747a5ec..f6a9cf7d 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -149,6 +149,7 @@ do if [ "$answer" = 'quit-on-empty' ]; then echo "== the script will quit on next enter" quit_on_empty=1 + HAS_PARAMETERS=0 fi From 929241c5f787f301da3a6ace160d979729e98d11 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 5 Apr 2024 20:10:05 +0200 Subject: [PATCH 139/348] Version 0.9.9-0-9 --- Changelog.md | 9 +++------ src/deb/latest.txt | 2 +- src/deb/vesta/postinst | 4 ++-- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/Changelog.md b/Changelog.md index d0df650b..f9d95b6c 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,15 +1,12 @@ -Version 0.9.9-0-7 [27-Feb-2024] +Version 0.9.9-0-9 [05-Apr-2024] ================================================== +* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) * Few bugs fixed -Version 0.9.9-0-6 [22-Jan-2024] +Version 0.9.9-0-5 to 0.9.9-0-8 ================================================== * Few bugs fixed -Version 0.9.9-0-5 [08-Oct-2023] -================================================== -* Many bugfixes - Version 0.9.9-0-4 [27-Jun-2023] ================================================== * Support for Debian 12 ( in mutual cooperation with @HestiaCP ) diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 9bd24024..df77dd74 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-8 +vesta-0.9.9-0-9 \ No newline at end of file diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index e53fee72..4d414655 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -22,8 +22,8 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then fi # show changelog after update -# echo "1" > /usr/local/vesta/data/upgrades/show_changelog -# chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +echo "1" > /usr/local/vesta/data/upgrades/show_changelog +chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Fixing 'dh key too small' in dovecot if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then From 40afd5b5c84719eeff4f2ce34bba5051ee631e10 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 9 Apr 2024 16:44:05 +0200 Subject: [PATCH 140/348] Create v-edit-domain-php-ini --- bin/v-edit-domain-php-ini | 80 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 bin/v-edit-domain-php-ini diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini new file mode 100644 index 00000000..027547fe --- /dev/null +++ b/bin/v-edit-domain-php-ini @@ -0,0 +1,80 @@ +#!/bin/bash +# info: Edit php.ini for certain domain +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain) + +if [ -z "$fpm_ver" ]; then + echo "PHP version for domain $domain could not be determined." + exit 1 +fi + +config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf" + +if command -v mcedit >/dev/null; then + mcedit "$config_file" +else + nano "$config_file" +fi + +echo "Restarting PHP-FPM service for PHP version $fpm_ver..." +echo "" +systemctl restart php${fpm_ver}-fpm + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 1; From f540cf9f2ab872e1fff74246723c68678b4c1f26 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 11 Apr 2024 12:18:39 +0200 Subject: [PATCH 141/348] Update v-edit-domain-php-ini --- bin/v-edit-domain-php-ini | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 027547fe..83d52613 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -70,8 +70,9 @@ else fi echo "Restarting PHP-FPM service for PHP version $fpm_ver..." -echo "" systemctl restart php${fpm_ver}-fpm +echo "The PHP-FPM service for PHP version 7.0 has been restarted successfully." +echo "" #----------------------------------------------------------# # Vesta # From 6514ea1d388dfcc5a5707c8a57cbc93d502c9073 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 11 Apr 2024 15:43:41 +0200 Subject: [PATCH 142/348] Create v-edit-php-ini --- bin/v-edit-php-ini | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 bin/v-edit-php-ini diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini new file mode 100644 index 00000000..4806a48f --- /dev/null +++ b/bin/v-edit-php-ini @@ -0,0 +1,62 @@ +#!/bin/bash +# info: Edit php.ini for a specific PHP version + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# List available PHP versions and store them into an array +mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php) + +echo "Available PHP versions:" +PS3="Please select the PHP version you want to edit php.ini for: " + +select php_version in "${php_versions[@]}"; do + if [[ -n $php_version ]]; then + break + else + echo "Invalid choice. Please try again." + fi +done + +# Define path to the php.ini file +php_ini_path="/etc/php/${php_version}/fpm/php.ini" + +# Check if php.ini exists for the selected version +if [[ ! -f "$php_ini_path" ]]; then + echo "The php.ini file for the selected PHP version ($php_version) does not exist." + exit 1 +fi + +# Determine the text editor to use +if command -v mcedit >/dev/null 2>&1; then + editor_cmd="mcedit" +elif command -v nano >/dev/null 2>&1; then + editor_cmd="nano" +else + echo "No supported text editor found. Please install 'mcedit' or 'nano'." + exit 1 +fi + +# Open php.ini for the chosen PHP version in the selected editor +echo "Opening $php_ini_path in editor $editor_cmd..." +$editor_cmd "$php_ini_path" + +# Restart the PHP-FPM service for the selected version +echo "Restarting the PHP-FPM service for PHP version $php_version..." +systemctl restart php${php_version}-fpm + +echo "The PHP-FPM service for PHP version $php_version has been restarted successfully." + +#----------------------------------------------------------# +# Exit # +#----------------------------------------------------------# + +exit From 9d6582460684939c414321c2f608dcef094e6f76 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:41:56 +0200 Subject: [PATCH 143/348] v-edit-php tuning --- bin/v-edit-domain-php-ini | 11 ++++++++--- bin/v-edit-php-ini | 10 +++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 83d52613..351f34bc 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -69,13 +69,18 @@ else nano "$config_file" fi -echo "Restarting PHP-FPM service for PHP version $fpm_ver..." +echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" systemctl restart php${fpm_ver}-fpm -echo "The PHP-FPM service for PHP version 7.0 has been restarted successfully." +if [ $? -ne 0 ]; then + systemctl status php${fpm_ver}-fpm + check_result $E_RESTART "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" +else + echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." +fi echo "" #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# -exit 1; +exit 0; diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 4806a48f..696b60ec 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -52,11 +52,15 @@ $editor_cmd "$php_ini_path" # Restart the PHP-FPM service for the selected version echo "Restarting the PHP-FPM service for PHP version $php_version..." systemctl restart php${php_version}-fpm - -echo "The PHP-FPM service for PHP version $php_version has been restarted successfully." +if [ $? -ne 0 ]; then + systemctl status php${php_version}-fpm + check_result $E_RESTART "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" +else + echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." +fi #----------------------------------------------------------# # Exit # #----------------------------------------------------------# -exit +exit 0; From cc3437c287cf5ae1bbdb769fdd910b0db19411ef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:50:26 +0200 Subject: [PATCH 144/348] v-edit-php return fix --- bin/v-edit-domain-php-ini | 5 ++++- bin/v-edit-php-ini | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 351f34bc..890ce047 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -73,7 +73,10 @@ echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" systemctl restart php${fpm_ver}-fpm if [ $? -ne 0 ]; then systemctl status php${fpm_ver}-fpm - check_result $E_RESTART "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "=========================" + echo "" + echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." fi diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 696b60ec..4874b8a0 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -54,7 +54,10 @@ echo "Restarting the PHP-FPM service for PHP version $php_version..." systemctl restart php${php_version}-fpm if [ $? -ne 0 ]; then systemctl status php${php_version}-fpm - check_result $E_RESTART "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "=========================" + echo "" + echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." fi From 9b0f9e5876b7cf6d38cc69e158a55cb4f8888b58 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 11 Apr 2024 20:55:41 +0200 Subject: [PATCH 145/348] Version 0.9.9-0-10 --- Changelog.md | 5 +++++ bin/v-edit-domain-php-ini | 1 + bin/v-edit-php-ini | 1 + src/deb/latest.txt | 2 +- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index f9d95b6c..b13f0080 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,8 @@ +Version 0.9.9-0-10 [11-Apr-2024] +================================================== +* Introducing v-edit-php-ini command +* Introducing v-edit-domain-php-ini command + Version 0.9.9-0-9 [05-Apr-2024] ================================================== * Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini index 890ce047..9eadfcee 100644 --- a/bin/v-edit-domain-php-ini +++ b/bin/v-edit-domain-php-ini @@ -76,6 +76,7 @@ if [ $? -ne 0 ]; then echo "=========================" echo "" echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini index 4874b8a0..0155e6bb 100644 --- a/bin/v-edit-php-ini +++ b/bin/v-edit-php-ini @@ -57,6 +57,7 @@ if [ $? -ne 0 ]; then echo "=========================" echo "" echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" exit $E_RESTART; else echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." diff --git a/src/deb/latest.txt b/src/deb/latest.txt index df77dd74..bc58cb6b 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-9 \ No newline at end of file +vesta-0.9.9-0-10 \ No newline at end of file From 65d4f0e65ee2d4442551b93dd19e55135ff4641b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 19 Apr 2024 09:12:57 +0200 Subject: [PATCH 146/348] deb12 exim4: message_linelength_limit = 1G Preventing exim4 error: message has lines too long for transport --- install/debian/12/exim/exim4.conf.template | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 81746a7a..aeb83726 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -355,6 +355,7 @@ remote_smtp: dkim_strict = 0 hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G procmail: driver = pipe From 05f5288d9b7dc2014e4fb624077a3476fbe1c8d9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Apr 2024 13:14:36 +0200 Subject: [PATCH 147/348] Update v-clone-website: --skip-plugins --skip-themes --- bin/v-clone-website | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 0daf403c..049b0cf4 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -421,10 +421,10 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi sudo -H -u$TO_USER wp cache flush sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force From dcd0bf2d64dcfe8e24a32f6ab8271a0724fc1de0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 24 Apr 2024 13:56:28 +0200 Subject: [PATCH 148/348] Update v-clone-website: wp-cli to use proper php version --- bin/v-clone-website | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 049b0cf4..44252313 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -419,16 +419,17 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi - sudo -H -u$TO_USER wp cache flush - sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force - sudo -H -u$TO_USER wp config shuffle-salts + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- From 66ae5580cdeb7d4c188c97a5aa22cf25f0c89910 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 20:28:05 +0200 Subject: [PATCH 149/348] Fix mailadress and subject --- func/db.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/func/db.sh b/func/db.sh index 20230fec..58a339ee 100644 --- a/func/db.sh +++ b/func/db.sh @@ -29,6 +29,9 @@ mysql_connect() { mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1 if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\ $SENDMAIL -s "$subj" $email fi @@ -59,6 +62,9 @@ mysql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi @@ -82,6 +88,9 @@ psql_connect() { psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi @@ -103,6 +112,9 @@ psql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi From 4acfa26de55171931d3a9fe6764f46e46e0a082e Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 20:28:31 +0200 Subject: [PATCH 150/348] Fix emailadres and subject --- func/rebuild.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/func/rebuild.sh b/func/rebuild.sh index b4a5f73d..ae267e8b 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -610,6 +610,9 @@ rebuild_pgsql_database() { if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then echo "Error: postgresql config parsing failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: postgresql config parsing failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email fi log_event "$E_PARSING" "$ARGUMENTS" @@ -621,6 +624,9 @@ rebuild_pgsql_database() { if [ '0' -ne "$?" ]; then echo "Error: Connection failed" if [ ! -z "$SENDMAIL" ]; then + subj="Error: Connection failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo "Database connection to PostgreSQL host $HOST failed" |\ $SENDMAIL -s "$subj" $email fi From 806ebf1db6e45b9fa481b0a16b1bf47e2a991017 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Sun, 5 May 2024 21:21:32 +0200 Subject: [PATCH 151/348] disable root login phpmyadmin --- install/vst-install-debian.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 9ba1a2ec..e85517d8 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1364,6 +1364,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi if [ "$release" -gt 10 ]; then echo "=== Configure phpMyAdmin (Debian11 custom part)" @@ -1381,6 +1384,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi fi From 763eea5c5873962f8a07391b65934888f265afbf Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 15 May 2024 19:42:42 +0200 Subject: [PATCH 152/348] Update install-new-roundcube.sh - version 1.6.6 --- src/deb/for-download/tools/install-new-roundcube.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index 8838e0ab..0f6a343a 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -3,7 +3,7 @@ USER='webmail' DOMAIN='' # enter domain or subdomain -VERSION='1.6.1' +VERSION='1.6.6' DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz" LOGINMESSAGE1='Click here for NEW Webmail' From 81f507b3c4cb9fd22168b7cce4bf99a2043f4e2a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 16 May 2024 12:15:20 +0200 Subject: [PATCH 153/348] nodejs templates ssl fix --- .../node-app-3000-no-https-force.stpl | 7 ++++--- .../node-app-3000-pass-to-https.stpl | 5 +++-- .../tools/nodejs-nginx-templates/node-app-3000.stpl | 7 ++++--- .../node-app-4000-and-websocket-6001.stpl | 5 +++-- .../node-app-also-handle-static-files-3000.stpl | 5 +++-- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index d66f80be..f0814ded 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -41,7 +42,7 @@ server { } - location ~ /\.ht {return 404;} + location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index 27dd354b..dc18c496 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index d66f80be..f0814ded 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -41,7 +42,7 @@ server { } - location ~ /\.ht {return 404;} + location ~ /\.ht {return 404;} location ~ /\.env {return 404;} location ~ /\.svn/ {return 404;} location ~ /\.git/ {return 404;} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index d8a23009..c58ef84a 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index a6a0b744..39e58f1f 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; From 491ac6255c38c202baf2d2eaedfc081c1572a592 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:49:06 +0200 Subject: [PATCH 154/348] Create v-run-wpcli --- bin/v-run-wpcli | 77 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 bin/v-run-wpcli diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli new file mode 100644 index 00000000..3504ebe1 --- /dev/null +++ b/bin/v-run-wpcli @@ -0,0 +1,77 @@ +#!/bin/bash +# info: Run WP CLI command for a specific domain +# options: DOMAIN WP_CLI_COMMAND + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +wp_command=${@:2} # Sve nakon prvog argumenta smatra se delom WP CLI komande + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER wp $wp_command + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From 9cf91d5535c8888b84e8b86cefe1204431f156c5 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:49:54 +0200 Subject: [PATCH 155/348] Create v-add-wordpress-admin --- bin/v-add-wordpress-admin | 75 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 bin/v-add-wordpress-admin diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin new file mode 100644 index 00000000..a5fb98a6 --- /dev/null +++ b/bin/v-add-wordpress-admin @@ -0,0 +1,75 @@ +#!/bin/bash +# info: Add a WordPress admin user to a specific domain +# options: DOMAIN USERNAME PASSWORD EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +username=$2 +password=$3 +email=$4 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +# Check if WP CLI is installed and install it if not +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER wp user create $username $email --role=administrator --user_pass="$password" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From abc2377dade85b108dad0d3521c9d41214e6723a Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:50:50 +0200 Subject: [PATCH 156/348] Update v-run-wpcli --- bin/v-run-wpcli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli index 3504ebe1..8937642a 100644 --- a/bin/v-run-wpcli +++ b/bin/v-run-wpcli @@ -19,7 +19,7 @@ SILENT_MODE=1 # Argument definition domain=$1 -wp_command=${@:2} # Sve nakon prvog argumenta smatra se delom WP CLI komande +wp_command=${@:2} user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) USER=$user From e51cd34f77125494963aea14ae887380b9bb03b9 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 22 May 2024 17:51:42 +0200 Subject: [PATCH 157/348] Update v-add-wordpress-admin --- bin/v-add-wordpress-admin | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index a5fb98a6..4fc71c05 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -53,7 +53,11 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi -# Check if WP CLI is installed and install it if not +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + if ! command -v wp &> /dev/null; then echo "WP CLI is not installed. Installing..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp From 75ffd02ff9d1e605be1f5c9fecd0eb92e440c910 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 14:16:53 +0200 Subject: [PATCH 158/348] nodejs tpl fix --- .../nodejs-nginx-templates/node-app-3000-no-https-force.stpl | 2 +- .../nodejs-nginx-templates/node-app-3000-pass-to-https.stpl | 2 +- .../tools/nodejs-nginx-templates/node-app-3000.stpl | 2 +- .../node-app-4000-and-websocket-6001.stpl | 2 +- .../node-app-also-handle-static-files-3000.stpl | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index f0814ded..30ceab98 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index dc18c496..1387a879 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index f0814ded..30ceab98 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index c58ef84a..70fa2866 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index 39e58f1f..415b6f9c 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -2,7 +2,7 @@ server { listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; # ssl on; - http2 on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; From 21f7a509cb33ab2be181acdbb0dca19e42fee663 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 14:38:21 +0200 Subject: [PATCH 159/348] nginx nodejs tpl CRLF to LF --- .../node-app-3000-no-https-force.stpl | 106 +++++++++--------- .../nodejs-nginx-templates/node-app-3000.stpl | 106 +++++++++--------- 2 files changed, 106 insertions(+), 106 deletions(-) diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index 30ceab98..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,54 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index 30ceab98..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,54 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file From c3985ba95e468d038d2a7e2e67b9e6ca0006d32d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 23 May 2024 15:26:39 +0200 Subject: [PATCH 160/348] Create v-backup-user-now --- bin/v-backup-user-now | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 bin/v-backup-user-now diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now new file mode 100644 index 00000000..3a20b4ce --- /dev/null +++ b/bin/v-backup-user-now @@ -0,0 +1,5 @@ +#!/bin/bash + +export ALLOW_BACKUP_ANYTIME='yes' + +nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 From f99bcf874630e6591917db8ef6a8615ba21352bd Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 09:19:22 +0200 Subject: [PATCH 161/348] Update v-migrate-site-to-https --- bin/v-migrate-site-to-https | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6c6c8653..de3a068c 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -102,13 +102,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN" TO_REPLACE2="https://www.$FROM_DOMAIN" if [ $IT_IS_WP -eq 0 ]; then - if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then - echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/" - exit 7 - fi - if [ ! -f "/usr/bin/php7.0" ]; then - echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0" - exit 8 + if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then + if [ ! -f "/usr/bin/git" ]; then + apt-get update > /dev/null 2>&1 + apt-get -y install git > /dev/null 2>&1 + fi + cd /root + git clone https://github.com/interconnectit/Search-Replace-DB.git fi else if [ ! -f "/usr/local/bin/wp" ]; then @@ -164,9 +164,9 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC if [ $IT_IS_WP -eq 0 ]; then echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" From a8435cab14187fc5ecc42798a3cc3dea17c5b35f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 12:37:26 +0200 Subject: [PATCH 162/348] hosting-firewall-wordpress-2 --- .../force-https-firewall-wordpress-2.stpl | 95 +++++++++++++++++++ .../force-https-firewall-wordpress-2.tpl | 8 ++ .../hosting-firewall-wordpress-2.stpl | 95 +++++++++++++++++++ .../hosting-firewall-wordpress-2.tpl | 92 ++++++++++++++++++ .../rate-limit-tpl/install_rate_limit_tpl.sh | 5 + 5 files changed, 295 insertions(+) create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl create mode 100644 src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl new file mode 100644 index 00000000..44f6162c --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl @@ -0,0 +1,92 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 4a910d0f..8f4d4e88 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -71,4 +71,9 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordp wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl + systemctl restart nginx From 7a13c03e9a91cd40934519e91138223f4d8b89ac Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:48:11 +0200 Subject: [PATCH 163/348] Update v-migrate-site-to-https to use $phpver --- bin/v-migrate-site-to-https | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index de3a068c..6f28e2f7 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -94,6 +94,8 @@ if [ "$DB_EXISTS" = "no" ]; then exit 6 fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN") + # ----------- CHECK ------------- FROM_REPLACE1="http://$FROM_DOMAIN" @@ -170,9 +172,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; fi echo "===== DONE ====" From 8a8422539c71f8104d645b5b4f43396c69f04ab5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:52:46 +0200 Subject: [PATCH 164/348] Update v-migrate-site-to-https to use $phpver --- bin/v-migrate-site-to-https | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6f28e2f7..b6f4295b 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -172,9 +172,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi echo "===== DONE ====" From 6a72798abae0065e7f1535e6fd7947ecee871823 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 13:55:10 +0200 Subject: [PATCH 165/348] Update v-clone-website to use $phpver --- bin/v-clone-website | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 44252313..f0db7246 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -422,14 +422,14 @@ else phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- From 67b8376608ad35bc4b9e1ce7baa3627889a23d8a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 14:02:52 +0200 Subject: [PATCH 166/348] Update v-add-wordpress-admin to use $phpver --- bin/v-add-wordpress-admin | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 4fc71c05..3814e51a 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -65,12 +65,14 @@ if ! command -v wp &> /dev/null; then echo "WP CLI installed successfully." fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + #----------------------------------------------------------# # Action # #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER wp user create $username $email --role=administrator --user_pass="$password" +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; #----------------------------------------------------------# # Vesta # From d59c4fafe270856fd3468b563c7e990d5b576915 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 14:11:17 +0200 Subject: [PATCH 167/348] Update v-run-wpcli to use $phpver --- bin/v-run-wpcli | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wpcli b/bin/v-run-wpcli index 8937642a..3ab4b4e5 100644 --- a/bin/v-run-wpcli +++ b/bin/v-run-wpcli @@ -63,12 +63,14 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + #----------------------------------------------------------# # Action # #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER wp $wp_command +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; #----------------------------------------------------------# # Vesta # From 30fb3d6a6c8bd88acb59fc0a85430c2e5b76df0a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 15:05:43 +0200 Subject: [PATCH 168/348] Update v-delete-user: rm -rf /hdd/home/$user --- bin/v-delete-user | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-delete-user b/bin/v-delete-user index c452f0a0..120b1f72 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,6 +94,9 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user +if [ -f "/hdd/home/$user" ]; then + rm -rf /hdd/home/$user +fi rm -f /var/spool/mail/$user rm -f /var/spool/cron/$user rm -f /var/spool/cron/crontabs/$user From 357b20cc52bebfc8910c67688489218c642c5c9d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 30 May 2024 17:01:39 +0200 Subject: [PATCH 169/348] Rename v-run-wpcli to v-run-wp-cli --- bin/{v-run-wpcli => v-run-wp-cli} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename bin/{v-run-wpcli => v-run-wp-cli} (100%) diff --git a/bin/v-run-wpcli b/bin/v-run-wp-cli similarity index 100% rename from bin/v-run-wpcli rename to bin/v-run-wp-cli From edf1f616b249009af6d03a29e6ea3f04fa46e9eb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 17:23:43 +0200 Subject: [PATCH 170/348] Update v-run-wp-cli: removing --skip-plugins and --skip-themes --- bin/v-run-wp-cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 3ab4b4e5..672832ab 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -70,7 +70,7 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command #----------------------------------------------------------# # Vesta # From 72baf4c702d7c34f2b83d47e19a8ed27c65a4200 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 17:29:18 +0200 Subject: [PATCH 171/348] Version 0.9.9-0-11 --- Changelog.md | 6 ++++++ src/deb/latest.txt | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index b13f0080..9c679c51 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,9 @@ +Version 0.9.9-0-11 [30-May-2024] +================================================== +* Introducing v-run-wp-cli command +* Introducing v-add-wordpress-admin command +* Few bugs fixed + Version 0.9.9-0-10 [11-Apr-2024] ================================================== * Introducing v-edit-php-ini command diff --git a/src/deb/latest.txt b/src/deb/latest.txt index bc58cb6b..4b6e56b5 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-10 \ No newline at end of file +vesta-0.9.9-0-11 \ No newline at end of file From 7fa725b893d9d476e621d10a529de90c0f219b90 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 30 May 2024 19:35:12 +0200 Subject: [PATCH 172/348] Update Changelog.md --- Changelog.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Changelog.md b/Changelog.md index 9c679c51..7d22747a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,13 +1,13 @@ Version 0.9.9-0-11 [30-May-2024] ================================================== -* Introducing v-run-wp-cli command -* Introducing v-add-wordpress-admin command +* Introducing v-run-wp-cli command ( @isscbta ) +* Introducing v-add-wordpress-admin command ( @isscbta ) * Few bugs fixed Version 0.9.9-0-10 [11-Apr-2024] ================================================== -* Introducing v-edit-php-ini command -* Introducing v-edit-domain-php-ini command +* Introducing v-edit-php-ini command ( @isscbta ) +* Introducing v-edit-domain-php-ini command ( @isscbta ) Version 0.9.9-0-9 [05-Apr-2024] ================================================== From c1f7c91953f0c06d2d6d5984c98ddc14574975ba Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:55:33 +0200 Subject: [PATCH 173/348] Added support for PHP 8.3 --- bin/v-activate-rocket-nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index bd4145cc..de8f6c5f 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -126,7 +126,7 @@ else chown $user:$user /home/$user/web/$domain/cron.log case $fpm_ver in - 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) + 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1" ;; esac From 7ff828bf1444d5f36899b328675e757e6fe98bfe Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 12 Aug 2024 12:45:58 +0200 Subject: [PATCH 174/348] Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */ --- bin/v-import-cpanel-backup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index f92ae5af..a70213dd 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,9 +157,11 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" From 574fff064249b5acc3c67009e6a5d249027a609d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:44:30 +0200 Subject: [PATCH 175/348] Update multi-php-install.sh - removing buster sury repo --- src/deb/for-download/tools/multi-php-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index bea7774f..bf5da7b7 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -103,9 +103,9 @@ if [ "$inst_repo" -eq 1 ]; then if [ $debian_version -ge 10 ]; then wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi - if [ $debian_version -eq 10 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' - fi + # if [ $debian_version -eq 10 ]; then + # sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + # fi if [ $debian_version -eq 11 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' fi From 1ee49205769ac2ef2957f089839c2d647940bb8c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 13 Aug 2024 13:49:46 +0200 Subject: [PATCH 176/348] Update multi-php-install.sh --- src/deb/for-download/tools/multi-php-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index bf5da7b7..6a65a888 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -100,7 +100,7 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - if [ $debian_version -ge 10 ]; then + if [ $debian_version -ge 11 ]; then wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi # if [ $debian_version -eq 10 ]; then From 6e7954db5522f247e4431bbd25df2b8ef7246695 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 15 Aug 2024 10:19:34 +0200 Subject: [PATCH 177/348] Fixing Issue #185 --- install/debian/10/templates/web/awstats/awstats.tpl | 2 +- install/debian/11/templates/web/awstats/awstats.tpl | 2 +- install/debian/12/templates/web/awstats/awstats.tpl | 2 +- install/debian/8/templates/web/awstats/awstats.tpl | 2 +- install/debian/9/templates/web/awstats/awstats.tpl | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/install/debian/10/templates/web/awstats/awstats.tpl b/install/debian/10/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/10/templates/web/awstats/awstats.tpl +++ b/install/debian/10/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/11/templates/web/awstats/awstats.tpl b/install/debian/11/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/11/templates/web/awstats/awstats.tpl +++ b/install/debian/11/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/12/templates/web/awstats/awstats.tpl b/install/debian/12/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/12/templates/web/awstats/awstats.tpl +++ b/install/debian/12/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/8/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/8/templates/web/awstats/awstats.tpl +++ b/install/debian/8/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/9/templates/web/awstats/awstats.tpl b/install/debian/9/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/9/templates/web/awstats/awstats.tpl +++ b/install/debian/9/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" From b9f89d0416f326d1a4a902bc332288a41d56b815 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 23 Aug 2024 15:54:57 +0200 Subject: [PATCH 178/348] Update v-make-separated-ip-for-email - fix for deb 10 and 11 --- bin/v-make-separated-ip-for-email | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 49d31f45..17a0d0ca 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -139,6 +139,15 @@ if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 11 ]; then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + if [ "$release" -lt 12 ]; then + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template + fi + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template @@ -168,9 +177,10 @@ if [ "$check_grep" -eq 0 ]; then fi systemctl restart exim4 if [ $? -ne 0 ]; then + systemctl status exim4 cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template systemctl restart exim4 - echo "=== Patching failed, aborting" + echo "=== Patching failed, old exim conf returned, exim4 restarted again." exit 1 fi echo "=== Patching successful" From a99ae91c21758075726433f8449c035b78480bce Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:22:56 +0200 Subject: [PATCH 179/348] Update v-update-firewall: $FIREWALL_STATEFUL conf variable --- bin/v-update-firewall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-update-firewall b/bin/v-update-firewall index d3a46686..142cb39b 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp echo "$iptables -F INPUT" >> $tmp # Enabling stateful support -if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then +if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then str="$iptables -A INPUT -m state" str="$str --state ESTABLISHED,RELATED -j ACCEPT" echo "$str" >> $tmp From 3ed2cfa07b25f71a71fcf9ba266ce615328339d6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:37:34 +0300 Subject: [PATCH 180/348] Removing whitespace in php patch --- src/deb/for-download/tools/patches/php8.2.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/patches/php8.2.patch b/src/deb/for-download/tools/patches/php8.2.patch index 1083a720..ed127499 100644 --- a/src/deb/for-download/tools/patches/php8.2.patch +++ b/src/deb/for-download/tools/patches/php8.2.patch @@ -5,7 +5,7 @@ ; It receives a comma-delimited list of function names. ; https://php.net/disable-functions -disable_functions = -+ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ; This directive allows you to disable certain classes. ; It receives a comma-delimited list of class names. From c32bd2c7098d9b1a70dda272b90dcabfa00e3c28 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 19 Sep 2024 17:32:22 +0200 Subject: [PATCH 181/348] Generate random root password instead of using admin password --- bin/v-commander | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index f6a9cf7d..834fb38b 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -535,11 +535,11 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" - adminline=$(grep '^admin:' /etc/shadow) - adminline=${adminline:6} - adminline="root:$adminline" - sed -i "s#^root:.*#$adminline#" /etc/shadow - echo "root password is now the same as admin password." + root_password=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32) + hashed_root_password=$(openssl passwd -6 "$root_password") + sed -i "s#^root:.*#root:$hashed_root_password#" /etc/shadow + echo "Root password is now a new random password." + echo "New root password: $root_password" echo "--------------------" grep '^root:' /etc/shadow grep '^admin:' /etc/shadow @@ -549,7 +549,6 @@ do echo "--------------------" fi - if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then echo "=============================" echo "== Rebooting the server" From c148a1ed79d6a46f18270137f6d2d24693432d00 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Thu, 19 Sep 2024 19:01:21 +0200 Subject: [PATCH 182/348] Create v-get-dns-config --- bin/v-get-dns-config | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 bin/v-get-dns-config diff --git a/bin/v-get-dns-config b/bin/v-get-dns-config new file mode 100644 index 00000000..d759c489 --- /dev/null +++ b/bin/v-get-dns-config @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Get domain DNS config.db file content +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DNS_FILE="/home/$user/conf/dns/$domain.db" + +if [ -f "$DNS_FILE" ]; then + cat "$DNS_FILE" +else + echo "DNS configuration file for $domain does not exist." + exit 1 +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; From 76ad95da649ae2c2f9219d15e9c6b6dd8edff1ca Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 26 Sep 2024 20:00:41 +0200 Subject: [PATCH 183/348] Update vst-install-debian.sh - removing phppgadmin --- install/vst-install-debian.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e85517d8..75dfd1d7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -27,7 +27,7 @@ if [ "$release" -eq 12 ]; then vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core roundcube-mysql roundcube-plugins mariadb-server mariadb-common - mariadb-client postgresql postgresql-contrib phppgadmin phpmyadmin mc + mariadb-client postgresql postgresql-contrib phpmyadmin mc flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl @@ -1118,7 +1118,9 @@ if [ "$nginx" = 'yes' ]; then cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ - cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + if [ "$release" -lt 12 ]; then + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + fi cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ @@ -1404,10 +1406,12 @@ if [ "$postgresql" = 'yes' ]; then sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + if [ "$release" -lt 12 ]; then + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + fi + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi - cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi From e79acf1828ba57df6da5454eaf3191113f828ecb Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 7 Oct 2024 20:04:46 +0200 Subject: [PATCH 184/348] v-make-main-apache-log --- bin/v-make-main-apache-log | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 bin/v-make-main-apache-log diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log new file mode 100644 index 00000000..dc124064 --- /dev/null +++ b/bin/v-make-main-apache-log @@ -0,0 +1,20 @@ +#!/bin/bash + +touch /var/log/apache2/time.log +# truncate -s 0 /var/log/apache2/time.log +chmod 0640 /var/log/apache2/time.log +chown root:adm /var/log/apache2/time.log +find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\"" time|g' /etc/apache2/apache2.conf +fi +systemctl restart apache2 + +if [ ! -f "/root/analyze-traffic-per-time.php" ]; then + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-time.php -O /root/analyze-traffic-per-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-time.php -O /root/analyze-traffic-per-site-sort-by-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-hits.php -O /root/analyze-traffic-per-site-sort-by-hits.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-time.php -O /root/analyze-traffic-per-ip-sort-by-time.php + wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-hits.php -O /root/analyze-traffic-per-ip-sort-by-hits.php +fi From acfc563a6c8f469cb8e98c7b681fb9cf821fd476 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 14 Oct 2024 17:51:26 +0200 Subject: [PATCH 185/348] Logging apache pid in v-make-main-apache-log --- bin/v-make-main-apache-log | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log index dc124064..96e91877 100644 --- a/bin/v-make-main-apache-log +++ b/bin/v-make-main-apache-log @@ -7,7 +7,7 @@ chown root:adm /var/log/apache2/time.log find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then - sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\"" time|g' /etc/apache2/apache2.conf + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf fi systemctl restart apache2 From 24371b8bbfa16ee3e9137f29b0f37420cb9afabc Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 18 Oct 2024 22:12:23 +0200 Subject: [PATCH 186/348] Update v-clone-website: adding --EXCLUDE_UPLOADS parameter --- bin/v-clone-website | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index f0db7246..8670ee3a 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -313,6 +313,7 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL" echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT" echo "SEARCH_FOR_CONFIGS_DATABASE_NAME = $SEARCH_FOR_CONFIGS_DATABASE_NAME" echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME" +echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS" echo "===============================================================================" read -p "=== Press Enter to continue ===" @@ -373,14 +374,22 @@ cd /root/temp mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql +rm $FROM_DATABASE_NAME.sql + +EXCLUDE='' +if [ ! -z "$EXCLUDE_UPLOADS" ]; then + EXCLUDE="--exclude '/wp-content/uploads/*'" +fi echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER" if [ "$SITE_SUBFOLDER" != ".." ]; then - echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run else - echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run fi echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER" chown -R $TO_USER:$TO_USER $TO_FOLDER From da84a0b9131ddbc42d0e7fc3f6311181b9fbeb54 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Oct 2024 18:08:09 +0200 Subject: [PATCH 187/348] v-fix-php-ini-disable-functions --- bin/v-fix-php-ini-disable-functions | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 bin/v-fix-php-ini-disable-functions diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions new file mode 100644 index 00000000..1324bfa2 --- /dev/null +++ b/bin/v-fix-php-ini-disable-functions @@ -0,0 +1,28 @@ +#!/bin/bash + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +echo "=== Fixing php.ini files to have the correct disable_functions line" + +export NOTFOUNDVAL="exec,system,passthru,shell_exec" +export LINEBEGINSWITH="disable_functions =" +export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" + +echo "== Fixing existing lines" +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; done' _ + +export NOTFOUNDVAL2="^$LINEBEGINSWITH" +export REMOVELINETHATCONTAINS=$LINEBEGINSWITH + +echo "== Adding missing lines" +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; done' _ + +echo "== Restarting all PHP-FPM services" +systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + +echo "=== Everything done." +exit 0 From afc6b62d5cd927377d5a435232bbdd21078996f8 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Oct 2024 20:57:20 +0200 Subject: [PATCH 188/348] v-fix-php-ini-disable-dunctions exclude patching --- bin/v-fix-php-ini-disable-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions index 1324bfa2..a9d572f6 100644 --- a/bin/v-fix-php-ini-disable-functions +++ b/bin/v-fix-php-ini-disable-functions @@ -13,13 +13,13 @@ export LINEBEGINSWITH="disable_functions =" export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" echo "== Fixing existing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ export NOTFOUNDVAL2="^$LINEBEGINSWITH" export REMOVELINETHATCONTAINS=$LINEBEGINSWITH echo "== Adding missing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ echo "== Restarting all PHP-FPM services" systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart From 89fc5a1ebd94be9ab0588a2386f81ee6739ed44f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:07:38 +0100 Subject: [PATCH 189/348] SRS support for Exim4 --- bin/v-add-srs-support-to-exim | 65 ++++++++++++++++++++++ install/debian/12/exim/exim4.conf.template | 40 ++++++++++++- install/vst-install-debian.sh | 12 +++- 3 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 bin/v-add-srs-support-to-exim diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim new file mode 100644 index 00000000..39d92e63 --- /dev/null +++ b/bin/v-add-srs-support-to-exim @@ -0,0 +1,65 @@ +#!/bin/bash + +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +echo "=== Addind SRS support to Exim4 ===" +# SRS support is taken from HestiaCP + +if [ ! -f "/etc/exim4/srs.conf" ]; then + echo "= Generating SRS KEY" + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf +fi + +if [ -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then + echo "= Backing up /etc/exim4/exim4.conf.template" + cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs +fi + +if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf" + v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Patching \"dnslookup:\" block" + /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more' +fi + +if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks" + v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"remote_forwarded_smtp:\" block" + v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' +fi + +echo "= Restarting exim4 service" +systemctl restart exim4 + +if [ $? -ne 0 ]; then + systemctl status exim4 + cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template + systemctl restart exim4 + echo "=== Patching failed, old exim conf returned, exim4 restarted again." + exit 1 +fi +echo "=== SRS support was added successfully. ===" + +exit 0 diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index aeb83726..ff0d7ab3 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -13,6 +13,8 @@ add_environment=<; PATH=/bin:/usr/bin keep_environment= smtputf8_advertise_hosts = +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + #local_interfaces = 0.0.0.0 #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} #smtp_banner = "$smtp_active_hostname ESMTP $tod_full" @@ -267,8 +269,11 @@ begin routers dnslookup: driver = dnslookup - domains = !