Merge pull request #2302 from pdapnz/fix_bug_url_parsing

fix bug https://github.com/outroll/vesta/issues/2301

.gitignore

@@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
+src/react/node_modules
+src/react/build
+/.idea

README.md

@@ -1,6 +1,8 @@
 [Vesta Control Panel](http://vestacp.com/)
 ==================================================
 
+Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
+
 [![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
 * Vesta is an open source hosting control panel.
@@ -16,7 +18,7 @@ ssh root@your.server
 
 Download the installation script, and run it:
 ```bash
-curl http://vestacp.com/pub/vst-install.sh | bash
+curl https://vestacp.com/pub/vst-install.sh | bash
 ```
 
 How to install (3 step)
@@ -29,7 +31,7 @@ ssh root@your.server
 
 Download the installation script:
 ```bash
-curl -O http://vestacp.com/pub/vst-install.sh
+curl -O https://vestacp.com/pub/vst-install.sh
 ```
 Then run it:
 ```bash
@@ -38,5 +40,5 @@ bash vst-install.sh
 
 License
 ----------------------------
-Vesta is licensed under  [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license
+Vesta is licensed under  [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license
 

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to dev@vestacp.com

bin/v-activate-vesta-license

@@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
 
 # Checking arg number
 check_args '2' "$#" 'MODULE LICENSE'
-
+is_user_format_valid "$license" "license"
 
 #----------------------------------------------------------#
 #                       Action                             #
@@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
+answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 
 # Checking server answer

bin/v-add-backup-host

@@ -38,8 +38,7 @@ EOF
 sftpc() {
     expect -f "-" <<EOF "$@"
         set count 0
-        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
-            Port=$port $user@$host
+        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
         expect {
             "password:" {
                 send "$password\r"
@@ -94,12 +93,14 @@ EOF
 
 if [ "$type" != 'local' ];then
     check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
-    is_format_valid 'host'
+    is_format_valid 'user' 'host' 'path' 'port'
     is_password_valid
     if [ "$type" = 'sftp' ]; then
         which expect >/dev/null 2>&1
         check_result $? "expect command not found"  $E_NOTEXIST
     fi
+    host "$host" >/dev/null 2>&1
+    check_result $? "host connection failed" "$E_CONNECT"
 fi
 
 

bin/v-add-dns-on-web-alias

@@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l)
 # Adding second level domain
 if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
     $BIN/v-add-dns-domain \
-        $user $alias $ip '' '' '' '' '' $restart >> /dev/null
+        $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
     exit
 fi
 
 # Adding top-level domain and then its sub
-$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null
+$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
 
 # Checking top-level domain
 if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then

bin/v-add-dns-record

@@ -45,10 +45,12 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
     fi
 fi
 
-dvalue=${dvalue//\"/}
+if [ $rtype != "CAA" ]; then
+    dvalue=${dvalue//\"/}
 
-if [[ "$dvalue" =~ [\;[:space:]] ]]; then
+    if [[ "$dvalue" =~ [\;[:space:]] ]]; then
         dvalue='"'"$dvalue"'"'
+    fi
 fi
 
 # Additional argument formatting

bin/v-add-firewall-chain

@@ -21,6 +21,12 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
 # Defining absolute path to iptables
 iptables="/sbin/iptables"
 
+# Get vesta port by reading nginx.conf
+vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
+if [ -z "$vestaport" ]; then
+    vestaport=8083
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@@ -41,13 +47,19 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 
 # Checking known chains
 case $chain in
-    SSH)        port=22; protocol=TCP ;;
+    SSH)        # Get ssh port by reading ssh config file.
+                sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
+                if [ -z "$sshport" ]; then
+                    sshport=22
+                fi
+                port=$sshport; 
+                protocol=TCP ;;
     FTP)        port=21; protocol=TCP  ;;
     MAIL)       port='25,465,587,2525,110,995,143,993'; protocol=TCP  ;;
     DNS)        port=53; protocol=UDP  ;;
     WEB)        port='80,443'; protocol=TCP  ;;
     DB)         port='3306,5432'; protocol=TCP  ;;
-    VESTA)      port=8083; protocol=TCP  ;;
+    VESTA)      port=$vestaport; protocol=TCP  ;;
     *)          check_args '2' "$#" 'CHAIN PORT' ;;
 esac
 

bin/v-add-letsencrypt-domain

@@ -1,13 +1,8 @@
 #!/bin/bash
-# info: adding letsencrypt ssl cetificate for domain
-# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
+# info: check letsencrypt domain
+# options: USER DOMAIN [ALIASES]
 #
-# The function turns on SSL support for a domain. Parameter ssl_dir is a path
-# to directory where 2 or 3 ssl files can be found. Certificate file
-# domain.tld.crt and its key domain.tld.key  are mandatory. Certificate
-# authority domain.tld.ca file is optional. If home directory  parameter
-# (ssl_home) is not set, https domain uses public_shtml as separate
-# documentroot directory.
+# The function check and validates domain with Let's Encript
 
 
 #----------------------------------------------------------#
@@ -18,8 +13,9 @@
 user=$1
 domain=$2
 aliases=$3
-restart=$4
-notify=$5
+
+# LE API
+API='https://acme-v02.api.letsencrypt.org'
 
 # Includes
 source $VESTA/func/main.sh
@@ -27,98 +23,346 @@ source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 
 # Additional argument formatting
-format_domain_idn
+format_identifier_idn() {
+    identifier_idn=$identifier
+    if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
+        identifier_idn=$(idn -t --quiet -a $identifier_idn)
+    fi
+}
+
+# encode base64
+encode_base64() {
+    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
+}
+
+# Let's Encrypt v2 curl function
+query_le_v2() {
+
+    protected='{"nonce": "'$3'",'
+    protected=''$protected' "url": "'$1'",'
+    protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
+    content="Content-Type: application/jose+json"
+
+    payload_=$(echo -n "$2" |encode_base64)
+    protected_=$(echo -n "$protected" |encode_base64)
+    signature_=$(printf "%s" "$protected_.$payload_" |\
+        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
+        encode_base64)
+
+    post_data='{"protected":"'"$protected_"'",'
+    post_data=$post_data'"payload":"'"$payload_"'",'
+    post_data=$post_data'"signature":"'"$signature_"'"}'
+
+    # Save http response to file passed as "$4" arg or print to stdout if not provided
+    # http response headers are always sent to stdout
+    local save_to_file=${4:-"/dev/stdout"}
+    curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+}
+
 
 
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [ALIASES]'
+is_format_valid 'user' 'domain' 'aliases'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
+get_domain_values 'web'
 
+echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
+
+# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
+if [[ "$aliases" != "*.$domain" ]]; then
+    for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
+        check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
+        if [ -z "$check_alias" ]; then
+            echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_NOTEXIST "domain alias $alias doesn't exist"
+        fi
+    done
+fi;
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Parsing domain data
-get_domain_values 'web'
-
 # Registering LetsEncrypt user account
+echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-letsencrypt-user $user
+echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$?" -ne 0  ]; then
     touch $VESTA/data/queue/letsencrypt.pipe
     sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
     send_notice "LETSENCRYPT" "Account registration failed"
+    echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
     check_result $E_CONNECT "LE account registration" >/dev/null
 fi
 
 # Parsing LetsEncrypt account data
 source $USER_DATA/ssl/le.conf
-email=$EMAIL
 
-# Validating domain and aliases
-i=1
-for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
-    $BIN/v-check-letsencrypt-domain $user $alias
-    if [ "$?" -ne 0 ]; then
-        touch $VESTA/data/queue/letsencrypt.pipe
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-        send_notice "LETSENCRYPT" "$alias validation failed"
-        check_result $E_INVALID "LE domain validation" >/dev/null
+# Checking wildcard alias
+if [ "$aliases" = "*.$domain" ]; then
+    echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
+    wildcard='yes'
+    proto="dns-01"
+    if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
+        echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
+    fi
+else
+    proto="http-01"
+fi
+
+# Requesting nonce / STEP 1
+echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(curl -s -I "$API/directory")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt nonce request status $status"
+fi
+
+# Placing new order / STEP 2
+echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
+url="$API/acme/new-order"
+payload='{"identifiers":['
+for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
+    format_identifier_idn
+    payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
+done
+payload=$(echo "$payload"|sed "s/,$//")
+payload=$payload']}'
+echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$url" "$payload" "$nonce")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
+echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
+finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
+echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 201 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt new auth status $status"
+fi
+
+# Requesting authorization token / STEP 3
+echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
+for auth in $authz; do
+    payload=''
+    echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
+    echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+    answer=$(query_le_v2 "$auth" "$payload" "$nonce")
+    echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+    url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
+    echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
+    token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
+    echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
+    nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+    echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+    status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+    echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+    if [[ "$status" -ne 200 ]]; then
+        echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
     fi
 
-    # Checking LE limits per account
-    if [ "$i" -gt 100 ]; then
-        touch $VESTA/data/queue/letsencrypt.pipe
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-        send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
-        check_result $E_LIMIT "LE can't sign more than 100 domains"
+    # Configuring challenge / STEP 4
+    echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
+    echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
+    if [ "$wildcard" = 'yes'  ]; then
+        record=$(printf "%s" "$token.$THUMB" |\
+            openssl dgst -sha256 -binary |encode_base64)
+        old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
+        old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
+        for old_record in $old_records; do
+            $BIN/v-delete-dns-record "$user" "$domain" "$old_record"
+        done
+        $BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
+        exitstatus=$?
+        echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
+        if [ "$exitstatus" -ne 0  ]; then
+            echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
+        fi
+        check_result $exitstatus "DNS _acme-challenge record wasn't created"
+    else
+        if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
+            if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
+                #  if vesta is behind main nginx
+                well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
+                acme_challenge="$well_known/acme-challenge"
+                mkdir -p $acme_challenge
+                echo "$token.$THUMB" > $acme_challenge/$token
+                echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
+                chown -R $user:$user $well_known
+            else
+                # default nginx method
+                conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
+                sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
+                # if [ ! -e "$conf" ]; then
+                    echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
+                        > $conf
+                    echo '    default_type text/plain;' >> $conf
+                    echo '    return 200 "$1.'$THUMB'";' >> $conf
+                    echo '}' >> $conf
+                # fi
+                echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
+                if [ ! -e "$sconf" ]; then
+                    ln -s "$conf" "$sconf"
+                fi
+                echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log 
+                $BIN/v-restart-proxy
+                if [ -z "$PROXY_SYSTEM" ]; then
+                    # apache-less variant
+                    echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log 
+                    $BIN/v-restart-web
+                fi
+                exitstatus=$?
+                if [ "$exitstatus" -ne 0  ]; then
+                    echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
+                fi
+                check_result $exitstatus "Proxy restart failed" >/dev/null
+            fi
+        else
+            well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
+            acme_challenge="$well_known/acme-challenge"
+            mkdir -p $acme_challenge
+            echo "$token.$THUMB" > $acme_challenge/$token
+            chown -R $user:$user $well_known
+            echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
+            # $BIN/v-restart-web
+            # check_result $? "Web restart failed" >/dev/null
+        fi
+    fi
+
+    # Requesting ACME validation / STEP 5
+    echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
+    validation_check=$(echo "$answer" |grep '"valid"')
+    echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
+    if [[ ! -z "$validation_check" ]]; then
+        validation='valid'
+    else
+        validation='pending'
+    fi
+
+    # Doing pol check on status
+    i=1
+    while [ "$validation" = 'pending' ]; do
+        echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
+        payload='{}'
+        echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+        answer=$(query_le_v2 "$url" "$payload" "$nonce")
+        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+        validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
+        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+        nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+        echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+        status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+        if [[ "$status" -ne 200 ]]; then
+            echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_CONNECT "Let's Encrypt validation status $status"
+        fi
+
+        i=$((i + 1))
+        if [ "$i" -gt 10 ]; then
+            echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_CONNECT "Let's Encrypt domain validation timeout"
+        fi
+        sleeping=$((i*2))
+        echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
+        sleep $sleeping
+    done
+    if [ "$validation" = 'invalid' ]; then
+        echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_CONNECT "Let's Encrypt domain verification failed"
     fi
-    i=$((i++))
 done
 
-# Generating CSR
-ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
+
+# Generating new ssl certificate
+ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
     "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
 
-# Signing CSR
-crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
-if [ "$?" -ne 0 ]; then
-    touch $VESTA/data/queue/letsencrypt.pipe
-    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-    send_notice "LETSENCRYPT" "$alias validation failed"
-    check_result "$E_INVALID" "LE $domain validation"
-fi
-echo "$crt" > $ssl_dir/$domain.crt
+# Sending CSR to finalize order / STEP 6
+echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log
 
-# Dowloading CA certificate
-le_certs='https://letsencrypt.org/certs'
-x1='lets-encrypt-x1-cross-signed.pem.txt'
-x3='lets-encrypt-x3-cross-signed.pem.txt'
-issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
-if [ -z "$(echo $issuer|grep X3)" ]; then
-    curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
-else
-    curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
+csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
+payload='{"csr":"'$csr'"}'
+echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
+echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
+fi
+
+# Downloading signed certificate / STEP 7
+echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    [ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
+    echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
+fi
+
+# Splitting up downloaded pem
+# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
+crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
+# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
+head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
+
+pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
+# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
+ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
+# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
+ca_end=$(( pem_lines - crt_end + 1 ))
+# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
+tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
+
+# Temporary fix for double "END CERTIFICATE"
+if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
+    sed -i '1,2d' $ssl_dir/$domain.ca
 fi
 
 # Adding SSL
 ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
 $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
+echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
-if [ "$?" -ne '0' ]; then
+exitstatus=$?
+echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
+if [ "$exitstatus" -ne '0' ]; then
     touch $VESTA/data/queue/letsencrypt.pipe
     sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
+    echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
     send_notice 'LETSENCRYPT' "$domain certificate installation failed"
-    check_result $? "SSL install" >/dev/null
+    check_result $exitstatus "SSL install" >/dev/null
 fi
 
 # Adding LE autorenew cronjob
@@ -135,24 +379,20 @@ if [ -z "$LETSENCRYPT" ]; then
 fi
 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
 
+reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
 
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 
-# Restarting web
-$BIN/v-restart-web $restart
-if [ "$?" -ne 0  ]; then
-    send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
-fi
-
-# Notifying user
-send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
-
 # Deleteing task from queue
 touch $VESTA/data/queue/letsencrypt.pipe
 sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
 
+# Notifying user
+send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
+echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
+
 # Logging
 log_event "$OK" "$ARGUMENTS"
 

bin/v-add-letsencrypt-user

@@ -1,8 +1,8 @@
 #!/bin/bash
 # info: register letsencrypt user account
-# options: USER [EMAIL]
+# options: USER
 #
-# The function creates and register LetsEncript account key
+# The function creates and register LetsEncript account 
 
 
 #----------------------------------------------------------#
@@ -11,8 +11,9 @@
 
 # Argument definition
 user=$1
-email=$2
-key_size=4096
+
+# LE API
+API='https://acme-v02.api.letsencrypt.org'
 
 # Includes
 source $VESTA/func/main.sh
@@ -23,15 +24,38 @@ encode_base64() {
     cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }
 
+# Let's Encrypt v2 curl function
+query_le_v2() {
+    protected='{"nonce": "'$3'",'
+    protected=''$protected' "url": "'$1'",'
+    protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
+    content="Content-Type: application/jose+json"
+
+    payload_=$(echo -n "$2" |encode_base64)
+    protected_=$(echo -n "$protected" |encode_base64)
+    signature_=$(printf "%s" "$protected_.$payload_" |\
+        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
+        encode_base64)
+
+    post_data='{"protected":"'"$protected_"'",'
+    post_data=$post_data'"payload":"'"$payload_"'",'
+    post_data=$post_data'"signature":"'"$signature_"'"}'
+
+    curl -s -i -d "$post_data" "$1" -H "$content"
+}
+
 
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '1' "$#" 'USER [EMAIL]'
+check_args '1' "$#" 'USER'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 if [ -e "$USER_DATA/ssl/le.conf" ]; then
+    source "$USER_DATA/ssl/le.conf"
+fi
+if [ ! -z "$KID" ]; then
     exit
 fi
 
@@ -40,57 +64,57 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
-api='https://acme-v01.api.letsencrypt.org'
-if [ -z "$email" ]; then
-    email=$(get_user_value '$CONTACT')
+
+# Defining user email
+if [[ -z "$EMAIL" ]]; then
+    EMAIL=$(get_user_value '$CONTACT')
 fi
 
-agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
+# Defining user agreement
+agreement=''
 
-# Generating key
-key="$USER_DATA/ssl/user.key"
-if [ ! -e "$key" ]; then
-    openssl genrsa -out $key $key_size >/dev/null 2>&1
-    chmod 600 $key
+# Generating user key
+KEY="$USER_DATA/ssl/user.key"
+if [ ! -e "$KEY" ]; then
+    openssl genrsa -out $KEY 4096 >/dev/null 2>&1
+    chmod 600 $KEY
 fi
 
 # Defining key exponent
-exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
+if [ -z "$EXPONENT" ]; then
+    EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
         grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
         xxd -r -p |encode_base64)
+fi
 
 # Defining key modulus
-modulus=$(openssl rsa -in "$key" -modulus -noout |\
+if [ -z "$MODULUS" ]; then
+    MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
         sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
+fi
 
-# Defining key thumb
-thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
+# Defining JWK
+jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
 
-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
+# Defining key thumbnail
+if [ -z "$THUMB" ]; then
+    THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
+fi
 
-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
 
-# Defining registration query
-query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
-query=$query'"agreement":"'$agreement'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
+# Requesting ACME nonce
+nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
 
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
-status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
+# Creating ACME account
+url="$API/acme/new-acct"
+payload='{"termsOfServiceAgreed": true}'
+answer=$(query_le_v2 "$url" "$payload" "$nonce")
+kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
 
-# Checking http answer status
-if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
-    check_result $E_CONNECT "LetsEncrypt account registration $status"
+# Checking answer status
+status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
+if [[ "${status:0:2}" -ne "20" ]]; then
+    check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
 fi
 
 
@@ -99,12 +123,17 @@ fi
 #----------------------------------------------------------#
 
 # Adding le.conf
-echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
-echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
-echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
-echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
-chmod 660  $USER_DATA/ssl/le.conf
-
+if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
+    echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
+    echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
+    echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
+    echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
+    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
+    chmod 660  $USER_DATA/ssl/le.conf
+else
+    sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
+    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
+fi
 
 # Logging
 log_event "$OK" "$ARGUMENTS"

bin/v-add-mail-domain

@@ -45,6 +45,7 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_domain_new 'mail' "$domain"
 is_package_full 'MAIL_DOMAINS'
+is_dir_symlink $HOMEDIR/$user/mail
 
 
 #----------------------------------------------------------#

bin/v-add-sys-ip

@@ -60,8 +60,8 @@ if [ -z "$sys_ip_check" ]; then
     /sbin/ip addr add $ip/$cidr dev $interface \
         broadcast $broadcast label $iface
 
-    # Adding RHEL/CentOS/Fedora startup script
-    if [ -e "/etc/redhat-release" ]; then
+    # Adding RHEL/CentOS/Fedora/Amazon startup script
+    if [ -d "/etc/sysconfig" ]; then
         sys_ip="# Added by vesta"
         sys_ip="$sys_ip\nDEVICE=$iface"
         sys_ip="$sys_ip\nBOOTPROTO=static"

bin/v-add-sys-mail-ssl

@@ -0,0 +1,106 @@
+#!/bin/bash
+# info: copy mail ssl certificate
+# options: USER DOMAIN [RESTART]
+#
+# The function copies user domain SSL to mail SSL directory
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining certificate location
+dom_crt="/home/$user/conf/web/ssl.$domain.pem"
+dom_key="/home/$user/conf/web/ssl.$domain.key"
+vst_crt="$VESTA/ssl/mail.crt"
+vst_key="$VESTA/ssl/mail.key"
+
+# Checking certificate
+if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
+    check_result $E_NOTEXIST "$domain certificate doesn't exist"
+fi
+
+# Checking difference
+diff $dom_crt $vst_crt >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    rm -f $vst_crt.old $vst_key.old
+    mv $vst_crt $vst_crt.old >/dev/null 2>&1
+    mv $vst_key $vst_key.old >/dev/null 2>&1
+    cp $dom_crt $vst_crt 2>/dev/null
+    cp $dom_key $vst_key 2>/dev/null
+    chown root:mail $vst_crt $vst_key
+else
+    restart=no
+fi
+
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+fi
+
+# Updating vesta.conf
+if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
+    echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
+else
+    sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
+        $VESTA/conf/vesta.conf
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-add-sys-quota

@@ -21,7 +21,7 @@ source $VESTA/conf/vesta.conf
 # Checking quota package
 quota=$(which --skip-alias --skip-functions quota 2>/dev/null)
 if [ $? -ne 0 ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         yum -y install quota >/dev/null 2>&1
         check_result $? "quota package installation failed" $E_UPDATE
     else

bin/v-add-sys-vesta-ssl

@@ -0,0 +1,97 @@
+#!/bin/bash
+# info: add vesta ssl certificate
+# options: USER DOMAIN [RESTART]
+#
+# The function copies user domain SSL to vesta SSL directory
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining certificate location
+dom_crt="/home/$user/conf/web/ssl.$domain.pem"
+dom_key="/home/$user/conf/web/ssl.$domain.key"
+vst_crt="$VESTA/ssl/certificate.crt"
+vst_key="$VESTA/ssl/certificate.key"
+
+# Checking certificate
+if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
+    check_result $E_NOTEXIST "$domain certificate doesn't exist"
+fi
+
+# Checking difference
+diff $dom_crt $vst_crt >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    rm -f $vst_crt.old $vst_key.old
+    mv $vst_crt $vst_crt.old
+    mv $vst_key $vst_key.old
+    cp $dom_crt $vst_crt 2>/dev/null
+    cp $dom_key $vst_key 2>/dev/null
+    chown root:mail $vst_crt $vst_key
+else
+    restart=no
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+    if [ ! -z "$FTP_SYSTEM" ]; then
+        $BIN/v-restart-service "$FTP_SYSTEM"
+    fi
+    if [ -e "/var/run/vesta-nginx.pid" ]; then
+        kill -HUP $(cat /var/run/vesta-nginx.pid)
+    else
+        service vesta restart
+    fi
+fi
+
+# Updating vesta.conf
+if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
+    echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
+else
+    sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
+        $VESTA/conf/vesta.conf
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-add-user-package

@@ -30,37 +30,37 @@ is_package_new() {
 is_package_consistent() {
     source $pkg_dir/$package.pkg
     if [ "$WEB_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS'
+        is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
     fi
     if [ "$WEB_ALIASES" != 'unlimited' ]; then
-        is_format_valid_int $WEB_ALIASES 'WEB_ALIASES'
+        is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
     fi
     if [ "$DNS_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS'
+        is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
     fi
     if [ "$DNS_RECORDS" != 'unlimited' ]; then
-        is_format_valid_int $DNS_RECORDS 'DNS_RECORDS'
+        is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
     fi
     if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS'
+        is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
     fi
     if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
-        is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
+        is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
     fi
     if [ "$DATABASES" != 'unlimited' ]; then
-        is_format_valid_int $DATABASES 'DATABASES'
+        is_int_format_valid $DATABASES 'DATABASES'
     fi
     if [ "$CRON_JOBS" != 'unlimited' ]; then
-        is_format_valid_int $CRON_JOBS 'CRON_JOBS'
+        is_int_format_valid $CRON_JOBS 'CRON_JOBS'
     fi
     if [ "$DISK_QUOTA" != 'unlimited' ]; then
-        is_format_valid_int $DISK_QUOTA 'DISK_QUOTA'
+        is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
     fi
     if [ "$BANDWIDTH" != 'unlimited' ]; then
-        is_format_valid_int $BANDWIDTH 'BANDWIDTH'
+        is_int_format_valid $BANDWIDTH 'BANDWIDTH'
     fi
     if [ "$BACKUPS" != 'unlimited' ]; then
-        is_format_valid_int $BACKUPS 'BACKUPS'
+        is_int_format_valid $BACKUPS 'BACKUPS'
     fi
     is_format_valid_shell $SHELL
 }

bin/v-add-vesta-softaculous

@@ -46,7 +46,7 @@ fi
 #----------------------------------------------------------#
 
 # Cleaning yum cache
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     yum -q clean all
     yum="yum -q -y --noplugins --disablerepo=* --enablerepo=vesta"
 else
@@ -57,7 +57,7 @@ fi
 
 # Updating php pacakge
 if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         $yum -y update vesta-php
         check_result $? "vesta-php package upgrade failed" $E_UPDATE
     else
@@ -67,7 +67,7 @@ if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
 fi
 
 # Adding vesta-ioncube package
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     rpm -q vesta-ioncube >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         $yum -y install vesta-ioncube >/dev/null 2>&1
@@ -82,7 +82,7 @@ else
 fi
 
 # Adding vesta-softaculous package
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     rpm -q vesta-softaculous >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         $yum -y install vesta-softaculous >/dev/null 2>&1
@@ -98,6 +98,8 @@ fi
 
 # Installing softaculous
 if [ ! -e "$VESTA/softaculous/vst_installed" ]; then
+    mkdir -p /var/softaculous
+    chown -R admin:admin /var/softaculous
     cd $VESTA/softaculous
     wget -q http://c.vestacp.com/3rdparty/softaculous_install.inc
     $VESTA/php/bin/php softaculous_install.inc
@@ -105,9 +107,11 @@ if [ ! -e "$VESTA/softaculous/vst_installed" ]; then
     touch $VESTA/softaculous/vst_installed
 fi
 
-# Adding symlink
-if [ ! -e "$VESTA/web/softaculous" ]; then
-    ln -s $VESTA/softaculous/vesta $VESTA/web/softaculous
+# Enabling symlink
+if [ -e "$VESTA/disabled_plugins/softaculous" ]; then
+    if [ ! -e "$VESTA/web/softaculous" ]; then
+        mv $VESTA/disabled_plugins/softaculous $VESTA/web/softaculous
+    fi
 fi
 
 # Updating SOFTACULOUS value

bin/v-add-web-domain

@@ -47,6 +47,9 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
 is_domain_new 'web' "$domain,$aliases"
+is_dir_symlink $HOMEDIR/$user/web
+if_dir_exists $HOMEDIR/$user/web/$domain
+is_dir_symlink $HOMEDIR/$user/web/$domain
 if [ ! -z "$ip" ]; then
     is_ip_valid "$ip" "$user"
 else
@@ -62,7 +65,7 @@ fi
 source $USER_DATA/user.conf
 
 # Creating domain directories
-mkdir -p $HOMEDIR/$user/web/$domain \
+sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
       $HOMEDIR/$user/web/$domain/public_html \
       $HOMEDIR/$user/web/$domain/public_shtml \
       $HOMEDIR/$user/web/$domain/document_errors \
@@ -79,7 +82,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
     $HOMEDIR/$user/web/$domain/logs/
 
 # Adding domain skeleton
-cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
+sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
 for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
     sed -i "s/%domain%/$domain/g" $file
 done
@@ -88,9 +91,9 @@ done
 chown -R $user:$user $HOMEDIR/$user/web/$domain
 chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
 chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
-chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
-chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
-chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
+sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
+sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
+sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
 
 # Addding PHP-FPM backend
 if [ ! -z "$WEB_BACKEND" ]; then
@@ -112,9 +115,12 @@ if [ "$aliases" = 'none' ]; then
     ALIAS=''
 else
     ALIAS="www.$domain"
-    if [ ! -z "$aliases" ]; then
-        ALIAS="$ALIAS,$aliases"
+    if [ -z "$aliases" ]; then
+        ALIAS="www.$domain"
+    else
+        ALIAS="$aliases"
     fi
+    
     ip_alias=$(get_ip_alias $domain)
     if [ ! -z "$ip_alias" ]; then
         ALIAS="$ALIAS,$ip_alias"

bin/v-add-web-domain-backend

@@ -46,7 +46,7 @@ fi
 
 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
     if [ "$backend_port" -eq "$port" ]; then

bin/v-add-web-domain-ftp

@@ -84,7 +84,7 @@ fi
 /usr/sbin/useradd $ftp_user \
     -s $shell \
     -o -u $(id -u $user) \
-    -g $(id -u $user) \
+    -g $(id -g $user) \
     -M -d "$ftp_path_a"  > /dev/null 2>&1
 
 # Set ftp user password

bin/v-add-web-domain-ssl

@@ -120,6 +120,35 @@ check_result $? "Web restart failed" >/dev/null
 $BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" >/dev/null
 
+# Updating system ssl dependencies
+if [ ! -z "$VESTA_CERTIFICATE" ]; then
+    crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+if [ ! -z "$MAIL_CERTIFICATE" ]; then
+    crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+
+if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
+    hostname=$(hostname)
+    if [ "$hostname" = "$domain" ]; then
+        $BIN/v-update-host-certificate $user $domain
+    fi
+fi
+
+UPDATE_SSL_SCRIPT=''
+source $VESTA/conf/vesta.conf
+if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
+    eval "$UPDATE_SSL_SCRIPT $user $domain"
+fi
+
 # Logging
 log_history "enabled ssl support for $domain"
 log_event "$OK" "$ARGUMENTS"

bin/v-backup-user

@@ -68,8 +68,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
     (( ++i))
 done
 
+if [ -z "$BACKUP_TEMP" ]; then
+    BACKUP_TEMP=$BACKUP
+fi
+
 # Creating temporary directory
-tmpdir=$(mktemp -p /tmp -d)
