Merge pull request #2302 from pdapnz/fix_bug_url_parsing

fix bug https://github.com/outroll/vesta/issues/2301
Update README.md to use HTTPS
2025-08-21 05:44:07 -07:00 · 2025-04-25 13:41:17 +10:00 · 2024-07-02 13:34:58 +10:00 · 2024-04-18 12:52:49 +03:00 · 2024-02-26 13:42:55 +11:00 · 2022-12-08 13:41:08 +03:00
1111 changed files with 63510 additions and 10009 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
 src/react/node_modules
 src/react/build
 /.idea
--- a/README.md
+++ b/README.md
@ -1,6 +1,8 @@
 [Vesta Control Panel](http://vestacp.com/)
 ==================================================
 Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
 [![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 * Vesta is an open source hosting control panel.
@ -16,7 +18,7 @@ ssh root@your.server
 Download the installation script, and run it:
 ```bash
-curl http://vestacp.com/pub/vst-install.sh | bash
+curl https://vestacp.com/pub/vst-install.sh | bash
 ```
 How to install (3 step)
@ -29,7 +31,7 @@ ssh root@your.server
 Download the installation script:
 ```bash
-curl -O http://vestacp.com/pub/vst-install.sh
+curl -O https://vestacp.com/pub/vst-install.sh
 ```
 Then run it:
 ```bash
@ -38,5 +40,5 @@ bash vst-install.sh
 License
 ----------------------------
-Vesta is licensed under  [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license
+Vesta is licensed under  [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,5 @@
 # Security Policy
 ## Reporting a Vulnerability
 Please report security issues to dev@vestacp.com
--- a/bin/v-activate-vesta-license
+++ b/bin/v-activate-vesta-license
@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
 # Checking arg number
 check_args '2' "$#" 'MODULE LICENSE'
-
+is_user_format_valid "$license" "license"
 #----------------------------------------------------------#
 #                       Action                             #
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
+answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 # Checking server answer
--- a/bin/v-add-letsencrypt-domain
+++ b/bin/v-add-letsencrypt-domain
@ -53,7 +53,10 @@ query_le_v2() {
    post_data=$post_data'"payload":"'"$payload_"'",'
    post_data=$post_data'"signature":"'"$signature_"'"}'
-    curl -s -i -d "$post_data" "$1" -H "$content"
+    # Save http response to file passed as "$4" arg or print to stdout if not provided
    # http response headers are always sent to stdout
    local save_to_file=${4:-"/dev/stdout"}
    curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
 }
@ -70,11 +73,16 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 get_domain_values 'web'
 echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
 # check if alias is the letsencrypt wildcard domain, if not, make the normal checks
 if [[ "$aliases" != "*.$domain" ]]; then
    for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
        check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
        if [ -z "$check_alias" ]; then
            echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_NOTEXIST "domain alias $alias doesn't exist"
        fi
    done
@ -85,11 +93,14 @@ fi;
 #----------------------------------------------------------#
 # Registering LetsEncrypt user account
 echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-letsencrypt-user $user
 echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$?" -ne 0  ]; then
    touch $VESTA/data/queue/letsencrypt.pipe
    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    send_notice "LETSENCRYPT" "Account registration failed"
    echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "LE account registration" >/dev/null
 fi
@ -98,9 +109,11 @@ source $USER_DATA/ssl/le.conf
 # Checking wildcard alias
 if [ "$aliases" = "*.$domain" ]; then
    echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
    wildcard='yes'
    proto="dns-01"
    if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
        echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
        check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
    fi
 else
@ -108,14 +121,21 @@ else
 fi
 # Requesting nonce / STEP 1
 echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(curl -s -I "$API/directory")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 200 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt nonce request status $status"
 fi
 # Placing new order / STEP 2
 echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
 url="$API/acme/new-order"
 payload='{"identifiers":['
 for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
@ -124,68 +144,116 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
 done
 payload=$(echo "$payload"|sed "s/,$//")
 payload=$payload']}'
 echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$url" "$payload" "$nonce")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
 authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
 echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
 finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
 echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 201 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt new auth status $status"
 fi
 # Requesting authorization token / STEP 3
 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
 for auth in $authz; do
    payload=''
    echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
    echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
    answer=$(query_le_v2 "$auth" "$payload" "$nonce")
-    url=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
+    echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
    url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
    echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
    token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
    echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
    nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
    echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
    status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
    echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
    if [[ "$status" -ne 200 ]]; then
        echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
        check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
    fi
-    # Accepting challenge / STEP 4
+    # Configuring challenge / STEP 4
    echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
    echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
    if [ "$wildcard" = 'yes'  ]; then
        record=$(printf "%s" "$token.$THUMB" |\
            openssl dgst -sha256 -binary |encode_base64)
        old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
        old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
        for old_record in $old_records; do
-            $BIN/v-delete-dns-record $user $domain $old_record
+            $BIN/v-delete-dns-record "$user" "$domain" "$old_record"
        done
-        $BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record
+        $BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
-        check_result $? "DNS _acme-challenge record wasn't created"
+        exitstatus=$?
        echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
        if [ "$exitstatus" -ne 0  ]; then
            echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
        fi
        check_result $exitstatus "DNS _acme-challenge record wasn't created"
    else
        if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
-            conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
+            if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
-            sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
+                #  if vesta is behind main nginx
-            if [ ! -e "$conf" ]; then
+                well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
-                echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
+                acme_challenge="$well_known/acme-challenge"
-                    > $conf
+                mkdir -p $acme_challenge
-                echo '    default_type text/plain;' >> $conf
+                echo "$token.$THUMB" > $acme_challenge/$token
-                echo '    return 200 "$1.'$THUMB'";' >> $conf
+                echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
-                echo '}' >> $conf
+                chown -R $user:$user $well_known
            else
                # default nginx method
                conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
                sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
                # if [ ! -e "$conf" ]; then
                    echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
                        > $conf
                    echo '    default_type text/plain;' >> $conf
                    echo '    return 200 "$1.'$THUMB'";' >> $conf
                    echo '}' >> $conf
                # fi
                echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
                if [ ! -e "$sconf" ]; then
                    ln -s "$conf" "$sconf"
                fi
                echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log 
                $BIN/v-restart-proxy
                if [ -z "$PROXY_SYSTEM" ]; then
                    # apache-less variant
                    echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log 
                    $BIN/v-restart-web
                fi
                exitstatus=$?
