mirror of
https://github.com/serghey-rodin/vesta.git
synced 2025-08-22 06:14:19 -07:00
Compare commits
No commits in common. "master" and "0.9.8-18" have entirely different histories.
2193 changed files with 18299 additions and 116438 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -4,6 +4,3 @@
|
|||
*.gz
|
||||
.vscode
|
||||
.DS_Store
|
||||
src/react/node_modules
|
||||
src/react/build
|
||||
/.idea
|
||||
|
|
@ -1,8 +1,6 @@
|
|||
[Vesta Control Panel](http://vestacp.com/)
|
||||
==================================================
|
||||
|
||||
Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
|
||||
|
||||
[](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||
|
||||
* Vesta is an open source hosting control panel.
|
||||
|
|
@ -18,7 +16,7 @@ ssh root@your.server
|
|||
|
||||
Download the installation script, and run it:
|
||||
```bash
|
||||
curl https://vestacp.com/pub/vst-install.sh | bash
|
||||
curl http://vestacp.com/pub/vst-install.sh | bash
|
||||
```
|
||||
|
||||
How to install (3 step)
|
||||
|
|
@ -31,7 +29,7 @@ ssh root@your.server
|
|||
|
||||
Download the installation script:
|
||||
```bash
|
||||
curl -O https://vestacp.com/pub/vst-install.sh
|
||||
curl -O http://vestacp.com/pub/vst-install.sh
|
||||
```
|
||||
Then run it:
|
||||
```bash
|
||||
|
|
@ -40,5 +38,5 @@ bash vst-install.sh
|
|||
|
||||
License
|
||||
----------------------------
|
||||
Vesta is licensed under [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license
|
||||
Vesta is licensed under [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
Please report security issues to dev@vestacp.com
|
||||
|
|
@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
|
|||
|
||||
# Checking arg number
|
||||
check_args '2' "$#" 'MODULE LICENSE'
|
||||
is_user_format_valid "$license" "license"
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
|
|
@ -35,7 +35,7 @@ is_user_format_valid "$license" "license"
|
|||
|
||||
# Activating license
|
||||
v_host='https://vestacp.com/checkout'
|
||||
answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module")
|
||||
answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
|
||||
check_result $? "cant' connect to vestacp.com " $E_CONNECT
|
||||
|
||||
# Checking server answer
|
||||
|
|
|
|||
|
|
@ -38,7 +38,8 @@ EOF
|
|||
sftpc() {
|
||||
expect -f "-" <<EOF "$@"
|
||||
set count 0
|
||||
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
|
||||
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
|
||||
Port=$port $user@$host
|
||||
expect {
|
||||
"password:" {
|
||||
send "$password\r"
|
||||
|
|
@ -93,14 +94,12 @@ EOF
|
|||
|
||||
if [ "$type" != 'local' ];then
|
||||
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
|
||||
is_format_valid 'user' 'host' 'path' 'port'
|
||||
is_format_valid 'host'
|
||||
is_password_valid
|
||||
if [ "$type" = 'sftp' ]; then
|
||||
which expect >/dev/null 2>&1
|
||||
check_result $? "expect command not found" $E_NOTEXIST
|
||||
fi
|
||||
host "$host" >/dev/null 2>&1
|
||||
check_result $? "host connection failed" "$E_CONNECT"
|
||||
fi
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l)
|
|||
# Adding second level domain
|
||||
if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
|
||||
$BIN/v-add-dns-domain \
|
||||
$user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
|
||||
$user $alias $ip '' '' '' '' '' $restart >> /dev/null
|
||||
exit
|
||||
fi
|
||||
|
||||
# Adding top-level domain and then its sub
|
||||
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
|
||||
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null
|
||||
|
||||
# Checking top-level domain
|
||||
if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then
|
||||
|
|
|
|||
|
|
@ -45,12 +45,10 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ $rtype != "CAA" ]; then
|
||||
dvalue=${dvalue//\"/}
|
||||
dvalue=${dvalue//\"/}
|
||||
|
||||
if [[ "$dvalue" =~ [\;[:space:]] ]]; then
|
||||
dvalue='"'"$dvalue"'"'
|
||||
fi
|
||||
if [[ "$dvalue" =~ [\;[:space:]] ]]; then
|
||||
dvalue='"'"$dvalue"'"'
|
||||
fi
|
||||
|
||||
# Additional argument formatting
|
||||
|
|
|
|||
|
|
@ -21,12 +21,6 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
|
|||
# Defining absolute path to iptables
|
||||
iptables="/sbin/iptables"
|
||||
|
||||
# Get vesta port by reading nginx.conf
|
||||
vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
|
||||
if [ -z "$vestaport" ]; then
|
||||
vestaport=8083
|
||||
fi
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
|
@ -47,19 +41,13 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
|
|||
|
||||
# Checking known chains
|
||||
case $chain in
|
||||
SSH) # Get ssh port by reading ssh config file.
|
||||
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
|
||||
if [ -z "$sshport" ]; then
|
||||
sshport=22
|
||||
fi
|
||||
port=$sshport;
|
||||
protocol=TCP ;;
|
||||
SSH) port=22; protocol=TCP ;;
|
||||
FTP) port=21; protocol=TCP ;;
|
||||
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
|
||||
DNS) port=53; protocol=UDP ;;
|
||||
WEB) port='80,443'; protocol=TCP ;;
|
||||
DB) port='3306,5432'; protocol=TCP ;;
|
||||
VESTA) port=$vestaport; protocol=TCP ;;
|
||||
VESTA) port=8083; protocol=TCP ;;
|
||||
*) check_args '2' "$#" 'CHAIN PORT' ;;
|
||||
esac
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,13 @@
|
|||
#!/bin/bash
|
||||
# info: check letsencrypt domain
|
||||
# options: USER DOMAIN [ALIASES]
|
||||
# info: adding letsencrypt ssl cetificate for domain
|
||||
# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
|
||||
#
|
||||
# The function check and validates domain with Let's Encript
|
||||
# The function turns on SSL support for a domain. Parameter ssl_dir is a path
|
||||
# to directory where 2 or 3 ssl files can be found. Certificate file
|
||||
# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
|
||||
# authority domain.tld.ca file is optional. If home directory parameter
|
||||
# (ssl_home) is not set, https domain uses public_shtml as separate
|
||||
# documentroot directory.
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
|
|
@ -13,9 +18,8 @@
|
|||
user=$1
|
||||
domain=$2
|
||||
aliases=$3
|
||||
|
||||
# LE API
|
||||
API='https://acme-v02.api.letsencrypt.org'
|
||||
restart=$4
|
||||
notify=$5
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
|
|
@ -23,346 +27,98 @@ source $VESTA/func/domain.sh
|
|||
source $VESTA/conf/vesta.conf
|
||||
|
||||
# Additional argument formatting
|
||||
format_identifier_idn() {
|
||||
identifier_idn=$identifier
|
||||
if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
|
||||
identifier_idn=$(idn -t --quiet -a $identifier_idn)
|
||||
fi
|
||||
}
|
||||
|
||||
# encode base64
|
||||
encode_base64() {
|
||||
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
||||
}
|
||||
|
||||
# Let's Encrypt v2 curl function
|
||||
query_le_v2() {
|
||||
|
||||
protected='{"nonce": "'$3'",'
|
||||
protected=''$protected' "url": "'$1'",'
|
||||
protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
|
||||
content="Content-Type: application/jose+json"
|
||||
|
||||
payload_=$(echo -n "$2" |encode_base64)
|
||||
protected_=$(echo -n "$protected" |encode_base64)
|
||||
signature_=$(printf "%s" "$protected_.$payload_" |\
|
||||
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
|
||||
encode_base64)
|
||||
|
||||
post_data='{"protected":"'"$protected_"'",'
|
||||
post_data=$post_data'"payload":"'"$payload_"'",'
|
||||
post_data=$post_data'"signature":"'"$signature_"'"}'
|
||||
|
||||
# Save http response to file passed as "$4" arg or print to stdout if not provided
|
||||
# http response headers are always sent to stdout
|
||||
local save_to_file=${4:-"/dev/stdout"}
|
||||
curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
|
||||
}
|
||||
|
||||
format_domain_idn
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN [ALIASES]'
|
||||
is_format_valid 'user' 'domain' 'aliases'
|
||||
check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||
is_object_unsuspended 'web' 'DOMAIN' "$domain"
|
||||
get_domain_values 'web'
|
||||
|
||||
echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
|
||||
echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
|
||||
|
||||
# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
|
||||
if [[ "$aliases" != "*.$domain" ]]; then
|
||||
for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
|
||||
check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
|
||||
if [ -z "$check_alias" ]; then
|
||||
echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_NOTEXIST "domain alias $alias doesn't exist"
|
||||
fi
|
||||
done
|
||||
fi;
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Parsing domain data
|
||||
get_domain_values 'web'
|
||||
|
||||
# Registering LetsEncrypt user account
|
||||
echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
|
||||
$BIN/v-add-letsencrypt-user $user
|
||||
echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [ "$?" -ne 0 ]; then
|
||||
touch $VESTA/data/queue/letsencrypt.pipe
|
||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||
send_notice "LETSENCRYPT" "Account registration failed"
|
||||
echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "LE account registration" >/dev/null
|
||||
fi
|
||||
|
||||
# Parsing LetsEncrypt account data
|
||||
source $USER_DATA/ssl/le.conf
|
||||
email=$EMAIL
|
||||
|
||||
# Checking wildcard alias
|
||||
if [ "$aliases" = "*.$domain" ]; then
|
||||
echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
|
||||
wildcard='yes'
|
||||
proto="dns-01"
|
||||
if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
|
||||
echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
|
||||
fi
|
||||
else
|
||||
proto="http-01"
|
||||
fi
|
||||
|
||||
# Requesting nonce / STEP 1
|
||||
echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
|
||||
echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
|
||||
answer=$(curl -s -I "$API/directory")
|
||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [[ "$status" -ne 200 ]]; then
|
||||
echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "Let's Encrypt nonce request status $status"
|
||||
fi
|
||||
|
||||
# Placing new order / STEP 2
|
||||
echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
|
||||
url="$API/acme/new-order"
|
||||
payload='{"identifiers":['
|
||||
for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
|
||||
format_identifier_idn
|
||||
payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
|
||||
done
|
||||
payload=$(echo "$payload"|sed "s/,$//")
|
||||
payload=$payload']}'
|
||||
echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
|
||||
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
||||
answer=$(query_le_v2 "$url" "$payload" "$nonce")
|
||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
||||
authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
|
||||
echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
|
||||
finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
|
||||
echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
|
||||
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
|
||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [[ "$status" -ne 201 ]]; then
|
||||
echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "Let's Encrypt new auth status $status"
|
||||
fi
|
||||
|
||||
# Requesting authorization token / STEP 3
|
||||
echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
|
||||
for auth in $authz; do
|
||||
payload=''
|
||||
echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
|
||||
echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
||||
answer=$(query_le_v2 "$auth" "$payload" "$nonce")
|
||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
||||
url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
|
||||
echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
|
||||
token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
|
||||
echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
|
||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [[ "$status" -ne 200 ]]; then
|
||||
echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
|
||||
# Validating domain and aliases
|
||||
i=1
|
||||
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
|
||||
$BIN/v-check-letsencrypt-domain $user $alias
|
||||
if [ "$?" -ne 0 ]; then
|
||||
touch $VESTA/data/queue/letsencrypt.pipe
|
||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||
send_notice "LETSENCRYPT" "$alias validation failed"
|
||||
check_result $E_INVALID "LE domain validation" >/dev/null
|
||||
fi
|
||||
|
||||
# Configuring challenge / STEP 4
|
||||
echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
|
||||
echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [ "$wildcard" = 'yes' ]; then
|
||||
record=$(printf "%s" "$token.$THUMB" |\
|
||||
openssl dgst -sha256 -binary |encode_base64)
|
||||
old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
|
||||
old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
|
||||
for old_record in $old_records; do
|
||||
$BIN/v-delete-dns-record "$user" "$domain" "$old_record"
|
||||
done
|
||||
$BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
|
||||
exitstatus=$?
|
||||
echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [ "$exitstatus" -ne 0 ]; then
|
||||
echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
|
||||
fi
|
||||
check_result $exitstatus "DNS _acme-challenge record wasn't created"
|
||||
else
|
||||
if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
|
||||
if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
|
||||
# if vesta is behind main nginx
|
||||
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
|
||||
acme_challenge="$well_known/acme-challenge"
|
||||
mkdir -p $acme_challenge
|
||||
echo "$token.$THUMB" > $acme_challenge/$token
|
||||
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
|
||||
chown -R $user:$user $well_known
|
||||
else
|
||||
# default nginx method
|
||||
conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
|
||||
sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
|
||||
# if [ ! -e "$conf" ]; then
|
||||
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
|
||||
> $conf
|
||||
echo ' default_type text/plain;' >> $conf
|
||||
echo ' return 200 "$1.'$THUMB'";' >> $conf
|
||||
echo '}' >> $conf
|
||||
# fi
|
||||
echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [ ! -e "$sconf" ]; then
|
||||
ln -s "$conf" "$sconf"
|
||||
fi
|
||||
echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log
|
||||
$BIN/v-restart-proxy
|
||||
if [ -z "$PROXY_SYSTEM" ]; then
|
||||
# apache-less variant
|
||||
echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log
|
||||
$BIN/v-restart-web
|
||||
fi
|
||||
exitstatus=$?
|
||||
if [ "$exitstatus" -ne 0 ]; then
|
||||
echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
|
||||
fi
|
||||
check_result $exitstatus "Proxy restart failed" >/dev/null
|
||||
fi
|
||||
else
|
||||
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
|
||||
acme_challenge="$well_known/acme-challenge"
|
||||
mkdir -p $acme_challenge
|
||||
echo "$token.$THUMB" > $acme_challenge/$token
|
||||
chown -R $user:$user $well_known
|
||||
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
|
||||
# $BIN/v-restart-web
|
||||
# check_result $? "Web restart failed" >/dev/null
|
||||
fi
|
||||
fi
|
||||
|
||||
# Requesting ACME validation / STEP 5
|
||||
echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
|
||||
validation_check=$(echo "$answer" |grep '"valid"')
|
||||
echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [[ ! -z "$validation_check" ]]; then
|
||||
validation='valid'
|
||||
else
|
||||
validation='pending'
|
||||
fi
|
||||
|
||||
# Doing pol check on status
|
||||
i=1
|
||||
while [ "$validation" = 'pending' ]; do
|
||||
echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
payload='{}'
|
||||
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
||||
answer=$(query_le_v2 "$url" "$payload" "$nonce")
|
||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
||||
validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
|
||||
echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
|
||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [[ "$status" -ne 200 ]]; then
|
||||
echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "Let's Encrypt validation status $status"
|
||||
fi
|
||||
|
||||
i=$((i + 1))
|
||||
if [ "$i" -gt 10 ]; then
|
||||
echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "Let's Encrypt domain validation timeout"
|
||||
fi
|
||||
sleeping=$((i*2))
|
||||
echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
|
||||
sleep $sleeping
|
||||
done
|
||||
if [ "$validation" = 'invalid' ]; then
|
||||
echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "Let's Encrypt domain verification failed"
|
||||
# Checking LE limits per account
|
||||
if [ "$i" -gt 100 ]; then
|
||||
touch $VESTA/data/queue/letsencrypt.pipe
|
||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||
send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
|
||||
check_result $E_LIMIT "LE can't sign more than 100 domains"
|
||||
fi
|
||||
i=$((i++))
|
||||
done
|
||||
|
||||
|
||||
# Generating new ssl certificate
|
||||
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
|
||||
# Generating CSR
|
||||
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
|
||||
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
|
||||
|
||||
# Sending CSR to finalize order / STEP 6
|
||||
echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log
|
||||
|
||||
csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
|
||||
payload='{"csr":"'$csr'"}'
|
||||
echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
||||
answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
|
||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
|
||||
echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [[ "$status" -ne 200 ]]; then
|
||||
echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
|
||||
# Signing CSR
|
||||
crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
|
||||
if [ "$?" -ne 0 ]; then
|
||||
touch $VESTA/data/queue/letsencrypt.pipe
|
||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||
send_notice "LETSENCRYPT" "$alias validation failed"
|
||||
check_result "$E_INVALID" "LE $domain validation"
|
||||
fi
|
||||
echo "$crt" > $ssl_dir/$domain.crt
|
||||
|
||||
# Downloading signed certificate / STEP 7
|
||||
echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
|
||||
echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
||||
answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
|
||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [[ "$status" -ne 200 ]]; then
|
||||
[ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
|
||||
echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
|
||||
check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
|
||||
fi
|
||||
|
||||
# Splitting up downloaded pem
|
||||
# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
|
||||
crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
|
||||
# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
|
||||
head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
|
||||
|
||||
pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
|
||||
# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
|
||||
ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
|
||||
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
|
||||
ca_end=$(( pem_lines - crt_end + 1 ))
|
||||
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
|
||||
tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
|
||||
|
||||
# Temporary fix for double "END CERTIFICATE"
|
||||
if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
|
||||
sed -i '1,2d' $ssl_dir/$domain.ca
|
||||
# Dowloading CA certificate
|
||||
le_certs='https://letsencrypt.org/certs'
|
||||
x1='lets-encrypt-x1-cross-signed.pem.txt'
|
||||
x3='lets-encrypt-x3-cross-signed.pem.txt'
|
||||
issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
|
||||
if [ -z "$(echo $issuer|grep X3)" ]; then
|
||||
curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
|
||||
else
|
||||
curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
|
||||
fi
|
||||
|
||||
# Adding SSL
|
||||
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
|
||||
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
|
||||
echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
|
||||
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
|
||||
exitstatus=$?