+tmpdir=$(mktemp -p $BACKUP_TEMP -d)
 
 if [ "$?" -ne 0 ]; then
     echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
@@ -212,24 +216,32 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
             cp $USER_DATA/ssl/$domain.* vesta/
         fi
 
+        # Changin dir to documentroot
+        cd $HOMEDIR/$user/web/$domain
+
         # Define exclude arguments
         exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
         set -f
         fargs=()
-        fargs+=(--exclude='logs/*')
+        fargs+=(--exclude='./logs/*')
         if [ ! -z "$exlusion" ]; then
             xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
             for xpath in $xdirs; do
+                if [ -d "$xpath" ]; then
                     fargs+=(--exclude=$xpath/*)
                     echo "$(date "+%F %T") excluding directory $xpath"
                     msg="$msg\n$(date "+%F %T") excluding directory $xpath"
+                else
+                    echo "$(date "+%F %T") excluding file $xpath"
+                    msg="$msg\n$(date "+%F %T") excluding file $xpath"
+                    fargs+=(--exclude=$xpath)
+                fi
             done
         fi
         set +f
 
         # Backup files
-        cd $HOMEDIR/$user/web/$domain
-        tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
+        tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
     done
 
     # Print total
@@ -388,7 +400,9 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
         grep "DB='$database'" $conf > vesta/db.conf
 
         dump="$tmpdir/db/$database/$database.$TYPE.sql"
+        dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
         grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
+        if [ ! -f "$dumpgz" ]; then
             case $TYPE in
                 mysql) dump_mysql_database ;;
                 pgsql) dump_pgsql_database ;;
@@ -396,6 +410,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
 
             # Compress dump
             gzip -$BACKUP_GZIP $dump
+        fi
     done
 
     # Print total
@@ -445,11 +460,15 @@ if [ "$USER" != '*' ]; then
     fi
     fargs=()
     for xpath in $(echo "$USER" |tr ',' '\n'); do
-        fargs+=(-not)
-        fargs+=(-path)
-        fargs+=("./$xpath*")
+        if [ -d "$xpath" ]; then
+            fargs+=(--exclude=$xpath/*)
             echo "$(date "+%F %T") excluding directory $xpath" |\
             tee -a $BACKUP/$user.log
+        else
+            echo "$(date "+%F %T") excluding file $xpath" |\
+            tee -a $BACKUP/$user.log
+            fargs+=(--exclude=$xpath)
+        fi
     done
 
     IFS=$'\n'
@@ -460,11 +479,12 @@ if [ "$USER" != '*' ]; then
         exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
         if [ -z "$exclusion" ]; then
             ((i ++))
-            udir_list="$udir_list $udir"
+            udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g")
+            udir_list="$udir_list $udir_str"
             echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
 
             # Backup files and dirs
-            tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
+            tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
         fi
     done
     set +f
@@ -499,7 +519,7 @@ local_backup(){
     backup_list=$(ls -lrt $BACKUP/ |awk '{print $9}' |grep "^$user\." | grep ".tar")
     backups_count=$(echo "$backup_list" |wc -l)
     if [ "$BACKUPS" -le "$backups_count" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
 
         # Removing old backup
         for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
@@ -575,7 +595,7 @@ ftp_backup() {
     fi
 
     # Debug info
-    echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
+    echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar"
 
     # Checking ftp connection
     fconn=$(ftpc)
@@ -615,7 +635,7 @@ ftp_backup() {
     fi
     backups_count=$(echo "$backup_list" |wc -l)
     if [ "$backups_count" -ge "$BACKUPS" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
         for backup in $(echo "$backup_list" |head -n $backups_rm_number); do 
             backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar$//")
             echo -e "$(date "+%F %T") Rotated ftp backup: $backup_date" |\
@@ -770,7 +790,7 @@ sftp_backup() {
     fi
     backups_count=$(echo "$backup_list" |wc -l)
     if [ "$backups_count" -ge "$BACKUPS" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
         for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
             backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar.*$//")
             echo -e "$(date "+%F %T") Rotated sftp backup: $backup_date" |\

bin/v-backup-users

@@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then
     exit
 fi
 for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
+        continue;
+    fi
     check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
     log=$VESTA/log/backup.log
     if [ ! -z "$check_suspend" ]; then

bin/v-change-mail-account-password

@@ -52,8 +52,11 @@ salt=$(generate_password "$PW_MATRIX" "8")
 md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
+    quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
+    quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
+    quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
     sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
-    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
+    str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
 

bin/v-change-sys-config-value

@@ -28,6 +28,7 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
 check_args '2' "$#" 'KEY VALUE'
 is_format_valid 'key'
 
+format_no_quotes "$value" 'value'
 
 #----------------------------------------------------------#
 #                       Action                             #

bin/v-change-sys-hostname

@@ -31,18 +31,16 @@ is_format_valid 'domain'
 
 hostname $domain
 
-# RHEL/CentOS
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
+    # RHEL/CentOS/Amazon
     touch /etc/sysconfig/network
     if [ -z "$(grep HOSTNAME /etc/sysconfig/network)" ]; then
         echo "HOSTNAME='$domain'" >> /etc/sysconfig/network
     else
         sed -i "s/HOSTNAME=.*/HOSTNAME='$domain'/" /etc/sysconfig/network
     fi
-fi
-
-# Debian/Ubuntu
-if [ ! -e "/etc/redhat-release" ]; then
+else
+    # Debian/Ubuntu
     echo "$domain" > /etc/hostname
 fi
 

bin/v-change-sys-ip-nat

@@ -34,48 +34,72 @@ is_ip_valid "$ip"
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Changing nat ip
+# Updating IP
 if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
     sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
+    old=''
+    new=$nat_ip
 else
-    update_ip_value '$NAT' "$nat_ip"
+    old=$(get_ip_value '$NAT')
+    new=$nat_ip
+    sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip
+    if [ -z "$nat_ip" ]; then
+        new=$ip
+    fi
 fi
 
-# Check ftp system
-if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
+# Updating WEB configs
+if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then
+    sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf
+    for user in $(ls $VESTA/data/users/); do
+        $BIN/v-rebuild-web-domains $user no
+    done
+    $BIN/v-restart-dns $restart
+fi
 
-    # Find configuration
-    if [ -e '/etc/vsftpd/vsftpd.conf' ]; then
-        conf='/etc/vsftpd/vsftpd.conf'
-    fi
+# Updating DNS configs
+if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then
+    sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf
+    sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf
+    for user in $(ls $VESTA/data/users/); do
+        $BIN/v-rebuild-dns-domains $user no
+    done
+    $BIN/v-restart-dns $restart
+fi
 
-    if [ -e '/etc/vsftpd.conf' ]; then
-        conf='/etc/vsftpd.conf'
-    fi
-
-    # Update config
-    if [ -z "$(grep pasv_address $conf)" ]; then
-        if [ ! -z "$nat_ip" ]; then
+# Updating FTP
+if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then
+    conf=$(find /etc -name $FTP_SYSTEM.conf)
+    if [ -e "$conf" ]; then
+        sed -i "s/$old/$new/g" $conf
+        if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
+            check_pasv=$(grep pasv_address $conf)
+            if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
                 echo "pasv_address=$nat_ip" >> $conf
             fi
-    else
-        if [ ! -z "$nat_ip" ]; then
-            sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
-        else
+            if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then
                 sed -i "/pasv_address/d" $conf
             fi
+            if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
+                sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
             fi
+        fi
+    fi
+    $BIN/v-restart-ftp $restart
 fi
 
+# Updating firewall
+if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then
+    sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
+    $BIN/v-update-firewall
+fi
+
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 
-# Restart ftp server
-$BIN/v-restart-ftp $restart
-check_result $? "FTP restart failed" >/dev/null
-
 # Logging
 log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
 log_event "$OK" "$ARGUMENTS"

bin/v-change-sys-service-config

@@ -63,6 +63,7 @@ case $service in
     spamd)          dst=$($BIN/v-list-sys-spamd-config plain);;
     spamassassin)   dst=$($BIN/v-list-sys-spamd-config plain);;
     clamd)          dst=$($BIN/v-list-sys-clamd-config plain);;
+    clamd.scan)     dst=$($BIN/v-list-sys-clamd-config plain);;
     cron)           dst='/etc/crontab';;
     crond)          dst='/etc/crontab';;
     fail2ban)       dst='/etc/fail2ban/jail.local';;
@@ -95,13 +96,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
 
     if [ "$service" = 'php' ]; then
         if [ "$WEB_SYSTEM" = "nginx" ]; then
-            service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
+            if [ $(ps --no-headers -o comm 1) == systemd ]; then
+                service=$(systemctl | grep -o -E "php.*fpm.*\.service")
+                service=${service//.service/}
+            else
+                service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
+            fi
         else
             service=$WEB_SYSTEM
         fi
     fi
 
-    service $service restart >/dev/null 2>&1
+    for single_service in $service; do
+        service $single_service restart >/dev/null 2>&1
+    done <<< "$service"
+
     if [ $? -ne 0 ]; then
         for config in $dst; do
             cat $config.vst.back > $config

bin/v-change-user-package

@@ -16,16 +16,12 @@ force=$3
 
 # Includes
 source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 
 is_package_avalable() {
 
-    usr_data=$(cat $USER_DATA/user.conf)
-    IFS=$'\n'
-    for key in $usr_data; do
-        eval ${key%%=*}=${key#*=}
-    done
-
+    source $USER_DATA/user.conf
     WEB_DOMAINS='0'
     DATABASES='0'
     MAIL_DOMAINS='0'
@@ -33,9 +29,13 @@ is_package_avalable() {
     DISK_QUOTA='0'
     BANDWIDTH='0'
 
-    pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
-        grep -v DATE)
-    eval $pkg_data
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
+    IFS=$'\n'
+    for str in $pkg_data; do
+        key=$(echo $str |cut -f 1 -d =)
+        value=$(echo $str |cut -f 2 -d \')
+        eval $key="$value"
+    done
 
     # Checking usage agains package limits
     if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@@ -73,11 +73,22 @@ is_package_avalable() {
             check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
         fi
     fi
+
+    # Checking templates
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }
 
 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    source $USER_DATA/user.conf
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
+    IFS=$'\n'
+    for str in $pkg_data; do
+        key=$(echo $str |cut -f 1 -d =)
+        value=$(echo $str |cut -f 2 -d \')
+        eval $key="$value"
+    done
     echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'
@@ -156,7 +167,7 @@ fi
 change_user_package
 
 # Update user shell
-shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
+shell_conf=$(echo "$pkg_data" |grep 'SHELL' |cut -f 2 -d \')
 shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
 /usr/bin/chsh -s "$shell" "$user" &>/dev/null
 

bin/v-change-user-password

@@ -13,6 +13,10 @@
 user=$1
 password=$2; HIDE=2
 
+# Importing system enviroment as we run this script
+# mostly by cron wich not read it by itself
+source /etc/profile
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@@ -22,6 +26,9 @@ source $VESTA/conf/vesta.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
+if [ "$user" = "root" ]; then
+    check_result $E_FORBIDEN "Changing root password is forbiden"
+fi
 check_args '2' "$#" 'USER PASSWORD'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
@@ -37,6 +44,10 @@ is_password_valid
 echo "$user:$password" | /usr/sbin/chpasswd
 md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)
 
+if [ "$user" = 'admin' ] && [ -e "$VESTA/web/reset.admin" ]; then
+    rm -f $VESTA/web/reset.admin
+fi
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-change-vesta-port

@@ -0,0 +1,60 @@
+#!/bin/bash
+# info: change vesta port
+# options: port
+#
+# Function will change vesta port
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+port=$1
+
+if [ -z "$VESTA" ]; then
+    VESTA="/usr/local/vesta"
+fi
+
+# Get current vesta port by reading nginx.conf
+oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
+if [ -z "$oldport" ]; then
+    oldport=8083
+fi
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+# Checking permissions
+if [ "$(id -u)" != '0' ]; then
+    check_result $E_FORBIDEN "You must be root to execute this script"
+fi
+
+check_args '1' "$#" 'PORT'
+is_int_format_valid "$port" 'port number'
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
+if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
+    sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
+fi
+sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
+$VESTA/bin/v-update-firewall
+systemctl restart fail2ban.service
+sed -i "s| $oldport | $port |g" /etc/iptables.rules
+systemctl restart vesta
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit 0;

bin/v-change-web-domain-backend-tpl

@@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf
 
 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
     if [ "$backend_port" -eq "$port" ]; then

bin/v-change-web-domain-ip

@@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user"
 # Preparing variables for vhost replace
 get_domain_values 'web'
 old=$(get_real_ip $IP)
-new=$ip
+new=$(get_real_ip $ip)
 
 # Replacing vhost
 replace_web_config "$WEB_SYSTEM" "$TPL.tpl"

bin/v-check-api-key

@@ -0,0 +1,40 @@
+#!/bin/bash
+# info: check api key
+# options: KEY
+#
+# The function checks a key file in /usr/local/vesta/data/keys/
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+if [ -z "$1" ]; then
+    echo "Error: key missmatch"
+    exit 9
+fi
+key=$(basename $1)
+ip=${2-127.0.0.1}
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ ! -e $VESTA/data/keys/$key ]; then
+    echo "Error: key missmatch"
+    echo "$date $time api $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+echo "$date $time api $ip successfully launched" >> $VESTA/log/auth.log
+
+exit

bin/v-check-letsencrypt-domain

@@ -1,162 +0,0 @@
-#!/bin/bash
-# info: check letsencrypt domain
-# options: USER DOMAIN
-#
-# The function check and validates domain with LetsEncript
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-user=$1
-domain=$2
-
-# Includes
-source $VESTA/func/main.sh
-source $VESTA/conf/vesta.conf
-
-# encode base64
-encode_base64() {
-    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
-}
-
-# Additional argument formatting
-format_domain_idn
-
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
-is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_object_valid 'user' 'USER' "$user"
-is_object_unsuspended 'user' 'USER' "$user"
-if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
-    check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
-fi
-rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
-if [ -z "$rdomain" ]; then
-    check_result $E_NOTEXIST "domain $domain doesn't exist"
-fi
-
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-source $USER_DATA/ssl/le.conf
-api='https://acme-v01.api.letsencrypt.org'
-r_domain=$(echo "$rdomain" |cut -f 2 -d \')
-key="$USER_DATA/ssl/user.key"
-exponent="$EXPONENT"
-modulus="$MODULUS"
-thumb="$THUMB"
-
-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
-
-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-
-# Defining ACME query (request challenge)
-query='{"resource":"new-authz","identifier"'
-query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
-
-# Checking http answer status
-status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
-if [[ "$status" -ne "201" ]]; then
-    check_result $E_CONNECT "LetsEncrypt challenge request $status"
-fi
-
-# Parsing domain nonce,token and uri
-nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
-uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
-
-# Adding location wrapper for request challenge
-if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
-    conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