                if [ "$exitstatus" -ne 0  ]; then
                    echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
                fi
                check_result $exitstatus "Proxy restart failed" >/dev/null
            fi
            if [ ! -e "$sconf" ]; then
                ln -s "$conf" "$sconf"
            fi
            $BIN/v-restart-proxy
            check_result $? "Proxy restart failed" >/dev/null
        else
            well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
            acme_challenge="$well_known/acme-challenge"
            mkdir -p $acme_challenge
            echo "$token.$THUMB" > $acme_challenge/$token
            chown -R $user:$user $well_known
            echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
            # $BIN/v-restart-web
            # check_result $? "Web restart failed" >/dev/null
        fi
        $BIN/v-restart-web
        check_result $? "Web restart failed" >/dev/null
    fi
    # Requesting ACME validation / STEP 5
    echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
    validation_check=$(echo "$answer" |grep '"valid"')
    echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
    if [[ ! -z "$validation_check" ]]; then
        validation='valid'
    else
@ -195,22 +263,33 @@ for auth in $authz; do
    # Doing pol check on status
    i=1
    while [ "$validation" = 'pending' ]; do
        echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
        payload='{}'
        echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
        answer=$(query_le_v2 "$url" "$payload" "$nonce")
        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
        validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
        nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
        echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
        status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
        if [[ "$status" -ne 200 ]]; then
            echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_CONNECT "Let's Encrypt validation status $status"
        fi
        i=$((i + 1))
        if [ "$i" -gt 10 ]; then
            echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
            check_result $E_CONNECT "Let's Encrypt domain validation timeout"
        fi
-        sleep $((i*2))
+        sleeping=$((i*2))
        echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
        sleep $sleeping
    done
    if [ "$validation" = 'invalid' ]; then
        echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
        check_result $E_CONNECT "Let's Encrypt domain verification failed"
    fi
 done
@ -221,37 +300,69 @@ ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
    "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
 # Sending CSR to finalize order / STEP 6
 echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log
 csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
 payload='{"csr":"'$csr'"}'
 echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
 echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 200 ]]; then
    echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
 fi
 # Downloading signed certificate / STEP 7
-curl -s "$certificate" -o $ssl_dir/$domain.pem
+echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
 echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
 answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
 echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
 echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
 if [[ "$status" -ne 200 ]]; then
    [ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
    echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
    check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
 fi
 # Splitting up downloaded pem
-crt_end=$(grep -n END $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
+# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
 crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
 # echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
 head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
 pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
-ca_end=$(grep -n  "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
+# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
 ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
 # echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
 ca_end=$(( pem_lines - crt_end + 1 ))
 # echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
 tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
 # Temporary fix for double "END CERTIFICATE"
 if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
    sed -i '1,2d' $ssl_dir/$domain.ca
 fi
 # Adding SSL
 ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
 $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
 echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
-if [ "$?" -ne '0' ]; then
+exitstatus=$?
 echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$exitstatus" -ne '0' ]; then
    touch $VESTA/data/queue/letsencrypt.pipe
    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
    echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
    send_notice 'LETSENCRYPT' "$domain certificate installation failed"
-    check_result $? "SSL install" >/dev/null
+    check_result $exitstatus "SSL install" >/dev/null
 fi
 # Adding LE autorenew cronjob
@ -268,6 +379,7 @@ if [ -z "$LETSENCRYPT" ]; then
 fi
 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
 reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
 #----------------------------------------------------------#
 #                       Vesta                              #
@ -279,7 +391,7 @@ sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
 # Notifying user
 send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
-
+echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
 # Logging
 log_event "$OK" "$ARGUMENTS"
--- a/bin/v-add-web-domain
+++ b/bin/v-add-web-domain
@ -48,6 +48,8 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
 is_domain_new 'web' "$domain,$aliases"
 is_dir_symlink $HOMEDIR/$user/web
 if_dir_exists $HOMEDIR/$user/web/$domain
 is_dir_symlink $HOMEDIR/$user/web/$domain
 if [ ! -z "$ip" ]; then
    is_ip_valid "$ip" "$user"
 else
@ -89,9 +91,9 @@ done
 chown -R $user:$user $HOMEDIR/$user/web/$domain
 chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
 chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
-chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
+sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
-chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
+sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
-chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
+sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
 # Addding PHP-FPM backend
 if [ ! -z "$WEB_BACKEND" ]; then
--- a/bin/v-add-web-domain-backend
+++ b/bin/v-add-web-domain-backend
@ -46,7 +46,7 @@ fi
 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
    if [ "$backend_port" -eq "$port" ]; then
--- a/bin/v-add-web-domain-ftp
+++ b/bin/v-add-web-domain-ftp
@ -84,7 +84,7 @@ fi
 /usr/sbin/useradd $ftp_user \
    -s $shell \
    -o -u $(id -u $user) \
-    -g $(id -u $user) \
+    -g $(id -g $user) \
    -M -d "$ftp_path_a"  > /dev/null 2>&1
 # Set ftp user password
--- a/bin/v-change-mail-account-password
+++ b/bin/v-change-mail-account-password
@ -52,8 +52,11 @@ salt=$(generate_password "$PW_MATRIX" "8")
 md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
    quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
    quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
    quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
    sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
-    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
+    str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M"
    echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
--- a/bin/v-change-sys-config-value
+++ b/bin/v-change-sys-config-value
@ -28,6 +28,7 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
 check_args '2' "$#" 'KEY VALUE'
 is_format_valid 'key'
 format_no_quotes "$value" 'value'
 #----------------------------------------------------------#
 #                       Action                             #
--- a/bin/v-change-sys-service-config
+++ b/bin/v-change-sys-service-config
@ -63,6 +63,7 @@ case $service in
    spamd)          dst=$($BIN/v-list-sys-spamd-config plain);;
    spamassassin)   dst=$($BIN/v-list-sys-spamd-config plain);;
    clamd)          dst=$($BIN/v-list-sys-clamd-config plain);;
    clamd.scan)     dst=$($BIN/v-list-sys-clamd-config plain);;
    cron)           dst='/etc/crontab';;
    crond)          dst='/etc/crontab';;
    fail2ban)       dst='/etc/fail2ban/jail.local';;
--- a/bin/v-change-user-package
+++ b/bin/v-change-user-package
@ -16,16 +16,12 @@ force=$3
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 is_package_avalable() {
-    usr_data=$(cat $USER_DATA/user.conf)
+    source $USER_DATA/user.conf
    IFS=$'\n'
    for key in $usr_data; do
        eval ${key%%=*}=${key#*=}
    done
    WEB_DOMAINS='0'
    DATABASES='0'
    MAIL_DOMAINS='0'
@ -33,9 +29,13 @@ is_package_avalable() {
    DISK_QUOTA='0'
    BANDWIDTH='0'
-    pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
-        grep -v DATE)
+    IFS=$'\n'
-    eval $pkg_data
+    for str in $pkg_data; do
        key=$(echo $str |cut -f 1 -d =)
        value=$(echo $str |cut -f 2 -d \')
        eval $key="$value"
    done
    # Checking usage agains package limits
    if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,11 +73,22 @@ is_package_avalable() {
            check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
        fi
    fi
    # Checking templates
    is_web_template_valid $WEB_TEMPLATE
    is_dns_template_valid $DNS_TEMPLATE
    is_proxy_template_valid $PROXY_TEMPLATE
 }
 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
+    source $USER_DATA/user.conf
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
    IFS=$'\n'
    for str in $pkg_data; do
        key=$(echo $str |cut -f 1 -d =)
        value=$(echo $str |cut -f 2 -d \')
        eval $key="$value"
    done
    echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'
@ -156,7 +167,7 @@ fi
 change_user_package
 # Update user shell
-shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
+shell_conf=$(echo "$pkg_data" |grep 'SHELL' |cut -f 2 -d \')
 shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
 /usr/bin/chsh -s "$shell" "$user" &>/dev/null
--- a/bin/v-change-vesta-port
+++ b/bin/v-change-vesta-port
@ -0,0 +1,60 @@
 #!/bin/bash
 # info: change vesta port
 # options: port
 #
 # Function will change vesta port
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 # Argument definition
 port=$1
 if [ -z "$VESTA" ]; then
    VESTA="/usr/local/vesta"
 fi
 # Get current vesta port by reading nginx.conf
 oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
 if [ -z "$oldport" ]; then
    oldport=8083
 fi
 # Includes
 source $VESTA/func/main.sh
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 # Checking permissions
 if [ "$(id -u)" != '0' ]; then
    check_result $E_FORBIDEN "You must be root to execute this script"
 fi
 check_args '1' "$#" 'PORT'
 is_int_format_valid "$port" 'port number'
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
 if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
    sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
 fi
 sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
 $VESTA/bin/v-update-firewall
 systemctl restart fail2ban.service
 sed -i "s| $oldport | $port |g" /etc/iptables.rules
 systemctl restart vesta
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 # Logging
 log_event "$OK" "$ARGUMENTS"
 exit 0;
--- a/bin/v-change-web-domain-backend-tpl
+++ b/bin/v-change-web-domain-backend-tpl
@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf
 # Allocating backend port
 backend_port=9000
-ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
+ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
 ports=$(echo "$ports" |sed "s/://" |sort -n)
 for port in $ports; do
    if [ "$backend_port" -eq "$port" ]; then
--- a/bin/v-deactivate-vesta-license
+++ b/bin/v-deactivate-vesta-license
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/cancel.php?licence_key=$license)
+answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module")
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 # Checking server answer
--- a/bin/v-delete-web-domain-ssl
+++ b/bin/v-delete-web-domain-ssl
@ -57,7 +57,13 @@ fi
 # Deleting old certificate
 tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
-rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
+
 # remove certificate files - do not use wildcard, as this might remove other domains
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
 rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
 mv $USER_DATA/ssl/$domain.* $tmpdir
 chown -R $user:$user $tmpdir
--- a/bin/v-extract-fs-archive
+++ b/bin/v-extract-fs-archive
@ -82,7 +82,7 @@ fi
 # Extracting ziped archive
 if [ ! -z "$(echo $src_file |grep -i  '.zip')" ]; then
    sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
+    sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
    rc=$?