+local_domains - transport = remote_smtp + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} no_more localuser_spam: @@ -305,6 +310,23 @@ autoreplay: transport = userautoreply unseen +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + aliases: driver = redirect headers_add = X-redirected: yes @@ -357,6 +379,20 @@ remote_smtp: hosts_try_chunking = !93.188.3.0/24 message_linelength_limit = 1G +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + procmail: driver = pipe command = "/usr/bin/procmail -d $local_part" diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 75dfd1d7..62277e06 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -131,7 +131,11 @@ help() { # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - LENGTH=32 + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 @@ -1465,6 +1469,12 @@ if [ "$exim" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template fi + # Generating SRS KEY - the code is taken from HestiaCP + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf + chmod 640 /etc/exim4/exim4.conf.template rm -rf /etc/exim4/domains mkdir -p /etc/exim4/domains From 24d84de6d282d9a5fd2e40531fe180fb9597b495 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 8 Nov 2024 23:58:05 +0100 Subject: [PATCH 190/348] Update v-fix-php-ini-disable-functions --- bin/v-fix-php-ini-disable-functions | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions index a9d572f6..3bce868f 100644 --- a/bin/v-fix-php-ini-disable-functions +++ b/bin/v-fix-php-ini-disable-functions @@ -3,26 +3,33 @@ whoami=$(whoami) if [ "$whoami" != "root" ]; then echo "You must be root to execute this script" - exit 1 + exit 1; fi +if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi; + echo "=== Fixing php.ini files to have the correct disable_functions line" export NOTFOUNDVAL="exec,system,passthru,shell_exec" export LINEBEGINSWITH="disable_functions =" export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" -echo "== Fixing existing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ export NOTFOUNDVAL2="^$LINEBEGINSWITH" export REMOVELINETHATCONTAINS=$LINEBEGINSWITH -echo "== Adding missing lines" -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'for arg do if [ ! -f "$arg.disable_patching" ]; then echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ -echo "== Restarting all PHP-FPM services" -systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart +if [ -f "/tmp/patched" ]; then + rm /tmp/patched -echo "=== Everything done." -exit 0 + echo "== Restarting all PHP-FPM services" + systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + + echo "=== Everything done." +else + echo "=== Everything is already correct." +fi + +exit 0; From 46d2a729a1a1e1bdfd9e8b9196a513df576f15ad Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 17:22:47 +0100 Subject: [PATCH 191/348] Update v-clean-garbage --- bin/v-clean-garbage | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 4cfc1f33..a3dfecbc 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -14,6 +14,10 @@ if [ "$whoami" != "root" ]; then exit 1 fi +echo "===== Before cleaning =====" +df -h +echo "===========================" + # Includes source /usr/local/vesta/func/main.sh @@ -107,7 +111,13 @@ fi # Vesta # #----------------------------------------------------------# -echo "=== Garbage cleaned ===" +echo "" +echo "***** Garbage cleaned *****" +echo "" +echo "===== After cleaning ======" +df -h +echo "===========================" + log_event "$OK" "$ARGUMENTS" From f5027aff5de0ad022dce6ec094af6c0f7fd673b6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 18:03:09 +0100 Subject: [PATCH 192/348] Update v-clean-garbage --- bin/v-clean-garbage | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index a3dfecbc..64484db1 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -69,6 +69,8 @@ clean_home() { find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name "*.php" -not -name ".htaccess" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; From 5eb06073199717272bb5be3ce35b6fa364db28d0 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Sun, 10 Nov 2024 18:23:52 +0100 Subject: [PATCH 193/348] Update exim4.conf.template - avoid ACL error failed to expand ACL string "${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}}": failed to open /etc/exim4/domains//aliases for linear search: No such file or directory --- install/debian/12/exim/exim4.conf.template | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index ff0d7ab3..15264797 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -147,6 +147,7 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes From 60ce986ece4739f3e3d76e2b69e1b6dc7885004e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 18:11:14 +0100 Subject: [PATCH 194/348] Update v-add-srs-support-to-exim --- bin/v-add-srs-support-to-exim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 39d92e63..5113c693 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -25,7 +25,7 @@ if [ ! -f "/etc/exim4/srs.conf" ]; then chown root:Debian-exim /etc/exim4/srs.conf fi -if [ -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then +if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then echo "= Backing up /etc/exim4/exim4.conf.template" cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs fi From de2305b3ffe31da361f3f8be906693e53a165b8d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 18:36:32 +0100 Subject: [PATCH 195/348] Update vst-install-debian.sh --- install/vst-install-debian.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 62277e06..625278bc 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1436,7 +1436,7 @@ if [ "$named" = 'yes' ]; then sed -i "s#/etc/bind/\*\* r,#/etc/bind/\*\* rw,\n /home/\*\* rwm,#g" /etc/apparmor.d/usr.sbin.named # service apparmor status >/dev/null 2>&1 # if [ $? -ne 0 ]; then - service apparmor restart + systemctl restart apparmor # fi fi # update-rc.d bind9 defaults @@ -1489,7 +1489,8 @@ if [ "$exim" = 'yes' ]; then #update-rc.d exim4 defaults currentservice='exim4' ensure_startup $currentservice - ensure_start $currentservice + systemctl restart $currentservice + # ensure_start $currentservice fi From 5e9cf711e61fae62fdb4f8e09fa5faec73708a19 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 11 Nov 2024 19:43:49 +0100 Subject: [PATCH 196/348] Add some loops due to 403 errors durring LE request in some random cases Credits to HestiaCP - https://github.com/hestiacp/hestiacp/pull/4622 --- bin/v-add-letsencrypt-domain | 51 +++++++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 1f1f5a6e..97e555fa 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -154,6 +154,11 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do done payload=$(echo "$payload"|sed "s/,$//") payload=$payload']}' +# validation='pending' +# # Start counter to avoid infinite loop +# i=0 +# while [ "$validation" = 'pending' ]; do +# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$url" "$payload" "$nonce") @@ -168,10 +173,19 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n') echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log +validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') +echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 201 ]]; then echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt new auth status $status" fi +# # Exit the loop after 5 attempts +# i=$((i + 1)) +# if [ $i -gt 5 ]; then +# break +# fi +# sleep 2 +# done # Requesting authorization token / STEP 3 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log @@ -276,19 +290,30 @@ for auth in $authz; do # Doing pol check on status i=1 while [ "$validation" = 'pending' ]; do - echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log - payload='{}' - echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log - answer=$(query_le_v2 "$url" "$payload" "$nonce") - echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log - url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") - echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log - validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") - echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log - nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') - echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log - status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') - echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + i=0 + while true; do + echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log + payload='{}' + echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$url" "$payload" "$nonce") + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then + break + fi + i=$((i + 1)) + if ((i > 30)); then + break + fi + sleep 2 + done if [[ "$status" -ne 200 ]]; then echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt validation status $status" From e8c912513d89d426691e40c3d79d39db834f0be9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:19:52 +0100 Subject: [PATCH 197/348] Support for PHP 8.4 --- .../tools/apache-fpm-tpl/PHP-FPM-84-public.sh | 133 ++++++++++++++++++ .../apache-fpm-tpl/PHP-FPM-84-public.stpl | 36 +++++ .../apache-fpm-tpl/PHP-FPM-84-public.tpl | 30 ++++ .../tools/apache-fpm-tpl/PHP-FPM-84.sh | 133 ++++++++++++++++++ .../tools/apache-fpm-tpl/PHP-FPM-84.stpl | 36 +++++ .../tools/apache-fpm-tpl/PHP-FPM-84.tpl | 30 ++++ .../for-download/tools/multi-php-install.sh | 35 ++++- 7 files changed, 432 insertions(+), 1 deletion(-) create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl create mode 100644 src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 6a65a888..cc024202 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -14,6 +14,7 @@ inst_80=0 inst_81=0 inst_82=0 inst_83=0 +inst_84=0 ####################################################################### @@ -60,8 +61,11 @@ fi if [ $# -gt 10 ]; then inst_83=${11} fi +if [ $# -gt 11 ]; then + inst_84=${12} +fi -if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ]; then +if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ] || [ $inst_84 -eq 1 ]; then inst_repo=1 fi @@ -92,6 +96,7 @@ echo "inst_80=$inst_80" echo "inst_81=$inst_81" echo "inst_82=$inst_82" echo "inst_83=$inst_83" +echo "inst_84=$inst_84" echo "wait_to_press_enter=$wait_to_press_enter" press_enter "=== Press enter to continue ===============================================================================" @@ -372,6 +377,33 @@ if [ "$inst_83" -eq 1 ]; then press_enter "=== PHP 8.3 installed, press enter to continue ===============================================================================" fi +if [ "$inst_84" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.4 ===============================================================================" + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + update-rc.d php8.4-fpm defaults + a2enconf php8.4-fpm + a2dismod php8.4 + apt-get -y remove libapache2-mod-php8.4 + systemctl restart apache2 + cp -r /etc/php/8.4/ /root/vst_install_backups/php8.4/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + echo "=== Patching php.ini for php8.4" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.4.patch + patch /etc/php/8.4/fpm/php.ini < /root/php8.4.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.4/fpm/php.ini + fi + service php8.4-fpm restart + press_enter "=== PHP 8.4 installed, press enter to continue ===============================================================================" +fi + apt update > /dev/null 2>&1 apt upgrade -y > /dev/null 2>&1 @@ -389,6 +421,7 @@ if [ $debian_version -ge 10 ]; then a2dismod php8.1 > /dev/null 2>&1 a2dismod php8.2 > /dev/null 2>&1 a2dismod php8.3 > /dev/null 2>&1 + a2dismod php8.4 > /dev/null 2>&1 a2dismod mpm_prefork > /dev/null 2>&1 a2enmod mpm_event > /dev/null 2>&1 apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 From 2cbf37e4d121328035b603d796a71ffd445bb4f5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 15 Nov 2024 16:40:57 +0100 Subject: [PATCH 198/348] Temporarily disabling php8.4-memcache, memcached, imagick --- src/deb/for-download/tools/multi-php-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index cc024202..b3e3afc4 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -379,7 +379,8 @@ fi if [ "$inst_84" -eq 1 ]; then press_enter "=== Press enter to install PHP 8.4 ===============================================================================" - apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip + # php8.4-memcache php8.4-memcached php8.4-imagick update-rc.d php8.4-fpm defaults a2enconf php8.4-fpm a2dismod php8.4 From a7d7c3686c00ed816a6455b7f94f7725e73ffe39 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:26:36 +0100 Subject: [PATCH 199/348] Update v-add-srs-support-to-exim: compatibility for Debian < 12 --- bin/v-add-srs-support-to-exim | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 5113c693..b31be1e8 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -50,6 +50,16 @@ if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' fi +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 11 ]; then + echo "= Removing \"smtputf8_advertise_hosts\" line for Debian < 11" + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template +fi +if [ "$release" -lt 12 ]; then + echo "= Removing \"message_linelength_limit\" line for Debian < 12" + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template +fi + echo "= Restarting exim4 service" systemctl restart exim4 From 8c477c39bf4571f68973c5797f140c6b2ae1e063 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:49:14 +0100 Subject: [PATCH 200/348] Update v-add-srs-support-to-exim: Block execution in Exim < 4.96 --- bin/v-add-srs-support-to-exim | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index b31be1e8..85f1f908 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -14,6 +14,14 @@ gen_pass() { echo "$PASS" } +eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') +eximversioni="${eximversion%%[^0-9]+([0-9])}" +eximversionf="${eximversion##+([0-9])[^0-9]}" +if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + exit 1; +fi + echo "=== Addind SRS support to Exim4 ===" # SRS support is taken from HestiaCP @@ -50,15 +58,10 @@ if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' fi -release=$(cat /etc/debian_version | tr "." "\n" | head -n1) -if [ "$release" -lt 11 ]; then - echo "= Removing \"smtputf8_advertise_hosts\" line for Debian < 11" - sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template -fi -if [ "$release" -lt 12 ]; then - echo "= Removing \"message_linelength_limit\" line for Debian < 12" - sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template -fi +touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_email_account_max_recipients +touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_hosting_account_max_recipients echo "= Restarting exim4 service" systemctl restart exim4 From 15b5996e4f8aad15e770d1400ae23d5dbff0cf2a Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:56:10 +0100 Subject: [PATCH 201/348] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 17a0d0ca..35799b26 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -1,4 +1,4 @@ -#!/bin/bash + #!/bin/bash # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users # options: MAIL_HOSTNAME MAIL_IP @@ -45,7 +45,7 @@ is_domain_format_valid "$MAIL_HOSTNAME" is_ip_format_valid "$MAIL_IP" HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME") -if [ -z "$HOST_USER" ]; then +if [ -z "$HOST_USER" ]; then echo "Error: hostname $HOSTNAME is not created as web domain" exit 4 fi @@ -140,14 +140,18 @@ if [ "$check_grep" -eq 0 ]; then mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 11 ]; then - sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template - fi - if [ "$release" -lt 12 ]; then + eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') + eximversioni="${eximversion%%[^0-9]+([0-9])}" + eximversionf="${eximversion##+([0-9])[^0-9]}" + if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi + if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 94 ]; then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template From 0f71df9a951f3b49c9d30bb97b87bea11b3e5dc3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:59:43 +0100 Subject: [PATCH 202/348] Create exim4.conf.template.without-srs --- .../12/exim/exim4.conf.template.without-srs | 451 ++++++++++++++++++ 1 file changed, 451 insertions(+) create mode 100644 install/debian/12/exim/exim4.conf.template.without-srs diff --git a/install/debian/12/exim/exim4.conf.template.without-srs b/install/debian/12/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/12/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### From 74fecc45d36c4f0b802cefa874d3d298b2cf4f2c Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:02:05 +0100 Subject: [PATCH 203/348] Update v-add-srs-support-to-exim --- bin/v-add-srs-support-to-exim | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim index 85f1f908..4b7789ea 100644 --- a/bin/v-add-srs-support-to-exim +++ b/bin/v-add-srs-support-to-exim @@ -15,10 +15,9 @@ gen_pass() { } eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') -eximversioni="${eximversion%%[^0-9]+([0-9])}" -eximversionf="${eximversion##+([0-9])[^0-9]}" -if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then +if (( $(echo "$eximversion < 4.96" | bc -l) )); then echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + echo "You have Exim $eximversion" exit 1; fi From a2ed0dbf7ac43dc37d3c57987cee3ab2e71edf04 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 18 Nov 2024 18:03:53 +0100 Subject: [PATCH 204/348] Update v-make-separated-ip-for-email --- bin/v-make-separated-ip-for-email | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 35799b26..15e42c05 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -141,14 +141,12 @@ if [ "$check_grep" -eq 0 ]; then cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') - eximversioni="${eximversion%%[^0-9]+([0-9])}" - eximversionf="${eximversion##+([0-9])[^0-9]}" - if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 96 ]; then + if (( $(echo "$eximversion < 4.96" | bc -l) )); then cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template fi - if [ "$eximversioni" -eq 4 ] && [ "$eximversionf" -lt 94 ]; then + if (( $(echo "$eximversion < 4.94" | bc -l) )); then sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template fi From 015b3c4571d3972cd3c2fb072e9f2fa921944ac5 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:17:29 +0100 Subject: [PATCH 205/348] nginx deny rules conf --- bin/v-add-firewall-ban | 5 +++++ bin/v-delete-firewall-ban | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index a1eed13e..3bdc8170 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -72,6 +72,11 @@ $iptables -I fail2ban-$chain 1 -s $ip \ # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban index 52f3403d..cb5b352c 100755 --- a/bin/v-delete-firewall-ban +++ b/bin/v-delete-firewall-ban @@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # From 6a35d14f0cdb122cb217d2177f9f157182a843c6 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 19 Nov 2024 21:59:09 +0100 Subject: [PATCH 206/348] Update v-add-firewall-ban: nginx deny rules conf --- bin/v-add-firewall-ban | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index 3bdc8170..80143132 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -74,8 +74,10 @@ chmod 660 $conf # nginx deny rules conf if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then - echo "deny $ip;" >> /etc/nginx/conf.d/block.conf - systemctl reload nginx + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx + fi fi #----------------------------------------------------------# From af8c07194454a50c7bc44ae79bdb64973b9aa6e4 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 25 Nov 2024 11:25:22 +0100 Subject: [PATCH 207/348] Update v-clean-garbage --- bin/v-clean-garbage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 64484db1..36b50830 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -70,7 +70,7 @@ clean_home() { find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 - find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name "*.php" -not -name ".htaccess" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; From 00ef25524d815242290beeaca19e35277742a599 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:04:37 +0100 Subject: [PATCH 208/348] Create v-blacklist-email-domain --- bin/v-blacklist-email-domain | 133 +++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 bin/v-blacklist-email-domain diff --git a/bin/v-blacklist-email-domain b/bin/v-blacklist-email-domain new file mode 100644 index 00000000..a72a17a9 --- /dev/null +++ b/bin/v-blacklist-email-domain @@ -0,0 +1,133 @@ +#!/bin/bash +# info: Add a domain to exim4 and spamassassin blacklist +# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a domain already exists in a file +check_domain_exists() { + local domain=$1 + local file=$2 + grep -qE "^${domain}$" "$file" +} + +# Function to check if a SpamAssassin entry already exists +check_spamassassin_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add domain to file +add_domain_to_file() { + local domain=$1 + local file=$2 + echo "$domain" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for Exim4 +EXIM_ENTRY_MAIN="$DOMAIN" +EXIM_ENTRY_SUB="*.$DOMAIN" + +# Prepare entries for SpamAssassin +SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}" +SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE." + else + echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE." + fi +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From aa92b6a2706def542eafdfc34c3ec6f35ab1ce35 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:07 +0100 Subject: [PATCH 209/348] Create v-blacklist-email-account --- bin/v-blacklist-email-account | 102 ++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 bin/v-blacklist-email-account diff --git a/bin/v-blacklist-email-account b/bin/v-blacklist-email-account new file mode 100644 index 00000000..59ec9cf8 --- /dev/null +++ b/bin/v-blacklist-email-account @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Add a specific email address to exim4 and spamassassin blacklist +# usage: v-blacklist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-blacklist-email EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Prepare entries for Exim4 and SpamAssassin +EXIM_ENTRY="$EMAIL" +SPAMASSASSIN_ENTRY="blacklist_from $EMAIL" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then + add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE." +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 92ddd343a2706620e297decddfcc97c2c38cdce5 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:30 +0100 Subject: [PATCH 210/348] Create v-whitelist-email-domain --- bin/v-whitelist-email-domain | 119 +++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 bin/v-whitelist-email-domain diff --git a/bin/v-whitelist-email-domain b/bin/v-whitelist-email-domain new file mode 100644 index 00000000..9d877ad4 --- /dev/null +++ b/bin/v-whitelist-email-domain @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a domain to SpamAssassin whitelist +# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a SpamAssassin whitelist entry already exists +check_whitelist_exists() { + local entry=$1 + local file=$2 + grep -qF "whitelist_from $entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklist_exists() { + local domain=$1 + local file=$2 + grep -qE "blacklist_from.*${domain}$" "$file" +} + +# Function to add whitelist entry to file +add_whitelist_to_file() { + local entry=$1 + local file=$2 + echo "whitelist_from $entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY_MAIN="*@${DOMAIN}" +WHITELIST_ENTRY_SUB="*.$DOMAIN" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the domain is already blacklisted +if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $DOMAIN. It is already blacklisted." + exit 1 +fi + +# Add the main entry +if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +# Add the subdomain entry if needed +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 62b0e672a66211c3ec0c5f57d1687f4b015a9e63 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:05:50 +0100 Subject: [PATCH 211/348] Create v-whitelist-email-account --- bin/v-whitelist-email-account | 119 ++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 bin/v-whitelist-email-account diff --git a/bin/v-whitelist-email-account b/bin/v-whitelist-email-account new file mode 100644 index 00000000..4a6e6329 --- /dev/null +++ b/bin/v-whitelist-email-account @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a specific email address to SpamAssassin whitelist +# usage: v-whitelist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklisted() { + local pattern=$1 + local file=$2 + grep -qE "blacklist_from.*${pattern}" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-whitelist-email-account EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Extract the domain from the email address +DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}') + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY="whitelist_from $EMAIL" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the email address or its domain is already blacklisted +if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. It is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted." + exit 1 +fi + +# Add the email to whitelist if not already present +if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 From 2e66899997a4ea3c1326b436eb88871e303c9f4d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:06:50 +0100 Subject: [PATCH 212/348] Create v-cd-www --- bin/v-cd-www | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 bin/v-cd-www diff --git a/bin/v-cd-www b/bin/v-cd-www new file mode 100644 index 00000000..449b5fa2 --- /dev/null +++ b/bin/v-cd-www @@ -0,0 +1,69 @@ +#!/bin/bash +# info: Change directory to the public_html folder of a domain +# usage: v-cd-www DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + echo "This script must be sourced to change the current directory." + echo "Usage: source v-cd-www DOMAIN" + exit 1 +fi + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + return 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "Domain $domain doesn't exist" + return 1 +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User $user doesn't exist" + return 1 +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain $domain doesn't have a public_html directory" + return 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "/home/$user/web/$domain/public_html" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +return 0 From 82803093d6836274fb971df28a6b189087e13c91 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:07:40 +0100 Subject: [PATCH 213/348] Update v-cd-www --- bin/v-cd-www | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-cd-www b/bin/v-cd-www index 449b5fa2..01e9c221 100644 --- a/bin/v-cd-www +++ b/bin/v-cd-www @@ -1,6 +1,6 @@ #!/bin/bash # info: Change directory to the public_html folder of a domain -# usage: v-cd-www DOMAIN +# usage: source v-cd-www DOMAIN #----------------------------------------------------------# # Variable&Function # From 33377836662a2ebfe87cfee7370355de9c406c26 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Dec 2024 18:35:57 +0100 Subject: [PATCH 214/348] v-cd-www alias --- bin/{v-cd-www => v-change-dir-www} | 0 install/vst-install-debian.sh | 2 ++ 2 files changed, 2 insertions(+) rename bin/{v-cd-www => v-change-dir-www} (100%) diff --git a/bin/v-cd-www b/bin/v-change-dir-www similarity index 100% rename from bin/v-cd-www rename to bin/v-change-dir-www diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 625278bc..cb6ee921 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2064,6 +2064,8 @@ echo "================================================================" # Removing old PHP sessions files crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +echo "alias v-cd-www='source /usr/local/vesta/bin/change-dir-www'" >> /root/.bash_profile + #----------------------------------------------------------# # myVesta Access Info # #----------------------------------------------------------# From 0639e7765f9452cadfa260183546aff5686953e9 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 2 Dec 2024 18:52:53 +0100 Subject: [PATCH 215/348] Update vst-install-debian.sh --- install/vst-install-debian.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index cb6ee921..47153ade 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2064,7 +2064,7 @@ echo "================================================================" # Removing old PHP sessions files crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - -echo "alias v-cd-www='source /usr/local/vesta/bin/change-dir-www'" >> /root/.bash_profile +echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile #----------------------------------------------------------# # myVesta Access Info # From 2daa635cdef0618ddb9543963ff2a0ffd47e593d Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:47:21 +0100 Subject: [PATCH 216/348] Update v-change-dir-www --- bin/v-change-dir-www | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www index 01e9c221..4a44eac2 100644 --- a/bin/v-change-dir-www +++ b/bin/v-change-dir-www @@ -20,6 +20,7 @@ fi # Importing system environment source /etc/profile +PATH=$PATH:/usr/local/vesta/bin && export PATH SILENT_MODE=1 From 9fdfe2760a31df12ba56e9c1692ee14c207b63db Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 3 Dec 2024 15:50:07 +0100 Subject: [PATCH 217/348] Update v-change-dir-www --- bin/v-change-dir-www | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www index 4a44eac2..1f230099 100644 --- a/bin/v-change-dir-www +++ b/bin/v-change-dir-www @@ -28,17 +28,18 @@ SILENT_MODE=1 domain=$1 user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) + +if [ -z "$user" ]; then + echo "Domain $domain doesn't exist" + return 1 +fi + USER=$user # Includes source /usr/local/vesta/func/main.sh source /usr/local/vesta/func/domain.sh -if [ -z "$user" ]; then - check_result $E_NOTEXIST "Domain $domain doesn't exist" - return 1 -fi - #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# From 0e881c911b9713e7e11cf255cbd59c7512229eef Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:46:47 +0100 Subject: [PATCH 218/348] Update v-update-firewall - skip CentOS block --- bin/v-update-firewall | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bin/v-update-firewall b/bin/v-update-firewall index 142cb39b..6d359f07 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then fi # Saving rules to the master iptables file -if [ -d "/etc/sysconfig" ]; then - /sbin/iptables-save > /etc/sysconfig/iptables - if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then - /sbin/chkconfig iptables on - fi -else +# if [ -d "/etc/sysconfig" ]; then +# /sbin/iptables-save > /etc/sysconfig/iptables +# if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then +# /sbin/chkconfig iptables on +# fi +# else /sbin/iptables-save > /etc/iptables.rules preup="/etc/network/if-pre-up.d/iptables" if [ ! -e "$preup" ]; then @@ -178,7 +178,7 @@ else echo "exit 0" >> $preup chmod +x $preup fi -fi +# fi # Worarkound for OpenVZ if [ -e "/proc/vz/veinfo" ]; then From c1072ec9e40368f7454e7b5e94a512d1a0df87ed Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 13 Dec 2024 11:34:12 +0100 Subject: [PATCH 219/348] Update v-clone-website --- bin/v-clone-website | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-clone-website b/bin/v-clone-website index 8670ee3a..0a25f6a7 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -20,6 +20,7 @@ if [ $# -lt 2 ]; then echo "--TO_DATABASE_USERNAME=..." echo "--TO_DATABASE_PASSWORD=..." echo "--SITE_SUBFOLDER=..." + echo "--EXCLUDE_UPLOADS=1 (or do not set it)" exit 1 fi From c5e54643734df52da4d43d6bcae50a9a0016507f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 3 Jan 2025 17:16:07 +0100 Subject: [PATCH 220/348] Update v-restore-user: permissions fix --- bin/v-restore-user | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-restore-user b/bin/v-restore-user index af451d88..a2dab574 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -417,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then # Restoring web domain data chown $user $tmpdir chmod u+w $HOMEDIR/$user/web/$domain + chmod 0755 $tmpdir/web/$domain sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \ 2> $HOMEDIR/$user/web/$domain/restore_errors.log @@ -618,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then chown $user $tmpdir chmod u+w $HOMEDIR/$user/mail/$domain_idn + chmod 0755 $tmpdir/mail/$domain sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then From 7937088e9cc219a635b15712d04facdd85658558 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 3 Jan 2025 18:09:06 +0100 Subject: [PATCH 221/348] Update index.php: Prevent recreation of token by shitty browser add-ons --- web/login/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/login/index.php b/web/login/index.php index 18841344..5de05451 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -1,5 +1,7 @@ Date: Mon, 10 Feb 2025 15:51:42 +0100 Subject: [PATCH 222/348] Update v-clone-website: mysqldump --max_allowed_packet=1024M --- bin/v-clone-website | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-clone-website b/bin/v-clone-website index 0a25f6a7..0258e39a 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -372,7 +372,7 @@ if [ -d "/root/temp" ]; then fi mkdir -p /root/temp cd /root/temp -mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql +mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql rm $FROM_DATABASE_NAME.sql From 32aae7dbff1794f969a4f8726ddb425e90661d43 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 20 Feb 2025 14:02:27 +0100 Subject: [PATCH 223/348] Update multi-php-install.sh: bringing back php8.4-memcached & imagick --- src/deb/for-download/tools/multi-php-install.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index b3e3afc4..70d589cc 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -118,7 +118,7 @@ if [ "$inst_repo" -eq 1 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list' fi apt update - apt upgrade -y + # apt upgrade -y press_enter "=== Press enter to continue ===============================================================================" fi @@ -379,8 +379,7 @@ fi if [ "$inst_84" -eq 1 ]; then press_enter "=== Press enter to install PHP 8.4 ===============================================================================" - apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip - # php8.4-memcache php8.4-memcached php8.4-imagick + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick update-rc.d php8.4-fpm defaults a2enconf php8.4-fpm a2dismod php8.4 From 039dc4a561bc803c966094b6fd1720414c9a7dfa Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 27 Feb 2025 22:51:44 +0100 Subject: [PATCH 224/348] SpamHaus DNSBL removed from exim4 --- Changelog.md | 5 +++++ install/debian/10/exim/dnsbl.conf | 1 - install/debian/11/exim/dnsbl.conf | 1 - install/debian/12/exim/dnsbl.conf | 1 - install/debian/8/exim/dnsbl.conf | 1 - install/debian/9/exim/dnsbl.conf | 1 - install/vst-install-debian.sh | 1 + src/deb/latest.txt | 2 +- src/deb/vesta/postinst | 6 ++++++ 9 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Changelog.md b/Changelog.md index 7d22747a..36478469 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,8 @@ +Version 0.9.9-0-12 [28-Feb-2025] +================================================== +* SpamHaus DNSBL removed from exim4 +* A lot of small bugs fixed + Version 0.9.9-0-11 [30-May-2024] ================================================== * Introducing v-run-wp-cli command ( @isscbta ) diff --git a/install/debian/10/exim/dnsbl.conf b/install/debian/10/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/10/exim/dnsbl.conf +++ b/install/debian/10/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/11/exim/dnsbl.conf b/install/debian/11/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/11/exim/dnsbl.conf +++ b/install/debian/11/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/12/exim/dnsbl.conf b/install/debian/12/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/12/exim/dnsbl.conf +++ b/install/debian/12/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/8/exim/dnsbl.conf b/install/debian/8/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/8/exim/dnsbl.conf +++ b/install/debian/8/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/9/exim/dnsbl.conf b/install/debian/9/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/9/exim/dnsbl.conf +++ b/install/debian/9/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 47153ade..850b91f7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2037,6 +2037,7 @@ touch /usr/local/vesta/data/upgrades/enable_cookie_httponly touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply touch /usr/local/vesta/data/upgrades/freshclam_start touch /usr/local/vesta/data/upgrades/barracuda_rbl +touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed # Secret URL secretquery='' diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 4b6e56b5..c1732bff 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-11 \ No newline at end of file +vesta-0.9.9-0-12 \ No newline at end of file diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 4d414655..9f8ee3e8 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,12 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Removing SpamHaus DNSBL +if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then + sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf + touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +fi + # Fixing 'dh key too small' in dovecot if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then if grep -q 'dh key too small' /var/log/dovecot.log.1; then From dc1979461e649f330707e1bd782dd28b21150114 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Tue, 11 Mar 2025 00:18:05 +0100 Subject: [PATCH 225/348] Update v-make-main-apache-log --- bin/v-make-main-apache-log | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log index 96e91877..6a6dfadd 100644 --- a/bin/v-make-main-apache-log +++ b/bin/v-make-main-apache-log @@ -11,10 +11,4 @@ if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i fi systemctl restart apache2 -if [ ! -f "/root/analyze-traffic-per-time.php" ]; then - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-time.php -O /root/analyze-traffic-per-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-time.php -O /root/analyze-traffic-per-site-sort-by-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-site-sort-by-hits.php -O /root/analyze-traffic-per-site-sort-by-hits.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-time.php -O /root/analyze-traffic-per-ip-sort-by-time.php - wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic-per-ip-sort-by-hits.php -O /root/analyze-traffic-per-ip-sort-by-hits.php -fi +wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php From 24908aede144d562daaf830b578f7761c55040c3 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:22:54 +0100 Subject: [PATCH 226/348] Update v-move-folder-and-make-symlink --- bin/v-move-folder-and-make-symlink | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index 81561a97..2ee241fa 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -66,19 +66,20 @@ fi # Action # #----------------------------------------------------------# -rsync -a "$FROMFOLDER/" "$TOFOLDER/" -# with slashes on the end of the path of both folders -if [ "$?" -ne 0 ]; then - echo "Error happened, aborting" - exit 1 -fi - if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1 # with slashes on the end of the path of the folder fi +# rsync -a "$FROMFOLDER/" "$TOFOLDER/" +mv "$FROMFOLDER" "$TOFOLDER" +# with slashes on the end of the path of both folders +if [ "$?" -ne 0 ]; then + echo "Error happened, aborting" + exit 1 +fi + rm -rf "$FROMFOLDER" # without slash on the end of the path of the folder From 4437f6f0dac75831169d291a0ee41cd084340310 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:25:04 +0100 Subject: [PATCH 227/348] Update v-move-folder-and-make-symlink --- bin/v-move-folder-and-make-symlink | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index 2ee241fa..c8b54779 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -73,8 +73,9 @@ if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then fi # rsync -a "$FROMFOLDER/" "$TOFOLDER/" -mv "$FROMFOLDER" "$TOFOLDER" # with slashes on the end of the path of both folders + +mv "$FROMFOLDER" "$TOFOLDER" if [ "$?" -ne 0 ]; then echo "Error happened, aborting" exit 1 From 01e4890a97e49b1cc99507794e30aa2f8dd12c9f Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 31 Mar 2025 16:41:43 +0200 Subject: [PATCH 228/348] Update multi-php-install.sh: Fixing disable_functions line --- src/deb/for-download/tools/multi-php-install.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 70d589cc..aa1b7353 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -405,8 +405,8 @@ if [ "$inst_84" -eq 1 ]; then fi -apt update > /dev/null 2>&1 -apt upgrade -y > /dev/null 2>&1 +# apt update > /dev/null 2>&1 +# apt upgrade -y > /dev/null 2>&1 if [ $debian_version -ge 10 ]; then a2dismod ruid2 > /dev/null 2>&1 @@ -454,6 +454,10 @@ if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then echo "=== upgrading tailf_apache_error.php done." sleep 3 echo "" - echo "Everything done." - echo "" fi + +# Fixing php.ini files to have the correct disable_functions line +/usr/local/vesta/bin/v-fix-php-ini-disable-functions + +echo "Everything done." +echo "" From 57f179ad05b1ac1cd261d7a0d476f1ff7c8b0b62 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 20:23:46 +0200 Subject: [PATCH 229/348] When deleting a domain, also delete the database if the domain has a database. --- bin/v-delete-database-of-domain | 69 +++++++++++++++++++++++++++++++++ bin/v-delete-domain | 7 ++-- 2 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 bin/v-delete-database-of-domain diff --git a/bin/v-delete-database-of-domain b/bin/v-delete-database-of-domain new file mode 100644 index 00000000..30fd18c0 --- /dev/null +++ b/bin/v-delete-database-of-domain @@ -0,0 +1,69 @@ +#!/bin/bash +# info: delete database if domain has database +# options: DOMAIN +# +# The function for deleting database if domain has database + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +RET=$OK + +# echo "=================================" +r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain) +# echo $r +eval $r +# echo "=================================" + +if [ ! -z "$DATABASE_NAME" ]; then + echo "=== v-delete-database $USER $DATABASE_NAME" + /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME + if [ $? -ne 0 ]; then + echo "=== v-delete-database failed" + RET=$E_NOTEXIST + fi +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +log_event "$RET" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-domain b/bin/v-delete-domain index b6294679..1ca3373b 100755 --- a/bin/v-delete-domain +++ b/bin/v-delete-domain @@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user" if [ ! -z "$WEB_SYSTEM" ]; then str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf) if [ ! -z "$str" ]; then + $BIN/v-delete-database-of-domain $domain domain_found='yes' $BIN/v-delete-web-domain $user $domain 'no' - check_result $? "can't suspend web" > /dev/null + check_result $? "can't delete web" > /dev/null fi fi @@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-dns-domain $user $domain 'no' - check_result $? "can't suspend dns" > /dev/null + check_result $? "can't delete dns" > /dev/null fi fi @@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-mail-domain $user $domain - check_result $? "can't suspend mail" > /dev/null + check_result $? "can't delete mail" > /dev/null fi fi From a86f76de091d904cf7e117a374124285aea78a6e Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 23:20:42 +0200 Subject: [PATCH 230/348] Update db.sh - mysqldump --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB --- func/db.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/func/db.sh b/func/db.sh index 58a339ee..7e4f4d97 100644 --- a/func/db.sh +++ b/func/db.sh @@ -58,7 +58,7 @@ mysql_query() { mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then From 8bdfade3d4a9a978a94ce741cab7f520b81bfdae Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 16 Apr 2025 23:55:21 +0200 Subject: [PATCH 231/348] Update vst-install-debian.sh --- install/vst-install-debian.sh | 55 +++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 850b91f7..1c1a6da7 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -753,31 +753,36 @@ if [ "$mysql" = 'no' ]; then fi if [ "$mysql8" = 'yes' ]; then echo "=== Preparing MySQL 8 apt repo" - software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') - software=$(echo "$software" | sed -e 's/exim4//') - #software="$software php-mysql roundcube-mysql" - echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list - echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list - echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list - echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list - echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - - # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 - key="467B942D3A79BD29" - readonly key - GNUPGHOME="$(mktemp -d)" - export GNUPGHOME - for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) - do - gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break - done - gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg - gpgconf --kill all - rm -rf "${GNUPGHOME}" - unset GNUPGHOME + if [ "$release" -lt 12 ]; then + software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') + software=$(echo "$software" | sed -e 's/exim4//') + #software="$software php-mysql roundcube-mysql" + echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list + echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list + echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list + echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list + echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + + # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 + key="467B942D3A79BD29" + readonly key + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) + do + gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break + done + gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg + gpgconf --kill all + rm -rf "${GNUPGHOME}" + unset GNUPGHOME + else + wget https://dev.mysql.com/get/mysql-apt-config_0.8.30-1_all.deb + dpkg -i mysql-apt-config_0.8.30-1_all.deb + fi mpass=$(gen_pass) debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass" From 0d86e2ca4081e2a83eea05f416d82a0bb7d92fdf Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Thu, 24 Apr 2025 22:31:47 +0200 Subject: [PATCH 232/348] Calculate size of directories on /hdd too --- bin/v-update-mail-domain-disk | 3 ++- bin/v-update-mail-domains-disk | 4 ++-- bin/v-update-web-domain-disk | 8 ++++++++ bin/v-update-web-domains-disk | 7 ++++++- func/main.sh | 11 +++++++++++ 5 files changed, 29 insertions(+), 4 deletions(-) diff --git a/bin/v-update-mail-domain-disk b/bin/v-update-mail-domain-disk index 451dbd37..be5502e7 100755 --- a/bin/v-update-mail-domain-disk +++ b/bin/v-update-mail-domain-disk @@ -49,7 +49,8 @@ dom_diks=0 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk index 1dae64cf..807218e3 100755 --- a/bin/v-update-mail-domains-disk +++ b/bin/v-update-mail-domains-disk @@ -35,9 +35,9 @@ fi #----------------------------------------------------------# # Starting loop -for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'mail' 'DOMAIN'); do dom_diks=0 - accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT') + accounts=$(list_objects "mail/$domain" 'ACCOUNT') for account in $accounts; do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then diff --git a/bin/v-update-web-domain-disk b/bin/v-update-web-domain-disk index ac851b92..1bee4685 100755 --- a/bin/v-update-web-domain-disk +++ b/bin/v-update-web-domain-disk @@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi +# Defining hdd home directory +home_dir="/hdd$HOMEDIR/$user/web/$domain/" + +# Checking home directory exist +if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-web-domains-disk b/bin/v-update-web-domains-disk index 5951f289..5ee58abf 100755 --- a/bin/v-update-web-domains-disk +++ b/bin/v-update-web-domains-disk @@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Domain loop -for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'web' 'DOMAIN'); do home_dir="$HOMEDIR/$user/web/$domain/" if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi + home_dir="/hdd$HOMEDIR/$user/web/$domain/" + if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) + fi update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage" done diff --git a/func/main.sh b/func/main.sh index 10de469a..447a6b35 100644 --- a/func/main.sh +++ b/func/main.sh @@ -359,6 +359,17 @@ search_objects() { IFS="$OLD_IFS" } +# List objects +list_objects() { + OLD_IFS="$IFS" + IFS=$'\n' + for line in $(cat $USER_DATA/$1.conf); do + eval $line + eval echo \$$2 + done + IFS="$OLD_IFS" +} + # Get user value get_user_value() { grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}' From 73884322616a5ed7402e005fe9d5754c0da6c394 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Fri, 25 Apr 2025 13:52:35 +0200 Subject: [PATCH 233/348] parse_object_kv_list_non_eval() --- func/main.sh | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/func/main.sh b/func/main.sh index 447a6b35..03773920 100644 --- a/func/main.sh +++ b/func/main.sh @@ -1154,3 +1154,82 @@ check_if_service_exists() { echo "0" fi } + +# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl. +# Inspired by HestiaCP function and improved +parse_object_kv_list_non_eval() { + # Let's combine all the parameters into one string, replace the new lines with a space + local str="${*//$'\n'/ }" + str=${str//\\\'/---QUOTE---} + str=${str//\\\"/---DQUOTE---} + local backup_str=$str + + local key val match i length length_val prefix position cut + i=0 + # Searching for key='value' blocks + # Loop until we find the next key='value' + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done + + # Terminate function if we don't expect strings with double apostrophes + if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then + return; + fi + + # Searching for key="value" blocks + str=$backup_str + i=0 + # Loop until we find the next key="value" + while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do + key="${BASH_REMATCH[1]}" + val="${BASH_REMATCH[2]}" + match="${BASH_REMATCH[0]}" + length=${#match} + length_val=${#match} + + # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) + if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then + check_result "$E_INVALID" "Invalid key format [$key]" + fi + + # Declaring a global variable + val=${val/---QUOTE---/\\\'} + val=${val/---DQUOTE---/\\\"} + declare -g "$key"="$val" + + # Let's remove the processed part from str to continue + prefix=${str%%"$key="*} + position=${#prefix} + cut=$((position + 1 + length_val)) + str=${str:cut} + ((i++)) + if [ $i -eq 100 ]; then + check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" + fi + done +} From 6dccbb8276ef0ed6fa2102a83c90675c7520e260 Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 7 May 2025 10:37:06 +0200 Subject: [PATCH 234/348] Update vst-install-debian.sh: mysql-apt-config_0.8.34-1_all.deb --- install/vst-install-debian.