-    sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
-    if [ ! -e "$conf" ]; then
-        echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
-        echo '    default_type text/plain;' >> $conf
-        echo '    return 200 "$1.'$thumb'";' >> $conf
-        echo '}' >> $conf
-    fi
-    if [ ! -e "$sconf" ]; then
-        ln -s "$conf" "$sconf"
-    fi
-else
-    acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
-    if [ ! -d "$acme" ]; then
-        mkdir -p $acme
-    fi
-    echo "$token.$thumb" > $acme/$token
-    chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
-fi
-
-# Restarting web server
-if [ -z "$PROXY_SYSTEM" ]; then
-    $BIN/v-restart-web
-    check_result $? "Proxy restart failed" >/dev/null
-else
-    $BIN/v-restart-proxy
-    $BIN/v-restart-web
-    check_result $? "Web restart failed" >/dev/null
-fi
-
-# Defining ACME query (request validation)
-query='{"resource":"challenge","type":"http-01","keyAuthorization"'
-query=$query':"'$token.$thumb'","token":"'$token'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$uri")
-
-# Checking domain validation status
-i=1
-status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
-location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
-while [ "$status" = 'pending' ]; do
-    answer=$(curl -s -i "$location")
-    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
-    sleep 1
-    i=$((i + 1))
-    if [ "$i" -gt 60 ]; then
-        check_result $E_CONNECT "$detail"
-    fi
-done
-if [ "$status" = 'invalid' ]; then
-    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    check_result $E_CONNECT "$detail"
-fi
-
-
-#----------------------------------------------------------#
-#                       Vesta                              #
-#----------------------------------------------------------#
-
-# Logging
-log_event "$OK" "$ARGUMENTS"
-
-exit

bin/v-check-user-hash

@@ -0,0 +1,100 @@
+#!/bin/bash
+# info: check user hash
+# options: USER HASH [IP]
+#
+# The function verifies user hash
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+hash=$2; HIDE=2
+ip=${3-127.0.0.1}
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+check_args '2' "$#" 'USER HASH'
+is_format_valid 'user'
+
+# Checking user
+if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+# Checking user hash
+is_hash_valid
+
+# Checking empty hash
+if [[ -z "$hash" ]]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+# Parsing user's salt
+shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
+
+if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
+then
+    salt=$(echo "$shadow" |cut -f 3 -d \$)
+    method=$(echo "$shadow" |cut -f 2 -d \$)
+    if [ "$method" -eq '1' ]; then
+        method='md5'
+    elif [ "$method" -eq '6' ]; then
+        method='sha-512'
+    else
+        echo "Error: password missmatch"
+        echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+        exit 9
+    fi
+else
+    salt=${shadow:0:2}
+    method='des'
+fi
+
+# Checking salt
+if [ -z "$salt" ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+# Comparing hashes
+if [[ "$shadow" != "$hash" ]]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+echo "$date $time $user $ip successfully logged in" >> $VESTA/log/auth.log
+
+exit

bin/v-check-user-password

@@ -82,7 +82,8 @@ if [ -z "$salt" ]; then
 fi
 
 # Generating hash
-hash=$($BIN/v-generate-password-hash $method $salt <<< $password)
+set -o noglob
+hash=$($BIN/v-generate-password-hash $method $salt <<< "$password")
 if [[ -z "$hash" ]]; then
     echo "Error: password missmatch"
     echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log

bin/v-deactivate-vesta-license

@@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/cancel.php?licence_key=$license)
+answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 
 # Checking server answer

bin/v-delete-mail-domain

@@ -56,7 +56,7 @@ fi
 # Deleting dkim dns record
 if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
     records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
     for id in $dkim_records; do
         $BIN/v-delete-dns-record $user $domain $id
     done

bin/v-delete-sys-mail-ssl

@@ -0,0 +1,75 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+vst_crt="$VESTA/ssl/certificate.crt"
+vst_key="$VESTA/ssl/certificate.key"
+
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
+# Moving old certificates
+if [ -e "$VESTA/ssl/mail.crt" ]; then
+    mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
+fi
+if [ -e "VESTA/ssl/mail.key" ]; then
+    mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
+fi
+
+# Updating vesta.conf value
+sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-sys-vesta-ssl

@@ -0,0 +1,37 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Updating vesta.conf value
+sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-user-favourites

@@ -32,6 +32,8 @@ case $system in
     DNS_REC)    is_format_valid 'id' ;;
     *)          is_format_valid 'object'
 esac
+
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 

bin/v-delete-vesta-softaculous

@@ -29,7 +29,8 @@ fi
 
 # Deleting symlink
 if [ -e "$VESTA/web/softaculous" ]; then
-    rm -f $VESTA/web/softaculous
+    mkdir -p $VESTA/disabled_plugins
+    mv $VESTA/web/softaculous $VESTA/disabled_plugins
 fi
 
 # Updating SOFTACULOUS value

bin/v-delete-web-domain-ssl

@@ -57,7 +57,13 @@ fi
 
 # Deleting old certificate
 tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
-rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
+
+# remove certificate files - do not use wildcard, as this might remove other domains
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
+
 mv $USER_DATA/ssl/$domain.* $tmpdir
 chown -R $user:$user $tmpdir
 

bin/v-extract-fs-archive

@@ -82,7 +82,7 @@ fi
 # Extracting ziped archive
 if [ ! -z "$(echo $src_file |grep -i  '.zip')" ]; then
     sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
+    sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
     rc=$?
 fi
 

bin/v-generate-ssl-cert

@@ -67,7 +67,7 @@ fi
 
 args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
 check_args '7' "$#" "$args_usage"
-is_format_valid 'domain_alias' 'format'
+is_format_valid 'domain' 'alias' 'format'
 
 
 #----------------------------------------------------------#

bin/v-get-user-salt

@@ -0,0 +1,118 @@
+#!/bin/bash
+# info: get user salt
+# options: USER [IP] [FORMAT]
+#
+# The function provides users salt
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+ip=${2-127.0.0.1}
+format=${3-shell}
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+# JSON list function
+json_list() {
+    echo '{'
+    echo '    "'$user'": {
+        "METHOD": "'$method'",
+        "SALT": "'$salt'",
+        "TIME": "'$time'",
+        "DATE": "'$date'"
+        }'
+    echo '}'
+}
+
+# SHELL list function
+shell_list() {
+    echo "METHOD:         $method"
+    echo "SALT:           $salt"
+}
+
+# PLAIN list function
+plain_list() {
+    echo -e "$method\t$salt"
+}
+
+# CSV list function
+csv_list() {
+    echo "METHOD,SALT"
+    echo "$method, $salt"
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+check_args '1' "$#" 'USER [IP] [SALT]'
+is_format_valid 'user'
+
+# Checking user
+if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Parsing user's salt
+shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
+
+if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
+then
+    salt=$(echo "$shadow" |cut -f 3 -d \$)
+    method=$(echo "$shadow" |cut -f 2 -d \$)
+    if [ "$method" -eq '1' ]; then
+        method='md5'
+    elif [ "$method" -eq '6' ]; then
+        method='sha-512'
+    else
+        echo "Error: password missmatch"
+        echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+        exit 9
+    fi
+else
+    salt=${shadow:0:2}
+    method='des'
+fi
+
+if [ -z "$salt" ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+
+exit

bin/v-insert-dns-domain

@@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then
 fi
 
 # Flush domain
-if [ "$flush" ! = 'no' ]; then
+if [ "$flush" != 'no' ]; then
     sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
 fi
 

bin/v-list-dns-domain

@@ -71,6 +71,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'dns' 'DOMAIN' "$domain"
 

bin/v-list-letsencrypt-user

@@ -23,7 +23,8 @@ json_list() {
         "EMAIL": "'$EMAIL'",
         "EXPONENT": "'$EXPONENT'",
         "MODULUS": "'$MODULUS'",
-        "THUMB: "'$THUMB'"
+        "THUMB": "'$THUMB'",
+        "KID": "'$KID'"
     }'
     echo '}'
 }
@@ -35,17 +36,18 @@ shell_list() {
     echo "THUMB:          $THUMB"
     echo "EXPONENT:       $EXPONENT"
     echo "MODULUS:        $MODULUS"
+    echo "KID:            $KID"
 }
 
 # PLAIN list function
 plain_list() {
-    echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB"
+    echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
 }
 
 # CSV list function
 csv_list() {
-    echo "USER,EMAIL,EXPONENT,MODULUS,THUMB"
-    echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB"
+    echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
+    echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
 }
 
 
@@ -54,6 +56,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
     check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"

bin/v-list-mail-domain-dkim-dns

@@ -57,6 +57,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"
 
@@ -67,7 +68,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
 
 # Parsing domain keys
 if [ -e "$USER_DATA/mail/$domain.pub" ]; then
-    pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----")
+    pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
     pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
 else
     pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"

bin/v-list-sys-config

@@ -51,7 +51,9 @@ json_list() {
         "MAIL_URL": "'$MAIL_URL'",
         "DB_PMA_URL": "'$DB_PMA_URL'",
         "DB_PGA_URL": "'$DB_PGA_URL'",
-        "SOFTACULOUS": "'$SOFTACULOUS'"
+        "SOFTACULOUS": "'$SOFTACULOUS'",
+        "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
+        "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
     }
 }'
 }
@@ -138,6 +140,12 @@ shell_list() {
     if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
         echo "Language:       $LANGUAGE"
     fi
+    if [ ! -z "$MAIL_CERTIFICATE" ]; then
+        echo "Mail SSL:       $MAIL_CERTIFICATE"
+    fi
+    if [ ! -z "$VESTA_CERTIFICATE" ]; then
+        echo "Vesta SSL:      $VESTA_CERTIFICATE"
+    fi
     echo "Version:        $VERSION"
 }
 
@@ -151,7 +159,8 @@ plain_list() {
     echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
     echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
     echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
-    echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
+    echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
+    echo -e  "$VESTA_CERTIFICATE"
 }
 
 
@@ -165,7 +174,8 @@ csv_list() {
     echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
     echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
     echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
-    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
+    echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
+    echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
     echo
     echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
     echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@@ -176,6 +186,7 @@ csv_list() {
     echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
     echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
     echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
+    echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
     echo
 }
 
@@ -187,7 +198,7 @@ csv_list() {
 # Listing data
 case $format in
     json)   json_list ;;
-    plain)  shell_list ;;
+    plain)  plain_list ;;
     csv)    csv_list ;;
     shell)  shell_list ;;
 esac

bin/v-list-sys-info

@@ -56,17 +56,18 @@ csv_list() {
 HOSTNAME=$(hostname)
 
 # Check OS/Release
-if [ -e '/etc/redhat-release' ]; then
-    if [ ! -z "$(grep CentOS /etc/redhat-release)" ]; then
+if [ -d '/etc/sysconfig' ]; then
+    if [ -e '/etc/redhat-release' ]; then
         OS='CentOS'
+        VERSION=$(cat /etc/redhat-release |tr ' ' '\n' |grep [0-9])
     else
-        OS="RHEL"
+        OS="Amazon"
+        VERSION=$(cat /etc/issue |tr ' ' '\n' |grep [0-9])
     fi
-    VERSION=$(cat /etc/redhat-release| tr ' ' '\n' |grep [0-9])
 else
     if [ "$(lsb_release -si)" == "Ubuntu" ] && [ -e '/etc/debian_version' ]; then
         OS="Ubuntu"
-        VERSION=$(grep DISTRIB_RELEASE /etc/lsb-release| cut -f 2 -d '=')
+        VERSION=$(grep DISTRIB_RELEASE /etc/lsb-release |cut -f 2 -d '=')
     else
         distro=$(head -n1 /etc/issue |cut -f 1 -d ' ')
         if [ "$distro" = 'Debian' ]; then

bin/v-list-sys-mail-ssl

@@ -0,0 +1,135 @@
+#!/bin/bash
+# info: list mail ssl certificate
+# options: [FORMAT]
+#
+# The function of obtaining mail ssl files.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    echo '{'
+    echo -e "\t\"MAIL\": {"
+    echo "        \"CRT\": \"$crt\","
+    echo "        \"KEY\": \"$key\","
+    echo "        \"CA\": \"$ca\","
+    echo "        \"SUBJECT\": \"$subj\","
+    echo "        \"ALIASES\": \"$alt_dns\","
+    echo "        \"NOT_BEFORE\": \"$before\","
+    echo "        \"NOT_AFTER\": \"$after\","
+    echo "        \"SIGNATURE\": \"$signature\","
+    echo "        \"PUB_KEY\": \"$pub_key\","
+    echo "        \"ISSUER\": \"$issuer\""
+    echo -e "\t}\n}"
+}
+
+# SHELL list function
+shell_list() {
+    if [ ! -z "$crt" ]; then
+        echo -e "$crt"
+    fi
+    if [ ! -z "$key" ]; then
+        echo -e "\n$key"
+    fi
+    if [ ! -z "$crt" ]; then
+        echo
+        echo
+        echo "SUBJECT:        $subj"
+        if [ ! -z "$alt_dns" ]; then
+            echo "ALIASES:        ${alt_dns//,/ }"
+        fi
+        echo "VALID FROM:     $before"
+        echo "VALID TIL:      $after"
+        echo "SIGNATURE:      $signature"
+        echo "PUB_KEY:        $pub_key"
+        echo "ISSUER:         $issuer"
+    fi
+}
+
+# PLAIN list function
+plain_list() {
+    if [ ! -z "$crt" ]; then
+        echo -e "$crt"
+    fi
+    if [ ! -z "$key" ]; then
+        echo -e "\n$key"
+    fi
+    if [ ! -z "$ca" ]; then
+        echo -e "\n$ca"
+    fi
+    if [ ! -z "$crt" ]; then
+        echo "$subj"
+        echo "${alt_dns//,/ }"
+        echo "$before"
+        echo "$after"
+        echo "$signature"
+        echo "$pub_key"
+        echo "$issuer"
+    fi
+
+}
+
+# CSV list function
+csv_list() {
+    echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
+    echo "PUB_KEY,ISSUER"
+    echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
+    echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Parsing SSL certificate
+if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
+    exit
+fi
+
+crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
+key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
+
+
+# Parsing SSL certificate details without CA
+info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
+subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
+after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
+signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
+signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
+pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
+issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
+alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
+alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
+alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit

bin/v-list-sys-services

@@ -191,7 +191,7 @@ fi
 
 # Checking MAIL ANTIVIRUS
 if [ ! -z "$ANTIVIRUS_SYSTEM" ] && [ "$ANTIVIRUS_SYSTEM" != 'remote' ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         if [ "$ANTIVIRUS_SYSTEM" == 'clamav' ];then
             ANTIVIRUS_SYSTEM='clamd'
         fi
@@ -220,7 +220,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
         proc_name=''
         service="$db"
         if [ "$service" = 'mysql' ]; then
-            if [ -e "/etc/redhat-release" ]; then
+            if [ -d "/etc/sysconfig" ]; then
                 service='mysqld'
                 proc_name='mysqld'
                 if [ -e "/usr/lib/systemd/system/mariadb.service" ]; then
@@ -231,7 +231,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
         if [ "$service" == 'pgsql' ]; then
             service='postgresql'
             proc_name='postmaster'
-            if [ ! -e "/etc/redhat-release" ]; then
+            if [ ! -d "/etc/sysconfig" ]; then
                 proc_name='postgres'
             fi
             if [ ! -e '/etc/init.d/postgresql' ]; then

bin/v-list-sys-vesta-updates

@@ -64,7 +64,7 @@ shell_list() {
 latest=$(wget -q -T 1 -t 1 http://c.vestacp.com/latest.txt -O -)
 
 # Checking installed vesta version
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     rpm_format="VERSION='%{VERSION}'"
     rpm_format="$rpm_format RELEASE='%{RELEASE}'"
     rpm_format="$rpm_format ARCH='%{ARCH}'"
@@ -89,7 +89,7 @@ data="NAME='vesta' VERSION='$VERSION' RELEASE='$RELEASE' ARCH='$ARCH'"
 data="$data UPDATED='$UPDATED' DESCR='core package' TIME='$TIME' DATE='$DATE'"
 