 fi
--- a/bin/v-generate-ssl-cert
+++ b/bin/v-generate-ssl-cert
@ -67,7 +67,7 @@ fi
 args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
 check_args '7' "$#" "$args_usage"
-is_format_valid 'domain_alias' 'format'
+is_format_valid 'domain' 'alias' 'format'
 #----------------------------------------------------------#
--- a/bin/v-insert-dns-domain
+++ b/bin/v-insert-dns-domain
@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then
 fi
 # Flush domain
-if [ "$flush" ! = 'no' ]; then
+if [ "$flush" != 'no' ]; then
    sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
 fi
--- a/bin/v-list-user-package
+++ b/bin/v-list-user-package
@ -22,6 +22,7 @@ json_list() {
    echo '{'
    echo '    "'$PACKAGE'": {
        "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
        "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
        "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
        "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -47,6 +48,7 @@ json_list() {
 shell_list() {
    echo "PACKAGE:        $PACKAGE"
    echo "WEB TEMPLATE:   $WEB_TEMPLATE"
    echo "BACKEND_TEMPLATE:   $BACKEND_TEMPLATE"
    echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
    echo "DNS TEMPLATE:   $DNS_TEMPLATE"
    echo "WEB DOMAINS:    $WEB_DOMAINS"
@ -68,7 +70,7 @@ shell_list() {
 # PLAIN list function
 plain_list() {
-    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+    echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
    echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
    echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
    echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -76,11 +78,11 @@ plain_list() {
 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
    echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
    echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
    echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
-    echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+    echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
    echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
    echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
    echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
--- a/bin/v-list-user-packages
+++ b/bin/v-list-user-packages
@ -27,6 +27,7 @@ json_list() {
        source $VESTA/data/packages/$package
        echo -n '    "'$PACKAGE'": {
        "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
        "BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
        "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
        "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
        "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -65,7 +66,7 @@ shell_list() {
        package_data=$(cat $VESTA/data/packages/$package)
        package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
        eval $package_data
-        echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
+        echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
        echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
    done
 }
@ -75,7 +76,7 @@ plain_list() {
    for package in $packages; do
        source $VESTA/data/packages/$package
        PACKAGE=${package/.pkg/}
-        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
+        echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
        echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
        echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
        echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -84,13 +85,13 @@ plain_list() {
 # CSV list function
 csv_list() {
-    echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
+    echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
    echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
    echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
    echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
    for package in $packages; do
        PACKAGE=${package/.pkg/}
-        echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
+        echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
        echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
        echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
        echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
--- a/bin/v-list-web-domain-ssl
+++ b/bin/v-list-web-domain-ssl
@ -112,7 +112,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
    crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
    info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
-    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+    subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \")
    before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
    after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
    signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
--- a/bin/v-restart-proxy
+++ b/bin/v-restart-proxy
@ -50,9 +50,13 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
 fi
 # Restart system
-# service $PROXY_SYSTEM restart >/dev/null 2>&1
+if [ ! -f "/etc/debian_version" ]; then
-systemctl reset-failed $PROXY_SYSTEM
+    service $PROXY_SYSTEM restart >/dev/null 2>&1
-systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
+else
    systemctl reset-failed $PROXY_SYSTEM
    systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
 fi
 if [ $? -ne 0 ]; then
    send_email_report
    check_result $E_RESTART "$PROXY_SYSTEM restart failed"
--- a/bin/v-restore-user
+++ b/bin/v-restore-user
@ -56,6 +56,7 @@ ftpc() {
    quote USER $USERNAME
    quote PASS $PASSWORD
    binary
    lcd $BACKUP
    $1
    $2
    $3
@ -409,7 +410,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
        chown $user $tmpdir
        chmod u+w $HOMEDIR/$user/web/$domain
        sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
-            -C $HOMEDIR/$user/web/$domain/ --exclude=logs/* \
+            -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
            2> $HOMEDIR/$user/web/$domain/restore_errors.log
        if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
            chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
@ -458,7 +459,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
    if [ -z "$dns" ] || [ "$dns" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi
@ -538,7 +539,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
    if [ -z "$mail" ] || [ "$mail" = '*' ]; then
        domains="$backup_domains"
    else
-        echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
    fi
@ -635,7 +636,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
    if [ -z "$db" ] || [ "$db" = '*' ]; then
        databases="$backup_databases"
    else
-        echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
+        echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt
        databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
    fi
--- a/bin/v-schedule-user-restore
+++ b/bin/v-schedule-user-restore
@ -23,6 +23,19 @@ udir=$8
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 # Check backup ownership function
 is_backup_available() {
    passed=false
    if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
        passed=true
    elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
        passed=true
    fi
    if [ $passed = false ]; then
        check_result $E_FORBIDEN "permission denied"
    fi
 }
 #----------------------------------------------------------#
 #                    Verifications                         #
@ -34,6 +47,7 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_backup_enabled
 is_backup_scheduled 'restore'
 is_backup_available "$user" "$backup"
 #----------------------------------------------------------#
--- a/bin/v-search-object
+++ b/bin/v-search-object
@ -84,6 +84,22 @@ OLD_IFS=$IFS
 IFS=$'\n'
 # User loop
 search_user=$(ls -1 $VESTA/data/users |grep $object)
 for user in $search_user; do
    if [ -e "$VESTA/data/users/$user/user.conf" ]; then
        source $VESTA/data/users/$user/user.conf
        ((i ++))
        type=$(echo $type|cut -f1 -d \.)