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 1c1a6da7..3a60c85c 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -780,8 +780,9 @@ if [ "$mysql8" = 'yes' ]; then rm -rf "${GNUPGHOME}" unset GNUPGHOME else - wget https://dev.mysql.com/get/mysql-apt-config_0.8.30-1_all.deb - dpkg -i mysql-apt-config_0.8.30-1_all.deb + # check latest on: https://dev.mysql.com/downloads/repo/apt/ + wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb + dpkg -i mysql-apt-config_0.8.34-1_all.deb fi mpass=$(gen_pass) From 83d12510e32997a0787a3508b08d111e4a7ec4ca Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Mon, 12 May 2025 17:27:13 +0200 Subject: [PATCH 235/348] Update v-add-letsencrypt-domain: Detecting valid status on wildcard variant --- bin/v-add-letsencrypt-domain | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 97e555fa..a7c7fbb8 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -308,6 +308,11 @@ for auth in $authz; do if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then break fi + if [ "$wildcard" = 'yes' ]; then + if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then + break + fi + fi i=$((i + 1)) if ((i > 30)); then break From d3fb4e13d593c0c9317afd3add1f3e62bc0a6e7b Mon Sep 17 00:00:00 2001 From: myvesta <38690722+myvesta@users.noreply.github.com> Date: Wed, 14 May 2025 14:50:22 +0200 Subject: [PATCH 236/348] v-move-domain-and-database-to-account: Update wordfence-waf.php Update v-move-domain-and-database-to-account Update v-delete-web-domain: deleting /hdd/home/$user/web/$domain Update v-delete-user: deleting /hdd/home/$user Update v-delete-mail-domain: removing /hdd/home/$user/mail/$domain_idn Update v-change-domain-owner: moving /hdd/home/$owner/web/$domain Update v-change-domain-owner: moving /hdd/home/$owner/mail/$domain Update v-move-folder-and-make-symlink: debug and additional checking --- bin/v-change-domain-owner | 8 +++++ bin/v-delete-mail-domain | 3 ++ bin/v-delete-user | 2 +- bin/v-delete-web-domain | 3 ++ bin/v-move-domain-and-database-to-account | 44 ++++++++++++++++------- bin/v-move-folder-and-make-symlink | 12 +++++++ 6 files changed, 59 insertions(+), 13 deletions(-) diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 09ae9bcc..ed5fa5a4 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -82,6 +82,10 @@ if [ ! -z "$web_data" ]; then # Move data mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/ + if [ -d "/hdd/home/$owner/web/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain + fi + # Change ownership find $HOMEDIR/$user/web/$domain -user $owner \ -exec chown -h $user:$user {} \; @@ -152,6 +156,10 @@ if [ ! -z "$mail_data" ]; then # Move data mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/ + if [ -d "/hdd/home/$owner/mail/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain + fi + # Change ownership find $HOMEDIR/$user/mail/$domain -user $owner \ -exec chown -h $user {} \; diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index ee727aa9..9be565bb 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn rm -rf $HOMEDIR/$user/conf/mail/$domain rm -rf $HOMEDIR/$user/mail/$domain_idn + if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then + rm -rf /hdd/home/$user/mail/$domain_idn + fi fi # Deleting dkim dns record diff --git a/bin/v-delete-user b/bin/v-delete-user index 120b1f72..cdf809eb 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,7 +94,7 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user -if [ -f "/hdd/home/$user" ]; then +if [ -d "/hdd/home/$user" ]; then rm -rf /hdd/home/$user fi rm -f /var/spool/mail/$user diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 43362e34..e64dd9a7 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -130,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error* # Deleting directory rm -rf $HOMEDIR/$user/web/$domain +if [ -d "/hdd/home/$user/web/$domain" ]; then + rm -rf /hdd/home/$user/web/$domain +fi #----------------------------------------------------------# diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index 08180d99..383fd26e 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -92,31 +92,51 @@ fi # Update Wordfence WAF Path # #----------------------------------------------------------# -# Path to .user.ini file -user_ini="$USER_DATA/web/$domain/public_html/.user.ini" +filepath="/home/USER_TO/web/$domain/public_html/.user.ini" +filename=$(basename $filepath) -# Check if .user.ini exists -if [ -f "$user_ini" ]; then - echo "Updating .user.ini with new user path..." +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." # Temporary file for modification tmp_file=$(mktemp) # Change path from old USER to new USER_TO - sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$user_ini" > "$tmp_file" + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" - # Check if replacement was successful and update .user.ini + # Check if replacement was successful and update file if [ $? -eq 0 ]; then - mv "$tmp_file" "$user_ini" - echo ".user.ini updated successfully." + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." else - echo "Failed to update .user.ini file." + echo "Failed to update $filename file." rm "$tmp_file" # Deletes temporary file fi -else - echo ".user.ini does not exist, no changes made." fi +filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php" +filename=$(basename $filepath) + +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" + + # Check if replacement was successful and update file + if [ $? -eq 0 ]; then + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." + else + echo "Failed to update $filename file." + rm "$tmp_file" # Deletes temporary file + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index c8b54779..ccd66b7c 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -19,6 +19,8 @@ fi FROMFOLDER=$1 TOFOLDER=$2 +echo "Executing: v-move-folder-and-make-symlink $1 $2" + # Includes source $VESTA/func/main.sh @@ -26,6 +28,16 @@ source $VESTA/func/main.sh # Verifications # #----------------------------------------------------------# +if [ -z "$FROMFOLDER" ]; then + echo "First parameter is empty, aborting" + exit 1 +fi + +if [ -z "$TOFOLDER" ]; then + echo "Second parameter is empty, aborting" + exit 1 +fi + # Trimming the ending slash, just in case FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::') TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::') From 451b025f1f52641196d71feeec2f835ed6aebadb Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Fri, 23 May 2025 14:04:03 +0200 Subject: [PATCH 237/348] Create v-delete-mails --- bin/v-delete-mails | 127 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 bin/v-delete-mails diff --git a/bin/v-delete-mails b/bin/v-delete-mails new file mode 100644 index 00000000..24ac68e5 --- /dev/null +++ b/bin/v-delete-mails @@ -0,0 +1,127 @@ +#!/bin/bash +# info: delete old emails (by mtime) for user/domain/account, with optional scope +# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE +# SCOPE: all – clean every Maildir folder (cur, new, tmp, custom subfolders) +# trash – clean only Trash/Junk/Spam folders + +# load Vesta functions & config +source "$VESTA/func/main.sh" +source "$VESTA/conf/vesta.conf" + +# read arguments +user="$1" +domain="$2" +account="$3" +mtime="$4" +scope="$5" + +# verify argument count +check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE' + +# validate scope +if [[ "$scope" != "all" && "$scope" != "trash" ]]; then + echo "ERROR: SCOPE must be 'all' or 'trash'." + exit 1 +fi + +# validate logical combinations +if [[ "$user" == "all" ]]; then + if [[ "$domain" != "all" || "$account" != "all" ]]; then + echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'." + exit 1 + fi +elif [[ "$domain" == "all" && "$account" != "all" ]]; then + echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'." + exit 1 +fi + +# build a detailed summary for the warning +declare -a summary_parts +if [[ "$user" == "all" ]]; then + summary_parts+=("all users") +else + summary_parts+=("user '$user'") +fi + +if [[ "$domain" == "all" ]]; then + summary_parts+=("all domains") +else + summary_parts+=("domain '$domain'") +fi + +if [[ "$account" == "all" ]]; then + summary_parts+=("all accounts") +else + summary_parts+=("account '$account'") +fi + +# join with commas +summary=$(printf ", %s" "${summary_parts[@]}") +summary=${summary:2} + +# only warn if any of them is 'all' or if mtime is 'all' +if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then + echo "WARNING: This will delete emails older than '$mtime' days for ${summary}." + read -p "Are you sure? (yes/no): " confirm + [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; } +fi + +# function to delete emails +delete_emails() { + local u="$1" d="$2" a="$3" + local maildir="/home/$u/mail/$d/$a" + + [[ ! -d "$maildir" ]] && return + + echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime" + + # build find predicates + if [[ "$scope" == "all" ]]; then + folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" ) + else + folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" ) + fi + + # assemble and run find + if [[ "$mtime" == "all" ]]; then + find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null + else + find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null + fi +} + +# collect users +if [[ "$user" == "all" ]]; then + users=$(v-list-users plain | awk '{print $1}') +else + users="$user" +fi + +# iterate through users, domains, accounts +for u in $users; do + if [[ "$domain" == "all" ]]; then + domains=$(v-list-mail-domains "$u" plain | awk '{print $1}') + else + domains="$domain" + fi + + for d in $domains; do + if [[ "$account" == "all" ]]; then + accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}') + else + accounts="$account" + fi + + for a in $accounts; do + delete_emails "$u" "$d" "$a" + done + done +done + +# restart dovecot to refresh mailbox state +systemctl restart dovecot + +# log the action (status first, then message) +log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account" + +exit 0 From cb6e8e4926d264fed06b96b8c34d4dd3a5c48f15 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 24 May 2025 13:31:57 +0200 Subject: [PATCH 238/348] nginx block-firewall.conf when user block 80,443 in Firewall --- bin/v-add-firewall-rule | 10 ++++++++++ bin/v-change-firewall-rule | 10 ++++++++++ bin/v-delete-firewall-rule | 9 +++++++++ 3 files changed, 29 insertions(+) diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule index 6fb867d3..b815778b 100755 --- a/bin/v-add-firewall-rule +++ b/bin/v-add-firewall-rule @@ -83,6 +83,16 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-firewall-rule b/bin/v-change-firewall-rule index d2502bce..aad2ec38 100755 --- a/bin/v-change-firewall-rule +++ b/bin/v-change-firewall-rule @@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'" str="$str TIME='$time' DATE='$date'" +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting old rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf @@ -74,6 +76,14 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + NEWIP=$ip + parse_object_kv_list_non_eval "$oldvalues" + sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 8f646644..61f7602d 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # From 4c495a1d691bf97042a51f34fc69506cde72e606 Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Tue, 15 Oct 2024 17:47:13 +0200 Subject: [PATCH 239/348] Update index.php --- web/edit/server/index.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/web/edit/server/index.php b/web/edit/server/index.php index 49c577d8..eed4baab 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -339,7 +339,8 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); + $v_backup_port = escapeshellarg($_POST['v_backup_port']); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -347,12 +348,12 @@ if (!empty($_POST['save'])) { if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username']; if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password']; if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath']; + if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port']; $v_backup_new = 'yes'; $v_backup_adv = 'yes'; $v_backup_remote_adv = 'yes'; } } - // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { From ff7bc2baa5e3e2f7b12ebd3f1002e47144ba3f9e Mon Sep 17 00:00:00 2001 From: ikheetjeff <76551334+ikheetjeff@users.noreply.github.com> Date: Tue, 15 Oct 2024 17:50:47 +0200 Subject: [PATCH 240/348] Update edit_server.html --- web/templates/admin/edit_server.html | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index b5da08de..888b081f 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -641,6 +641,17 @@

+ + + + + + + + "> +

+ + From fa8dd64c5a33fb55e219870a60e424538c31d3ab Mon Sep 17 00:00:00 2001 From: myvesta Date: Sun, 25 May 2025 13:51:13 +0200 Subject: [PATCH 241/348] Adding ProFTPD jail rule to Fail2Ban --- install/vst-install-debian.sh | 14 ++++++++++++++ src/deb/vesta/postinst | 29 ++++++++++++++++++++++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 3a60c85c..ad10b341 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1690,6 +1690,20 @@ if [ "$fail2ban" = 'yes' ]; then chmod 640 /var/log/auth.log chown root:adm /var/log/auth.log fi + if [ "$proftpd" = 'yes' ]; then + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fi + #update-rc.d fail2ban defaults currentservice='fail2ban' ensure_startup $currentservice diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 9f8ee3e8..dc5c64c2 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,29 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Adding ProFTPD to Fail2Ban +if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then + if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then + echo "== Adding ProFTPD to Fail2Ban" + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') + if [ $fail2ban_running -eq 1 ]; then + echo "== Restarting Fail2Ban" + systemctl restart fail2ban + fi + fi +fi + # Removing SpamHaus DNSBL if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf @@ -163,7 +186,11 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then echo "== Enabling TLS for ProFTPD FTPS" wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf - systemctl restart proftpd + proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running') + if [ $proftpd_running -eq 1 ]; then + echo "== Restarting ProFTPD" + systemctl restart proftpd + fi fi fi fi From de5365280f6778cfa92ab653aa0c8319b9663ed1 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 28 May 2025 17:11:55 +0200 Subject: [PATCH 242/348] Adding myVesta rules to SpamAssassin --- install/vst-install-debian.sh | 9 ++++++++ src/deb/vesta/postinst | 43 +++++++++++++++++++++++++++++++++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ad10b341..ff19d1d5 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1581,6 +1581,15 @@ if [ "$spamd" = 'yes' ]; then echo "=== Patching spamassassin dns_server" sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf + echo "== Adding myVesta rules to SpamAssassin" + cat < /etc/spamassassin/myvesta.cf +score RCVD_IN_RP_SAFE 0 +score RCVD_IN_RP_CERTIFIED 0 +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf ensure_startup $currentservice systemctl restart $currentservice diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index dc5c64c2..523678e3 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,41 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Adding myVesta rules to SpamAssassin +if [ -d "/etc/spamassassin" ]; then + spamassassin_modified=0 + if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then + touch /etc/spamassassin/myvesta.cf + fi + if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then + echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin" + echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf + echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf + spamassassin_modified=1 + fi + if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then + echo "== Adding SPF_FAIL myVesta rules to SpamAssassin" + cat <> /etc/spamassassin/myvesta.cf +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + spamassassin_modified=1 + fi + + if [ $spamassassin_modified -eq 1 ]; then + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') + if [ $spamassassin_running -eq 1 ]; then + echo "== Restarting SpamAssassin" + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi + fi + fi +fi + # Adding ProFTPD to Fail2Ban if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then @@ -122,14 +157,18 @@ fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin') - spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin' | grep -c 'running') + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') if [ $spamassassin_installed -eq 1 ]; then echo "== Adding Barracuda RBL to SpamAssassin" wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf fi if [ $spamassassin_running -eq 1 ]; then echo "== Restarting SpamAssassin" - systemctl restart spamassassin + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi fi touch /usr/local/vesta/data/upgrades/barracuda_rbl fi From 92029a97335afed541fce852d64d1eb577e8c13f Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 30 May 2025 22:08:44 +0200 Subject: [PATCH 243/348] v-import-cpanel-backup: /*!999999\- enable the sandbox mode */ fix --- bin/v-import-cpanel-backup | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index a70213dd..43e8c3bf 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,11 +157,15 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + fi mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + fi mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" From 5ca293c9b2c61b27e4123e903291064db861bb21 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 31 May 2025 22:01:57 +0200 Subject: [PATCH 244/348] Session DISABLE_IP_CHECK --- bin/v-list-sys-config | 3 ++- web/inc/main.php | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index 127f2176..a0fdbbbc 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -54,7 +54,8 @@ json_list() { "SOFTACULOUS": "'$SOFTACULOUS'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'", "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", - "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'", + "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'" } }' } diff --git a/web/inc/main.php b/web/inc/main.php index 26df863e..f13e4142 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -38,8 +38,13 @@ if(!isset($_SESSION['user_combined_ip'])){ $_SESSION['user_combined_ip'] = $user_combined_ip; } +$SKIP_IP_CHECK = false; +if (isset($_SESSION['DISABLE_IP_CHECK']) && $_SESSION['DISABLE_IP_CHECK'] == 'yes') { + $SKIP_IP_CHECK = true; +} + // Checking user to use session from the same IP he has been logged in -if($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){ +if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $SKIP_IP_CHECK==false) { session_destroy(); session_start(); $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; From 435a3627653dd1a942824a418a91e91da0978dd8 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 1 Jun 2025 14:44:18 +0200 Subject: [PATCH 245/348] Converting CRLF to LF in a few files --- .../10/templates/web/nginx/private-hosting.sh | 22 +- .../11/templates/web/nginx/private-hosting.sh | 22 +- .../12/templates/web/nginx/private-hosting.sh | 22 +- src/deb/ioncube/copyright | 486 +++++++++--------- web/list/firewall/banlist/ip_info.php | 328 ++++++------ 5 files changed, 440 insertions(+), 440 deletions(-) diff --git a/install/debian/10/templates/web/nginx/private-hosting.sh b/install/debian/10/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/10/templates/web/nginx/private-hosting.sh +++ b/install/debian/10/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/templates/web/nginx/private-hosting.sh b/install/debian/11/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/11/templates/web/nginx/private-hosting.sh +++ b/install/debian/11/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/private-hosting.sh b/install/debian/12/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/12/templates/web/nginx/private-hosting.sh +++ b/install/debian/12/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/src/deb/ioncube/copyright b/src/deb/ioncube/copyright index bd92bd81..c62257d2 100644 --- a/src/deb/ioncube/copyright +++ b/src/deb/ioncube/copyright @@ -1,243 +1,243 @@ -LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE -OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) - -YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE -LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP -LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU -DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY -AND/OR USE THE LOADER SOFTWARE. - -DEFINITIONS - -The following definitions shall apply in this document: - -LOADER shall mean the ionCube PHP Loader software package or collection -of Loaders, including any modifications or upgrades to the software, used for -executing PHP scripts previously encoded with the ionCube PHP Encoder -software to render them non-humanly readable, and any associated -documentation or electronic or online materials relating to the software. - -ENCODER shall mean any ionCube PHP Encoder software or service used for the -purpose of producing non-humanly readable encoded files from PHP scripts. - -ENCODED FILE shall mean a non-humanly readable file produced by the -Encoder and being derived from humanly readable PHP script source. - -PROVIDER shall mean ionCube Ltd. - -USER/YOU shall mean any entity who has downloaded or obtained through any -other means a version of the Loader software. - - -1 LICENSE ENTITLEMENT - -1.1 The Loader is provided without charge. Title to the Loader does not pass -to the user in any circumstances. The Loader is supplied as object code. - -1.2 The provider grants a personal, non-transferable, non-exclusive licence to -use the Loader in accordance with the terms and conditions of this Licence -Agreement. - -1.3 The installation or downloading and use of the Loader entitles the user -to install and use the Loader for its own internal lawful purposes. - - -2 DISTRIBUTION - -2.1 The Loader may be freely distributed to third parties alone or as -part of a distribution containing other items provided that this license -is also included. - -2.2 The Loader may under no circumstances be branded as another product, -whether distributed or not. - -2.3 Distribution as part of a commercial product is permitted provided such -distribution is in accordance with clauses 2.1 and 2.2 with respect to the -Loader. - - -3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION - -Except insofar as the user is permitted to do so in accordance with applicable -law: - -3.1 Any analysis of the Loader and embedded data by any means and by -any entity whether human or otherwise and including but without limitation to -discover details of internal operation, to reverse engineer, to de-compile -object code, or to modify for the purposes of modifying behaviour is -forbidden. - -3.2 Any analysis of encoded files by any means and by any entity whether human -or otherwise and including but without limitation to discover details of file -format or for the purposes of modifying behaviour or scope of their usage is -forbidden. - - -4 WARRANTY - -THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED -WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE -DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED -OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN -CONJUNCTION WITH ANY OTHER PRODUCT. - - -5 LIMITATION OF LIABILITY - -5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY -PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER -CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE -AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS -EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL -WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING -FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR -OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY -LAW. - -5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT -ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS -A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS -OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE -PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH -DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS -TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. - -5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS -LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE -PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. - -5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY -E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY -THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING -TRANSMISSION. - - -6 BUG FIXING AND PRODUCT SUPPORT - -6.1 The provider will use reasonable endeavours to provide support to users. -The provider will at their discretion only provide support for the latest -release. - -6.2 Support comprises of fault reporting via tickets and fault diagnosis, -recommendations on workarounds, and where reasonably possible a timely -resolution. - -6.3 The user accepts that on occasion the ability of the provider to meet -anticipated or published support schedules may be impaired due to, but without -limitation, Internet service provider failures or software failures that -affect the ability to communicate for an indeterminate period. - -6.4 The provider reserves the right to refuse to provide support at any time. - -6.5 The provider wishes to maintain and offer a product of the highest -possible quality, and accordingly may from time to time and at its discretion -make product changes for the purpose of correcting behaviour in variance to -the published specification or the user's reasonable expectations. - -6.6 The provider reserves the right to charge for support where the user does -not have a valid support plan in place, or where the support offered exceeds -the scope of the active support plan. - - -7 PRODUCT UPGRADES - -7.1 The provider may from time to time release product upgrades. These will -be provided free of charge and attempts made to provide a timely notification -to customers of the existence of any new release. - - -8 ERRORS AND OMISSIONS - -Whilst reasonable endeavours are made to ensure the accuracy of documentation -concerning the details of the Loader, the user accepts the possibility of -inaccuracies in information presented in any format, including email -communications and online services. The provider shall under no circumstances -be liable for any events that arise as a result of unintentional inaccuracies -or omissions. - - -9 USER INDEMNITY - -You agree to fully indemnify, defend and hold the provider harmless -immediately upon demand from and against all actions, liability, claims, -losses, damages, costs and expenses (including legal/attorney fees) incurred -by the provider arising directly or indirectly as a result of your breach of -this Licence Agreement. - - -10 INTELLECTUAL PROPERTY RIGHTS - -10.1 The user acknowledges that the Loader and associated documentation and -materials contain proprietary information of the provider and are and shall -remain the exclusive property of the provider and/or its licensors and all -title, copyright, trade marks, trade names, patents and other intellectual -property rights therein of whatever nature shall remain the sole property of -the provider and/or its licensors. - -10.2 No title to or rights of ownership, copyright or other intellectual -property in the Loader is transferred to the user (other than the licence -rights expressly granted in this Licence Agreement). - - -11 TERMINATION - -11.1 The provider reserves the right to terminate this Licence Agreement -immediately by notice in writing against the user if the user is in breach of -any terms and conditions of this Licence Agreement. - -11.2 Termination of this Licence Agreement for any reason shall be without -prejudice to any other rights or remedies of the provider which may have -arisen on or before the date of termination under this Licence Agreement or in -law. - -11.3 The provisions of the following clauses shall survive any termination of -this agreement; clause 3, 5, 10 and 13. - - -12 GENERAL - -12.1 The provider reserves the right to transfer or assign all or any of its -rights and duties and responsibilities set out in this Licence Agreement to -another party. - -12.2 Headings have been included for convenience only and will not be used in -construing any provision of this Licence Agreement. - -12.3 No delay or failure by the provider to exercise any powers, rights or -remedies under this Licence Agreement will operate as a waiver of them nor -will any single or partial exercise of any such powers, rights or remedies -include any other or further exercise of them. - -12.4 If any part of this Licence Agreement is found by a court of competent -jurisdiction or other competent authority to be invalid, unlawful or -unenforceable then such part shall be severed from the remainder of this -Licence Agreement which will continue to be valid and enforceable to the -fullest extent permitted by applicable law. - -12.5 This Licence Agreement including the documents or other sources referred -to herein supersede all prior representations, understandings and agreements -between the user and the provider relating to the Loader and sets forth the -entire agreement and understanding between the user and the provider relating -to the Loader. - -12.6 Nothing in this Licence Agreement shall be deemed to constitute a -partnership between you and the provider nor constitute either party being an -agent of the other party. - -12.7 This Agreement does not create any rights or benefits enforceable by any -person not a party to it (within the meaning of the U.K.Contracts (Rights of -Third Parties) Act 1999) except that a person who under clause 12.1 is a -permitted successor or assignee of the rights or benefits of the provider may -enforce such rights or benefits. - - -13 GOVERNING LAW AND JURISDICTION - -This License Agreement and any issues relating thereto shall be construed and -interpreted in accordance with the laws of England and subject to the -exclusive jurisdiction of the English courts. - -Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 +LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE +OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) + +YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE +LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP +LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU +DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY +AND/OR USE THE LOADER SOFTWARE. + +DEFINITIONS + +The following definitions shall apply in this document: + +LOADER shall mean the ionCube PHP Loader software package or collection +of Loaders, including any modifications or upgrades to the software, used for +executing PHP scripts previously encoded with the ionCube PHP Encoder +software to render them non-humanly readable, and any associated +documentation or electronic or online materials relating to the software. + +ENCODER shall mean any ionCube PHP Encoder software or service used for the +purpose of producing non-humanly readable encoded files from PHP scripts. + +ENCODED FILE shall mean a non-humanly readable file produced by the +Encoder and being derived from humanly readable PHP script source. + +PROVIDER shall mean ionCube Ltd. + +USER/YOU shall mean any entity who has downloaded or obtained through any +other means a version of the Loader software. + + +1 LICENSE ENTITLEMENT + +1.1 The Loader is provided without charge. Title to the Loader does not pass +to the user in any circumstances. The Loader is supplied as object code. + +1.2 The provider grants a personal, non-transferable, non-exclusive licence to +use the Loader in accordance with the terms and conditions of this Licence +Agreement. + +1.3 The installation or downloading and use of the Loader entitles the user +to install and use the Loader for its own internal lawful purposes. + + +2 DISTRIBUTION + +2.1 The Loader may be freely distributed to third parties alone or as +part of a distribution containing other items provided that this license +is also included. + +2.2 The Loader may under no circumstances be branded as another product, +whether distributed or not. + +2.3 Distribution as part of a commercial product is permitted provided such +distribution is in accordance with clauses 2.1 and 2.2 with respect to the +Loader. + + +3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION + +Except insofar as the user is permitted to do so in accordance with applicable +law: + +3.1 Any analysis of the Loader and embedded data by any means and by +any entity whether human or otherwise and including but without limitation to +discover details of internal operation, to reverse engineer, to de-compile +object code, or to modify for the purposes of modifying behaviour is +forbidden. + +3.2 Any analysis of encoded files by any means and by any entity whether human +or otherwise and including but without limitation to discover details of file +format or for the purposes of modifying behaviour or scope of their usage is +forbidden. + + +4 WARRANTY + +THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED +WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE +DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED +OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN +CONJUNCTION WITH ANY OTHER PRODUCT. + + +5 LIMITATION OF LIABILITY + +5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY +PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER +CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE +AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS +EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL +WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING +FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR +OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY +LAW. + +5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT +ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS +A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS +OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE +PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH +DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS +TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. + +5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS +LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE +PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. + +5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY +E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY +THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING +TRANSMISSION. + + +6 BUG FIXING AND PRODUCT SUPPORT + +6.1 The provider will use reasonable endeavours to provide support to users. +The provider will at their discretion only provide support for the latest +release. + +6.2 Support comprises of fault reporting via tickets and fault diagnosis, +recommendations on workarounds, and where reasonably possible a timely +resolution. + +6.3 The user accepts that on occasion the ability of the provider to meet +anticipated or published support schedules may be impaired due to, but without +limitation, Internet service provider failures or software failures that +affect the ability to communicate for an indeterminate period. + +6.4 The provider reserves the right to refuse to provide support at any time. + +6.5 The provider wishes to maintain and offer a product of the highest +possible quality, and accordingly may from time to time and at its discretion +make product changes for the purpose of correcting behaviour in variance to +the published specification or the user's reasonable expectations. + +6.6 The provider reserves the right to charge for support where the user does +not have a valid support plan in place, or where the support offered exceeds +the scope of the active support plan. + + +7 PRODUCT UPGRADES + +7.1 The provider may from time to time release product upgrades. These will +be provided free of charge and attempts made to provide a timely notification +to customers of the existence of any new release. + + +8 ERRORS AND OMISSIONS + +Whilst reasonable endeavours are made to ensure the accuracy of documentation +concerning the details of the Loader, the user accepts the possibility of +inaccuracies in information presented in any format, including email +communications and online services. The provider shall under no circumstances +be liable for any events that arise as a result of unintentional inaccuracies +or omissions. + + +9 USER INDEMNITY + +You agree to fully indemnify, defend and hold the provider harmless +immediately upon demand from and against all actions, liability, claims, +losses, damages, costs and expenses (including legal/attorney fees) incurred +by the provider arising directly or indirectly as a result of your breach of +this Licence Agreement. + + +10 INTELLECTUAL PROPERTY RIGHTS + +10.1 The user acknowledges that the Loader and associated documentation and +materials contain proprietary information of the provider and are and shall +remain the exclusive property of the provider and/or its licensors and all +title, copyright, trade marks, trade names, patents and other intellectual +property rights therein of whatever nature shall remain the sole property of +the provider and/or its licensors. + +10.2 No title to or rights of ownership, copyright or other intellectual +property in the Loader is transferred to the user (other than the licence +rights expressly granted in this Licence Agreement). + + +11 TERMINATION + +11.1 The provider reserves the right to terminate this Licence Agreement +immediately by notice in writing against the user if the user is in breach of +any terms and conditions of this Licence Agreement. + +11.2 Termination of this Licence Agreement for any reason shall be without +prejudice to any other rights or remedies of the provider which may have +arisen on or before the date of termination under this Licence Agreement or in +law. + +11.3 The provisions of the following clauses shall survive any termination of +this agreement; clause 3, 5, 10 and 13. + + +12 GENERAL + +12.1 The provider reserves the right to transfer or assign all or any of its +rights and duties and responsibilities set out in this Licence Agreement to +another party. + +12.2 Headings have been included for convenience only and will not be used in +construing any provision of this Licence Agreement. + +12.3 No delay or failure by the provider to exercise any powers, rights or +remedies under this Licence Agreement will operate as a waiver of them nor +will any single or partial exercise of any such powers, rights or remedies +include any other or further exercise of them. + +12.4 If any part of this Licence Agreement is found by a court of competent +jurisdiction or other competent authority to be invalid, unlawful or +unenforceable then such part shall be severed from the remainder of this +Licence Agreement which will continue to be valid and enforceable to the +fullest extent permitted by applicable law. + +12.5 This Licence Agreement including the documents or other sources referred +to herein supersede all prior representations, understandings and agreements +between the user and the provider relating to the Loader and sets forth the +entire agreement and understanding between the user and the provider relating +to the Loader. + +12.6 Nothing in this Licence Agreement shall be deemed to constitute a +partnership between you and the provider nor constitute either party being an +agent of the other party. + +12.7 This Agreement does not create any rights or benefits enforceable by any +person not a party to it (within the meaning of the U.K.Contracts (Rights of +Third Parties) Act 1999) except that a person who under clause 12.1 is a +permitted successor or assignee of the rights or benefits of the provider may +enforce such rights or benefits. + + +13 GOVERNING LAW AND JURISDICTION + +This License Agreement and any issues relating thereto shall be construed and +interpreted in accordance with the laws of England and subject to the +exclusive jurisdiction of the English courts. + +Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php index cf7607bf..e7888a75 100644 --- a/web/list/firewall/banlist/ip_info.php +++ b/web/list/firewall/banlist/ip_info.php @@ -1,164 +1,164 @@ - 'http://lists.blocklist.de/lists/all.txt', - 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', - 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', - 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', - 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', - 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', - 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', - ]; - $today = date('Y-m-d'); - - foreach ($lists as $code => $url) { - $cache_tag = 'ip-blacklist-' . $code . '-cache'; - - // init cache - if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; - - // invalidate cache if clear_cache parameter is 1 - if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; - - // if cache is not updated, fetch new data and save to cache - if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { - $new_cache_data = fetchURL($url, $url_result); - if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); - $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; - } - - // check ip - $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { - if (str_contains($item, '/')) return cidrMatch($ip, $item); - if ($ip == $item) return true; - return false; - }); - - $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; - $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; - $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; - } - - return $check_results; -} - -// Check token -if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { - die("Wrong token"); -} - -$ip = $_REQUEST['ip']; - -// Validate IP format -if (filter_var($ip, FILTER_VALIDATE_IP) === false) { - die('GENERAL ERROR
BAD_IP_FORMAT'); -} - -// Query host -$host = gethostbyaddr($ip); - -// Query blocklists -$result_blocklists = ''; -$ip_check = checkIP($ip); -if ($ip_check) { - foreach ($ip_check as $list_code => $list_results) { - $result_blocklists .= '
'; - $result_blocklists .= $list_results['found'] ? '' : ''; - $result_blocklists .= ' '.$list_code.' '; - $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; - $result_blocklists .= '
'; - } -} - -// Query location -$url = 'https://api.db-ip.com/v2/free/'.$ip; -$result = fetchURL($url); -$result_array = json_decode($result, true); -if (!is_array($result_array)) { - die('GENERAL ERROR
BAD_JSON'); -} -if (!empty($result_array['errorCode'])) { - die('GENERAL ERROR
'.$result_array['errorCode']); -} - -// Output -echo " -
-
".__('Host')."
-
".$host."
-
".__('Banlist')."
-
".$result_blocklists."
-
".__('Continent')."
-
".$result_array['continentName']." [".$result_array['continentCode']."]
-
".__('Country')."
-
".$result_array['countryName']." [".$result_array['countryCode']."]
-
".__('State / Province')."
-
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
-
".__('City / Locality')."
-
".$result_array['city']."
-
-"; + 'http://lists.blocklist.de/lists/all.txt', + 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', + 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', + 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', + 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', + 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', + 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', + ]; + $today = date('Y-m-d'); + + foreach ($lists as $code => $url) { + $cache_tag = 'ip-blacklist-' . $code . '-cache'; + + // init cache + if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; + + // invalidate cache if clear_cache parameter is 1 + if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; + + // if cache is not updated, fetch new data and save to cache + if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { + $new_cache_data = fetchURL($url, $url_result); + if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); + $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; + } + + // check ip + $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { + if (str_contains($item, '/')) return cidrMatch($ip, $item); + if ($ip == $item) return true; + return false; + }); + + $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; + $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; + $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; + } + + return $check_results; +} + +// Check token +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token"); +} + +$ip = $_REQUEST['ip']; + +// Validate IP format +if (filter_var($ip, FILTER_VALIDATE_IP) === false) { + die('GENERAL ERROR
BAD_IP_FORMAT'); +} + +// Query host +$host = gethostbyaddr($ip); + +// Query blocklists +$result_blocklists = ''; +$ip_check = checkIP($ip); +if ($ip_check) { + foreach ($ip_check as $list_code => $list_results) { + $result_blocklists .= '
'; + $result_blocklists .= $list_results['found'] ? '' : ''; + $result_blocklists .= ' '.$list_code.' '; + $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; + $result_blocklists .= '
'; + } +} + +// Query location +$url = 'https://api.db-ip.com/v2/free/'.$ip; +$result = fetchURL($url); +$result_array = json_decode($result, true); +if (!is_array($result_array)) { + die('GENERAL ERROR
BAD_JSON'); +} +if (!empty($result_array['errorCode'])) { + die('GENERAL ERROR
'.$result_array['errorCode']); +} + +// Output +echo " +
+
".__('Host')."
+
".$host."
+
".__('Banlist')."
+
".$result_blocklists."
+
".__('Continent')."
+
".$result_array['continentName']." [".$result_array['continentCode']."]
+
".__('Country')."
+
".$result_array['countryName']." [".$result_array['countryCode']."]
+
".__('State / Province')."
+
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
+
".__('City / Locality')."
+
".$result_array['city']."