 # Checking installed vesta-php version
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     eval $(rpm --queryformat="$rpm_format" -q vesta-php)
     DATE=$(date -d @$UTIME +%F)
     TIME=$(date -d @$UTIME +%T)
@@ -107,7 +107,7 @@ data="$data ARCH='$ARCH' UPDATED='$UPDATED' DESCR='php interpreter'"
 data="$data TIME='$TIME' DATE='$DATE'"
 
 # Checking installed vesta-nginx version
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     eval $(rpm --queryformat="$rpm_format" -q vesta-nginx)
     DATE=$(date -d @$UTIME +%F)
     TIME=$(date -d @$UTIME +%T)
@@ -126,7 +126,7 @@ data="$data TIME='$TIME' DATE='$DATE'"
 
 # Checking installed vesta-ioncube version
 if [ "$SOFTACULOUS" = 'yes' ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         eval $(rpm --queryformat="$rpm_format" -q vesta-ioncube)
         DATE=$(date -d @$UTIME +%F)
         TIME=$(date -d @$UTIME +%T)
@@ -146,7 +146,7 @@ fi
 
 # Checking installed vesta-softaculous version
 if [ "$SOFTACULOUS" = 'yes' ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         eval $(rpm --queryformat="$rpm_format" -q vesta-softaculous)
         DATE=$(date -d @$UTIME +%F)
         TIME=$(date -d @$UTIME +%T)

bin/v-list-user

@@ -154,6 +154,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 
 

bin/v-list-user-backup

@@ -75,6 +75,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER BACKUP [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'backup' 'BACKUP' "$backup"
 

bin/v-list-user-backups

@@ -22,7 +22,7 @@ json_list() {
     i=1
     objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
     echo "{"
-    while read str; do
+    while read -r str; do
         eval $str
         echo -n '    "'$BACKUP'": {
         "TYPE": "'$TYPE'",

bin/v-list-user-log

@@ -23,7 +23,10 @@ json_list() {
     objects=$(echo "$logs" |wc -l)
     echo "{"
     for str in $logs; do
-        eval $str
+        ID=$(echo "$str" |cut -f 2 -d \')
+        DATE=$(echo "$str" |cut -f 4 -d \')
+        TIME=$(echo "$str" |cut -f 6 -d \')
+        CMD=$(echo "$str" |cut -f 8 -d \')
         CMD=${CMD//\"/\\\"}
         echo -n '    "'$ID'": {
         "CMD": "'$CMD'",
@@ -46,13 +49,9 @@ shell_list() {
     echo "DATE~TIME~CMD"
     echo "----~----~---"
     for str in $logs; do
-        eval $str
-        if [ -z "$DATE" ]; then
-            DATE='no'
-        fi
-        if [ -z "$TIME" ]; then
-            TIME='no'
-        fi
+        DATE=$(echo "$str" |cut -f 4 -d \')
+        TIME=$(echo "$str" |cut -f 6 -d \')
+        CMD=$(echo "$str" |cut -f 8 -d \')
         echo "$DATE~$TIME~$CMD"
     done
 }
@@ -61,7 +60,9 @@ shell_list() {
 plain_list() {
     IFS=$'\n'
     for str in $logs; do
-        eval $str
+        DATE=$(echo "$str" |cut -f 4 -d \')
+        TIME=$(echo "$str" |cut -f 6 -d \')
+        CMD=$(echo "$str" |cut -f 8 -d \')
         echo -e "$ID\t$CMD\t$UNDO\t$TIME\t$DATE"
     done
 }
@@ -71,7 +72,9 @@ csv_list() {
     IFS=$'\n'
     echo "ID,CMD,UNDO,TIME,DATE"
     for str in $logs; do
-        eval $str
+        DATE=$(echo "$str" |cut -f 4 -d \')
+        TIME=$(echo "$str" |cut -f 6 -d \')
+        CMD=$(echo "$str" |cut -f 8 -d \')
         echo "$ID,\"$CMD\",\"$UNDO\",$TIME,$DATE"
     done
 }

bin/v-list-user-package

@@ -22,6 +22,7 @@ json_list() {
     echo '{'
     echo '    "'$PACKAGE'": {
         "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
+        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
         "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
         "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
         "WEB_DOMAINS": "'$WEB_DOMAINS'",
@@ -47,6 +48,7 @@ json_list() {
 shell_list() {
     echo "PACKAGE:        $PACKAGE"
     echo "WEB TEMPLATE:   $WEB_TEMPLATE"
+    echo "BACKEND_TEMPLATE:   $BACKEND_TEMPLATE"
     echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
     echo "DNS TEMPLATE:   $DNS_TEMPLATE"
     echo "WEB DOMAINS:    $WEB_DOMAINS"
@@ -68,7 +70,7 @@ shell_list() {
 
 # PLAIN list function
 plain_list() {
-    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
     echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
     echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
     echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@@ -76,11 +78,11 @@ plain_list() {
 
 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
     echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
     echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
     echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
-    echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+    echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
     echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
     echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
     echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"

bin/v-list-user-packages

@@ -27,6 +27,7 @@ json_list() {
         source $VESTA/data/packages/$package
         echo -n '    "'$PACKAGE'": {
         "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
+        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
         "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
         "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
         "WEB_DOMAINS": "'$WEB_DOMAINS'",
@@ -65,7 +66,7 @@ shell_list() {
         package_data=$(cat $VESTA/data/packages/$package)
         package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
         eval $package_data
-        echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
+        echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
         echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
     done
 }
@@ -75,7 +76,7 @@ plain_list() {
     for package in $packages; do
         source $VESTA/data/packages/$package
         PACKAGE=${package/.pkg/}
-        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
         echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
         echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
         echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@@ -84,13 +85,13 @@ plain_list() {
 
 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
     echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
     echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
     echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
     for package in $packages; do
         PACKAGE=${package/.pkg/}
-        echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+        echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
         echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
         echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
         echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"

bin/v-list-user-stats

@@ -115,6 +115,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 
 

bin/v-list-users

@@ -15,9 +15,14 @@ format=${1-shell}
 # JSON list function
 json_list() {
     echo '{'
-    object_count=$(grep '@' /etc/passwd |wc -l)
     i=1
     while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
+        if [ $i -gt 1 ]; then
+            echo ","
+        fi
         source $VESTA/data/users/$USER/user.conf
         echo -n '    "'$USER'": {
         "FNAME": "'$FNAME'",
@@ -74,14 +79,8 @@ json_list() {
         "TIME": "'$TIME'",
         "DATE": "'$DATE'"
         }'
-        if [ "$i" -lt "$object_count" ]; then
-            echo ','
-        else
-            echo
-        fi
         ((i++))
     done < <(grep '@' /etc/passwd |cut -f1 -d:)
-
     echo '}'
 }
 
@@ -90,6 +89,9 @@ shell_list() {
     echo "USER   PKG   WEB   DNS   MAIL   DB   DISK   BW   SPND   DATE"
     echo "----   ---   ---   ---   ---    --   ----   --   ----   ----"
     while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
         source $VESTA/data/users/$USER/user.conf
         echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
         echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@@ -99,6 +101,9 @@ shell_list() {
 # PLAIN list function
 plain_list() {
     while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
         source $VESTA/data/users/$USER/user.conf
         echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
         echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@@ -131,6 +136,9 @@ csv_list() {
     echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
     echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
     while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
         source $VESTA/data/users/$USER/user.conf
         echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
         echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@@ -151,6 +159,9 @@ csv_list() {
 # Raw list function
 raw_list() {
     while read USER; do
+        if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
+            continue;
+        fi
         echo $VESTA/data/users/$USER/user.conf
         cat $VESTA/data/users/$USER/user.conf
     done < <(grep '@' /etc/passwd |cut -f1 -d:)

bin/v-list-web-domain

@@ -110,6 +110,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 

bin/v-list-web-domain-ssl

@@ -19,6 +19,7 @@ source $VESTA/func/main.sh
 
 # JSON list function
 json_list() {
+    issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
     echo '{'
     echo -e "\t\"$domain\": {"
     echo "        \"CRT\": \"$crt\","
@@ -97,6 +98,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
+is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 
@@ -110,7 +112,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
     crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
 
     info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
-    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \")
     before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
     after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
     signature=$(echo "$info" |grep "Algorithm:" |head -n1 )

bin/v-list-web-domains

@@ -100,6 +100,7 @@ csv_list() {
 #----------------------------------------------------------#
 
 check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 
 

bin/v-open-fs-config

@@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then
         echo "Error: invalid source path $src_file"
         exit 2
     fi
+    spath=$(echo "$rpath" |egrep "/etc|/var/lib")
+    if [ -z "$spath" ]; then
+        echo "Error: invalid source path $src_file"
+        exit 2
+    fi
 fi
 
 # Reading conf

bin/v-rebuild-web-domains

@@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user"
 #----------------------------------------------------------#
 
 # Deleting old web configs
-sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
+sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
 if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf"  ]; then
     rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf
 fi
@@ -47,7 +47,7 @@ fi
 
 # Deleting old proxy configs
 if [ ! -z "$PROXY_SYSTEM" ]; then
-    sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
+    sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
 
     if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then
         rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf

bin/v-restart-proxy

@@ -50,7 +50,13 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
 fi
 
 # Restart system
-service $PROXY_SYSTEM restart >/dev/null 2>&1
+if [ ! -f "/etc/debian_version" ]; then
+    service $PROXY_SYSTEM restart >/dev/null 2>&1
+else
+    systemctl reset-failed $PROXY_SYSTEM
+    systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
+fi
+
 if [ $? -ne 0 ]; then
     send_email_report
     check_result $E_RESTART "$PROXY_SYSTEM restart failed"

bin/v-restart-web-backend

@@ -50,7 +50,7 @@ if [ -z "$WEB_BACKEND" ] || [ "$WEB_BACKEND" = 'remote' ]; then
 fi
 
 # Restart system
-php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d /)
+php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d / |head -n 1)
 if [ -z "$php_fpm" ]; then
     service $WEB_BACKEND restart >/dev/null 2>&1
 else

bin/v-restore-user

@@ -56,6 +56,7 @@ ftpc() {
     quote USER $USERNAME
     quote PASS $PASSWORD
     binary
+    lcd $BACKUP
     $1
     $2
     $3
@@ -229,8 +230,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
     (( ++i))
 done
 
+if [ -z "$BACKUP_TEMP" ]; then
+    BACKUP_TEMP=$BACKUP
+fi
+
 # Creating temporary directory
-tmpdir=$(mktemp -p /tmp -d)
+tmpdir=$(mktemp -p $BACKUP_TEMP -d)
 if [ "$?" -ne 0 ]; then
     echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
     sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
@@ -285,7 +290,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
     if [ -z "$web" ] || [ "$web" = '*' ]; then
         domains="$backup_domains"
     else
-        echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$web" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
         domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
     fi
 
@@ -373,8 +378,10 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
 
             # Copying ssl certificates
             if [ "$SSL" = 'yes' ]; then
-                for crt in $(ls $tmpdir/web/$domain/conf |grep ssl); do
-                    crt=$(echo "$crt" |sed "s/ssl.//")
+                certificates=$(ls $tmpdir/web/$domain/conf| grep ssl)
+                certificates=$(echo "$certificates" |grep $domain)
+                for crt in $certificates; do
+                    crt=$(echo $crt|sed -e "s/ssl.//")
                     cp -f $tmpdir/web/$domain/conf/ssl.$crt $USER_DATA/ssl/$crt
                 done
             fi
@@ -400,15 +407,21 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
         fi
 
         # Restoring web domain data
-        tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
-            -C $HOMEDIR/$user/web/$domain/
-        if [ "$?" -ne 0 ]; then
-            rm -rf $tmpdir
-            error="can't unpack $domain data tarball"
-            echo "$error" |$SENDMAIL -s "$subj" $email $notify
-            sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
-            check_result "$E_PARSING" "$error"
+        chown $user $tmpdir
+        chmod u+w $HOMEDIR/$user/web/$domain
+        sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
+            -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
+            2> $HOMEDIR/$user/web/$domain/restore_errors.log
+        if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
+            chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
         fi
+        #if [ "$?" -ne 0 ]; then
+        #    rm -rf $tmpdir
+        #    error="can't unpack $domain data tarball"
+        #    echo "$error" |$SENDMAIL -s "$subj" $email $notify
+        #    sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
+        #    check_result "$E_PARSING" "$error"
+        #fi
 
         # Applying Fix for tar < 1.24
         find $HOMEDIR/$user/web/$domain -type d \
@@ -446,7 +459,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
     if [ -z "$dns" ] || [ "$dns" = '*' ]; then
         domains="$backup_domains"
     else
-        echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
         domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
     fi
 
@@ -526,7 +539,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
     if [ -z "$mail" ] || [ "$mail" = '*' ]; then
         domains="$backup_domains"
     else
-        echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
         domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
     fi
 
@@ -586,7 +599,9 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
 
         # Restoring emails
         if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
-            tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
+            chown $user $tmpdir
+            chmod u+w $HOMEDIR/$user/mail/$domain_idn
+            sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
                 -C $HOMEDIR/$user/mail/$domain_idn/
             if [ "$?" -ne 0 ]; then
                 rm -rf $tmpdir
@@ -621,7 +636,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
     if [ -z "$db" ] || [ "$db" = '*' ]; then
         databases="$backup_databases"
     else
-        echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt
         databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
     fi
 

bin/v-schedule-user-restore

@@ -23,6 +23,19 @@ udir=$8
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 
+# Check backup ownership function
+is_backup_available() {
+    passed=false
+    if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
+        passed=true
+    elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
+        passed=true
+    fi
+
+    if [ $passed = false ]; then
+        check_result $E_FORBIDEN "permission denied"
+    fi
+}
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -34,6 +47,7 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_backup_enabled
 is_backup_scheduled 'restore'
+is_backup_available "$user" "$backup"
 
 
 #----------------------------------------------------------#

bin/v-search-object

@@ -84,6 +84,22 @@ OLD_IFS=$IFS
 IFS=$'\n'
 
 # User loop
+search_user=$(ls -1 $VESTA/data/users |grep $object)
+for user in $search_user; do
+    if [ -e "$VESTA/data/users/$user/user.conf" ]; then
+        source $VESTA/data/users/$user/user.conf
+        ((i ++))
+        type=$(echo $type|cut -f1 -d \.)