        str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
        str="$str RESULT='$user' ALIAS=''"
        str="$str LINK='$user' PARENT=''"
        str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
        str="$str DATE='$DATE'"
        echo $str >> $conf
    fi
 done
 # User data loop
 for user in $(ls $VESTA/data/users/); do
    # Search query
    search=$(grep "$object" \
@ -154,12 +170,13 @@ for user in $(ls $VESTA/data/users/); do
        # DNS Records
        if [ "$type" = 'dns' ]; then
-            if [ -n "$(echo $RECORD |grep $object)" ]; then
+            if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then
                dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
                key="RECORD"
-                result="$RECORD.$DOMAIN"
+                result="$RECORD.$dom"
                suspended=$SUSPENDED
                object_link=$ID
-                object_parent=$DOMAIN
+                object_parent=$dom
                object_time=$TIME
                object_date=$DATE
                ((i ++))
--- a/bin/v-update-letsencrypt-ssl
+++ b/bin/v-update-letsencrypt-ssl
@ -23,12 +23,34 @@ source $VESTA/conf/vesta.conf
 #----------------------------------------------------------#
 lecounter=0
 hostname=$(hostname)
 echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
 # Checking user certificates
 for user in $($BIN/v-list-users plain |cut -f 1); do
    USER_DATA=$VESTA/data/users/$user
    for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
        limit_check=1
        fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
        if [[ "$hostname" = "$domain" ]]; then
            if [[ "$fail_counter" -eq 7 ]]; then
                limit_check=0
            fi
            if [[ "$fail_counter" -eq 8 ]]; then
                fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
                send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
            fi
        fi
        if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
            # echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
            echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
            continue;
        fi
        crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
        not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
        expiration=$(date -d "$not_after" +%s)
@ -37,7 +59,7 @@ for user in $($BIN/v-list-users plain |cut -f 1); do
        days_valid=$((seconds_valid / 86400))
        if [[ "$days_valid" -lt 31 ]]; then
            if [ $lecounter -gt 0 ]; then
-                sleep 10
+                sleep 120
            fi
            ((lecounter++))
            aliases=$(echo "$crt_data" |grep DNS:)
@ -47,7 +69,15 @@ for user in $($BIN/v-list-users plain |cut -f 1); do
            aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
            msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
            if [ $? -ne 0 ]; then
-                echo "$domain $msg"
+                if [[ $msg == *"is suspended" ]]; then
                    echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
                else
                    echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
                    echo "$domain $msg"
                    fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
                    echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
                    echo "fail_counter = $fail_counter"
                fi
            fi
        fi
    done
--- a/bin/v-update-sys-rrd-mem
+++ b/bin/v-update-sys-rrd-mem
@ -61,13 +61,13 @@ fi
 # Parsing data
 if [ "$period" = 'daily' ]; then
    mem=$(free -m)
-    used=$(echo "$mem" |grep Mem |awk '{print $3}')
+    used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}')
    if [ -z "$(echo "$mem" | grep available)" ]; then
-        free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
+        free=$(echo "$mem" |grep buff/cache |awk '{print $4}')
    else
-        free=$(echo "$mem" |grep Mem |awk '{print $7}')
+        free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}')
    fi
-    swap=$(echo "$mem" |grep Swap |awk '{print $3}')
+    swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}')
    # Updating rrd
    rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free
--- a/bin/v-update-sys-vesta
+++ b/bin/v-update-sys-vesta
@ -28,6 +28,26 @@ source $VESTA/conf/vesta.conf
 # Checking arg number
 check_args '1' "$#" 'PACKAGE'
 valid=0
 if [ "$package" = "vesta" ]; then
    valid=1
 fi
 if [ "$package" = "vesta-nginx" ]; then
    valid=1
 fi
 if [ "$package" = "vesta-php" ]; then
    valid=1
 fi
 if [ "$package" = "vesta-ioncube" ]; then 
    valid=1
 fi
 if [ "$package" = "vesta-softaculous" ]; then
    valid=1
 fi
 if [ $valid -eq 0 ]; then
    echo "Package $package is not valid"
    exit 1
 fi
 #----------------------------------------------------------#
 #                       Action                             #
--- a/func/db.sh
+++ b/func/db.sh
@ -322,7 +322,7 @@ delete_pgsql_database() {
    psql_connect $HOST
    query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
-    psql_qyery "$query" > /dev/null
+    psql_query "$query" > /dev/null
    query="DROP DATABASE $database"
    psql_query "$query" > /dev/null
--- a/func/domain.sh
+++ b/func/domain.sh
@ -412,6 +412,24 @@ update_domain_zone() {
            VALUE=$(idn --quiet -a -t "$VALUE")
        fi
        # Split long TXT entries into 255 chunks
        if [ "$TYPE" = 'TXT' ]; then
            txtlength=${#VALUE}
            if [ $txtlength -gt 255 ]; then
                already_chunked=0
                if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
                    already_chunked=1
                fi
                if [ $already_chunked -eq 0 ]; then
                    if [[ ${VALUE:0:1} = '"' ]]; then
                        txtlength=$(( $txtlength - 2 ))
                        VALUE=${VALUE:1:txtlength}
                    fi
                    VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
                fi
            fi
        fi
        if [ "$SUSPENDED" != 'yes' ]; then
            eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
        fi
--- a/func/main.sh
+++ b/func/main.sh
@ -296,6 +296,20 @@ is_dir_symlink() {
    fi
 }
 # Check if file exists
 if_file_exists() {
    if [[ -f "$1" ]]; then
        check_result $E_FORBIDEN "$1 file exists"
    fi
 }
 # Check if directory exists
 if_dir_exists() {
    if [[ -d "$1" ]]; then
        check_result $E_FORBIDEN "$1 directory exists"
    fi
 }
 # Get object value
 get_object_value() {
    object=$(grep "$2='$3'" $USER_DATA/$1.conf)
@ -817,6 +831,23 @@ is_format_valid_shell() {
        exit $E_INVALID	
    fi	
 }
 format_no_quotes() {
    exclude="['|\"]"
    if [[ "$1" =~ $exclude ]]; then
       check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
    fi
    is_no_new_line_format "$1"
 }
 is_no_new_line_format() {
    test=$(echo "$1" | head -n1 );
    if [[ "$test" != "$1" ]]; then
      check_result "$E_INVALID" "invalid value :: $1"
    fi
 }
 # Format validation controller
 is_format_valid() {
    for arg_name in $*; do
@ -825,6 +856,7 @@ is_format_valid() {
            case $arg_name in
                account)        is_user_format_valid "$arg" "$arg_name";;
                action)         is_fw_action_format_valid "$arg";;
                alias)          is_alias_format_valid "$arg" ;;
                aliases)        is_alias_format_valid "$arg" ;;
                antispam)       is_boolean_format_valid "$arg" 'antispam' ;;
                antivirus)      is_boolean_format_valid "$arg" 'antivirus' ;;
@ -850,6 +882,7 @@ is_format_valid() {
                host)           is_object_format_valid "$arg" "$arg_name" ;;
                hour)           is_cron_format_valid "$arg" $arg_name ;;
                id)             is_int_format_valid "$arg" 'id' ;;
                interface)      is_interface_format_valid "$arg" ;;
                ip)             is_ip_format_valid "$arg" ;;
                ip_name)        is_domain_format_valid "$arg" 'IP name';;
                ip_status)      is_ip_status_format_valid "$arg" ;;
@ -939,3 +972,81 @@ format_aliases() {
        aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
    fi
 }
 alter_web_counter() {
    user=$1
    domain=$2
    USER_DATA=$VESTA/data/users/$user
    varc=$3
    vard="\$${varc}"
    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
    if [ -z "$counter" ]; then
        add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
        counter=0
    fi
    ((counter++))
    backup_counter=$counter
    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
    counter=$backup_counter
    echo $counter
 }
 reset_web_counter() {
    user=$1
    domain=$2
    USER_DATA=$VESTA/data/users/$user
    varc=$3
    vard="\$${varc}"
    update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
 }
 get_web_counter() {
    user=$1
    domain=$2
    USER_DATA=$VESTA/data/users/$user
    varc=$3
    vard="\$${varc}"
    counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
    if [ -z "$counter" ]; then
        counter=0
    fi
    echo $counter
 }
 # Simple chmod wrapper that skips symlink files after glob expand
 # Taken from HestiaCP
 no_symlink_chmod() {
    local filemode=$1; shift;
    for i in "$@"; do
        [[ -L ${i} ]] && continue
        chmod "${filemode}" "${i}"
    done
 }
 # $1 = subject
 # $2 = body
 send_email_to_admin() {
    email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
    email=$(echo "$email" | cut -f 2 -d "'")
    if [ -z "$email" ]; then
        if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
            email=$NOTIFY_ADMIN_FULL_BACKUP
        fi
    fi
    if [ -z "$email" ]; then
        return;
    fi
    echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
 }
--- a/func/rebuild.sh
+++ b/func/rebuild.sh
@ -51,7 +51,7 @@ rebuild_user_conf() {
    mkdir -p $HOMEDIR/$user/conf
    chmod a+x $HOMEDIR/$user
    chmod a+x $HOMEDIR/$user/conf
-    chown $user:$user $HOMEDIR/$user
+    chown --no-dereference $user:$user $HOMEDIR/$user
    chown root:root $HOMEDIR/$user/conf
    # Update disk pipe
@ -80,7 +80,7 @@ rebuild_user_conf() {
        chmod 751 $HOMEDIR/$user/conf/web
        chmod 751 $HOMEDIR/$user/web
        chmod 771 $HOMEDIR/$user/tmp
-        chown $user:$user $HOMEDIR/$user/web
+        chown --no-dereference $user:$user $HOMEDIR/$user/web
        if [ -z "$create_user" ]; then
            $BIN/v-rebuild-web-domains $user $restart
        fi
@ -183,10 +183,10 @@ rebuild_web_domain_conf() {
    fi
    # Set folder permissions
-    chmod 551 $HOMEDIR/$user/web/$domain \
+    no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/stats \
        $HOMEDIR/$user/web/$domain/logs
-    chmod 751 $HOMEDIR/$user/web/$domain/private \
+    no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
        $HOMEDIR/$user/web/$domain/cgi-bin \
        $HOMEDIR/$user/web/$domain/public_html \
        $HOMEDIR/$user/web/$domain/public_shtml \
@ -194,7 +194,7 @@ rebuild_web_domain_conf() {
    chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
    # Set ownership
-    chown $user:$user $HOMEDIR/$user/web/$domain \
+    chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
        $HOMEDIR/$user/web/$domain/private \
        $HOMEDIR/$user/web/$domain/cgi-bin \
        $HOMEDIR/$user/web/$domain/public_html \
--- a/install/debian/7/pma/apache.conf
+++ b/install/debian/7/pma/apache.conf
@ -15,6 +15,7 @@ Alias /phpmyadmin /usr/share/phpmyadmin
 		php_admin_flag allow_url_fopen Off
 		php_value include_path .
 		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value sys_temp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
 	</IfModule>
--- a/install/debian/7/templates/web/apache2/basedir.stpl
+++ b/install/debian/7/templates/web/apache2/basedir.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/7/templates/web/apache2/basedir.tpl
+++ b/install/debian/7/templates/web/apache2/basedir.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/7/templates/web/apache2/default.stpl
+++ b/install/debian/7/templates/web/apache2/default.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/default.tpl
+++ b/install/debian/7/templates/web/apache2/default.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/hosting.stpl
+++ b/install/debian/7/templates/web/apache2/hosting.stpl
@ -24,6 +24,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/hosting.tpl
+++ b/install/debian/7/templates/web/apache2/hosting.tpl
@ -14,7 +14,6 @@
    <Directory %docroot%>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value upload_max_filesize 10M
        php_admin_value max_execution_time 20
        php_admin_value post_max_size  8M
@ -24,6 +23,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/7/templates/web/apache2/phpcgi.stpl
+++ b/install/debian/7/templates/web/apache2/phpcgi.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/7/templates/web/apache2/phpcgi.tpl
+++ b/install/debian/7/templates/web/apache2/phpcgi.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/7/templates/web/apache2/phpfcgid.stpl
+++ b/install/debian/7/templates/web/apache2/phpfcgid.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/7/templates/web/apache2/phpfcgid.tpl
+++ b/install/debian/7/templates/web/apache2/phpfcgid.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/7/templates/web/php5-fpm/default.tpl
+++ b/install/debian/7/templates/web/php5-fpm/default.tpl
@ -11,6 +11,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/debian/7/templates/web/php5-fpm/socket.tpl
+++ b/install/debian/7/templates/web/php5-fpm/socket.tpl
@ -14,6 +14,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/debian/7/templates/web/skel/public_html/index.html
+++ b/install/debian/7/templates/web/skel/public_html/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/debian/7/templates/web/skel/public_shtml/index.html
+++ b/install/debian/7/templates/web/skel/public_shtml/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/debian/8/pma/apache.conf
+++ b/install/debian/8/pma/apache.conf
@ -15,6 +15,7 @@ Alias /phpmyadmin /usr/share/phpmyadmin
 		php_admin_flag allow_url_fopen Off
 		php_value include_path .