|
||||
echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
|
||||
if [ "$exitstatus" -ne '0' ]; then
|
||||
if [ "$?" -ne '0' ]; then
|
||||
touch $VESTA/data/queue/letsencrypt.pipe
|
||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||
echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
|
||||
send_notice 'LETSENCRYPT' "$domain certificate installation failed"
|
||||
check_result $exitstatus "SSL install" >/dev/null
|
||||
check_result $? "SSL install" >/dev/null
|
||||
fi
|
||||
|
||||
# Adding LE autorenew cronjob
|
||||
|
|
@ -379,19 +135,23 @@ if [ -z "$LETSENCRYPT" ]; then
|
|||
fi
|
||||
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
|
||||
|
||||
reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Deleteing task from queue
|
||||
touch $VESTA/data/queue/letsencrypt.pipe
|
||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||
# Restarting web
|
||||
$BIN/v-restart-web $restart
|
||||
if [ "$?" -ne 0 ]; then
|
||||
send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
|
||||
fi
|
||||
|
||||
# Notifying user
|
||||
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
|
||||
echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
|
||||
|
||||
# Deleteing task from queue
|
||||
touch $VESTA/data/queue/letsencrypt.pipe
|
||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
#!/bin/bash
|
||||
# info: register letsencrypt user account
|
||||
# options: USER
|
||||
# options: USER [EMAIL]
|
||||
#
|
||||
# The function creates and register LetsEncript account
|
||||
# The function creates and register LetsEncript account key
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
|
|
@ -11,9 +11,8 @@
|
|||
|
||||
# Argument definition
|
||||
user=$1
|
||||
|
||||
# LE API
|
||||
API='https://acme-v02.api.letsencrypt.org'
|
||||
email=$2
|
||||
key_size=4096
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
|
|
@ -24,38 +23,15 @@ encode_base64() {
|
|||
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
||||
}
|
||||
|
||||
# Let's Encrypt v2 curl function
|
||||
query_le_v2() {
|
||||
protected='{"nonce": "'$3'",'
|
||||
protected=''$protected' "url": "'$1'",'
|
||||
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
|
||||
content="Content-Type: application/jose+json"
|
||||
|
||||
payload_=$(echo -n "$2" |encode_base64)
|
||||
protected_=$(echo -n "$protected" |encode_base64)
|
||||
signature_=$(printf "%s" "$protected_.$payload_" |\
|
||||
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
|
||||
encode_base64)
|
||||
|
||||
post_data='{"protected":"'"$protected_"'",'
|
||||
post_data=$post_data'"payload":"'"$payload_"'",'
|
||||
post_data=$post_data'"signature":"'"$signature_"'"}'
|
||||
|
||||
curl -s -i -d "$post_data" "$1" -H "$content"
|
||||
}
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '1' "$#" 'USER'
|
||||
check_args '1' "$#" 'USER [EMAIL]'
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
if [ -e "$USER_DATA/ssl/le.conf" ]; then
|
||||
source "$USER_DATA/ssl/le.conf"
|
||||
fi
|
||||
if [ ! -z "$KID" ]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
|
|
@ -64,57 +40,57 @@ fi
|
|||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
# Defining user email
|
||||
if [[ -z "$EMAIL" ]]; then
|
||||
EMAIL=$(get_user_value '$CONTACT')
|
||||
api='https://acme-v01.api.letsencrypt.org'
|
||||
if [ -z "$email" ]; then
|
||||
email=$(get_user_value '$CONTACT')
|
||||
fi
|
||||
|
||||
# Defining user agreement
|
||||
agreement=''
|
||||
agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
|
||||
|
||||
# Generating user key
|
||||
KEY="$USER_DATA/ssl/user.key"
|
||||
if [ ! -e "$KEY" ]; then
|
||||
openssl genrsa -out $KEY 4096 >/dev/null 2>&1
|
||||
chmod 600 $KEY
|
||||
# Generating key
|
||||
key="$USER_DATA/ssl/user.key"
|
||||
if [ ! -e "$key" ]; then
|
||||
openssl genrsa -out $key $key_size >/dev/null 2>&1
|
||||
chmod 600 $key
|
||||
fi
|
||||
|
||||
# Defining key exponent
|
||||
if [ -z "$EXPONENT" ]; then
|
||||
EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
|
||||
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
|
||||
xxd -r -p |encode_base64)
|
||||
fi
|
||||
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
|
||||
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
|
||||
xxd -r -p |encode_base64)
|
||||
|
||||
# Defining key modulus
|
||||
if [ -z "$MODULUS" ]; then
|
||||
MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
|
||||
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
|
||||
fi
|
||||
modulus=$(openssl rsa -in "$key" -modulus -noout |\
|
||||
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
|
||||
|
||||
# Defining JWK
|
||||
jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
|
||||
# Defining key thumb
|
||||
thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
|
||||
|
||||
# Defining key thumbnail
|
||||
if [ -z "$THUMB" ]; then
|
||||
THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
|
||||
fi
|
||||
# Defining JWK header
|
||||
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||
header='{"alg":"RS256","jwk":'"$header"'}'
|
||||
|
||||
# Requesting nonce
|
||||
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
|
||||
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||
|
||||
# Requesting ACME nonce
|
||||
nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
|
||||
# Defining registration query
|
||||
query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
|
||||
query=$query'"agreement":"'$agreement'"}'
|
||||
payload=$(echo -n "$query" |encode_base64)
|
||||
signature=$(printf "%s" "$protected.$payload" |\
|
||||
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||
|
||||
# Creating ACME account
|
||||
url="$API/acme/new-acct"
|
||||
payload='{"termsOfServiceAgreed": true}'
|
||||
answer=$(query_le_v2 "$url" "$payload" "$nonce")
|
||||
kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
|
||||
# Sending request to LetsEncrypt API
|
||||
answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
|
||||
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
|
||||
|
||||
# Checking answer status
|
||||
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
|
||||
if [[ "${status:0:2}" -ne "20" ]]; then
|
||||
check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
|
||||
# Checking http answer status
|
||||
if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
|
||||
check_result $E_CONNECT "LetsEncrypt account registration $status"
|
||||
fi
|
||||
|
||||
|
||||
|
|
@ -123,17 +99,12 @@ fi
|
|||
#----------------------------------------------------------#
|
||||
|
||||
# Adding le.conf
|
||||
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
||||
echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
|
||||
echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
|
||||
echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
|
||||
echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
|
||||
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
|
||||
chmod 660 $USER_DATA/ssl/le.conf
|
||||
else
|
||||
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
|
||||
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
|
||||
fi
|
||||
echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
|
||||
echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
|
||||
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
|
||||
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
|
||||
chmod 660 $USER_DATA/ssl/le.conf
|
||||
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ is_object_valid 'user' 'USER' "$user"
|
|||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
is_domain_new 'mail' "$domain"
|
||||
is_package_full 'MAIL_DOMAINS'
|
||||
is_dir_symlink $HOMEDIR/$user/mail
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
|
|
|
|||
|
|
@ -60,8 +60,8 @@ if [ -z "$sys_ip_check" ]; then
|
|||
/sbin/ip addr add $ip/$cidr dev $interface \
|
||||
broadcast $broadcast label $iface
|
||||
|
||||
# Adding RHEL/CentOS/Fedora/Amazon startup script
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
# Adding RHEL/CentOS/Fedora startup script
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
sys_ip="# Added by vesta"
|
||||
sys_ip="$sys_ip\nDEVICE=$iface"
|
||||
sys_ip="$sys_ip\nBOOTPROTO=static"
|
||||
|
|
|
|||
|
|
@ -1,106 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: copy mail ssl certificate
|
||||
# options: USER DOMAIN [RESTART]
|
||||
#
|
||||
# The function copies user domain SSL to mail SSL directory
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
domain=$2
|
||||
restart=$3
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/func/domain.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN [RESTART]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Defining certificate location
|
||||
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
|
||||
dom_key="/home/$user/conf/web/ssl.$domain.key"
|
||||
vst_crt="$VESTA/ssl/mail.crt"
|
||||
vst_key="$VESTA/ssl/mail.key"
|
||||
|
||||
# Checking certificate
|
||||
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
|
||||
check_result $E_NOTEXIST "$domain certificate doesn't exist"
|
||||
fi
|
||||
|
||||
# Checking difference
|
||||
diff $dom_crt $vst_crt >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
rm -f $vst_crt.old $vst_key.old
|
||||
mv $vst_crt $vst_crt.old >/dev/null 2>&1
|
||||
mv $vst_key $vst_key.old >/dev/null 2>&1
|
||||
cp $dom_crt $vst_crt 2>/dev/null
|
||||
cp $dom_key $vst_key 2>/dev/null
|
||||
chown root:mail $vst_crt $vst_key
|
||||
else
|
||||
restart=no
|
||||
fi
|
||||
|
||||
# Updating mail certificate
|
||||
case $MAIL_SYSTEM in
|
||||
exim) conf='/etc/exim/exim.conf';;
|
||||
exim4) conf='/etc/exim4/exim4.conf.template';;
|
||||
esac
|
||||
if [ -e "$conf" ]; then
|
||||
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
|
||||
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
|
||||
fi
|
||||
|
||||
# Updating imap certificate
|
||||
conf="/etc/dovecot/conf.d/10-ssl.conf"
|
||||
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
|
||||
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
|
||||
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Restarting services
|
||||
if [ "$restart" != 'no' ]; then
|
||||
if [ ! -z "$MAIL_SYSTEM" ]; then
|
||||
$BIN/v-restart-service $MAIL_SYSTEM
|
||||
fi
|
||||
if [ ! -z "$IMAP_SYSTEM" ]; then
|
||||
$BIN/v-restart-service $IMAP_SYSTEM
|
||||
fi
|
||||
fi
|
||||
|
||||
# Updating vesta.conf
|
||||
if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
|
||||
echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
|
||||
else
|
||||
sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
|
||||
$VESTA/conf/vesta.conf
|
||||
fi
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
|
|
@ -21,7 +21,7 @@ source $VESTA/conf/vesta.conf
|
|||
# Checking quota package
|
||||
quota=$(which --skip-alias --skip-functions quota 2>/dev/null)
|
||||
if [ $? -ne 0 ]; then
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
yum -y install quota >/dev/null 2>&1
|
||||
check_result $? "quota package installation failed" $E_UPDATE
|
||||
else
|
||||
|
|
|
|||
|
|
@ -1,97 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: add vesta ssl certificate
|
||||
# options: USER DOMAIN [RESTART]
|
||||
#
|
||||
# The function copies user domain SSL to vesta SSL directory
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
domain=$2
|
||||
restart=$3
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/func/domain.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN [RESTART]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Defining certificate location
|
||||
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
|
||||
dom_key="/home/$user/conf/web/ssl.$domain.key"
|
||||
vst_crt="$VESTA/ssl/certificate.crt"
|
||||
vst_key="$VESTA/ssl/certificate.key"
|
||||
|
||||
# Checking certificate
|
||||
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
|
||||
check_result $E_NOTEXIST "$domain certificate doesn't exist"
|
||||
fi
|
||||
|
||||
# Checking difference
|
||||
diff $dom_crt $vst_crt >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
rm -f $vst_crt.old $vst_key.old
|
||||
mv $vst_crt $vst_crt.old
|
||||
mv $vst_key $vst_key.old
|
||||
cp $dom_crt $vst_crt 2>/dev/null
|
||||
cp $dom_key $vst_key 2>/dev/null
|
||||
chown root:mail $vst_crt $vst_key
|
||||
else
|
||||
restart=no
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Restarting services
|
||||
if [ "$restart" != 'no' ]; then
|
||||
if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
|
||||
$BIN/v-restart-service $MAIL_SYSTEM
|
||||
fi
|
||||
if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
|
||||
$BIN/v-restart-service $IMAP_SYSTEM
|
||||
fi
|
||||
if [ ! -z "$FTP_SYSTEM" ]; then
|
||||
$BIN/v-restart-service "$FTP_SYSTEM"
|
||||
fi
|
||||
if [ -e "/var/run/vesta-nginx.pid" ]; then
|
||||
kill -HUP $(cat /var/run/vesta-nginx.pid)
|
||||
else
|
||||
service vesta restart
|
||||
fi
|
||||
fi
|
||||
|
||||
# Updating vesta.conf
|
||||
if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
|
||||
echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
|
||||
else
|
||||
sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
|
||||
$VESTA/conf/vesta.conf
|
||||
fi
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
|
|
@ -30,37 +30,37 @@ is_package_new() {
|
|||
is_package_consistent() {
|
||||
source $pkg_dir/$package.pkg
|
||||
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
|
||||
is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
|
||||
is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS'
|
||||
fi
|
||||
if [ "$WEB_ALIASES" != 'unlimited' ]; then
|
||||
is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
|
||||
is_format_valid_int $WEB_ALIASES 'WEB_ALIASES'
|
||||
fi
|
||||
if [ "$DNS_DOMAINS" != 'unlimited' ]; then
|
||||
is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
|
||||
is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS'
|
||||
fi
|
||||
if [ "$DNS_RECORDS" != 'unlimited' ]; then
|
||||
is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
|
||||
is_format_valid_int $DNS_RECORDS 'DNS_RECORDS'
|
||||
fi
|
||||
if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
|
||||
is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
|
||||
is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS'
|
||||
fi
|
||||
if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
|
||||
is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
|
||||
is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
|
||||
fi
|
||||
if [ "$DATABASES" != 'unlimited' ]; then
|
||||
is_int_format_valid $DATABASES 'DATABASES'
|
||||
is_format_valid_int $DATABASES 'DATABASES'
|
||||
fi
|
||||
if [ "$CRON_JOBS" != 'unlimited' ]; then
|
||||
is_int_format_valid $CRON_JOBS 'CRON_JOBS'
|
||||
is_format_valid_int $CRON_JOBS 'CRON_JOBS'
|
||||
fi
|
||||
if [ "$DISK_QUOTA" != 'unlimited' ]; then
|
||||
is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
|
||||
is_format_valid_int $DISK_QUOTA 'DISK_QUOTA'
|
||||
fi
|
||||
if [ "$BANDWIDTH" != 'unlimited' ]; then
|
||||
is_int_format_valid $BANDWIDTH 'BANDWIDTH'
|
||||
is_format_valid_int $BANDWIDTH 'BANDWIDTH'
|
||||
fi
|
||||
if [ "$BACKUPS" != 'unlimited' ]; then
|
||||
is_int_format_valid $BACKUPS 'BACKUPS'
|
||||
is_format_valid_int $BACKUPS 'BACKUPS'
|
||||
fi
|
||||
is_format_valid_shell $SHELL
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ fi
|
|||
#----------------------------------------------------------#
|
||||
|
||||
# Cleaning yum cache
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
yum -q clean all
|
||||
yum="yum -q -y --noplugins --disablerepo=* --enablerepo=vesta"
|
||||
else
|
||||
|
|
@ -57,7 +57,7 @@ fi
|
|||
|
||||
# Updating php pacakge
|
||||
if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
$yum -y update vesta-php
|
||||
check_result $? "vesta-php package upgrade failed" $E_UPDATE
|
||||
else
|
||||
|
|
@ -67,7 +67,7 @@ if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
|
|||
fi
|
||||
|
||||
# Adding vesta-ioncube package
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
rpm -q vesta-ioncube >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
$yum -y install vesta-ioncube >/dev/null 2>&1
|
||||
|
|
@ -82,7 +82,7 @@ else
|
|||
fi
|
||||
|
||||
# Adding vesta-softaculous package
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
rpm -q vesta-softaculous >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
$yum -y install vesta-softaculous >/dev/null 2>&1
|
||||
|
|
@ -98,8 +98,6 @@ fi
|
|||
|
||||
# Installing softaculous
|
||||
if [ ! -e "$VESTA/softaculous/vst_installed" ]; then
|
||||
mkdir -p /var/softaculous
|
||||
chown -R admin:admin /var/softaculous
|
||||
cd $VESTA/softaculous
|
||||
wget -q http://c.vestacp.com/3rdparty/softaculous_install.inc
|
||||
$VESTA/php/bin/php softaculous_install.inc
|
||||
|
|
@ -107,11 +105,9 @@ if [ ! -e "$VESTA/softaculous/vst_installed" ]; then
|
|||
touch $VESTA/softaculous/vst_installed
|
||||
fi
|
||||
|
||||
# Enabling symlink
|
||||
if [ -e "$VESTA/disabled_plugins/softaculous" ]; then
|
||||
if [ ! -e "$VESTA/web/softaculous" ]; then
|
||||
mv $VESTA/disabled_plugins/softaculous $VESTA/web/softaculous
|
||||
fi
|
||||
# Adding symlink
|
||||
if [ ! -e "$VESTA/web/softaculous" ]; then
|
||||
ln -s $VESTA/softaculous/vesta $VESTA/web/softaculous
|
||||
fi
|
||||
|
||||
# Updating SOFTACULOUS value
|
||||
|
|
|
|||
|
|
@ -47,9 +47,6 @@ is_object_valid 'user' 'USER' "$user"
|
|||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
|
||||
is_domain_new 'web' "$domain,$aliases"
|
||||
is_dir_symlink $HOMEDIR/$user/web
|
||||
if_dir_exists $HOMEDIR/$user/web/$domain
|
||||
is_dir_symlink $HOMEDIR/$user/web/$domain
|
||||
if [ ! -z "$ip" ]; then
|
||||
is_ip_valid "$ip" "$user"
|
||||
else
|
||||
|
|
@ -65,7 +62,7 @@ fi
|
|||
source $USER_DATA/user.conf
|
||||
|
||||
# Creating domain directories
|
||||
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
|
||||
mkdir -p $HOMEDIR/$user/web/$domain \
|
||||
$HOMEDIR/$user/web/$domain/public_html \
|
||||
$HOMEDIR/$user/web/$domain/public_shtml \
|
||||
$HOMEDIR/$user/web/$domain/document_errors \
|
||||
|
|
@ -82,7 +79,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
|
|||
$HOMEDIR/$user/web/$domain/logs/
|
||||
|
||||
# Adding domain skeleton
|
||||
sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
|
||||
cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
|
||||
for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
|
||||
sed -i "s/%domain%/$domain/g" $file
|
||||
done
|
||||
|
|
@ -91,9 +88,9 @@ done
|
|||
chown -R $user:$user $HOMEDIR/$user/web/$domain
|
||||
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
|
||||
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
|
||||
sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
|
||||
sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
|
||||
sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
|
||||
chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
|
||||
chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
|
||||
chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
|
||||
|
||||
# Addding PHP-FPM backend
|
||||
if [ ! -z "$WEB_BACKEND" ]; then