+        str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
+        str="$str RESULT='$user' ALIAS=''"
+        str="$str LINK='$user' PARENT=''"
+        str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
+        str="$str DATE='$DATE'"
+        echo $str >> $conf
+    fi
+done
+
+# User data loop
 for user in $(ls $VESTA/data/users/); do
     # Search query
     search=$(grep "$object" \
@@ -154,12 +170,13 @@ for user in $(ls $VESTA/data/users/); do
 
         # DNS Records
         if [ "$type" = 'dns' ]; then
-            if [ -n "$(echo $RECORD |grep $object)" ]; then
+            if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then
+                dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
                 key="RECORD"
-                result="$RECORD.$DOMAIN"
+                result="$RECORD.$dom"
                 suspended=$SUSPENDED
                 object_link=$ID
-                object_parent=$DOMAIN
+                object_parent=$dom
                 object_time=$TIME
                 object_date=$DATE
                 ((i ++))

bin/v-search-ssl-certificates

@@ -0,0 +1,93 @@
+#!/bin/bash
+# info: search ssl certificates
+# options: [FORMAT]
+#
+# The function to obtain the list of available ssl certificates.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+    IFS=$'\n'
+    objects=$(echo "$search_cmd" |wc -l)
+    i=1
+    echo '['
+    for str in $search_cmd; do
+        eval $str
+        if [ "$i" -lt "$objects" ]; then
+            echo -e  "\t\"$USER:$DOMAIN\","
+        else
+            echo -e  "\t\"$USER:$DOMAIN\""
+        fi
+        (( ++i))
+    done
+    echo "]"
+}
+
+# SHELL list function
+shell_list() {
+    IFS=$'\n'
+    echo "USER   DOMAIN"
+    echo "----   ------"
+    for str in $search_cmd; do
+        eval $str
+        echo "$USER $DOMAIN"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    IFS=$'\n'
+    for str in $search_cmd; do
+        eval $str
+        echo -e "$USER\t$DOMAIN"
+    done
+}
+
+# CSV list function
+csv_list() {
+    IFS=$'\n'
+    echo "USER,DOMAIN"
+    for str in $search_cmd; do
+        eval $str
+        echo  "$USER,$DOMAIN"
+    done
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
+    cut -f 1 -d ' ' |\
+    sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list |column -t ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit

bin/v-sign-letsencrypt-csr

@@ -1,110 +0,0 @@
-#!/bin/bash
-# info: sing letsencrypt csr
-# options: USER DOMAIN CSR_DIR [FORMAT]
-#
-# The function signs certificate request using LetsEncript API
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-user=$1
-domain=$2
-csr="$3/$domain.csr"
-format=$4
-
-# Includes
-source $VESTA/func/main.sh
-source $VESTA/conf/vesta.conf
-
-# encode base64
-encode_base64() {
-    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
-}
-
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-check_args '3' "$#" 'USER DOMAIN CSR'
-is_format_valid 'user' 'domain'
-is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_object_valid 'user' 'USER' "$user"
-is_object_unsuspended 'user' 'USER' "$user"
-if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
-    check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
-fi
-check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
-if [ -z "$check_domain" ]; then
-    check_result $E_NOTEXIST "domain $domain doesn't exist"
-fi
-if [ ! -e "$csr" ]; then
-    check_result $E_NOTEXIST "$csr doesn't exist"
-fi
-
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-source $USER_DATA/ssl/le.conf
-api='https://acme-v01.api.letsencrypt.org'
-key="$USER_DATA/ssl/user.key"
-exponent="$EXPONENT"
-modulus="$MODULUS"
-thumb="$THUMB"
-
-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
-
-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-
-# Defining ACME query (request challenge)
-csr=$(openssl req -in $csr -outform DER |encode_base64)
-query='{"resource":"new-cert","csr":"'$csr'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(mktemp)
-curl -s -d "$data" "$api/acme/new-cert" -o $answer
-if [ ! -z "$(grep Error $answer)" ]; then
-    detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    detail=$(echo "$detail" |awk -F "::" '{print $2}')
-    rm $answer
-    check_result $E_LIMIT "$detail"
-fi
-
-# Printing certificate
-crt=$(cat "$answer" |openssl base64 -e)
-rm $answer
-if [ "$format" != 'json' ]; then
-    echo "-----BEGIN CERTIFICATE-----"
-    echo "$crt"
-    echo "-----END CERTIFICATE-----"
-else
-    echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
-    echo -n '-----BEGIN CERTIFICATE-----\n'
-    echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
-    echo -n '-----END CERTIFICATE-----'
-    echo -e  "\"\n\t\t}\n\t}"
-fi
-
-
-#----------------------------------------------------------#
-#                       Vesta                              #
-#----------------------------------------------------------#
-
-# Logging
-log_event "$OK" "$ARGUMENTS"
-
-exit

bin/v-stop-firewall

@@ -56,7 +56,7 @@ bash $tmp 2>/dev/null
 rm -f $tmp
 
 # Saving rules to the master iptables file
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     /sbin/iptables-save > /etc/sysconfig/iptables
     if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
         /sbin/chkconfig iptables off

bin/v-suspend-dns-domain

@@ -41,6 +41,16 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain"
 #                       Action                             #
 #----------------------------------------------------------#
 
+# Deleting system configs
+if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
+    if [ -e '/etc/named.conf' ]; then
+        dns_conf='/etc/named.conf'
+    else
+        dns_conf='/etc/bind/named.conf'
+    fi
+
+    sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-unsuspend-dns-domain

@@ -40,7 +40,21 @@ is_object_suspended 'dns' 'DOMAIN' "$domain"
 #                       Action                             #
 #----------------------------------------------------------#
 
+# Creating system configs
+if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
+    if [ -e '/etc/named.conf' ]; then
+        dns_conf='/etc/named.conf'
+        dns_group='named'
+    else
+        dns_conf='/etc/bind/named.conf'
+        dns_group='bind'
+    fi
 
+    # Adding zone in named.conf
+    named="zone \"$domain_idn\" {type master; file"
+    named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};"
+    echo "$named" >> $dns_conf
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-unsuspend-mail-account

@@ -48,6 +48,9 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
     quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
+    if [ "$quota" = 'unlimited' ]; then
+        quota=0
+    fi
     sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
     str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd

bin/v-update-firewall

@@ -51,11 +51,6 @@ if [ $? -ne 0 ]; then
     conntrack_ftp='no'
 fi
 
-# Checking custom OpenSSH  port
-sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
-if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22"  ]; then
-    sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
-fi
 
 # Creating temporary file
 tmp=$(mktemp)
@@ -157,7 +152,7 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then
 fi
 
 # Saving rules to the master iptables file
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     /sbin/iptables-save > /etc/sysconfig/iptables
     if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
         /sbin/chkconfig iptables on

bin/v-update-host-certificate

@@ -72,11 +72,16 @@ chown $exim_user:mail $VESTA/ssl/certificate.crt
 chown $exim_user:mail $VESTA/ssl/certificate.key
 
 # Restart exim, dovecot & vesta
-v-restart-mail
-v-restart-service dovecot
-v-restart-service vesta
-
-
+$BIN/v-restart-mail
+if [ ! -z "$IMAP_SYSTEM" ]; then
+    $BIN/v-restart-service "$IMAP_SYSTEM"
+fi
+if [ ! -z "$FTP_SYSTEM" ]; then
+    $BIN/v-restart-service "$FTP_SYSTEM"
+fi
+if [ -f "/var/run/vesta-nginx.pid" ]; then
+    kill -HUP $(cat /var/run/vesta-nginx.pid)
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-update-letsencrypt-ssl

@@ -22,42 +22,63 @@ source $VESTA/conf/vesta.conf
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Defining user list
-users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
+lecounter=0
+hostname=$(hostname)
 
-# Checking users
-for user in $users; do
+echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
+
+# Checking user certificates
+for user in $($BIN/v-list-users plain |cut -f 1); do
     USER_DATA=$VESTA/data/users/$user
-    # Checking user certificates
+
     for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
     
-        crt="$VESTA/data/users/$user/ssl/$domain.crt"
-        crt_data=$(openssl x509 -text -in "$crt")
-        expire=$(echo "$crt_data" |grep "Not After")
-        expire=$(echo "$expire" |cut -f 2,3,4 -d :)
-        expire=$(date -d "$expire" +%s)
+        limit_check=1
+        fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
+
+        if [[ "$hostname" = "$domain" ]]; then
+            if [[ "$fail_counter" -eq 7 ]]; then
+                limit_check=0
+            fi
+            if [[ "$fail_counter" -eq 8 ]]; then
+                fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
+                send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
+            fi
+        fi
+
+        if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
+            # echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
+            echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
+            continue;
+        fi
+        crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
+        not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
+        expiration=$(date -d "$not_after" +%s)
         now=$(date +%s)
-        expire=$((expire - now))
-        expire=$((expire / 86400))
-        domain=$(basename $crt |sed -e "s/.crt$//")
-        if [[ "$expire" -lt 31 ]]; then
+        seconds_valid=$((expiration - now))
+        days_valid=$((seconds_valid / 86400))
+        if [[ "$days_valid" -lt 31 ]]; then
+            if [ $lecounter -gt 0 ]; then
+                sleep 120
+            fi
+            ((lecounter++))
             aliases=$(echo "$crt_data" |grep DNS:)
-            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
+            aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
             aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
-            aliases=$(echo "$aliases" |grep -v "^$domain$")
-            if [ ! -z "$aliases" ]; then
+            aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
             aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
             msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
             if [ $? -ne 0 ]; then
-                    echo "$domain $msg"
-                fi
+                if [[ $msg == *"is suspended" ]]; then
+                    echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
                 else
-                msg==$($BIN/v-add-letsencrypt-domain $user $domain)
-                if [ $? -ne 0 ]; then
+                    echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
                     echo "$domain $msg"
+                    fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
+                    echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
+                    echo "fail_counter = $fail_counter"
                 fi
             fi
-            sleep 10
         fi
     done
 done

bin/v-update-sys-ip

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: update system ip
-# options: [USER] [IP_STATUS]
+# options: [NONE]
 #
 # The function scans configured ip in the system and register them with vesta
 # internal database. This call is intended for use on vps servers, where ip is
@@ -11,12 +11,10 @@
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 
-# Argument definition
-user=${1-admin}
-ip_status=${2-shared}
+# Importing system variables
+source /etc/profile
 
 # Includes
-source /etc/profile.d/vesta.sh
 source $VESTA/func/main.sh
 source $VESTA/func/ip.sh
 source $VESTA/conf/vesta.conf
@@ -26,87 +24,84 @@ source $VESTA/conf/vesta.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '0' "$#" '[USER] [IP_STATUS]'
-is_format_valid 'user' 'ip_status'
-is_object_valid 'user' 'USER' "$user" "$user"
-
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Get list of ip addresses
-ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}')
-ip_list=$(echo "$ip_list"|cut -f 1 -d /)
-ip_num=$(echo "$ip_list" | wc -l)
+# Listing system ip addresses
+ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/)
+v_ips=$(ls $VESTA/data/ips/)
+ip_num=$(echo "$ips" |wc -l)
+v_ip_num=$(echo "$v_ips" |wc -l)
 
-# WorkAround for DHCP IP address
-vst_ip_list=$(ls $VESTA/data/ips/)
-vst_ip_num=$(echo "$vst_ip_list" | wc -l)
-
-if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then
-    if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then
-        new=$ip_list
-        old=$vst_ip_list
-        mv $VESTA/data/ips/$old $VESTA/data/ips/$new
-        if [ ! -z "$PROXY_SYSTEM" ]; then
-            mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \
-                /etc/$PROXY_SYSTEM/conf.d/$new.conf
-            sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf
-        fi
-        if [ ! -z "$WEB_SYSTEM" ]; then
-            mv /etc/$WEB_SYSTEM/conf.d/$old.conf \
-                /etc/$WEB_SYSTEM/conf.d/$new.conf
-            sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf
-            sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
-
-            # Rebuild web domains
-            for user in $(ls $VESTA/data/users/); do
-                $BIN/v-rebuild-web-domains $user no
-            done
-        fi
-        if [ ! -z "$FTP_SYSTEM" ];then
-            ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
-            sed -i "s/$old/$new/g" $ftpd_conf_file
-        fi
-
-        # Restarting web server
-        $BIN/v-restart-web
-
-        # Restarting ftp server
-        $BIN/v-restart-ftp
-
-        # Restarting proxy server
-        if [ ! -z "$PROXY_SYSTEM" ]; then
-            $BIN/v-restart-proxy
-        fi
-
-        # Restarting firewall
-        if [ ! -z "$FIREWALL_SYSTEM" ]; then
-            $BIN/v-update-firewall
-        fi
-
-        if [ ! -z "$DNS_SYSTEM" ]; then
-            # Rebuild dns domains
-            for user in $(ls $VESTA/data/users/); do
-                sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf
-                sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf
-                $BIN/v-rebuild-dns-domains $user no
-            done
-            $BIN/v-restart-dns
-            check_result $? "dns restart failed" >/dev/null
-        fi
-
-        # No further comparation is needed
-        exit
+# Checking primary IP change
+if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
+    if [ "$ips" != "$v_ips" ]; then
+        new=$ips
+        old=$v_ips
     fi
 fi
 
-# Compare ips
-for ip in $ip_list; do
+# Updating configs
+if [ ! -z "$old" ]; then
+    mv $VESTA/data/ips/$old $VESTA/data/ips/$new
+
+    # Updating PROXY
+    if [ ! -z "$PROXY_SYSTEM" ]; then
+        cd /etc/$PROXY_SYSTEM/conf.d
+        if [ -e "$old.conf" ]; then
+            mv $old.conf $new.conf
+            sed -i "s/$old/$new/g" $new.conf
+        fi
+    fi
+
+    # Updating WEB
+    if [ ! -z "$WEB_SYSTEM" ]; then
+        cd /etc/$WEB_SYSTEM/conf.d
+        if [ -e "$old.conf" ]; then
+            mv $old.conf $new.conf
+            sed -i "s/$old/$new/g" $new.conf
+        fi
+        sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
+        for user in $(ls $VESTA/data/users/); do
+            $BIN/v-rebuild-web-domains $user no
+        done
+        $BIN/v-restart-proxy
+        $BIN/v-restart-web
+    fi
+
+    # Updating DNS
+    if [ ! -z "$DNS_SYSTEM" ]; then
+        sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf
+        sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf
+        for user in $(ls $VESTA/data/users/); do
+            $BIN/v-rebuild-dns-domains $user no
+        done
+        $BIN/v-restart-dns
+    fi
+
+    # Updating FTP
+    if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then
+        conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
+        if [ ! -z "$conf" ]; then
+            sed -i "s/$old/$new/g" $conf
+            $BIN/v-restart-ftp
+        fi
+    fi
+
+    # Updating firewall
+    if [ ! -z "$FIREWALL_SYSTEM" ]; then
+        sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
+        $BIN/v-update-firewall
+    fi
+fi
+
+# Adding system IP
+for ip in $ips; do
     check_ifconfig=$(/sbin/ifconfig |grep "$ip")
     if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then
-        interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq)
+        interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq)
         interface=$(echo "$interface" |cut -f 1 -d : |head -n 1)
         netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ )
         netmask=$(convert_cidr $netmask)
@@ -114,6 +109,15 @@ for ip in $ip_list; do
     fi
 done
 
+# Updating NAT
+pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
+if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then
+    if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then
+        ip=$(ls -t $VESTA/data/ips/ |head -n1)
+        $BIN/v-change-sys-ip-nat $ip $pub_ip
+    fi
+fi
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-update-sys-rrd-mem

@@ -61,13 +61,13 @@ fi
 # Parsing data
 if [ "$period" = 'daily' ]; then
     mem=$(free -m)
-    used=$(echo "$mem" |grep Mem |awk '{print $3}')
+    used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}')
     if [ -z "$(echo "$mem" | grep available)" ]; then
-        free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
+        free=$(echo "$mem" |grep buff/cache |awk '{print $4}')
     else
-        free=$(echo "$mem" |grep Mem |awk '{print $7}')
+        free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}')
     fi
-    swap=$(echo "$mem" |grep Swap |awk '{print $3}')
+    swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}')
 
     # Updating rrd
     rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free

bin/v-update-sys-rrd-mysql

@@ -14,6 +14,7 @@ period=${1-daily}
 
 # Includes
 source $VESTA/func/main.sh
+source $VESTA/func/db.sh
 source $VESTA/conf/vesta.conf
 
 
@@ -66,23 +67,10 @@ for host in $hosts; do
     fi
 
     if [ "$period" = 'daily' ]; then
-        # Defining host credentials
-        host_str=$(grep "HOST='$host'" $conf)
-        for key in $host_str; do
-            eval ${key%%=*}=${key#*=}
-        done
-        sql="mysql -h $HOST -u $USER -p$PASSWORD -e"
-
-        # Checking empty vars
-        if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ]; then
-            echo "Error: config is broken"
-            log_event "$E_PARSING" "$ARGUMENTS"
-            exit $E_PARSING
-        fi
-
-        # Parsing data
-        status=$($sql "SHOW GLOBAL STATUS" 2>/dev/null); code="$?"
-        if [ '0' -ne "$code" ]; then
+        mysql_connect $host
+        query='SHOW GLOBAL STATUS'
+        status=$(mysql_query "$query" 2>/dev/null)
+        if [ $? -ne 0 ]; then
             active=0
             slow=0
         else

bin/v-update-sys-rrd-pgsql

@@ -85,7 +85,7 @@ for host in $hosts; do
         # Parsing data
         q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
                 FROM pg_stat_database;'
-        status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?"
+        status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
         if [ '0' -ne "$code" ]; then
             active=0
             slow=0

bin/v-update-sys-vesta

@@ -28,12 +28,32 @@ source $VESTA/conf/vesta.conf
 # Checking arg number
 check_args '1' "$#" 'PACKAGE'
 
+valid=0
+if [ "$package" = "vesta" ]; then
+    valid=1
+fi
+if [ "$package" = "vesta-nginx" ]; then
+    valid=1
+fi
+if [ "$package" = "vesta-php" ]; then
+    valid=1
+fi
+if [ "$package" = "vesta-ioncube" ]; then 
+    valid=1
+fi
+if [ "$package" = "vesta-softaculous" ]; then
+    valid=1
+fi
+if [ $valid -eq 0 ]; then
+    echo "Package $package is not valid"
+    exit 1
+fi
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ -e "/etc/redhat-release" ]; then
+if [ -n "$(command -v yum)" ]; then
     # Clean yum chache
     yum -q clean all
 

bin/v-update-user-counters

@@ -53,6 +53,7 @@ for user in $user_list; do
     IP_OWNED=0
     U_USERS=0
     U_DISK=0
+    DISK=0 
     U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
     if [ -z "$U_DISK_DIRS" ]; then
         U_DISK_DIRS=0

bin/v-update-user-quota

@@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user"
 # Updating disk quota
 # Had quota equals package value. Soft quota equals 90% of package value for warnings.
 quota=$(get_user_value '$DISK_QUOTA')
-soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .)
+soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
 hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
 
 # Searching home mount point

bin/v-update-user-stats

@@ -67,6 +67,9 @@ TOTAL_USERS=0
 
 # Updating user stats
 for user in $user_list; do
+    if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
+        continue;
+    fi
     USER_DATA=$VESTA/data/users/$user
     source $USER_DATA/user.conf
     next_month=$(date +'%m/01/%y' -d '+ 1 month')

bin/v-update-web-domain-stat

@@ -62,7 +62,7 @@ build_webalizer() {
 }
 
 build_awstats() {
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         awstats="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl"
         wwwroot="/usr/share/awstats/wwwroot"
         if [  ! -e "$awstats" ]; then

bin/v-update-web-templates

@@ -33,7 +33,11 @@ esac
 
 # Detecting release
 if [ "$version" = 'rhel' ]; then
+    if [ -e '/etc/redhat-release' ]; then
         release=$(grep -o "[0-9]" /etc/redhat-release |head -n1)
+    else
+        release=6
+    fi
 fi
 if [ "$version" = 'ubuntu' ]; then
     release=$(lsb_release -r |awk '{print $2}')

func/db.sh

@@ -38,23 +38,31 @@ mysql_connect() {
         exit $E_CONNECT
     fi
     mysql_ver=$(cat $mysql_out |tail -n1 |cut -f 1 -d -)
+    mysql_fork="mysql"
+    check_mysql_fork=$(grep "MariaDB" $mysql_out)
+    if [ ! -z "$check_mysql_fork" ]; then
+        mysql_fork="mariadb"
+    fi
     rm -f $mysql_out
 }
 
 mysql_query() {
-    mysql --defaults-file=$mycnf -e "$1" 2>/dev/null
+    sql_tmp=$(mktemp)
+    echo "$1" > $sql_tmp
+    mysql --defaults-file=$mycnf < "$sql_tmp"  2>/dev/null
+    rm -f "$sql_tmp"
 }
 
 mysql_dump() {
     err="/tmp/e.mysql"
-    mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err
+    mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
     if [ '0' -ne "$?" ]; then
         rm -rf $tmpdir
         if [ "$notify" != 'no' ]; then
             echo -e "Can't dump database $database\n$(cat $err)" |\
                 $SENDMAIL -s "$subj" $email
         fi
-        echo "Error: dump $database failed"
+        echo "Error: dump $database failed\n$(cat $err)"
         log_event  "$E_DB" "$ARGUMENTS"
         exit $E_DB
     fi
@@ -84,7 +92,10 @@ psql_connect() {
 }
 
 psql_query() {
-    psql -h $HOST -U $USER -c "$1" 2>/dev/null
+    sql_tmp=$(mktemp)
+    echo "$1" > $sql_tmp
+    psql -h $HOST -U $USER -f "$sql_tmp" 2>/dev/null
+    rm -f $sql_tmp
 }
 
 psql_dump() {
@@ -311,7 +322,7 @@ delete_pgsql_database() {
     psql_connect $HOST
 
     query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
-    psql_qyery "$query" > /dev/null
+    psql_query "$query" > /dev/null
 
     query="DROP DATABASE $database"
     psql_query "$query" > /dev/null

func/domain.sh

@@ -215,7 +215,11 @@ add_web_config() {
         fi
     fi
 
-    trigger="${2/.*pl/.sh}"
+    trigger="${2/%.tpl/.sh}"
+    if [[ "$2" =~ stpl$ ]]; then
+        trigger="${2/%.stpl/.sh}"
+    fi
+
     if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
         $WEBTPL/$1/$WEB_BACKEND/$trigger \
             $user $domain $local_ip $HOMEDIR \
@@ -269,7 +273,7 @@ replace_web_config() {
     fi
 }
 
-# Delete web configuartion
+# Delete web configuration
 del_web_config() {
     conf="$HOMEDIR/$user/conf/web/$domain.$1.conf"
     if [[ "$2" =~ stpl$ ]]; then
@@ -285,12 +289,16 @@ del_web_config() {
         if [[ "$2" =~ stpl$ ]]; then
             conf="$HOMEDIR/$user/conf/web/s$1.conf"
         fi
+        if [ -e "$conf" ]; then
             get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
             sed -i "$top_line,$bottom_line d" $conf
-
+        fi
+    fi
+    # clean-up for both config styles if there is no more domains
     web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
     if [ "$web_domain" -eq '0' ]; then
-            sed -i "/.*\/$user\/.*$1.conf/d" /etc/$1/conf.d/vesta.conf
+        sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf
+        if [ -f "$conf" ]; then
             rm -f $conf
         fi
     fi
@@ -335,7 +343,7 @@ is_web_domain_cert_valid() {
         check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
     fi
 
-    openssl s_server -quiet -cert $ssl_dir/$domain.crt \
+    openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
         -key $ssl_dir/$domain.key >> /dev/null 2>&1 &
     pid=$!