 		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value sys_temp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
 	</IfModule>
--- a/install/debian/8/templates/web/apache2/basedir.stpl
+++ b/install/debian/8/templates/web/apache2/basedir.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/8/templates/web/apache2/basedir.tpl
+++ b/install/debian/8/templates/web/apache2/basedir.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/8/templates/web/apache2/default.stpl
+++ b/install/debian/8/templates/web/apache2/default.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/8/templates/web/apache2/default.tpl
+++ b/install/debian/8/templates/web/apache2/default.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/8/templates/web/apache2/hosting.stpl
+++ b/install/debian/8/templates/web/apache2/hosting.stpl
@ -24,6 +24,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/8/templates/web/apache2/hosting.tpl
+++ b/install/debian/8/templates/web/apache2/hosting.tpl
@ -23,6 +23,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/8/templates/web/apache2/phpcgi.stpl
+++ b/install/debian/8/templates/web/apache2/phpcgi.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/8/templates/web/apache2/phpcgi.tpl
+++ b/install/debian/8/templates/web/apache2/phpcgi.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/8/templates/web/apache2/phpfcgid.stpl
+++ b/install/debian/8/templates/web/apache2/phpfcgid.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/8/templates/web/apache2/phpfcgid.tpl
+++ b/install/debian/8/templates/web/apache2/phpfcgid.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/8/templates/web/php5-fpm/default.tpl
+++ b/install/debian/8/templates/web/php5-fpm/default.tpl
@ -11,6 +11,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/debian/8/templates/web/php5-fpm/socket.tpl
+++ b/install/debian/8/templates/web/php5-fpm/socket.tpl
@ -14,6 +14,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/debian/8/templates/web/skel/public_html/index.html
+++ b/install/debian/8/templates/web/skel/public_html/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/debian/8/templates/web/skel/public_shtml/index.html
+++ b/install/debian/8/templates/web/skel/public_shtml/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/debian/9/exim/exim4.conf.template
+++ b/install/debian/9/exim/exim4.conf.template
@ -138,7 +138,7 @@ acl_check_rcpt:
 acl_check_data:
 .ifdef CLAMD
  deny   message        = Message contains a virus ($malware_name) and has been rejected
-         malware        = *
+         malware        = */defer_ok
         condition      = ${if eq{$acl_m0}{yes}{yes}{no}}
 .endif
@ -164,7 +164,7 @@ acl_check_data:
 acl_check_mime:
  deny   message        = Blacklisted file extension detected
-         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}}
+         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}}
  accept
--- a/install/debian/9/nginx/nginx.conf
+++ b/install/debian/9/nginx/nginx.conf
@ -75,7 +75,9 @@ http {
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
-    set_real_ip_from 104.16.0.0/12;
+    set_real_ip_from   104.16.0.0/13;
    set_real_ip_from   104.24.0.0/14;
    #set_real_ip_from 104.16.0.0/12;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 141.101.64.0/18;
@ -97,10 +99,10 @@ http {
    # SSL PCI Compliance
-    ssl_session_cache   shared:SSL:10m;
+    ssl_session_cache   shared:SSL:20m;
-    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
-    ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+    ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
    # Error pages
--- a/install/debian/9/pma/apache.conf
+++ b/install/debian/9/pma/apache.conf
@ -15,6 +15,7 @@ Alias /phpmyadmin /usr/share/phpmyadmin
 		php_admin_flag allow_url_fopen Off
 		php_value include_path .
 		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value sys_temp_dir /var/lib/phpmyadmin/tmp
 		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
 	</IfModule>
--- a/install/debian/9/templates/web/apache2/basedir.stpl
+++ b/install/debian/9/templates/web/apache2/basedir.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/9/templates/web/apache2/basedir.tpl
+++ b/install/debian/9/templates/web/apache2/basedir.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/debian/9/templates/web/apache2/default.stpl
+++ b/install/debian/9/templates/web/apache2/default.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/9/templates/web/apache2/default.tpl
+++ b/install/debian/9/templates/web/apache2/default.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/9/templates/web/apache2/hosting.stpl
+++ b/install/debian/9/templates/web/apache2/hosting.stpl
@ -24,6 +24,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/9/templates/web/apache2/hosting.tpl
+++ b/install/debian/9/templates/web/apache2/hosting.tpl
@ -23,6 +23,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/debian/9/templates/web/apache2/phpcgi.stpl
+++ b/install/debian/9/templates/web/apache2/phpcgi.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/9/templates/web/apache2/phpcgi.tpl
+++ b/install/debian/9/templates/web/apache2/phpcgi.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/debian/9/templates/web/apache2/phpfcgid.stpl
+++ b/install/debian/9/templates/web/apache2/phpfcgid.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/9/templates/web/apache2/phpfcgid.tpl
+++ b/install/debian/9/templates/web/apache2/phpfcgid.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/debian/9/templates/web/nginx/php-fpm/invoiceninja.stpl
+++ b/install/debian/9/templates/web/nginx/php-fpm/invoiceninja.stpl
@ -0,0 +1,64 @@
 server {
    listen      %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;
    root        %sdocroot%/public;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;
    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
            expires     max;
        }
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt { access_log off; log_not_found off; }
    sendfile off;
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass    %backend_lsnr%;
        fastcgi_index   index.php;
        include         /etc/nginx/fastcgi_params;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        }
    }
    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;
    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }
    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }
    location /vstats/ {
        alias   %home%/%user%/web/%domain%/stats/;
        include %home%/%user%/conf/web/%domain%.auth*;
    }
    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;
    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
 }
--- a/install/debian/9/templates/web/nginx/php-fpm/invoiceninja.tpl
+++ b/install/debian/9/templates/web/nginx/php-fpm/invoiceninja.tpl
@ -0,0 +1,59 @@
 server {
    listen      %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;
    root        %docroot%/public;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
        expires     max;
    }
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt { access_log off; log_not_found off; }
    sendfile off;