|
||||
|
|
@ -115,12 +112,9 @@ if [ "$aliases" = 'none' ]; then
|
|||
ALIAS=''
|
||||
else
|
||||
ALIAS="www.$domain"
|
||||
if [ -z "$aliases" ]; then
|
||||
ALIAS="www.$domain"
|
||||
else
|
||||
ALIAS="$aliases"
|
||||
if [ ! -z "$aliases" ]; then
|
||||
ALIAS="$ALIAS,$aliases"
|
||||
fi
|
||||
|
||||
ip_alias=$(get_ip_alias $domain)
|
||||
if [ ! -z "$ip_alias" ]; then
|
||||
ALIAS="$ALIAS,$ip_alias"
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ fi
|
|||
|
||||
# Allocating backend port
|
||||
backend_port=9000
|
||||
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
|
||||
ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
|
||||
ports=$(echo "$ports" |sed "s/://" |sort -n)
|
||||
for port in $ports; do
|
||||
if [ "$backend_port" -eq "$port" ]; then
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ fi
|
|||
/usr/sbin/useradd $ftp_user \
|
||||
-s $shell \
|
||||
-o -u $(id -u $user) \
|
||||
-g $(id -g $user) \
|
||||
-g $(id -u $user) \
|
||||
-M -d "$ftp_path_a" > /dev/null 2>&1
|
||||
|
||||
# Set ftp user password
|
||||
|
|
|
|||
|
|
@ -120,35 +120,6 @@ check_result $? "Web restart failed" >/dev/null
|
|||
$BIN/v-restart-proxy $restart
|
||||
check_result $? "Proxy restart failed" >/dev/null
|
||||
|
||||
# Updating system ssl dependencies
|
||||
if [ ! -z "$VESTA_CERTIFICATE" ]; then
|
||||
crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
|
||||
crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
|
||||
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
|
||||
$BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
|
||||
fi
|
||||
fi
|
||||
if [ ! -z "$MAIL_CERTIFICATE" ]; then
|
||||
crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
|
||||
crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
|
||||
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
|
||||
$BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
|
||||
hostname=$(hostname)
|
||||
if [ "$hostname" = "$domain" ]; then
|
||||
$BIN/v-update-host-certificate $user $domain
|
||||
fi
|
||||
fi
|
||||
|
||||
UPDATE_SSL_SCRIPT=''
|
||||
source $VESTA/conf/vesta.conf
|
||||
if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
|
||||
eval "$UPDATE_SSL_SCRIPT $user $domain"
|
||||
fi
|
||||
|
||||
# Logging
|
||||
log_history "enabled ssl support for $domain"
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
|
|
|||
|
|
@ -68,12 +68,8 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
|
|||
(( ++i))
|
||||
done
|
||||
|
||||
if [ -z "$BACKUP_TEMP" ]; then
|
||||
BACKUP_TEMP=$BACKUP
|
||||
fi
|
||||
|
||||
# Creating temporary directory
|
||||
tmpdir=$(mktemp -p $BACKUP_TEMP -d)
|
||||
tmpdir=$(mktemp -p /tmp -d)
|
||||
|
||||
if [ "$?" -ne 0 ]; then
|
||||
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
|
||||
|
|
@ -216,32 +212,24 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
|
|||
cp $USER_DATA/ssl/$domain.* vesta/
|
||||
fi
|
||||
|
||||
# Changin dir to documentroot
|
||||
cd $HOMEDIR/$user/web/$domain
|
||||
|
||||
# Define exclude arguments
|
||||
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
|
||||
set -f
|
||||
fargs=()
|
||||
fargs+=(--exclude='./logs/*')
|
||||
fargs+=(--exclude='logs/*')
|
||||
if [ ! -z "$exlusion" ]; then
|
||||
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
|
||||
for xpath in $xdirs; do
|
||||
if [ -d "$xpath" ]; then
|
||||
fargs+=(--exclude=$xpath/*)
|
||||
echo "$(date "+%F %T") excluding directory $xpath"
|
||||
msg="$msg\n$(date "+%F %T") excluding directory $xpath"
|
||||
else
|
||||
echo "$(date "+%F %T") excluding file $xpath"
|
||||
msg="$msg\n$(date "+%F %T") excluding file $xpath"
|
||||
fargs+=(--exclude=$xpath)
|
||||
fi
|
||||
fargs+=(--exclude=$xpath/*)
|
||||
echo "$(date "+%F %T") excluding directory $xpath"
|
||||
msg="$msg\n$(date "+%F %T") excluding directory $xpath"
|
||||
done
|
||||
fi
|
||||
set +f
|
||||
|
||||
# Backup files
|
||||
tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
|
||||
cd $HOMEDIR/$user/web/$domain
|
||||
tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
|
||||
done
|
||||
|
||||
# Print total
|
||||
|
|
@ -400,17 +388,14 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
|
|||
grep "DB='$database'" $conf > vesta/db.conf
|
||||
|
||||
dump="$tmpdir/db/$database/$database.$TYPE.sql"
|
||||
dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
|
||||
grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
|
||||
if [ ! -f "$dumpgz" ]; then
|
||||
case $TYPE in
|
||||
mysql) dump_mysql_database ;;
|
||||
pgsql) dump_pgsql_database ;;
|
||||
esac
|
||||
case $TYPE in
|
||||
mysql) dump_mysql_database ;;
|
||||
pgsql) dump_pgsql_database ;;
|
||||
esac
|
||||
|
||||
# Compress dump
|
||||
gzip -$BACKUP_GZIP $dump
|
||||
fi
|
||||
# Compress dump
|
||||
gzip -$BACKUP_GZIP $dump
|
||||
done
|
||||
|
||||
# Print total
|
||||
|
|
@ -460,15 +445,11 @@ if [ "$USER" != '*' ]; then
|
|||
fi
|
||||
fargs=()
|
||||
for xpath in $(echo "$USER" |tr ',' '\n'); do
|
||||
if [ -d "$xpath" ]; then
|
||||
fargs+=(--exclude=$xpath/*)
|
||||
echo "$(date "+%F %T") excluding directory $xpath" |\
|
||||
fargs+=(-not)
|
||||
fargs+=(-path)
|
||||
fargs+=("./$xpath*")
|
||||
echo "$(date "+%F %T") excluding directory $xpath" |\
|
||||
tee -a $BACKUP/$user.log
|
||||
else
|
||||
echo "$(date "+%F %T") excluding file $xpath" |\
|
||||
tee -a $BACKUP/$user.log
|
||||
fargs+=(--exclude=$xpath)
|
||||
fi
|
||||
done
|
||||
|
||||
IFS=$'\n'
|
||||
|
|
@ -479,12 +460,11 @@ if [ "$USER" != '*' ]; then
|
|||
exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
|
||||
if [ -z "$exclusion" ]; then
|
||||
((i ++))
|
||||
udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g")
|
||||
udir_list="$udir_list $udir_str"
|
||||
udir_list="$udir_list $udir"
|
||||
echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
|
||||
|
||||
# Backup files and dirs
|
||||
tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
|
||||
tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
|
||||
fi
|
||||
done
|
||||
set +f
|
||||
|
|
@ -519,7 +499,7 @@ local_backup(){
|
|||
backup_list=$(ls -lrt $BACKUP/ |awk '{print $9}' |grep "^$user\." | grep ".tar")
|
||||
backups_count=$(echo "$backup_list" |wc -l)
|
||||
if [ "$BACKUPS" -le "$backups_count" ]; then
|
||||
backups_rm_number=$((backups_count - BACKUPS + 1))
|
||||
backups_rm_number=$((backups_count - BACKUPS))
|
||||
|
||||
# Removing old backup
|
||||
for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
|
||||
|
|
@ -595,7 +575,7 @@ ftp_backup() {
|
|||
fi
|
||||
|
||||
# Debug info
|
||||
echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar"
|
||||
echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
|
||||
|
||||
# Checking ftp connection
|
||||
fconn=$(ftpc)
|
||||
|
|
@ -635,7 +615,7 @@ ftp_backup() {
|
|||
fi
|
||||
backups_count=$(echo "$backup_list" |wc -l)
|
||||
if [ "$backups_count" -ge "$BACKUPS" ]; then
|
||||
backups_rm_number=$((backups_count - BACKUPS + 1))
|
||||
backups_rm_number=$((backups_count - BACKUPS))
|
||||
for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
|
||||
backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar$//")
|
||||
echo -e "$(date "+%F %T") Rotated ftp backup: $backup_date" |\
|
||||
|
|
@ -790,7 +770,7 @@ sftp_backup() {
|
|||
fi
|
||||
backups_count=$(echo "$backup_list" |wc -l)
|
||||
if [ "$backups_count" -ge "$BACKUPS" ]; then
|
||||
backups_rm_number=$((backups_count - BACKUPS + 1))
|
||||
backups_rm_number=$((backups_count - BACKUPS))
|
||||
for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
|
||||
backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar.*$//")
|
||||
echo -e "$(date "+%F %T") Rotated sftp backup: $backup_date" |\
|
||||
|
|
|
|||
|
|
@ -28,9 +28,6 @@ if [ -z "$BACKUP_SYSTEM" ]; then
|
|||
exit
|
||||
fi
|
||||
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
|
||||
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
|
||||
continue;
|
||||
fi
|
||||
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
|
||||
log=$VESTA/log/backup.log
|
||||
if [ ! -z "$check_suspend" ]; then
|
||||
|
|
|
|||
|
|
@ -52,11 +52,8 @@ salt=$(generate_password "$PW_MATRIX" "8")
|
|||
md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
|
||||
|
||||
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
|
||||
quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
|
||||
quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
|
||||
quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
|
||||
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||
str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M"
|
||||
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
|
||||
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
|
|||
check_args '2' "$#" 'KEY VALUE'
|
||||
is_format_valid 'key'
|
||||
|
||||
format_no_quotes "$value" 'value'
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
|
|
|
|||
|
|
@ -31,16 +31,18 @@ is_format_valid 'domain'
|
|||
|
||||
hostname $domain
|
||||
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
# RHEL/CentOS/Amazon
|
||||
# RHEL/CentOS
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
touch /etc/sysconfig/network
|
||||
if [ -z "$(grep HOSTNAME /etc/sysconfig/network)" ]; then
|
||||
echo "HOSTNAME='$domain'" >> /etc/sysconfig/network
|
||||
else
|
||||
sed -i "s/HOSTNAME=.*/HOSTNAME='$domain'/" /etc/sysconfig/network
|
||||
fi
|
||||
else
|
||||
# Debian/Ubuntu
|
||||
fi
|
||||
|
||||
# Debian/Ubuntu
|
||||
if [ ! -e "/etc/redhat-release" ]; then
|
||||
echo "$domain" > /etc/hostname
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -34,72 +34,48 @@ is_ip_valid "$ip"
|
|||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Updating IP
|
||||
# Changing nat ip
|
||||
if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
|
||||
sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
|
||||
old=''
|
||||
new=$nat_ip
|
||||
else
|
||||
old=$(get_ip_value '$NAT')
|
||||
new=$nat_ip
|
||||
sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip
|
||||
if [ -z "$nat_ip" ]; then
|
||||
new=$ip
|
||||
update_ip_value '$NAT' "$nat_ip"
|
||||
fi
|
||||
|
||||
# Check ftp system
|
||||
if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
|
||||
|
||||
# Find configuration
|
||||
if [ -e '/etc/vsftpd/vsftpd.conf' ]; then
|
||||
conf='/etc/vsftpd/vsftpd.conf'
|
||||
fi
|
||||
fi
|
||||
|
||||
# Updating WEB configs
|
||||
if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then
|
||||
sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf
|
||||
for user in $(ls $VESTA/data/users/); do
|
||||
$BIN/v-rebuild-web-domains $user no
|
||||
done
|
||||
$BIN/v-restart-dns $restart
|
||||
fi
|
||||
if [ -e '/etc/vsftpd.conf' ]; then
|
||||
conf='/etc/vsftpd.conf'
|
||||
fi
|
||||
|
||||
# Updating DNS configs
|
||||
if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then
|
||||
sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf
|
||||
sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf
|
||||
for user in $(ls $VESTA/data/users/); do
|
||||
$BIN/v-rebuild-dns-domains $user no
|
||||
done
|
||||
$BIN/v-restart-dns $restart
|
||||
fi
|
||||
|
||||
# Updating FTP
|
||||
if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then
|
||||
conf=$(find /etc -name $FTP_SYSTEM.conf)
|
||||
if [ -e "$conf" ]; then
|
||||
sed -i "s/$old/$new/g" $conf
|
||||
if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
|
||||
check_pasv=$(grep pasv_address $conf)
|
||||
if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
|
||||
echo "pasv_address=$nat_ip" >> $conf
|
||||
fi
|
||||
if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then
|
||||
sed -i "/pasv_address/d" $conf
|
||||
fi
|
||||
if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
|
||||
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
|
||||
fi
|
||||
# Update config
|
||||
if [ -z "$(grep pasv_address $conf)" ]; then
|
||||
if [ ! -z "$nat_ip" ]; then
|
||||
echo "pasv_address=$nat_ip" >> $conf
|
||||
fi
|
||||
else
|
||||
if [ ! -z "$nat_ip" ]; then
|
||||
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
|
||||
else
|
||||
sed -i "/pasv_address/d" $conf
|
||||
fi
|
||||
fi
|
||||
$BIN/v-restart-ftp $restart
|
||||
fi
|
||||
|
||||
# Updating firewall
|
||||
if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then
|
||||
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
|
||||
$BIN/v-update-firewall
|
||||
fi
|
||||
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Restart ftp server
|
||||
$BIN/v-restart-ftp $restart
|
||||
check_result $? "FTP restart failed" >/dev/null
|
||||
|
||||
# Logging
|
||||
log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
|
|
|||
|
|
@ -63,7 +63,6 @@ case $service in
|
|||
spamd) dst=$($BIN/v-list-sys-spamd-config plain);;
|
||||
spamassassin) dst=$($BIN/v-list-sys-spamd-config plain);;
|
||||
clamd) dst=$($BIN/v-list-sys-clamd-config plain);;
|
||||
clamd.scan) dst=$($BIN/v-list-sys-clamd-config plain);;
|
||||
cron) dst='/etc/crontab';;
|
||||
crond) dst='/etc/crontab';;
|
||||
fail2ban) dst='/etc/fail2ban/jail.local';;
|
||||
|
|
@ -96,21 +95,13 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
|
|||
|
||||
if [ "$service" = 'php' ]; then
|
||||
if [ "$WEB_SYSTEM" = "nginx" ]; then
|
||||
if [ $(ps --no-headers -o comm 1) == systemd ]; then
|
||||
service=$(systemctl | grep -o -E "php.*fpm.*\.service")
|
||||
service=${service//.service/}
|
||||
else
|
||||
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
|
||||
fi
|
||||
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
|
||||
else
|
||||
service=$WEB_SYSTEM
|
||||
fi
|
||||
fi
|
||||
|
||||
for single_service in $service; do
|
||||
service $single_service restart >/dev/null 2>&1
|
||||
done <<< "$service"
|
||||
|
||||
service $service restart >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
for config in $dst; do
|
||||
cat $config.vst.back > $config
|
||||
|
|
|
|||
|
|
@ -16,12 +16,16 @@ force=$3
|
|||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/func/domain.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
is_package_avalable() {
|
||||
|
||||
source $USER_DATA/user.conf
|
||||
usr_data=$(cat $USER_DATA/user.conf)
|
||||
IFS=$'\n'
|
||||
for key in $usr_data; do
|
||||
eval ${key%%=*}=${key#*=}
|
||||
done
|
||||
|
||||
WEB_DOMAINS='0'
|
||||
DATABASES='0'
|
||||
MAIL_DOMAINS='0'
|
||||
|
|
@ -29,13 +33,9 @@ is_package_avalable() {
|
|||
DISK_QUOTA='0'
|
||||
BANDWIDTH='0'
|
||||
|
||||
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
|
||||
IFS=$'\n'
|
||||
for str in $pkg_data; do
|
||||
key=$(echo $str |cut -f 1 -d =)
|
||||
value=$(echo $str |cut -f 2 -d \')
|
||||
eval $key="$value"
|
||||
done
|
||||
pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
|
||||
grep -v DATE)
|
||||
eval $pkg_data
|
||||
|
||||
# Checking usage agains package limits
|
||||
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
|
||||
|
|
@ -73,22 +73,11 @@ is_package_avalable() {
|
|||
check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Checking templates
|
||||
is_web_template_valid $WEB_TEMPLATE
|
||||
is_dns_template_valid $DNS_TEMPLATE
|
||||
is_proxy_template_valid $PROXY_TEMPLATE
|
||||
}
|
||||
|
||||
change_user_package() {
|
||||
source $USER_DATA/user.conf
|
||||
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
|
||||
IFS=$'\n'
|
||||
for str in $pkg_data; do
|
||||
key=$(echo $str |cut -f 1 -d =)
|
||||
value=$(echo $str |cut -f 2 -d \')
|
||||
eval $key="$value"
|
||||
done
|
||||
eval $(cat $USER_DATA/user.conf)
|
||||
eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
|
||||
echo "FNAME='$FNAME'
|
||||
LNAME='$LNAME'
|
||||
PACKAGE='$package'
|
||||
|
|
@ -167,7 +156,7 @@ fi
|
|||
change_user_package
|
||||
|
||||
# Update user shell
|
||||
shell_conf=$(echo "$pkg_data" |grep 'SHELL' |cut -f 2 -d \')
|
||||
shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
|
||||
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
|
||||
/usr/bin/chsh -s "$shell" "$user" &>/dev/null
|
||||
|
||||
|
|
|
|||
|
|
@ -13,10 +13,6 @@
|
|||
user=$1
|
||||
password=$2; HIDE=2
|
||||
|
||||
# Importing system enviroment as we run this script
|
||||
# mostly by cron wich not read it by itself
|
||||
source /etc/profile
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
|
@ -26,9 +22,6 @@ source $VESTA/conf/vesta.conf
|
|||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
if [ "$user" = "root" ]; then
|
||||
check_result $E_FORBIDEN "Changing root password is forbiden"
|
||||
fi
|
||||
check_args '2' "$#" 'USER PASSWORD'
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
|
|
@ -44,10 +37,6 @@ is_password_valid
|
|||
echo "$user:$password" | /usr/sbin/chpasswd
|
||||
md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)
|
||||
|
||||
if [ "$user" = 'admin' ] && [ -e "$VESTA/web/reset.admin" ]; then
|
||||
rm -f $VESTA/web/reset.admin
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
|
|
|
|||
|
|
@ -1,60 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: change vesta port
|
||||
# options: port
|
||||
#
|
||||
# Function will change vesta port
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
port=$1
|
||||
|
||||
if [ -z "$VESTA" ]; then
|
||||
VESTA="/usr/local/vesta"
|
||||
fi
|
||||
|
||||
# Get current vesta port by reading nginx.conf
|
||||
oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
|
||||
if [ -z "$oldport" ]; then
|
||||
oldport=8083
|
||||
fi
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Checking permissions
|
||||
if [ "$(id -u)" != '0' ]; then
|
||||
check_result $E_FORBIDEN "You must be root to execute this script"
|
||||
fi
|
||||
|
||||
check_args '1' "$#" 'PORT'
|
||||
is_int_format_valid "$port" 'port number'
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
|
||||
if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
|
||||
sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
|
||||
fi
|
||||
sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
|
||||
$VESTA/bin/v-update-firewall
|
||||
systemctl restart fail2ban.service
|
||||
sed -i "s| $oldport | $port |g" /etc/iptables.rules
|
||||
systemctl restart vesta
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit 0;
|
||||
|
|
@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf
|
|||
|
||||
# Allocating backend port
|
||||
backend_port=9000
|
||||
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
|
||||
ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
|
||||
ports=$(echo "$ports" |sed "s/://" |sort -n)
|
||||
for port in $ports; do
|
||||
if [ "$backend_port" -eq "$port" ]; then
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user"
|
|||
# Preparing variables for vhost replace
|
||||
get_domain_values 'web'
|
||||
old=$(get_real_ip $IP)
|
||||
new=$(get_real_ip $ip)
|
||||
new=$ip
|
||||
|
||||
# Replacing vhost
|
||||
replace_web_config "$WEB_SYSTEM" "$TPL.tpl"
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: check api key
|
||||
# options: KEY
|
||||
#
|
||||
# The function checks a key file in /usr/local/vesta/data/keys/
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "Error: key missmatch"
|
||||
exit 9
|
||||
fi
|
||||
key=$(basename $1)
|
||||
ip=${2-127.0.0.1}
|
||||
time_n_date=$(date +'%T %F')
|
||||