+
+"; From 72252c561e8447b55d107a9d7be73baeb410363d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 1 Jun 2025 20:25:23 +0200 Subject: [PATCH 246/348] Small bug fix in main.php --- func/main.php | 1 + 1 file changed, 1 insertion(+) diff --git a/func/main.php b/func/main.php index 22834d42..4628c92a 100644 --- a/func/main.php +++ b/func/main.php @@ -53,6 +53,7 @@ function myvesta_check_args ($requried_arguments, $arguments) { $argument_counter=count($argv); $argument_counter--; $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]); + $command=$argv[0]; // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n"); if ($argument_counter<$requried_arguments) { $arguments=str_replace(" ", "' '", $arguments); From a3895aea0dd63526630cc44adbe5ed6234e3ba8d Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 2 Jun 2025 14:58:54 +0200 Subject: [PATCH 247/348] v-clear-fail2ban --- bin/v-clean-garbage | 7 ++++++ bin/v-clear-fail2ban | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 bin/v-clear-fail2ban diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 36b50830..11e29122 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -90,6 +90,13 @@ if [ $fail2ban_running -eq 1 ]; then fi if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + systemctl restart nginx + fi + fi fi if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban diff --git a/bin/v-clear-fail2ban b/bin/v-clear-fail2ban new file mode 100644 index 00000000..ab3ab30c --- /dev/null +++ b/bin/v-clear-fail2ban @@ -0,0 +1,59 @@ +#!/bin/bash +# info: Clean fail2ban database +# options: NONE +# +# The function is cleaning fail2ban database + +#----------------------------------------------------------# +# Verifications & Variable & Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# check if fail2ban is installed +fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban') +if [ $fail2ban_installed -eq 0 ]; then + echo "Fail2ban is not installed" + exit 1 +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Cleaning fail2ban database +fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') +if [ $fail2ban_running -eq 1 ]; then + echo "== Stopping fail2ban" + systemctl stop fail2ban +fi +if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then + echo "== Cleaning fail2ban database" + rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "== Cleaning nginx block.conf" + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting nginx" + systemctl restart nginx + fi + fi +fi +if [ $fail2ban_running -eq 1 ]; then + echo "== Starting fail2ban" + systemctl start fail2ban +fi + +echo "== Done, fail2ban database cleaned" + +log_event "$OK" "$ARGUMENTS" + +exit From 213ccd47df509c0bddc3554d8aa149adbbe076a2 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 3 Jun 2025 21:22:38 +0200 Subject: [PATCH 248/348] v-install-wordpress: Almost always use https --- bin/v-install-wordpress | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 5758e358..202919d0 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -95,19 +95,22 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1) # Action # #----------------------------------------------------------# -PROTOCOL='http' -if [ -z "$SKIP_LE" ]; then - if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then - /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" - fi -else - PROTOCOL='https' +PROTOCOL='https' + +if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then + echo "== Trying to install LetsEncrypt for domain $domain" + /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" +fi + +if [ ! -z "$FORCE_HTTP" ]; then + # Switch to http:// only if --FORCE_HTTP parameter is set + echo "== Force http://" + PROTOCOL='http' fi TPL_CHANGED=0; -if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then - PROTOCOL='https' +if [ "$PROTOCOL" = "https" ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" @@ -116,7 +119,8 @@ if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" fi -else +fi +if [ "$PROTOCOL" = "http" ]; then if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" @@ -147,11 +151,11 @@ sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user=" mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" echo "=================================================================" -echo "Installation is complete. Your username/password is listed below." +echo "Your WordPress installation is complete." echo "" -echo "Site: $PROTOCOL://$domain/" +echo "Website URL: $PROTOCOL://$domain/" echo "" -echo "Login: $PROTOCOL://$domain/wp-admin/" +echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/" echo "Username: $wpadmin" echo "Password: $password" echo "" From 4932dd3bb4908e8e3439497b456719fc7260a7e3 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 14:53:49 +0200 Subject: [PATCH 249/348] Fix dkim record deletion command in v-delete-mail-domain-dkim script --- bin/v-delete-mail-domain-dkim | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-delete-mail-domain-dkim b/bin/v-delete-mail-domain-dkim index f11e48d4..7cfbab58 100755 --- a/bin/v-delete-mail-domain-dkim +++ b/bin/v-delete-mail-domain-dkim @@ -48,7 +48,7 @@ fi # Deleting dns record if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') + dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}') for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done From 8d9a3e1ca0f6c570f87daefce71b4d0a12b4b763 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 16:23:42 +0200 Subject: [PATCH 250/348] v-change-user-package switched to parse_object_kv_list_non_eval --- bin/v-change-user-package | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-change-user-package b/bin/v-change-user-package index d0de98db..012d2f1f 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -23,7 +23,7 @@ is_package_avalable() { usr_data=$(cat $USER_DATA/user.conf) IFS=$'\n' for key in $usr_data; do - eval ${key%%=*}=${key#*=} + parse_object_kv_list_non_eval $key done WEB_DOMAINS='0' @@ -76,8 +76,8 @@ is_package_avalable() { } change_user_package() { - eval $(cat $USER_DATA/user.conf) - eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") + parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf) + parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") echo "FNAME='$FNAME' LNAME='$LNAME' PACKAGE='$package' From 89b7538fadfcc7d32f970c3cae5b650ee82bd7c4 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 17:08:08 +0200 Subject: [PATCH 251/348] Enhance package validation --- bin/v-add-user-package | 5 ++++- bin/v-change-user-package | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 0cab1a3d..e9fe210a 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -28,7 +28,7 @@ is_package_new() { } is_package_consistent() { - source $pkg_dir/$package.pkg + parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg) if [ "$WEB_DOMAINS" != 'unlimited' ]; then is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi @@ -63,6 +63,9 @@ is_package_consistent() { is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } diff --git a/bin/v-change-user-package b/bin/v-change-user-package index 012d2f1f..1e088bcc 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -16,6 +16,7 @@ force=$3 # Includes source $VESTA/func/main.sh +source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf is_package_avalable() { @@ -35,7 +36,7 @@ is_package_avalable() { pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\ grep -v DATE) - eval $pkg_data + parse_object_kv_list_non_eval $pkg_data # Checking usage agains package limits if [ "$WEB_DOMAINS" != 'unlimited' ]; then @@ -73,6 +74,10 @@ is_package_avalable() { check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" fi fi + + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } change_user_package() { From 0fd5be1d28557267490d911d64b3e26bb5baa060 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 20:36:05 +0200 Subject: [PATCH 252/348] Activating FileManager licence for all users --- install/vst-install-debian.sh | 3 ++- src/deb/vesta/postinst | 5 +++++ web/templates/file_manager/main.php | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ff19d1d5..ef4bc374 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2089,10 +2089,11 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf +echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf echo "================================================================" # Removing old PHP sessions files -crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 523678e3..107bd6f6 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,6 +25,11 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then + echo "== Adding FileManager license to vesta.conf" + echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf +fi + # Adding myVesta rules to SpamAssassin if [ -d "/etc/spamassassin" ]; then spamassassin_modified=0 diff --git a/web/templates/file_manager/main.php b/web/templates/file_manager/main.php index 2e82f811..dd9095f7 100644 --- a/web/templates/file_manager/main.php +++ b/web/templates/file_manager/main.php @@ -19,6 +19,7 @@ +
©
From 85f39364a435c2834220b61ab9c06dd01c7ddc62 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 7 Jun 2025 20:47:57 +0200 Subject: [PATCH 253/348] v-commander: stop setting a root password --- bin/v-commander | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index 834fb38b..f04b3a17 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -101,7 +101,7 @@ myhelp() { echo "m def = install php-memcached if needed" echo "check fc = check if FreshClam is up" echo "-----------------------------" - echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" + echo "enable-ssh-root-password-login = Allow root password authentication via SSH" echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "-----------------------------" } @@ -535,18 +535,11 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" - root_password=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32) - hashed_root_password=$(openssl passwd -6 "$root_password") - sed -i "s#^root:.*#root:$hashed_root_password#" /etc/shadow - echo "Root password is now a new random password." - echo "New root password: $root_password" - echo "--------------------" - grep '^root:' /etc/shadow - grep '^admin:' /etc/shadow - echo "--------------------" echo "Port 22 opened in Firewall for all IP addresses." /usr/local/vesta/bin/v-unsuspend-firewall-rule "11" echo "--------------------" + echo "Type 'passwd' in the terminal to set the root password." + echo "--------------------" fi if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then From 6d752d93f589a0d357a130f4eab2b3de7956fa26 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 07:53:20 +0200 Subject: [PATCH 254/348] Adding v-cd-www alias to root bash profile --- install/vst-install-debian.sh | 6 +++++- src/deb/vesta/postinst | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index ef4bc374..18a25f10 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -2089,13 +2089,17 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf +echo "== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf echo "================================================================" # Removing old PHP sessions files cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) -echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +if [ -f "/root/.bash_profile" ]; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +fi #----------------------------------------------------------# # myVesta Access Info # diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 107bd6f6..68252789 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -30,6 +30,13 @@ if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf fi +if [ -f "/root/.bash_profile" ]; then + if ! grep -q "v-cd-www" /root/.bash_profile; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile + fi +fi + # Adding myVesta rules to SpamAssassin if [ -d "/etc/spamassassin" ]; then spamassassin_modified=0 From 413787070aec1eff85ad198c2a5aa0dad9dbaddb Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 08:08:27 +0200 Subject: [PATCH 255/348] Skip prompt to continue in vst-install-debian.sh if all required variables are set --- install/vst-install-debian.sh | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 18a25f10..f6de9e70 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -491,10 +491,16 @@ echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue [y/n]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 + prompt_to_continue=1; + if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then + prompt_to_continue=0; + fi + if [ $prompt_to_continue -eq 1 ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi fi # Asking for contact email @@ -2081,7 +2087,6 @@ if [ "$port" != "8083" ]; then $VESTA/bin/v-change-vesta-port $port fi -echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" @@ -2089,15 +2094,15 @@ if [ "$release" -gt 9 ]; then fi echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf -echo "== Adding FileManager license to vesta.conf" +echo "=== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf -echo "================================================================" # Removing old PHP sessions files -cron=$(crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab -) +touch /var/spool/cron/crontabs/root +echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root if [ -f "/root/.bash_profile" ]; then - echo "== Adding v-cd-www alias to root bash profile" + echo "=== Adding v-cd-www alias to root bash profile" echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile fi From c5d0619a6b2f8ff2fadfc92be5a6d7ed8dbb35b1 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 8 Jun 2025 14:46:58 +0200 Subject: [PATCH 256/348] Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl --- bin/v-install-unsigned-ssl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 8df023c9..9ac2f188 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,7 +52,9 @@ fi # Action # #----------------------------------------------------------# -/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then + /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +fi release=$(cat /etc/debian_version | tr "." "\n" | head -n1) From 2fe4ce2ae4535ffb0bbd673294bed67b04b4c05c Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 16 Jun 2025 15:49:34 +0200 Subject: [PATCH 257/348] v-change-db-password-to-wordpress --- bin/v-change-db-password-to-all-wordpress | 43 ++++++++++ bin/v-change-db-password-to-wordpress | 100 ++++++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 bin/v-change-db-password-to-all-wordpress create mode 100644 bin/v-change-db-password-to-wordpress diff --git a/bin/v-change-db-password-to-all-wordpress b/bin/v-change-db-password-to-all-wordpress new file mode 100644 index 00000000..b31edb80 --- /dev/null +++ b/bin/v-change-db-password-to-all-wordpress @@ -0,0 +1,43 @@ +#!/bin/bash +# info: change db password to all wordpress databases +# options: +# +# The command is used for changing db password to all wordpress databases on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + /usr/local/vesta/bin/v-change-db-password-to-wordpress $domain + echo "--------------------------------" + fi + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-db-password-to-wordpress b/bin/v-change-db-password-to-wordpress new file mode 100644 index 00000000..d7ce1782 --- /dev/null +++ b/bin/v-change-db-password-to-wordpress @@ -0,0 +1,100 @@ +#!/bin/bash +# info: change db password to wordpress database +# options: +# +# The command is used for changing db password to wordpress database. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +if [ -z "$user" ]; then + echo "ERROR: Domain $domain not found" + exit 1; +fi + +if [ ! -d "/home/$user" ]; then + echo "ERROR: User $user doesn't exist"; + exit 1; +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "ERROR: Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo "=== Domain: $domain" + wp_config_path="/home/$user/web/$domain/public_html/wp-config.php" + if grep -q $'\r' $wp_config_path; then + echo "=== removing CRLF from wp-config.php" + tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path + chown $user:$user $wp_config_path + fi + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") + new_password=$(generate_password) + echo "DB name: $db_name" + echo "New DB password: $new_password" + # echo "executing: /usr/local/vesta/bin/v-change-database-password \"$user\" \"$db_name\" \"$new_password\"" + /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" + if [ $? -ne 0 ]; then + echo "*************** ERROR: Failed to change database password ***************" + exit 1; + fi + line="define('DB_PASSWORD', '$new_password');" + chattr -i $wp_config_path + sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path + new_password_line=$(grep "DB_PASSWORD" $wp_config_path) + echo "New DB password line: $new_password_line" + if [ "$new_password_line" != "$line" ]; then + echo "*************** ERROR: line in wp-config.php is not what we expected ***************" + echo "Expected: $line" + echo "Actual : $new_password_line" + echo "*************** ERROR: Please check wp-config.php manually ***************" + exit 1; + fi +else + echo "ERROR: WP-config.php not found" + exit 1; +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit From 819450ca5c1de0646037f8734a103a1870ea39ea Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 16 Jun 2025 17:23:28 +0200 Subject: [PATCH 258/348] Create v-fix-wp-core --- bin/v-fix-wp-core | 90 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 bin/v-fix-wp-core diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core new file mode 100644 index 00000000..5bef3232 --- /dev/null +++ b/bin/v-fix-wp-core @@ -0,0 +1,90 @@ +#!/bin/bash +# info: fix compromised wp-admin and wp-includes +# options: DOMAIN [CACHE_DIR] +# +# Replaces wp-admin and wp-includes with clean copies that match +# the WordPress core version detected on the site. +# +# Example: +# v-fix-wp-core example.com +# v-fix-wp-core example.com /srv/wp-cache + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Arguments +DOMAIN="$1" +CACHE_DIR="${2-/srv/wp-cache}" # default cache location + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# +check_args '1' "$#" 'DOMAIN [CACHE_DIR]' +is_format_valid 'domain' + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace +trap 'rm -rf "$TMP_DIR"' EXIT + +# 1etermine WP version +WP_VERSION="$(v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +check_result $? "cannot detect WP version" > /dev/null +if [ -z "$WP_VERSION" ]; then + check_result 1 "empty WP version string" +fi +echo "Detected WordPress version $WP_VERSION" + +# 2ind site owner and path +USER="$(v-search-domain-owner "$DOMAIN")" +check_result $? "cannot find domain owner" > /dev/null +SITE_PATH="/home/$USER/web/$DOMAIN/public_html" +if [ ! -d "$SITE_PATH" ]; then + check_result 1 "site path $SITE_PATH does not exist" +fi + +# ensure cached core is present +CACHE_PATH="$CACHE_DIR/$WP_VERSION" +if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then + echo "Cache for $WP_VERSION missing, downloading ZIP..." + + mkdir -p "$CACHE_PATH" + ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip" + ZIP_FILE="$TMP_DIR/wp.zip" + + curl -fSL "$ZIP_URL" -o "$ZIP_FILE" + check_result $? "download failed" > /dev/null + + unzip -q "$ZIP_FILE" -d "$TMP_DIR" + check_result $? "unzip failed" > /dev/null + + mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" + mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" +fi + +# backup current core folders +TIMESTAMP="$(date +%Y%m%d%H%M%S)" +BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" +mkdir -p "$BACKUP_DIR" +mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" +mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" +check_result $? "backup failed" > /dev/null +echo "Old core folders moved to $BACKUP_DIR" + +# deploy clean core +rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" +rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" +check_result $? "rsync failed" > /dev/null + +# fix permissions +v-fix-website-permissions $DOMAIN + +echo "Done, wp-admin and wp-includes replaced for $DOMAIN" +exit From 4f871db1fc52dd1e357ddb2d7e5566c2f916072c Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Mon, 16 Jun 2025 17:28:34 +0200 Subject: [PATCH 259/348] Update v-fix-wp-core --- bin/v-fix-wp-core | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 5bef3232..67d91f40 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -75,6 +75,7 @@ BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" +chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -85,6 +86,7 @@ check_result $? "rsync failed" > /dev/null # fix permissions v-fix-website-permissions $DOMAIN +chown -R www-data:www-data "$BACKUP_DIR" echo "Done, wp-admin and wp-includes replaced for $DOMAIN" exit From 59053e2ffd745754350609d4eb797cd8ea6121ca Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:07:17 +0200 Subject: [PATCH 260/348] Update v-fix-wp-core --- bin/v-fix-wp-core | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 67d91f40..e852da4d 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -67,6 +67,7 @@ if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" + cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/" fi # backup current core folders @@ -75,6 +76,12 @@ BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" + +for f in "$SITE_PATH"/*.php; do + [[ $(basename "$f") == "wp-config.php" ]] && continue + mv "$f" "$BACKUP_DIR/" +done + chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -84,6 +91,12 @@ rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" check_result $? "rsync failed" > /dev/null +for corephp in "$CACHE_PATH"/*.php; do + base=$(basename "$corephp") + [ "$base" = "wp-config.php" ] && continue + rsync -a "$corephp" "$SITE_PATH/$base" +done + # fix permissions v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" From e8cbaa742f454bdc0e1b2552100e9e43098d8fec Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:23:04 +0200 Subject: [PATCH 261/348] Create v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 115 ++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 bin/v-change-wp-admins-pass diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass new file mode 100644 index 00000000..0b55082d --- /dev/null +++ b/bin/v-change-wp-admins-pass @@ -0,0 +1,115 @@ +#!/bin/bash +# info: interactively change WordPress admin passwords for a given domain +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-change-wp-admin-pass DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +wp_path="/home/$user/web/$domain/public_html" +if [ ! -f "$wp_path/wp-config.php" ]; then + echo "WordPress is not installed on this domain." + exit 1 +fi + +# make sure WP-CLI exists +if ! command -v wp >/dev/null 2>&1; then + echo "WP-CLI is not installed, installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp +fi + +# detect PHP for this domain +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +if command -v "php$phpver" >/dev/null 2>&1; then + php_bin=$(command -v "php$phpver") +else + php_bin=$(command -v php) +fi +[ -z "$php_bin" ] && { echo "Could not find a PHP binary."; exit 1; } + +# WP-CLI wrapper (array keeps spaces intact) +wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) + +# simple random 10-char generator (letters and digits) +gen_pass() { + tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) + +if [ -z "$admin_list" ]; then + echo "No administrator accounts found." + exit 0 +fi + +printf "%-6s %-20s %s\n" "ID" "Username" "Email" +echo "$admin_list" | while IFS=',' read -r id login email; do + printf "%-6s %-20s %s\n" "$id" "$login" "$email" +done + +echo +echo "You will be asked for each admin whether you want to change the password." + +# interactive loop +while IFS=',' read -r id login email; do + [ -n "$email" ] && prompt_target="$login <$email>" || prompt_target="$login" + + while true; do + read -r -p "Change the password for $prompt_target? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) + new_pass=$(gen_pass) + if "${wp_run[@]}" user update "$id" --user_pass="$new_pass" --quiet; then + echo "Password for $prompt_target has been changed to: $new_pass" + else + echo "Failed to change password for $prompt_target." + fi + break + ;; + [Nn]* ) + echo "Skipping $prompt_target." + break + ;; + * ) + echo "Please answer y or n." + ;; + esac + done +done <<< "$admin_list" + +echo +echo "Done." +exit 0 From aa2f5e4fbb59a7f0c19ae3c50b7856cc3ff2ac4d Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:40:10 +0200 Subject: [PATCH 262/348] Update v-fix-wp-core --- bin/v-fix-wp-core | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index e852da4d..8bf3277b 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -35,7 +35,7 @@ TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace trap 'rm -rf "$TMP_DIR"' EXIT # 1etermine WP version -WP_VERSION="$(v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" check_result $? "cannot detect WP version" > /dev/null if [ -z "$WP_VERSION" ]; then check_result 1 "empty WP version string" @@ -43,7 +43,7 @@ fi echo "Detected WordPress version $WP_VERSION" # 2ind site owner and path -USER="$(v-search-domain-owner "$DOMAIN")" +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" check_result $? "cannot find domain owner" > /dev/null SITE_PATH="/home/$USER/web/$DOMAIN/public_html" if [ ! -d "$SITE_PATH" ]; then @@ -98,7 +98,7 @@ for corephp in "$CACHE_PATH"/*.php; do done # fix permissions -v-fix-website-permissions $DOMAIN +/usr/local/vesta/bin/v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" echo "Done, wp-admin and wp-includes replaced for $DOMAIN" From a8e39817fcb8c9d30dc02cb85fa2f22634030987 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:40:47 +0200 Subject: [PATCH 263/348] Create v-desinfect-wp --- bin/v-desinfect-wp | 89 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 bin/v-desinfect-wp diff --git a/bin/v-desinfect-wp b/bin/v-desinfect-wp new file mode 100644 index 00000000..e1ddc65d --- /dev/null +++ b/bin/v-desinfect-wp @@ -0,0 +1,89 @@ +#!/bin/bash +# info: disinfect a WordPress site with several maintenance commands +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +# make sure all Vesta helper scripts are reachable +export PATH="/usr/local/vesta/bin:$PATH" +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-desinfect-wp DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +# choose the correct admin-password script (with or without the “s”) +if [ -x /usr/local/vesta/bin/v-change-wp-admin-pass ]; then + admin_pass_script="/usr/local/vesta/bin/v-change-wp-admin-pass" +elif [ -x /usr/local/vesta/bin/v-change-wp-admins-pass ]; then + admin_pass_script="/usr/local/vesta/bin/v-change-wp-admins-pass" +else + admin_pass_script="" +fi + +# absolute paths to maintenance scripts, in desired order +declare -a tasks=( + "/usr/local/vesta/bin/v-change-db-password-to-wordpress" + "/usr/local/vesta/bin/v-fix-wp-core" + "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +) + +# append the admin script if we found one +[ -n "$admin_pass_script" ] && tasks+=("$admin_pass_script") + +# -------------------------------------------------------- # +# execution strategy # +# -------------------------------------------------------- # + +echo +read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty + +if [[ "$run_all" =~ ^[Yy]$ ]]; then + echo "Running all maintenance steps for $domain" + automatic=true +else + echo + echo "Selective mode. You will be asked for each step." + automatic=false +fi + +for cmd in "${tasks[@]}"; do + if [ ! -x "$cmd" ]; then + echo "Command $cmd not found or not executable, skipping." + continue + fi + + if [ "$automatic" = false ]; then + while true; do + read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi + + echo + echo "=== $(basename "$cmd") $domain ===" + "$cmd" "$domain" +done + +echo +echo "Done." +exit 0 From 8a4b66a135bf956c6acc6ec62430a5b2ebe5b772 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:42:19 +0200 Subject: [PATCH 264/348] Update v-fix-wp-core --- bin/v-fix-wp-core | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 8bf3277b..4240b0ab 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -101,5 +101,5 @@ done /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN chown -R www-data:www-data "$BACKUP_DIR" -echo "Done, wp-admin and wp-includes replaced for $DOMAIN" +echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" exit From 12dc1a57182fc3c63e7c79ccace891949eb02070 Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 00:49:27 +0200 Subject: [PATCH 265/348] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 0b55082d..9351e4a1 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -31,7 +31,7 @@ if [ ! -f "$wp_path/wp-config.php" ]; then exit 1 fi -# make sure WP-CLI exists +# ensure WP-CLI exists if ! command -v wp >/dev/null 2>&1; then echo "WP-CLI is not installed, installing..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp @@ -50,7 +50,7 @@ fi # WP-CLI wrapper (array keeps spaces intact) wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) -# simple random 10-char generator (letters and digits) +# random 10-character password generator (letters and digits) gen_pass() { tr -dc 'A-Za-z0-9' Date: Tue, 17 Jun 2025 01:20:05 +0200 Subject: [PATCH 266/348] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 153 ++++++++++++------------------------ 1 file changed, 50 insertions(+), 103 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 9351e4a1..f7aa5245 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -1,128 +1,75 @@ #!/bin/bash -# info: interactively change WordPress admin passwords for a given domain +# info: disinfect a WordPress site with several maintenance commands # options: DOMAIN -# -------------------------------------------------------- # -# variables and checks # -# -------------------------------------------------------- # +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# +DOMAIN="$1" +VESTA="/usr/local/vesta" + +# absolute paths to maintenance scripts +CHANGE_DB_PASS="/usr/local/vesta/bin/v-change-db-password-to-wordpress" +FIX_CORE="/usr/local/vesta/bin/v-fix-wp-core" +WF_SCAN="/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +ADMIN_PASS="/usr/local/vesta/bin/v-change-wp-admins-pass" + +TASKS=( + "$CHANGE_DB_PASS" + "$FIX_CORE" + "$WF_SCAN" + "$ADMIN_PASS" +) + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# if [ "$(whoami)" != "root" ]; then echo "You must be root to run this command." exit 1 fi -source /etc/profile - -domain="$1" -if [ -z "$domain" ]; then - echo "Usage: v-change-wp-admin-pass DOMAIN" +if [ -z "$DOMAIN" ]; then + echo "Usage: v-desinfect-wp DOMAIN" exit 1 fi -user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") -if [ -z "$user" ]; then - echo "Domain $domain does not exist." +if ! "$VESTA/bin/v-search-domain-owner" "$DOMAIN" >/dev/null 2>&1; then + echo "Domain $DOMAIN does not exist." exit 1 fi -wp_path="/home/$user/web/$domain/public_html" -if [ ! -f "$wp_path/wp-config.php" ]; then - echo "WordPress is not installed on this domain." - exit 1 -fi - -# ensure WP-CLI exists -if ! command -v wp >/dev/null 2>&1; then - echo "WP-CLI is not installed, installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp -fi - -# detect PHP for this domain -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") -if command -v "php$phpver" >/dev/null 2>&1; then - php_bin=$(command -v "php$phpver") -else - php_bin=$(command -v php) -fi -[ -z "$php_bin" ] && { echo "Could not find a PHP binary."; exit 1; } - -# WP-CLI wrapper (array keeps spaces intact) -wp_run=(sudo -u "$user" "$php_bin" /usr/local/bin/wp --skip-plugins --skip-themes) - -# random 10-character password generator (letters and digits) -gen_pass() { - tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) +for CMD in "${TASKS[@]}"; do + if [ ! -x "$CMD" ]; then + echo "Command $CMD not found or not executable, skipping." + continue + fi -if [ -z "$admin_list" ]; then - echo "No administrator accounts found." - exit 0 -fi + if [ "$AUTOMATIC" = false ]; then + while true; do + read -r -p "Run $(basename "$CMD") for $DOMAIN? (y/n) " YN < /dev/tty + case "$YN" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$CMD")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi -printf "%-6s %-20s %s\n" "ID" "Username" "Email" -echo "$admin_list" | while IFS=',' read -r id login email; do - printf "%-6s %-20s %s\n" "$id" "$login" "$email" + echo + echo "=== $(basename "$CMD") $DOMAIN ===" + "$CMD" "$DOMAIN" done -echo -echo "You will be asked for each admin whether you want to change the password." - -# interactive loop -while IFS=',' read -r id login email; do - [ -n "$email" ] && prompt_target="$login <$email>" || prompt_target="$login" - - while true; do - read -r -p "Change the password for $prompt_target? (y/n) " yn < /dev/tty - case "$yn" in - [Yy]* ) - new_pass=$(gen_pass) - if "${wp_run[@]}" user update "$id" --user_pass="$new_pass" --quiet; then - echo "Password for $prompt_target has been changed to: $new_pass" - else - echo "Failed to change password for $prompt_target." - fi - break - ;; - [Nn]* ) - echo "Skipping $prompt_target." - break - ;; - * ) - echo "Please answer y or n." - ;; - esac - done -done <<< "$admin_list" - -# -------------------------------------------------------- # -# flush cache and refresh all security salts # -# -------------------------------------------------------- # - -echo -echo "Flushing cache and refreshing salts..." - -"${wp_run[@]}" cache flush -"${wp_run[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force -"${wp_run[@]}" config shuffle-salts - -echo "Cache flushed and salts refreshed." - echo echo "Done." exit 0 From 31413a8f7301ed055c0df73feeb4185f6890dfce Mon Sep 17 00:00:00 2001 From: isscbta <53144593+isscbta@users.noreply.github.com> Date: Tue, 17 Jun 2025 01:56:02 +0200 Subject: [PATCH 267/348] Update v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 152 ++++++++++++++++++++++++------------ 1 file changed, 104 insertions(+), 48 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index f7aa5245..0249efb7 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -1,75 +1,131 @@ #!/bin/bash -# info: disinfect a WordPress site with several maintenance commands +# info: interactively delete or change WordPress admin passwords for a given domain # options: DOMAIN +# +# d → delete user (with content reassignment) +# c → change password (random 10-char alnum) +# s → skip #----------------------------------------------------------# # Variable & Function # #----------------------------------------------------------# +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + DOMAIN="$1" -VESTA="/usr/local/vesta" +[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; } -# absolute paths to maintenance scripts -CHANGE_DB_PASS="/usr/local/vesta/bin/v-change-db-password-to-wordpress" -FIX_CORE="/usr/local/vesta/bin/v-fix-wp-core" -WF_SCAN="/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" -ADMIN_PASS="/usr/local/vesta/bin/v-change-wp-admins-pass" +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } -TASKS=( - "$CHANGE_DB_PASS" - "$FIX_CORE" - "$WF_SCAN" - "$ADMIN_PASS" -) +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# -if [ "$(whoami)" != "root" ]; then - echo "You must be root to run this command." - exit 1 +# ensure WP-CLI binary +if ! command -v wp >/dev/null 2>&1; then + echo "WP-CLI is not installed, installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp fi -if [ -z "$DOMAIN" ]; then - echo "Usage: v-desinfect-wp DOMAIN" - exit 1 -fi +PHPVER=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$DOMAIN") +PHP_BIN=$(command -v "php$PHPVER" 2>/dev/null || command -v php) +[ -z "$PHP_BIN" ] && { echo "Could not find a PHP binary."; exit 1; } -if ! "$VESTA/bin/v-search-domain-owner" "$DOMAIN" >/dev/null 2>&1; then - echo "Domain $DOMAIN does not exist." - exit 1 -fi +# WP-CLI wrapper +WP_RUN=(sudo -u "$USER" "$PHP_BIN" /usr/local/bin/wp --skip-plugins --skip-themes) + +# random 10-char password +gen_pass() { tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) +[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } - if [ "$AUTOMATIC" = false ]; then - while true; do - read -r -p "Run $(basename "$CMD") for $DOMAIN? (y/n) " YN < /dev/tty - case "$YN" in - [Yy]* ) break ;; - [Nn]* ) echo "Skipping $(basename "$CMD")."; continue 2 ;; - * ) echo "Please answer y or n." ;; - esac - done - fi - - echo - echo "=== $(basename "$CMD") $DOMAIN ===" - "$CMD" "$DOMAIN" +printf "%-6s %-20s %s\n" "ID" "Username" "Email" +echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do + printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" done +echo +echo "For each admin choose: (d) delete, (c) change password, (s) skip." + +# interactive loop +echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do + [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" + while true; do + read -r -p "Action for $TARGET [d/c/s]? " ACT < /dev/tty + case "$ACT" in + [Dd]* ) + read -r -p "Really DELETE $TARGET? (y/n) " CONF < /dev/tty + if [[ "$CONF" =~ ^[Yy]$ ]]; then + # build an array of OTHER admin usernames + mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') + if [ "${#OTHER_USERS[@]}" -eq 0 ]; then + echo "Cannot delete the only administrator account." + break + fi + DEFAULT_USER="${OTHER_USERS[0]}" + echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" + while true; do + read -r -p "Reassign content to which username? [default $DEFAULT_USER] " REASSIGN < /dev/tty + REASSIGN=${REASSIGN:-$DEFAULT_USER} + if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then + break + else + echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" + fi + done + # delete by username, reassign by username + "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes >/dev/null 2>&1 + echo "$TARGET deleted (content reassigned to $REASSIGN)." + else + echo "Deletion cancelled." + fi + break + ;; + [Cc]* ) + NEW_PASS=$(gen_pass) + if "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --quiet; then + echo "Password for $TARGET changed to: $NEW_PASS" + else + echo "Failed to change password for $TARGET." + fi + break + ;; + [Ss]* ) + echo "Skipping $TARGET." + break + ;; + * ) echo "Please answer d, c, or s." ;; + esac + done +done + +#----------------------------------------------------------# +# flush cache and refresh all security salts # +#----------------------------------------------------------# + +echo +echo "Flushing cache and refreshing salts..." + +"${WP_RUN[@]}" cache flush +"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force +"${WP_RUN[@]}" config shuffle-salts + +echo "Cache flushed and salts refreshed." + echo echo "Done." exit 0 From 596bce582f627d14b5ff0f0422773e7a894b4f2f Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 11:43:48 +0200 Subject: [PATCH 268/348] Jailing v-run-wp-cli --- bin/v-run-wp-cli | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 672832ab..ebe654f6 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -63,6 +63,9 @@ if [ ! -d "/home/$user/web/$domain/public_html" ]; then exit 1; fi +mkdir -p /home/$user/.wp-cli +chown $user:$user /home/$user/.wp-cli + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# @@ -70,7 +73,11 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp $wp_command +sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log + +echo "WP CLI: Done." +echo "To see Warning/Error log: " +echo "cat /home/$user/web/$domain/wp-cli-error.log" #----------------------------------------------------------# # Vesta # From d1c48504adcf33fe068d065997f189d354399ff6 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 14:02:31 +0200 Subject: [PATCH 269/348] v-run-wp-cli --- bin/v-run-wp-cli | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index ebe654f6..9325d47d 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -75,9 +75,9 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") cd /home/$USER/web/$domain/public_html sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log -echo "WP CLI: Done." -echo "To see Warning/Error log: " -echo "cat /home/$user/web/$domain/wp-cli-error.log" +# echo "WP CLI: Done." +# echo "To see Warning/Error log: " +# echo "cat /home/$user/web/$domain/wp-cli-error.log" #----------------------------------------------------------# # Vesta # From c8f9601a356df33ba8c13b24ac178352b6e91931 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 15:56:56 +0200 Subject: [PATCH 270/348] v-fix-wp-core: BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/ --- bin/v-fix-wp-core | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/v-fix-wp-core b/bin/v-fix-wp-core index 4240b0ab..1dd87b71 100644 --- a/bin/v-fix-wp-core +++ b/bin/v-fix-wp-core @@ -17,6 +17,8 @@ DOMAIN="$1" CACHE_DIR="${2-/srv/wp-cache}" # default cache location +QUARANTINE_DIR="/srv/wp-quarantine" + # Includes source $VESTA/func/main.sh source $VESTA/conf/vesta.conf @@ -72,7 +74,7 @@ fi # backup current core folders TIMESTAMP="$(date +%Y%m%d%H%M%S)" -BACKUP_DIR="$SITE_PATH/backup-core-$TIMESTAMP" +BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP" mkdir -p "$BACKUP_DIR" mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" From b13b25602c1901cea81a37ed64516bd64f8f41fe Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 19:29:58 +0200 Subject: [PATCH 271/348] Use wp-cli from git repo if available --- bin/v-run-wp-cli | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 9325d47d..31730f63 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -58,6 +58,12 @@ if ! command -v wp &> /dev/null; then echo "WP CLI installed successfully." fi +wpcli="/usr/local/bin/wp" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" +fi + if [ ! -d "/home/$user/web/$domain/public_html" ]; then # echo "Domain doesn't exist"; exit 1; @@ -73,7 +79,7 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin /usr/local/bin/wp --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log # echo "WP CLI: Done." # echo "To see Warning/Error log: " From e46c7e4e60e3a225777de5c89ad527b4e0c8afd5 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 17 Jun 2025 22:22:16 +0200 Subject: [PATCH 272/348] v-get-wp-cli and terminal $COLUMNS fix --- bin/v-get-wp-cli | 44 ++++++++++++++++++++++++++++++++++++++++++++ bin/v-run-wp-cli | 15 +++++++++------ 2 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 bin/v-get-wp-cli diff --git a/bin/v-get-wp-cli b/bin/v-get-wp-cli new file mode 100644 index 00000000..c097a024 --- /dev/null +++ b/bin/v-get-wp-cli @@ -0,0 +1,44 @@ +#!/bin/bash +# info: Download WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +cd wp-cli/ +sudo -H -u www-data composer install + +# Fix terminal columns issue for WP CLI +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "= WP CLI installed successfully." + +exit 0; \ No newline at end of file diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 31730f63..1a0e2adc 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -62,11 +62,8 @@ wpcli="/usr/local/bin/wp" if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - # echo "Domain doesn't exist"; - exit 1; + COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') + echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS fi mkdir -p /home/$user/.wp-cli @@ -81,6 +78,12 @@ phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") cd /home/$USER/web/$domain/public_html sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +return_code=$? + +if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then + rm /usr/local/bin/wp-cli/COLUMNS +fi + # echo "WP CLI: Done." # echo "To see Warning/Error log: " # echo "cat /home/$user/web/$domain/wp-cli-error.log" @@ -89,4 +92,4 @@ sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pc # Vesta # #----------------------------------------------------------# -exit 0; +exit $return_code; From 2e2b4b2f58544c57aeaf2b0cfd6256af3d288195 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 19 Jun 2025 15:57:50 +0200 Subject: [PATCH 273/348] v-backup-user-now skip LA limit --- bin/v-backup-user | 3 +++ bin/v-backup-user-now | 1 + 2 files changed, 4 insertions(+) diff --git a/bin/v-backup-user b/bin/v-backup-user index 0db5d376..f6629c9e 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -22,6 +22,9 @@ source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/conf/vesta.conf +if [ ! -z "$NOW" ]; then + BACKUP_LA_LIMIT=50 +fi #----------------------------------------------------------# # Verifications # diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now index 3a20b4ce..10eecd87 100644 --- a/bin/v-backup-user-now +++ b/bin/v-backup-user-now @@ -1,5 +1,6 @@ #!/bin/bash export ALLOW_BACKUP_ANYTIME='yes' +export NOW='yes' nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 From 761da8150b869df8392d2644a9a9e23a32a0cace Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 20 Jun 2025 17:54:04 +0200 Subject: [PATCH 274/348] Visual improvements for v-change-wp-admins-pass --- bin/v-change-wp-admins-pass | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wp-admins-pass index 0249efb7..44870b58 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wp-admins-pass @@ -65,11 +65,12 @@ echo "For each admin choose: (d) delete, (c) change password, (s) skip." echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" while true; do - read -r -p "Action for $TARGET [d/c/s]? " ACT < /dev/tty + echo "-------------------------------------" + read -r -p "Action for \"$TARGET\" [d/c/s]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE $TARGET? (y/n) " CONF < /dev/tty - if [[ "$CONF" =~ ^[Yy]$ ]]; then + read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty + if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') if [ "${#OTHER_USERS[@]}" -eq 0 ]; then From 294c8ba516a3242d444b19c0156b874c9eb77027 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 21 Jun 2025 15:57:21 +0200 Subject: [PATCH 275/348] Setting chmod 600 for all php files --- ...hange-database-password-for-all-wordpress} | 2 +- ... v-change-database-password-for-wordpress} | 11 +++-- ...ns-pass => v-change-wordpress-admins-pass} | 16 +++++--- bin/{v-desinfect-wp => v-desinfect-wordpress} | 18 ++------ bin/v-fix-user-permissions | 1 + bin/v-fix-website-permissions | 26 ++++++++++-- ...v-fix-website-permissions-for-all-websites | 41 +++++++++++++++++++ bin/{v-fix-wp-core => v-fix-wordpress-core} | 0 bin/v-unlock-wordpress | 2 + 9 files changed, 90 insertions(+), 27 deletions(-) rename bin/{v-change-db-password-to-all-wordpress => v-change-database-password-for-all-wordpress} (93%) rename bin/{v-change-db-password-to-wordpress => v-change-database-password-for-wordpress} (92%) rename bin/{v-change-wp-admins-pass => v-change-wordpress-admins-pass} (93%) rename bin/{v-desinfect-wp => v-desinfect-wordpress} (77%) create mode 100644 bin/v-fix-website-permissions-for-all-websites rename bin/{v-fix-wp-core => v-fix-wordpress-core} (100%) diff --git a/bin/v-change-db-password-to-all-wordpress b/bin/v-change-database-password-for-all-wordpress similarity index 93% rename from bin/v-change-db-password-to-all-wordpress rename to bin/v-change-database-password-for-all-wordpress index b31edb80..ad922cc2 100644 --- a/bin/v-change-db-password-to-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -26,7 +26,7 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - /usr/local/vesta/bin/v-change-db-password-to-wordpress $domain + /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user echo "--------------------------------" fi done diff --git a/bin/v-change-db-password-to-wordpress b/bin/v-change-database-password-for-wordpress similarity index 92% rename from bin/v-change-db-password-to-wordpress rename to bin/v-change-database-password-for-wordpress index d7ce1782..e318edde 100644 --- a/bin/v-change-db-password-to-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -1,8 +1,8 @@ #!