     sleep 0.5
@@ -404,6 +412,24 @@ update_domain_zone() {
             VALUE=$(idn --quiet -a -t "$VALUE")
         fi
 
+        # Split long TXT entries into 255 chunks
+        if [ "$TYPE" = 'TXT' ]; then
+            txtlength=${#VALUE}
+            if [ $txtlength -gt 255 ]; then
+                already_chunked=0
+                if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
+                    already_chunked=1
+                fi
+                if [ $already_chunked -eq 0 ]; then
+                    if [[ ${VALUE:0:1} = '"' ]]; then
+                        txtlength=$(( $txtlength - 2 ))
+                        VALUE=${VALUE:1:txtlength}
+                    fi
+                    VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
+                fi
+            fi
+        fi
+
         if [ "$SUSPENDED" != 'yes' ]; then
             eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
         fi

func/ip.sh

@@ -26,7 +26,7 @@ get_ip_iface() {
 }
 
 
-# Check ip address speciefic value
+# Check ip address specific value
 is_ip_key_empty() {
     key="$1"
     string=$(cat $VESTA/data/ips/$ip)
@@ -141,7 +141,7 @@ get_real_ip() {
     else
         nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
         if [ ! -z "$nat" ]; then
-            echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
+            echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
         fi
     fi
 }

func/main.sh

@@ -35,6 +35,7 @@ E_DB=17
 E_RRD=18
 E_UPDATE=19
 E_RESTART=20
+E_TEAPOT=418
 
 # Event string for logger
 for ((I=1; I <= $# ; I++)); do
@@ -212,7 +213,8 @@ is_object_new() {
 # Check if object is valid
 is_object_valid() {
     if [ $2 = 'USER' ]; then
-        if [ ! -d "$VESTA/data/users/$3" ]; then
+        user_vst_dir=$(basename $3)
+        if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
             check_result $E_NOTEXIST "$1 $3 doesn't exist"
         fi
     else
@@ -273,11 +275,41 @@ is_object_value_exist() {
 is_password_valid() {
     if [[ "$password" =~ ^/tmp/ ]]; then
         if [ -f "$password" ]; then
-            password=$(head -n1 $password)
+            password="$(head -n1 $password)"
         fi
     fi
 }
 
+# Check if hash is transmitted via file
+is_hash_valid() {
+    if [[ "$hash" =~ ^/tmp/ ]]; then
+        if [ -f "$hash" ]; then
+            hash="$(head -n1 $hash)"
+        fi
+    fi
+}
+
+# Check if directory is a symlink
+is_dir_symlink() {
+    if [[ -L "$1" ]]; then
+        check_result $E_FORBIDEN "$1 directory is a symlink"
+    fi
+}
+
+# Check if file exists
+if_file_exists() {
+    if [[ -f "$1" ]]; then
+        check_result $E_FORBIDEN "$1 file exists"
+    fi
+}
+
+# Check if directory exists
+if_dir_exists() {
+    if [[ -d "$1" ]]; then
+        check_result $E_FORBIDEN "$1 directory exists"
+    fi
+}
+
 # Get object value
 get_object_value() {
     object=$(grep "$2='$3'" $USER_DATA/$1.conf)
@@ -516,7 +548,7 @@ is_user_format_valid() {
 is_domain_format_valid() {
     object_name=${2-domain}
     exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]"
-    if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then
+    if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then
         check_result $E_INVALID "invalid $object_name format :: $1"
     fi
 }
@@ -643,7 +675,7 @@ is_dbuser_format_valid() {
 
 # DNS record type validator
 is_dns_type_format_valid() {
-    known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA'
+    known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
     if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
         check_result $E_INVALID "invalid dns record type format :: $1"
     fi
@@ -723,8 +755,12 @@ is_ip_status_format_valid() {
 
 # Cron validator
 is_cron_format_valid() {
-    limit=60
+    limit=59
     check_format=''
+    if [ "$2" = 'hour' ]; then
+        limit=23
+    fi
+    
     if [ "$2" = 'day' ]; then
         limit=31
     fi
@@ -753,9 +789,13 @@ is_cron_format_valid() {
             fi
         done
     fi
-    if [[ "$1" =~ ^[0-9]+$ ]] && [ "$1" -le $limit ]; then
+    crn_values=$(echo $1 |tr "," " " | tr "-" " ")
+    for crn_vl in $crn_values
+        do
+            if [[ "$crn_vl" =~ ^[0-9]+$ ]] && [ "$crn_vl" -le $limit ]; then
                  check_format='ok'
               fi
+        done
     if [ "$check_format" != 'ok' ]; then
         check_result $E_INVALID "invalid $2 format :: $1"
     fi
@@ -770,7 +810,7 @@ is_name_format_valid() {
 
 # Object validator
 is_object_format_valid() {
-    if ! [[ "$1" =~ ^[[:alnum:]][-|\.|_[:alnum:]]{0,28}[[:alnum:]]$ ]]; then
+    if ! [[ "$1" =~ ^[[:alnum:]][-|\.|_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
         check_result $E_INVALID "invalid $2 format :: $1"
     fi
 }
@@ -781,6 +821,32 @@ is_password_format_valid() {
         check_result $E_INVALID "invalid password format :: $1"
     fi
 }
+# Missing function - 
+# Before: validate_format_shell 
+# After: is_format_valid_shell
+is_format_valid_shell() {	
+    if [ -z "$(grep -w $1 /etc/shells)" ]; then	
+        echo "Error: shell $1 is not valid"	
+        log_event "$E_INVALID" "$EVENT"	
+        exit $E_INVALID	
+    fi	
+}
+
+format_no_quotes() {
+    exclude="['|\"]"
+    if [[ "$1" =~ $exclude ]]; then
+       check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
+    fi
+    is_no_new_line_format "$1"
+}
+
+is_no_new_line_format() {
+    test=$(echo "$1" | head -n1 );
+    if [[ "$test" != "$1" ]]; then
+      check_result "$E_INVALID" "invalid value :: $1"
+    fi
+}
+
 
 # Format validation controller
 is_format_valid() {
@@ -790,11 +856,12 @@ is_format_valid() {
             case $arg_name in
                 account)        is_user_format_valid "$arg" "$arg_name";;
                 action)         is_fw_action_format_valid "$arg";;
+                alias)          is_alias_format_valid "$arg" ;;
                 aliases)        is_alias_format_valid "$arg" ;;
                 antispam)       is_boolean_format_valid "$arg" 'antispam' ;;
                 antivirus)      is_boolean_format_valid "$arg" 'antivirus' ;;
                 autoreply)      is_autoreply_format_valid "$arg" ;;
-                backup)         is_user_format_valid "$arg" 'backup' ;;
+                backup)         is_object_format_valid "$arg" 'backup' ;;
                 charset)        is_object_format_valid "$arg" "$arg_name" ;;
                 charsets)       is_common_format_valid "$arg" 'charsets' ;;
                 comment)        is_object_format_valid "$arg" 'comment' ;;
@@ -815,6 +882,7 @@ is_format_valid() {
                 host)           is_object_format_valid "$arg" "$arg_name" ;;
                 hour)           is_cron_format_valid "$arg" $arg_name ;;
                 id)             is_int_format_valid "$arg" 'id' ;;
+                interface)      is_interface_format_valid "$arg" ;;
                 ip)             is_ip_format_valid "$arg" ;;
                 ip_name)        is_domain_format_valid "$arg" 'IP name';;
                 ip_status)      is_ip_status_format_valid "$arg" ;;
@@ -849,6 +917,8 @@ is_format_valid() {
                 rtype)          is_dns_type_format_valid "$arg" ;;
                 rule)           is_int_format_valid "$arg" "rule id" ;;
                 soa)            is_domain_format_valid "$arg" 'SOA' ;;	
+                #missing command: is_format_valid_shell
+                shell)          is_format_valid_shell "$arg" ;;
                 stats_pass)     is_password_format_valid "$arg" ;;
                 stats_user)     is_user_format_valid "$arg" "$arg_name" ;;
                 template)       is_object_format_valid "$arg" "$arg_name" ;;
@@ -898,7 +968,85 @@ format_aliases() {
         aliases=$(echo "$aliases" |tr -s '.')
         aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
         aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
-        aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d")
+        aliases=$(echo "$aliases" |sed -e "/^$/d")
         aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
     fi
 }
+
+alter_web_counter() {
+    user=$1
+    domain=$2
+    USER_DATA=$VESTA/data/users/$user
+    
+    varc=$3
+    vard="\$${varc}"
+    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
+    
+    if [ -z "$counter" ]; then
+        add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
+        counter=0
+    fi
+    
+    ((counter++))
+    backup_counter=$counter
+    
+    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
+    counter=$backup_counter
+    
+    echo $counter
+}
+
+reset_web_counter() {
+    user=$1
+    domain=$2
+    USER_DATA=$VESTA/data/users/$user
+    
+    varc=$3
+    vard="\$${varc}"
+
+    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
+}
+
+get_web_counter() {
+    user=$1
+    domain=$2
+    USER_DATA=$VESTA/data/users/$user
+    
+    varc=$3
+    vard="\$${varc}"
+    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
+
+    if [ -z "$counter" ]; then
+        counter=0
+    fi
+
+    echo $counter
+}
+
+# Simple chmod wrapper that skips symlink files after glob expand
+# Taken from HestiaCP
+no_symlink_chmod() {
+    local filemode=$1; shift;
+
+    for i in "$@"; do
+        [[ -L ${i} ]] && continue
+
+        chmod "${filemode}" "${i}"
+    done
+}
+
+# $1 = subject
+# $2 = body
+send_email_to_admin() {
+    email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
+    email=$(echo "$email" | cut -f 2 -d "'")
+    if [ -z "$email" ]; then
+        if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
+            email=$NOTIFY_ADMIN_FULL_BACKUP
+        fi
+    fi
+    if [ -z "$email" ]; then
+        return;
+    fi
+    echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
+}

func/rebuild.sh

@@ -51,7 +51,7 @@ rebuild_user_conf() {
     mkdir -p $HOMEDIR/$user/conf
     chmod a+x $HOMEDIR/$user
     chmod a+x $HOMEDIR/$user/conf
-    chown $user:$user $HOMEDIR/$user
+    chown --no-dereference $user:$user $HOMEDIR/$user
     chown root:root $HOMEDIR/$user/conf
 
     # Update disk pipe
@@ -71,13 +71,16 @@ rebuild_user_conf() {
         echo "$BIN/v-update-web-domains-disk $user" \
             >> $VESTA/data/queue/disk.pipe
 
+        if [[ -L "$HOMEDIR/$user/web" ]]; then
+            rm $HOMEDIR/$user/web
+        fi
         mkdir -p $HOMEDIR/$user/conf/web
         mkdir -p $HOMEDIR/$user/web
         mkdir -p $HOMEDIR/$user/tmp
         chmod 751 $HOMEDIR/$user/conf/web
         chmod 751 $HOMEDIR/$user/web
         chmod 771 $HOMEDIR/$user/tmp
-        chown $user:$user $HOMEDIR/$user/web
+        chown --no-dereference $user:$user $HOMEDIR/$user/web
         if [ -z "$create_user" ]; then
             $BIN/v-rebuild-web-domains $user $restart
         fi
@@ -105,6 +108,9 @@ rebuild_user_conf() {
         echo "$BIN/v-update-mail-domains-disk $user" \
             >> $VESTA/data/queue/disk.pipe
 
+        if [[ -L "$HOMEDIR/$user/mail" ]]; then
+            rm $HOMEDIR/$user/mail
+        fi
         mkdir -p $HOMEDIR/$user/conf/mail
         mkdir -p $HOMEDIR/$user/mail
         chmod 751 $HOMEDIR/$user/mail
@@ -146,7 +152,7 @@ rebuild_web_domain_conf() {
     prepare_web_domain_values
 
     # Rebuilding domain directories
-    mkdir -p $HOMEDIR/$user/web/$domain \
+    sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
         $HOMEDIR/$user/web/$domain/public_html \
         $HOMEDIR/$user/web/$domain/public_shtml \
         $HOMEDIR/$user/web/$domain/document_errors \
@@ -172,14 +178,15 @@ rebuild_web_domain_conf() {
 
     # Propagating html skeleton
     if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
-        cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/
+        sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
+            $HOMEDIR/$user/web/$domain/
     fi
 
     # Set folder permissions
-    chmod 551 $HOMEDIR/$user/web/$domain \
+    no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
         $HOMEDIR/$user/web/$domain/stats \
         $HOMEDIR/$user/web/$domain/logs
-    chmod 751 $HOMEDIR/$user/web/$domain/private \
+    no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
         $HOMEDIR/$user/web/$domain/cgi-bin \
         $HOMEDIR/$user/web/$domain/public_html \
         $HOMEDIR/$user/web/$domain/public_shtml \
@@ -187,7 +194,7 @@ rebuild_web_domain_conf() {
     chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
 
     # Set ownership
-    chown $user:$user $HOMEDIR/$user/web/$domain \
+    chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
         $HOMEDIR/$user/web/$domain/private \
         $HOMEDIR/$user/web/$domain/cgi-bin \
         $HOMEDIR/$user/web/$domain/public_html \
@@ -535,12 +542,30 @@ rebuild_mail_domain_conf() {
 rebuild_mysql_database() {
     mysql_connect $HOST
     mysql_query "CREATE DATABASE \`$DB\` CHARACTER SET $CHARSET" >/dev/null
+    if [ "$mysql_fork" = "mysql" ]; then
+        # mysql
         if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then
-        mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" >/dev/null
-        mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" >/dev/null
+            # mysql >= 5.7
+            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
+            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
             query="UPDATE mysql.user SET authentication_string='$MD5'"
             query="$query WHERE User='$DBUSER'"
         else
+            # mysql < 5.7
+            query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
+        fi
+    else
+        # mariadb
+        if [ "$(echo $mysql_ver |cut -d '.' -f1)" -eq 5 ]; then
+            # mariadb = 5
+            mysql_query "CREATE USER \`$DBUSER\`" > /dev/null
+            mysql_query "CREATE USER \`$DBUSER\`@localhost" > /dev/null
+        else
+            # mariadb = 10
+            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
+            mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
+        fi
+        # mariadb any version
         query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
     fi
     mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@\`%\`" >/dev/null
@@ -576,7 +601,7 @@ rebuild_pgsql_database() {
         exit $E_CONNECT
     fi
 
-    query="CREATE ROLE $DBUSER"
+    query="CREATE ROLE $DBUSER WITH LOGIN"
     psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
 
     query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
@@ -593,7 +618,7 @@ rebuild_pgsql_database() {
     query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
     psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
 
-    query="GRANT CONNECT ON DATABASE template1 to $dbuser"
+    query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
     psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
 }
 

install/debian/7/nginx/nginx.conf

@@ -50,6 +50,7 @@ http {
 
     # Compression
     gzip                on;
+    gzip_vary           on;
     gzip_comp_level     9;
     gzip_min_length     512;
     gzip_buffers        8 64k;

install/debian/7/nginx/phpmyadmin.inc

@@ -1,5 +1,5 @@
 location /phpmyadmin {
-    alias /usr/share/phpmyadmin/;
+    alias /usr/share/phpmyadmin;
 
     location ~ /(libraries|setup) {
         return 404;