time=$(echo "$time_n_date" |cut -f 1 -d \ )
|
||||
date=$(echo "$time_n_date" |cut -f 2 -d \ )
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
if [ ! -e $VESTA/data/keys/$key ]; then
|
||||
echo "Error: key missmatch"
|
||||
echo "$date $time api $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
echo "$date $time api $ip successfully launched" >> $VESTA/log/auth.log
|
||||
|
||||
exit
|
||||
162
bin/v-check-letsencrypt-domain
Executable file
162
bin/v-check-letsencrypt-domain
Executable file
|
|
@ -0,0 +1,162 @@
|
|||
#!/bin/bash
|
||||
# info: check letsencrypt domain
|
||||
# options: USER DOMAIN
|
||||
#
|
||||
# The function check and validates domain with LetsEncript
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
domain=$2
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
# encode base64
|
||||
encode_base64() {
|
||||
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
||||
}
|
||||
|
||||
# Additional argument formatting
|
||||
format_domain_idn
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
||||
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
|
||||
fi
|
||||
rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
|
||||
if [ -z "$rdomain" ]; then
|
||||
check_result $E_NOTEXIST "domain $domain doesn't exist"
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
source $USER_DATA/ssl/le.conf
|
||||
api='https://acme-v01.api.letsencrypt.org'
|
||||
r_domain=$(echo "$rdomain" |cut -f 2 -d \')
|
||||
key="$USER_DATA/ssl/user.key"
|
||||
exponent="$EXPONENT"
|
||||
modulus="$MODULUS"
|
||||
thumb="$THUMB"
|
||||
|
||||
# Defining JWK header
|
||||
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||
header='{"alg":"RS256","jwk":'"$header"'}'
|
||||
|
||||
# Requesting nonce
|
||||
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||
|
||||
# Defining ACME query (request challenge)
|
||||
query='{"resource":"new-authz","identifier"'
|
||||
query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
|
||||
payload=$(echo -n "$query" |encode_base64)
|
||||
signature=$(printf "%s" "$protected.$payload" |\
|
||||
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||
|
||||
# Sending request to LetsEncrypt API
|
||||
answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
|
||||
|
||||
# Checking http answer status
|
||||
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
|
||||
if [[ "$status" -ne "201" ]]; then
|
||||
check_result $E_CONNECT "LetsEncrypt challenge request $status"
|
||||
fi
|
||||
|
||||
# Parsing domain nonce,token and uri
|
||||
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||
token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
|
||||
uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
|
||||
|
||||
# Adding location wrapper for request challenge
|
||||
if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
|
||||
conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
|
||||
sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
|
||||
if [ ! -e "$conf" ]; then
|
||||
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
|
||||
echo ' default_type text/plain;' >> $conf
|
||||
echo ' return 200 "$1.'$thumb'";' >> $conf
|
||||
echo '}' >> $conf
|
||||
fi
|
||||
if [ ! -e "$sconf" ]; then
|
||||
ln -s "$conf" "$sconf"
|
||||
fi
|
||||
else
|
||||
acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
|
||||
if [ ! -d "$acme" ]; then
|
||||
mkdir -p $acme
|
||||
fi
|
||||
echo "$token.$thumb" > $acme/$token
|
||||
chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
|
||||
fi
|
||||
|
||||
# Restarting web server
|
||||
if [ -z "$PROXY_SYSTEM" ]; then
|
||||
$BIN/v-restart-web
|
||||
check_result $? "Proxy restart failed" >/dev/null
|
||||
else
|
||||
$BIN/v-restart-proxy
|
||||
$BIN/v-restart-web
|
||||
check_result $? "Web restart failed" >/dev/null
|
||||
fi
|
||||
|
||||
# Defining ACME query (request validation)
|
||||
query='{"resource":"challenge","type":"http-01","keyAuthorization"'
|
||||
query=$query':"'$token.$thumb'","token":"'$token'"}'
|
||||
payload=$(echo -n "$query" |encode_base64)
|
||||
signature=$(printf "%s" "$protected.$payload" |\
|
||||
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||
|
||||
# Sending request to LetsEncrypt API
|
||||
answer=$(curl -s -i -d "$data" "$uri")
|
||||
|
||||
# Checking domain validation status
|
||||
i=1
|
||||
status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
|
||||
location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
|
||||
while [ "$status" = 'pending' ]; do
|
||||
answer=$(curl -s -i "$location")
|
||||
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
|
||||
status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
|
||||
sleep 1
|
||||
i=$((i + 1))
|
||||
if [ "$i" -gt 60 ]; then
|
||||
check_result $E_CONNECT "$detail"
|
||||
fi
|
||||
done
|
||||
if [ "$status" = 'invalid' ]; then
|
||||
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
|
||||
check_result $E_CONNECT "$detail"
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
|
|
@ -1,100 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: check user hash
|
||||
# options: USER HASH [IP]
|
||||
#
|
||||
# The function verifies user hash
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
hash=$2; HIDE=2
|
||||
ip=${3-127.0.0.1}
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
time_n_date=$(date +'%T %F')
|
||||
time=$(echo "$time_n_date" |cut -f 1 -d \ )
|
||||
date=$(echo "$time_n_date" |cut -f 2 -d \ )
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
check_args '2' "$#" 'USER HASH'
|
||||
is_format_valid 'user'
|
||||
|
||||
# Checking user
|
||||
if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
|
||||
# Checking user hash
|
||||
is_hash_valid
|
||||
|
||||
# Checking empty hash
|
||||
if [[ -z "$hash" ]]; then
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
# Parsing user's salt
|
||||
shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
|
||||
|
||||
if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
|
||||
then
|
||||
salt=$(echo "$shadow" |cut -f 3 -d \$)
|
||||
method=$(echo "$shadow" |cut -f 2 -d \$)
|
||||
if [ "$method" -eq '1' ]; then
|
||||
method='md5'
|
||||
elif [ "$method" -eq '6' ]; then
|
||||
method='sha-512'
|
||||
else
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
else
|
||||
salt=${shadow:0:2}
|
||||
method='des'
|
||||
fi
|
||||
|
||||
# Checking salt
|
||||
if [ -z "$salt" ]; then
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
|
||||
# Comparing hashes
|
||||
if [[ "$shadow" != "$hash" ]]; then
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Logging
|
||||
echo "$date $time $user $ip successfully logged in" >> $VESTA/log/auth.log
|
||||
|
||||
exit
|
||||
|
|
@ -82,8 +82,7 @@ if [ -z "$salt" ]; then
|
|||
fi
|
||||
|
||||
# Generating hash
|
||||
set -o noglob
|
||||
hash=$($BIN/v-generate-password-hash $method $salt <<< "$password")
|
||||
hash=$($BIN/v-generate-password-hash $method $salt <<< $password)
|
||||
if [[ -z "$hash" ]]; then
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
|
|||
|
||||
# Activating license
|
||||
v_host='https://vestacp.com/checkout'
|
||||
answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module")
|
||||
answer=$(curl -s $v_host/cancel.php?licence_key=$license)
|
||||
check_result $? "cant' connect to vestacp.com " $E_CONNECT
|
||||
|
||||
# Checking server answer
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ fi
|
|||
# Deleting dkim dns record
|
||||
if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
|
||||
records=$($BIN/v-list-dns-records $user $domain plain)
|
||||
dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
|
||||
dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
|
||||
for id in $dkim_records; do
|
||||
$BIN/v-delete-dns-record $user $domain $id
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,75 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: delete sys vesta user ssl certificate
|
||||
# options: NONE
|
||||
#
|
||||
# The script disables user domain ssl synchronization
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable & Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
vst_crt="$VESTA/ssl/certificate.crt"
|
||||
vst_key="$VESTA/ssl/certificate.key"
|
||||
|
||||
# Updating mail certificate
|
||||
case $MAIL_SYSTEM in
|
||||
exim) conf='/etc/exim/exim.conf';;
|
||||
exim4) conf='/etc/exim4/exim4.conf.template';;
|
||||
esac
|
||||
if [ -e "$conf" ]; then
|
||||
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
|
||||
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
|
||||
fi
|
||||
|
||||
# Updating imap certificate
|
||||
conf="/etc/dovecot/conf.d/10-ssl.conf"
|
||||
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
|
||||
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
|
||||
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
|
||||
fi
|
||||
|
||||
# Moving old certificates
|
||||
if [ -e "$VESTA/ssl/mail.crt" ]; then
|
||||
mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
|
||||
fi
|
||||
if [ -e "VESTA/ssl/mail.key" ]; then
|
||||
mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
|
||||
fi
|
||||
|
||||
# Updating vesta.conf value
|
||||
sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Restarting services
|
||||
if [ "$restart" != 'no' ]; then
|
||||
if [ ! -z "$MAIL_SYSTEM" ]; then
|
||||
$BIN/v-restart-service $MAIL_SYSTEM
|
||||
fi
|
||||
if [ ! -z "$IMAP_SYSTEM" ]; then
|
||||
$BIN/v-restart-service $IMAP_SYSTEM
|
||||
fi
|
||||
fi
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: delete sys vesta user ssl certificate
|
||||
# options: NONE
|
||||
#
|
||||
# The script disables user domain ssl synchronization
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable & Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Updating vesta.conf value
|
||||
sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
|
|
@ -32,8 +32,6 @@ case $system in
|
|||
DNS_REC) is_format_valid 'id' ;;
|
||||
*) is_format_valid 'object'
|
||||
esac
|
||||
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
|
||||
|
|
|
|||
|
|
@ -29,8 +29,7 @@ fi
|
|||
|
||||
# Deleting symlink
|
||||
if [ -e "$VESTA/web/softaculous" ]; then
|
||||
mkdir -p $VESTA/disabled_plugins
|
||||
mv $VESTA/web/softaculous $VESTA/disabled_plugins
|
||||
rm -f $VESTA/web/softaculous
|
||||
fi
|
||||
|
||||
# Updating SOFTACULOUS value
|
||||
|
|
|
|||
|
|
@ -57,13 +57,7 @@ fi
|
|||
|
||||
# Deleting old certificate
|
||||
tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
|
||||
|
||||
# remove certificate files - do not use wildcard, as this might remove other domains
|
||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
|
||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
|
||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
|
||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
|
||||
|
||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
|
||||
mv $USER_DATA/ssl/$domain.* $tmpdir
|
||||
chown -R $user:$user $tmpdir
|
||||
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ fi
|
|||
# Extracting ziped archive
|
||||
if [ ! -z "$(echo $src_file |grep -i '.zip')" ]; then
|
||||
sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
|
||||
sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
|
||||
sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
|
||||
rc=$?
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ fi
|
|||
|
||||
args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
|
||||
check_args '7' "$#" "$args_usage"
|
||||
is_format_valid 'domain' 'alias' 'format'
|
||||
is_format_valid 'domain_alias' 'format'
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
|
|
|
|||
|
|
@ -1,118 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: get user salt
|
||||
# options: USER [IP] [FORMAT]
|
||||
#
|
||||
# The function provides users salt
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
ip=${2-127.0.0.1}
|
||||
format=${3-shell}
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
time_n_date=$(date +'%T %F')
|
||||
time=$(echo "$time_n_date" |cut -f 1 -d \ )
|
||||
date=$(echo "$time_n_date" |cut -f 2 -d \ )
|
||||
|
||||
# JSON list function
|
||||
json_list() {
|
||||
echo '{'
|
||||
echo ' "'$user'": {
|
||||
"METHOD": "'$method'",
|
||||
"SALT": "'$salt'",
|
||||
"TIME": "'$time'",
|
||||
"DATE": "'$date'"
|
||||
}'
|
||||
echo '}'
|
||||
}
|
||||
|
||||
# SHELL list function
|
||||
shell_list() {
|
||||
echo "METHOD: $method"
|
||||
echo "SALT: $salt"
|
||||
}
|
||||
|
||||
# PLAIN list function
|
||||
plain_list() {
|
||||
echo -e "$method\t$salt"
|
||||
}
|
||||
|
||||
# CSV list function
|
||||
csv_list() {
|
||||
echo "METHOD,SALT"
|
||||
echo "$method, $salt"
|
||||
}
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
check_args '1' "$#" 'USER [IP] [SALT]'
|
||||
is_format_valid 'user'
|
||||
|
||||
# Checking user
|
||||
if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Parsing user's salt
|
||||
shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
|
||||
|
||||
if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
|
||||
then
|
||||
salt=$(echo "$shadow" |cut -f 3 -d \$)
|
||||
method=$(echo "$shadow" |cut -f 2 -d \$)
|
||||
if [ "$method" -eq '1' ]; then
|
||||
method='md5'
|
||||
elif [ "$method" -eq '6' ]; then
|
||||
method='sha-512'
|
||||
else
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
else
|
||||
salt=${shadow:0:2}
|
||||
method='des'
|
||||
fi
|
||||
|
||||
if [ -z "$salt" ]; then
|
||||
echo "Error: password missmatch"
|
||||
echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
|
||||
exit 9
|
||||
fi
|
||||
|
||||
|
||||
# Listing data
|
||||
case $format in
|
||||
json) json_list ;;
|
||||
plain) plain_list ;;
|
||||
csv) csv_list ;;
|
||||
shell) shell_list ;;
|
||||
esac
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Logging
|
||||
|
||||
exit
|
||||
|
|
@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then
|
|||
fi
|
||||
|
||||
# Flush domain
|
||||
if [ "$flush" != 'no' ]; then
|
||||
if [ "$flush" ! = 'no' ]; then
|
||||
sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -71,7 +71,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_valid 'dns' 'DOMAIN' "$domain"
|
||||
|
||||
|
|
|
|||
|
|
@ -23,8 +23,7 @@ json_list() {
|
|||
"EMAIL": "'$EMAIL'",
|
||||
"EXPONENT": "'$EXPONENT'",
|
||||
"MODULUS": "'$MODULUS'",
|
||||
"THUMB": "'$THUMB'",
|
||||
"KID": "'$KID'"
|
||||
"THUMB: "'$THUMB'"
|
||||
}'
|
||||
echo '}'
|
||||
}
|
||||
|
|
@ -36,18 +35,17 @@ shell_list() {
|
|||
echo "THUMB: $THUMB"
|
||||
echo "EXPONENT: $EXPONENT"
|
||||
echo "MODULUS: $MODULUS"
|
||||
echo "KID: $KID"
|
||||
}
|
||||
|
||||
# PLAIN list function
|
||||
plain_list() {
|
||||
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
|
||||
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB"
|
||||
}
|
||||
|
||||
# CSV list function
|
||||
csv_list() {
|
||||
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
|
||||
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
|
||||
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB"
|
||||
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB"
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -56,7 +54,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '1' "$#" 'USER [FORMAT]'
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
||||
check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"
|
||||
|
|
|
|||
|
|
@ -57,7 +57,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_valid 'mail' 'DOMAIN' "$domain"
|
||||
|
||||
|
|
@ -68,7 +67,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
|
|||
|
||||
# Parsing domain keys
|
||||
if [ -e "$USER_DATA/mail/$domain.pub" ]; then
|
||||
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
|
||||
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----")
|
||||
pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
|
||||
else
|
||||
pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"
|
||||
|
|
|
|||
|
|
@ -51,9 +51,7 @@ json_list() {
|
|||
"MAIL_URL": "'$MAIL_URL'",
|
||||
"DB_PMA_URL": "'$DB_PMA_URL'",
|
||||
"DB_PGA_URL": "'$DB_PGA_URL'",
|
||||
"SOFTACULOUS": "'$SOFTACULOUS'",
|
||||
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
|
||||
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
|
||||
"SOFTACULOUS": "'$SOFTACULOUS'"
|
||||
}
|
||||
}'
|
||||
}
|
||||
|
|
@ -140,12 +138,6 @@ shell_list() {
|
|||
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
|
||||
echo "Language: $LANGUAGE"
|
||||
fi
|
||||
if [ ! -z "$MAIL_CERTIFICATE" ]; then
|
||||
echo "Mail SSL: $MAIL_CERTIFICATE"
|
||||
fi
|
||||
if [ ! -z "$VESTA_CERTIFICATE" ]; then
|
||||
echo "Vesta SSL: $VESTA_CERTIFICATE"
|
||||
fi
|
||||
echo "Version: $VERSION"
|
||||
}
|
||||
|
||||
|
|
@ -159,8 +151,7 @@ plain_list() {
|
|||
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
|
||||
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
|
||||
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
|
||||
echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
|
||||
echo -e "$VESTA_CERTIFICATE"
|
||||
echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -174,8 +165,7 @@ csv_list() {
|
|||
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
|
||||
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
|
||||
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
|
||||
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
|
||||
echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
|
||||
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
|
||||
echo
|
||||
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
|
||||
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
|
||||
|
|
@ -186,7 +176,6 @@ csv_list() {
|
|||
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
|
||||
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
|
||||
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
|
||||
echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
|
||||
echo
|
||||
}
|
||||
|
||||
|
|
@ -198,7 +187,7 @@ csv_list() {
|
|||
# Listing data
|
||||
case $format in
|
||||
json) json_list ;;
|
||||
plain) plain_list ;;
|
||||
plain) shell_list ;;
|
||||
csv) csv_list ;;
|
||||
shell) shell_list ;;
|
||||
esac
|
||||
|
|
|
|||
|
|
@ -56,18 +56,17 @@ csv_list() {
|
|||
HOSTNAME=$(hostname)
|
||||
|
||||
# Check OS/Release
|
||||
if [ -d '/etc/sysconfig' ]; then
|
||||
if [ -e '/etc/redhat-release' ]; then
|
||||
if [ -e '/etc/redhat-release' ]; then
|
||||
if [ ! -z "$(grep CentOS /etc/redhat-release)" ]; then
|
||||
OS='CentOS'
|
||||
VERSION=$(cat /etc/redhat-release |tr ' ' '\n' |grep [0-9])
|
||||
else
|
||||
OS="Amazon"
|
||||
VERSION=$(cat /etc/issue |tr ' ' '\n' |grep [0-9])
|
||||
OS="RHEL"
|
||||
fi
|
||||
VERSION=$(cat /etc/redhat-release| tr ' ' '\n' |grep [0-9])
|
||||
else
|
||||
if [ "$(lsb_release -si)" == "Ubuntu" ] && [ -e '/etc/debian_version' ]; then
|
||||
OS="Ubuntu"
|
||||
VERSION=$(grep DISTRIB_RELEASE /etc/lsb-release |cut -f 2 -d '=')
|
||||
VERSION=$(grep DISTRIB_RELEASE /etc/lsb-release| cut -f 2 -d '=')
|
||||
else
|
||||
distro=$(head -n1 /etc/issue |cut -f 1 -d ' ')
|
||||
if [ "$distro" = 'Debian' ]; then
|
||||
|
|
|
|||
|
|
@ -1,135 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: list mail ssl certificate