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass    %backend_lsnr%;
        fastcgi_index   index.php;
        include         /etc/nginx/fastcgi_params;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        }
    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;
    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }
    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }
    location /vstats/ {
        alias   %home%/%user%/web/%domain%/stats/;
        include %home%/%user%/conf/web/%domain%.auth*;
    }
    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;
    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
 }
--- a/install/debian/9/templates/web/nginx/php-fpm/mautic.stpl
+++ b/install/debian/9/templates/web/nginx/php-fpm/mautic.stpl
@ -0,0 +1,48 @@
 server {
    listen      %ip%:%web_ssl_port%;
    server_name %domain_idn% %alias_idn%;
    root        %sdocroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;
    ssl         on;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    location / {
        try_files $uri /index.php?$query_string;
    }
    location ~ '\.php$' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass %backend_lsnr%;
        include         /etc/nginx/fastcgi_params;
    }
    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;
    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }
    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }
    location /vstats/ {
        alias   %home%/%user%/web/%domain%/stats/;
        include %home%/%user%/conf/web/%domain%.auth*;
    }
    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;
    include     %home%/%user%/conf/web/snginx.%domain%.conf*;
 }
--- a/install/debian/9/templates/web/nginx/php-fpm/mautic.tpl
+++ b/install/debian/9/templates/web/nginx/php-fpm/mautic.tpl
@ -0,0 +1,44 @@
 server {
    listen      %ip%:%web_port%;
    server_name %domain_idn% %alias_idn%;
    root        %docroot%;
    index       index.php index.html index.htm;
    access_log  /var/log/nginx/domains/%domain%.log combined;
    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
    error_log   /var/log/nginx/domains/%domain%.error.log error;
    location / {
        try_files $uri /index.php?$query_string;
    }
    location ~ '\.php$' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass %backend_lsnr%;
        include         /etc/nginx/fastcgi_params;
    }
    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;
    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }
    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }
    location /vstats/ {
        alias   %home%/%user%/web/%domain%/stats/;
        include %home%/%user%/conf/web/%domain%.auth*;
    }
    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;
    include     %home%/%user%/conf/web/nginx.%domain%.conf*;
 }
--- a/install/debian/9/templates/web/php-fpm/default.tpl
+++ b/install/debian/9/templates/web/php-fpm/default.tpl
@ -11,6 +11,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/debian/9/templates/web/php-fpm/socket.tpl
+++ b/install/debian/9/templates/web/php-fpm/socket.tpl
@ -14,6 +14,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/debian/9/templates/web/skel/public_html/index.html
+++ b/install/debian/9/templates/web/skel/public_html/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/debian/9/templates/web/skel/public_shtml/index.html
+++ b/install/debian/9/templates/web/skel/public_shtml/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/debian/9/vsftpd/vsftpd.conf
+++ b/install/debian/9/vsftpd/vsftpd.conf
@ -24,3 +24,16 @@ pasv_enable=YES
 pasv_max_port=12100
 pasv_min_port=12000
 use_localtime=YES
 ssl_enable=YES
 allow_anon_ssl=YES
 force_local_data_ssl=YES
 force_local_logins_ssl=YES
 ssl_tlsv1_2=YES
 ssl_sslv2=NO
 ssl_sslv3=NO
 require_ssl_reuse=YES
 ssl_ciphers=HIGH
 idle_session_timeout=600
 data_connection_timeout=120
 rsa_cert_file=/usr/local/vesta/ssl/certificate.crt
 rsa_private_key_file=/usr/local/vesta/ssl/certificate.key
--- a/install/rhel/5/templates/web/httpd/basedir.stpl
+++ b/install/rhel/5/templates/web/httpd/basedir.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/rhel/5/templates/web/httpd/basedir.tpl
+++ b/install/rhel/5/templates/web/httpd/basedir.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/install/rhel/5/templates/web/httpd/default.stpl
+++ b/install/rhel/5/templates/web/httpd/default.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/rhel/5/templates/web/httpd/default.tpl
+++ b/install/rhel/5/templates/web/httpd/default.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/rhel/5/templates/web/httpd/hosting.stpl
+++ b/install/rhel/5/templates/web/httpd/hosting.stpl
@ -24,6 +24,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/rhel/5/templates/web/httpd/hosting.tpl
+++ b/install/rhel/5/templates/web/httpd/hosting.tpl
@ -23,6 +23,7 @@
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
    </Directory>
    <Directory %home%/%user%/web/%domain%/stats>
--- a/install/rhel/5/templates/web/httpd/phpcgi.stpl
+++ b/install/rhel/5/templates/web/httpd/phpcgi.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/rhel/5/templates/web/httpd/phpcgi.tpl
+++ b/install/rhel/5/templates/web/httpd/phpcgi.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        Action phpcgi-script /cgi-bin/php
        <Files *.php>
--- a/install/rhel/5/templates/web/httpd/phpfcgid.stpl
+++ b/install/rhel/5/templates/web/httpd/phpfcgid.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/rhel/5/templates/web/httpd/phpfcgid.tpl
+++ b/install/rhel/5/templates/web/httpd/phpfcgid.tpl
@ -16,6 +16,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %docroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        <Files *.php>
          SetHandler fcgid-script
--- a/install/rhel/5/templates/web/php-fpm/default.tpl
+++ b/install/rhel/5/templates/web/php-fpm/default.tpl
@ -11,6 +11,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/rhel/5/templates/web/php-fpm/socket.tpl
+++ b/install/rhel/5/templates/web/php-fpm/socket.tpl
@ -14,6 +14,7 @@ pm.max_requests = 4000
 pm.process_idle_timeout = 10s
 pm.status_path = /status
 php_admin_value[sys_temp_dir] = /home/%user%/tmp
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
--- a/install/rhel/5/templates/web/skel/public_html/index.html
+++ b/install/rhel/5/templates/web/skel/public_html/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/rhel/5/templates/web/skel/public_shtml/index.html
+++ b/install/rhel/5/templates/web/skel/public_shtml/index.html
@ -18,7 +18,7 @@
 <body>
    <h1>%domain%</h1>
    <div>
-        <a href="http://vestacp.com/">Powered by VESTA</a>
+        <a href="https://vestacp.com/">Server control panel by VESTA</a>
    </div>
 </body>
--- a/install/rhel/6/templates/web/httpd/basedir.stpl
+++ b/install/rhel/6/templates/web/httpd/basedir.stpl
@ -17,6 +17,7 @@
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
        php_admin_value upload_tmp_dir %home%/%user%/tmp
        php_admin_value sys_temp_dir %home%/%user%/tmp
        php_admin_value session.save_path %home%/%user%/tmp
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
    </Directory>
--- a/Show more
+++ b/Show more