/bin/bash -# info: change db password to wordpress database +# info: change database password for wordpress # options: # -# The command is used for changing db password to wordpress database. +# The command is used for changing database password for wordpress. #----------------------------------------------------------# @@ -21,7 +21,12 @@ source /etc/profile # Argument definition domain=$1 -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi USER=$user if [ -z "$user" ]; then diff --git a/bin/v-change-wp-admins-pass b/bin/v-change-wordpress-admins-pass similarity index 93% rename from bin/v-change-wp-admins-pass rename to bin/v-change-wordpress-admins-pass index 44870b58..9028cd10 100644 --- a/bin/v-change-wp-admins-pass +++ b/bin/v-change-wordpress-admins-pass @@ -59,14 +59,14 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do done echo -echo "For each admin choose: (d) delete, (c) change password, (s) skip." +echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit." # interactive loop -echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do +while IFS=',' read -r ID LOGIN EMAIL; do [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN" while true; do echo "-------------------------------------" - read -r -p "Action for \"$TARGET\" [d/c/s]? " ACT < /dev/tty + read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty @@ -109,15 +109,20 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do echo "Skipping $TARGET." break ;; - * ) echo "Please answer d, c, or s." ;; + [Xx]* ) + echo "Exiting." + exit 0 + ;; + * ) echo "Please answer d, c, s, or x." ;; esac done -done +done <<< "$ADMIN_LIST_CSV" #----------------------------------------------------------# # flush cache and refresh all security salts # #----------------------------------------------------------# +echo "-------------------------------------" echo echo "Flushing cache and refreshing salts..." @@ -129,4 +134,5 @@ echo "Cache flushed and salts refreshed." echo echo "Done." + exit 0 diff --git a/bin/v-desinfect-wp b/bin/v-desinfect-wordpress similarity index 77% rename from bin/v-desinfect-wp rename to bin/v-desinfect-wordpress index e1ddc65d..4de2f779 100644 --- a/bin/v-desinfect-wp +++ b/bin/v-desinfect-wordpress @@ -27,25 +27,15 @@ if [ -z "$user" ]; then exit 1 fi -# choose the correct admin-password script (with or without the “s”) -if [ -x /usr/local/vesta/bin/v-change-wp-admin-pass ]; then - admin_pass_script="/usr/local/vesta/bin/v-change-wp-admin-pass" -elif [ -x /usr/local/vesta/bin/v-change-wp-admins-pass ]; then - admin_pass_script="/usr/local/vesta/bin/v-change-wp-admins-pass" -else - admin_pass_script="" -fi - # absolute paths to maintenance scripts, in desired order declare -a tasks=( - "/usr/local/vesta/bin/v-change-db-password-to-wordpress" - "/usr/local/vesta/bin/v-fix-wp-core" + "/usr/local/vesta/bin/v-change-database-password-for-wordpress" + "/usr/local/vesta/bin/v-change-wordpress-admins-pass" + "/usr/local/vesta/bin/v-fix-wordpress-core" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" + "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) -# append the admin script if we found one -[ -n "$admin_pass_script" ] && tasks+=("$admin_pass_script") - # -------------------------------------------------------- # # execution strategy # # -------------------------------------------------------- # diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index e55b5e0f..991ada62 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -52,6 +52,7 @@ find /home/$user/conf/ -type d -exec chown root:root {} \; find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; +find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} + echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index a63954eb..c79fe443 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -18,7 +18,13 @@ source /etc/profile # Argument definition domain=$1 -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user # Includes source /usr/local/vesta/func/main.sh @@ -27,8 +33,6 @@ if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" fi -USER=$user - #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# @@ -54,14 +58,28 @@ fi # Going to domain directory cd /home/$USER/web/$domain +# Ownership check +if [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + + echo "Updating permissions for /home/$USER/web/$domain/public_html/" find public_html/ -type d -exec chmod 755 {} + find public_html/ -type f -exec chmod 644 {} + chown -R $USER:$USER public_html/ +# Setting chmod 600 for all php files +echo "= Setting chmod 600 for all php files" +find -name "*.php" -type f -exec chmod 600 {} + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# echo "Permissions for $domain have been successfully updated." -exit +exit 0 diff --git a/bin/v-fix-website-permissions-for-all-websites b/bin/v-fix-website-permissions-for-all-websites new file mode 100644 index 00000000..9b1501bd --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites @@ -0,0 +1,41 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-wp-core b/bin/v-fix-wordpress-core similarity index 100% rename from bin/v-fix-wp-core rename to bin/v-fix-wordpress-core diff --git a/bin/v-unlock-wordpress b/bin/v-unlock-wordpress index 1e2cccc6..4a2c42c3 100644 --- a/bin/v-unlock-wordpress +++ b/bin/v-unlock-wordpress @@ -58,6 +58,8 @@ chown -R $user:$user public_html/ rm public_html/wp-content/uploads/.htaccess +/usr/local/vesta/bin/v-fix-website-permissions $domain + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# From 97e5fc06772b9dec38f9989ac5eff7c91e5c6674 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 21 Jun 2025 17:26:32 +0200 Subject: [PATCH 276/348] v-change-database-password-for-all-wordpress: Using existing password for $db_user --- ...change-database-password-for-all-wordpress | 5 +++++ bin/v-change-database-password-for-wordpress | 22 +++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index ad922cc2..e129497c 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -19,6 +19,8 @@ source $VESTA/func/main.sh # Action # #----------------------------------------------------------# +touch /root/remember-db-user-pass.txt + for user in $(grep '@' /etc/passwd |cut -f1 -d:); do if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then continue; @@ -33,6 +35,9 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do done +# cat /root/remember-db-user-pass.txt +rm /root/remember-db-user-pass.txt + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index e318edde..dd7a3a91 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -69,10 +69,28 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then chown $user:$user $wp_config_path fi db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") - new_password=$(generate_password) + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + new_password='' + found_existing_password=0 + if [ -f "/root/remember-db-user-pass.txt" ]; then + db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt) + if [ -n "$db_user_pass" ]; then + new_password=$(echo "$db_user_pass" | cut -d':' -f2) + echo "= Using existing password for $db_user" + found_existing_password=1 + fi + fi + + if [ -z "$new_password" ]; then + new_password=$(generate_password) + fi + echo "DB name: $db_name" + echo "DB user: $db_user" echo "New DB password: $new_password" - # echo "executing: /usr/local/vesta/bin/v-change-database-password \"$user\" \"$db_name\" \"$new_password\"" + if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then + echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + fi /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" if [ $? -ne 0 ]; then echo "*************** ERROR: Failed to change database password ***************" From fd6eb44bae7fa3852f7465084a57a1d485fca533 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 22 Jun 2025 22:45:19 +0200 Subject: [PATCH 277/348] .gitignore: exclude data, conf, log --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 6701a887..fe0574ad 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ *.gz .vscode .DS_Store +data +conf +log \ No newline at end of file From d37473b5e86b4f890b276d2d2f7df19e3e131a8c Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 22 Jun 2025 23:53:53 +0200 Subject: [PATCH 278/348] Using v-wp-cli in v-change-wordpress-admin-passwords --- ...ins-pass => v-change-wordpress-admin-passwords} | 14 ++------------ bin/v-desinfect-wordpress | 2 +- 2 files changed, 3 insertions(+), 13 deletions(-) rename bin/{v-change-wordpress-admins-pass => v-change-wordpress-admin-passwords} (89%) diff --git a/bin/v-change-wordpress-admins-pass b/bin/v-change-wordpress-admin-passwords similarity index 89% rename from bin/v-change-wordpress-admins-pass rename to bin/v-change-wordpress-admin-passwords index 9028cd10..5a6a4e3f 100644 --- a/bin/v-change-wordpress-admins-pass +++ b/bin/v-change-wordpress-admin-passwords @@ -5,6 +5,7 @@ # d → delete user (with content reassignment) # c → change password (random 10-char alnum) # s → skip +# x → exit #----------------------------------------------------------# # Variable & Function # @@ -22,19 +23,8 @@ USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" WP_PATH="/home/$USER/web/$DOMAIN/public_html" [ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } -# ensure WP-CLI binary -if ! command -v wp >/dev/null 2>&1; then - echo "WP-CLI is not installed, installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp -fi - -PHPVER=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$DOMAIN") -PHP_BIN=$(command -v "php$PHPVER" 2>/dev/null || command -v php) -[ -z "$PHP_BIN" ] && { echo "Could not find a PHP binary."; exit 1; } - # WP-CLI wrapper -WP_RUN=(sudo -u "$USER" "$PHP_BIN" /usr/local/bin/wp --skip-plugins --skip-themes) +WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' Date: Mon, 23 Jun 2025 15:55:28 +0200 Subject: [PATCH 279/348] v-change-wordpress-admin-passwords: default = y --- bin/v-change-wordpress-admin-passwords | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 5a6a4e3f..c51c9270 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -59,7 +59,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE \"$TARGET\" ? ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty + read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') From 09465e5fba65dbff78f89cbc39991ff669c42983 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 23 Jun 2025 21:53:55 +0200 Subject: [PATCH 280/348] v-change-database-password-for-all-wordpress: first optional argument to specify a $user --- bin/v-change-database-password-for-all-wordpress | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index e129497c..2741e960 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -15,6 +15,11 @@ source /etc/profile # Includes source $VESTA/func/main.sh +only_user=''; +if [ ! -z "$1" ]; then + only_user=$1 +fi + #----------------------------------------------------------# # Action # #----------------------------------------------------------# @@ -26,6 +31,12 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do continue; fi + if [ ! -z "$only_user" ]; then + if [ "$only_user" != "$user" ]; then + continue; + fi + fi + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user @@ -33,6 +44,10 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do fi done + if [ ! -z "$only_user" ]; then + break; + fi + done # cat /root/remember-db-user-pass.txt From f77f8e8b784e6a138d90a61cdbf7e7ea5f83eff3 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 24 Jun 2025 15:37:21 +0200 Subject: [PATCH 281/348] $SKIP_OWNERSHIP_CHECK in v-fix-website-permissions, v-fix-wordpress-core --- bin/v-fix-website-permissions | 2 +- bin/v-fix-wordpress-core | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index c79fe443..0131b7c8 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -59,7 +59,7 @@ fi cd /home/$USER/web/$domain # Ownership check -if [ -f "public_html/index.php" ]; then +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then owner=$(stat -c '%U' "public_html/index.php") if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 1dd87b71..2549017b 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -84,7 +84,7 @@ for f in "$SITE_PATH"/*.php; do mv "$f" "$BACKUP_DIR/" done -chown -R www-data:www-data "$BACKUP_DIR" +# chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null echo "Old core folders moved to $BACKUP_DIR" @@ -100,8 +100,8 @@ for corephp in "$CACHE_PATH"/*.php; do done # fix permissions -/usr/local/vesta/bin/v-fix-website-permissions $DOMAIN -chown -R www-data:www-data "$BACKUP_DIR" +SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN +# chown -R www-data:www-data "$BACKUP_DIR" echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" exit From 451c9944b90f4d48ffb10e9788e827f6dd768a0b Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 25 Jun 2025 17:32:23 +0200 Subject: [PATCH 282/348] v-fix-wordpress-core: move .user.ini --- bin/v-fix-wordpress-core | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 2549017b..7a511747 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -83,6 +83,9 @@ for f in "$SITE_PATH"/*.php; do [[ $(basename "$f") == "wp-config.php" ]] && continue mv "$f" "$BACKUP_DIR/" done +if [ -f "$SITE_PATH/.user.ini" ]; then + mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/" +fi # chown -R www-data:www-data "$BACKUP_DIR" check_result $? "backup failed" > /dev/null From e8b5b5a836662d2c07f2d0fc3cf704d585a504bc Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 26 Jun 2025 18:05:11 +0200 Subject: [PATCH 283/348] v-update-document-errors-files --- bin/v-update-document-errors-files | 48 ++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 bin/v-update-document-errors-files diff --git a/bin/v-update-document-errors-files b/bin/v-update-document-errors-files new file mode 100644 index 00000000..c044a80a --- /dev/null +++ b/bin/v-update-document-errors-files @@ -0,0 +1,48 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html + chown $user:$user /home/$user/web/$domain/document_errors/* + chmod 644 /home/$user/web/$domain/document_errors/* + done + +done + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit From 6cce5ecadda43c4ac94a1a094ed67111ff8fde0d Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 26 Jun 2025 22:26:14 +0200 Subject: [PATCH 284/348] chmod .env files to 600 --- bin/v-fix-website-permissions | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 0131b7c8..7dd36a62 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -76,6 +76,7 @@ chown -R $USER:$USER public_html/ # Setting chmod 600 for all php files echo "= Setting chmod 600 for all php files" find -name "*.php" -type f -exec chmod 600 {} + +find -name ".env" -type f -exec chmod 600 {} + #----------------------------------------------------------# # Vesta # From 1567383b4923b9f2ac567223e5ccfdd9e2f996a8 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 28 Jun 2025 16:49:18 +0200 Subject: [PATCH 285/348] v-run-wp-cli: Parameter 'PHP' to force specified PHP version --- bin/v-run-wp-cli | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 1a0e2adc..d03afc6a 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -69,7 +69,11 @@ fi mkdir -p /home/$user/.wp-cli chown $user:$user /home/$user/.wp-cli -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +if [ -z "$PHP" ]; then + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +else + phpver=$PHP +fi #----------------------------------------------------------# # Action # From 2fd60fc29d7ca08dc0bbe03b8b09e1ed0053e972 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 29 Jun 2025 17:16:50 +0200 Subject: [PATCH 286/348] VERBOSE_MODE in v-run-wp-cli --- bin/v-run-wp-cli | 3 +++ func/main.sh | 3 +++ 2 files changed, 6 insertions(+) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index d03afc6a..ef4f6e10 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -36,10 +36,13 @@ fi # Verifications # #----------------------------------------------------------# +VERBOSE_MODE=1 + check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' is_format_valid 'domain' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +is_object_unsuspended 'web' 'DOMAIN' "$domain" if [ ! -d "/home/$user" ]; then # echo "User doesn't exist"; diff --git a/func/main.sh b/func/main.sh index 03773920..27c4dcbe 100644 --- a/func/main.sh +++ b/func/main.sh @@ -254,6 +254,9 @@ is_object_unsuspended() { spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'") fi if [ ! -z "$spnd" ]; then + if [ ! -z "$VERBOSE_MODE" ]; then + echo "Error: $(basename $1) $3 is suspended" + fi check_result $E_SUSPENDED "$(basename $1) $3 is suspended" fi } From b8b75f0dde93a0304b6306c83664f97a33a3771d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 29 Jun 2025 00:59:18 +0200 Subject: [PATCH 287/348] v-change-wordpress-admin-passwords --- bin/v-change-wordpress-admin-passwords | 46 ++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index c51c9270..89122a2d 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -25,6 +25,13 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" # WP-CLI wrapper WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' /dev/null | tail -n +2) + --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2) [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } printf "%-6s %-20s %s\n" "ID" "Username" "Email" @@ -59,7 +70,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty case "$ACT" in [Dd]* ) - read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty + # read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty + CONF="y" if [[ ! "$CONF" =~ ^[Nn]$ ]]; then # build an array of OTHER admin usernames mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}') @@ -70,7 +82,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do DEFAULT_USER="${OTHER_USERS[0]}" echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do - read -r -p "Reassign content to which username? [default $DEFAULT_USER] " REASSIGN < /dev/tty + read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break @@ -79,8 +91,13 @@ while IFS=',' read -r ID LOGIN EMAIL; do fi done # delete by username, reassign by username - "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes >/dev/null 2>&1 - echo "$TARGET deleted (content reassigned to $REASSIGN)." + "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes + if [ $? -eq 0 ]; then + echo "$TARGET deleted (content reassigned to $REASSIGN)." + else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + echo "Failed to delete $TARGET." + fi else echo "Deletion cancelled." fi @@ -88,9 +105,14 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - if "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --quiet; then - echo "Password for $TARGET changed to: $NEW_PASS" + "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes + if [ $? -eq 0 ]; then + echo "Password for username '$TARGET' changed to: $NEW_PASS" + echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log echo "Failed to change password for $TARGET." fi break @@ -125,4 +147,14 @@ echo "Cache flushed and salts refreshed." echo echo "Done." +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + read -r -p "== Press Enter to continue..." +fi + exit 0 From d20bc94866c2891ff96e669cc9143f9972a9a196 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 1 Jul 2025 10:03:32 +0200 Subject: [PATCH 288/348] v-fix-website-permissions: chown for .php and .env files --- bin/v-fix-website-permissions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 7dd36a62..3a73d13a 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -77,6 +77,8 @@ chown -R $USER:$USER public_html/ echo "= Setting chmod 600 for all php files" find -name "*.php" -type f -exec chmod 600 {} + find -name ".env" -type f -exec chmod 600 {} + +find -name "*.php" -type f -exec chown $USER:$USER {} + +find -name ".env" -type f -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From 54abc58c4e96c45173554dc351e94f8f11c8796d Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 10 Jul 2025 17:49:15 +0200 Subject: [PATCH 289/348] v-change-wordpress-admin-passwords: accept integer as id of user, support for custom php version --- bin/v-change-wordpress-admin-passwords | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 89122a2d..c81cbfcb 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -24,7 +24,12 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" [ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } # WP-CLI wrapper -WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +if [ ! -z "$PHP" ]; then + WP_RUN=(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +else + WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) +fi + return_code=$? if [ $return_code -ne 0 ]; then @@ -86,9 +91,11 @@ while IFS=',' read -r ID LOGIN EMAIL; do REASSIGN=${REASSIGN:-$DEFAULT_USER} if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break - else - echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" fi + if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then + break + fi + echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes From acc87125f09083b5d171a5c9f7505a3c5b9a6b00 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 10:34:38 +0200 Subject: [PATCH 290/348] v-change-wordpress-admin-passwords: ability to run v-run-wp-cli on choosen PHP version --- bin/v-change-wordpress-admin-passwords | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index c81cbfcb..1802bd9f 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -25,9 +25,9 @@ WP_PATH="/home/$USER/web/$DOMAIN/public_html" # WP-CLI wrapper if [ ! -z "$PHP" ]; then - WP_RUN=(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" else - WP_RUN=(/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes) + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" fi return_code=$? @@ -54,9 +54,9 @@ if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt fi -ADMIN_LIST_CSV=$("${WP_RUN[@]}" user list --role=administrator \ - --fields=ID,user_login,user_email \ - --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2) +RUN="$WP_RUN user list --role=administrator --fields=ID,user_login,user_email --format=csv --skip-plugins --skip-themes 2>/dev/null | tail -n +2" +ADMIN_LIST_CSV=$(eval "$RUN") + [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } printf "%-6s %-20s %s\n" "ID" "Username" "Email" @@ -98,7 +98,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username - "${WP_RUN[@]}" user delete "$LOGIN" --reassign="$REASSIGN" --yes --skip-plugins --skip-themes + RUN="$WP_RUN user delete $LOGIN --reassign=$REASSIGN --yes --skip-plugins --skip-themes" + eval "$RUN" if [ $? -eq 0 ]; then echo "$TARGET deleted (content reassigned to $REASSIGN)." else @@ -112,7 +113,8 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - "${WP_RUN[@]}" user update "$LOGIN" --user_pass="$NEW_PASS" --skip-plugins --skip-themes + RUN="$WP_RUN user update $LOGIN --user_pass=$NEW_PASS --skip-plugins --skip-themes" + eval "$RUN" if [ $? -eq 0 ]; then echo "Password for username '$TARGET' changed to: $NEW_PASS" echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt @@ -145,9 +147,12 @@ echo "-------------------------------------" echo echo "Flushing cache and refreshing salts..." -"${WP_RUN[@]}" cache flush -"${WP_RUN[@]}" config shuffle-salts WP_CACHE_KEY_SALT --force -"${WP_RUN[@]}" config shuffle-salts +RUN="$WP_RUN cache flush" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts" +eval "$RUN" echo "Cache flushed and salts refreshed." From 420a978572585868477bd6a32f6b2ccb64ea21dc Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 11:41:28 +0200 Subject: [PATCH 291/348] v-install-wordpress: Support for IDN format domains --- bin/v-install-wordpress | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 202919d0..3f21d172 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -57,8 +57,17 @@ if [ -z "$database" ]; then fi fi +# Convert domain to IDN if available +if command -v idn2 >/dev/null 2>&1; then + database=$(idn2 "$database") + idn_domain=$(idn2 "$domain") +elif command -v idn >/dev/null 2>&1; then + database=$(idn "$database") + idn_domain=$(idn "$domain") +fi + if [ -z "$email" ]; then - email="info@$domain"; + email="info@$idn_domain"; fi if [ ! -d "/home/$user" ]; then From bf54a85a51fd391b8d17b1483ff54bd9dab1dbf4 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 11 Jul 2025 16:37:09 +0200 Subject: [PATCH 292/348] Added functions to check if a domain or user is unsuspended in main.sh --- func/main.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/func/main.sh b/func/main.sh index 27c4dcbe..4dfc087b 100644 --- a/func/main.sh +++ b/func/main.sh @@ -1236,3 +1236,26 @@ parse_object_kv_list_non_eval() { fi done } + +# Return OK (0) if domain is unsupended +# Parameters: +# $1 - user +# $2 - domain +return_ok_if_domain_is_unsuspended() { + spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} + +# Return OK (0) if user is unsupended +# Parameters: +# $1 - user +return_ok_if_user_is_unsuspended() { + spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'") + if [ ! -z "$spnd" ]; then + return $E_SUSPENDED + fi + return $OK +} From cdf10aede168cde0e17e7f418855dc8c751497e1 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 12 Jul 2025 14:07:08 +0200 Subject: [PATCH 293/348] v-change-wordpress-admin-passwords: enhance admin reassignment logic to handle default user selection --- bin/v-change-wordpress-admin-passwords | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 1802bd9f..591ff27c 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -59,9 +59,14 @@ ADMIN_LIST_CSV=$(eval "$RUN") [ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; } +DEFAULT_USER="" + printf "%-6s %-20s %s\n" "ID" "Username" "Email" echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" + if [ "$PID" = "1" ]; then + DEFAULT_USER="$PLOGIN" + fi done echo @@ -84,11 +89,14 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Cannot delete the only administrator account." break fi - DEFAULT_USER="${OTHER_USERS[0]}" + if [ "$DEFAULT_USER" = "" ]; then + DEFAULT_USER="${OTHER_USERS[0]}" + fi echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} + DEFAULT_USER=$REASSIGN if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break fi From aa6263c0ac49f9fbfabc383d375acada9c834240 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:25:07 +0200 Subject: [PATCH 294/348] Create wprocket-webp-express-force-https.stpl WEBP Express NGINX support with Rocket-NGINX --- .../wprocket-webp-express-force-https.stpl | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl new file mode 100644 index 00000000..0d3eca17 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%; + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + # Serve WebP if browser supports it + location ~* ^/wp-content/.*\.(png|jpe?g)$ { + add_header Vary Accept; + expires 365d; + + if ($http_accept !~* "webp") { + break; + } + + try_files + /wp-content/webp-express/webp-images/doc-root/$uri.webp + $uri.webp + @webp_on_demand; + } + + # Route .webp requests to converter if not found + location @webp_on_demand { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow .webp passthrough (trigger php fallback if not found) + location ~* ^/wp-content/.*\.(png|jpe?g)\.webp$ { + try_files + $uri + @webp_realizer; + } + + location @webp_realizer { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow PHP access to WebP Express WOD handler + location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { + proxy_pass https://148.113.209.199:8443; + } + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} From 59db959b9a0670575f13dfb11eb8d9ebe07f3dfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:26:08 +0200 Subject: [PATCH 295/348] Update wprocket-webp-express-force-https.stpl --- .../wprocket-webp-express-force-https.stpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl index 0d3eca17..d504a6a1 100644 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -43,7 +43,7 @@ server { # Allow PHP access to WebP Express WOD handler location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { - proxy_pass https://148.113.209.199:8443; + proxy_pass https://%ip%:%web_ssl_port%; } location / { From 7511baa62863537d4f75d60712fbe1800dcb8b57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 00:27:04 +0200 Subject: [PATCH 296/348] Create wprocket-webp-express-force-https.tpl --- .../wprocket-webp-express-force-https.tpl | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From a48621a88ec17c38753380276f63d829ed1ddc02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Sun, 13 Jul 2025 19:00:48 +0200 Subject: [PATCH 297/348] Update wprocket-webp-express-force-https.stpl rocket include must go bellow webp rules --- .../wprocket-webp-express-force-https.stpl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl index d504a6a1..2a6a7671 100644 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -7,8 +7,6 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; root %sdocroot%; - # Rocket-Nginx configuration - include rocket-nginx/conf.d/default.conf; # Serve WebP if browser supports it location ~* ^/wp-content/.*\.(png|jpe?g)$ { @@ -45,7 +43,10 @@ server { location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { proxy_pass https://%ip%:%web_ssl_port%; } - + + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + location / { proxy_pass https://%ip%:%web_ssl_port%; } From 29236cfb03b050df39bce02f8a113e3529d5fd3d Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 13 Jul 2025 22:16:46 +0200 Subject: [PATCH 298/348] Enhance proxy template selection in v-activate-rocket-nginx to include wprocket-webp-express-force-https option and update install script to download corresponding templates. --- bin/v-activate-rocket-nginx | 12 +++++++----- src/deb/for-download/tools/install-rocket-nginx.sh | 2 ++ .../wprocket-webp-express-force-https.tpl | 8 ++++++++ 3 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index de8f6c5f..8b562c9b 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -75,18 +75,20 @@ fi # Changing Proxy Template # Check if the proxy template is already set correctly current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}') -if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then +if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then echo "Proxy Template is already set up correctly" else # Prompt the user to choose whether to force HTTPS or not - echo "Do you want to force-https in your Proxy Template or not (y/n):" + echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):" read answer # Change the proxy template based on the user's choice - if [ "$answer" == "y" ]; then - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" - else + if [ "$answer" == "h" ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting" + elif [ "$answer" == "f" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" + elif [ "$answer" == "w" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https" fi echo "Proxy Template is ready" diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh index 47768b11..ca1f8b2a 100644 --- a/src/deb/for-download/tools/install-rocket-nginx.sh +++ b/src/deb/for-download/tools/install-rocket-nginx.sh @@ -4,6 +4,8 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl h wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl echo "Updating apt, please wait..." apt-get update > /dev/null 2>&1 diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} From 98600537fc54e76f67633a4bb9ec8fcb952d173c Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 16:32:21 +0200 Subject: [PATCH 299/348] v-change-wordpress-admin-passwords: modified user deletion and password update commands to use user ID instead of username. --- bin/v-add-wordpress-admin | 5 +++++ bin/v-change-wordpress-admin-passwords | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 3814e51a..67f58bf4 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -12,6 +12,11 @@ if [ "$whoami" != "root" ]; then exit 1 fi +if [ "$#" -lt 4 ]; then + echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]" + exit 1 +fi + # Importing system environment source /etc/profile diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 591ff27c..ba3dec2b 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -106,7 +106,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done # delete by username, reassign by username - RUN="$WP_RUN user delete $LOGIN --reassign=$REASSIGN --yes --skip-plugins --skip-themes" + RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes" eval "$RUN" if [ $? -eq 0 ]; then echo "$TARGET deleted (content reassigned to $REASSIGN)." @@ -121,7 +121,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do ;; [Cc]* ) NEW_PASS=$(gen_pass) - RUN="$WP_RUN user update $LOGIN --user_pass=$NEW_PASS --skip-plugins --skip-themes" + RUN="$WP_RUN user update $ID --user_pass=$NEW_PASS --skip-plugins --skip-themes" eval "$RUN" if [ $? -eq 0 ]; then echo "Password for username '$TARGET' changed to: $NEW_PASS" @@ -147,6 +147,18 @@ while IFS=',' read -r ID LOGIN EMAIL; do done done <<< "$ADMIN_LIST_CSV" +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo + read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty + if [ -z "$SAVE_PASSWORDS" ]; then + SAVE_PASSWORDS="n" + fi + if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then + rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + fi +fi + #----------------------------------------------------------# # flush cache and refresh all security salts # #----------------------------------------------------------# From 1571d60b2f96c99bc386ee102b9599b6c98da87e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 17:16:25 +0200 Subject: [PATCH 300/348] Update v-fix-website-permissions to allow dynamic php file permissions based on user-defined settings --- bin/v-fix-website-permissions | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 3a73d13a..4b92df2f 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -73,10 +73,15 @@ find public_html/ -type d -exec chmod 755 {} + find public_html/ -type f -exec chmod 644 {} + chown -R $USER:$USER public_html/ +php_chmod="600" +if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) +fi + # Setting chmod 600 for all php files echo "= Setting chmod 600 for all php files" -find -name "*.php" -type f -exec chmod 600 {} + -find -name ".env" -type f -exec chmod 600 {} + +find -name "*.php" -type f -exec chmod $php_chmod {} + +find -name ".env" -type f -exec chmod $php_chmod {} + find -name "*.php" -type f -exec chown $USER:$USER {} + find -name ".env" -type f -exec chown $USER:$USER {} + From ca9a93982343928a696f54db2d9713348a42e04e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 14 Jul 2025 18:17:43 +0200 Subject: [PATCH 301/348] Refactor v-change-wordpress-admin-passwords to streamline admin list processing by using a here-string for input --- bin/v-change-wordpress-admin-passwords | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index ba3dec2b..7c4fabdb 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -62,12 +62,12 @@ ADMIN_LIST_CSV=$(eval "$RUN") DEFAULT_USER="" printf "%-6s %-20s %s\n" "ID" "Username" "Email" -echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do +while IFS=',' read -r PID PLOGIN PEMAIL; do printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL" if [ "$PID" = "1" ]; then DEFAULT_USER="$PLOGIN" fi -done +done <<< "$ADMIN_LIST_CSV" echo echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit." From f16c7e4c3fff4aa83ee4640f9608dee16b73530b Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 13:12:20 +0200 Subject: [PATCH 302/348] New command: v-delete-inactive-wordpress-plugins-and-themes --- ...lete-inactive-wordpress-plugins-and-themes | 165 ++++++++++++++++++ bin/v-desinfect-wordpress | 1 + 2 files changed, 166 insertions(+) create mode 100644 bin/v-delete-inactive-wordpress-plugins-and-themes diff --git a/bin/v-delete-inactive-wordpress-plugins-and-themes b/bin/v-delete-inactive-wordpress-plugins-and-themes new file mode 100644 index 00000000..e9b1715c --- /dev/null +++ b/bin/v-delete-inactive-wordpress-plugins-and-themes @@ -0,0 +1,165 @@ +#!/bin/bash +# info: delete inactive WordPress plugins and themes +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +# WP-CLI wrapper +if [ ! -z "$PHP" ]; then + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +else + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +fi + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 +echo "Inactive WordPress plugins for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes" +PLUGINS_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2) + +DEACTIVATED_PLUGINS_LIST_CSV="" + +if [ ! -z "$PLUGINS_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME" + fi + done <<< "$PLUGINS_LIST_CSV" +else + echo "No plugins found." +fi + +if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME" + file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php" + if [ -d "$folder" ] || [ -f "$file" ]; then + destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN" + if [ -d "$folder" ]; then + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + elif [ -f "$file" ]; then + source_path="$file" + destination_path="$destination_base_folder/$NAME.php" + fi + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + if [ -f "$destination_path" ]; then + echo "= File $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder or file $file not found - it does not exist?" + fi + fi + done <<< "$PLUGINS_LIST_CSV" + fi +fi + +echo "" +echo "Inactive WordPress themes for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes" +THEMES_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2) + +DEACTIVATED_THEMES_LIST_CSV="" + +if [ ! -z "$THEMES_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME" + fi + done <<< "$THEMES_LIST_CSV" +else + echo "No themes found." +fi + +if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME" + if [ -d "$folder" ]; then + destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN" + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder not found - it does not exist?" + fi + fi + done <<< "$THEMES_LIST_CSV" + fi +fi + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All deactivated plugins and themes moved to quarantine." + echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN" +else + echo "= No deactivated plugins or themes found." +fi +exit 0; diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index 04583c1e..dbcda395 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -32,6 +32,7 @@ declare -a tasks=( "/usr/local/vesta/bin/v-change-database-password-for-wordpress" "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" "/usr/local/vesta/bin/v-fix-wordpress-core" + "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) From 7191baa1c9edcb812b4e79431ae46f729d843c6b Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 13:53:20 +0200 Subject: [PATCH 303/348] v-change-wordpress-admin-passwords: improve error handling --- bin/v-change-wordpress-admin-passwords | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 7c4fabdb..6ab4ad0e 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -30,14 +30,6 @@ else WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" fi -return_code=$? - -if [ $return_code -ne 0 ]; then - echo "WP-CLI error:" - cat /home/$USER/web/$DOMAIN/wp-cli-error.log - exit $return_code -fi - # random 10-char password gen_pass() { tr -dc 'A-Za-z0-9' Date: Tue, 15 Jul 2025 17:48:08 +0200 Subject: [PATCH 304/348] v-fix-website-permissions: only modify those that are not already set correctly --- bin/v-fix-website-permissions | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 4b92df2f..03798a15 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,9 +69,9 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d -exec chmod 755 {} + -find public_html/ -type f -exec chmod 644 {} + -chown -R $USER:$USER public_html/ +find public_html/ -type d ! -perm 755 -exec chmod 755 {} + +find public_html/ -type f ! -perm 644 -exec chmod 644 {} + +find public_html/ ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" if [ -f "/home/$USER/web/$domain/php_chmod" ]; then @@ -79,11 +79,11 @@ if [ -f "/home/$USER/web/$domain/php_chmod" ]; then fi # Setting chmod 600 for all php files -echo "= Setting chmod 600 for all php files" -find -name "*.php" -type f -exec chmod $php_chmod {} + -find -name ".env" -type f -exec chmod $php_chmod {} + -find -name "*.php" -type f -exec chown $USER:$USER {} + -find -name ".env" -type f -exec chown $USER:$USER {} + +echo "= Setting chmod $php_chmod for all php files" +find -name "*.php" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -name ".env" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + +find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From b88f0e56bf8e33ca6d77c0fbd0c419881452960e Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 15 Jul 2025 18:44:02 +0200 Subject: [PATCH 305/348] New command: v-delete-wordpress-uploads-php-files --- bin/v-delete-wordpress-uploads-php-files | 70 ++++++++++++++++++++++++ bin/v-desinfect-wordpress | 1 + 2 files changed, 71 insertions(+) create mode 100644 bin/v-delete-wordpress-uploads-php-files diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files new file mode 100644 index 00000000..4ef12f1e --- /dev/null +++ b/bin/v-delete-wordpress-uploads-php-files @@ -0,0 +1,70 @@ +#!/bin/bash +# info: delete PHP files from WordPress uploads folder +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 + +files=$(find wp-content/uploads/ -type f -name "*.php") + +if [ -z "$files" ]; then + echo "= No PHP files found in WordPress uploads folder." + exit 0; +fi + +echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :" +echo "-------------------------------------" +echo "$files" +echo "-------------------------------------" + +while true; do + read -r -p "Do you want to delete these files? (y/n): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" + break; + fi + if [ "$RESPONSE" == "n" ] || [ "$RESPONSE" == "N" ]; then + break; + fi +done + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All PHP files moved to quarantine." + echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN" +else + echo "= No PHP files found in WordPress uploads folder." +fi + +exit 0; \ No newline at end of file diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index dbcda395..fcdc2f66 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -33,6 +33,7 @@ declare -a tasks=( "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" "/usr/local/vesta/bin/v-fix-wordpress-core" "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" + "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files" "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ) From 29f030205e05648c1e82a110837fc892b4e4edf0 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 12:50:25 +0200 Subject: [PATCH 306/348] v-fix-website-permissions: exclude specific file types from permission changes to avoid altering 'Change' file attribute --- bin/v-fix-website-permissions | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 03798a15..bc0d1ba5 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,8 +69,8 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d ! -perm 755 -exec chmod 755 {} + -find public_html/ -type f ! -perm 644 -exec chmod 644 {} + +find public_html/ -type d ! \( -name "*.php" -o -name "*.env" \) ! -perm 755 -exec chmod 755 {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + find public_html/ ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" @@ -80,8 +80,7 @@ fi # Setting chmod 600 for all php files echo "= Setting chmod $php_chmod for all php files" -find -name "*.php" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + -find -name ".env" -type f ! -perm $php_chmod -exec chmod $php_chmod {} + +find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + From a5f2e6acd5b78fe24c2d791c31dcbd0aa5554ec2 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 12:52:43 +0200 Subject: [PATCH 307/348] v-fix-website-permissions: exclude specific file types from permission changes to avoid altering 'Change' file attribute --- bin/v-fix-website-permissions | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index bc0d1ba5..93b9d662 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -69,20 +69,24 @@ fi echo "Updating permissions for /home/$USER/web/$domain/public_html/" -find public_html/ -type d ! \( -name "*.php" -o -name "*.env" \) ! -perm 755 -exec chmod 755 {} + +# Fixing permissions +find public_html/ -type d ! -perm 755 -exec chmod 755 {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + -find public_html/ ! -user $USER -exec chown $USER:$USER {} + +# Fixing ownership +find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" if [ -f "/home/$USER/web/$domain/php_chmod" ]; then php_chmod=$(cat /home/$USER/web/$domain/php_chmod) fi -# Setting chmod 600 for all php files -echo "= Setting chmod $php_chmod for all php files" +# Setting chmod 600 for all .php and .env files +echo "= Setting chmod $php_chmod for all .php and .env files" +# Fixing permissions find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + -find -name "*.php" -type f ! -user $USER -exec chown $USER:$USER {} + -find -name ".env" -type f ! -user $USER -exec chown $USER:$USER {} + +# Fixing ownership +find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + #----------------------------------------------------------# # Vesta # From 3801e8d6cf43ecbeb52e1de97ea1c2e137799112 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 13:57:37 +0200 Subject: [PATCH 308/348] v-delete-wordpress-uploads-php-files: set default response to 'yes' for moving files to quarantine --- bin/v-delete-wordpress-uploads-php-files | 34 ++++++++++-------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files index 4ef12f1e..ce72c0c4 100644 --- a/bin/v-delete-wordpress-uploads-php-files +++ b/bin/v-delete-wordpress-uploads-php-files @@ -38,26 +38,20 @@ echo "-------------------------------------" echo "$files" echo "-------------------------------------" -while true; do - read -r -p "Do you want to delete these files? (y/n): " RESPONSE < /dev/tty - if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ]; then - for file in $files; do - source_file="/home/$USER/web/$DOMAIN/public_html/$file" - destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" - destination_folder=$(dirname "$destination_file") - mkdir -p "$destination_folder" - chown $USER:$USER "$destination_folder" - mv "$source_file" "$destination_file" - echo "= File $source_file moved to $destination_file" - quarantined=1; - done - chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" - break; - fi - if [ "$RESPONSE" == "n" ] || [ "$RESPONSE" == "N" ]; then - break; - fi -done +read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty +if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" +fi echo "" if [ $quarantined -eq 1 ]; then From 403dd654009a7afb2d953c9f0fe8d2d0fa02f358 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 15:35:46 +0200 Subject: [PATCH 309/348] v-change-database-password-for-wordpress: enhance database name and user retrieval to support both single and double quotes in wp-config.php --- bin/v-change-database-password-for-wordpress | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index dd7a3a91..0c84f80b 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -70,6 +70,12 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then fi db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + if [ -z "$db_name" ]; then + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+") + fi + if [ -z "$db_user" ]; then + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+") + fi new_password='' found_existing_password=0 if [ -f "/root/remember-db-user-pass.txt" ]; then From a976a3bc3f0d46f28059e2df3fcc84501846f9b8 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 17:53:38 +0200 Subject: [PATCH 310/348] v-change-database-password-for-wordpress: fixing a bug in temporary password storage --- bin/v-change-database-password-for-all-wordpress | 4 +++- bin/v-change-database-password-for-wordpress | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress index 2741e960..1a364307 100644 --- a/bin/v-change-database-password-for-all-wordpress +++ b/bin/v-change-database-password-for-all-wordpress @@ -51,7 +51,9 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do done # cat /root/remember-db-user-pass.txt -rm /root/remember-db-user-pass.txt +if [ -f "/root/remember-db-user-pass.txt" ]; then + rm /root/remember-db-user-pass.txt +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress index 0c84f80b..7f31b181 100644 --- a/bin/v-change-database-password-for-wordpress +++ b/bin/v-change-database-password-for-wordpress @@ -94,8 +94,11 @@ if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then echo "DB name: $db_name" echo "DB user: $db_user" echo "New DB password: $new_password" - if [ $found_existing_password -eq 0 ] && [ -f "/root/remember-db-user-pass.txt" ]; then + if [ $found_existing_password -eq 0 ]; then + touch /root/remember-db-user-pass.txt echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + chown root:root /root/remember-db-user-pass.txt + chmod 600 /root/remember-db-user-pass.txt fi /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" if [ $? -ne 0 ]; then @@ -126,4 +129,4 @@ fi # Logging log_event "$OK" "$ARGUMENTS" -exit +exit 0; From 9eade5a7df4759d0d4a90862fe1e1892f74e8e58 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 16 Jul 2025 19:21:18 +0200 Subject: [PATCH 311/348] v-fix-wordpress-core: support for custom PHP version --- bin/v-fix-wordpress-core | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core index 7a511747..2bcd6c34 100644 --- a/bin/v-fix-wordpress-core +++ b/bin/v-fix-wordpress-core @@ -37,7 +37,12 @@ TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace trap 'rm -rf "$TMP_DIR"' EXIT # 1etermine WP version -WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +if [ -z "$PHP" ]; then + WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +else + WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +fi + check_result $? "cannot detect WP version" > /dev/null if [ -z "$WP_VERSION" ]; then check_result 1 "empty WP version string" From f64968ba918e10040325315eaaa5e8f09657d72b Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 17 Jul 2025 14:36:37 +0200 Subject: [PATCH 312/348] v-change-wordpress-admin-passwords: add option to skip content reassignment during user deletion --- bin/v-change-wordpress-admin-passwords | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index 6ab4ad0e..eae5b078 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -81,6 +81,7 @@ while IFS=',' read -r ID LOGIN EMAIL; do while true; do echo "-------------------------------------" read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty + skip=0; case "$ACT" in [Dd]* ) # read -r -p "Really DELETE \"$TARGET\" ? (y/n, default: y) " CONF < /dev/tty @@ -97,17 +98,25 @@ while IFS=',' read -r ID LOGIN EMAIL; do fi echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}" while true; do - read -r -p "Reassign content to which username? [default: $DEFAULT_USER] " REASSIGN < /dev/tty + read -r -p "Reassign content to which username? [default: $DEFAULT_USER, s: skip] " REASSIGN < /dev/tty REASSIGN=${REASSIGN:-$DEFAULT_USER} DEFAULT_USER=$REASSIGN if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then break fi + if [[ "$REASSIGN" =~ ^[Ss]$ ]]; then + echo "Skipping reassignment." + skip=1; + break + fi if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then break fi echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}" done + if [ $skip -eq 1 ]; then + break + fi # delete by username, reassign by username RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes" eval "$RUN" From 7799cd3322e4e2b416cba968e5540a505b8c8289 Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 22 Jul 2025 14:18:10 +0200 Subject: [PATCH 313/348] v-update-deb-package: change target Debian version to 'trixie' and update dependencies for NGINX, OpenSSL, and Zlib --- src/deb/vesta_compile.sh | 46 ++++++++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index a80316d9..c645aa4c 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -7,8 +7,8 @@ build_deb_package=1 add_deb_to_apt_repo=0 -TARGET_DEB_NAME='bookworm' -TARGET_DEB_VER='12' +TARGET_DEB_NAME='trixie' +TARGET_DEB_VER='13' run_apt_update_and_install=1 wait_to_press_enter=1 @@ -31,8 +31,8 @@ fi MAINTAINER_EMAIL='info@myvestacp.com' -TARGET_DEB_NAME_MAIN='bookworm' -TARGET_DEB_VER_MAIN='12' +TARGET_DEB_NAME_MAIN='trixie' +TARGET_DEB_VER_MAIN='13' # Set compiling directory BUILD_DIR="/usr/src/$TARGET_DEB_NAME" @@ -58,10 +58,10 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.25.1' -OPENSSL_V='1.1.1u' +NGINX_V='1.29.0' +OPENSSL_V='1.1.1w' PCRE_V='8.45' -ZLIB_V='1.2.13' +ZLIB_V='1.3.1' PHP_V='5.6.40' # Generate Links for sourcecode @@ -130,6 +130,9 @@ if [ $run_apt_update_and_install -eq 1 ]; then if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi + if [ "$release" -eq 13 ]; then + ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl + fi press_enter "=== Press enter to continue ===============================================================================" fi @@ -258,6 +261,7 @@ EOF press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***" vi $PATH_OF_APT_REPO_ROOT/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/13/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key @@ -442,6 +446,34 @@ if [ "$CWEB_B" = true ]; then fi tar -czf fail2ban.tar.gz fail2ban/ + if [ -f "dovecot.tar.gz" ]; then + rm dovecot.tar.gz + fi + tar -czf dovecot.tar.gz dovecot/ + echo "=== All done for Debian12" + ########## + cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/13 + + if [ -f "packages.tar.gz" ]; then + rm packages.tar.gz + fi + tar -czf packages.tar.gz packages/ + + if [ -f "templates.tar.gz" ]; then + rm templates.tar.gz + fi + tar -czf templates.tar.gz templates/ + + if [ -f "firewall.tar.gz" ]; then + rm firewall.tar.gz + fi + tar -czf firewall.tar.gz firewall/ + + if [ -f "fail2ban.tar.gz" ]; then + rm fail2ban.tar.gz + fi + tar -czf fail2ban.tar.gz fail2ban/ + if [ -f "dovecot.tar.gz" ]; then rm dovecot.tar.gz fi From b3758430c653c3c031273d85f3fd44d154fe265c Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 22 Jul 2025 16:30:23 +0200 Subject: [PATCH 314/348] v-update-php-version: upgrade PHP to 8.4.10 and update download link; add additional dependencies for Debian 13 --- src/deb/vesta_compile.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index c645aa4c..0d899cb3 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -62,7 +62,7 @@ NGINX_V='1.29.0' OPENSSL_V='1.1.1w' PCRE_V='8.45' ZLIB_V='1.3.1' -PHP_V='5.6.40' +PHP_V='8.4.10' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' @@ -73,7 +73,7 @@ OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz' PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download' # Zlib moved archives to Github ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz' -PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz' +PHP='https://www.php.net/distributions/php-'$PHP_V'.tar.gz' # Set package dependencies for compiling release=$(cat /etc/debian_version | tr "." "\n" | head -n1) @@ -81,7 +81,7 @@ release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' else - SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync' + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync libsqlite3-dev libonig-dev' fi function press_enter { @@ -130,7 +130,7 @@ if [ $run_apt_update_and_install -eq 1 ]; then if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi - if [ "$release" -eq 13 ]; then + if [ ! -e /usr/local/include/curl ] && [ "$release" -eq 13 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi press_enter "=== Press enter to continue ===============================================================================" @@ -530,7 +530,7 @@ if [ "$NGINX_B" = true ]; then --with-openssl-opt=no-weak-ssl-ciphers \ --with-openssl-opt=no-ssl3 \ --with-pcre=../pcre-$PCRE_V \ - --with-pcre-jit \ + --with-pcre-jit \ --with-zlib=../zlib-$ZLIB_V # Check install directory and remove if exists @@ -625,11 +625,10 @@ if [ "$PHP_B" = true ]; then --with-zlib \ --with-fpm-user=admin \ --with-fpm-group=admin \ - --with-mysql \ --with-mysqli \ --with-curl \ --enable-mbstring \ - --with-mysql-sock=/var/run/mysqld/mysqld.sock + --with-mysql-sock=/var/run/mysqld/mysqld.sock # Check install directory and remove if exists if [ -d $INSTALL_DIR/php ]; then @@ -637,7 +636,7 @@ if [ "$PHP_B" = true ]; then fi press_enter "=== Press enter to compile PHP ===============================================================================" - + make && make install press_enter "=== Press enter to continue ===============================================================================" From 77b6506baeca26e71dcba0eb367c9f66b213da83 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 14:02:52 +0200 Subject: [PATCH 315/348] v-update-deb-package: update completion message for Debian 13 --- src/deb/vesta_compile.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index 0d899cb3..08bc163b 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -478,7 +478,7 @@ if [ "$CWEB_B" = true ]; then rm dovecot.tar.gz fi tar -czf dovecot.tar.gz dovecot/ - echo "=== All done for Debian12" + echo "=== All done for Debian13" ########## cp /root/vesta/install/vst-install-debian.sh $PATH_OF_C_WEB_FOLDER_ROOT/vst-install-debian.sh From 30581ea672b0bcce6d2605a6138d1085c60aaf67 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 22:37:09 +0200 Subject: [PATCH 316/348] v-change-wordpress-admin-passwords: enhance output messages for password change confirmation --- bin/v-change-wordpress-admin-passwords | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords index eae5b078..bca23ad8 100644 --- a/bin/v-change-wordpress-admin-passwords +++ b/bin/v-change-wordpress-admin-passwords @@ -160,8 +160,15 @@ while IFS=',' read -r ID LOGIN EMAIL; do done <<< "$ADMIN_LIST_CSV" if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "" + echo "" echo "-------------------------------------" - echo + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + echo "" read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty if [ -z "$SAVE_PASSWORDS" ]; then SAVE_PASSWORDS="n" @@ -191,14 +198,4 @@ echo "Cache flushed and salts refreshed." echo echo "Done." -if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then - echo "-------------------------------------" - echo "For website $DOMAIN - new wp-admin passwords have been set." - echo "-------------------------------------" - cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - echo "-------------------------------------" - echo "" - read -r -p "== Press Enter to continue..." -fi - exit 0 From 4e8bac8dda0670066c3b8cd880bfb388cb550a25 Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 23 Jul 2025 23:34:07 +0200 Subject: [PATCH 317/348] v-update-firewall-rules: improve nginx configuration handling for deleting rules, as well as for suspended and unsuspended rules --- bin/v-delete-firewall-rule | 2 +- bin/v-suspend-firewall-rule | 9 +++++++++ bin/v-unsuspend-firewall-rule | 13 +++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 61f7602d..10fd0fb9 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -45,7 +45,7 @@ $BIN/v-update-firewall if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then parse_object_kv_list_non_eval "$oldvalues" if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then - sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf systemctl restart nginx fi fi diff --git a/bin/v-suspend-firewall-rule b/bin/v-suspend-firewall-rule index 67f14cec..9191fed0 100755 --- a/bin/v-suspend-firewall-rule +++ b/bin/v-suspend-firewall-rule @@ -32,12 +32,21 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-firewall-rule b/bin/v-unsuspend-firewall-rule index be6320d4..f0e00c96 100755 --- a/bin/v-unsuspend-firewall-rule +++ b/bin/v-unsuspend-firewall-rule @@ -32,12 +32,25 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # From d017fbbe0700a61adb45a8494b1f6656655ffff3 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 25 Jul 2025 16:37:45 +0200 Subject: [PATCH 318/348] v-fix-website-permissions: improve error messages for non-existent user and domain directories --- bin/v-fix-website-permissions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 93b9d662..13c6775d 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -42,12 +42,12 @@ is_format_valid 'domain' is_object_valid 'user' 'USER' "$user" if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; + echo "Error: Folder /home/$user doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; exit 1; fi From 5fb7862b39b7437777fd1c57bc35c9c588854ac4 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 26 Jul 2025 21:36:10 +0200 Subject: [PATCH 319/348] Replace direct calls to 'wp' with 'v-run-wp-cli' --- bin/v-add-wordpress-admin | 16 ++++------ bin/v-clone-website | 22 ++++++------- bin/v-install-wordfence-cli | 0 bin/v-install-wordpress | 29 +++++++++++------ bin/{v-get-wp-cli => v-install-wp-cli} | 24 ++++++++++++-- bin/v-migrate-site-to-https | 22 +++++++++---- bin/v-run-wp-cli | 44 +++++++++++++++++++------- 7 files changed, 108 insertions(+), 49 deletions(-) create mode 100644 bin/v-install-wordfence-cli rename bin/{v-get-wp-cli => v-install-wp-cli} (60%) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 67f58bf4..20585485 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -63,21 +63,19 @@ if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then exit 1; fi -if ! command -v wp &> /dev/null; then - echo "WP CLI is not installed. Installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp - echo "WP CLI installed successfully." +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi - -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") #----------------------------------------------------------# # Action # #----------------------------------------------------------# -cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; +/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes; #----------------------------------------------------------# # Vesta # diff --git a/bin/v-clone-website b/bin/v-clone-website index 0258e39a..0e089465 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -265,10 +265,12 @@ if [ $IT_IS_WP -eq 0 ]; then git clone https://github.com/interconnectit/Search-Replace-DB.git fi else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli + fi + if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi fi @@ -429,17 +431,15 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else - phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") - cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; fi - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; - sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes; fi # ----------- Update Wordfence WAF Path ------------- diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli new file mode 100644 index 00000000..e69de29b diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 3f21d172..ba4d38c2 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -71,12 +71,12 @@ if [ -z "$email" ]; then fi if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; + echo "= Error: Folder /home/$user doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; + echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist"; exit 1; fi @@ -138,24 +138,35 @@ fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" -if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR -sudo -H -u$user wp core download -sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +/usr/local/vesta/bin/v-run-wp-cli $domain core download +if [ ! -f "$WORKINGDIR/index.php" ]; then + echo "= WordPress installation failed: WordPress core download failed." + exit 1; +fi + +/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB +if [ ! -f "$WORKINGDIR/wp-config.php" ]; then + echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found." + exit 1; +fi password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12) wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n -sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR +/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" diff --git a/bin/v-get-wp-cli b/bin/v-install-wp-cli similarity index 60% rename from bin/v-get-wp-cli rename to bin/v-install-wp-cli index c097a024..e9be765d 100644 --- a/bin/v-get-wp-cli +++ b/bin/v-install-wp-cli @@ -24,10 +24,16 @@ if [ ! -f "/usr/local/bin/composer" ]; then fi if [ -d "/usr/local/bin/wp-cli" ]; then - echo "= Removing old WP CLI..." + echo "= Removing old myVesta WP CLI..." rm -rf /usr/local/bin/wp-cli fi +echo "= Installing classic WP CLI..." +wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp +chmod +x /usr/local/bin/wp + +echo "= Installing myVesta WP CLI..." + cd /usr/local/bin git clone https://github.com/wp-cli/wp-cli.git @@ -36,9 +42,21 @@ chown -R www-data:www-data wp-cli cd wp-cli/ sudo -H -u www-data composer install +echo "= Installing search-replace-command package..." +sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command + # Fix terminal columns issue for WP CLI +echo "= Fixing terminal columns issue for WP CLI..." /usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' -echo "= WP CLI installed successfully." +echo "" -exit 0; \ No newline at end of file +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] || [ -f "/usr/local/bin/wp" ]; then + echo "= WP CLI installed successfully." + echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index b6f4295b..1df0f0d5 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,6 +40,14 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli +fi +if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; +fi + FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' FROM_DATABASE_PASSWORD='' @@ -113,10 +121,12 @@ if [ $IT_IS_WP -eq 0 ]; then git clone https://github.com/interconnectit/Search-Replace-DB.git fi else - if [ ! -f "/usr/local/bin/wp" ]; then - echo "=== Downloading latest wp-cli" - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp + if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli + fi + if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + exit 1; fi fi @@ -172,9 +182,9 @@ if [ $IT_IS_WP -eq 0 ]; then else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; fi echo "===== DONE ====" diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index ef4f6e10..c0c37d25 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -45,28 +45,37 @@ is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'web' 'DOMAIN' "$domain" if [ ! -d "/home/$user" ]; then - # echo "User doesn't exist"; + echo "= User doesn't exist"; exit 1; fi -if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - echo 'Please install WordPress first.' +if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo '= Please install WordPress first.' exit 1; fi -if ! command -v wp &> /dev/null; then - echo "WP CLI is not installed. Installing..." - wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp - chmod +x /usr/local/bin/wp - echo "WP CLI installed successfully." +wpcli="" + +if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli fi -wpcli="/usr/local/bin/wp" +if [ -f "/usr/local/bin/wp" ]; then + wpcli="/usr/local/bin/wp" + WP_CLI_PACKAGES_DIR="" +fi -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ -z "$USE_WP_CLI_BUNDLED" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS + WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages" +fi + +if [ -z "$wpcli" ]; then + echo "= WP CLI is not installed. Please install it manually." + exit 1; fi mkdir -p /home/$user/.wp-cli @@ -83,7 +92,20 @@ fi #----------------------------------------------------------# cd /home/$USER/web/$domain/public_html -sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log + +if [ -z "$OPEN_BASEDIR" ]; then + OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp" +fi + +if [ -z "$DISABLE_FUNCTIONS" ]; then + DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" +fi + +if [ -z "$SHOW_ERRORS" ]; then + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log +else + sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command +fi return_code=$? From 35653eec54bb105cc383a5cbd255fc1ad0791d32 Mon Sep 17 00:00:00 2001 From: Peca Date: Sat, 26 Jul 2025 22:00:22 +0200 Subject: [PATCH 320/348] Add WordFence CLI installation script --- bin/v-desinfect-wordpress | 5 +++++ bin/v-install-wordfence-cli | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress index fcdc2f66..51ee217e 100644 --- a/bin/v-desinfect-wordpress +++ b/bin/v-desinfect-wordpress @@ -27,6 +27,11 @@ if [ -z "$user" ]; then exit 1 fi +if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then + echo "= WordFence CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wordfence-cli +fi + # absolute paths to maintenance scripts, in desired order declare -a tasks=( "/usr/local/vesta/bin/v-change-database-password-for-wordpress" diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli index e69de29b..fc6ca0b5 100644 --- a/bin/v-install-wordfence-cli +++ b/bin/v-install-wordfence-cli @@ -0,0 +1,37 @@ +#!/bin/bash +# info: Script for installing WordFence CLI +# options: NONE + +if ! command -v git &> /dev/null; then + echo "= Git is not installed. Installing..." + apt-get update > /dev/null 2>&1 + apt-get install -y git +fi + +cd /root + +if [ ! -d "myvesta-wordfence-cli" ]; then + git clone https://github.com/isscbta/myvesta-wordfence-cli.git + cd ~/myvesta-wordfence-cli/ +else + cd ~/myvesta-wordfence-cli/ + git pull +fi + +echo "" +echo "----------------------------------------------------------------" +echo "" +echo "Which Docker container do you want to install for WordFence CLI?" +echo "1. WordFence CLI official Docker container" +echo "2. WordFence CLI Docker container maintained by myVesta" +read -r -p "Enter your choice: " choice < /dev/tty + +if [ "$choice" == "1" ]; then + bash wf-cli-install.sh +fi + +if [ "$choice" == "2" ]; then + bash wf-cli-install-our-image.sh +fi + +exit 0; From 95ed753b0b1bb3bf8bd7aad2631bc55093f22092 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 27 Jul 2025 18:07:14 +0200 Subject: [PATCH 321/348] Separating v-install-wp-cli-myvesta. Update v-run-wp-cli to display error log if PHP Fatal Error occured. Updating v-run-wp-cli to use standard wp-cli, making v-run-wp-cli-myvesta for myvesta version of wp-cli. --- bin/v-install-wp-cli | 39 ++---------------------- bin/v-install-wp-cli-myvesta | 58 ++++++++++++++++++++++++++++++++++++ bin/v-run-wp-cli | 18 +++++++---- bin/v-run-wp-cli-myvesta | 8 +++++ 4 files changed, 81 insertions(+), 42 deletions(-) create mode 100644 bin/v-install-wp-cli-myvesta create mode 100644 bin/v-run-wp-cli-myvesta diff --git a/bin/v-install-wp-cli b/bin/v-install-wp-cli index e9be765d..17df71e8 100644 --- a/bin/v-install-wp-cli +++ b/bin/v-install-wp-cli @@ -12,46 +12,11 @@ if [ "$whoami" != "root" ]; then exit 1 fi -# Importing system environment -source /etc/profile - -if [ ! -f "/usr/local/bin/composer" ]; then - echo "= Composer is not installed. Installing..." - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" - php composer-setup.php --install-dir=/usr/local/bin --filename=composer - php -r "unlink('composer-setup.php');" - echo "= Composer installed successfully." -fi - -if [ -d "/usr/local/bin/wp-cli" ]; then - echo "= Removing old myVesta WP CLI..." - rm -rf /usr/local/bin/wp-cli -fi - -echo "= Installing classic WP CLI..." +echo "= Installing WP CLI by downloading phar file..." wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp chmod +x /usr/local/bin/wp -echo "= Installing myVesta WP CLI..." - -cd /usr/local/bin -git clone https://github.com/wp-cli/wp-cli.git - -chown -R www-data:www-data wp-cli - -cd wp-cli/ -sudo -H -u www-data composer install - -echo "= Installing search-replace-command package..." -sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command - -# Fix terminal columns issue for WP CLI -echo "= Fixing terminal columns issue for WP CLI..." -/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' - -echo "" - -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] || [ -f "/usr/local/bin/wp" ]; then +if [ -f "/usr/local/bin/wp" ]; then echo "= WP CLI installed successfully." echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" exit 0; diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta new file mode 100644 index 00000000..f619626f --- /dev/null +++ b/bin/v-install-wp-cli-myvesta @@ -0,0 +1,58 @@ +#!/bin/bash +# info: Download myVesta WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old myVesta WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +echo "= Installing myVesta WP CLI..." + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +cd wp-cli/ +sudo -H -u www-data composer install + +echo "= Installing search-replace-command package..." +sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command + +# Fix terminal columns issue for WP CLI +echo "= Fixing terminal columns issue for WP CLI..." +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI installed successfully." + echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND" + exit 0; +else + echo "= myVesta WP CLI installation failed." + echo "= Please install it manually." + exit 1; +fi diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index c0c37d25..999e30a8 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -61,12 +61,19 @@ if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php /usr/local/vesta/bin/v-install-wp-cli fi +output='terminal' +if [ -t 1 ]; then + output='terminal' +else + output='file' +fi + if [ -f "/usr/local/bin/wp" ]; then wpcli="/usr/local/bin/wp" WP_CLI_PACKAGES_DIR="" fi -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ -z "$USE_WP_CLI_BUNDLED" ]; then +if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS @@ -113,10 +120,11 @@ if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then rm /usr/local/bin/wp-cli/COLUMNS fi -# echo "WP CLI: Done." -# echo "To see Warning/Error log: " -# echo "cat /home/$user/web/$domain/wp-cli-error.log" - +if [ -z "$SHOW_ERRORS" ]; then + if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then + cat /home/$user/web/$domain/wp-cli-error.log + fi +fi #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta new file mode 100644 index 00000000..e250a8ee --- /dev/null +++ b/bin/v-run-wp-cli-myvesta @@ -0,0 +1,8 @@ +#!/bin/bash + +if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + echo "= myVesta WP CLI is not installed. Installing..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta +fi + +USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" From ef8d033b60e0dd6e1a1a9fa2bad9eaf7d7dd0e0f Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 30 Jul 2025 16:18:20 +0200 Subject: [PATCH 322/348] Enhance v-run-wp-cli and v-run-wp-cli-myvesta to check for file age and update if older than 30 days --- bin/v-run-wp-cli | 18 ++++++++++++++++-- bin/v-run-wp-cli-myvesta | 13 +++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index 999e30a8..e4a3d4a7 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -61,7 +61,21 @@ if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php /usr/local/vesta/bin/v-install-wp-cli fi -output='terminal' +if [ -z "$USE_WP_CLI_MYVESTA" ]; then + if [ -f "/usr/local/bin/wp" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)." + echo "= Updating WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli + fi + fi +fi + if [ -t 1 ]; then output='terminal' else @@ -73,7 +87,7 @@ if [ -f "/usr/local/bin/wp" ]; then WP_CLI_PACKAGES_DIR="" fi -if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then +if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta index e250a8ee..5947edfa 100644 --- a/bin/v-run-wp-cli-myvesta +++ b/bin/v-run-wp-cli-myvesta @@ -5,4 +5,17 @@ if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then /usr/local/vesta/bin/v-install-wp-cli-myvesta fi +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + # Get current time and file ctime in seconds since epoch + current_time=$(date +%s) + file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php) + # Calculate age in days + age_days=$(( (current_time - file_ctime) / 86400 )) + if [ "$age_days" -gt 30 ]; then + echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)." + echo "= Updating myVesta WP CLI..." + /usr/local/vesta/bin/v-install-wp-cli-myvesta + fi +fi + USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" From 48944af1826e8bb2dd1540094b6bf561003f207f Mon Sep 17 00:00:00 2001 From: Peca Date: Wed, 30 Jul 2025 18:14:25 +0200 Subject: [PATCH 323/348] Update v-install-wp-cli-myvesta to set PHP version dynamically based on the oldest installed version and revert to the current version after installation --- bin/v-install-wp-cli-myvesta | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta index f619626f..b65479f6 100644 --- a/bin/v-install-wp-cli-myvesta +++ b/bin/v-install-wp-cli-myvesta @@ -35,12 +35,33 @@ git clone https://github.com/wp-cli/wp-cli.git chown -R www-data:www-data wp-cli +ver_ge() { + # usage: ver_ge 7.2 5.6 --> returns true if $1 is greater than or equal to $2 + [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ] +} + +current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+') + +php_versions=$(/usr/local/vesta/bin/v-list-php) +for php_version in $php_versions; do + if ver_ge "$php_version" "7.2"; then + oldest_allowed_php_version=$php_version + break + fi +done + +echo "= Setting PHP version to $oldest_allowed_php_version" +update-alternatives --set php /usr/bin/php$oldest_allowed_php_version + cd wp-cli/ sudo -H -u www-data composer install echo "= Installing search-replace-command package..." sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command +echo "= Setting PHP version to $current_php_version" +update-alternatives --set php /usr/bin/php$current_php_version + # Fix terminal columns issue for WP CLI echo "= Fixing terminal columns issue for WP CLI..." /usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' From 46a6ebafb0ad8a4a09008a21859b6dd2b0d3f9eb Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 19:42:16 +0200 Subject: [PATCH 324/348] Enhance v-commander to check for kernel updates and reboot requirements --- bin/v-commander | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/v-commander b/bin/v-commander index f04b3a17..72607c95 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -201,11 +201,9 @@ do apt_upgraded=1 kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log) - if [ $kernelupdate -gt 0 ]; then + if [ $kernelupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then touch /root/kernelupdate - echo "== kernel is updated" - else - echo "== kernel is not updated" + echo "== kernel is updated, reboot is required!" fi fi From cc09de9b6ec7e6104e5451ca2274822f3eaa8651 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 19:46:28 +0200 Subject: [PATCH 325/348] v-fix-website-permissions: checks for php_chmod conf files --- bin/v-fix-website-permissions | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 13c6775d..5c1eaca3 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -77,6 +77,15 @@ find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" +if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) +fi +if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) +fi +if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) +fi if [ -f "/home/$USER/web/$domain/php_chmod" ]; then php_chmod=$(cat /home/$USER/web/$domain/php_chmod) fi From c1f2a02fb8a05f9147e8bbc4d6dffaed6bb0e97e Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 1 Aug 2025 20:08:17 +0200 Subject: [PATCH 326/348] Implement cron job for fixing website permissions --- install/vst-install-debian.sh | 4 +++- src/deb/vesta/postinst | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index f6de9e70..9517e4ef 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1894,7 +1894,9 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -service cron restart +command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +$VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" +systemctl restart cron.service echo "== Building inititall rrd images" $VESTA/bin/v-update-sys-rrd diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 68252789..d8a22ee1 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -21,10 +21,20 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then mkdir -p /usr/local/vesta/data/upgrades fi +VESTA="/usr/local/vesta" + # show changelog after update echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# Fixing permissions for all websites +if ! grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Fixing permissions for all websites" + command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" + $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" + systemctl restart cron.service +fi + if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then echo "== Adding FileManager license to vesta.conf" echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf From 97548e55fb76e9fd10913a0caedb08f535c9cb43 Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 3 Aug 2025 15:00:29 +0200 Subject: [PATCH 327/348] Removing temporary Docker container network interfaces from RRD --- bin/v-update-sys-rrd-net | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bin/v-update-sys-rrd-net b/bin/v-update-sys-rrd-net index e9c642e4..d59eefd9 100755 --- a/bin/v-update-sys-rrd-net +++ b/bin/v-update-sys-rrd-net @@ -35,13 +35,15 @@ if [ ! -d "$RRD/net" ]; then mkdir $RRD/net fi +find $RRD/net -name "veth*" -delete + # Parsing network interfaces ndev=$(cat /proc/net/dev) ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g") # Parsing excludes if [ -z "$RRD_IFACE_EXCLUDE" ]; then - RRD_IFACE_EXCLUDE='lo' + RRD_IFACE_EXCLUDE='lo,' fi for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do ifaces=$(echo "$ifaces" |grep -vw "$exclude" ) @@ -62,6 +64,8 @@ for iface in $ifaces; do RRA:MAX:0.5:6:700 \ RRA:MAX:0.5:24:775 \ RRA:MAX:0.5:288:797 + else + touch $RRD/net/$iface.rrd fi # Parsing device stats @@ -112,6 +116,8 @@ for iface in $ifaces; do done +find $RRD/net -name "*.png" -mtime +1 -delete +find $RRD/net -name "*.rrd" -mtime +1 -delete #----------------------------------------------------------# # Vesta # From d18967e627f654fc980457ead8bd35d5466bd9e6 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 11:07:07 +0200 Subject: [PATCH 328/348] Refactor v-run-wp-cli to simplify WP CLI installation check by removing redundant file check for boot-fs.php --- bin/v-run-wp-cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli index e4a3d4a7..b1e4e6aa 100644 --- a/bin/v-run-wp-cli +++ b/bin/v-run-wp-cli @@ -56,7 +56,7 @@ fi wpcli="" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then +if [ ! -f "/usr/local/bin/wp" ]; then echo "= WP CLI is not installed. Installing..." /usr/local/vesta/bin/v-install-wp-cli fi From 8680995e66e820258bfaede558a5e144120856a8 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 15:19:22 +0200 Subject: [PATCH 329/348] Avoid 600 permissions for Apache-less variant --- bin/v-fix-user-permissions | 8 ++++---- bin/v-fix-website-permissions | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index 991ada62..47690477 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -49,10 +49,10 @@ find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; -find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + -find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + -find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; -find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} + +for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" +done echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 5c1eaca3..186075a1 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -28,6 +28,7 @@ USER=$user # Includes source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf if [ -z "$user" ]; then check_result $E_NOTEXIST "domain $domain doesn't exist" @@ -77,6 +78,11 @@ find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + php_chmod="600" + +if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" +fi + if [ -f "/home/php_chmod" ]; then php_chmod=$(cat /home/php_chmod) fi From 4dc1e73612d07e80aad72c533d7fd10ed253834e Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 16:42:07 +0200 Subject: [PATCH 330/348] Remove redundant WP CLI installation checks from multiple scripts --- bin/v-add-wordpress-admin | 8 -------- bin/v-clone-website | 8 -------- bin/v-install-wordpress | 8 -------- bin/v-migrate-site-to-https | 15 --------------- 4 files changed, 39 deletions(-) diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin index 20585485..60778fb2 100644 --- a/bin/v-add-wordpress-admin +++ b/bin/v-add-wordpress-admin @@ -63,14 +63,6 @@ if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then exit 1; fi -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi - #----------------------------------------------------------# # Action # #----------------------------------------------------------# diff --git a/bin/v-clone-website b/bin/v-clone-website index 0e089465..9bebbffd 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -264,14 +264,6 @@ if [ $IT_IS_WP -eq 0 ]; then cd /root git clone https://github.com/interconnectit/Search-Replace-DB.git fi -else - if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli - fi - if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; - fi fi CREATE_TO_DATABASE=0 diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index ba4d38c2..f23afa74 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -138,14 +138,6 @@ fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi - WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 1df0f0d5..c15a521e 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,13 +40,6 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" -if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi -if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; -fi FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' @@ -120,14 +113,6 @@ if [ $IT_IS_WP -eq 0 ]; then cd /root git clone https://github.com/interconnectit/Search-Replace-DB.git fi -else - if [ ! -f "/usr/local/bin/wp" ] || [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli - fi - if [ ! -f "/usr/local/bin/wp" ] && [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - exit 1; - fi fi From a183cabdc7ece59d29c37f0c3064779adb52c140 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 4 Aug 2025 16:50:52 +0200 Subject: [PATCH 331/348] v-install-wordpress: avoid changing nginx proxy template in apache-less variant --- bin/v-install-wordpress | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index f23afa74..25e38f3e 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -119,20 +119,22 @@ fi TPL_CHANGED=0; -if [ "$PROTOCOL" = "https" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" +if [ "$WEB_SYSTEM" != 'nginx' ]; then + if [ "$PROTOCOL" = "https" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" - fi -fi -if [ "$PROTOCOL" = "http" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + if [ "$PROTOCOL" = "http" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi fi fi From 5008c2c778595f0a73d3e78bc55d7a62d37fe371 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 7 Aug 2025 18:29:11 +0200 Subject: [PATCH 332/348] Refactor v-fix-website-permissions to introduce conditional checks for PHP and symlink ownership adjustments, allowing for more flexible permission management based on configuration files. --- bin/v-fix-website-permissions | 108 +++++++++++++++++++++++++--------- 1 file changed, 79 insertions(+), 29 deletions(-) diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index 186075a1..fca37e15 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -68,40 +68,90 @@ if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then fi fi +echo "Updating permissions for /home/$USER/web/$domain/" -echo "Updating permissions for /home/$USER/web/$domain/public_html/" -# Fixing permissions -find public_html/ -type d ! -perm 755 -exec chmod 755 {} + -find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + -# Fixing ownership -find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + -find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + - -php_chmod="600" - -if [ "$WEB_SYSTEM" = 'nginx' ]; then - php_chmod="644" +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 fi -if [ -f "/home/php_chmod" ]; then - php_chmod=$(cat /home/php_chmod) -fi -if [ -f "/home/$USER/php_chmod" ]; then - php_chmod=$(cat /home/$USER/php_chmod) -fi -if [ -f "/home/$USER/web/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/php_chmod) -fi -if [ -f "/home/$USER/web/$domain/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/$domain/php_chmod) +# === General files and directories permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + # New way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +else + # Old way of fixing permissions + # Fixing permissions + find public_html/ -type d ! -perm 755 -exec chmod 755 {} + + find public_html/ -type f ! -perm 644 -exec chmod 644 {} + + + # Fixing ownership + find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + + find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} + fi -# Setting chmod 600 for all .php and .env files -echo "= Setting chmod $php_chmod for all .php and .env files" -# Fixing permissions -find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + -# Fixing ownership -find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +# === Symlinks ownership === +symlink_chown_allowed=1 +if [ -f "/home/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then + symlink_chown_allowed=0 +fi + +if [ "$symlink_chown_allowed" -eq 1 ]; then + find -type l ! -user $USER -exec chown -h $USER:$USER {} + +fi #----------------------------------------------------------# # Vesta # From efe0045c5f7a7fa12ded564a4e7ee49df38cf152 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 7 Aug 2025 19:03:30 +0200 Subject: [PATCH 333/348] Introduction of v-fix-website-permissions-only-php script --- bin/v-fix-website-permissions | 6 +- ...site-permissions-for-all-websites-only-php | 44 +++++++ bin/v-fix-website-permissions-only-php | 121 ++++++++++++++++++ install/vst-install-debian.sh | 2 +- src/deb/vesta/postinst | 19 ++- 5 files changed, 184 insertions(+), 8 deletions(-) create mode 100644 bin/v-fix-website-permissions-for-all-websites-only-php create mode 100644 bin/v-fix-website-permissions-only-php diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions index fca37e15..50b143c8 100644 --- a/bin/v-fix-website-permissions +++ b/bin/v-fix-website-permissions @@ -1,6 +1,6 @@ #!/bin/bash -# info: Fixing chown and chmod permissions in the public_html directory -# options: DOMAIN +# info: Fixing chown and chmod permissions for a website +# options: DOMAIN [USER] #----------------------------------------------------------# # Variable&Function # @@ -68,7 +68,7 @@ if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then fi fi -echo "Updating permissions for /home/$USER/web/$domain/" +echo "Updating permissions and ownership for /home/$USER/web/$domain/" php_chmod_allowed=1 if [ -f "/home/php_chmod_disabled" ]; then diff --git a/bin/v-fix-website-permissions-for-all-websites-only-php b/bin/v-fix-website-permissions-for-all-websites-only-php new file mode 100644 index 00000000..a89d2416 --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites-only-php @@ -0,0 +1,44 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log +truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1 + echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-website-permissions-only-php b/bin/v-fix-website-permissions-only-php new file mode 100644 index 00000000..cf548e6b --- /dev/null +++ b/bin/v-fix-website-permissions-only-php @@ -0,0 +1,121 @@ +#!/bin/bash +# info: Fixing PHP and .env permissions and ownership for a website +# options: DOMAIN [USER] + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/conf/vesta.conf + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "Error: Folder /home/$user doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Going to domain directory +cd /home/$USER/web/$domain + +# Ownership check +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + +echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/" + +php_chmod_allowed=1 +if [ -f "/home/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi +if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then + php_chmod_allowed=0 +fi + +# === PHP and .env permissions === +if [ "$php_chmod_allowed" -eq 1 ]; then + php_chmod="600" + + if [ "$WEB_SYSTEM" = 'nginx' ]; then + php_chmod="644" + fi + + if [ -f "/home/php_chmod" ]; then + php_chmod=$(cat /home/php_chmod) + fi + if [ -f "/home/$USER/php_chmod" ]; then + php_chmod=$(cat /home/$USER/php_chmod) + fi + if [ -f "/home/$USER/web/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/php_chmod) + fi + if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) + fi + + # Setting chmod 600 for all .php and .env files + echo "= Setting chmod $php_chmod for all .php and .env files" + # Fixing permissions + find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + + # Fixing ownership + find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "PHP and .env permissions and ownership for $domain have been successfully updated." + +exit 0 diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 9517e4ef..1c8f2e1b 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1894,7 +1894,7 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" systemctl restart cron.service diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d8a22ee1..f5f79877 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -27,10 +27,21 @@ VESTA="/usr/local/vesta" echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog -# Fixing permissions for all websites -if ! grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Fixing permissions for all websites" - command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites > /dev/null 2>&1" +if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin + systemctl restart cron.service + fi +fi + +# Fixing PHP and .env permissions and ownership for all websites +if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Fixing PHP and .env permissions and ownership for all websites" + command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" systemctl restart cron.service fi From 4fff4b498553e2545c674427296d271a0d16ee5f Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Sun, 10 Aug 2025 11:48:54 +0000 Subject: [PATCH 334/348] Fix PHP 5.6 array index and implode compatibility issues Co-authored-by: peca --- web/add/dns/index.php | 12 ++++++++++-- web/add/mail/index.php | 9 +++++++-- web/add/web/index.php | 6 +++++- web/upload/UploadHandler.php | 9 +++++++-- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/web/add/dns/index.php b/web/add/dns/index.php index 7c18faab..06ca9547 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,7 +80,11 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + } unset($v_domain); } } @@ -128,7 +132,11 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); + } unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index c761139c..5fe9b6ff 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,8 +186,13 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + } else { + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + } unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/web/index.php b/web/add/web/index.php index d77b8f40..f8953f19 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,7 +323,11 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); + } else { + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + } $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 48f40b23..581f9741 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1095,8 +1095,13 @@ class UploadHandler } } if (count($failed_versions)) { - $file->error = $this->get_error_message('image_resize') - .' ('.implode($failed_versions,', ').')'; + if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { + $file->error = $this->get_error_message('image_resize') + .' ('.implode($failed_versions,', ').')'; + } else { + $file->error = $this->get_error_message('image_resize') + .' ('.implode(', ', $failed_versions).')'; + } } // Free memory: $this->destroy_image_object($file_path); From be756306b084aa808dcd4328303a316f0a4a3a10 Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Sun, 10 Aug 2025 12:13:20 +0000 Subject: [PATCH 335/348] Remove PHP version-specific code for array access and string formatting Co-authored-by: peca --- web/add/dns/index.php | 12 ++---------- web/add/mail/index.php | 9 ++------- web/add/web/index.php | 6 +----- web/upload/UploadHandler.php | 9 ++------- 4 files changed, 7 insertions(+), 29 deletions(-) diff --git a/web/add/dns/index.php b/web/add/dns/index.php index 06ca9547..b9e47abe 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,11 +80,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); unset($v_domain); } } @@ -132,11 +128,7 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index 5fe9b6ff..6a8b6e9f 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,13 +186,8 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; - } else { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; - } + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/web/index.php b/web/add/web/index.php index f8953f19..e11cff23 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,11 +323,7 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); - } else { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); - } + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 581f9741..ce8863bb 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1095,13 +1095,8 @@ class UploadHandler } } if (count($failed_versions)) { - if (PHP_VERSION_ID >= 50600 && PHP_VERSION_ID < 50700) { - $file->error = $this->get_error_message('image_resize') - .' ('.implode($failed_versions,', ').')'; - } else { - $file->error = $this->get_error_message('image_resize') - .' ('.implode(', ', $failed_versions).')'; - } + $file->error = $this->get_error_message('image_resize') + .' ('.implode(', ', $failed_versions).')'; } // Free memory: $this->destroy_image_object($file_path); From 457e5c862ee820cf03558f6ea6b34290d16ca9ac Mon Sep 17 00:00:00 2001 From: Peca Date: Tue, 12 Aug 2025 13:58:17 +0200 Subject: [PATCH 336/348] Add cron job for disk usage snapshot --- bin/v-df-snapshot-diff | 102 +++++++++++++++++++++++++++++++++ bin/v-df-snapshot-logs-cleaner | 11 ++++ bin/v-df-snapshot-make | 20 +++++++ install/vst-install-debian.sh | 4 ++ src/deb/vesta/postinst | 14 +++++ 5 files changed, 151 insertions(+) create mode 100644 bin/v-df-snapshot-diff create mode 100644 bin/v-df-snapshot-logs-cleaner create mode 100644 bin/v-df-snapshot-make diff --git a/bin/v-df-snapshot-diff b/bin/v-df-snapshot-diff new file mode 100644 index 00000000..ee427bd2 --- /dev/null +++ b/bin/v-df-snapshot-diff @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Make a diff between two snapshots of the disk usage +# options: FILE1 FILE2 + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Let's declare three associative arrays +declare -A FILE1 +declare -A FILE2 +declare -A FILED + +file1=$1 +file2=$2 + +if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file1="/usr/local/vesta/data/df/$file1" +fi + +if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then + file2="/usr/local/vesta/data/df/$file2" +fi + +if [ ! -f "$file1" ]; then + echo "File $file1 not found" + exit 1 +fi + +if [ ! -f "$file2" ]; then + echo "File $file2 not found" + exit 1 +fi + +timestamp=$(date +%Y-%m-%d-%H-%M-%S) +mkdir -p /usr/local/vesta/data/df-diff +file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt" +file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt" +file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt" +touch $file0 + +# Let's load the first file and fill the array FILE1 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE1["$DIRECTORY"]="$SIZE" +done < "$file1" + +# Let's load the second file and fill the array FILE2 +while IFS=$'\t' read SIZE DIRECTORY; do + # Skip blank lines or lines that are not in the correct format + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + # Insert values into the array + FILE2["$DIRECTORY"]="$SIZE" +done < "$file2" + +# We iterate through FILE1 and look for the matching key in FILE2 +for k in "${!FILE1[@]}"; do + if [[ -v FILE2["$k"] ]]; then + # If there is the same folder (KEY) in FILE2 + DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} )) + FILED["$k"]=$DIFF + echo -e "${DIFF}\t${k}" >> $file0 + else + # If the folder (KEY) is not found in FILE2 + FILED["$k"]=${FILE1["$k"]} + echo -e "${FILE1["$k"]}\t${k}" >> $file0 + fi +done + +# sorted by size +sort -nr -k1,1 $file0 > $file0s + +# sorted by folders +while IFS=$'\t' read SIZE DIRECTORY; do + [[ -z "$DIRECTORY" ]] && continue + [[ "$DIRECTORY" = "total" ]] && continue + echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f +done < "$file2" + +chmod 600 $file0 $file0s $file0f +chown root:root $file0 $file0s $file0f + +echo "Done." +echo "You can do:" +echo "mcview $file0" +echo "mcview $file0s" +echo "mcview $file0f" +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):" +head -n 30 $file0s +echo "--------------------------------" +echo "Here is the first 30 lines of the diff, sorted by folders (in MB):" +head -n 30 $file0f +echo "--------------------------------" + +exit 0 diff --git a/bin/v-df-snapshot-logs-cleaner b/bin/v-df-snapshot-logs-cleaner new file mode 100644 index 00000000..63275034 --- /dev/null +++ b/bin/v-df-snapshot-logs-cleaner @@ -0,0 +1,11 @@ +#!/bin/bash +# info: Clean up old snapshots of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" +mkdir -p $folder +find $folder -type f -mtime +30 -delete + +folder="/usr/local/vesta/data/df-diff" +mkdir -p $folder +find $folder -type f -mtime +30 -delete diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make new file mode 100644 index 00000000..51c41e9d --- /dev/null +++ b/bin/v-df-snapshot-make @@ -0,0 +1,20 @@ +#!/bin/bash +# info: Make a snapshot of the disk usage +# options: NONE + +folder="/usr/local/vesta/data/df" + +mkdir -p $folder +timestamp=$(date +%Y-%m-%d-%H-%M-%S) +du --max-depth=1 -c -m -x / > $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=2 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=3 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=6 -c -m -x /home >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -c -m -x /var/log >> $folder/snapshot-$timestamp.txt + +chmod 600 $folder/snapshot-$timestamp.txt +chown root:root $folder/snapshot-$timestamp.txt + +exit 0 diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 1c8f2e1b..e8208113 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1896,6 +1896,10 @@ command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-make" +$VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" +$VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" systemctl restart cron.service echo "== Building inititall rrd images" diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index f5f79877..ac034e82 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -38,6 +38,20 @@ if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/user fi fi +# Adding cron job for disk usage snapshot +if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot" + command="sudo $VESTA/bin/v-df-snapshot-make" + $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" + systemctl restart cron.service +fi +if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot logs cleaner" + command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" + $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" + systemctl restart cron.service +fi + # Fixing PHP and .env permissions and ownership for all websites if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then echo "== Fixing PHP and .env permissions and ownership for all websites" From ace0e0e2bfdca963d6670bdc80783018a632a5d4 Mon Sep 17 00:00:00 2001 From: Peca Date: Thu, 14 Aug 2025 19:36:57 +0200 Subject: [PATCH 337/348] SSL fix for Apache 2.4.65+ --- install/vst-install-debian.sh | 6 ++++++ src/deb/vesta/postinst | 14 ++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index e8208113..419acf59 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1145,6 +1145,12 @@ if [ "$nginx" = 'yes' ]; then echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains + + if [ "$apache" = 'yes' ]; then + # SSL fix for Apache 2.4.65+ + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + fi + #update-rc.d nginx defaults #service nginx start currentservice='nginx' diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index ac034e82..da830507 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -27,6 +27,20 @@ VESTA="/usr/local/vesta" echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +# SSL fix for Apache 2.4.65+ +if [ "$release" -ge 11 ]; then + if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then + echo "== Fixing SSL for Apache 2.4.65+" + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting Nginx" + systemctl restart nginx + fi + fi +fi + +# Fixing cron job for fix-website-permissions-for-all-websites if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" From 930bf7ed2b9f7326b93d59b5e9ee6b9a098155b6 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 17:28:32 +0200 Subject: [PATCH 338/348] Version 0.9.9-0-13 --- Changelog.md | 196 +++++++++++++++++++++++++++++---------------- src/deb/latest.txt | 2 +- 2 files changed, 128 insertions(+), 70 deletions(-) diff --git a/Changelog.md b/Changelog.md index 36478469..dae97aa5 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,20 +1,78 @@ -Version 0.9.9-0-12 [28-Feb-2025] +Version 0.9.9-0-13 [2025-08-15] +================================================== +* Improvement: Activating FileManager licence for all users (credits to Official VestaCP) +* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta) +* Improvement: Added support for PHP 8.3 and 8.4 +* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP) +* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) +* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot) +* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request') +* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12 +* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel +* Improvement: v-install-wordpress: Support for IDN format domains +* Security: Adding ProFTPD jail rule to Fail2Ban +* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites +* Security: Introducing a new command: v-fix-php-ini-disable-functions +* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering) +* Improvement: When deleting a domain, also delete the database if the domain has a database +* Bugfix: Removing temporary Docker container network interfaces from RRD +* Introducing v-run-wp-cli-myvesta that knows the correct terminal width +* Introducing a new command: v-cd-www alias for v-change-dir-www +* Introducing a new command: v-clear-fail2ban +* Introducing a new command: v-get-dns-config (to print zone file in bind9 format) +* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute) +* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command +* Security: Enhance package validation, in v-change-user-package switched 'eval' replaced with 'parse_object_kv_list_non_eval' +* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp' +* Improvement: v-install-wordpress: Almost always use https +* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables in the command line +* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions) +* Security: v-commander: removing the ability to set a root password +* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script +* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff) +* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta) +* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta) +* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync' +* Improvement: Calculate the size of directories on /hdd too +* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php +* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant +* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M +* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons +* Bugfix: v-restore-user: permissions fix while restoring backup +* Bugfix: Add some loops due to 403 errors during LE request in some random cases +* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter +* Bugfix: vst-install-debian.sh - removing phppgadmin +* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers) +* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde) +* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */ +* Bugfix: Small PHP syntax fixes in the admin panel +* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic) +* Improvement: Added functions to check if a domain or user is unsuspended in main.sh +* Introducing a new command: v-update-document-errors-files +* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night +* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old +* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl +* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant +* Added to .gitignore excludes for 'data', 'conf', and 'log' folders +* And many other minor bugfixes and improvements... + +Version 0.9.9-0-12 [2025-02-28] ================================================== * SpamHaus DNSBL removed from exim4 * A lot of small bugs fixed -Version 0.9.9-0-11 [30-May-2024] +Version 0.9.9-0-11 [2024-05-30] ================================================== * Introducing v-run-wp-cli command ( @isscbta ) * Introducing v-add-wordpress-admin command ( @isscbta ) * Few bugs fixed -Version 0.9.9-0-10 [11-Apr-2024] +Version 0.9.9-0-10 [2024-04-11] ================================================== * Introducing v-edit-php-ini command ( @isscbta ) * Introducing v-edit-domain-php-ini command ( @isscbta ) -Version 0.9.9-0-9 [05-Apr-2024] +Version 0.9.9-0-9 [2024-04-05] ================================================== * Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) * Few bugs fixed @@ -23,31 +81,31 @@ Version 0.9.9-0-5 to 0.9.9-0-8 ================================================== * Few bugs fixed -Version 0.9.9-0-4 [27-Jun-2023] +Version 0.9.9-0-4 [2023-06-27] ================================================== * Support for Debian 12 ( in mutual cooperation with @HestiaCP ) -Version 0.9.9-0-2 [12-Jun-2023] +Version 0.9.9-0-2 [2023-06-12] ================================================== * Hosting panel UI perfomance fix -Version 0.9.9-0 [05-Jun-2023] +Version 0.9.9-0 [2023-06-05] ================================================== * Redesign of hosting panel * Fix for WP_CACHE_KEY_SALTs in v-clone-website command * Fix for "Helo name contains a ip address" in Exim4 * Fix for Exim4 for punycode domains (in collaboration with @HestiaCP ) -Version 0.9.8-26-62 [05-Apr-2023] +Version 0.9.8-26-62 [2023-04-05] ================================================== * Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP ) -Version 0.9.8-26-61 [04-Apr-2023] +Version 0.9.8-26-61 [2023-04-04] ================================================== * Many bugfixes * Hotfix for LetsEncrypt to prevent Apache falling -Version 0.9.8-26-60 [12-Feb-2023] +Version 0.9.8-26-60 [2023-02-12] ================================================== * New script: v-commander (useful for maintaining the server) * New script: v-activate-rocket-nginx (serve WP-Rocket cache directly from nginx) @@ -55,7 +113,7 @@ Version 0.9.8-26-60 [12-Feb-2023] * v-clone-website: By default cloning to database: user_domain_com (instead of cloning to database: user_old_db_migrated) * Many minor bugfixes -Version 0.9.8-26-59 [01-Feb-2023] +Version 0.9.8-26-59 [2023-02-01] ================================================== * Support for PHP 8.2 * New script: v-move-folder-and-make-symlink @@ -63,82 +121,82 @@ Version 0.9.8-26-59 [01-Feb-2023] * v-install-wordpress: Installing WordPress to user_domain_com database instead of installing to user_wp database * Many minor bugfixes -Version 0.9.8-26-58 [12-Jul-2022] +Version 0.9.8-26-58 [2022-07-12] ================================================== * [Security] hash_equals() in /reset/mail/ (credits to @divinity76 ) * Avoid out-of-memory while downloading large log files from panel (credits to @divinity76 ) * Fix for an boring PHP Notice in vesta-php -Version 0.9.8-26-57 [06-Jul-2022] +Version 0.9.8-26-57 [2022-07-06] ================================================== * Fix for GMail SMTP timeouts on Debian11 * [Security] Fix for Local Sed Injection Vulnerability ( credits to @cleemy-desu-wayo ) -Version 0.9.8-26-56 [28-May-2022] +Version 0.9.8-26-56 [2022-05-28] ================================================== * Adding Barracuda RBL to SpamAssassin * Fixing insane HTML form bug in List backup items page * Script for easy adding second IP address for SMTP authenticated users only (v-make-separated-ip-for-email) -Version 0.9.8-26-55 [26-Apr-2022] +Version 0.9.8-26-55 [2022-04-26] ================================================== * Support for MySQL 8 * [Security] Preventing brute-force resetting password (thanks to HestiaCP @hestiacp for fix) * Many minor bugfixes -Version 0.9.8-26-54 [17-Dec-2021] +Version 0.9.8-26-54 [2021-12-17] ================================================== * Checking if FreshClam is started after installation -Version 0.9.8-26-53 [12-Dec-2021] +Version 0.9.8-26-53 [2021-12-12] ================================================== * Support for PHP 8.1 * Function to ensure that pool.d folders are not empty -Version 0.9.8-26-52 [23-Nov-2021] +Version 0.9.8-26-52 [2021-11-23] ================================================== * Fix for not to match wildcard "*domains" and "databases*" while restoring * Added memcached to v-list-sys-services -Version 0.9.8-26-51 [14-Nov-2021] +Version 0.9.8-26-51 [2021-11-14] ================================================== * Many fixes for "List services" page (v-list-sys-services function) -Version 0.9.8-26-50 [07-Nov-2021] +Version 0.9.8-26-50 [2021-11-07] ================================================== * Many small bugfixes and CSRF fixes -Version 0.9.8-26-49 [17-Jul-2021] +Version 0.9.8-26-49 [2021-07-17] ================================================== * Support for Debian 11 -Version 0.9.8-26-48 [11-Jul-2021] +Version 0.9.8-26-48 [2021-07-11] ================================================== * Fixed two bugs in LetsEncrypt generating process -Version 0.9.8-26-47 [30-May-2021] +Version 0.9.8-26-47 [2021-05-30] ================================================== * Enabling TLS for ProFTPD FTPS * More logical "Restore backup" template -Version 0.9.8-26-46 [17-Apr-2021] +Version 0.9.8-26-46 [2021-04-17] ================================================== * [Feature] Updating CloudFlare IP addresses -Version 0.9.8-26-45 [13-Apr-2021] +Version 0.9.8-26-45 [2021-04-13] ================================================== * [Feature] Logging whole LetsEncrypt process to /usr/local/vesta/log/letsencrypt.log and /usr/local/vesta/log/letsencrypt_cron.log * [Feature] Warn admin once (by sending email) if LetsEncrypt renewing failed for server hostname * [Bugfix] Correct truncating of CA LetsEncrypt certificate (thanks to HestiaCP @hestiacp for fix) -Version 0.9.8-26-44 [04-Apr-2021] +Version 0.9.8-26-44 [2021-04-04] ================================================== * [Security] Preventing denial-of-service in openssl library in vesta-nginx service (CVE-2021-3449) * [Security] Preventing admin to install non-vesta packages from vesta admin panel user interface (Credits to: Numan Türle @numanturle) * [Bugfix] Preventing multiple execution of v-backup-users * [UserInterface] CSS fix for Apache status table (Credits to: Milos Spasic) -Version 0.9.8-26-43 [15-Mar-2021] +Version 0.9.8-26-43 [2021-03-15] ================================================== * [Security] fix for: CSRF remote code execution in UploadHandler.php - CVE-2021-28379 (Credits to: Fady Osman @fady_othman) * [Security] fix for: Local privilege escalation from user account to admin account via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix) @@ -148,62 +206,62 @@ Version 0.9.8-26-43 [15-Mar-2021] * [Security] fix for: Admin to root escalation in v-activate-vesta-license (Credits to: Numan Türle @numanturle) * [Security] Ensure HTML will not be displayed in list log page (Credits to: Kristan Kenney @kristankenney, thanks to HestiaCP @hestiacp for fix) -Version 0.9.8-26-42 [26-Feb-2021] +Version 0.9.8-26-42 [2021-02-26] ================================================== * [Feature] Support for PHP 8.0, see: https://forum.myvestacp.com/viewtopic.php?f=18&t=52 * [Bugfix] Making sure Apache is in mpm_event mode -Version 0.9.8-26-41 [11-Feb-2021] +Version 0.9.8-26-41 [2021-02-11] ================================================== * Few bugfixes -Version 0.9.8-26-40 [08-Feb-2021] +Version 0.9.8-26-40 [2021-02-08] ================================================== * Few bugfixes -Version 0.9.8-26-39 [12-Dec-2020] +Version 0.9.8-26-39 [2020-12-12] ================================================== * [Security] Fixing useless issue with tokens in "download backup" and "loginas" functions (thanks to HestiaCP for fixes) * [Security] Fixing XSS in /list/rrd/?period= value -Version 0.9.8-26-38 [05-Dec-2020] +Version 0.9.8-26-38 [2020-12-05] ================================================== * [Security] Fixing Apache status public access (thanks to HestiaCP for letting us know) -Version 0.9.8-26-37 [26-Oct-2020] +Version 0.9.8-26-37 [2020-10-26] ================================================== * [Bugfix] Fixing LetsEncrypt deprecated GET method for ACME v2 (thanks to @moucho) * [Bugfix] Fixing Roundcube to send via authenticated SMTP user instead via php -Version 0.9.8-26-36 [10-Sep-2020] +Version 0.9.8-26-36 [2020-09-10] ================================================== * [Bugfix] Checking necessary available disk space before doing backup * [Security] Disabling login with 'root' -Version 0.9.8-26-35 [23-Aug-2020] +Version 0.9.8-26-35 [2020-08-23] ================================================== * [Feature] Limiting max recipients per email to 15, in order to prevent mass spamming * [Bugfix] While restoring backup, only exclude logs folder from root, not in public_html -Version 0.9.8-26-34 [19-Aug-2020] +Version 0.9.8-26-34 [2020-08-19] ================================================== * [Bugfix] Split long DNS TXT entries into 255 chunks -Version 0.9.8-26-33 [16-Aug-2020] +Version 0.9.8-26-33 [2020-08-16] ================================================== * [Feature] Ability to set some domain to send emails from another IP (command: v-make-separated-ip-for-email-domain) -Version 0.9.8-26-32 [02-Aug-2020] +Version 0.9.8-26-32 [2020-08-02] ================================================== * [Feature] v-replace-in-file command introduced * [Security] Making sure new myVesta commands can be called only by root -Version 0.9.8-26-31 [30-Jul-2020] +Version 0.9.8-26-31 [2020-07-30] ================================================== * [Feature] v-import-cpanel-backup command moved to vesta-bin folder (becoming standard myVesta command) * Starting to log auto-update output -Version 0.9.8-26-30 [26-Jul-2020] +Version 0.9.8-26-30 [2020-07-26] ================================================== * New ASCII logo in installer * Deleted favicon when user don't know secret-url of hosting panel @@ -211,14 +269,14 @@ Version 0.9.8-26-30 [26-Jul-2020] * [bugfix] Minor fix of URL for templates in v-update-dns-templates * [bugfix] Minor fixes in installer -Version 0.9.8-26-29 [21-Jul-2020] +Version 0.9.8-26-29 [2020-07-21] ================================================== * [Feature] v-clone-website command moved to vesta-bin folder (becoming standard myVesta command) * [Feature] v-migrate-site-to-https command moved to vesta-bin folder (becoming standard myVesta command) * [Bugfix] Fix for ClamAV socket * Changing Vesta to myVesta in title of hosting panel pages -Version 0.9.8-26-28 [15-Jul-2020] +Version 0.9.8-26-28 [2020-07-15] ================================================== * [Feature] v-install-wordpress command introduced * [Feature] v-move-domain-and-database-to-account command introduced @@ -226,37 +284,37 @@ Version 0.9.8-26-28 [15-Jul-2020] * [Bugfix] Fix for LetsEncrypt issuing in apache-less variant (nginx + php-fpm variant) * [Bugfix] Fix for configuring phpMyAdmin DB in apache-less variant (nginx + php-fpm variant) -Version 0.9.8-26-27 [05-Jul-2020] +Version 0.9.8-26-27 [2020-07-05] ================================================== * [Feature] Admins now see changelog when they open myVesta panel after myVesta get updated (changelog will dissapear on next refresh) * [Bugfix] Better control of opened SMTP concurrent connections (preventing denial-of-service of SMTP) on fresh installed servers - https://github.com/myvesta/vesta/commit/c57b15b5daca2a0ea88ee6a89a2ff5a4ef47d2a3 * Second tuning of php-fpm pool.d config files (perfomances and limits) -Version 0.9.8-26-26 [27-Jun-2020] +Version 0.9.8-26-26 [2020-06-27] ================================================== * [Feature] Self-signed SSL will be automaticaly added when you add new domain (CloudFlare is fine with that, you don't need LetsEncrypt anymore if you use CloudFlare as reverse-proxy(CDN+Firewall), just set "Full" in SSL section on CloudFlare) * [Feature] Script for adding self-signed SSL to desired domain [v-install-unsigned-ssl] * From now, on fresh installed server, default backup cron goes at Saturday at 01 AM (instead of everyday at 05 AM) * New favicon for hosting panel -Version 0.9.8-26-25 [23-Jun-2020] +Version 0.9.8-26-25 [2020-06-23] ================================================== * [Security] Fixing unnecessary slash in nginx configs for phpmyadmin and roundcube (Credits to Bernardo Berg @bberg1984 for finding this issue!) * [Security] Adding escapeshellarg on few more places in php code (Credits to Talha Günay and @Lupul for finding these places) -Version 0.9.8-26-24 [22-Jun-2020] +Version 0.9.8-26-24 [2020-06-22] ================================================== * [Bugfix] nginx + php-fpm installer variant now finally works -Version 0.9.8-26-23 [14-Jun-2020] +Version 0.9.8-26-23 [2020-06-14] ================================================== * Adding label that LetsEncrypt can be added when you Edit domain -Version 0.9.8-26-22 [13-Jun-2020] +Version 0.9.8-26-22 [2020-06-13] ================================================== * [Bugfix] Checking (in order to delete) php7.4 pool config file while deleting domain -Version 0.9.8-26-21 [13-Jun-2020] +Version 0.9.8-26-21 [2020-06-13] ================================================== * [Feature] Blocking executable files inside archives in received emails (ClamAV) * [Bugfix] Removing ability to schedule LetsEncrypt issuing while adding new domain (because it can fall in infinite loop whole day) @@ -265,82 +323,82 @@ Version 0.9.8-26-21 [13-Jun-2020] * [Bugfix] Script that removes depricated 'ssl on;' in nginx templates * [Security] Ensure UPDATE_SSL_SCRIPT is not set in some config files -Version 0.9.8-26-20 [01-Jun-2020] +Version 0.9.8-26-20 [2020-06-01] ================================================== * [Bugfix] Script that will ensure that Apache2 will always stay in mpm_event mode * [Bugfix] Ensure config files will not be overwritten while updating vesta-nginx package * [Bugfix] Fixing URL in v-update-web-templates script * [Feature] Additional rates for nginx anti-denial-of-service templates -Version 0.9.8-26-19 [15-May-2020] +Version 0.9.8-26-19 [2020-05-15] ================================================== * [Bugfix] Do not match subdomains while restoring domain [v-restore-user] -Version 0.9.8-26-18 [15-May-2020] +Version 0.9.8-26-18 [2020-05-15] ================================================== * [Bugfix] Fixing NS parameters in v-add-dns-on-web-alias -Version 0.9.8-26-17 [15-May-2020] +Version 0.9.8-26-17 [2020-05-15] ================================================== * [Bugfix] Reverting default clamav socket path * [Bugfix] Put mail_max_userip_connections = 50 in dovecot -Version 0.9.8-26-16 [15-May-2020] +Version 0.9.8-26-16 [2020-05-15] ================================================== * [Bugfix] Allow quick restarting of nginx if acme-challenge should be added many times * [Bugfix] Enabling email notification to fresh installed servers about backup success status * [Bugfix] Timeout 10 sec for apache2 status -Version 0.9.8-26-15 [09-May-2020] +Version 0.9.8-26-15 [2020-05-09] ================================================== * [Feature] nginx templates that can prevent denial-of-service on your server * First tuning php-fpm pool.d config files (perfomances and limits) * New logo -Version 0.9.8-26-14 [08-May-2020] +Version 0.9.8-26-14 [2020-05-08] ================================================== * v-clone-website script switched to parameters * Display new version in console while updating myVesta -Version 0.9.8-26-13 [07-May-2020] +Version 0.9.8-26-13 [2020-05-07] ================================================== * [Feature] Put build date and version in right-bottom corner of control panel -Version 0.9.8-26-12 [07-May-2020] +Version 0.9.8-26-12 [2020-05-07] ================================================== * [Feature] Put build date and version while compiling myVesta * [Feature] Office365 DNS template * [Feature] Yandex DNS template * ProFTPD MaxIstances = 100 for fresh installed servers -Version 0.9.8-26-11 [01-May-2020] +Version 0.9.8-26-11 [2020-05-01] ================================================== * [Feature] Skipping LE renewing after 7 failed attempts * [Bugfix] Keep conf files during auto-update * [Bugfix] Do not restart apache while preparing letsencrypt acme challenge * [Bugfix] Set ALLOW_BACKUP_ANYTIME='yes' for fresh installed servers -Version 0.9.8-26-10 [11-Apr-2020] +Version 0.9.8-26-10 [2020-04-11] ================================================== * [Feature] Creating v-normalize-restored-user script (normalize NS1, NS2 and IP of account that is backuped on other server and restored on this server) * Tweak for hostname FPM conf * [Security] Forbid changing root password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) * [Security] Importing system enviroment in v-change-user-password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) -Version 0.9.8-26-9 [23-Mar-2020] +Version 0.9.8-26-9 [2020-03-23] ================================================== * [Security] Preventing manipulation with $SERVER['HTTP_HOST'] (Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog) -Version 0.9.8-26-8 [23-Mar-2020] +Version 0.9.8-26-8 [2020-03-23] ================================================== * [Security] Temporary fix for parsing backup conf (Credits to @dreiggy - https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/) -Version 0.9.8-26-7 [18-Mar-2020] +Version 0.9.8-26-7 [2020-03-18] ================================================== * [Bugfix] Fix that avoid LetsEncrypt domain validation timeout * [Bugfix] Set timeout in v-list-sys-web-status script -Version 0.9.8-26-6 [21-Feb-2020] +Version 0.9.8-26-6 [2020-02-21] ================================================== * [Bugfix] mail-wrapper.php from now works * [Feature] Introducing NOTIFY_ADMIN_FULL_BACKUP, email notification about backup success status @@ -348,7 +406,7 @@ Version 0.9.8-26-6 [21-Feb-2020] * [Feature] Introducing force-https-webmail-phpmyadmin nginx template * [Feature] Trigger for /root/update_firewall_custom.sh -Version 0.9.8-26-5 [10-Feb-2020] +Version 0.9.8-26-5 [2020-02-10] ================================================== * [Security] sudoers fix for Debian10 * [Feature] [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-migrate-site-to-https) @@ -357,7 +415,7 @@ Version 0.9.8-26-5 [10-Feb-2020] * [Bugfix] Roundcube force https * [Bugfix] Exim compatibility with Loopia for Debian10 -Version 0.9.8-26-4 [07-Jan-2020] +Version 0.9.8-26-4 [2020-01-07] ================================================== * [Feature] Allow whitelisting specific IP for /api/ * [Feature] Allow whitelisting specific IP to avoid secret_url @@ -365,11 +423,11 @@ Version 0.9.8-26-4 [07-Jan-2020] * [Bugfix] apparmor install fix again * [Bugfix] Turning off MariaDB SQL strict mode -Version 0.9.8-26-3 [26-Nov-2019] +Version 0.9.8-26-3 [2019-11-26] ================================================== * [Bugfix] Better check if session cron already added -Version 0.9.8-26-2 [15-Nov-2019] +Version 0.9.8-26-2 [2019-11-15] ================================================== * [Feature] Support for sub-sub-sub-sub versions :)) * [Bugfix] Support for longer username of email accounts @@ -377,7 +435,7 @@ Version 0.9.8-26-2 [15-Nov-2019] * [Bugfix] Trying to fix ClamAV broken socket * Moving to myvestacp.com -Version 0.9.8-26 [28-Sep-2019] +Version 0.9.8-26 [2019-09-28] ================================================== * [Bugfix] Let's Encrypt HTTP/2 support (by @serghey-rodin) * [Bugfix] Fixing broken autoreply output diff --git a/src/deb/latest.txt b/src/deb/latest.txt index c1732bff..dcb1761c 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-12 \ No newline at end of file +vesta-0.9.9-0-13 \ No newline at end of file From 7dbb74b6bf075358dd59a7d219147fc2eb10185e Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 17:47:12 +0200 Subject: [PATCH 339/348] Increase changelog display limit from 30 to 100 entries in user index page --- web/list/user/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/list/user/index.php b/web/list/user/index.php index da708edc..4e5ac369 100644 --- a/web/list/user/index.php +++ b/web/list/user/index.php @@ -22,7 +22,7 @@ if ($user == 'admin') { if ($show_changelog_value_int==1) { $changelog=''; $changelog_arr=file("/usr/local/vesta/Changelog.md"); - for ($i=0; $i<30; $i++) { + for ($i=0; $i<100; $i++) { if (trim($changelog_arr[$i])=="") break; if ($i>1) $changelog.="\n"; $changelog.=$changelog_arr[$i]; From 37e6a295ba427c992fe46439def2229e11e9bebb Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 19:56:34 +0200 Subject: [PATCH 340/348] Adding /usr/local/vesta/data/upgrades/ files that will prevent fixes to be repeated on next updates --- install/vst-install-debian.sh | 3 ++ src/deb/vesta/postinst | 69 +++++++++++++++++++---------------- 2 files changed, 41 insertions(+), 31 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 419acf59..25364c90 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1149,6 +1149,7 @@ if [ "$nginx" = 'yes' ]; then if [ "$apache" = 'yes' ]; then # SSL fix for Apache 2.4.65+ echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + touch /usr/local/vesta/data/upgrades/fixssl.conf fi #update-rc.d nginx defaults @@ -2085,6 +2086,8 @@ touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply touch /usr/local/vesta/data/upgrades/freshclam_start touch /usr/local/vesta/data/upgrades/barracuda_rbl touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +touch /usr/local/vesta/data/upgrades/v-df-snapshot-make +touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php # Secret URL secretquery='' diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index da830507..186f54d5 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -28,49 +28,56 @@ echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # SSL fix for Apache 2.4.65+ -if [ "$release" -ge 11 ]; then - if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then - echo "== Fixing SSL for Apache 2.4.65+" - echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf - nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') - if [ $nginx_running -eq 1 ]; then - echo "== Restarting Nginx" - systemctl restart nginx +if [ ! -f "/usr/local/vesta/data/upgrades/fixssl.conf" ]; then + if [ "$release" -ge 11 ]; then + if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then + echo "== Fixing SSL for Apache 2.4.65+" + echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf + touch /usr/local/vesta/data/upgrades/fixssl.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting Nginx" + systemctl restart nginx + fi fi fi fi -# Fixing cron job for fix-website-permissions-for-all-websites -if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then - if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" - sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf - sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin - sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf - sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin +# Adding cron job for disk usage snapshot +if [ ! -f "/usr/local/vesta/data/upgrades/v-df-snapshot-make" ]; then + if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot" + command="sudo $VESTA/bin/v-df-snapshot-make" + $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/v-df-snapshot-make + systemctl restart cron.service + fi + if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Adding cron job for disk usage snapshot logs cleaner" + command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" + $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/v-df-snapshot-make systemctl restart cron.service fi fi -# Adding cron job for disk usage snapshot -if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Adding cron job for disk usage snapshot" - command="sudo $VESTA/bin/v-df-snapshot-make" - $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" - systemctl restart cron.service -fi -if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Adding cron job for disk usage snapshot logs cleaner" - command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" - $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" - systemctl restart cron.service -fi - # Fixing PHP and .env permissions and ownership for all websites -if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then +if [ ! -f "/usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php" ]; then + # Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then + if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then + echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf + sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin + systemctl restart cron.service + fi + fi echo "== Fixing PHP and .env permissions and ownership for all websites" command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" + touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php systemctl restart cron.service fi From 3faa448a32b1679b48b0acf3d150f060e50c3cb9 Mon Sep 17 00:00:00 2001 From: Peca Date: Fri, 15 Aug 2025 20:05:56 +0200 Subject: [PATCH 341/348] Update Changelog for version 0.9.9-0-13 --- Changelog.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Changelog.md b/Changelog.md index dae97aa5..617bc9c3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,8 +4,8 @@ Version 0.9.9-0-13 [2025-08-15] * Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta) * Improvement: Added support for PHP 8.3 and 8.4 * SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP) -* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) -* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot) +* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) +* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot]) * Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request') * Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12 * Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel @@ -22,7 +22,7 @@ Version 0.9.9-0-13 [2025-08-15] * Introducing a new command: v-get-dns-config (to print zone file in bind9 format) * Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute) * Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command -* Security: Enhance package validation, in v-change-user-package switched 'eval' replaced with 'parse_object_kv_list_non_eval' +* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval' * Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp' * Improvement: v-install-wordpress: Almost always use https * Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables in the command line From 04453ebca2a23227018c6cbb4a5a060046078b7c Mon Sep 17 00:00:00 2001 From: Peca Date: Sun, 17 Aug 2025 14:40:53 +0200 Subject: [PATCH 342/348] v-df-snapshot-make tweaks and snapshot for /hdd --- bin/v-df-snapshot-make | 46 +++++++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make index 51c41e9d..985aab15 100644 --- a/bin/v-df-snapshot-make +++ b/bin/v-df-snapshot-make @@ -6,13 +6,45 @@ folder="/usr/local/vesta/data/df" mkdir -p $folder timestamp=$(date +%Y-%m-%d-%H-%M-%S) -du --max-depth=1 -c -m -x / > $folder/snapshot-$timestamp.txt -du --max-depth=1 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=2 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=3 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=6 -c -m -x /home >> $folder/snapshot-$timestamp.txt -du --max-depth=1 -c -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt -du --max-depth=1 -c -m -x /var/log >> $folder/snapshot-$timestamp.txt + +du --max-depth=1 -m -x / > $folder/snapshot-$timestamp.txt + +du --max-depth=6 -m -x /home > $folder/snapshot-temp.txt +for i in {2..7}; do + while IFS= read -r line; do + count=0 + for (( j=0; j<${#line}; j++ )); do + if [[ ${line:j:1} == "/" ]]; then + ((count++)) + fi + done + if [ $count -eq $i ]; then + printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt + fi + done < $folder/snapshot-temp.txt +done +rm $folder/snapshot-temp.txt + +if [ -d "/hdd" ]; then + du --max-depth=7 -m -x /hdd > $folder/snapshot-temp.txt + for i in {1..8}; do + while IFS= read -r line; do + count=0 + for (( j=0; j<${#line}; j++ )); do + if [[ ${line:j:1} == "/" ]]; then + ((count++)) + fi + done + if [ $count -eq $i ]; then + printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt + fi + done < $folder/snapshot-temp.txt + done + rm $folder/snapshot-temp.txt +fi + +du --max-depth=1 -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt +du --max-depth=1 -m -x /var/log >> $folder/snapshot-$timestamp.txt chmod 600 $folder/snapshot-$timestamp.txt chown root:root $folder/snapshot-$timestamp.txt From 87267eb18fea1772414b1481eb16971252abf4e9 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 14:47:20 +0200 Subject: [PATCH 343/348] v-commander: Add functionality to renew nginx GPG key and add Freexian repository --- bin/v-commander | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/bin/v-commander b/bin/v-commander index 72607c95..502f9f03 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -76,6 +76,7 @@ myhelp() { echo "q = quit" echo "r = reboot" echo "s = download sury.org apt-get key" + echo "n = download nginx gpg key" echo "t = clean the trash" echo "u = apt-get update" echo "v = update myVesta" @@ -219,6 +220,33 @@ do fi fi + if [ "$answer" = 'n' ] || [ "$answer" = 'N' ]; then + if [ -f "/etc/apt/sources.list.d/nginx.list" ]; then + echo "=============================" + echo "== renewing nginx gpg key" + apt-get update + apt-get -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring + curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null + echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list + fi + fi + + if [ "$answer" = 'freexian' ] || [ "$answer" = 'FREEXIAN' ]; then + if [ "$release" -lt 11 ]; then + echo "=============================" + echo "== adding Freexian repository" + apt-get update + apt-get install lsb-release + wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb + cat /etc/apt/sources.list + mv /etc/apt/sources.list /etc/apt/sources.list.old + echo "deb http://deb.freexian.com/extended-lts `lsb_release -cs` main contrib non-free" > /etc/apt/sources.list + rm /etc/apt/sources.list.d/hetzner* + else + echo "== Freexian is not supported on Debian 11 or higher" + fi + fi + if [ "$answer" = 'e def' ] || [ "$answer" = 'E DEF' ]; then release=$(cat /etc/debian_version | tr "." "\n" | head -n1) echo "=============================" From 63972e22664bcd3e97ecd8e97c9dc8eaf2cff287 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 14:57:07 +0200 Subject: [PATCH 344/348] v-commander: Enhance reboot requirement check to include dbus updates --- bin/v-commander | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-commander b/bin/v-commander index 502f9f03..87d7f88a 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -202,7 +202,8 @@ do apt_upgraded=1 kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log) - if [ $kernelupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then + dbusupdate=$(grep -c ' dbus:a' /var/log/apt/history.log) + if [ $kernelupdate -gt 0 ] || [ $dbusupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then touch /root/kernelupdate echo "== kernel is updated, reboot is required!" fi From 37c99361f7693a9d3e8cbdc1f43f099b5f401693 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:01:25 +0200 Subject: [PATCH 345/348] v-commander: Add Freexian repository --- bin/v-commander | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-commander b/bin/v-commander index 87d7f88a..ff99d0b0 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -77,6 +77,7 @@ myhelp() { echo "r = reboot" echo "s = download sury.org apt-get key" echo "n = download nginx gpg key" + echo "freexian = add Freexian repository" echo "t = clean the trash" echo "u = apt-get update" echo "v = update myVesta" From b4e10ed96876b077e70e123f6444d377185ec456 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:06:17 +0200 Subject: [PATCH 346/348] v-commander: disabling ClamAV --- bin/v-commander | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-commander b/bin/v-commander index ff99d0b0..a7fbf454 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -307,6 +307,9 @@ do systemctl stop clamav-daemon.service systemctl disable clamav-daemon.service + systemctl stop clamav-daemon.socket + systemctl disable clamav-daemon.socket + systemctl stop clamav-freshclam.service systemctl disable clamav-freshclam.service From a475e7114545d1f6357c73250aaa91fb24f9adf9 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:24:54 +0200 Subject: [PATCH 347/348] Update vesta_compile.sh to set NGINX version to 1.29.1 and PHP version to 8.4.11 --- src/deb/vesta_compile.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index 08bc163b..2d0e4874 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -58,11 +58,12 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.29.0' + +NGINX_V='1.29.1' +PHP_V='8.4.11' OPENSSL_V='1.1.1w' PCRE_V='8.45' ZLIB_V='1.3.1' -PHP_V='8.4.10' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' From 5ea346a3458a46d53b746b1bffff1d39356cb044 Mon Sep 17 00:00:00 2001 From: Peca Date: Mon, 18 Aug 2025 15:43:59 +0200 Subject: [PATCH 348/348] Debian 13 installation files --- install/debian/13/apache2/apache2.conf | 95 ++ install/debian/13/apache2/status.conf | 8 + install/debian/13/bind/named.conf | 12 + install/debian/13/clamav/clamd.conf | 61 ++ install/debian/13/deb_signing.key | 41 + install/debian/13/dovecot/conf.d/10-auth.conf | 4 + .../debian/13/dovecot/conf.d/10-logging.conf | 1 + install/debian/13/dovecot/conf.d/10-mail.conf | 4 + .../debian/13/dovecot/conf.d/10-master.conf | 29 + install/debian/13/dovecot/conf.d/10-ssl.conf | 3 + .../13/dovecot/conf.d/15-mailboxes.conf | 30 + install/debian/13/dovecot/conf.d/20-imap.conf | 58 ++ install/debian/13/dovecot/conf.d/20-pop3.conf | 91 ++ .../dovecot/conf.d/auth-passwdfile.conf.ext | 9 + install/debian/13/dovecot/dovecot.conf | 4 + install/debian/13/exim/deny_senders | 1 + install/debian/13/exim/dnsbl.conf | 1 + install/debian/13/exim/exim4.conf.template | 487 ++++++++++ .../13/exim/exim4.conf.template.without-srs | 451 ++++++++++ install/debian/13/exim/spam-blocks.conf | 0 .../debian/13/fail2ban/action.d/vesta.conf | 9 + .../debian/13/fail2ban/filter.d/vesta.conf | 10 + install/debian/13/fail2ban/jail.local | 39 + install/debian/13/firewall/ports.conf | 17 + install/debian/13/firewall/rules.conf | 11 + install/debian/13/logrotate/apache2 | 19 + install/debian/13/logrotate/dovecot | 12 + install/debian/13/logrotate/nginx | 13 + install/debian/13/logrotate/vesta | 7 + install/debian/13/mysql/my-large.cnf | 51 ++ install/debian/13/mysql/my-medium.cnf | 49 + install/debian/13/mysql/my-small.cnf | 49 + install/debian/13/nginx/nginx.conf | 140 +++ install/debian/13/nginx/phpmyadmin.inc | 18 + install/debian/13/nginx/phppgadmin.inc | 11 + install/debian/13/nginx/status.conf | 9 + install/debian/13/nginx/webmail.inc | 15 + install/debian/13/packages/default.pkg | 18 + install/debian/13/pga/config.inc.php | 159 ++++ install/debian/13/pga/phppgadmin.conf | 31 + install/debian/13/php-fpm/www.conf | 11 + install/debian/13/php/php7.3-dedi.patch | 78 ++ install/debian/13/php/php7.3-vps.patch | 78 ++ install/debian/13/php/php7.4-dedi.patch | 78 ++ install/debian/13/php/php7.4-vps.patch | 78 ++ install/debian/13/pma/apache.conf | 42 + install/debian/13/pma/config.inc.php | 146 +++ install/debian/13/pma/create_tables.sql | 385 ++++++++ install/debian/13/pma/pma.sh | 167 ++++ install/debian/13/postgresql/pg_hba.conf | 11 + install/debian/13/proftpd/proftpd.conf | 38 + install/debian/13/proftpd/tls.conf | 63 ++ install/debian/13/roundcube/apache.conf | 40 + install/debian/13/roundcube/config.inc.php | 33 + install/debian/13/roundcube/db.inc.php | 66 ++ install/debian/13/roundcube/main.inc.php | 850 ++++++++++++++++++ install/debian/13/roundcube/vesta.php | 73 ++ install/debian/13/sudo/admin | 8 + install/debian/13/templates/dns/child-ns.tpl | 14 + install/debian/13/templates/dns/default.tpl | 18 + install/debian/13/templates/dns/gmail.tpl | 12 + install/debian/13/templates/dns/office365.tpl | 22 + install/debian/13/templates/dns/yandex.tpl | 16 + .../web/apache2/PHP-FPM-84-public.sh | 133 +++ .../web/apache2/PHP-FPM-84-public.stpl | 36 + .../web/apache2/PHP-FPM-84-public.tpl | 30 + .../13/templates/web/apache2/PHP-FPM-84.sh | 133 +++ .../13/templates/web/apache2/PHP-FPM-84.stpl | 36 + .../13/templates/web/apache2/PHP-FPM-84.tpl | 30 + .../13/templates/web/awstats/awstats.tpl | 133 +++ .../debian/13/templates/web/awstats/index.tpl | 10 + .../debian/13/templates/web/awstats/nav.tpl | 23 + .../debian/13/templates/web/nginx/caching.sh | 19 + .../13/templates/web/nginx/caching.stpl | 44 + .../debian/13/templates/web/nginx/caching.tpl | 42 + .../web/nginx/force-https-legacy.stpl | 40 + .../web/nginx/force-https-legacy.tpl | 8 + .../web/nginx/force-https-public.stpl | 40 + .../web/nginx/force-https-public.tpl | 8 + .../nginx/force-https-webmail-phpmyadmin.stpl | 64 ++ .../nginx/force-https-webmail-phpmyadmin.tpl | 8 + .../13/templates/web/nginx/force-https.stpl | 40 + .../13/templates/web/nginx/force-https.tpl | 8 + .../13/templates/web/nginx/hosting-legacy.sh | 11 + .../templates/web/nginx/hosting-legacy.stpl | 40 + .../13/templates/web/nginx/hosting-legacy.tpl | 36 + .../templates/web/nginx/hosting-public.stpl | 40 + .../13/templates/web/nginx/hosting-public.tpl | 36 + .../web/nginx/hosting-webmail-phpmyadmin.stpl | 64 ++ .../web/nginx/hosting-webmail-phpmyadmin.tpl | 60 ++ .../debian/13/templates/web/nginx/hosting.sh | 11 + .../13/templates/web/nginx/hosting.stpl | 40 + .../debian/13/templates/web/nginx/hosting.tpl | 36 + .../web/nginx/php-fpm/cms_made_simple.stpl | 55 ++ .../web/nginx/php-fpm/cms_made_simple.tpl | 52 ++ .../web/nginx/php-fpm/codeigniter2.stpl | 60 ++ .../web/nginx/php-fpm/codeigniter2.tpl | 57 ++ .../web/nginx/php-fpm/codeigniter3.stpl | 55 ++ .../web/nginx/php-fpm/codeigniter3.tpl | 52 ++ .../web/nginx/php-fpm/datalife_engine.stpl | 126 +++ .../web/nginx/php-fpm/datalife_engine.tpl | 123 +++ .../templates/web/nginx/php-fpm/default.stpl | 54 ++ .../templates/web/nginx/php-fpm/default.tpl | 51 ++ .../templates/web/nginx/php-fpm/dokuwiki.stpl | 71 ++ .../templates/web/nginx/php-fpm/dokuwiki.tpl | 67 ++ .../templates/web/nginx/php-fpm/drupal6.stpl | 94 ++ .../templates/web/nginx/php-fpm/drupal6.tpl | 91 ++ .../templates/web/nginx/php-fpm/drupal7.stpl | 94 ++ .../templates/web/nginx/php-fpm/drupal7.tpl | 91 ++ .../templates/web/nginx/php-fpm/drupal8.stpl | 94 ++ .../templates/web/nginx/php-fpm/drupal8.tpl | 91 ++ .../templates/web/nginx/php-fpm/joomla.stpl | 62 ++ .../13/templates/web/nginx/php-fpm/joomla.tpl | 59 ++ .../templates/web/nginx/php-fpm/laravel.stpl | 54 ++ .../templates/web/nginx/php-fpm/laravel.tpl | 50 ++ .../templates/web/nginx/php-fpm/magento.stpl | 197 ++++ .../templates/web/nginx/php-fpm/magento.tpl | 194 ++++ .../13/templates/web/nginx/php-fpm/modx.stpl | 68 ++ .../13/templates/web/nginx/php-fpm/modx.tpl | 65 ++ .../templates/web/nginx/php-fpm/moodle.stpl | 89 ++ .../13/templates/web/nginx/php-fpm/moodle.tpl | 87 ++ .../templates/web/nginx/php-fpm/no-php.stpl | 46 + .../13/templates/web/nginx/php-fpm/no-php.tpl | 43 + .../13/templates/web/nginx/php-fpm/odoo.stpl | 69 ++ .../13/templates/web/nginx/php-fpm/odoo.tpl | 66 ++ .../templates/web/nginx/php-fpm/opencart.stpl | 58 ++ .../templates/web/nginx/php-fpm/opencart.tpl | 54 ++ .../templates/web/nginx/php-fpm/owncloud.stpl | 84 ++ .../templates/web/nginx/php-fpm/owncloud.tpl | 81 ++ .../13/templates/web/nginx/php-fpm/piwik.stpl | 72 ++ .../13/templates/web/nginx/php-fpm/piwik.tpl | 69 ++ .../templates/web/nginx/php-fpm/pyrocms.stpl | 65 ++ .../templates/web/nginx/php-fpm/pyrocms.tpl | 62 ++ .../13/templates/web/nginx/php-fpm/sendy.stpl | 88 ++ .../13/templates/web/nginx/php-fpm/sendy.tpl | 86 ++ .../web/nginx/php-fpm/wordpress.stpl | 54 ++ .../templates/web/nginx/php-fpm/wordpress.tpl | 51 ++ .../web/nginx/php-fpm/wordpress2.stpl | 66 ++ .../web/nginx/php-fpm/wordpress2.tpl | 63 ++ .../web/nginx/php-fpm/wordpress2_rewrite.stpl | 71 ++ .../web/nginx/php-fpm/wordpress2_rewrite.tpl | 67 ++ .../web/nginx/private-force-https.stpl | 40 + .../web/nginx/private-force-https.tpl | 8 + .../13/templates/web/nginx/private-hosting.sh | 11 + .../templates/web/nginx/private-hosting.stpl | 42 + .../templates/web/nginx/private-hosting.tpl | 38 + .../13/templates/web/nginx/proxy_ip.tpl | 9 + .../13/templates/web/php-fpm/default.tpl | 21 + .../13/templates/web/php-fpm/no-php.tpl | 20 + .../13/templates/web/php-fpm/socket.tpl | 24 + .../web/skel/document_errors/403.html | 29 + .../web/skel/document_errors/404.html | 28 + .../web/skel/document_errors/50x.html | 29 + .../templates/web/skel/public_html/index.html | 26 + .../templates/web/skel/public_html/robots.txt | 3 + .../web/skel/public_shtml/index.html | 26 + .../web/skel/public_shtml/robots.txt | 3 + .../debian/13/templates/web/suspend/.htaccess | 2 + .../13/templates/web/suspend/index.html | 25 + .../13/templates/web/webalizer/webalizer.tpl | 110 +++ install/debian/13/vsftpd/vsftpd.conf | 26 + install/vst-install-debian.sh | 62 +- 162 files changed, 9861 insertions(+), 2 deletions(-) create mode 100644 install/debian/13/apache2/apache2.conf create mode 100644 install/debian/13/apache2/status.conf create mode 100644 install/debian/13/bind/named.conf create mode 100644 install/debian/13/clamav/clamd.conf create mode 100644 install/debian/13/deb_signing.key create mode 100644 install/debian/13/dovecot/conf.d/10-auth.conf create mode 100644 install/debian/13/dovecot/conf.d/10-logging.conf create mode 100644 install/debian/13/dovecot/conf.d/10-mail.conf create mode 100644 install/debian/13/dovecot/conf.d/10-master.conf create mode 100644 install/debian/13/dovecot/conf.d/10-ssl.conf create mode 100644 install/debian/13/dovecot/conf.d/15-mailboxes.conf create mode 100644 install/debian/13/dovecot/conf.d/20-imap.conf create mode 100644 install/debian/13/dovecot/conf.d/20-pop3.conf create mode 100644 install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext create mode 100644 install/debian/13/dovecot/dovecot.conf create mode 100644 install/debian/13/exim/deny_senders create mode 100644 install/debian/13/exim/dnsbl.conf create mode 100644 install/debian/13/exim/exim4.conf.template create mode 100644 install/debian/13/exim/exim4.conf.template.without-srs create mode 100644 install/debian/13/exim/spam-blocks.conf create mode 100644 install/debian/13/fail2ban/action.d/vesta.conf create mode 100644 install/debian/13/fail2ban/filter.d/vesta.conf create mode 100644 install/debian/13/fail2ban/jail.local create mode 100644 install/debian/13/firewall/ports.conf create mode 100644 install/debian/13/firewall/rules.conf create mode 100644 install/debian/13/logrotate/apache2 create mode 100644 install/debian/13/logrotate/dovecot create mode 100644 install/debian/13/logrotate/nginx create mode 100644 install/debian/13/logrotate/vesta create mode 100644 install/debian/13/mysql/my-large.cnf create mode 100644 install/debian/13/mysql/my-medium.cnf create mode 100644 install/debian/13/mysql/my-small.cnf create mode 100644 install/debian/13/nginx/nginx.conf create mode 100644 install/debian/13/nginx/phpmyadmin.inc create mode 100644 install/debian/13/nginx/phppgadmin.inc create mode 100644 install/debian/13/nginx/status.conf create mode 100644 install/debian/13/nginx/webmail.inc create mode 100644 install/debian/13/packages/default.pkg create mode 100644 install/debian/13/pga/config.inc.php create mode 100644 install/debian/13/pga/phppgadmin.conf create mode 100644 install/debian/13/php-fpm/www.conf create mode 100644 install/debian/13/php/php7.3-dedi.patch create mode 100644 install/debian/13/php/php7.3-vps.patch create mode 100644 install/debian/13/php/php7.4-dedi.patch create mode 100644 install/debian/13/php/php7.4-vps.patch create mode 100644 install/debian/13/pma/apache.conf create mode 100644 install/debian/13/pma/config.inc.php create mode 100644 install/debian/13/pma/create_tables.sql create mode 100644 install/debian/13/pma/pma.sh create mode 100644 install/debian/13/postgresql/pg_hba.conf create mode 100644 install/debian/13/proftpd/proftpd.conf create mode 100644 install/debian/13/proftpd/tls.conf create mode 100644 install/debian/13/roundcube/apache.conf create mode 100644 install/debian/13/roundcube/config.inc.php create mode 100644 install/debian/13/roundcube/db.inc.php create mode 100644 install/debian/13/roundcube/main.inc.php create mode 100644 install/debian/13/roundcube/vesta.php create mode 100644 install/debian/13/sudo/admin create mode 100644 install/debian/13/templates/dns/child-ns.tpl create mode 100644 install/debian/13/templates/dns/default.tpl create mode 100644 install/debian/13/templates/dns/gmail.tpl create mode 100644 install/debian/13/templates/dns/office365.tpl create mode 100644 install/debian/13/templates/dns/yandex.tpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84.sh create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84.stpl create mode 100644 install/debian/13/templates/web/apache2/PHP-FPM-84.tpl create mode 100644 install/debian/13/templates/web/awstats/awstats.tpl create mode 100644 install/debian/13/templates/web/awstats/index.tpl create mode 100644 install/debian/13/templates/web/awstats/nav.tpl create mode 100644 install/debian/13/templates/web/nginx/caching.sh create mode 100644 install/debian/13/templates/web/nginx/caching.stpl create mode 100644 install/debian/13/templates/web/nginx/caching.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https-legacy.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https-legacy.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https-public.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https-public.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl create mode 100644 install/debian/13/templates/web/nginx/force-https.stpl create mode 100644 install/debian/13/templates/web/nginx/force-https.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting-legacy.sh create mode 100644 install/debian/13/templates/web/nginx/hosting-legacy.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting-legacy.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting-public.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting-public.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl create mode 100644 install/debian/13/templates/web/nginx/hosting.sh create mode 100644 install/debian/13/templates/web/nginx/hosting.stpl create mode 100644 install/debian/13/templates/web/nginx/hosting.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/default.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/default.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/joomla.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/joomla.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/laravel.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/laravel.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/magento.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/magento.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/modx.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/modx.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/moodle.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/moodle.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/no-php.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/no-php.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/odoo.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/odoo.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/opencart.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/opencart.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/piwik.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/piwik.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/sendy.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/sendy.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl create mode 100644 install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl create mode 100644 install/debian/13/templates/web/nginx/private-force-https.stpl create mode 100644 install/debian/13/templates/web/nginx/private-force-https.tpl create mode 100644 install/debian/13/templates/web/nginx/private-hosting.sh create mode 100644 install/debian/13/templates/web/nginx/private-hosting.stpl create mode 100644 install/debian/13/templates/web/nginx/private-hosting.tpl create mode 100644 install/debian/13/templates/web/nginx/proxy_ip.tpl create mode 100644 install/debian/13/templates/web/php-fpm/default.tpl create mode 100644 install/debian/13/templates/web/php-fpm/no-php.tpl create mode 100644 install/debian/13/templates/web/php-fpm/socket.tpl create mode 100644 install/debian/13/templates/web/skel/document_errors/403.html create mode 100644 install/debian/13/templates/web/skel/document_errors/404.html create mode 100644 install/debian/13/templates/web/skel/document_errors/50x.html create mode 100644 install/debian/13/templates/web/skel/public_html/index.html create mode 100644 install/debian/13/templates/web/skel/public_html/robots.txt create mode 100644 install/debian/13/templates/web/skel/public_shtml/index.html create mode 100644 install/debian/13/templates/web/skel/public_shtml/robots.txt create mode 100644 install/debian/13/templates/web/suspend/.htaccess create mode 100644 install/debian/13/templates/web/suspend/index.html create mode 100644 install/debian/13/templates/web/webalizer/webalizer.tpl create mode 100644 install/debian/13/vsftpd/vsftpd.conf diff --git a/install/debian/13/apache2/apache2.conf b/install/debian/13/apache2/apache2.conf new file mode 100644 index 00000000..2be3e50d --- /dev/null +++ b/install/debian/13/apache2/apache2.conf @@ -0,0 +1,95 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 900 +ProxyTimeout 900 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/debian/13/apache2/status.conf b/install/debian/13/apache2/status.conf new file mode 100644 index 00000000..0d82a356 --- /dev/null +++ b/install/debian/13/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + # Allow from all + diff --git a/install/debian/13/bind/named.conf b/install/debian/13/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/debian/13/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/debian/13/clamav/clamd.conf b/install/debian/13/clamav/clamd.conf new file mode 100644 index 00000000..c636b6d3 --- /dev/null +++ b/install/debian/13/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean true +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 2M +MaxFileSize 2M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/debian/13/deb_signing.key b/install/debian/13/deb_signing.key new file mode 100644 index 00000000..d279abbd --- /dev/null +++ b/install/debian/13/deb_signing.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/13/dovecot/conf.d/10-auth.conf b/install/debian/13/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/debian/13/dovecot/conf.d/10-logging.conf b/install/debian/13/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/debian/13/dovecot/conf.d/10-mail.conf b/install/debian/13/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/debian/13/dovecot/conf.d/10-master.conf b/install/debian/13/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/debian/13/dovecot/conf.d/10-ssl.conf b/install/debian/13/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..3aaff6ee --- /dev/null +++ b/install/debian/13/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + mail_max_userip_connections = 50 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/debian/13/dovecot/dovecot.conf b/install/debian/13/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/debian/13/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/debian/13/exim/deny_senders b/install/debian/13/exim/deny_senders new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/install/debian/13/exim/deny_senders @@ -0,0 +1 @@ + diff --git a/install/debian/13/exim/dnsbl.conf b/install/debian/13/exim/dnsbl.conf new file mode 100644 index 00000000..279bafcd --- /dev/null +++ b/install/debian/13/exim/dnsbl.conf @@ -0,0 +1 @@ +bl.spamcop.net diff --git a/install/debian/13/exim/exim4.conf.template b/install/debian/13/exim/exim4.conf.template new file mode 100644 index 00000000..15264797 --- /dev/null +++ b/install/debian/13/exim/exim4.conf.template @@ -0,0 +1,487 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/13/exim/exim4.conf.template.without-srs b/install/debian/13/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/13/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/13/exim/spam-blocks.conf b/install/debian/13/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/debian/13/fail2ban/action.d/vesta.conf b/install/debian/13/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/debian/13/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/13/fail2ban/filter.d/vesta.conf b/install/debian/13/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..36ec1001 --- /dev/null +++ b/install/debian/13/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccessful Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/debian/13/fail2ban/jail.local b/install/debian/13/fail2ban/jail.local new file mode 100644 index 00000000..eccea068 --- /dev/null +++ b/install/debian/13/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/13/firewall/ports.conf b/install/debian/13/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/13/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/13/firewall/rules.conf b/install/debian/13/firewall/rules.conf new file mode 100644 index 00000000..6da5a1c4 --- /dev/null +++ b/install/debian/13/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/debian/13/logrotate/apache2 b/install/debian/13/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/debian/13/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/debian/13/logrotate/dovecot b/install/debian/13/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/debian/13/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/debian/13/logrotate/nginx b/install/debian/13/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/debian/13/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/debian/13/logrotate/vesta b/install/debian/13/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/debian/13/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/debian/13/mysql/my-large.cnf b/install/debian/13/mysql/my-large.cnf new file mode 100644 index 00000000..b056c316 --- /dev/null +++ b/install/debian/13/mysql/my-large.cnf @@ -0,0 +1,51 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-medium.cnf b/install/debian/13/mysql/my-medium.cnf new file mode 100644 index 00000000..33aa04c2 --- /dev/null +++ b/install/debian/13/mysql/my-medium.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-small.cnf b/install/debian/13/mysql/my-small.cnf new file mode 100644 index 00000000..857f48ce --- /dev/null +++ b/install/debian/13/mysql/my-small.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/nginx/nginx.conf b/install/debian/13/nginx/nginx.conf new file mode 100644 index 00000000..6efe2337 --- /dev/null +++ b/install/debian/13/nginx/nginx.conf @@ -0,0 +1,140 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +timer_resolution 50ms; #In order to free some CPU cycles +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 2a06:98c0::/29; + set_real_ip_from 2c0f:f248::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/debian/13/nginx/phpmyadmin.inc b/install/debian/13/nginx/phpmyadmin.inc new file mode 100644 index 00000000..cdfc93c4 --- /dev/null +++ b/install/debian/13/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/debian/13/nginx/phppgadmin.inc b/install/debian/13/nginx/phppgadmin.inc new file mode 100644 index 00000000..47cfcf4e --- /dev/null +++ b/install/debian/13/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/13/nginx/status.conf b/install/debian/13/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/debian/13/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/debian/13/nginx/webmail.inc b/install/debian/13/nginx/webmail.inc new file mode 100644 index 00000000..768c9049 --- /dev/null +++ b/install/debian/13/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/13/packages/default.pkg b/install/debian/13/packages/default.pkg new file mode 100644 index 00000000..cd1cbba1 --- /dev/null +++ b/install/debian/13/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='PHP-FPM-82' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='unlimited' +WEB_ALIASES='unlimited' +DNS_DOMAINS='unlimited' +DNS_RECORDS='unlimited' +MAIL_DOMAINS='unlimited' +MAIL_ACCOUNTS='unlimited' +DATABASES='unlimited' +CRON_JOBS='unlimited' +DISK_QUOTA='unlimited' +BANDWIDTH='unlimited' +NS='YOURHOSTNAME1,YOURHOSTNAME2' +SHELL='nologin' +BACKUPS='2' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/debian/13/pga/config.inc.php b/install/debian/13/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/debian/13/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/debian/13/pga/phppgadmin.conf b/install/debian/13/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/debian/13/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/debian/13/php-fpm/www.conf b/install/debian/13/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/debian/13/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/debian/13/php/php7.3-dedi.patch b/install/debian/13/php/php7.3-dedi.patch new file mode 100644 index 00000000..c044e002 --- /dev/null +++ b/install/debian/13/php/php7.3-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.3-vps.patch b/install/debian/13/php/php7.3-vps.patch new file mode 100644 index 00000000..803b93e8 --- /dev/null +++ b/install/debian/13/php/php7.3-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-dedi.patch b/install/debian/13/php/php7.4-dedi.patch new file mode 100644 index 00000000..3e5bd2fb --- /dev/null +++ b/install/debian/13/php/php7.4-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:25:15.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-vps.patch b/install/debian/13/php/php7.4-vps.patch new file mode 100644 index 00000000..7c52d402 --- /dev/null +++ b/install/debian/13/php/php7.4-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:24:26.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/pma/apache.conf b/install/debian/13/pma/apache.conf new file mode 100644 index 00000000..2a8f69e2 --- /dev/null +++ b/install/debian/13/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/debian/13/pma/config.inc.php b/install/debian/13/pma/config.inc.php new file mode 100644 index 00000000..eafc6d67 --- /dev/null +++ b/install/debian/13/pma/config.inc.php @@ -0,0 +1,146 @@ +> $pmapath1 +sed -i '/savedsearches/d' $pmapath1 +sed -i '/navigationhiding/d' $pmapath1 +sed -i '/users/d' $pmapath1 +sed -i '/controlpass/d' $pmapath1 +sed -i '/favorite/d' $pmapath1 +sed -i '/usergroups/d' $pmapath1 +sed -i '/central_columns/d' $pmapath1 +sed -i '/designer_settings/d' $pmapath1 +sed -i '/export_templates/d' $pmapath1 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1 + +sed -i '/pmadb/d' $pmapath2 +sed -i '/controluser/d' $pmapath2 +sed -i '/bookmarktable/d' $pmapath2 +sed -i '/relation/d' $pmapath2 +sed -i '/userconfig/d' $pmapath2 +sed -i '/table_info/d' $pmapath2 +sed -i '/column_info/d' $pmapath2 +sed -i '/history/d' $pmapath2 +sed -i '/recent/d' $pmapath2 +sed -i '/table_uiprefs/d' $pmapath2 +sed -i '/tracking/d' $pmapath2 +sed -i '/table_coords/d' $pmapath2 +sed -i '/pdf_pages/d' $pmapath2 +sed -i '/designer_coords/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/savedsearches/d' $pmapath2 +sed -i '/navigationhiding/d' $pmapath2 +sed -i '/users/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/favorite/d' $pmapath2 +sed -i '/usergroups/d' $pmapath2 +sed -i '/central_columns/d' $pmapath2 +sed -i '/designer_settings/d' $pmapath2 +sed -i '/export_templates/d' $pmapath2 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2 + +#SOME WORK with DATABASE (table / user) +PMADB=phpmyadmin +PMAUSER=pma + +#DROP USER and TABLE +mysql -uroot < + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 100 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + + + Umask 002 + + IdentLookups off + + AllowOverwrite yes + + AllowAll + + diff --git a/install/debian/13/proftpd/tls.conf b/install/debian/13/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/13/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/13/roundcube/apache.conf b/install/debian/13/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/debian/13/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/debian/13/roundcube/config.inc.php b/install/debian/13/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/debian/13/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/debian/13/roundcube/main.inc.php b/install/debian/13/roundcube/main.inc.php new file mode 100644 index 00000000..91f32000 --- /dev/null +++ b/install/debian/13/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = true; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'elastic'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/debian/13/roundcube/vesta.php b/install/debian/13/roundcube/vesta.php new file mode 100644 index 00000000..b3dd167f --- /dev/null +++ b/install/debian/13/roundcube/vesta.php @@ -0,0 +1,73 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/debian/13/sudo/admin b/install/debian/13/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/debian/13/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/13/templates/dns/child-ns.tpl b/install/debian/13/templates/dns/child-ns.tpl new file mode 100644 index 00000000..42c046e4 --- /dev/null +++ b/install/debian/13/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/default.tpl b/install/debian/13/templates/dns/default.tpl new file mode 100644 index 00000000..e0a37e62 --- /dev/null +++ b/install/debian/13/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/gmail.tpl b/install/debian/13/templates/dns/gmail.tpl new file mode 100644 index 00000000..219c9d24 --- /dev/null +++ b/install/debian/13/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/office365.tpl b/install/debian/13/templates/dns/office365.tpl new file mode 100644 index 00000000..dcf556e1 --- /dev/null +++ b/install/debian/13/templates/dns/office365.tpl @@ -0,0 +1,22 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/yandex.tpl b/install/debian/13/templates/dns/yandex.tpl new file mode 100644 index 00000000..4ce768fe --- /dev/null +++ b/install/debian/13/templates/dns/yandex.tpl @@ -0,0 +1,16 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/13/templates/web/awstats/awstats.tpl b/install/debian/13/templates/web/awstats/awstats.tpl new file mode 100644 index 00000000..6bb51c50 --- /dev/null +++ b/install/debian/13/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1" +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/debian/13/templates/web/awstats/index.tpl b/install/debian/13/templates/web/awstats/index.tpl new file mode 100644 index 00000000..9df9bb5c --- /dev/null +++ b/install/debian/13/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/debian/13/templates/web/awstats/nav.tpl b/install/debian/13/templates/web/awstats/nav.tpl new file mode 100644 index 00000000..f29bed68 --- /dev/null +++ b/install/debian/13/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/debian/13/templates/web/nginx/caching.sh b/install/debian/13/templates/web/nginx/caching.sh new file mode 100644 index 00000000..09d8efe7 --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/debian/13/templates/web/nginx/caching.stpl b/install/debian/13/templates/web/nginx/caching.stpl new file mode 100644 index 00000000..f5c9740f --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/caching.tpl b/install/debian/13/templates/web/nginx/caching.tpl new file mode 100644 index 00000000..73de28d5 --- /dev/null +++ b/install/debian/13/templates/web/nginx/caching.tpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.stpl b/install/debian/13/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..8e636db3 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.tpl b/install/debian/13/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https-public.stpl b/install/debian/13/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/force-https-public.tpl b/install/debian/13/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/force-https.stpl b/install/debian/13/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..55f41002 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/force-https.tpl b/install/debian/13/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.sh b/install/debian/13/templates/web/nginx/hosting-legacy.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.stpl b/install/debian/13/templates/web/nginx/hosting-legacy.stpl new file mode 100644 index 00000000..efdd3b87 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.tpl b/install/debian/13/templates/web/nginx/hosting-legacy.tpl new file mode 100644 index 00000000..a41d4054 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-legacy.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-public.stpl b/install/debian/13/templates/web/nginx/hosting-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-public.tpl b/install/debian/13/templates/web/nginx/hosting-public.tpl new file mode 100644 index 00000000..f5d8b327 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-public.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..f84f4781 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting.sh b/install/debian/13/templates/web/nginx/hosting.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting.stpl b/install/debian/13/templates/web/nginx/hosting.stpl new file mode 100644 index 00000000..5745311e --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/hosting.tpl b/install/debian/13/templates/web/nginx/hosting.tpl new file mode 100644 index 00000000..61469ad2 --- /dev/null +++ b/install/debian/13/templates/web/nginx/hosting.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..cf8fad56 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..5931f617 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..3c2793d1 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..bb9a727b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.stpl b/install/debian/13/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.tpl b/install/debian/13/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..a7564705 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6e67a4e0 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..d1096bff --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..d4f96ee3 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..db0b4dde --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.stpl b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..f8ac30c9 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.tpl b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.stpl b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..420aeb9e --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.tpl b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..8594ec94 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..4bb50383 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..e28afcfc --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..52706d21 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..1b803f97 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..1b299343 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..d26ed9f4 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..b92861b0 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..01dfee5b --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..a5fc46fb --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/private-force-https.stpl b/install/debian/13/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..bf805683 --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/13/templates/web/nginx/private-force-https.tpl b/install/debian/13/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/13/templates/web/nginx/private-hosting.sh b/install/debian/13/templates/web/nginx/private-hosting.sh new file mode 100644 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/templates/web/nginx/private-hosting.stpl b/install/debian/13/templates/web/nginx/private-hosting.stpl new file mode 100644 index 00000000..8e5b3f7b --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.stpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/private-hosting.tpl b/install/debian/13/templates/web/nginx/private-hosting.tpl new file mode 100644 index 00000000..a8ee840e --- /dev/null +++ b/install/debian/13/templates/web/nginx/private-hosting.tpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/13/templates/web/nginx/proxy_ip.tpl b/install/debian/13/templates/web/nginx/proxy_ip.tpl new file mode 100644 index 00000000..ae195617 --- /dev/null +++ b/install/debian/13/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/debian/13/templates/web/php-fpm/default.tpl b/install/debian/13/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/no-php.tpl b/install/debian/13/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/socket.tpl b/install/debian/13/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/debian/13/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/skel/document_errors/403.html b/install/debian/13/templates/web/skel/document_errors/403.html new file mode 100644 index 00000000..9c3f6baa --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/13/templates/web/skel/document_errors/404.html b/install/debian/13/templates/web/skel/document_errors/404.html new file mode 100644 index 00000000..2cee7708 --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/13/templates/web/skel/document_errors/50x.html b/install/debian/13/templates/web/skel/document_errors/50x.html new file mode 100644 index 00000000..85ba648b --- /dev/null +++ b/install/debian/13/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/debian/13/templates/web/skel/public_html/index.html b/install/debian/13/templates/web/skel/public_html/index.html new file mode 100644 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/13/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/13/templates/web/skel/public_html/robots.txt b/install/debian/13/templates/web/skel/public_html/robots.txt new file mode 100644 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/13/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/13/templates/web/skel/public_shtml/index.html b/install/debian/13/templates/web/skel/public_shtml/index.html new file mode 100644 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/13/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/13/templates/web/skel/public_shtml/robots.txt b/install/debian/13/templates/web/skel/public_shtml/robots.txt new file mode 100644 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/13/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/13/templates/web/suspend/.htaccess b/install/debian/13/templates/web/suspend/.htaccess new file mode 100644 index 00000000..5a6df83f --- /dev/null +++ b/install/debian/13/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/debian/13/templates/web/suspend/index.html b/install/debian/13/templates/web/suspend/index.html new file mode 100644 index 00000000..3815354d --- /dev/null +++ b/install/debian/13/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

Temporary under construction

+

This website is temporary under construction.

+
+ We will back again soon. +
+ + diff --git a/install/debian/13/templates/web/webalizer/webalizer.tpl b/install/debian/13/templates/web/webalizer/webalizer.tpl new file mode 100644 index 00000000..068adcfb --- /dev/null +++ b/install/debian/13/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/debian/13/vsftpd/vsftpd.conf b/install/debian/13/vsftpd/vsftpd.conf new file mode 100644 index 00000000..1ca1a992 --- /dev/null +++ b/install/debian/13/vsftpd/vsftpd.conf @@ -0,0 +1,26 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 +use_localtime=YES diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 25364c90..98887225 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -20,7 +20,19 @@ codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" ARCH="amd64" -if [ "$release" -eq 12 ]; then +if [ "$release" -eq 13 ]; then + software="nginx apache2 apache2-utils + libapache2-mod-fcgid php-fpm php + php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats + vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mariadb-server mariadb-common + mariadb-client postgresql postgresql-contrib phpmyadmin mc + flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl + unrar-free vim-common net-tools unzip iptables xxd spamd" +elif [ "$release" -eq 12 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats @@ -1083,6 +1095,22 @@ if [ "$release" -eq 12 ]; then ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl fi +if [ "$release" -eq 13 ]; then + echo "== Symlink missing templates" + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl + + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.tpl +fi echo "== Set nameservers address" sed -i "s/YOURHOSTNAME1/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg @@ -1207,7 +1235,13 @@ fi if [ "$phpfpm" = 'yes' ]; then echo "=== Configure PHP-FPM" - if [ "$release" -eq 12 ]; then + if [ "$release" -eq 13 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/8.4/fpm/pool.d/www.conf + #update-rc.d php8.4-fpm defaults + currentservice='php8.4-fpm' + ensure_startup $currentservice + ensure_start $currentservice + elif [ "$release" -eq 12 ]; then cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf #update-rc.d php8.2-fpm defaults currentservice='php8.2-fpm' @@ -1885,6 +1919,20 @@ if [ "$release" -eq 12 ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' fi fi +if [ "$release" -eq 13 ]; then + if [ -f "/etc/php/8.4/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" + sed -i "/^group =/c\group = www-data" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/8.4/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/8.4/fpm/pool.d/$servername.conf + service php8.4-fpm restart + ln -s /var/lib/roundcube /var/lib/roundcube/webmail + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' + fi +fi + echo "== Adding cron jobs" command="sudo $VESTA/bin/v-update-sys-queue disk" @@ -1953,6 +2001,9 @@ fi if [ "$release" -eq 12 ]; then apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap fi +if [ "$release" -eq 13 ]; then + apt-get -y install php8.4-apcu php8.4-mbstring php8.4-bcmath php8.4-curl php8.4-gd php8.4-intl php8.4-mysql php8.4-mysqlnd php8.4-pdo php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-zip php8.4-imagick php8.4-imap +fi touch /var/log/php-mail.log chmod a=rw /var/log/php-mail.log @@ -2008,6 +2059,13 @@ if [ "$release" -eq 12 ]; then service php8.2-fpm restart fi +if [ "$release" -eq 13 ]; then + echo "=== Patching php8.4" + patch /etc/php/8.4/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch + update-alternatives --set php /usr/bin/php8.4 + service php8.4-fpm restart +fi + # echo "=== Patching rcube_vcard.php" # wget -nv https://c.myvestacp.com/tools/patches/rcube_vcard.patch -O /root/rcube_vcard.patch # patch /usr/share/roundcube/program/lib/Roundcube/rcube_vcard.php < /root/rcube_vcard.patch