|
||||
# options: [FORMAT]
|
||||
#
|
||||
# The function of obtaining mail ssl files.
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
format=${1-shell}
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
|
||||
# JSON list function
|
||||
json_list() {
|
||||
echo '{'
|
||||
echo -e "\t\"MAIL\": {"
|
||||
echo " \"CRT\": \"$crt\","
|
||||
echo " \"KEY\": \"$key\","
|
||||
echo " \"CA\": \"$ca\","
|
||||
echo " \"SUBJECT\": \"$subj\","
|
||||
echo " \"ALIASES\": \"$alt_dns\","
|
||||
echo " \"NOT_BEFORE\": \"$before\","
|
||||
echo " \"NOT_AFTER\": \"$after\","
|
||||
echo " \"SIGNATURE\": \"$signature\","
|
||||
echo " \"PUB_KEY\": \"$pub_key\","
|
||||
echo " \"ISSUER\": \"$issuer\""
|
||||
echo -e "\t}\n}"
|
||||
}
|
||||
|
||||
# SHELL list function
|
||||
shell_list() {
|
||||
if [ ! -z "$crt" ]; then
|
||||
echo -e "$crt"
|
||||
fi
|
||||
if [ ! -z "$key" ]; then
|
||||
echo -e "\n$key"
|
||||
fi
|
||||
if [ ! -z "$crt" ]; then
|
||||
echo
|
||||
echo
|
||||
echo "SUBJECT: $subj"
|
||||
if [ ! -z "$alt_dns" ]; then
|
||||
echo "ALIASES: ${alt_dns//,/ }"
|
||||
fi
|
||||
echo "VALID FROM: $before"
|
||||
echo "VALID TIL: $after"
|
||||
echo "SIGNATURE: $signature"
|
||||
echo "PUB_KEY: $pub_key"
|
||||
echo "ISSUER: $issuer"
|
||||
fi
|
||||
}
|
||||
|
||||
# PLAIN list function
|
||||
plain_list() {
|
||||
if [ ! -z "$crt" ]; then
|
||||
echo -e "$crt"
|
||||
fi
|
||||
if [ ! -z "$key" ]; then
|
||||
echo -e "\n$key"
|
||||
fi
|
||||
if [ ! -z "$ca" ]; then
|
||||
echo -e "\n$ca"
|
||||
fi
|
||||
if [ ! -z "$crt" ]; then
|
||||
echo "$subj"
|
||||
echo "${alt_dns//,/ }"
|
||||
echo "$before"
|
||||
echo "$after"
|
||||
echo "$signature"
|
||||
echo "$pub_key"
|
||||
echo "$issuer"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# CSV list function
|
||||
csv_list() {
|
||||
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
|
||||
echo "PUB_KEY,ISSUER"
|
||||
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
|
||||
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
|
||||
}
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Parsing SSL certificate
|
||||
if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
|
||||
key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
|
||||
|
||||
|
||||
# Parsing SSL certificate details without CA
|
||||
info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
|
||||
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
|
||||
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
|
||||
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
|
||||
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
|
||||
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
|
||||
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
|
||||
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
|
||||
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
|
||||
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
|
||||
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
|
||||
|
||||
# Listing data
|
||||
case $format in
|
||||
json) json_list ;;
|
||||
plain) plain_list ;;
|
||||
csv) csv_list ;;
|
||||
shell) shell_list ;;
|
||||
esac
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
exit
|
||||
|
|
@ -191,7 +191,7 @@ fi
|
|||
|
||||
# Checking MAIL ANTIVIRUS
|
||||
if [ ! -z "$ANTIVIRUS_SYSTEM" ] && [ "$ANTIVIRUS_SYSTEM" != 'remote' ]; then
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
if [ "$ANTIVIRUS_SYSTEM" == 'clamav' ];then
|
||||
ANTIVIRUS_SYSTEM='clamd'
|
||||
fi
|
||||
|
|
@ -220,7 +220,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
|
|||
proc_name=''
|
||||
service="$db"
|
||||
if [ "$service" = 'mysql' ]; then
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
service='mysqld'
|
||||
proc_name='mysqld'
|
||||
if [ -e "/usr/lib/systemd/system/mariadb.service" ]; then
|
||||
|
|
@ -231,7 +231,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then
|
|||
if [ "$service" == 'pgsql' ]; then
|
||||
service='postgresql'
|
||||
proc_name='postmaster'
|
||||
if [ ! -d "/etc/sysconfig" ]; then
|
||||
if [ ! -e "/etc/redhat-release" ]; then
|
||||
proc_name='postgres'
|
||||
fi
|
||||
if [ ! -e '/etc/init.d/postgresql' ]; then
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ shell_list() {
|
|||
latest=$(wget -q -T 1 -t 1 http://c.vestacp.com/latest.txt -O -)
|
||||
|
||||
# Checking installed vesta version
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
rpm_format="VERSION='%{VERSION}'"
|
||||
rpm_format="$rpm_format RELEASE='%{RELEASE}'"
|
||||
rpm_format="$rpm_format ARCH='%{ARCH}'"
|
||||
|
|
@ -89,7 +89,7 @@ data="NAME='vesta' VERSION='$VERSION' RELEASE='$RELEASE' ARCH='$ARCH'"
|
|||
data="$data UPDATED='$UPDATED' DESCR='core package' TIME='$TIME' DATE='$DATE'"
|
||||
|
||||
# Checking installed vesta-php version
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
eval $(rpm --queryformat="$rpm_format" -q vesta-php)
|
||||
DATE=$(date -d @$UTIME +%F)
|
||||
TIME=$(date -d @$UTIME +%T)
|
||||
|
|
@ -107,7 +107,7 @@ data="$data ARCH='$ARCH' UPDATED='$UPDATED' DESCR='php interpreter'"
|
|||
data="$data TIME='$TIME' DATE='$DATE'"
|
||||
|
||||
# Checking installed vesta-nginx version
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
eval $(rpm --queryformat="$rpm_format" -q vesta-nginx)
|
||||
DATE=$(date -d @$UTIME +%F)
|
||||
TIME=$(date -d @$UTIME +%T)
|
||||
|
|
@ -126,7 +126,7 @@ data="$data TIME='$TIME' DATE='$DATE'"
|
|||
|
||||
# Checking installed vesta-ioncube version
|
||||
if [ "$SOFTACULOUS" = 'yes' ]; then
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
eval $(rpm --queryformat="$rpm_format" -q vesta-ioncube)
|
||||
DATE=$(date -d @$UTIME +%F)
|
||||
TIME=$(date -d @$UTIME +%T)
|
||||
|
|
@ -146,7 +146,7 @@ fi
|
|||
|
||||
# Checking installed vesta-softaculous version
|
||||
if [ "$SOFTACULOUS" = 'yes' ]; then
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
eval $(rpm --queryformat="$rpm_format" -q vesta-softaculous)
|
||||
DATE=$(date -d @$UTIME +%F)
|
||||
TIME=$(date -d @$UTIME +%T)
|
||||
|
|
|
|||
|
|
@ -154,7 +154,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '1' "$#" 'USER [FORMAT]'
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -75,7 +75,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER BACKUP [FORMAT]'
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_valid 'backup' 'BACKUP' "$backup"
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ json_list() {
|
|||
i=1
|
||||
objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
|
||||
echo "{"
|
||||
while read -r str; do
|
||||
while read str; do
|
||||
eval $str
|
||||
echo -n ' "'$BACKUP'": {
|
||||
"TYPE": "'$TYPE'",
|
||||
|
|
|
|||
|
|
@ -23,10 +23,7 @@ json_list() {
|
|||
objects=$(echo "$logs" |wc -l)
|
||||
echo "{"
|
||||
for str in $logs; do
|
||||
ID=$(echo "$str" |cut -f 2 -d \')
|
||||
DATE=$(echo "$str" |cut -f 4 -d \')
|
||||
TIME=$(echo "$str" |cut -f 6 -d \')
|
||||
CMD=$(echo "$str" |cut -f 8 -d \')
|
||||
eval $str
|
||||
CMD=${CMD//\"/\\\"}
|
||||
echo -n ' "'$ID'": {
|
||||
"CMD": "'$CMD'",
|
||||
|
|
@ -49,9 +46,13 @@ shell_list() {
|
|||
echo "DATE~TIME~CMD"
|
||||
echo "----~----~---"
|
||||
for str in $logs; do
|
||||
DATE=$(echo "$str" |cut -f 4 -d \')
|
||||
TIME=$(echo "$str" |cut -f 6 -d \')
|
||||
CMD=$(echo "$str" |cut -f 8 -d \')
|
||||
eval $str
|
||||
if [ -z "$DATE" ]; then
|
||||
DATE='no'
|
||||
fi
|
||||
if [ -z "$TIME" ]; then
|
||||
TIME='no'
|
||||
fi
|
||||
echo "$DATE~$TIME~$CMD"
|
||||
done
|
||||
}
|
||||
|
|
@ -60,9 +61,7 @@ shell_list() {
|
|||
plain_list() {
|
||||
IFS=$'\n'
|
||||
for str in $logs; do
|
||||
DATE=$(echo "$str" |cut -f 4 -d \')
|
||||
TIME=$(echo "$str" |cut -f 6 -d \')
|
||||
CMD=$(echo "$str" |cut -f 8 -d \')
|
||||
eval $str
|
||||
echo -e "$ID\t$CMD\t$UNDO\t$TIME\t$DATE"
|
||||
done
|
||||
}
|
||||
|
|
@ -72,9 +71,7 @@ csv_list() {
|
|||
IFS=$'\n'
|
||||
echo "ID,CMD,UNDO,TIME,DATE"
|
||||
for str in $logs; do
|
||||
DATE=$(echo "$str" |cut -f 4 -d \')
|
||||
TIME=$(echo "$str" |cut -f 6 -d \')
|
||||
CMD=$(echo "$str" |cut -f 8 -d \')
|
||||
eval $str
|
||||
echo "$ID,\"$CMD\",\"$UNDO\",$TIME,$DATE"
|
||||
done
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ json_list() {
|
|||
echo '{'
|
||||
echo ' "'$PACKAGE'": {
|
||||
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
|
||||
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
|
||||
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
|
||||
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
|
||||
"WEB_DOMAINS": "'$WEB_DOMAINS'",
|
||||
|
|
@ -48,7 +47,6 @@ json_list() {
|
|||
shell_list() {
|
||||
echo "PACKAGE: $PACKAGE"
|
||||
echo "WEB TEMPLATE: $WEB_TEMPLATE"
|
||||
echo "BACKEND_TEMPLATE: $BACKEND_TEMPLATE"
|
||||
echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
|
||||
echo "DNS TEMPLATE: $DNS_TEMPLATE"
|
||||
echo "WEB DOMAINS: $WEB_DOMAINS"
|
||||
|
|
@ -70,7 +68,7 @@ shell_list() {
|
|||
|
||||
# PLAIN list function
|
||||
plain_list() {
|
||||
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
|
||||
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
|
||||
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
|
||||
|
|
@ -78,11 +76,11 @@ plain_list() {
|
|||
|
||||
# CSV list function
|
||||
csv_list() {
|
||||
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
||||
echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
||||
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
|
||||
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
|
||||
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
|
||||
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||
echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
|
||||
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
|
||||
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ json_list() {
|
|||
source $VESTA/data/packages/$package
|
||||
echo -n ' "'$PACKAGE'": {
|
||||
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
|
||||
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
|
||||
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
|
||||
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
|
||||
"WEB_DOMAINS": "'$WEB_DOMAINS'",
|
||||
|
|
@ -66,7 +65,7 @@ shell_list() {
|
|||
package_data=$(cat $VESTA/data/packages/$package)
|
||||
package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
|
||||
eval $package_data
|
||||
echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
|
||||
echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
|
||||
echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
|
||||
done
|
||||
}
|
||||
|
|
@ -76,7 +75,7 @@ plain_list() {
|
|||
for package in $packages; do
|
||||
source $VESTA/data/packages/$package
|
||||
PACKAGE=${package/.pkg/}
|
||||
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
|
||||
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
|
||||
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
|
||||
|
|
@ -85,13 +84,13 @@ plain_list() {
|
|||
|
||||
# CSV list function
|
||||
csv_list() {
|
||||
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
||||
echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
||||
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
|
||||
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
|
||||
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
|
||||
for package in $packages; do
|
||||
PACKAGE=${package/.pkg/}
|
||||
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||
echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
|
||||
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
|
||||
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
|
||||
|
|
|
|||
|
|
@ -115,7 +115,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '1' "$#" 'USER [FORMAT]'
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -15,14 +15,9 @@ format=${1-shell}
|
|||
# JSON list function
|
||||
json_list() {
|
||||
echo '{'
|
||||
object_count=$(grep '@' /etc/passwd |wc -l)
|
||||
i=1
|
||||
while read USER; do
|
||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
||||
continue;
|
||||
fi
|
||||
if [ $i -gt 1 ]; then
|
||||
echo ","
|
||||
fi
|
||||
source $VESTA/data/users/$USER/user.conf
|
||||
echo -n ' "'$USER'": {
|
||||
"FNAME": "'$FNAME'",
|
||||
|
|
@ -79,8 +74,14 @@ json_list() {
|
|||
"TIME": "'$TIME'",
|
||||
"DATE": "'$DATE'"
|
||||
}'
|
||||
if [ "$i" -lt "$object_count" ]; then
|
||||
echo ','
|
||||
else
|
||||
echo
|
||||
fi
|
||||
((i++))
|
||||
done < <(grep '@' /etc/passwd |cut -f1 -d:)
|
||||
|
||||
echo '}'
|
||||
}
|
||||
|
||||
|
|
@ -89,9 +90,6 @@ shell_list() {
|
|||
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
|
||||
echo "---- --- --- --- --- -- ---- -- ---- ----"
|
||||
while read USER; do
|
||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
||||
continue;
|
||||
fi
|
||||
source $VESTA/data/users/$USER/user.conf
|
||||
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
|
||||
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
|
||||
|
|
@ -101,9 +99,6 @@ shell_list() {
|
|||
# PLAIN list function
|
||||
plain_list() {
|
||||
while read USER; do
|
||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
||||
continue;
|
||||
fi
|
||||
source $VESTA/data/users/$USER/user.conf
|
||||
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
|
||||
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||
|
|
@ -136,9 +131,6 @@ csv_list() {
|
|||
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
|
||||
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
|
||||
while read USER; do
|
||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
||||
continue;
|
||||
fi
|
||||
source $VESTA/data/users/$USER/user.conf
|
||||
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
|
||||
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||
|
|
@ -159,9 +151,6 @@ csv_list() {
|
|||
# Raw list function
|
||||
raw_list() {
|
||||
while read USER; do
|
||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
||||
continue;
|
||||
fi
|
||||
echo $VESTA/data/users/$USER/user.conf
|
||||
cat $VESTA/data/users/$USER/user.conf
|
||||
done < <(grep '@' /etc/passwd |cut -f1 -d:)
|
||||
|
|
|
|||
|
|
@ -110,7 +110,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ source $VESTA/func/main.sh
|
|||
|
||||
# JSON list function
|
||||
json_list() {
|
||||
issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
|
||||
echo '{'
|
||||
echo -e "\t\"$domain\": {"
|
||||
echo " \"CRT\": \"$crt\","
|
||||
|
|
@ -98,7 +97,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||
|
||||
|
|
@ -112,7 +110,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
|
|||
crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
|
||||
|
||||
info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
|
||||
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \")
|
||||
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
|
||||
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
|
||||
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
|
||||
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
|
||||
|
|
|
|||
|
|
@ -100,7 +100,6 @@ csv_list() {
|
|||
#----------------------------------------------------------#
|
||||
|
||||
check_args '1' "$#" 'USER [FORMAT]'
|
||||
is_format_valid 'user'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -35,11 +35,6 @@ if [ ! -z "$src_file" ]; then
|
|||
echo "Error: invalid source path $src_file"
|
||||
exit 2
|
||||
fi
|
||||
spath=$(echo "$rpath" |egrep "/etc|/var/lib")
|
||||
if [ -z "$spath" ]; then
|
||||
echo "Error: invalid source path $src_file"
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
|
||||
# Reading conf
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user"
|
|||
#----------------------------------------------------------#
|
||||
|
||||
# Deleting old web configs
|
||||
sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
|
||||
sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
|
||||
if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then
|
||||
rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf
|
||||
fi
|
||||
|
|
@ -47,7 +47,7 @@ fi
|
|||
|
||||
# Deleting old proxy configs
|
||||
if [ ! -z "$PROXY_SYSTEM" ]; then
|
||||
sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
|
||||
sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
|
||||
|
||||
if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then
|
||||
rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf
|
||||
|
|
|
|||
|
|
@ -50,13 +50,7 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
|
|||
fi
|
||||
|
||||
# Restart system
|
||||
if [ ! -f "/etc/debian_version" ]; then
|
||||
service $PROXY_SYSTEM restart >/dev/null 2>&1
|
||||
else
|
||||
systemctl reset-failed $PROXY_SYSTEM
|
||||
systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
|
||||
fi
|
||||
|
||||
service $PROXY_SYSTEM restart >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
send_email_report
|
||||
check_result $E_RESTART "$PROXY_SYSTEM restart failed"
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ if [ -z "$WEB_BACKEND" ] || [ "$WEB_BACKEND" = 'remote' ]; then
|
|||
fi
|
||||
|
||||
# Restart system
|
||||
php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d / |head -n 1)
|
||||
php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d /)
|
||||
if [ -z "$php_fpm" ]; then
|
||||
service $WEB_BACKEND restart >/dev/null 2>&1
|
||||
else
|
||||
|
|
|
|||
|
|
@ -56,7 +56,6 @@ ftpc() {
|
|||
quote USER $USERNAME
|
||||
quote PASS $PASSWORD
|
||||
binary
|
||||
lcd $BACKUP
|
||||
$1
|
||||
$2
|
||||
$3
|
||||
|
|
@ -230,12 +229,8 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
|
|||
(( ++i))
|
||||
done
|
||||
|
||||
if [ -z "$BACKUP_TEMP" ]; then
|
||||
BACKUP_TEMP=$BACKUP
|
||||
fi
|
||||
|
||||
# Creating temporary directory
|
||||
tmpdir=$(mktemp -p $BACKUP_TEMP -d)
|
||||
tmpdir=$(mktemp -p /tmp -d)
|
||||
if [ "$?" -ne 0 ]; then
|
||||
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
|
||||
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
|
||||
|
|
@ -290,7 +285,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
|
|||
if [ -z "$web" ] || [ "$web" = '*' ]; then
|
||||
domains="$backup_domains"
|
||||
else
|
||||
echo "$web" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
|
||||
echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
|
||||
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
||||
fi
|
||||
|
||||
|
|
@ -378,10 +373,8 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
|
|||
|
||||
# Copying ssl certificates
|
||||
if [ "$SSL" = 'yes' ]; then
|
||||
certificates=$(ls $tmpdir/web/$domain/conf| grep ssl)
|
||||
certificates=$(echo "$certificates" |grep $domain)
|
||||
for crt in $certificates; do
|
||||
crt=$(echo $crt|sed -e "s/ssl.//")
|
||||
for crt in $(ls $tmpdir/web/$domain/conf |grep ssl); do
|
||||
crt=$(echo "$crt" |sed "s/ssl.//")
|
||||
cp -f $tmpdir/web/$domain/conf/ssl.$crt $USER_DATA/ssl/$crt
|
||||
done
|
||||
fi
|
||||
|
|
@ -407,21 +400,15 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
|
|||
fi
|
||||
|
||||
# Restoring web domain data
|
||||
chown $user $tmpdir
|
||||
chmod u+w $HOMEDIR/$user/web/$domain
|
||||
sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
|
||||
-C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
|
||||
2> $HOMEDIR/$user/web/$domain/restore_errors.log
|
||||
if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
|
||||
chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
|
||||
tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
|
||||
-C $HOMEDIR/$user/web/$domain/
|
||||
if [ "$?" -ne 0 ]; then
|
||||
rm -rf $tmpdir
|
||||
error="can't unpack $domain data tarball"
|
||||
echo "$error" |$SENDMAIL -s "$subj" $email $notify
|
||||
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
|
||||
check_result "$E_PARSING" "$error"
|
||||
fi
|
||||
#if [ "$?" -ne 0 ]; then
|
||||
# rm -rf $tmpdir
|
||||
# error="can't unpack $domain data tarball"
|
||||
# echo "$error" |$SENDMAIL -s "$subj" $email $notify
|
||||
# sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
|
||||
# check_result "$E_PARSING" "$error"
|
||||
#fi
|
||||
|
||||
# Applying Fix for tar < 1.24
|
||||
find $HOMEDIR/$user/web/$domain -type d \
|
||||
|
|
@ -459,7 +446,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
|
|||
if [ -z "$dns" ] || [ "$dns" = '*' ]; then
|
||||
domains="$backup_domains"
|
||||
else
|
||||
echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
|
||||
echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
|
||||
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
||||
fi
|
||||
|
||||
|
|
@ -539,7 +526,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
|
|||
if [ -z "$mail" ] || [ "$mail" = '*' ]; then
|
||||
domains="$backup_domains"
|
||||
else
|
||||
echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
|
||||
echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
|
||||
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
||||
fi
|
||||
|
||||
|
|
@ -593,15 +580,13 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
|
|||
|
||||
# Rebuilding mail config
|
||||
rebuild_mail_domain_conf
|
||||
|
||||
|
||||
domain_idn=$domain
|
||||
format_domain_idn
|
||||
|
||||
# Restoring emails
|
||||
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
|
||||
chown $user $tmpdir
|
||||
chmod u+w $HOMEDIR/$user/mail/$domain_idn
|
||||
sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
|
||||
tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
|
||||
-C $HOMEDIR/$user/mail/$domain_idn/
|
||||
if [ "$?" -ne 0 ]; then
|
||||
rm -rf $tmpdir
|
||||
|
|
@ -636,7 +621,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
|
|||
if [ -z "$db" ] || [ "$db" = '*' ]; then
|
||||
databases="$backup_databases"
|
||||
else
|
||||
echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt
|
||||
echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
|
||||
databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -23,19 +23,6 @@ udir=$8
|
|||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
# Check backup ownership function
|
||||
is_backup_available() {
|
||||
passed=false
|
||||
if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
|
||||
passed=true
|
||||
elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
|
||||
passed=true
|
||||
fi
|
||||
|
||||
if [ $passed = false ]; then
|
||||
check_result $E_FORBIDEN "permission denied"
|
||||
fi
|
||||
}
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
|
|
@ -47,7 +34,6 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
|
|||
is_object_valid 'user' 'USER' "$user"
|
||||
is_backup_enabled
|
||||
is_backup_scheduled 'restore'
|
||||
is_backup_available "$user" "$backup"
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
|
|
|
|||
|
|
@ -84,22 +84,6 @@ OLD_IFS=$IFS
|
|||
IFS=$'\n'
|
||||
|
||||
# User loop
|
||||
search_user=$(ls -1 $VESTA/data/users |grep $object)
|
||||
for user in $search_user; do
|
||||
if [ -e "$VESTA/data/users/$user/user.conf" ]; then
|
||||
source $VESTA/data/users/$user/user.conf
|
||||
((i ++))
|
||||
type=$(echo $type|cut -f1 -d \.)
|
||||
str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
|
||||
str="$str RESULT='$user' ALIAS=''"
|
||||
str="$str LINK='$user' PARENT=''"
|
||||
str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
|
||||
str="$str DATE='$DATE'"
|
||||
echo $str >> $conf
|
||||
fi
|
||||
done
|
||||
|
||||
# User data loop
|
||||
for user in $(ls $VESTA/data/users/); do
|
||||
# Search query
|
||||
search=$(grep "$object" \
|
||||
|
|
@ -110,7 +94,7 @@ for user in $(ls $VESTA/data/users/); do
|
|||
$VESTA/data/users/$user/mail/*.conf \
|
||||
$VESTA/data/users/$user/db.conf \
|
||||
$VESTA/data/users/$user/cron.conf 2> /dev/null)
|
||||
|
||||
|
||||
for row in $search; do
|
||||
# Initialise variable
|
||||
key=''
|
||||
|
|
@ -170,13 +154,12 @@ for user in $(ls $VESTA/data/users/); do
|
|||
|
||||
# DNS Records
|
||||
if [ "$type" = 'dns' ]; then
|
||||
if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then
|
||||
dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
|
||||
if [ -n "$(echo $RECORD |grep $object)" ]; then
|
||||
key="RECORD"
|
||||
result="$RECORD.$dom"
|
||||
result="$RECORD.$DOMAIN"
|
||||
suspended=$SUSPENDED
|
||||
object_link=$ID
|
||||
object_parent=$dom
|
||||
object_parent=$DOMAIN
|
||||
object_time=$TIME
|
||||
object_date=$DATE
|
||||
((i ++))
|
||||
|
|
|
|||
|
|
@ -1,93 +0,0 @@
|
|||
#!/bin/bash
|
||||
# info: search ssl certificates
|
||||
# options: [FORMAT]
|
||||
#
|
||||
# The function to obtain the list of available ssl certificates.
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
format=${1-shell}
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
|
||||
# JSON list function
|
||||
json_list() {
|
||||
IFS=$'\n'
|
||||
objects=$(echo "$search_cmd" |wc -l)
|
||||
i=1
|
||||
echo '['
|
||||
for str in $search_cmd; do
|
||||
eval $str
|
||||
if [ "$i" -lt "$objects" ]; then
|
||||
echo -e "\t\"$USER:$DOMAIN\","
|
||||
else
|
||||
echo -e "\t\"$USER:$DOMAIN\""
|
||||
fi
|
||||
(( ++i))
|
||||
done
|
||||
echo "]"
|
||||
}
|
||||
|
||||
# SHELL list function
|
||||
shell_list() {
|
||||
IFS=$'\n'
|
||||
echo "USER DOMAIN"
|
||||
echo "---- ------"
|
||||
for str in $search_cmd; do
|
||||
eval $str
|
||||
echo "$USER $DOMAIN"
|
||||
done
|
||||
}
|
||||
|
||||
# PLAIN list function
|
||||
plain_list() {
|
||||
IFS=$'\n'
|
||||
for str in $search_cmd; do
|
||||
eval $str
|
||||
echo -e "$USER\t$DOMAIN"
|
||||
done
|
||||
}
|
||||
|
||||
# CSV list function
|
||||
csv_list() {
|
||||
IFS=$'\n'
|
||||
echo "USER,DOMAIN"
|
||||
for str in $search_cmd; do
|
||||
eval $str
|
||||
echo "$USER,$DOMAIN"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
|
||||
cut -f 1 -d ' ' |\
|
||||
sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
|
||||
|
||||
# Listing data
|
||||
case $format in
|
||||
json) json_list ;;
|
||||
plain) plain_list ;;
|
||||
csv) csv_list ;;
|
||||
shell) shell_list |column -t ;;
|
||||
esac
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
exit
|
||||
110
bin/v-sign-letsencrypt-csr
Executable file
110
bin/v-sign-letsencrypt-csr
Executable file
|
|
@ -0,0 +1,110 @@
|
|||
#!/bin/bash
|
||||
# info: sing letsencrypt csr
|
||||
# options: USER DOMAIN CSR_DIR [FORMAT]
|
||||
#
|
||||
# The function signs certificate request using LetsEncript API
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Argument definition
|
||||
user=$1
|
||||
domain=$2
|
||||
csr="$3/$domain.csr"
|
||||
format=$4
|
||||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
# encode base64
|
||||
encode_base64() {
|
||||
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
||||
}
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '3' "$#" 'USER DOMAIN CSR'
|
||||
is_format_valid 'user' 'domain'
|
||||
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||
is_object_valid 'user' 'USER' "$user"
|
||||
is_object_unsuspended 'user' 'USER' "$user"
|
||||
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
||||
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
|
||||
fi
|
||||
check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
|
||||
if [ -z "$check_domain" ]; then
|
||||
check_result $E_NOTEXIST "domain $domain doesn't exist"
|
||||
fi
|
||||
if [ ! -e "$csr" ]; then
|
||||
check_result $E_NOTEXIST "$csr doesn't exist"
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
source $USER_DATA/ssl/le.conf
|
||||
api='https://acme-v01.api.letsencrypt.org'
|
||||
key="$USER_DATA/ssl/user.key"
|
||||
exponent="$EXPONENT"
|
||||
modulus="$MODULUS"
|
||||
thumb="$THUMB"
|
||||
|
||||
# Defining JWK header
|
||||
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||
header='{"alg":"RS256","jwk":'"$header"'}'
|
||||
|
||||
# Requesting nonce
|
||||
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||
|
||||
# Defining ACME query (request challenge)
|
||||
csr=$(openssl req -in $csr -outform DER |encode_base64)
|
||||
query='{"resource":"new-cert","csr":"'$csr'"}'
|
||||
payload=$(echo -n "$query" |encode_base64)
|
||||
signature=$(printf "%s" "$protected.$payload" |\
|
||||
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||
|
||||
# Sending request to LetsEncrypt API
|
||||
answer=$(mktemp)
|
||||
curl -s -d "$data" "$api/acme/new-cert" -o $answer
|
||||
if [ ! -z "$(grep Error $answer)" ]; then
|
||||
detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
|
||||
detail=$(echo "$detail" |awk -F "::" '{print $2}')
|
||||
rm $answer
|
||||
check_result $E_LIMIT "$detail"
|
||||
fi
|
||||
|
||||
# Printing certificate
|
||||
crt=$(cat "$answer" |openssl base64 -e)
|
||||
rm $answer
|
||||
if [ "$format" != 'json' ]; then
|
||||
echo "-----BEGIN CERTIFICATE-----"
|
||||
echo "$crt"
|
||||
echo "-----END CERTIFICATE-----"
|
||||
else
|
||||
echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
|
||||
echo -n '-----BEGIN CERTIFICATE-----\n'
|
||||
echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
|
||||
echo -n '-----END CERTIFICATE-----'
|
||||
echo -e "\"\n\t\t}\n\t}"
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Logging
|
||||
log_event "$OK" "$ARGUMENTS"
|
||||
|
||||
exit
|
||||
|
|
@ -56,7 +56,7 @@ bash $tmp 2>/dev/null
|
|||
rm -f $tmp
|
||||
|
||||
# Saving rules to the master iptables file
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
/sbin/iptables-save > /etc/sysconfig/iptables
|
||||
if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
|
||||
/sbin/chkconfig iptables off
|
||||
|
|
|
|||
|
|
@ -41,16 +41,6 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain"
|
|||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Deleting system configs
|
||||
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
|
||||
if [ -e '/etc/named.conf' ]; then
|
||||
dns_conf='/etc/named.conf'
|
||||
else
|
||||
dns_conf='/etc/bind/named.conf'
|
||||
fi
|
||||
|
||||
sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf
|
||||
fi
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
|
|
|
|||
|
|
@ -40,21 +40,7 @@ is_object_suspended 'dns' 'DOMAIN' "$domain"
|
|||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Creating system configs
|
||||
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
|
||||
if [ -e '/etc/named.conf' ]; then
|
||||
dns_conf='/etc/named.conf'
|
||||
dns_group='named'
|
||||
else
|
||||
dns_conf='/etc/bind/named.conf'
|
||||
dns_group='bind'
|
||||
fi
|
||||
|
||||
# Adding zone in named.conf
|
||||
named="zone \"$domain_idn\" {type master; file"
|
||||
named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};"
|
||||
echo "$named" >> $dns_conf
|
||||
fi
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
|
|
|
|||
|
|
@ -48,9 +48,6 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
|
|||
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
|
||||
md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
|
||||
quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
|
||||
if [ "$quota" = 'unlimited' ]; then
|
||||
quota=0
|
||||
fi
|
||||
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
|
||||
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||
|
|
|
|||
|
|
@ -51,6 +51,11 @@ if [ $? -ne 0 ]; then
|
|||
conntrack_ftp='no'
|
||||
fi
|
||||
|
||||
# Checking custom OpenSSH port
|
||||
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
|
||||
if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then
|
||||
sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
|
||||
fi
|
||||
|
||||
# Creating temporary file
|
||||
tmp=$(mktemp)
|
||||
|
|
@ -152,7 +157,7 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then
|
|||
fi
|
||||
|
||||
# Saving rules to the master iptables file
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
/sbin/iptables-save > /etc/sysconfig/iptables
|
||||
if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then
|
||||
/sbin/chkconfig iptables on
|
||||
|
|
|
|||
|
|
@ -72,16 +72,11 @@ chown $exim_user:mail $VESTA/ssl/certificate.crt
|
|||
chown $exim_user:mail $VESTA/ssl/certificate.key
|
||||
|
||||
# Restart exim, dovecot & vesta
|
||||
$BIN/v-restart-mail
|
||||
if [ ! -z "$IMAP_SYSTEM" ]; then
|
||||
$BIN/v-restart-service "$IMAP_SYSTEM"
|
||||
fi
|
||||
if [ ! -z "$FTP_SYSTEM" ]; then
|
||||
$BIN/v-restart-service "$FTP_SYSTEM"
|
||||
fi
|
||||
if [ -f "/var/run/vesta-nginx.pid" ]; then
|
||||
kill -HUP $(cat /var/run/vesta-nginx.pid)
|
||||
fi
|
||||
v-restart-mail
|
||||
v-restart-service dovecot
|
||||
v-restart-service vesta
|
||||
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
|
|
|
|||
|
|
@ -22,63 +22,42 @@ source $VESTA/conf/vesta.conf
|
|||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
lecounter=0
|
||||
hostname=$(hostname)
|
||||
# Defining user list
|
||||
users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
|
||||
|
||||
echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
|
||||
|
||||
# Checking user certificates
|
||||
for user in $($BIN/v-list-users plain |cut -f 1); do
|
||||
# Checking users
|
||||
for user in $users; do
|
||||
USER_DATA=$VESTA/data/users/$user
|
||||
|
||||
# Checking user certificates
|
||||
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
|
||||
|
||||
limit_check=1
|
||||
fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
||||
|
||||
if [[ "$hostname" = "$domain" ]]; then
|
||||
if [[ "$fail_counter" -eq 7 ]]; then
|
||||
limit_check=0
|
||||
fi
|
||||
if [[ "$fail_counter" -eq 8 ]]; then
|
||||
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
||||
send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
|
||||
# echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
|
||||
echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
|
||||
continue;
|
||||
fi
|
||||
crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
|
||||
not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
|
||||
expiration=$(date -d "$not_after" +%s)
|
||||
crt="$VESTA/data/users/$user/ssl/$domain.crt"
|
||||
crt_data=$(openssl x509 -text -in "$crt")
|
||||
expire=$(echo "$crt_data" |grep "Not After")
|
||||
expire=$(echo "$expire" |cut -f 2,3,4 -d :)
|
||||
expire=$(date -d "$expire" +%s)
|
||||
now=$(date +%s)
|
||||
seconds_valid=$((expiration - now))
|
||||
days_valid=$((seconds_valid / 86400))
|
||||
if [[ "$days_valid" -lt 31 ]]; then
|
||||
if [ $lecounter -gt 0 ]; then
|
||||
sleep 120
|
||||
fi
|
||||
((lecounter++))
|
||||
expire=$((expire - now))
|
||||
expire=$((expire / 86400))
|
||||
domain=$(basename $crt |sed -e "s/.crt$//")
|
||||
if [[ "$expire" -lt 31 ]]; then
|
||||
aliases=$(echo "$crt_data" |grep DNS:)
|
||||
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
|
||||
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
|
||||
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
|
||||
aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
|
||||
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
|
||||
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
|
||||
if [ $? -ne 0 ]; then
|
||||
if [[ $msg == *"is suspended" ]]; then
|
||||
echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
|
||||
else
|
||||
echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
|
||||
aliases=$(echo "$aliases" |grep -v "^$domain$")
|
||||
if [ ! -z "$aliases" ]; then
|
||||
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
|
||||
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "$domain $msg"
|
||||
fi
|
||||
else
|
||||
msg==$($BIN/v-add-letsencrypt-domain $user $domain)
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "$domain $msg"
|
||||
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
||||
echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
|
||||
echo "fail_counter = $fail_counter"
|
||||
fi
|
||||
fi
|
||||
sleep 10
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
# info: update system ip
|
||||
# options: [NONE]
|
||||
# options: [USER] [IP_STATUS]
|
||||
#
|
||||
# The function scans configured ip in the system and register them with vesta
|
||||
# internal database. This call is intended for use on vps servers, where ip is
|
||||
|
|
@ -11,10 +11,12 @@
|
|||
# Variable&Function #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Importing system variables
|
||||
source /etc/profile
|
||||
# Argument definition
|
||||
user=${1-admin}
|
||||
ip_status=${2-shared}
|
||||
|
||||
# Includes
|
||||
source /etc/profile.d/vesta.sh
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/func/ip.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
|
@ -24,84 +26,87 @@ source $VESTA/conf/vesta.conf
|
|||
# Verifications #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
check_args '0' "$#" '[USER] [IP_STATUS]'
|
||||
is_format_valid 'user' 'ip_status'
|
||||
is_object_valid 'user' 'USER' "$user" "$user"
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
# Listing system ip addresses
|
||||
ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/)
|
||||
v_ips=$(ls $VESTA/data/ips/)
|
||||
ip_num=$(echo "$ips" |wc -l)
|
||||
v_ip_num=$(echo "$v_ips" |wc -l)
|
||||
# Get list of ip addresses
|
||||
ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}')
|
||||
ip_list=$(echo "$ip_list"|cut -f 1 -d /)
|
||||
ip_num=$(echo "$ip_list" | wc -l)
|
||||
|
||||
# Checking primary IP change
|
||||
if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
|
||||
if [ "$ips" != "$v_ips" ]; then
|
||||
new=$ips
|
||||
old=$v_ips
|
||||
fi
|
||||
fi
|
||||
# WorkAround for DHCP IP address
|
||||
vst_ip_list=$(ls $VESTA/data/ips/)
|
||||
vst_ip_num=$(echo "$vst_ip_list" | wc -l)
|
||||
|
||||
# Updating configs
|
||||
if [ ! -z "$old" ]; then
|
||||
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
|
||||
|
||||
# Updating PROXY
|
||||
if [ ! -z "$PROXY_SYSTEM" ]; then
|
||||
cd /etc/$PROXY_SYSTEM/conf.d
|
||||
if [ -e "$old.conf" ]; then
|
||||
mv $old.conf $new.conf
|
||||
sed -i "s/$old/$new/g" $new.conf
|
||||
if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then
|
||||
if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then
|
||||
new=$ip_list
|
||||
old=$vst_ip_list
|
||||
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
|
||||
if [ ! -z "$PROXY_SYSTEM" ]; then
|
||||
mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \
|
||||
/etc/$PROXY_SYSTEM/conf.d/$new.conf
|
||||
sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf
|
||||
fi
|
||||
fi
|
||||
if [ ! -z "$WEB_SYSTEM" ]; then
|
||||
mv /etc/$WEB_SYSTEM/conf.d/$old.conf \
|
||||
/etc/$WEB_SYSTEM/conf.d/$new.conf
|
||||
sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf
|
||||
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
|
||||
|
||||
# Updating WEB
|
||||
if [ ! -z "$WEB_SYSTEM" ]; then
|
||||
cd /etc/$WEB_SYSTEM/conf.d
|
||||
if [ -e "$old.conf" ]; then
|
||||
mv $old.conf $new.conf
|
||||
sed -i "s/$old/$new/g" $new.conf
|
||||
# Rebuild web domains
|
||||
for user in $(ls $VESTA/data/users/); do
|
||||
$BIN/v-rebuild-web-domains $user no
|
||||
done
|
||||
fi
|
||||
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
|
||||
for user in $(ls $VESTA/data/users/); do
|
||||
$BIN/v-rebuild-web-domains $user no
|
||||
done
|
||||
$BIN/v-restart-proxy
|
||||
if [ ! -z "$FTP_SYSTEM" ];then
|
||||
ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
|
||||
sed -i "s/$old/$new/g" $ftpd_conf_file
|
||||
fi
|
||||
|
||||
# Restarting web server
|
||||
$BIN/v-restart-web
|
||||
fi
|
||||
|
||||
# Updating DNS
|
||||
if [ ! -z "$DNS_SYSTEM" ]; then
|
||||
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf
|
||||
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf
|
||||
for user in $(ls $VESTA/data/users/); do
|
||||
$BIN/v-rebuild-dns-domains $user no
|
||||
done
|
||||
$BIN/v-restart-dns
|
||||
fi
|
||||
# Restarting ftp server
|
||||
$BIN/v-restart-ftp
|
||||
|
||||
# Updating FTP
|
||||
if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then
|
||||
conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
|
||||
if [ ! -z "$conf" ]; then
|
||||
sed -i "s/$old/$new/g" $conf
|
||||
$BIN/v-restart-ftp
|
||||
# Restarting proxy server
|
||||
if [ ! -z "$PROXY_SYSTEM" ]; then
|
||||
$BIN/v-restart-proxy
|
||||
fi
|
||||
fi
|
||||
|
||||
# Updating firewall
|
||||
if [ ! -z "$FIREWALL_SYSTEM" ]; then
|
||||
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
|
||||
$BIN/v-update-firewall
|
||||
# Restarting firewall
|
||||
if [ ! -z "$FIREWALL_SYSTEM" ]; then
|
||||
$BIN/v-update-firewall
|
||||
fi
|
||||
|
||||
if [ ! -z "$DNS_SYSTEM" ]; then
|
||||
# Rebuild dns domains
|
||||
for user in $(ls $VESTA/data/users/); do
|
||||
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf
|
||||
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf
|
||||
$BIN/v-rebuild-dns-domains $user no
|
||||
done
|
||||
$BIN/v-restart-dns
|
||||
check_result $? "dns restart failed" >/dev/null
|
||||
fi
|
||||
|
||||
# No further comparation is needed
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
|
||||
# Adding system IP
|
||||
for ip in $ips; do
|
||||
# Compare ips
|
||||
for ip in $ip_list; do
|
||||
check_ifconfig=$(/sbin/ifconfig |grep "$ip")
|
||||
if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then
|
||||
interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq)
|
||||
interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq)
|
||||
interface=$(echo "$interface" |cut -f 1 -d : |head -n 1)
|
||||
netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ )
|
||||
netmask=$(convert_cidr $netmask)
|
||||
|
|
@ -109,15 +114,6 @@ for ip in $ips; do
|
|||
fi
|
||||
done
|
||||
|
||||
# Updating NAT
|
||||
pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
|
||||
if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then
|
||||
if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then
|
||||
ip=$(ls -t $VESTA/data/ips/ |head -n1)
|
||||
$BIN/v-change-sys-ip-nat $ip $pub_ip
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Vesta #
|
||||
|
|
|
|||
|
|
@ -61,13 +61,13 @@ fi
|
|||
# Parsing data
|
||||
if [ "$period" = 'daily' ]; then
|
||||
mem=$(free -m)
|
||||
used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}')
|
||||
used=$(echo "$mem" |grep Mem |awk '{print $3}')
|
||||
if [ -z "$(echo "$mem" | grep available)" ]; then
|
||||
free=$(echo "$mem" |grep buff/cache |awk '{print $4}')
|
||||
free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
|
||||
else
|
||||
free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}')
|
||||
free=$(echo "$mem" |grep Mem |awk '{print $7}')
|
||||
fi
|
||||
swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}')
|
||||
swap=$(echo "$mem" |grep Swap |awk '{print $3}')
|
||||
|
||||
# Updating rrd
|
||||
rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ period=${1-daily}
|
|||
|
||||
# Includes
|
||||
source $VESTA/func/main.sh
|
||||
source $VESTA/func/db.sh
|
||||
source $VESTA/conf/vesta.conf
|
||||
|
||||
|
||||
|
|
@ -67,10 +66,23 @@ for host in $hosts; do
|
|||
fi
|
||||
|
||||
if [ "$period" = 'daily' ]; then
|
||||
mysql_connect $host
|
||||
query='SHOW GLOBAL STATUS'
|
||||
status=$(mysql_query "$query" 2>/dev/null)
|
||||
if [ $? -ne 0 ]; then
|
||||
# Defining host credentials
|
||||
host_str=$(grep "HOST='$host'" $conf)
|
||||
for key in $host_str; do
|
||||
eval ${key%%=*}=${key#*=}
|
||||
done
|
||||
sql="mysql -h $HOST -u $USER -p$PASSWORD -e"
|
||||
|
||||
# Checking empty vars
|
||||
if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ]; then
|
||||
echo "Error: config is broken"
|
||||
log_event "$E_PARSING" "$ARGUMENTS"
|
||||
exit $E_PARSING
|
||||
fi
|
||||
|
||||
# Parsing data
|
||||
status=$($sql "SHOW GLOBAL STATUS" 2>/dev/null); code="$?"
|
||||
if [ '0' -ne "$code" ]; then
|
||||
active=0
|
||||
slow=0
|
||||
else
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ for host in $hosts; do
|
|||
# Parsing data
|
||||
q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
|
||||
FROM pg_stat_database;'
|
||||
status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
|
||||
status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?"
|
||||
if [ '0' -ne "$code" ]; then
|
||||
active=0
|
||||
slow=0
|
||||
|
|
|
|||
|
|
@ -28,32 +28,12 @@ source $VESTA/conf/vesta.conf
|
|||
# Checking arg number
|
||||
check_args '1' "$#" 'PACKAGE'
|
||||
|
||||
valid=0
|
||||
if [ "$package" = "vesta" ]; then
|
||||
valid=1
|
||||
fi
|
||||
if [ "$package" = "vesta-nginx" ]; then
|
||||
valid=1
|
||||
fi
|
||||
if [ "$package" = "vesta-php" ]; then
|
||||
valid=1
|
||||
fi
|
||||
if [ "$package" = "vesta-ioncube" ]; then
|
||||
valid=1
|
||||
fi
|
||||
if [ "$package" = "vesta-softaculous" ]; then
|
||||
valid=1
|
||||
fi
|
||||
if [ $valid -eq 0 ]; then
|
||||
echo "Package $package is not valid"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#----------------------------------------------------------#
|
||||
# Action #
|
||||
#----------------------------------------------------------#
|
||||
|
||||
if [ -n "$(command -v yum)" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
# Clean yum chache
|
||||
yum -q clean all
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ for user in $user_list; do
|
|||
IP_OWNED=0
|
||||
U_USERS=0
|
||||
U_DISK=0
|
||||
DISK=0
|
||||
U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
|
||||
if [ -z "$U_DISK_DIRS" ]; then
|
||||
U_DISK_DIRS=0
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user"
|
|||
# Updating disk quota
|
||||
# Had quota equals package value. Soft quota equals 90% of package value for warnings.
|
||||
quota=$(get_user_value '$DISK_QUOTA')
|
||||
soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
|
||||
soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .)
|
||||
hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
|
||||
|
||||
# Searching home mount point
|
||||
|
|
|
|||
|
|
@ -67,9 +67,6 @@ TOTAL_USERS=0
|
|||
|
||||
# Updating user stats
|
||||
for user in $user_list; do
|
||||
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
|
||||
continue;
|
||||
fi
|
||||
USER_DATA=$VESTA/data/users/$user
|
||||
source $USER_DATA/user.conf
|
||||
next_month=$(date +'%m/01/%y' -d '+ 1 month')
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ build_webalizer() {
|
|||
}
|
||||
|
||||
build_awstats() {
|
||||
if [ -d "/etc/sysconfig" ]; then
|
||||
if [ -e "/etc/redhat-release" ]; then
|
||||
awstats="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl"
|
||||
wwwroot="/usr/share/awstats/wwwroot"
|
||||
if [ ! -e "$awstats" ]; then
|
||||
|
|
|
|||
|
|
@ -33,11 +33,7 @@ esac
|
|||
|
||||
# Detecting release
|
||||
if [ "$version" = 'rhel' ]; then
|
||||
if [ -e '/etc/redhat-release' ]; then
|
||||
release=$(grep -o "[0-9]" /etc/redhat-release |head -n1)
|
||||
else
|
||||
release=6
|
||||
fi
|
||||
release=$(grep -o "[0-9]" /etc/redhat-release |head -n1)
|
||||
fi
|
||||
if [ "$version" = 'ubuntu' ]; then
|
||||
release=$(lsb_release -r |awk '{print $2}')
|
||||
|
|
|
|||
21
func/db.sh
21
func/db.sh
|
|
@ -38,31 +38,23 @@ mysql_connect() {
|
|||
exit $E_CONNECT
|
||||
fi
|
||||
mysql_ver=$(cat $mysql_out |tail -n1 |cut -f 1 -d -)
|
||||
mysql_fork="mysql"
|
||||
check_mysql_fork=$(grep "MariaDB" $mysql_out)
|
||||
if [ ! -z "$check_mysql_fork" ]; then
|
||||
mysql_fork="mariadb"
|
||||
fi
|
||||
rm -f $mysql_out
|
||||
}
|
||||
|
||||
mysql_query() {
|
||||
sql_tmp=$(mktemp)
|
||||
echo "$1" > $sql_tmp
|
||||
mysql --defaults-file=$mycnf < "$sql_tmp" 2>/dev/null
|
||||
rm -f "$sql_tmp"
|
||||
mysql --defaults-file=$mycnf -e "$1" 2>/dev/null
|
||||
}
|
||||
|
||||
mysql_dump() {
|
||||
err="/tmp/e.mysql"
|
||||
mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
|
||||
mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err
|
||||
if [ '0' -ne "$?" ]; then
|
||||
rm -rf $tmpdir
|
||||
if [ "$notify" != 'no' ]; then
|
||||
echo -e "Can't dump database $database\n$(cat $err)" |\
|
||||
$SENDMAIL -s "$subj" $email
|
||||
fi
|
||||
echo "Error: dump $database failed\n$(cat $err)"
|
||||
echo "Error: dump $database failed"
|
||||
log_event "$E_DB" "$ARGUMENTS"
|
||||
exit $E_DB
|
||||
fi
|
||||
|
|
@ -92,10 +84,7 @@ psql_connect() {
|
|||
}
|
||||
|
||||
psql_query() {
|
||||
sql_tmp=$(mktemp)
|
||||
echo "$1" > $sql_tmp
|
||||
psql -h $HOST -U $USER -f "$sql_tmp" 2>/dev/null
|
||||
rm -f $sql_tmp
|
||||
psql -h $HOST -U $USER -c "$1" 2>/dev/null
|
||||
}
|
||||
|
||||
psql_dump() {
|
||||
|
|
@ -322,7 +311,7 @@ delete_pgsql_database() {
|
|||
psql_connect $HOST
|
||||
|
||||
query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
|
||||
psql_query "$query" > /dev/null
|
||||
psql_qyery "$query" > /dev/null
|
||||
|
||||
query="DROP DATABASE $database"
|
||||
psql_query "$query" > /dev/null
|
||||
|
|
|
|||
|
|
@ -215,11 +215,7 @@ add_web_config() {
|
|||
fi
|
||||
fi
|
||||
|
||||
trigger="${2/%.tpl/.sh}"
|
||||
if [[ "$2" =~ stpl$ ]]; then
|
||||
trigger="${2/%.stpl/.sh}"
|
||||
fi
|
||||
|
||||
trigger="${2/.*pl/.sh}"
|
||||
if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
|
||||
$WEBTPL/$1/$WEB_BACKEND/$trigger \
|
||||
$user $domain $local_ip $HOMEDIR \
|
||||
|
|
@ -273,7 +269,7 @@ replace_web_config() {
|
|||
fi
|
||||
}
|
||||
|
||||
# Delete web configuration
|
||||
# Delete web configuartion
|
||||
del_web_config() {
|
||||
conf="$HOMEDIR/$user/conf/web/$domain.$1.conf"
|
||||
if [[ "$2" =~ stpl$ ]]; then
|
||||
|
|
@ -289,16 +285,12 @@ del_web_config() {
|
|||
if [[ "$2" =~ stpl$ ]]; then
|
||||
conf="$HOMEDIR/$user/conf/web/s$1.conf"
|
||||
fi
|
||||
if [ -e "$conf" ]; then
|
||||
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
|
||||
sed -i "$top_line,$bottom_line d" $conf
|
||||
fi
|
||||
fi
|
||||
# clean-up for both config styles if there is no more domains
|
||||
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
|
||||
if [ "$web_domain" -eq '0' ]; then
|
||||
sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf
|
||||
if [ -f "$conf" ]; then
|
||||
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
|
||||
sed -i "$top_line,$bottom_line d" $conf
|
||||
|
||||
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
|
||||
if [ "$web_domain" -eq '0' ]; then
|
||||
sed -i "/.*\/$user\/.*$1.conf/d" /etc/$1/conf.d/vesta.conf
|
||||
rm -f $conf
|
||||
fi
|
||||
fi
|
||||
|
|
@ -343,7 +335,7 @@ is_web_domain_cert_valid() {
|
|||
check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
|
||||
fi
|
||||
|
||||
openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
|
||||
openssl s_server -quiet -cert $ssl_dir/$domain.crt \
|
||||
-key $ssl_dir/$domain.key >> /dev/null 2>&1 &
|
||||
pid=$!
|
||||
sleep 0.5
|
||||
|
|
@ -412,24 +404,6 @@ update_domain_zone() {
|
|||
VALUE=$(idn --quiet -a -t "$VALUE")
|
||||
fi
|
||||
|
||||
# Split long TXT entries into 255 chunks
|
||||
if [ "$TYPE" = 'TXT' ]; then
|
||||
txtlength=${#VALUE}
|
||||
if [ $txtlength -gt 255 ]; then
|
||||
already_chunked=0
|
||||
if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
|
||||
already_chunked=1
|
||||
fi
|
||||
if [ $already_chunked -eq 0 ]; then
|
||||
if [[ ${VALUE:0:1} = '"' ]]; then
|
||||
txtlength=$(( $txtlength - 2 ))
|
||||
VALUE=${VALUE:1:txtlength}
|
||||
fi
|
||||
VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$SUSPENDED" != 'yes' ]; then
|
||||
eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ get_ip_iface() {
|
|||
}
|
||||
|
||||
|
||||
# Check ip address specific value
|
||||
# Check ip address speciefic value
|
||||
is_ip_key_empty() {
|
||||
key="$1"
|
||||
string=$(cat $VESTA/data/ips/$ip)
|
||||
|
|
@ -141,7 +141,7 @@ get_real_ip() {
|
|||
else
|
||||
nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
|
||||
if [ ! -z "$nat" ]; then
|
||||
echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
|
||||
echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
176
func/main.sh
176
func/main.sh
|
|
@ -35,7 +35,6 @@ E_DB=17
|
|||
E_RRD=18
|
||||
E_UPDATE=19
|
||||
E_RESTART=20
|
||||
E_TEAPOT=418
|
||||
|
||||
# Event string for logger
|
||||
for ((I=1; I <= $# ; I++)); do
|
||||
|
|
@ -213,8 +212,7 @@ is_object_new() {
|
|||
# Check if object is valid
|
||||
is_object_valid() {
|
||||
if [ $2 = 'USER' ]; then
|
||||
user_vst_dir=$(basename $3)
|
||||
if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
|
||||
if [ ! -d "$VESTA/data/users/$3" ]; then
|
||||
check_result $E_NOTEXIST "$1 $3 doesn't exist"
|
||||
fi
|
||||
else
|
||||
|
|
@ -275,41 +273,11 @@ is_object_value_exist() {
|
|||
is_password_valid() {
|
||||
if [[ "$password" =~ ^/tmp/ ]]; then
|
||||
if [ -f "$password" ]; then
|
||||
password="$(head -n1 $password)"
|
||||
password=$(head -n1 $password)
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if hash is transmitted via file
|
||||
is_hash_valid() {
|
||||
if [[ "$hash" =~ ^/tmp/ ]]; then
|
||||
if [ -f "$hash" ]; then
|
||||
hash="$(head -n1 $hash)"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if directory is a symlink
|
||||
is_dir_symlink() {
|
||||
if [[ -L "$1" ]]; then
|
||||
check_result $E_FORBIDEN "$1 directory is a symlink"
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if file exists
|
||||
if_file_exists() {
|
||||
if [[ -f "$1" ]]; then
|
||||
check_result $E_FORBIDEN "$1 file exists"
|
||||
fi
|
||||
}
|
||||
|
||||
# Check if directory exists
|
||||
if_dir_exists() {
|
||||
if [[ -d "$1" ]]; then
|
||||
check_result $E_FORBIDEN "$1 directory exists"
|
||||
fi
|
||||
}
|
||||
|
||||
# Get object value
|
||||
get_object_value() {
|
||||
object=$(grep "$2='$3'" $USER_DATA/$1.conf)
|
||||
|
|
@ -548,7 +516,7 @@ is_user_format_valid() {
|
|||
is_domain_format_valid() {
|
||||
object_name=${2-domain}
|
||||
exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]"
|
||||
if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then
|
||||
if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then
|
||||
check_result $E_INVALID "invalid $object_name format :: $1"
|
||||
fi
|
||||
}
|
||||
|
|
@ -666,8 +634,8 @@ is_date_format_valid() {
|
|||
is_dbuser_format_valid() {
|
||||
exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|/|\|\"|'|;|%|\`| ]"
|
||||
if [ 17 -le ${#1} ]; then
|
||||
check_result $E_INVALID "mysql username can be up to 16 characters long"
|
||||
fi
|
||||
check_result $E_INVALID "mysql username can be up to 16 characters long"
|
||||
fi
|
||||
if [[ "$1" =~ $exclude ]]; then
|
||||
check_result $E_INVALID "invalid $2 format :: $1"
|
||||
fi
|
||||
|
|
@ -675,7 +643,7 @@ is_dbuser_format_valid() {
|
|||
|
||||
# DNS record type validator
|
||||
is_dns_type_format_valid() {
|
||||
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
|
||||
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA'
|
||||
if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
|
||||
check_result $E_INVALID "invalid dns record type format :: $1"
|
||||
fi
|
||||
|
|
@ -755,12 +723,8 @@ is_ip_status_format_valid() {
|
|||
|
||||
# Cron validator
|
||||
is_cron_format_valid() {
|
||||
limit=59
|
||||
limit=60
|
||||
check_format=''
|
||||
if [ "$2" = 'hour' ]; then
|
||||
limit=23
|
||||
fi
|
||||
|
||||
if [ "$2" = 'day' ]; then
|
||||
limit=31
|
||||
fi
|
||||
|
|
@ -789,13 +753,9 @@ is_cron_format_valid() {
|
|||
fi
|
||||
done
|
||||
fi
|
||||
crn_values=$(echo $1 |tr "," " " | tr "-" " ")
|
||||
for crn_vl in $crn_values
|
||||
do
|
||||
if [[ "$crn_vl" =~ ^[0-9]+$ ]] && [ "$crn_vl" -le $limit ]; then
|
||||
check_format='ok'
|
||||
fi
|
||||
done
|
||||
if [[ "$1" =~ ^[0-9]+$ ]] && [ "$1" -le $limit ]; then
|
||||
check_format='ok'
|
||||
fi
|
||||
if [ "$check_format" != 'ok' ]; then
|
||||
check_result $E_INVALID "invalid $2 format :: $1"
|
||||
fi
|
||||
|
|
@ -810,7 +770,7 @@ is_name_format_valid() {
|
|||
|
||||
# Object validator
|
||||
is_object_format_valid() {
|
||||
if ! [[ "$1" =~ ^[[:alnum:]][-|\.|_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then
|
||||
if ! [[ "$1" =~ ^[[:alnum:]][-|\.|_[:alnum:]]{0,28}[[:alnum:]]$ ]]; then
|
||||
check_result $E_INVALID "invalid $2 format :: $1"
|
||||
fi
|
||||
}
|
||||
|
|
@ -821,32 +781,6 @@ is_password_format_valid() {
|
|||
check_result $E_INVALID "invalid password format :: $1"
|
||||
fi
|
||||
}
|
||||
# Missing function -
|
||||
# Before: validate_format_shell
|
||||
# After: is_format_valid_shell
|
||||
is_format_valid_shell() {
|
||||
if [ -z "$(grep -w $1 /etc/shells)" ]; then
|
||||
echo "Error: shell $1 is not valid"
|
||||
log_event "$E_INVALID" "$EVENT"
|
||||
exit $E_INVALID
|
||||
fi
|
||||
}
|
||||
|
||||
format_no_quotes() {
|
||||
exclude="['|\"]"
|
||||
if [[ "$1" =~ $exclude ]]; then
|
||||
check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
|
||||
fi
|
||||
is_no_new_line_format "$1"
|
||||
}
|
||||
|
||||
is_no_new_line_format() {
|
||||
test=$(echo "$1" | head -n1 );
|
||||
if [[ "$test" != "$1" ]]; then
|
||||
check_result "$E_INVALID" "invalid value :: $1"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# Format validation controller
|
||||
is_format_valid() {
|
||||
|
|
@ -856,12 +790,11 @@ is_format_valid() {
|
|||
case $arg_name in
|
||||
account) is_user_format_valid "$arg" "$arg_name";;
|
||||
action) is_fw_action_format_valid "$arg";;
|
||||
alias) is_alias_format_valid "$arg" ;;
|
||||
aliases) is_alias_format_valid "$arg" ;;
|
||||
antispam) is_boolean_format_valid "$arg" 'antispam' ;;
|
||||
antivirus) is_boolean_format_valid "$arg" 'antivirus' ;;
|
||||
autoreply) is_autoreply_format_valid "$arg" ;;
|
||||
backup) is_object_format_valid "$arg" 'backup' ;;
|
||||
backup) is_user_format_valid "$arg" 'backup' ;;
|
||||
charset) is_object_format_valid "$arg" "$arg_name" ;;
|
||||
charsets) is_common_format_valid "$arg" 'charsets' ;;
|
||||
comment) is_object_format_valid "$arg" 'comment' ;;
|
||||
|
|
@ -882,7 +815,6 @@ is_format_valid() {
|
|||
host) is_object_format_valid "$arg" "$arg_name" ;;
|
||||
hour) is_cron_format_valid "$arg" $arg_name ;;
|
||||
id) is_int_format_valid "$arg" 'id' ;;
|
||||
interface) is_interface_format_valid "$arg" ;;
|
||||
ip) is_ip_format_valid "$arg" ;;
|
||||
ip_name) is_domain_format_valid "$arg" 'IP name';;
|
||||
ip_status) is_ip_status_format_valid "$arg" ;;
|
||||
|
|
@ -916,9 +848,7 @@ is_format_valid() {
|
|||
restart) is_boolean_format_valid "$arg" 'restart' ;;
|
||||
rtype) is_dns_type_format_valid "$arg" ;;
|
||||
rule) is_int_format_valid "$arg" "rule id" ;;
|
||||
soa) is_domain_format_valid "$arg" 'SOA' ;;
|
||||
#missing command: is_format_valid_shell
|
||||
shell) is_format_valid_shell "$arg" ;;
|
||||
soa) is_domain_format_valid "$arg" 'SOA' ;;
|
||||
stats_pass) is_password_format_valid "$arg" ;;
|
||||
stats_user) is_user_format_valid "$arg" "$arg_name" ;;
|
||||
template) is_object_format_valid "$arg" "$arg_name" ;;
|
||||
|
|
@ -968,85 +898,7 @@ format_aliases() {
|
|||
aliases=$(echo "$aliases" |tr -s '.')
|
||||
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
|
||||
aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
|
||||
aliases=$(echo "$aliases" |sed -e "/^$/d")
|
||||
aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d")
|
||||
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
|
||||
fi
|
||||
}
|
||||
|
||||
alter_web_counter() {
|
||||
user=$1
|
||||
domain=$2
|
||||
USER_DATA=$VESTA/data/users/$user
|
||||
|
||||
varc=$3
|
||||
vard="\$${varc}"
|
||||
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
|
||||
|
||||
if [ -z "$counter" ]; then
|
||||
add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
|
||||
counter=0
|
||||
fi
|
||||
|
||||
((counter++))
|
||||
backup_counter=$counter
|
||||
|
||||
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
|
||||
counter=$backup_counter
|
||||
|
||||
echo $counter
|
||||
}
|
||||
|
||||
reset_web_counter() {
|
||||
user=$1
|
||||
domain=$2
|
||||
USER_DATA=$VESTA/data/users/$user
|
||||
|
||||
varc=$3
|
||||
vard="\$${varc}"
|
||||
|
||||
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
|
||||
}
|
||||
|
||||
get_web_counter() {
|
||||
user=$1
|
||||
domain=$2
|
||||
USER_DATA=$VESTA/data/users/$user
|
||||
|
||||
varc=$3
|
||||
vard="\$${varc}"
|
||||
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
|
||||
|
||||
if [ -z "$counter" ]; then
|
||||
counter=0
|
||||
fi
|
||||
|
||||
echo $counter
|
||||
}
|
||||
|
||||
# Simple chmod wrapper that skips symlink files after glob expand
|
||||
# Taken from HestiaCP
|
||||
no_symlink_chmod() {
|
||||
local filemode=$1; shift;
|
||||
|
||||
for i in "$@"; do
|
||||
[[ -L ${i} ]] && continue
|
||||
|
||||
chmod "${filemode}" "${i}"
|
||||
done
|
||||
}
|
||||
|
||||
# $1 = subject
|
||||
# $2 = body
|
||||
send_email_to_admin() {
|
||||
email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
|
||||
email=$(echo "$email" | cut -f 2 -d "'")
|
||||
if [ -z "$email" ]; then
|
||||
if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
|
||||
email=$NOTIFY_ADMIN_FULL_BACKUP
|
||||
fi
|
||||
fi
|
||||
if [ -z "$email" ]; then
|
||||
return;
|
||||
fi
|
||||
echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ rebuild_user_conf() {
|
|||
mkdir -p $HOMEDIR/$user/conf
|
||||
chmod a+x $HOMEDIR/$user
|
||||
chmod a+x $HOMEDIR/$user/conf
|
||||
chown --no-dereference $user:$user $HOMEDIR/$user
|
||||
chown $user:$user $HOMEDIR/$user
|
||||
chown root:root $HOMEDIR/$user/conf
|
||||
|
||||
# Update disk pipe
|
||||
|
|
@ -71,16 +71,13 @@ rebuild_user_conf() {
|
|||
echo "$BIN/v-update-web-domains-disk $user" \
|
||||
>> $VESTA/data/queue/disk.pipe
|
||||
|
||||
if [[ -L "$HOMEDIR/$user/web" ]]; then
|
||||
rm $HOMEDIR/$user/web
|
||||
fi
|
||||
mkdir -p $HOMEDIR/$user/conf/web
|
||||
mkdir -p $HOMEDIR/$user/web
|
||||
mkdir -p $HOMEDIR/$user/tmp
|
||||
chmod 751 $HOMEDIR/$user/conf/web
|
||||
chmod 751 $HOMEDIR/$user/web
|
||||
chmod 771 $HOMEDIR/$user/tmp
|
||||
chown --no-dereference $user:$user $HOMEDIR/$user/web
|
||||
chown $user:$user $HOMEDIR/$user/web
|
||||
if [ -z "$create_user" ]; then
|
||||
$BIN/v-rebuild-web-domains $user $restart
|
||||
fi
|
||||
|
|
@ -108,9 +105,6 @@ rebuild_user_conf() {
|
|||
echo "$BIN/v-update-mail-domains-disk $user" \
|
||||
>> $VESTA/data/queue/disk.pipe
|
||||
|
||||
if [[ -L "$HOMEDIR/$user/mail" ]]; then
|
||||
rm $HOMEDIR/$user/mail
|
||||
fi
|
||||
mkdir -p $HOMEDIR/$user/conf/mail
|
||||
mkdir -p $HOMEDIR/$user/mail
|
||||
chmod 751 $HOMEDIR/$user/mail
|
||||
|
|
@ -152,7 +146,7 @@ rebuild_web_domain_conf() {
|
|||
prepare_web_domain_values
|
||||
|
||||
# Rebuilding domain directories
|
||||
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
|
||||
mkdir -p $HOMEDIR/$user/web/$domain \
|
||||
$HOMEDIR/$user/web/$domain/public_html \
|
||||
$HOMEDIR/$user/web/$domain/public_shtml \
|
||||
$HOMEDIR/$user/web/$domain/document_errors \
|
||||
|
|
@ -178,15 +172,14 @@ rebuild_web_domain_conf() {
|
|||
|
||||
# Propagating html skeleton
|
||||
if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
|
||||
sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
|
||||
$HOMEDIR/$user/web/$domain/
|
||||
cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/
|
||||
fi
|
||||
|
||||
# Set folder permissions
|
||||
no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
|
||||
chmod 551 $HOMEDIR/$user/web/$domain \
|
||||
$HOMEDIR/$user/web/$domain/stats \
|
||||
$HOMEDIR/$user/web/$domain/logs
|
||||
no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
|
||||
chmod 751 $HOMEDIR/$user/web/$domain/private \
|
||||
$HOMEDIR/$user/web/$domain/cgi-bin \
|
||||
$HOMEDIR/$user/web/$domain/public_html \
|
||||
$HOMEDIR/$user/web/$domain/public_shtml \
|
||||
|
|
@ -194,7 +187,7 @@ rebuild_web_domain_conf() {
|
|||
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
|
||||
|
||||
# Set ownership
|
||||
chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
|
||||
chown $user:$user $HOMEDIR/$user/web/$domain \
|
||||
$HOMEDIR/$user/web/$domain/private \
|
||||
$HOMEDIR/$user/web/$domain/cgi-bin \
|
||||
$HOMEDIR/$user/web/$domain/public_html \
|
||||
|
|
@ -542,30 +535,12 @@ rebuild_mail_domain_conf() {
|
|||
rebuild_mysql_database() {
|
||||
mysql_connect $HOST
|
||||
mysql_query "CREATE DATABASE \`$DB\` CHARACTER SET $CHARSET" >/dev/null
|
||||
if [ "$mysql_fork" = "mysql" ]; then
|
||||
# mysql
|
||||
if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then
|
||||
# mysql >= 5.7
|
||||
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
|
||||
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
|
||||
query="UPDATE mysql.user SET authentication_string='$MD5'"
|
||||
query="$query WHERE User='$DBUSER'"
|
||||
else
|
||||
# mysql < 5.7
|
||||
query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
|
||||
fi
|
||||
if [ "$(echo $mysql_ver |cut -d '.' -f2)" -ge 7 ]; then
|
||||
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" >/dev/null
|
||||
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" >/dev/null
|
||||
query="UPDATE mysql.user SET authentication_string='$MD5'"
|
||||
query="$query WHERE User='$DBUSER'"
|
||||
else
|
||||
# mariadb
|
||||
if [ "$(echo $mysql_ver |cut -d '.' -f1)" -eq 5 ]; then
|
||||
# mariadb = 5
|
||||
mysql_query "CREATE USER \`$DBUSER\`" > /dev/null
|
||||
mysql_query "CREATE USER \`$DBUSER\`@localhost" > /dev/null
|
||||
else
|
||||
# mariadb = 10
|
||||
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`" > /dev/null
|
||||
mysql_query "CREATE USER IF NOT EXISTS \`$DBUSER\`@localhost" > /dev/null
|
||||
fi
|
||||
# mariadb any version
|
||||
query="UPDATE mysql.user SET Password='$MD5' WHERE User='$DBUSER'"
|
||||
fi
|
||||
mysql_query "GRANT ALL ON \`$DB\`.* TO \`$DBUSER\`@\`%\`" >/dev/null
|
||||
|
|
@ -601,7 +576,7 @@ rebuild_pgsql_database() {
|
|||
exit $E_CONNECT
|
||||
fi
|
||||
|
||||
query="CREATE ROLE $DBUSER WITH LOGIN"
|
||||
query="CREATE ROLE $DBUSER"
|
||||
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
||||
|
||||
query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
|
||||
|
|
@ -618,7 +593,7 @@ rebuild_pgsql_database() {
|
|||
query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
|
||||
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
||||
|
||||
query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
|
||||
query="GRANT CONNECT ON DATABASE template1 to $dbuser"
|
||||
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -50,7 +50,6 @@ http {
|
|||
|
||||
# Compression
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 9;
|
||||
gzip_min_length 512;
|
||||
gzip_buffers 8 64k;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
location /phpmyadmin {
|
||||
alias /usr/share/phpmyadmin;
|
||||
alias /usr/share/phpmyadmin/;
|
||||
|
||||
location ~ /(libraries|setup) {
|
||||
return 404;
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue