mirror of
https://github.com/serghey-rodin/vesta.git
synced 2025-08-21 05:44:07 -07:00
Compare commits
1 commit
| Author | SHA1 | Date | |
|---|---|---|---|
|
1da7a9dd0c |
2060 changed files with 18295 additions and 108113 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -4,6 +4,3 @@
|
||||||
*.gz
|
*.gz
|
||||||
.vscode
|
.vscode
|
||||||
.DS_Store
|
.DS_Store
|
||||||
src/react/node_modules
|
|
||||||
src/react/build
|
|
||||||
/.idea
|
|
||||||
|
|
@ -1,8 +1,6 @@
|
||||||
[Vesta Control Panel](http://vestacp.com/)
|
[Vesta Control Panel](http://vestacp.com/)
|
||||||
==================================================
|
==================================================
|
||||||
|
|
||||||
Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
|
|
||||||
|
|
||||||
[](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
[](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||||
|
|
||||||
* Vesta is an open source hosting control panel.
|
* Vesta is an open source hosting control panel.
|
||||||
|
|
@ -18,7 +16,7 @@ ssh root@your.server
|
||||||
|
|
||||||
Download the installation script, and run it:
|
Download the installation script, and run it:
|
||||||
```bash
|
```bash
|
||||||
curl https://vestacp.com/pub/vst-install.sh | bash
|
curl http://vestacp.com/pub/vst-install.sh | bash
|
||||||
```
|
```
|
||||||
|
|
||||||
How to install (3 step)
|
How to install (3 step)
|
||||||
|
|
@ -31,7 +29,7 @@ ssh root@your.server
|
||||||
|
|
||||||
Download the installation script:
|
Download the installation script:
|
||||||
```bash
|
```bash
|
||||||
curl -O https://vestacp.com/pub/vst-install.sh
|
curl -O http://vestacp.com/pub/vst-install.sh
|
||||||
```
|
```
|
||||||
Then run it:
|
Then run it:
|
||||||
```bash
|
```bash
|
||||||
|
|
@ -40,5 +38,5 @@ bash vst-install.sh
|
||||||
|
|
||||||
License
|
License
|
||||||
----------------------------
|
----------------------------
|
||||||
Vesta is licensed under [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license
|
Vesta is licensed under [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +0,0 @@
|
||||||
# Security Policy
|
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
|
||||||
|
|
||||||
Please report security issues to dev@vestacp.com
|
|
||||||
|
|
@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
|
||||||
|
|
||||||
# Checking arg number
|
# Checking arg number
|
||||||
check_args '2' "$#" 'MODULE LICENSE'
|
check_args '2' "$#" 'MODULE LICENSE'
|
||||||
is_user_format_valid "$license" "license"
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Action #
|
# Action #
|
||||||
|
|
@ -35,7 +35,7 @@ is_user_format_valid "$license" "license"
|
||||||
|
|
||||||
# Activating license
|
# Activating license
|
||||||
v_host='https://vestacp.com/checkout'
|
v_host='https://vestacp.com/checkout'
|
||||||
answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module")
|
answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
|
||||||
check_result $? "cant' connect to vestacp.com " $E_CONNECT
|
check_result $? "cant' connect to vestacp.com " $E_CONNECT
|
||||||
|
|
||||||
# Checking server answer
|
# Checking server answer
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,8 @@ EOF
|
||||||
sftpc() {
|
sftpc() {
|
||||||
expect -f "-" <<EOF "$@"
|
expect -f "-" <<EOF "$@"
|
||||||
set count 0
|
set count 0
|
||||||
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
|
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
|
||||||
|
Port=$port $user@$host
|
||||||
expect {
|
expect {
|
||||||
"password:" {
|
"password:" {
|
||||||
send "$password\r"
|
send "$password\r"
|
||||||
|
|
@ -93,14 +94,12 @@ EOF
|
||||||
|
|
||||||
if [ "$type" != 'local' ];then
|
if [ "$type" != 'local' ];then
|
||||||
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
|
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
|
||||||
is_format_valid 'user' 'host' 'path' 'port'
|
is_format_valid 'host'
|
||||||
is_password_valid
|
is_password_valid
|
||||||
if [ "$type" = 'sftp' ]; then
|
if [ "$type" = 'sftp' ]; then
|
||||||
which expect >/dev/null 2>&1
|
which expect >/dev/null 2>&1
|
||||||
check_result $? "expect command not found" $E_NOTEXIST
|
check_result $? "expect command not found" $E_NOTEXIST
|
||||||
fi
|
fi
|
||||||
host "$host" >/dev/null 2>&1
|
|
||||||
check_result $? "host connection failed" "$E_CONNECT"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l)
|
||||||
# Adding second level domain
|
# Adding second level domain
|
||||||
if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
|
if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
|
||||||
$BIN/v-add-dns-domain \
|
$BIN/v-add-dns-domain \
|
||||||
$user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
|
$user $alias $ip '' '' '' '' '' $restart >> /dev/null
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Adding top-level domain and then its sub
|
# Adding top-level domain and then its sub
|
||||||
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
|
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null
|
||||||
|
|
||||||
# Checking top-level domain
|
# Checking top-level domain
|
||||||
if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then
|
if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then
|
||||||
|
|
|
||||||
|
|
@ -45,12 +45,10 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $rtype != "CAA" ]; then
|
dvalue=${dvalue//\"/}
|
||||||
dvalue=${dvalue//\"/}
|
|
||||||
|
|
||||||
if [[ "$dvalue" =~ [\;[:space:]] ]]; then
|
if [[ "$dvalue" =~ [\;[:space:]] ]]; then
|
||||||
dvalue='"'"$dvalue"'"'
|
dvalue='"'"$dvalue"'"'
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Additional argument formatting
|
# Additional argument formatting
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
|
||||||
iptables="/sbin/iptables"
|
iptables="/sbin/iptables"
|
||||||
|
|
||||||
# Get vesta port by reading nginx.conf
|
# Get vesta port by reading nginx.conf
|
||||||
vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
|
vestaport=$(grep 'listen' /usr/local/vesta/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
|
||||||
if [ -z "$vestaport" ]; then
|
if [ -z "$vestaport" ]; then
|
||||||
vestaport=8083
|
vestaport=8083
|
||||||
fi
|
fi
|
||||||
|
|
@ -47,13 +47,7 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
|
||||||
|
|
||||||
# Checking known chains
|
# Checking known chains
|
||||||
case $chain in
|
case $chain in
|
||||||
SSH) # Get ssh port by reading ssh config file.
|
SSH) port=22; protocol=TCP ;;
|
||||||
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
|
|
||||||
if [ -z "$sshport" ]; then
|
|
||||||
sshport=22
|
|
||||||
fi
|
|
||||||
port=$sshport;
|
|
||||||
protocol=TCP ;;
|
|
||||||
FTP) port=21; protocol=TCP ;;
|
FTP) port=21; protocol=TCP ;;
|
||||||
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
|
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
|
||||||
DNS) port=53; protocol=UDP ;;
|
DNS) port=53; protocol=UDP ;;
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,13 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# info: check letsencrypt domain
|
# info: adding letsencrypt ssl cetificate for domain
|
||||||
# options: USER DOMAIN [ALIASES]
|
# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
|
||||||
#
|
#
|
||||||
# The function check and validates domain with Let's Encript
|
# The function turns on SSL support for a domain. Parameter ssl_dir is a path
|
||||||
|
# to directory where 2 or 3 ssl files can be found. Certificate file
|
||||||
|
# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
|
||||||
|
# authority domain.tld.ca file is optional. If home directory parameter
|
||||||
|
# (ssl_home) is not set, https domain uses public_shtml as separate
|
||||||
|
# documentroot directory.
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
@ -13,9 +18,8 @@
|
||||||
user=$1
|
user=$1
|
||||||
domain=$2
|
domain=$2
|
||||||
aliases=$3
|
aliases=$3
|
||||||
|
restart=$4
|
||||||
# LE API
|
notify=$5
|
||||||
API='https://acme-v02.api.letsencrypt.org'
|
|
||||||
|
|
||||||
# Includes
|
# Includes
|
||||||
source $VESTA/func/main.sh
|
source $VESTA/func/main.sh
|
||||||
|
|
@ -23,346 +27,98 @@ source $VESTA/func/domain.sh
|
||||||
source $VESTA/conf/vesta.conf
|
source $VESTA/conf/vesta.conf
|
||||||
|
|
||||||
# Additional argument formatting
|
# Additional argument formatting
|
||||||
format_identifier_idn() {
|
format_domain_idn
|
||||||
identifier_idn=$identifier
|
|
||||||
if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
|
|
||||||
identifier_idn=$(idn -t --quiet -a $identifier_idn)
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# encode base64
|
|
||||||
encode_base64() {
|
|
||||||
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
|
||||||
}
|
|
||||||
|
|
||||||
# Let's Encrypt v2 curl function
|
|
||||||
query_le_v2() {
|
|
||||||
|
|
||||||
protected='{"nonce": "'$3'",'
|
|
||||||
protected=''$protected' "url": "'$1'",'
|
|
||||||
protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
|
|
||||||
content="Content-Type: application/jose+json"
|
|
||||||
|
|
||||||
payload_=$(echo -n "$2" |encode_base64)
|
|
||||||
protected_=$(echo -n "$protected" |encode_base64)
|
|
||||||
signature_=$(printf "%s" "$protected_.$payload_" |\
|
|
||||||
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
|
|
||||||
encode_base64)
|
|
||||||
|
|
||||||
post_data='{"protected":"'"$protected_"'",'
|
|
||||||
post_data=$post_data'"payload":"'"$payload_"'",'
|
|
||||||
post_data=$post_data'"signature":"'"$signature_"'"}'
|
|
||||||
|
|
||||||
# Save http response to file passed as "$4" arg or print to stdout if not provided
|
|
||||||
# http response headers are always sent to stdout
|
|
||||||
local save_to_file=${4:-"/dev/stdout"}
|
|
||||||
curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Verifications #
|
# Verifications #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '2' "$#" 'USER DOMAIN [ALIASES]'
|
check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
|
||||||
is_format_valid 'user' 'domain' 'aliases'
|
is_format_valid 'user' 'domain'
|
||||||
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||||
|
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_object_unsuspended 'user' 'USER' "$user"
|
is_object_unsuspended 'user' 'USER' "$user"
|
||||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||||
is_object_unsuspended 'web' 'DOMAIN' "$domain"
|
is_object_unsuspended 'web' 'DOMAIN' "$domain"
|
||||||
get_domain_values 'web'
|
|
||||||
|
|
||||||
echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
|
|
||||||
# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
|
|
||||||
if [[ "$aliases" != "*.$domain" ]]; then
|
|
||||||
for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
|
|
||||||
check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
|
|
||||||
if [ -z "$check_alias" ]; then
|
|
||||||
echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_NOTEXIST "domain alias $alias doesn't exist"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi;
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
# Parsing domain data
|
||||||
|
get_domain_values 'web'
|
||||||
|
|
||||||
# Registering LetsEncrypt user account
|
# Registering LetsEncrypt user account
|
||||||
echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
$BIN/v-add-letsencrypt-user $user
|
$BIN/v-add-letsencrypt-user $user
|
||||||
echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
touch $VESTA/data/queue/letsencrypt.pipe
|
touch $VESTA/data/queue/letsencrypt.pipe
|
||||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||||
send_notice "LETSENCRYPT" "Account registration failed"
|
send_notice "LETSENCRYPT" "Account registration failed"
|
||||||
echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "LE account registration" >/dev/null
|
check_result $E_CONNECT "LE account registration" >/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Parsing LetsEncrypt account data
|
# Parsing LetsEncrypt account data
|
||||||
source $USER_DATA/ssl/le.conf
|
source $USER_DATA/ssl/le.conf
|
||||||
|
email=$EMAIL
|
||||||
|
|
||||||
# Checking wildcard alias
|
# Validating domain and aliases
|
||||||
if [ "$aliases" = "*.$domain" ]; then
|
i=1
|
||||||
echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
|
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
|
||||||
wildcard='yes'
|
$BIN/v-check-letsencrypt-domain $user $alias
|
||||||
proto="dns-01"
|
if [ "$?" -ne 0 ]; then
|
||||||
if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
|
touch $VESTA/data/queue/letsencrypt.pipe
|
||||||
echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
|
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||||
check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
|
send_notice "LETSENCRYPT" "$alias validation failed"
|
||||||
fi
|
check_result $E_INVALID "LE domain validation" >/dev/null
|
||||||
else
|
|
||||||
proto="http-01"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Requesting nonce / STEP 1
|
|
||||||
echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
answer=$(curl -s -I "$API/directory")
|
|
||||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
|
||||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
|
||||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [[ "$status" -ne 200 ]]; then
|
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "Let's Encrypt nonce request status $status"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Placing new order / STEP 2
|
|
||||||
echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
url="$API/acme/new-order"
|
|
||||||
payload='{"identifiers":['
|
|
||||||
for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
|
|
||||||
format_identifier_idn
|
|
||||||
payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
|
|
||||||
done
|
|
||||||
payload=$(echo "$payload"|sed "s/,$//")
|
|
||||||
payload=$payload']}'
|
|
||||||
echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
answer=$(query_le_v2 "$url" "$payload" "$nonce")
|
|
||||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
|
||||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
|
|
||||||
echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
|
|
||||||
echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
|
|
||||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [[ "$status" -ne 201 ]]; then
|
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "Let's Encrypt new auth status $status"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Requesting authorization token / STEP 3
|
|
||||||
echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
for auth in $authz; do
|
|
||||||
payload=''
|
|
||||||
echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
answer=$(query_le_v2 "$auth" "$payload" "$nonce")
|
|
||||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
|
|
||||||
echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
|
|
||||||
echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
|
||||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
|
||||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [[ "$status" -ne 200 ]]; then
|
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Configuring challenge / STEP 4
|
# Checking LE limits per account
|
||||||
echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
|
if [ "$i" -gt 100 ]; then
|
||||||
echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
|
touch $VESTA/data/queue/letsencrypt.pipe
|
||||||
if [ "$wildcard" = 'yes' ]; then
|
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||||
record=$(printf "%s" "$token.$THUMB" |\
|
send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
|
||||||
openssl dgst -sha256 -binary |encode_base64)
|
check_result $E_LIMIT "LE can't sign more than 100 domains"
|
||||||
old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
|
|
||||||
old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
|
|
||||||
for old_record in $old_records; do
|
|
||||||
$BIN/v-delete-dns-record "$user" "$domain" "$old_record"
|
|
||||||
done
|
|
||||||
$BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
|
|
||||||
exitstatus=$?
|
|
||||||
echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [ "$exitstatus" -ne 0 ]; then
|
|
||||||
echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
fi
|
|
||||||
check_result $exitstatus "DNS _acme-challenge record wasn't created"
|
|
||||||
else
|
|
||||||
if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
|
|
||||||
if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
|
|
||||||
# if vesta is behind main nginx
|
|
||||||
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
|
|
||||||
acme_challenge="$well_known/acme-challenge"
|
|
||||||
mkdir -p $acme_challenge
|
|
||||||
echo "$token.$THUMB" > $acme_challenge/$token
|
|
||||||
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
chown -R $user:$user $well_known
|
|
||||||
else
|
|
||||||
# default nginx method
|
|
||||||
conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
|
|
||||||
sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
|
|
||||||
# if [ ! -e "$conf" ]; then
|
|
||||||
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
|
|
||||||
> $conf
|
|
||||||
echo ' default_type text/plain;' >> $conf
|
|
||||||
echo ' return 200 "$1.'$THUMB'";' >> $conf
|
|
||||||
echo '}' >> $conf
|
|
||||||
# fi
|
|
||||||
echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [ ! -e "$sconf" ]; then
|
|
||||||
ln -s "$conf" "$sconf"
|
|
||||||
fi
|
|
||||||
echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
$BIN/v-restart-proxy
|
|
||||||
if [ -z "$PROXY_SYSTEM" ]; then
|
|
||||||
# apache-less variant
|
|
||||||
echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
$BIN/v-restart-web
|
|
||||||
fi
|
|
||||||
exitstatus=$?
|
|
||||||
if [ "$exitstatus" -ne 0 ]; then
|
|
||||||
echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
fi
|
|
||||||
check_result $exitstatus "Proxy restart failed" >/dev/null
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
|
|
||||||
acme_challenge="$well_known/acme-challenge"
|
|
||||||
mkdir -p $acme_challenge
|
|
||||||
echo "$token.$THUMB" > $acme_challenge/$token
|
|
||||||
chown -R $user:$user $well_known
|
|
||||||
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
# $BIN/v-restart-web
|
|
||||||
# check_result $? "Web restart failed" >/dev/null
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Requesting ACME validation / STEP 5
|
|
||||||
echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
validation_check=$(echo "$answer" |grep '"valid"')
|
|
||||||
echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [[ ! -z "$validation_check" ]]; then
|
|
||||||
validation='valid'
|
|
||||||
else
|
|
||||||
validation='pending'
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Doing pol check on status
|
|
||||||
i=1
|
|
||||||
while [ "$validation" = 'pending' ]; do
|
|
||||||
echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
payload='{}'
|
|
||||||
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
answer=$(query_le_v2 "$url" "$payload" "$nonce")
|
|
||||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
|
|
||||||
echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
|
||||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
|
||||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [[ "$status" -ne 200 ]]; then
|
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "Let's Encrypt validation status $status"
|
|
||||||
fi
|
|
||||||
|
|
||||||
i=$((i + 1))
|
|
||||||
if [ "$i" -gt 10 ]; then
|
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "Let's Encrypt domain validation timeout"
|
|
||||||
fi
|
|
||||||
sleeping=$((i*2))
|
|
||||||
echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
sleep $sleeping
|
|
||||||
done
|
|
||||||
if [ "$validation" = 'invalid' ]; then
|
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "Let's Encrypt domain verification failed"
|
|
||||||
fi
|
fi
|
||||||
|
i=$((i++))
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Generating CSR
|
||||||
# Generating new ssl certificate
|
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
|
||||||
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
|
|
||||||
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
|
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
|
||||||
|
|
||||||
# Sending CSR to finalize order / STEP 6
|
# Signing CSR
|
||||||
echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log
|
crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
|
||||||
|
if [ "$?" -ne 0 ]; then
|
||||||
csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
|
touch $VESTA/data/queue/letsencrypt.pipe
|
||||||
payload='{"csr":"'$csr'"}'
|
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||||
echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
send_notice "LETSENCRYPT" "$alias validation failed"
|
||||||
answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
|
check_result "$E_INVALID" "LE $domain validation"
|
||||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
|
|
||||||
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
|
||||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
|
|
||||||
echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [[ "$status" -ne 200 ]]; then
|
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
|
|
||||||
fi
|
fi
|
||||||
|
echo "$crt" > $ssl_dir/$domain.crt
|
||||||
|
|
||||||
# Downloading signed certificate / STEP 7
|
# Dowloading CA certificate
|
||||||
echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
|
le_certs='https://letsencrypt.org/certs'
|
||||||
echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
|
x1='lets-encrypt-x1-cross-signed.pem.txt'
|
||||||
answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
|
x3='lets-encrypt-x3-cross-signed.pem.txt'
|
||||||
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
|
issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
|
||||||
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
|
if [ -z "$(echo $issuer|grep X3)" ]; then
|
||||||
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
|
curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
|
||||||
if [[ "$status" -ne 200 ]]; then
|
else
|
||||||
[ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
|
curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
|
||||||
echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Splitting up downloaded pem
|
|
||||||
# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
|
|
||||||
# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
|
|
||||||
|
|
||||||
pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
|
|
||||||
# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
|
|
||||||
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
ca_end=$(( pem_lines - crt_end + 1 ))
|
|
||||||
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
|
|
||||||
|
|
||||||
# Temporary fix for double "END CERTIFICATE"
|
|
||||||
if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
|
|
||||||
sed -i '1,2d' $ssl_dir/$domain.ca
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Adding SSL
|
# Adding SSL
|
||||||
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
|
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
|
||||||
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
|
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
|
||||||
echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
|
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
|
||||||
exitstatus=$?
|
if [ "$?" -ne '0' ]; then
|
||||||
echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
if [ "$exitstatus" -ne '0' ]; then
|
|
||||||
touch $VESTA/data/queue/letsencrypt.pipe
|
touch $VESTA/data/queue/letsencrypt.pipe
|
||||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||||
echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
send_notice 'LETSENCRYPT' "$domain certificate installation failed"
|
send_notice 'LETSENCRYPT' "$domain certificate installation failed"
|
||||||
check_result $exitstatus "SSL install" >/dev/null
|
check_result $? "SSL install" >/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Adding LE autorenew cronjob
|
# Adding LE autorenew cronjob
|
||||||
|
|
@ -379,19 +135,23 @@ if [ -z "$LETSENCRYPT" ]; then
|
||||||
fi
|
fi
|
||||||
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
|
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
|
||||||
|
|
||||||
reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Vesta #
|
# Vesta #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Deleteing task from queue
|
# Restarting web
|
||||||
touch $VESTA/data/queue/letsencrypt.pipe
|
$BIN/v-restart-web $restart
|
||||||
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
if [ "$?" -ne 0 ]; then
|
||||||
|
send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
|
||||||
|
fi
|
||||||
|
|
||||||
# Notifying user
|
# Notifying user
|
||||||
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
|
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
|
||||||
echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
|
|
||||||
|
# Deleteing task from queue
|
||||||
|
touch $VESTA/data/queue/letsencrypt.pipe
|
||||||
|
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
log_event "$OK" "$ARGUMENTS"
|
log_event "$OK" "$ARGUMENTS"
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# info: register letsencrypt user account
|
# info: register letsencrypt user account
|
||||||
# options: USER
|
# options: USER [EMAIL]
|
||||||
#
|
#
|
||||||
# The function creates and register LetsEncript account
|
# The function creates and register LetsEncript account key
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
@ -11,9 +11,8 @@
|
||||||
|
|
||||||
# Argument definition
|
# Argument definition
|
||||||
user=$1
|
user=$1
|
||||||
|
email=$2
|
||||||
# LE API
|
key_size=4096
|
||||||
API='https://acme-v02.api.letsencrypt.org'
|
|
||||||
|
|
||||||
# Includes
|
# Includes
|
||||||
source $VESTA/func/main.sh
|
source $VESTA/func/main.sh
|
||||||
|
|
@ -24,38 +23,15 @@ encode_base64() {
|
||||||
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
||||||
}
|
}
|
||||||
|
|
||||||
# Let's Encrypt v2 curl function
|
|
||||||
query_le_v2() {
|
|
||||||
protected='{"nonce": "'$3'",'
|
|
||||||
protected=''$protected' "url": "'$1'",'
|
|
||||||
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
|
|
||||||
content="Content-Type: application/jose+json"
|
|
||||||
|
|
||||||
payload_=$(echo -n "$2" |encode_base64)
|
|
||||||
protected_=$(echo -n "$protected" |encode_base64)
|
|
||||||
signature_=$(printf "%s" "$protected_.$payload_" |\
|
|
||||||
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
|
|
||||||
encode_base64)
|
|
||||||
|
|
||||||
post_data='{"protected":"'"$protected_"'",'
|
|
||||||
post_data=$post_data'"payload":"'"$payload_"'",'
|
|
||||||
post_data=$post_data'"signature":"'"$signature_"'"}'
|
|
||||||
|
|
||||||
curl -s -i -d "$post_data" "$1" -H "$content"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Verifications #
|
# Verifications #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '1' "$#" 'USER'
|
check_args '1' "$#" 'USER [EMAIL]'
|
||||||
is_format_valid 'user'
|
is_format_valid 'user'
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
if [ -e "$USER_DATA/ssl/le.conf" ]; then
|
if [ -e "$USER_DATA/ssl/le.conf" ]; then
|
||||||
source "$USER_DATA/ssl/le.conf"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$KID" ]; then
|
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -64,57 +40,57 @@ fi
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
api='https://acme-v01.api.letsencrypt.org'
|
||||||
# Defining user email
|
if [ -z "$email" ]; then
|
||||||
if [[ -z "$EMAIL" ]]; then
|
email=$(get_user_value '$CONTACT')
|
||||||
EMAIL=$(get_user_value '$CONTACT')
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Defining user agreement
|
agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
|
||||||
agreement=''
|
|
||||||
|
|
||||||
# Generating user key
|
# Generating key
|
||||||
KEY="$USER_DATA/ssl/user.key"
|
key="$USER_DATA/ssl/user.key"
|
||||||
if [ ! -e "$KEY" ]; then
|
if [ ! -e "$key" ]; then
|
||||||
openssl genrsa -out $KEY 4096 >/dev/null 2>&1
|
openssl genrsa -out $key $key_size >/dev/null 2>&1
|
||||||
chmod 600 $KEY
|
chmod 600 $key
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Defining key exponent
|
# Defining key exponent
|
||||||
if [ -z "$EXPONENT" ]; then
|
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
|
||||||
EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
|
|
||||||
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
|
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
|
||||||
xxd -r -p |encode_base64)
|
xxd -r -p |encode_base64)
|
||||||
fi
|
|
||||||
|
|
||||||
# Defining key modulus
|
# Defining key modulus
|
||||||
if [ -z "$MODULUS" ]; then
|
modulus=$(openssl rsa -in "$key" -modulus -noout |\
|
||||||
MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
|
|
||||||
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
|
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
|
||||||
fi
|
|
||||||
|
|
||||||
# Defining JWK
|
# Defining key thumb
|
||||||
jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
|
thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||||
|
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
|
||||||
|
|
||||||
# Defining key thumbnail
|
# Defining JWK header
|
||||||
if [ -z "$THUMB" ]; then
|
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||||
THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
|
header='{"alg":"RS256","jwk":'"$header"'}'
|
||||||
fi
|
|
||||||
|
|
||||||
|
# Requesting nonce
|
||||||
|
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
|
||||||
|
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||||
|
|
||||||
# Requesting ACME nonce
|
# Defining registration query
|
||||||
nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
|
query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
|
||||||
|
query=$query'"agreement":"'$agreement'"}'
|
||||||
|
payload=$(echo -n "$query" |encode_base64)
|
||||||
|
signature=$(printf "%s" "$protected.$payload" |\
|
||||||
|
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||||
|
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||||
|
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||||
|
|
||||||
# Creating ACME account
|
# Sending request to LetsEncrypt API
|
||||||
url="$API/acme/new-acct"
|
answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
|
||||||
payload='{"termsOfServiceAgreed": true}'
|
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
|
||||||
answer=$(query_le_v2 "$url" "$payload" "$nonce")
|
|
||||||
kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
|
|
||||||
|
|
||||||
# Checking answer status
|
# Checking http answer status
|
||||||
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
|
if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
|
||||||
if [[ "${status:0:2}" -ne "20" ]]; then
|
check_result $E_CONNECT "LetsEncrypt account registration $status"
|
||||||
check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -123,17 +99,12 @@ fi
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Adding le.conf
|
# Adding le.conf
|
||||||
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
|
||||||
echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
|
echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
|
||||||
echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
|
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
|
||||||
echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
|
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
|
||||||
echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
|
chmod 660 $USER_DATA/ssl/le.conf
|
||||||
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
|
|
||||||
chmod 660 $USER_DATA/ssl/le.conf
|
|
||||||
else
|
|
||||||
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
|
|
||||||
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
log_event "$OK" "$ARGUMENTS"
|
log_event "$OK" "$ARGUMENTS"
|
||||||
|
|
|
||||||
|
|
@ -1,106 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# info: copy mail ssl certificate
|
|
||||||
# options: USER DOMAIN [RESTART]
|
|
||||||
#
|
|
||||||
# The function copies user domain SSL to mail SSL directory
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Variable&Function #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Argument definition
|
|
||||||
user=$1
|
|
||||||
domain=$2
|
|
||||||
restart=$3
|
|
||||||
|
|
||||||
# Includes
|
|
||||||
source $VESTA/func/main.sh
|
|
||||||
source $VESTA/func/domain.sh
|
|
||||||
source $VESTA/conf/vesta.conf
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Verifications #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
check_args '2' "$#" 'USER DOMAIN [RESTART]'
|
|
||||||
is_format_valid 'user' 'domain'
|
|
||||||
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
|
||||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
|
||||||
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Action #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Defining certificate location
|
|
||||||
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
|
|
||||||
dom_key="/home/$user/conf/web/ssl.$domain.key"
|
|
||||||
vst_crt="$VESTA/ssl/mail.crt"
|
|
||||||
vst_key="$VESTA/ssl/mail.key"
|
|
||||||
|
|
||||||
# Checking certificate
|
|
||||||
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
|
|
||||||
check_result $E_NOTEXIST "$domain certificate doesn't exist"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Checking difference
|
|
||||||
diff $dom_crt $vst_crt >/dev/null 2>&1
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
rm -f $vst_crt.old $vst_key.old
|
|
||||||
mv $vst_crt $vst_crt.old >/dev/null 2>&1
|
|
||||||
mv $vst_key $vst_key.old >/dev/null 2>&1
|
|
||||||
cp $dom_crt $vst_crt 2>/dev/null
|
|
||||||
cp $dom_key $vst_key 2>/dev/null
|
|
||||||
chown root:mail $vst_crt $vst_key
|
|
||||||
else
|
|
||||||
restart=no
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating mail certificate
|
|
||||||
case $MAIL_SYSTEM in
|
|
||||||
exim) conf='/etc/exim/exim.conf';;
|
|
||||||
exim4) conf='/etc/exim4/exim4.conf.template';;
|
|
||||||
esac
|
|
||||||
if [ -e "$conf" ]; then
|
|
||||||
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
|
|
||||||
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating imap certificate
|
|
||||||
conf="/etc/dovecot/conf.d/10-ssl.conf"
|
|
||||||
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
|
|
||||||
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
|
|
||||||
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Vesta #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Restarting services
|
|
||||||
if [ "$restart" != 'no' ]; then
|
|
||||||
if [ ! -z "$MAIL_SYSTEM" ]; then
|
|
||||||
$BIN/v-restart-service $MAIL_SYSTEM
|
|
||||||
fi
|
|
||||||
if [ ! -z "$IMAP_SYSTEM" ]; then
|
|
||||||
$BIN/v-restart-service $IMAP_SYSTEM
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating vesta.conf
|
|
||||||
if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
|
|
||||||
echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
|
|
||||||
else
|
|
||||||
sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
|
|
||||||
$VESTA/conf/vesta.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
log_event "$OK" "$ARGUMENTS"
|
|
||||||
|
|
||||||
exit
|
|
||||||
|
|
@ -1,97 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# info: add vesta ssl certificate
|
|
||||||
# options: USER DOMAIN [RESTART]
|
|
||||||
#
|
|
||||||
# The function copies user domain SSL to vesta SSL directory
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Variable&Function #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Argument definition
|
|
||||||
user=$1
|
|
||||||
domain=$2
|
|
||||||
restart=$3
|
|
||||||
|
|
||||||
# Includes
|
|
||||||
source $VESTA/func/main.sh
|
|
||||||
source $VESTA/func/domain.sh
|
|
||||||
source $VESTA/conf/vesta.conf
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Verifications #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
check_args '2' "$#" 'USER DOMAIN [RESTART]'
|
|
||||||
is_format_valid 'user' 'domain'
|
|
||||||
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
|
||||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
|
||||||
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Action #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Defining certificate location
|
|
||||||
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
|
|
||||||
dom_key="/home/$user/conf/web/ssl.$domain.key"
|
|
||||||
vst_crt="$VESTA/ssl/certificate.crt"
|
|
||||||
vst_key="$VESTA/ssl/certificate.key"
|
|
||||||
|
|
||||||
# Checking certificate
|
|
||||||
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
|
|
||||||
check_result $E_NOTEXIST "$domain certificate doesn't exist"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Checking difference
|
|
||||||
diff $dom_crt $vst_crt >/dev/null 2>&1
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
rm -f $vst_crt.old $vst_key.old
|
|
||||||
mv $vst_crt $vst_crt.old
|
|
||||||
mv $vst_key $vst_key.old
|
|
||||||
cp $dom_crt $vst_crt 2>/dev/null
|
|
||||||
cp $dom_key $vst_key 2>/dev/null
|
|
||||||
chown root:mail $vst_crt $vst_key
|
|
||||||
else
|
|
||||||
restart=no
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Vesta #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Restarting services
|
|
||||||
if [ "$restart" != 'no' ]; then
|
|
||||||
if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
|
|
||||||
$BIN/v-restart-service $MAIL_SYSTEM
|
|
||||||
fi
|
|
||||||
if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
|
|
||||||
$BIN/v-restart-service $IMAP_SYSTEM
|
|
||||||
fi
|
|
||||||
if [ ! -z "$FTP_SYSTEM" ]; then
|
|
||||||
$BIN/v-restart-service "$FTP_SYSTEM"
|
|
||||||
fi
|
|
||||||
if [ -e "/var/run/vesta-nginx.pid" ]; then
|
|
||||||
kill -HUP $(cat /var/run/vesta-nginx.pid)
|
|
||||||
else
|
|
||||||
service vesta restart
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating vesta.conf
|
|
||||||
if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
|
|
||||||
echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
|
|
||||||
else
|
|
||||||
sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
|
|
||||||
$VESTA/conf/vesta.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
log_event "$OK" "$ARGUMENTS"
|
|
||||||
|
|
||||||
exit
|
|
||||||
|
|
@ -30,37 +30,37 @@ is_package_new() {
|
||||||
is_package_consistent() {
|
is_package_consistent() {
|
||||||
source $pkg_dir/$package.pkg
|
source $pkg_dir/$package.pkg
|
||||||
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
|
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
|
||||||
is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
|
is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS'
|
||||||
fi
|
fi
|
||||||
if [ "$WEB_ALIASES" != 'unlimited' ]; then
|
if [ "$WEB_ALIASES" != 'unlimited' ]; then
|
||||||
is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
|
is_format_valid_int $WEB_ALIASES 'WEB_ALIASES'
|
||||||
fi
|
fi
|
||||||
if [ "$DNS_DOMAINS" != 'unlimited' ]; then
|
if [ "$DNS_DOMAINS" != 'unlimited' ]; then
|
||||||
is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
|
is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS'
|
||||||
fi
|
fi
|
||||||
if [ "$DNS_RECORDS" != 'unlimited' ]; then
|
if [ "$DNS_RECORDS" != 'unlimited' ]; then
|
||||||
is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
|
is_format_valid_int $DNS_RECORDS 'DNS_RECORDS'
|
||||||
fi
|
fi
|
||||||
if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
|
if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
|
||||||
is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
|
is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS'
|
||||||
fi
|
fi
|
||||||
if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
|
if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
|
||||||
is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
|
is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
|
||||||
fi
|
fi
|
||||||
if [ "$DATABASES" != 'unlimited' ]; then
|
if [ "$DATABASES" != 'unlimited' ]; then
|
||||||
is_int_format_valid $DATABASES 'DATABASES'
|
is_format_valid_int $DATABASES 'DATABASES'
|
||||||
fi
|
fi
|
||||||
if [ "$CRON_JOBS" != 'unlimited' ]; then
|
if [ "$CRON_JOBS" != 'unlimited' ]; then
|
||||||
is_int_format_valid $CRON_JOBS 'CRON_JOBS'
|
is_format_valid_int $CRON_JOBS 'CRON_JOBS'
|
||||||
fi
|
fi
|
||||||
if [ "$DISK_QUOTA" != 'unlimited' ]; then
|
if [ "$DISK_QUOTA" != 'unlimited' ]; then
|
||||||
is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
|
is_format_valid_int $DISK_QUOTA 'DISK_QUOTA'
|
||||||
fi
|
fi
|
||||||
if [ "$BANDWIDTH" != 'unlimited' ]; then
|
if [ "$BANDWIDTH" != 'unlimited' ]; then
|
||||||
is_int_format_valid $BANDWIDTH 'BANDWIDTH'
|
is_format_valid_int $BANDWIDTH 'BANDWIDTH'
|
||||||
fi
|
fi
|
||||||
if [ "$BACKUPS" != 'unlimited' ]; then
|
if [ "$BACKUPS" != 'unlimited' ]; then
|
||||||
is_int_format_valid $BACKUPS 'BACKUPS'
|
is_format_valid_int $BACKUPS 'BACKUPS'
|
||||||
fi
|
fi
|
||||||
is_format_valid_shell $SHELL
|
is_format_valid_shell $SHELL
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -48,8 +48,6 @@ is_object_unsuspended 'user' 'USER' "$user"
|
||||||
is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
|
is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
|
||||||
is_domain_new 'web' "$domain,$aliases"
|
is_domain_new 'web' "$domain,$aliases"
|
||||||
is_dir_symlink $HOMEDIR/$user/web
|
is_dir_symlink $HOMEDIR/$user/web
|
||||||
if_dir_exists $HOMEDIR/$user/web/$domain
|
|
||||||
is_dir_symlink $HOMEDIR/$user/web/$domain
|
|
||||||
if [ ! -z "$ip" ]; then
|
if [ ! -z "$ip" ]; then
|
||||||
is_ip_valid "$ip" "$user"
|
is_ip_valid "$ip" "$user"
|
||||||
else
|
else
|
||||||
|
|
@ -65,7 +63,7 @@ fi
|
||||||
source $USER_DATA/user.conf
|
source $USER_DATA/user.conf
|
||||||
|
|
||||||
# Creating domain directories
|
# Creating domain directories
|
||||||
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
|
mkdir -p $HOMEDIR/$user/web/$domain \
|
||||||
$HOMEDIR/$user/web/$domain/public_html \
|
$HOMEDIR/$user/web/$domain/public_html \
|
||||||
$HOMEDIR/$user/web/$domain/public_shtml \
|
$HOMEDIR/$user/web/$domain/public_shtml \
|
||||||
$HOMEDIR/$user/web/$domain/document_errors \
|
$HOMEDIR/$user/web/$domain/document_errors \
|
||||||
|
|
@ -82,7 +80,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
|
||||||
$HOMEDIR/$user/web/$domain/logs/
|
$HOMEDIR/$user/web/$domain/logs/
|
||||||
|
|
||||||
# Adding domain skeleton
|
# Adding domain skeleton
|
||||||
sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
|
cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
|
||||||
for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
|
for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
|
||||||
sed -i "s/%domain%/$domain/g" $file
|
sed -i "s/%domain%/$domain/g" $file
|
||||||
done
|
done
|
||||||
|
|
@ -91,9 +89,9 @@ done
|
||||||
chown -R $user:$user $HOMEDIR/$user/web/$domain
|
chown -R $user:$user $HOMEDIR/$user/web/$domain
|
||||||
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
|
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
|
||||||
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
|
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
|
||||||
sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
|
chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
|
||||||
sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
|
chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
|
||||||
sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
|
chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
|
||||||
|
|
||||||
# Addding PHP-FPM backend
|
# Addding PHP-FPM backend
|
||||||
if [ ! -z "$WEB_BACKEND" ]; then
|
if [ ! -z "$WEB_BACKEND" ]; then
|
||||||
|
|
@ -115,12 +113,9 @@ if [ "$aliases" = 'none' ]; then
|
||||||
ALIAS=''
|
ALIAS=''
|
||||||
else
|
else
|
||||||
ALIAS="www.$domain"
|
ALIAS="www.$domain"
|
||||||
if [ -z "$aliases" ]; then
|
if [ ! -z "$aliases" ]; then
|
||||||
ALIAS="www.$domain"
|
ALIAS="$ALIAS,$aliases"
|
||||||
else
|
|
||||||
ALIAS="$aliases"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ip_alias=$(get_ip_alias $domain)
|
ip_alias=$(get_ip_alias $domain)
|
||||||
if [ ! -z "$ip_alias" ]; then
|
if [ ! -z "$ip_alias" ]; then
|
||||||
ALIAS="$ALIAS,$ip_alias"
|
ALIAS="$ALIAS,$ip_alias"
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ fi
|
||||||
|
|
||||||
# Allocating backend port
|
# Allocating backend port
|
||||||
backend_port=9000
|
backend_port=9000
|
||||||
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
|
ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
|
||||||
ports=$(echo "$ports" |sed "s/://" |sort -n)
|
ports=$(echo "$ports" |sed "s/://" |sort -n)
|
||||||
for port in $ports; do
|
for port in $ports; do
|
||||||
if [ "$backend_port" -eq "$port" ]; then
|
if [ "$backend_port" -eq "$port" ]; then
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,7 @@ fi
|
||||||
/usr/sbin/useradd $ftp_user \
|
/usr/sbin/useradd $ftp_user \
|
||||||
-s $shell \
|
-s $shell \
|
||||||
-o -u $(id -u $user) \
|
-o -u $(id -u $user) \
|
||||||
-g $(id -g $user) \
|
-g $(id -u $user) \
|
||||||
-M -d "$ftp_path_a" > /dev/null 2>&1
|
-M -d "$ftp_path_a" > /dev/null 2>&1
|
||||||
|
|
||||||
# Set ftp user password
|
# Set ftp user password
|
||||||
|
|
|
||||||
|
|
@ -120,22 +120,6 @@ check_result $? "Web restart failed" >/dev/null
|
||||||
$BIN/v-restart-proxy $restart
|
$BIN/v-restart-proxy $restart
|
||||||
check_result $? "Proxy restart failed" >/dev/null
|
check_result $? "Proxy restart failed" >/dev/null
|
||||||
|
|
||||||
# Updating system ssl dependencies
|
|
||||||
if [ ! -z "$VESTA_CERTIFICATE" ]; then
|
|
||||||
crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
|
|
||||||
crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
|
|
||||||
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
|
|
||||||
$BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if [ ! -z "$MAIL_CERTIFICATE" ]; then
|
|
||||||
crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
|
|
||||||
crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
|
|
||||||
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
|
|
||||||
$BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
|
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
|
||||||
hostname=$(hostname)
|
hostname=$(hostname)
|
||||||
if [ "$hostname" = "$domain" ]; then
|
if [ "$hostname" = "$domain" ]; then
|
||||||
|
|
@ -143,12 +127,6 @@ if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
UPDATE_SSL_SCRIPT=''
|
|
||||||
source $VESTA/conf/vesta.conf
|
|
||||||
if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
|
|
||||||
eval "$UPDATE_SSL_SCRIPT $user $domain"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
log_history "enabled ssl support for $domain"
|
log_history "enabled ssl support for $domain"
|
||||||
log_event "$OK" "$ARGUMENTS"
|
log_event "$OK" "$ARGUMENTS"
|
||||||
|
|
|
||||||
|
|
@ -68,12 +68,8 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
|
||||||
(( ++i))
|
(( ++i))
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ -z "$BACKUP_TEMP" ]; then
|
|
||||||
BACKUP_TEMP=$BACKUP
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Creating temporary directory
|
# Creating temporary directory
|
||||||
tmpdir=$(mktemp -p $BACKUP_TEMP -d)
|
tmpdir=$(mktemp -p /tmp -d)
|
||||||
|
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
|
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
|
||||||
|
|
@ -216,32 +212,24 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
|
||||||
cp $USER_DATA/ssl/$domain.* vesta/
|
cp $USER_DATA/ssl/$domain.* vesta/
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Changin dir to documentroot
|
|
||||||
cd $HOMEDIR/$user/web/$domain
|
|
||||||
|
|
||||||
# Define exclude arguments
|
# Define exclude arguments
|
||||||
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
|
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
|
||||||
set -f
|
set -f
|
||||||
fargs=()
|
fargs=()
|
||||||
fargs+=(--exclude='./logs/*')
|
fargs+=(--exclude='logs/*')
|
||||||
if [ ! -z "$exlusion" ]; then
|
if [ ! -z "$exlusion" ]; then
|
||||||
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
|
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
|
||||||
for xpath in $xdirs; do
|
for xpath in $xdirs; do
|
||||||
if [ -d "$xpath" ]; then
|
|
||||||
fargs+=(--exclude=$xpath/*)
|
fargs+=(--exclude=$xpath/*)
|
||||||
echo "$(date "+%F %T") excluding directory $xpath"
|
echo "$(date "+%F %T") excluding directory $xpath"
|
||||||
msg="$msg\n$(date "+%F %T") excluding directory $xpath"
|
msg="$msg\n$(date "+%F %T") excluding directory $xpath"
|
||||||
else
|
|
||||||
echo "$(date "+%F %T") excluding file $xpath"
|
|
||||||
msg="$msg\n$(date "+%F %T") excluding file $xpath"
|
|
||||||
fargs+=(--exclude=$xpath)
|
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
set +f
|
set +f
|
||||||
|
|
||||||
# Backup files
|
# Backup files
|
||||||
tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
|
cd $HOMEDIR/$user/web/$domain
|
||||||
|
tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
|
||||||
done
|
done
|
||||||
|
|
||||||
# Print total
|
# Print total
|
||||||
|
|
@ -400,9 +388,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
|
||||||
grep "DB='$database'" $conf > vesta/db.conf
|
grep "DB='$database'" $conf > vesta/db.conf
|
||||||
|
|
||||||
dump="$tmpdir/db/$database/$database.$TYPE.sql"
|
dump="$tmpdir/db/$database/$database.$TYPE.sql"
|
||||||
dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
|
|
||||||
grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
|
grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
|
||||||
if [ ! -f "$dumpgz" ]; then
|
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
mysql) dump_mysql_database ;;
|
mysql) dump_mysql_database ;;
|
||||||
pgsql) dump_pgsql_database ;;
|
pgsql) dump_pgsql_database ;;
|
||||||
|
|
@ -410,7 +396,6 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
|
||||||
|
|
||||||
# Compress dump
|
# Compress dump
|
||||||
gzip -$BACKUP_GZIP $dump
|
gzip -$BACKUP_GZIP $dump
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
|
|
||||||
# Print total
|
# Print total
|
||||||
|
|
@ -460,15 +445,11 @@ if [ "$USER" != '*' ]; then
|
||||||
fi
|
fi
|
||||||
fargs=()
|
fargs=()
|
||||||
for xpath in $(echo "$USER" |tr ',' '\n'); do
|
for xpath in $(echo "$USER" |tr ',' '\n'); do
|
||||||
if [ -d "$xpath" ]; then
|
fargs+=(-not)
|
||||||
fargs+=(--exclude=$xpath/*)
|
fargs+=(-path)
|
||||||
|
fargs+=("./$xpath*")
|
||||||
echo "$(date "+%F %T") excluding directory $xpath" |\
|
echo "$(date "+%F %T") excluding directory $xpath" |\
|
||||||
tee -a $BACKUP/$user.log
|
tee -a $BACKUP/$user.log
|
||||||
else
|
|
||||||
echo "$(date "+%F %T") excluding file $xpath" |\
|
|
||||||
tee -a $BACKUP/$user.log
|
|
||||||
fargs+=(--exclude=$xpath)
|
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
|
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
|
|
@ -479,12 +460,11 @@ if [ "$USER" != '*' ]; then
|
||||||
exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
|
exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
|
||||||
if [ -z "$exclusion" ]; then
|
if [ -z "$exclusion" ]; then
|
||||||
((i ++))
|
((i ++))
|
||||||
udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g")
|
udir_list="$udir_list $udir"
|
||||||
udir_list="$udir_list $udir_str"
|
|
||||||
echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
|
echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
|
||||||
|
|
||||||
# Backup files and dirs
|
# Backup files and dirs
|
||||||
tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
|
tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
set +f
|
set +f
|
||||||
|
|
@ -595,7 +575,7 @@ ftp_backup() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Debug info
|
# Debug info
|
||||||
echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar"
|
echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
|
||||||
|
|
||||||
# Checking ftp connection
|
# Checking ftp connection
|
||||||
fconn=$(ftpc)
|
fconn=$(ftpc)
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,6 @@ if [ -z "$BACKUP_SYSTEM" ]; then
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
|
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
|
||||||
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
|
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
|
||||||
log=$VESTA/log/backup.log
|
log=$VESTA/log/backup.log
|
||||||
if [ ! -z "$check_suspend" ]; then
|
if [ ! -z "$check_suspend" ]; then
|
||||||
|
|
|
||||||
|
|
@ -52,11 +52,8 @@ salt=$(generate_password "$PW_MATRIX" "8")
|
||||||
md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
|
md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
|
||||||
|
|
||||||
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
|
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
|
||||||
quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
|
|
||||||
quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
|
|
||||||
quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
|
|
||||||
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
|
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||||
str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M"
|
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
|
||||||
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
|
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,6 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
|
||||||
check_args '2' "$#" 'KEY VALUE'
|
check_args '2' "$#" 'KEY VALUE'
|
||||||
is_format_valid 'key'
|
is_format_valid 'key'
|
||||||
|
|
||||||
format_no_quotes "$value" 'value'
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Action #
|
# Action #
|
||||||
|
|
|
||||||
|
|
@ -34,72 +34,48 @@ is_ip_valid "$ip"
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Updating IP
|
# Changing nat ip
|
||||||
if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
|
if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
|
||||||
sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
|
sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
|
||||||
old=''
|
|
||||||
new=$nat_ip
|
|
||||||
else
|
else
|
||||||
old=$(get_ip_value '$NAT')
|
update_ip_value '$NAT' "$nat_ip"
|
||||||
new=$nat_ip
|
fi
|
||||||
sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip
|
|
||||||
if [ -z "$nat_ip" ]; then
|
# Check ftp system
|
||||||
new=$ip
|
if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
|
||||||
|
|
||||||
|
# Find configuration
|
||||||
|
if [ -e '/etc/vsftpd/vsftpd.conf' ]; then
|
||||||
|
conf='/etc/vsftpd/vsftpd.conf'
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating WEB configs
|
if [ -e '/etc/vsftpd.conf' ]; then
|
||||||
if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then
|
conf='/etc/vsftpd.conf'
|
||||||
sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf
|
fi
|
||||||
for user in $(ls $VESTA/data/users/); do
|
|
||||||
$BIN/v-rebuild-web-domains $user no
|
|
||||||
done
|
|
||||||
$BIN/v-restart-dns $restart
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating DNS configs
|
# Update config
|
||||||
if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then
|
if [ -z "$(grep pasv_address $conf)" ]; then
|
||||||
sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf
|
if [ ! -z "$nat_ip" ]; then
|
||||||
sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf
|
|
||||||
for user in $(ls $VESTA/data/users/); do
|
|
||||||
$BIN/v-rebuild-dns-domains $user no
|
|
||||||
done
|
|
||||||
$BIN/v-restart-dns $restart
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating FTP
|
|
||||||
if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then
|
|
||||||
conf=$(find /etc -name $FTP_SYSTEM.conf)
|
|
||||||
if [ -e "$conf" ]; then
|
|
||||||
sed -i "s/$old/$new/g" $conf
|
|
||||||
if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
|
|
||||||
check_pasv=$(grep pasv_address $conf)
|
|
||||||
if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
|
|
||||||
echo "pasv_address=$nat_ip" >> $conf
|
echo "pasv_address=$nat_ip" >> $conf
|
||||||
fi
|
fi
|
||||||
if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then
|
else
|
||||||
|
if [ ! -z "$nat_ip" ]; then
|
||||||
|
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
|
||||||
|
else
|
||||||
sed -i "/pasv_address/d" $conf
|
sed -i "/pasv_address/d" $conf
|
||||||
fi
|
fi
|
||||||
if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
|
|
||||||
sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
|
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
fi
|
|
||||||
$BIN/v-restart-ftp $restart
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Updating firewall
|
|
||||||
if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then
|
|
||||||
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
|
|
||||||
$BIN/v-update-firewall
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Vesta #
|
# Vesta #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
# Restart ftp server
|
||||||
|
$BIN/v-restart-ftp $restart
|
||||||
|
check_result $? "FTP restart failed" >/dev/null
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
|
log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
|
||||||
log_event "$OK" "$ARGUMENTS"
|
log_event "$OK" "$ARGUMENTS"
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,6 @@ case $service in
|
||||||
spamd) dst=$($BIN/v-list-sys-spamd-config plain);;
|
spamd) dst=$($BIN/v-list-sys-spamd-config plain);;
|
||||||
spamassassin) dst=$($BIN/v-list-sys-spamd-config plain);;
|
spamassassin) dst=$($BIN/v-list-sys-spamd-config plain);;
|
||||||
clamd) dst=$($BIN/v-list-sys-clamd-config plain);;
|
clamd) dst=$($BIN/v-list-sys-clamd-config plain);;
|
||||||
clamd.scan) dst=$($BIN/v-list-sys-clamd-config plain);;
|
|
||||||
cron) dst='/etc/crontab';;
|
cron) dst='/etc/crontab';;
|
||||||
crond) dst='/etc/crontab';;
|
crond) dst='/etc/crontab';;
|
||||||
fail2ban) dst='/etc/fail2ban/jail.local';;
|
fail2ban) dst='/etc/fail2ban/jail.local';;
|
||||||
|
|
@ -96,21 +95,13 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
|
||||||
|
|
||||||
if [ "$service" = 'php' ]; then
|
if [ "$service" = 'php' ]; then
|
||||||
if [ "$WEB_SYSTEM" = "nginx" ]; then
|
if [ "$WEB_SYSTEM" = "nginx" ]; then
|
||||||
if [ $(ps --no-headers -o comm 1) == systemd ]; then
|
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
|
||||||
service=$(systemctl | grep -o -E "php.*fpm.*\.service")
|
|
||||||
service=${service//.service/}
|
|
||||||
else
|
|
||||||
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
|
|
||||||
fi
|
|
||||||
else
|
else
|
||||||
service=$WEB_SYSTEM
|
service=$WEB_SYSTEM
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for single_service in $service; do
|
service $service restart >/dev/null 2>&1
|
||||||
service $single_service restart >/dev/null 2>&1
|
|
||||||
done <<< "$service"
|
|
||||||
|
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
for config in $dst; do
|
for config in $dst; do
|
||||||
cat $config.vst.back > $config
|
cat $config.vst.back > $config
|
||||||
|
|
|
||||||
|
|
@ -16,12 +16,16 @@ force=$3
|
||||||
|
|
||||||
# Includes
|
# Includes
|
||||||
source $VESTA/func/main.sh
|
source $VESTA/func/main.sh
|
||||||
source $VESTA/func/domain.sh
|
|
||||||
source $VESTA/conf/vesta.conf
|
source $VESTA/conf/vesta.conf
|
||||||
|
|
||||||
is_package_avalable() {
|
is_package_avalable() {
|
||||||
|
|
||||||
source $USER_DATA/user.conf
|
usr_data=$(cat $USER_DATA/user.conf)
|
||||||
|
IFS=$'\n'
|
||||||
|
for key in $usr_data; do
|
||||||
|
eval ${key%%=*}=${key#*=}
|
||||||
|
done
|
||||||
|
|
||||||
WEB_DOMAINS='0'
|
WEB_DOMAINS='0'
|
||||||
DATABASES='0'
|
DATABASES='0'
|
||||||
MAIL_DOMAINS='0'
|
MAIL_DOMAINS='0'
|
||||||
|
|
@ -29,13 +33,9 @@ is_package_avalable() {
|
||||||
DISK_QUOTA='0'
|
DISK_QUOTA='0'
|
||||||
BANDWIDTH='0'
|
BANDWIDTH='0'
|
||||||
|
|
||||||
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
|
pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
|
||||||
IFS=$'\n'
|
grep -v DATE)
|
||||||
for str in $pkg_data; do
|
eval $pkg_data
|
||||||
key=$(echo $str |cut -f 1 -d =)
|
|
||||||
value=$(echo $str |cut -f 2 -d \')
|
|
||||||
eval $key="$value"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Checking usage agains package limits
|
# Checking usage agains package limits
|
||||||
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
|
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
|
||||||
|
|
@ -73,22 +73,11 @@ is_package_avalable() {
|
||||||
check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
|
check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Checking templates
|
|
||||||
is_web_template_valid $WEB_TEMPLATE
|
|
||||||
is_dns_template_valid $DNS_TEMPLATE
|
|
||||||
is_proxy_template_valid $PROXY_TEMPLATE
|
|
||||||
}
|
}
|
||||||
|
|
||||||
change_user_package() {
|
change_user_package() {
|
||||||
source $USER_DATA/user.conf
|
eval $(cat $USER_DATA/user.conf)
|
||||||
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
|
eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
|
||||||
IFS=$'\n'
|
|
||||||
for str in $pkg_data; do
|
|
||||||
key=$(echo $str |cut -f 1 -d =)
|
|
||||||
value=$(echo $str |cut -f 2 -d \')
|
|
||||||
eval $key="$value"
|
|
||||||
done
|
|
||||||
echo "FNAME='$FNAME'
|
echo "FNAME='$FNAME'
|
||||||
LNAME='$LNAME'
|
LNAME='$LNAME'
|
||||||
PACKAGE='$package'
|
PACKAGE='$package'
|
||||||
|
|
@ -167,7 +156,7 @@ fi
|
||||||
change_user_package
|
change_user_package
|
||||||
|
|
||||||
# Update user shell
|
# Update user shell
|
||||||
shell_conf=$(echo "$pkg_data" |grep 'SHELL' |cut -f 2 -d \')
|
shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
|
||||||
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
|
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
|
||||||
/usr/bin/chsh -s "$shell" "$user" &>/dev/null
|
/usr/bin/chsh -s "$shell" "$user" &>/dev/null
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,10 +13,6 @@
|
||||||
user=$1
|
user=$1
|
||||||
password=$2; HIDE=2
|
password=$2; HIDE=2
|
||||||
|
|
||||||
# Importing system enviroment as we run this script
|
|
||||||
# mostly by cron wich not read it by itself
|
|
||||||
source /etc/profile
|
|
||||||
|
|
||||||
# Includes
|
# Includes
|
||||||
source $VESTA/func/main.sh
|
source $VESTA/func/main.sh
|
||||||
source $VESTA/conf/vesta.conf
|
source $VESTA/conf/vesta.conf
|
||||||
|
|
@ -26,9 +22,6 @@ source $VESTA/conf/vesta.conf
|
||||||
# Verifications #
|
# Verifications #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
if [ "$user" = "root" ]; then
|
|
||||||
check_result $E_FORBIDEN "Changing root password is forbiden"
|
|
||||||
fi
|
|
||||||
check_args '2' "$#" 'USER PASSWORD'
|
check_args '2' "$#" 'USER PASSWORD'
|
||||||
is_format_valid 'user'
|
is_format_valid 'user'
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
|
|
|
||||||
|
|
@ -1,60 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# info: change vesta port
|
|
||||||
# options: port
|
|
||||||
#
|
|
||||||
# Function will change vesta port
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Variable&Function #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Argument definition
|
|
||||||
port=$1
|
|
||||||
|
|
||||||
if [ -z "$VESTA" ]; then
|
|
||||||
VESTA="/usr/local/vesta"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Get current vesta port by reading nginx.conf
|
|
||||||
oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
|
|
||||||
if [ -z "$oldport" ]; then
|
|
||||||
oldport=8083
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Includes
|
|
||||||
source $VESTA/func/main.sh
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Verifications #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Checking permissions
|
|
||||||
if [ "$(id -u)" != '0' ]; then
|
|
||||||
check_result $E_FORBIDEN "You must be root to execute this script"
|
|
||||||
fi
|
|
||||||
|
|
||||||
check_args '1' "$#" 'PORT'
|
|
||||||
is_int_format_valid "$port" 'port number'
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Action #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
|
|
||||||
if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
|
|
||||||
sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
|
|
||||||
fi
|
|
||||||
sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
|
|
||||||
$VESTA/bin/v-update-firewall
|
|
||||||
systemctl restart fail2ban.service
|
|
||||||
sed -i "s| $oldport | $port |g" /etc/iptables.rules
|
|
||||||
systemctl restart vesta
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Vesta #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
log_event "$OK" "$ARGUMENTS"
|
|
||||||
|
|
||||||
exit 0;
|
|
||||||
|
|
@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf
|
||||||
|
|
||||||
# Allocating backend port
|
# Allocating backend port
|
||||||
backend_port=9000
|
backend_port=9000
|
||||||
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
|
ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
|
||||||
ports=$(echo "$ports" |sed "s/://" |sort -n)
|
ports=$(echo "$ports" |sed "s/://" |sort -n)
|
||||||
for port in $ports; do
|
for port in $ports; do
|
||||||
if [ "$backend_port" -eq "$port" ]; then
|
if [ "$backend_port" -eq "$port" ]; then
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user"
|
||||||
# Preparing variables for vhost replace
|
# Preparing variables for vhost replace
|
||||||
get_domain_values 'web'
|
get_domain_values 'web'
|
||||||
old=$(get_real_ip $IP)
|
old=$(get_real_ip $IP)
|
||||||
new=$(get_real_ip $ip)
|
new=$ip
|
||||||
|
|
||||||
# Replacing vhost
|
# Replacing vhost
|
||||||
replace_web_config "$WEB_SYSTEM" "$TPL.tpl"
|
replace_web_config "$WEB_SYSTEM" "$TPL.tpl"
|
||||||
|
|
|
||||||
162
bin/v-check-letsencrypt-domain
Executable file
162
bin/v-check-letsencrypt-domain
Executable file
|
|
@ -0,0 +1,162 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# info: check letsencrypt domain
|
||||||
|
# options: USER DOMAIN
|
||||||
|
#
|
||||||
|
# The function check and validates domain with LetsEncript
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Variable&Function #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
# Argument definition
|
||||||
|
user=$1
|
||||||
|
domain=$2
|
||||||
|
|
||||||
|
# Includes
|
||||||
|
source $VESTA/func/main.sh
|
||||||
|
source $VESTA/conf/vesta.conf
|
||||||
|
|
||||||
|
# encode base64
|
||||||
|
encode_base64() {
|
||||||
|
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
||||||
|
}
|
||||||
|
|
||||||
|
# Additional argument formatting
|
||||||
|
format_domain_idn
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Verifications #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
check_args '2' "$#" 'USER DOMAIN'
|
||||||
|
is_format_valid 'user' 'domain'
|
||||||
|
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||||
|
is_object_valid 'user' 'USER' "$user"
|
||||||
|
is_object_unsuspended 'user' 'USER' "$user"
|
||||||
|
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
||||||
|
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
|
||||||
|
fi
|
||||||
|
rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
|
||||||
|
if [ -z "$rdomain" ]; then
|
||||||
|
check_result $E_NOTEXIST "domain $domain doesn't exist"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Action #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
source $USER_DATA/ssl/le.conf
|
||||||
|
api='https://acme-v01.api.letsencrypt.org'
|
||||||
|
r_domain=$(echo "$rdomain" |cut -f 2 -d \')
|
||||||
|
key="$USER_DATA/ssl/user.key"
|
||||||
|
exponent="$EXPONENT"
|
||||||
|
modulus="$MODULUS"
|
||||||
|
thumb="$THUMB"
|
||||||
|
|
||||||
|
# Defining JWK header
|
||||||
|
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||||
|
header='{"alg":"RS256","jwk":'"$header"'}'
|
||||||
|
|
||||||
|
# Requesting nonce
|
||||||
|
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||||
|
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||||
|
|
||||||
|
# Defining ACME query (request challenge)
|
||||||
|
query='{"resource":"new-authz","identifier"'
|
||||||
|
query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
|
||||||
|
payload=$(echo -n "$query" |encode_base64)
|
||||||
|
signature=$(printf "%s" "$protected.$payload" |\
|
||||||
|
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||||
|
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||||
|
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||||
|
|
||||||
|
# Sending request to LetsEncrypt API
|
||||||
|
answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
|
||||||
|
|
||||||
|
# Checking http answer status
|
||||||
|
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
|
||||||
|
if [[ "$status" -ne "201" ]]; then
|
||||||
|
check_result $E_CONNECT "LetsEncrypt challenge request $status"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Parsing domain nonce,token and uri
|
||||||
|
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||||
|
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||||
|
token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
|
||||||
|
uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
|
||||||
|
|
||||||
|
# Adding location wrapper for request challenge
|
||||||
|
if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
|
||||||
|
conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
|
||||||
|
sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
|
||||||
|
if [ ! -e "$conf" ]; then
|
||||||
|
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
|
||||||
|
echo ' default_type text/plain;' >> $conf
|
||||||
|
echo ' return 200 "$1.'$thumb'";' >> $conf
|
||||||
|
echo '}' >> $conf
|
||||||
|
fi
|
||||||
|
if [ ! -e "$sconf" ]; then
|
||||||
|
ln -s "$conf" "$sconf"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
|
||||||
|
if [ ! -d "$acme" ]; then
|
||||||
|
mkdir -p $acme
|
||||||
|
fi
|
||||||
|
echo "$token.$thumb" > $acme/$token
|
||||||
|
chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Restarting web server
|
||||||
|
if [ -z "$PROXY_SYSTEM" ]; then
|
||||||
|
$BIN/v-restart-web
|
||||||
|
check_result $? "Proxy restart failed" >/dev/null
|
||||||
|
else
|
||||||
|
$BIN/v-restart-proxy
|
||||||
|
$BIN/v-restart-web
|
||||||
|
check_result $? "Web restart failed" >/dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Defining ACME query (request validation)
|
||||||
|
query='{"resource":"challenge","type":"http-01","keyAuthorization"'
|
||||||
|
query=$query':"'$token.$thumb'","token":"'$token'"}'
|
||||||
|
payload=$(echo -n "$query" |encode_base64)
|
||||||
|
signature=$(printf "%s" "$protected.$payload" |\
|
||||||
|
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||||
|
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||||
|
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||||
|
|
||||||
|
# Sending request to LetsEncrypt API
|
||||||
|
answer=$(curl -s -i -d "$data" "$uri")
|
||||||
|
|
||||||
|
# Checking domain validation status
|
||||||
|
i=1
|
||||||
|
status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
|
||||||
|
location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
|
||||||
|
while [ "$status" = 'pending' ]; do
|
||||||
|
answer=$(curl -s -i "$location")
|
||||||
|
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
|
||||||
|
status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
|
||||||
|
sleep 1
|
||||||
|
i=$((i + 1))
|
||||||
|
if [ "$i" -gt 60 ]; then
|
||||||
|
check_result $E_CONNECT "$detail"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if [ "$status" = 'invalid' ]; then
|
||||||
|
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
|
||||||
|
check_result $E_CONNECT "$detail"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Vesta #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
log_event "$OK" "$ARGUMENTS"
|
||||||
|
|
||||||
|
exit
|
||||||
|
|
@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
|
||||||
|
|
||||||
# Activating license
|
# Activating license
|
||||||
v_host='https://vestacp.com/checkout'
|
v_host='https://vestacp.com/checkout'
|
||||||
answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module")
|
answer=$(curl -s $v_host/cancel.php?licence_key=$license)
|
||||||
check_result $? "cant' connect to vestacp.com " $E_CONNECT
|
check_result $? "cant' connect to vestacp.com " $E_CONNECT
|
||||||
|
|
||||||
# Checking server answer
|
# Checking server answer
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,7 @@ fi
|
||||||
# Deleting dkim dns record
|
# Deleting dkim dns record
|
||||||
if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
|
if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
|
||||||
records=$($BIN/v-list-dns-records $user $domain plain)
|
records=$($BIN/v-list-dns-records $user $domain plain)
|
||||||
dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
|
dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
|
||||||
for id in $dkim_records; do
|
for id in $dkim_records; do
|
||||||
$BIN/v-delete-dns-record $user $domain $id
|
$BIN/v-delete-dns-record $user $domain $id
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,75 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# info: delete sys vesta user ssl certificate
|
|
||||||
# options: NONE
|
|
||||||
#
|
|
||||||
# The script disables user domain ssl synchronization
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Variable & Function #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Includes
|
|
||||||
source $VESTA/func/main.sh
|
|
||||||
source $VESTA/conf/vesta.conf
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Verifications #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Action #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
vst_crt="$VESTA/ssl/certificate.crt"
|
|
||||||
vst_key="$VESTA/ssl/certificate.key"
|
|
||||||
|
|
||||||
# Updating mail certificate
|
|
||||||
case $MAIL_SYSTEM in
|
|
||||||
exim) conf='/etc/exim/exim.conf';;
|
|
||||||
exim4) conf='/etc/exim4/exim4.conf.template';;
|
|
||||||
esac
|
|
||||||
if [ -e "$conf" ]; then
|
|
||||||
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
|
|
||||||
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating imap certificate
|
|
||||||
conf="/etc/dovecot/conf.d/10-ssl.conf"
|
|
||||||
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
|
|
||||||
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
|
|
||||||
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Moving old certificates
|
|
||||||
if [ -e "$VESTA/ssl/mail.crt" ]; then
|
|
||||||
mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
|
|
||||||
fi
|
|
||||||
if [ -e "VESTA/ssl/mail.key" ]; then
|
|
||||||
mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating vesta.conf value
|
|
||||||
sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Vesta #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Restarting services
|
|
||||||
if [ "$restart" != 'no' ]; then
|
|
||||||
if [ ! -z "$MAIL_SYSTEM" ]; then
|
|
||||||
$BIN/v-restart-service $MAIL_SYSTEM
|
|
||||||
fi
|
|
||||||
if [ ! -z "$IMAP_SYSTEM" ]; then
|
|
||||||
$BIN/v-restart-service $IMAP_SYSTEM
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
log_event "$OK" "$ARGUMENTS"
|
|
||||||
|
|
||||||
exit
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# info: delete sys vesta user ssl certificate
|
|
||||||
# options: NONE
|
|
||||||
#
|
|
||||||
# The script disables user domain ssl synchronization
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Variable & Function #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Includes
|
|
||||||
source $VESTA/func/main.sh
|
|
||||||
source $VESTA/conf/vesta.conf
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Verifications #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Action #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Updating vesta.conf value
|
|
||||||
sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Vesta #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Logging
|
|
||||||
log_event "$OK" "$ARGUMENTS"
|
|
||||||
|
|
||||||
exit
|
|
||||||
|
|
@ -32,8 +32,6 @@ case $system in
|
||||||
DNS_REC) is_format_valid 'id' ;;
|
DNS_REC) is_format_valid 'id' ;;
|
||||||
*) is_format_valid 'object'
|
*) is_format_valid 'object'
|
||||||
esac
|
esac
|
||||||
|
|
||||||
is_format_valid 'user'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_object_unsuspended 'user' 'USER' "$user"
|
is_object_unsuspended 'user' 'USER' "$user"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -57,13 +57,7 @@ fi
|
||||||
|
|
||||||
# Deleting old certificate
|
# Deleting old certificate
|
||||||
tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
|
tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
|
||||||
|
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
|
||||||
# remove certificate files - do not use wildcard, as this might remove other domains
|
|
||||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
|
|
||||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
|
|
||||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
|
|
||||||
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
|
|
||||||
|
|
||||||
mv $USER_DATA/ssl/$domain.* $tmpdir
|
mv $USER_DATA/ssl/$domain.* $tmpdir
|
||||||
chown -R $user:$user $tmpdir
|
chown -R $user:$user $tmpdir
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,7 @@ fi
|
||||||
# Extracting ziped archive
|
# Extracting ziped archive
|
||||||
if [ ! -z "$(echo $src_file |grep -i '.zip')" ]; then
|
if [ ! -z "$(echo $src_file |grep -i '.zip')" ]; then
|
||||||
sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
|
sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
|
||||||
sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
|
sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
|
||||||
rc=$?
|
rc=$?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,7 @@ fi
|
||||||
|
|
||||||
args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
|
args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
|
||||||
check_args '7' "$#" "$args_usage"
|
check_args '7' "$#" "$args_usage"
|
||||||
is_format_valid 'domain' 'alias' 'format'
|
is_format_valid 'domain_alias' 'format'
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Flush domain
|
# Flush domain
|
||||||
if [ "$flush" != 'no' ]; then
|
if [ "$flush" ! = 'no' ]; then
|
||||||
sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
|
sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||||
is_format_valid 'user' 'domain'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_object_valid 'dns' 'DOMAIN' "$domain"
|
is_object_valid 'dns' 'DOMAIN' "$domain"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,8 +23,7 @@ json_list() {
|
||||||
"EMAIL": "'$EMAIL'",
|
"EMAIL": "'$EMAIL'",
|
||||||
"EXPONENT": "'$EXPONENT'",
|
"EXPONENT": "'$EXPONENT'",
|
||||||
"MODULUS": "'$MODULUS'",
|
"MODULUS": "'$MODULUS'",
|
||||||
"THUMB": "'$THUMB'",
|
"THUMB: "'$THUMB'"
|
||||||
"KID": "'$KID'"
|
|
||||||
}'
|
}'
|
||||||
echo '}'
|
echo '}'
|
||||||
}
|
}
|
||||||
|
|
@ -36,18 +35,17 @@ shell_list() {
|
||||||
echo "THUMB: $THUMB"
|
echo "THUMB: $THUMB"
|
||||||
echo "EXPONENT: $EXPONENT"
|
echo "EXPONENT: $EXPONENT"
|
||||||
echo "MODULUS: $MODULUS"
|
echo "MODULUS: $MODULUS"
|
||||||
echo "KID: $KID"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# PLAIN list function
|
# PLAIN list function
|
||||||
plain_list() {
|
plain_list() {
|
||||||
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
|
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB"
|
||||||
}
|
}
|
||||||
|
|
||||||
# CSV list function
|
# CSV list function
|
||||||
csv_list() {
|
csv_list() {
|
||||||
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
|
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB"
|
||||||
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
|
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -56,7 +54,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '1' "$#" 'USER [FORMAT]'
|
check_args '1' "$#" 'USER [FORMAT]'
|
||||||
is_format_valid 'user'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
||||||
check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"
|
check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||||
is_format_valid 'user' 'domain'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_object_valid 'mail' 'DOMAIN' "$domain"
|
is_object_valid 'mail' 'DOMAIN' "$domain"
|
||||||
|
|
||||||
|
|
@ -68,7 +67,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
|
||||||
|
|
||||||
# Parsing domain keys
|
# Parsing domain keys
|
||||||
if [ -e "$USER_DATA/mail/$domain.pub" ]; then
|
if [ -e "$USER_DATA/mail/$domain.pub" ]; then
|
||||||
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
|
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----")
|
||||||
pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
|
pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
|
||||||
else
|
else
|
||||||
pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"
|
pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"
|
||||||
|
|
|
||||||
|
|
@ -51,9 +51,7 @@ json_list() {
|
||||||
"MAIL_URL": "'$MAIL_URL'",
|
"MAIL_URL": "'$MAIL_URL'",
|
||||||
"DB_PMA_URL": "'$DB_PMA_URL'",
|
"DB_PMA_URL": "'$DB_PMA_URL'",
|
||||||
"DB_PGA_URL": "'$DB_PGA_URL'",
|
"DB_PGA_URL": "'$DB_PGA_URL'",
|
||||||
"SOFTACULOUS": "'$SOFTACULOUS'",
|
"SOFTACULOUS": "'$SOFTACULOUS'"
|
||||||
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
|
|
||||||
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
|
|
||||||
}
|
}
|
||||||
}'
|
}'
|
||||||
}
|
}
|
||||||
|
|
@ -140,12 +138,6 @@ shell_list() {
|
||||||
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
|
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
|
||||||
echo "Language: $LANGUAGE"
|
echo "Language: $LANGUAGE"
|
||||||
fi
|
fi
|
||||||
if [ ! -z "$MAIL_CERTIFICATE" ]; then
|
|
||||||
echo "Mail SSL: $MAIL_CERTIFICATE"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$VESTA_CERTIFICATE" ]; then
|
|
||||||
echo "Vesta SSL: $VESTA_CERTIFICATE"
|
|
||||||
fi
|
|
||||||
echo "Version: $VERSION"
|
echo "Version: $VERSION"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -159,8 +151,7 @@ plain_list() {
|
||||||
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
|
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
|
||||||
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
|
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
|
||||||
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
|
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
|
||||||
echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
|
echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
|
||||||
echo -e "$VESTA_CERTIFICATE"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -174,8 +165,7 @@ csv_list() {
|
||||||
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
|
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
|
||||||
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
|
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
|
||||||
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
|
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
|
||||||
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
|
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
|
||||||
echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
|
|
||||||
echo
|
echo
|
||||||
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
|
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
|
||||||
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
|
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
|
||||||
|
|
@ -186,7 +176,6 @@ csv_list() {
|
||||||
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
|
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
|
||||||
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
|
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
|
||||||
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
|
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
|
||||||
echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
|
|
||||||
echo
|
echo
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -198,7 +187,7 @@ csv_list() {
|
||||||
# Listing data
|
# Listing data
|
||||||
case $format in
|
case $format in
|
||||||
json) json_list ;;
|
json) json_list ;;
|
||||||
plain) plain_list ;;
|
plain) shell_list ;;
|
||||||
csv) csv_list ;;
|
csv) csv_list ;;
|
||||||
shell) shell_list ;;
|
shell) shell_list ;;
|
||||||
esac
|
esac
|
||||||
|
|
|
||||||
|
|
@ -1,135 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# info: list mail ssl certificate
|
|
||||||
# options: [FORMAT]
|
|
||||||
#
|
|
||||||
# The function of obtaining mail ssl files.
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Variable&Function #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Argument definition
|
|
||||||
format=${1-shell}
|
|
||||||
|
|
||||||
# Includes
|
|
||||||
source $VESTA/func/main.sh
|
|
||||||
|
|
||||||
# JSON list function
|
|
||||||
json_list() {
|
|
||||||
echo '{'
|
|
||||||
echo -e "\t\"MAIL\": {"
|
|
||||||
echo " \"CRT\": \"$crt\","
|
|
||||||
echo " \"KEY\": \"$key\","
|
|
||||||
echo " \"CA\": \"$ca\","
|
|
||||||
echo " \"SUBJECT\": \"$subj\","
|
|
||||||
echo " \"ALIASES\": \"$alt_dns\","
|
|
||||||
echo " \"NOT_BEFORE\": \"$before\","
|
|
||||||
echo " \"NOT_AFTER\": \"$after\","
|
|
||||||
echo " \"SIGNATURE\": \"$signature\","
|
|
||||||
echo " \"PUB_KEY\": \"$pub_key\","
|
|
||||||
echo " \"ISSUER\": \"$issuer\""
|
|
||||||
echo -e "\t}\n}"
|
|
||||||
}
|
|
||||||
|
|
||||||
# SHELL list function
|
|
||||||
shell_list() {
|
|
||||||
if [ ! -z "$crt" ]; then
|
|
||||||
echo -e "$crt"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$key" ]; then
|
|
||||||
echo -e "\n$key"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$crt" ]; then
|
|
||||||
echo
|
|
||||||
echo
|
|
||||||
echo "SUBJECT: $subj"
|
|
||||||
if [ ! -z "$alt_dns" ]; then
|
|
||||||
echo "ALIASES: ${alt_dns//,/ }"
|
|
||||||
fi
|
|
||||||
echo "VALID FROM: $before"
|
|
||||||
echo "VALID TIL: $after"
|
|
||||||
echo "SIGNATURE: $signature"
|
|
||||||
echo "PUB_KEY: $pub_key"
|
|
||||||
echo "ISSUER: $issuer"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# PLAIN list function
|
|
||||||
plain_list() {
|
|
||||||
if [ ! -z "$crt" ]; then
|
|
||||||
echo -e "$crt"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$key" ]; then
|
|
||||||
echo -e "\n$key"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$ca" ]; then
|
|
||||||
echo -e "\n$ca"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$crt" ]; then
|
|
||||||
echo "$subj"
|
|
||||||
echo "${alt_dns//,/ }"
|
|
||||||
echo "$before"
|
|
||||||
echo "$after"
|
|
||||||
echo "$signature"
|
|
||||||
echo "$pub_key"
|
|
||||||
echo "$issuer"
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
# CSV list function
|
|
||||||
csv_list() {
|
|
||||||
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
|
|
||||||
echo "PUB_KEY,ISSUER"
|
|
||||||
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
|
|
||||||
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Verifications #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Action #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Parsing SSL certificate
|
|
||||||
if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
|
|
||||||
key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
|
|
||||||
|
|
||||||
|
|
||||||
# Parsing SSL certificate details without CA
|
|
||||||
info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
|
|
||||||
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
|
|
||||||
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
|
|
||||||
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
|
|
||||||
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
|
|
||||||
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
|
|
||||||
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
|
|
||||||
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
|
|
||||||
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
|
|
||||||
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
|
|
||||||
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
|
|
||||||
|
|
||||||
# Listing data
|
|
||||||
case $format in
|
|
||||||
json) json_list ;;
|
|
||||||
plain) plain_list ;;
|
|
||||||
csv) csv_list ;;
|
|
||||||
shell) shell_list ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Vesta #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
exit
|
|
||||||
|
|
@ -154,7 +154,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '1' "$#" 'USER [FORMAT]'
|
check_args '1' "$#" 'USER [FORMAT]'
|
||||||
is_format_valid 'user'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '2' "$#" 'USER BACKUP [FORMAT]'
|
check_args '2' "$#" 'USER BACKUP [FORMAT]'
|
||||||
is_format_valid 'user'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_object_valid 'backup' 'BACKUP' "$backup"
|
is_object_valid 'backup' 'BACKUP' "$backup"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ json_list() {
|
||||||
i=1
|
i=1
|
||||||
objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
|
objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
|
||||||
echo "{"
|
echo "{"
|
||||||
while read -r str; do
|
while read str; do
|
||||||
eval $str
|
eval $str
|
||||||
echo -n ' "'$BACKUP'": {
|
echo -n ' "'$BACKUP'": {
|
||||||
"TYPE": "'$TYPE'",
|
"TYPE": "'$TYPE'",
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,6 @@ json_list() {
|
||||||
echo '{'
|
echo '{'
|
||||||
echo ' "'$PACKAGE'": {
|
echo ' "'$PACKAGE'": {
|
||||||
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
|
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
|
||||||
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
|
|
||||||
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
|
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
|
||||||
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
|
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
|
||||||
"WEB_DOMAINS": "'$WEB_DOMAINS'",
|
"WEB_DOMAINS": "'$WEB_DOMAINS'",
|
||||||
|
|
@ -48,7 +47,6 @@ json_list() {
|
||||||
shell_list() {
|
shell_list() {
|
||||||
echo "PACKAGE: $PACKAGE"
|
echo "PACKAGE: $PACKAGE"
|
||||||
echo "WEB TEMPLATE: $WEB_TEMPLATE"
|
echo "WEB TEMPLATE: $WEB_TEMPLATE"
|
||||||
echo "BACKEND_TEMPLATE: $BACKEND_TEMPLATE"
|
|
||||||
echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
|
echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
|
||||||
echo "DNS TEMPLATE: $DNS_TEMPLATE"
|
echo "DNS TEMPLATE: $DNS_TEMPLATE"
|
||||||
echo "WEB DOMAINS: $WEB_DOMAINS"
|
echo "WEB DOMAINS: $WEB_DOMAINS"
|
||||||
|
|
@ -70,7 +68,7 @@ shell_list() {
|
||||||
|
|
||||||
# PLAIN list function
|
# PLAIN list function
|
||||||
plain_list() {
|
plain_list() {
|
||||||
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||||
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
|
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
|
||||||
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
|
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
|
||||||
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
|
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
|
||||||
|
|
@ -78,11 +76,11 @@ plain_list() {
|
||||||
|
|
||||||
# CSV list function
|
# CSV list function
|
||||||
csv_list() {
|
csv_list() {
|
||||||
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
||||||
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
|
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
|
||||||
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
|
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
|
||||||
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
|
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
|
||||||
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||||
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
|
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
|
||||||
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
|
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
|
||||||
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
|
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,6 @@ json_list() {
|
||||||
source $VESTA/data/packages/$package
|
source $VESTA/data/packages/$package
|
||||||
echo -n ' "'$PACKAGE'": {
|
echo -n ' "'$PACKAGE'": {
|
||||||
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
|
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
|
||||||
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
|
|
||||||
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
|
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
|
||||||
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
|
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
|
||||||
"WEB_DOMAINS": "'$WEB_DOMAINS'",
|
"WEB_DOMAINS": "'$WEB_DOMAINS'",
|
||||||
|
|
@ -66,7 +65,7 @@ shell_list() {
|
||||||
package_data=$(cat $VESTA/data/packages/$package)
|
package_data=$(cat $VESTA/data/packages/$package)
|
||||||
package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
|
package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
|
||||||
eval $package_data
|
eval $package_data
|
||||||
echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
|
echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
|
||||||
echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
|
echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
@ -76,7 +75,7 @@ plain_list() {
|
||||||
for package in $packages; do
|
for package in $packages; do
|
||||||
source $VESTA/data/packages/$package
|
source $VESTA/data/packages/$package
|
||||||
PACKAGE=${package/.pkg/}
|
PACKAGE=${package/.pkg/}
|
||||||
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||||
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
|
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
|
||||||
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
|
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
|
||||||
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
|
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
|
||||||
|
|
@ -85,13 +84,13 @@ plain_list() {
|
||||||
|
|
||||||
# CSV list function
|
# CSV list function
|
||||||
csv_list() {
|
csv_list() {
|
||||||
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
|
||||||
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
|
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
|
||||||
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
|
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
|
||||||
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
|
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
|
||||||
for package in $packages; do
|
for package in $packages; do
|
||||||
PACKAGE=${package/.pkg/}
|
PACKAGE=${package/.pkg/}
|
||||||
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||||
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
|
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
|
||||||
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
|
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
|
||||||
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
|
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"
|
||||||
|
|
|
||||||
|
|
@ -115,7 +115,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '1' "$#" 'USER [FORMAT]'
|
check_args '1' "$#" 'USER [FORMAT]'
|
||||||
is_format_valid 'user'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,14 +15,9 @@ format=${1-shell}
|
||||||
# JSON list function
|
# JSON list function
|
||||||
json_list() {
|
json_list() {
|
||||||
echo '{'
|
echo '{'
|
||||||
|
object_count=$(grep '@' /etc/passwd |wc -l)
|
||||||
i=1
|
i=1
|
||||||
while read USER; do
|
while read USER; do
|
||||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
if [ $i -gt 1 ]; then
|
|
||||||
echo ","
|
|
||||||
fi
|
|
||||||
source $VESTA/data/users/$USER/user.conf
|
source $VESTA/data/users/$USER/user.conf
|
||||||
echo -n ' "'$USER'": {
|
echo -n ' "'$USER'": {
|
||||||
"FNAME": "'$FNAME'",
|
"FNAME": "'$FNAME'",
|
||||||
|
|
@ -79,8 +74,14 @@ json_list() {
|
||||||
"TIME": "'$TIME'",
|
"TIME": "'$TIME'",
|
||||||
"DATE": "'$DATE'"
|
"DATE": "'$DATE'"
|
||||||
}'
|
}'
|
||||||
|
if [ "$i" -lt "$object_count" ]; then
|
||||||
|
echo ','
|
||||||
|
else
|
||||||
|
echo
|
||||||
|
fi
|
||||||
((i++))
|
((i++))
|
||||||
done < <(grep '@' /etc/passwd |cut -f1 -d:)
|
done < <(grep '@' /etc/passwd |cut -f1 -d:)
|
||||||
|
|
||||||
echo '}'
|
echo '}'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -89,9 +90,6 @@ shell_list() {
|
||||||
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
|
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
|
||||||
echo "---- --- --- --- --- -- ---- -- ---- ----"
|
echo "---- --- --- --- --- -- ---- -- ---- ----"
|
||||||
while read USER; do
|
while read USER; do
|
||||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
source $VESTA/data/users/$USER/user.conf
|
source $VESTA/data/users/$USER/user.conf
|
||||||
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
|
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
|
||||||
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
|
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
|
||||||
|
|
@ -101,9 +99,6 @@ shell_list() {
|
||||||
# PLAIN list function
|
# PLAIN list function
|
||||||
plain_list() {
|
plain_list() {
|
||||||
while read USER; do
|
while read USER; do
|
||||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
source $VESTA/data/users/$USER/user.conf
|
source $VESTA/data/users/$USER/user.conf
|
||||||
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
|
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
|
||||||
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
|
||||||
|
|
@ -136,9 +131,6 @@ csv_list() {
|
||||||
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
|
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
|
||||||
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
|
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
|
||||||
while read USER; do
|
while read USER; do
|
||||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
source $VESTA/data/users/$USER/user.conf
|
source $VESTA/data/users/$USER/user.conf
|
||||||
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
|
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
|
||||||
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
|
||||||
|
|
@ -159,9 +151,6 @@ csv_list() {
|
||||||
# Raw list function
|
# Raw list function
|
||||||
raw_list() {
|
raw_list() {
|
||||||
while read USER; do
|
while read USER; do
|
||||||
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
echo $VESTA/data/users/$USER/user.conf
|
echo $VESTA/data/users/$USER/user.conf
|
||||||
cat $VESTA/data/users/$USER/user.conf
|
cat $VESTA/data/users/$USER/user.conf
|
||||||
done < <(grep '@' /etc/passwd |cut -f1 -d:)
|
done < <(grep '@' /etc/passwd |cut -f1 -d:)
|
||||||
|
|
|
||||||
|
|
@ -110,7 +110,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||||
is_format_valid 'user' 'domain'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@ source $VESTA/func/main.sh
|
||||||
|
|
||||||
# JSON list function
|
# JSON list function
|
||||||
json_list() {
|
json_list() {
|
||||||
issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
|
|
||||||
echo '{'
|
echo '{'
|
||||||
echo -e "\t\"$domain\": {"
|
echo -e "\t\"$domain\": {"
|
||||||
echo " \"CRT\": \"$crt\","
|
echo " \"CRT\": \"$crt\","
|
||||||
|
|
@ -98,7 +97,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
|
||||||
is_format_valid 'user' 'domain'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_object_valid 'web' 'DOMAIN' "$domain"
|
is_object_valid 'web' 'DOMAIN' "$domain"
|
||||||
|
|
||||||
|
|
@ -112,7 +110,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
|
||||||
crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
|
crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
|
||||||
|
|
||||||
info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
|
info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
|
||||||
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \")
|
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
|
||||||
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
|
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
|
||||||
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
|
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
|
||||||
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
|
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
|
||||||
|
|
|
||||||
|
|
@ -100,7 +100,6 @@ csv_list() {
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
check_args '1' "$#" 'USER [FORMAT]'
|
check_args '1' "$#" 'USER [FORMAT]'
|
||||||
is_format_valid 'user'
|
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,11 +35,6 @@ if [ ! -z "$src_file" ]; then
|
||||||
echo "Error: invalid source path $src_file"
|
echo "Error: invalid source path $src_file"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
spath=$(echo "$rpath" |egrep "/etc|/var/lib")
|
|
||||||
if [ -z "$spath" ]; then
|
|
||||||
echo "Error: invalid source path $src_file"
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Reading conf
|
# Reading conf
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user"
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Deleting old web configs
|
# Deleting old web configs
|
||||||
sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
|
sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf
|
||||||
if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then
|
if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then
|
||||||
rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf
|
rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf
|
||||||
fi
|
fi
|
||||||
|
|
@ -47,7 +47,7 @@ fi
|
||||||
|
|
||||||
# Deleting old proxy configs
|
# Deleting old proxy configs
|
||||||
if [ ! -z "$PROXY_SYSTEM" ]; then
|
if [ ! -z "$PROXY_SYSTEM" ]; then
|
||||||
sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
|
sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf
|
||||||
|
|
||||||
if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then
|
if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then
|
||||||
rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf
|
rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf
|
||||||
|
|
|
||||||
|
|
@ -50,13 +50,7 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Restart system
|
# Restart system
|
||||||
if [ ! -f "/etc/debian_version" ]; then
|
service $PROXY_SYSTEM restart >/dev/null 2>&1
|
||||||
service $PROXY_SYSTEM restart >/dev/null 2>&1
|
|
||||||
else
|
|
||||||
systemctl reset-failed $PROXY_SYSTEM
|
|
||||||
systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
send_email_report
|
send_email_report
|
||||||
check_result $E_RESTART "$PROXY_SYSTEM restart failed"
|
check_result $E_RESTART "$PROXY_SYSTEM restart failed"
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,6 @@ ftpc() {
|
||||||
quote USER $USERNAME
|
quote USER $USERNAME
|
||||||
quote PASS $PASSWORD
|
quote PASS $PASSWORD
|
||||||
binary
|
binary
|
||||||
lcd $BACKUP
|
|
||||||
$1
|
$1
|
||||||
$2
|
$2
|
||||||
$3
|
$3
|
||||||
|
|
@ -230,12 +229,8 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
|
||||||
(( ++i))
|
(( ++i))
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ -z "$BACKUP_TEMP" ]; then
|
|
||||||
BACKUP_TEMP=$BACKUP
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Creating temporary directory
|
# Creating temporary directory
|
||||||
tmpdir=$(mktemp -p $BACKUP_TEMP -d)
|
tmpdir=$(mktemp -p /tmp -d)
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
|
echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
|
||||||
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
|
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
|
||||||
|
|
@ -290,7 +285,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
|
||||||
if [ -z "$web" ] || [ "$web" = '*' ]; then
|
if [ -z "$web" ] || [ "$web" = '*' ]; then
|
||||||
domains="$backup_domains"
|
domains="$backup_domains"
|
||||||
else
|
else
|
||||||
echo "$web" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
|
echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
|
||||||
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -407,21 +402,15 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Restoring web domain data
|
# Restoring web domain data
|
||||||
chown $user $tmpdir
|
tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
|
||||||
chmod u+w $HOMEDIR/$user/web/$domain
|
-C $HOMEDIR/$user/web/$domain/
|
||||||
sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
|
if [ "$?" -ne 0 ]; then
|
||||||
-C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
|
rm -rf $tmpdir
|
||||||
2> $HOMEDIR/$user/web/$domain/restore_errors.log
|
error="can't unpack $domain data tarball"
|
||||||
if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
|
echo "$error" |$SENDMAIL -s "$subj" $email $notify
|
||||||
chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
|
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
|
||||||
|
check_result "$E_PARSING" "$error"
|
||||||
fi
|
fi
|
||||||
#if [ "$?" -ne 0 ]; then
|
|
||||||
# rm -rf $tmpdir
|
|
||||||
# error="can't unpack $domain data tarball"
|
|
||||||
# echo "$error" |$SENDMAIL -s "$subj" $email $notify
|
|
||||||
# sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
|
|
||||||
# check_result "$E_PARSING" "$error"
|
|
||||||
#fi
|
|
||||||
|
|
||||||
# Applying Fix for tar < 1.24
|
# Applying Fix for tar < 1.24
|
||||||
find $HOMEDIR/$user/web/$domain -type d \
|
find $HOMEDIR/$user/web/$domain -type d \
|
||||||
|
|
@ -459,7 +448,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
|
||||||
if [ -z "$dns" ] || [ "$dns" = '*' ]; then
|
if [ -z "$dns" ] || [ "$dns" = '*' ]; then
|
||||||
domains="$backup_domains"
|
domains="$backup_domains"
|
||||||
else
|
else
|
||||||
echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
|
echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
|
||||||
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -539,7 +528,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
|
||||||
if [ -z "$mail" ] || [ "$mail" = '*' ]; then
|
if [ -z "$mail" ] || [ "$mail" = '*' ]; then
|
||||||
domains="$backup_domains"
|
domains="$backup_domains"
|
||||||
else
|
else
|
||||||
echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
|
echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
|
||||||
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -599,9 +588,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
|
||||||
|
|
||||||
# Restoring emails
|
# Restoring emails
|
||||||
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
|
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
|
||||||
chown $user $tmpdir
|
tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
|
||||||
chmod u+w $HOMEDIR/$user/mail/$domain_idn
|
|
||||||
sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
|
|
||||||
-C $HOMEDIR/$user/mail/$domain_idn/
|
-C $HOMEDIR/$user/mail/$domain_idn/
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
rm -rf $tmpdir
|
rm -rf $tmpdir
|
||||||
|
|
@ -636,7 +623,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
|
||||||
if [ -z "$db" ] || [ "$db" = '*' ]; then
|
if [ -z "$db" ] || [ "$db" = '*' ]; then
|
||||||
databases="$backup_databases"
|
databases="$backup_databases"
|
||||||
else
|
else
|
||||||
echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt
|
echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
|
||||||
databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
|
databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,19 +23,6 @@ udir=$8
|
||||||
source $VESTA/func/main.sh
|
source $VESTA/func/main.sh
|
||||||
source $VESTA/conf/vesta.conf
|
source $VESTA/conf/vesta.conf
|
||||||
|
|
||||||
# Check backup ownership function
|
|
||||||
is_backup_available() {
|
|
||||||
passed=false
|
|
||||||
if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
|
|
||||||
passed=true
|
|
||||||
elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
|
|
||||||
passed=true
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $passed = false ]; then
|
|
||||||
check_result $E_FORBIDEN "permission denied"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Verifications #
|
# Verifications #
|
||||||
|
|
@ -47,7 +34,6 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
|
||||||
is_object_valid 'user' 'USER' "$user"
|
is_object_valid 'user' 'USER' "$user"
|
||||||
is_backup_enabled
|
is_backup_enabled
|
||||||
is_backup_scheduled 'restore'
|
is_backup_scheduled 'restore'
|
||||||
is_backup_available "$user" "$backup"
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
|
||||||
|
|
@ -84,22 +84,6 @@ OLD_IFS=$IFS
|
||||||
IFS=$'\n'
|
IFS=$'\n'
|
||||||
|
|
||||||
# User loop
|
# User loop
|
||||||
search_user=$(ls -1 $VESTA/data/users |grep $object)
|
|
||||||
for user in $search_user; do
|
|
||||||
if [ -e "$VESTA/data/users/$user/user.conf" ]; then
|
|
||||||
source $VESTA/data/users/$user/user.conf
|
|
||||||
((i ++))
|
|
||||||
type=$(echo $type|cut -f1 -d \.)
|
|
||||||
str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
|
|
||||||
str="$str RESULT='$user' ALIAS=''"
|
|
||||||
str="$str LINK='$user' PARENT=''"
|
|
||||||
str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
|
|
||||||
str="$str DATE='$DATE'"
|
|
||||||
echo $str >> $conf
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# User data loop
|
|
||||||
for user in $(ls $VESTA/data/users/); do
|
for user in $(ls $VESTA/data/users/); do
|
||||||
# Search query
|
# Search query
|
||||||
search=$(grep "$object" \
|
search=$(grep "$object" \
|
||||||
|
|
@ -170,13 +154,12 @@ for user in $(ls $VESTA/data/users/); do
|
||||||
|
|
||||||
# DNS Records
|
# DNS Records
|
||||||
if [ "$type" = 'dns' ]; then
|
if [ "$type" = 'dns' ]; then
|
||||||
if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then
|
if [ -n "$(echo $RECORD |grep $object)" ]; then
|
||||||
dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
|
|
||||||
key="RECORD"
|
key="RECORD"
|
||||||
result="$RECORD.$dom"
|
result="$RECORD.$DOMAIN"
|
||||||
suspended=$SUSPENDED
|
suspended=$SUSPENDED
|
||||||
object_link=$ID
|
object_link=$ID
|
||||||
object_parent=$dom
|
object_parent=$DOMAIN
|
||||||
object_time=$TIME
|
object_time=$TIME
|
||||||
object_date=$DATE
|
object_date=$DATE
|
||||||
((i ++))
|
((i ++))
|
||||||
|
|
|
||||||
|
|
@ -1,93 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# info: search ssl certificates
|
|
||||||
# options: [FORMAT]
|
|
||||||
#
|
|
||||||
# The function to obtain the list of available ssl certificates.
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Variable&Function #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
# Argument definition
|
|
||||||
format=${1-shell}
|
|
||||||
|
|
||||||
# Includes
|
|
||||||
source $VESTA/func/main.sh
|
|
||||||
|
|
||||||
# JSON list function
|
|
||||||
json_list() {
|
|
||||||
IFS=$'\n'
|
|
||||||
objects=$(echo "$search_cmd" |wc -l)
|
|
||||||
i=1
|
|
||||||
echo '['
|
|
||||||
for str in $search_cmd; do
|
|
||||||
eval $str
|
|
||||||
if [ "$i" -lt "$objects" ]; then
|
|
||||||
echo -e "\t\"$USER:$DOMAIN\","
|
|
||||||
else
|
|
||||||
echo -e "\t\"$USER:$DOMAIN\""
|
|
||||||
fi
|
|
||||||
(( ++i))
|
|
||||||
done
|
|
||||||
echo "]"
|
|
||||||
}
|
|
||||||
|
|
||||||
# SHELL list function
|
|
||||||
shell_list() {
|
|
||||||
IFS=$'\n'
|
|
||||||
echo "USER DOMAIN"
|
|
||||||
echo "---- ------"
|
|
||||||
for str in $search_cmd; do
|
|
||||||
eval $str
|
|
||||||
echo "$USER $DOMAIN"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
# PLAIN list function
|
|
||||||
plain_list() {
|
|
||||||
IFS=$'\n'
|
|
||||||
for str in $search_cmd; do
|
|
||||||
eval $str
|
|
||||||
echo -e "$USER\t$DOMAIN"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
# CSV list function
|
|
||||||
csv_list() {
|
|
||||||
IFS=$'\n'
|
|
||||||
echo "USER,DOMAIN"
|
|
||||||
for str in $search_cmd; do
|
|
||||||
eval $str
|
|
||||||
echo "$USER,$DOMAIN"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Verifications #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Action #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
|
|
||||||
cut -f 1 -d ' ' |\
|
|
||||||
sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
|
|
||||||
|
|
||||||
# Listing data
|
|
||||||
case $format in
|
|
||||||
json) json_list ;;
|
|
||||||
plain) plain_list ;;
|
|
||||||
csv) csv_list ;;
|
|
||||||
shell) shell_list |column -t ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
# Vesta #
|
|
||||||
#----------------------------------------------------------#
|
|
||||||
|
|
||||||
exit
|
|
||||||
110
bin/v-sign-letsencrypt-csr
Executable file
110
bin/v-sign-letsencrypt-csr
Executable file
|
|
@ -0,0 +1,110 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# info: sing letsencrypt csr
|
||||||
|
# options: USER DOMAIN CSR_DIR [FORMAT]
|
||||||
|
#
|
||||||
|
# The function signs certificate request using LetsEncript API
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Variable&Function #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
# Argument definition
|
||||||
|
user=$1
|
||||||
|
domain=$2
|
||||||
|
csr="$3/$domain.csr"
|
||||||
|
format=$4
|
||||||
|
|
||||||
|
# Includes
|
||||||
|
source $VESTA/func/main.sh
|
||||||
|
source $VESTA/conf/vesta.conf
|
||||||
|
|
||||||
|
# encode base64
|
||||||
|
encode_base64() {
|
||||||
|
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Verifications #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
check_args '3' "$#" 'USER DOMAIN CSR'
|
||||||
|
is_format_valid 'user' 'domain'
|
||||||
|
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
||||||
|
is_object_valid 'user' 'USER' "$user"
|
||||||
|
is_object_unsuspended 'user' 'USER' "$user"
|
||||||
|
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
|
||||||
|
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
|
||||||
|
fi
|
||||||
|
check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
|
||||||
|
if [ -z "$check_domain" ]; then
|
||||||
|
check_result $E_NOTEXIST "domain $domain doesn't exist"
|
||||||
|
fi
|
||||||
|
if [ ! -e "$csr" ]; then
|
||||||
|
check_result $E_NOTEXIST "$csr doesn't exist"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Action #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
source $USER_DATA/ssl/le.conf
|
||||||
|
api='https://acme-v01.api.letsencrypt.org'
|
||||||
|
key="$USER_DATA/ssl/user.key"
|
||||||
|
exponent="$EXPONENT"
|
||||||
|
modulus="$MODULUS"
|
||||||
|
thumb="$THUMB"
|
||||||
|
|
||||||
|
# Defining JWK header
|
||||||
|
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
|
||||||
|
header='{"alg":"RS256","jwk":'"$header"'}'
|
||||||
|
|
||||||
|
# Requesting nonce
|
||||||
|
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
|
||||||
|
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
|
||||||
|
|
||||||
|
# Defining ACME query (request challenge)
|
||||||
|
csr=$(openssl req -in $csr -outform DER |encode_base64)
|
||||||
|
query='{"resource":"new-cert","csr":"'$csr'"}'
|
||||||
|
payload=$(echo -n "$query" |encode_base64)
|
||||||
|
signature=$(printf "%s" "$protected.$payload" |\
|
||||||
|
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
|
||||||
|
data='{"header":'"$header"',"protected":"'"$protected"'",'
|
||||||
|
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
|
||||||
|
|
||||||
|
# Sending request to LetsEncrypt API
|
||||||
|
answer=$(mktemp)
|
||||||
|
curl -s -d "$data" "$api/acme/new-cert" -o $answer
|
||||||
|
if [ ! -z "$(grep Error $answer)" ]; then
|
||||||
|
detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
|
||||||
|
detail=$(echo "$detail" |awk -F "::" '{print $2}')
|
||||||
|
rm $answer
|
||||||
|
check_result $E_LIMIT "$detail"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Printing certificate
|
||||||
|
crt=$(cat "$answer" |openssl base64 -e)
|
||||||
|
rm $answer
|
||||||
|
if [ "$format" != 'json' ]; then
|
||||||
|
echo "-----BEGIN CERTIFICATE-----"
|
||||||
|
echo "$crt"
|
||||||
|
echo "-----END CERTIFICATE-----"
|
||||||
|
else
|
||||||
|
echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
|
||||||
|
echo -n '-----BEGIN CERTIFICATE-----\n'
|
||||||
|
echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
|
||||||
|
echo -n '-----END CERTIFICATE-----'
|
||||||
|
echo -e "\"\n\t\t}\n\t}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
# Vesta #
|
||||||
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
log_event "$OK" "$ARGUMENTS"
|
||||||
|
|
||||||
|
exit
|
||||||
|
|
@ -41,16 +41,6 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain"
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Deleting system configs
|
|
||||||
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
|
|
||||||
if [ -e '/etc/named.conf' ]; then
|
|
||||||
dns_conf='/etc/named.conf'
|
|
||||||
else
|
|
||||||
dns_conf='/etc/bind/named.conf'
|
|
||||||
fi
|
|
||||||
|
|
||||||
sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Vesta #
|
# Vesta #
|
||||||
|
|
|
||||||
|
|
@ -40,21 +40,7 @@ is_object_suspended 'dns' 'DOMAIN' "$domain"
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Creating system configs
|
|
||||||
if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
|
|
||||||
if [ -e '/etc/named.conf' ]; then
|
|
||||||
dns_conf='/etc/named.conf'
|
|
||||||
dns_group='named'
|
|
||||||
else
|
|
||||||
dns_conf='/etc/bind/named.conf'
|
|
||||||
dns_group='bind'
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Adding zone in named.conf
|
|
||||||
named="zone \"$domain_idn\" {type master; file"
|
|
||||||
named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};"
|
|
||||||
echo "$named" >> $dns_conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Vesta #
|
# Vesta #
|
||||||
|
|
|
||||||
|
|
@ -48,9 +48,6 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
|
||||||
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
|
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
|
||||||
md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
|
md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
|
||||||
quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
|
quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
|
||||||
if [ "$quota" = 'unlimited' ]; then
|
|
||||||
quota=0
|
|
||||||
fi
|
|
||||||
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
|
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||||
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
|
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
|
||||||
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
|
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
|
||||||
|
|
|
||||||
|
|
@ -51,6 +51,11 @@ if [ $? -ne 0 ]; then
|
||||||
conntrack_ftp='no'
|
conntrack_ftp='no'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Checking custom OpenSSH port
|
||||||
|
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
|
||||||
|
if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then
|
||||||
|
sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
|
||||||
|
fi
|
||||||
|
|
||||||
# Creating temporary file
|
# Creating temporary file
|
||||||
tmp=$(mktemp)
|
tmp=$(mktemp)
|
||||||
|
|
|
||||||
|
|
@ -22,63 +22,46 @@ source $VESTA/conf/vesta.conf
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
lecounter=0
|
# Defining user list
|
||||||
hostname=$(hostname)
|
users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
|
||||||
|
|
||||||
echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
|
# Checking users
|
||||||
|
for user in $users; do
|
||||||
# Checking user certificates
|
|
||||||
for user in $($BIN/v-list-users plain |cut -f 1); do
|
|
||||||
USER_DATA=$VESTA/data/users/$user
|
USER_DATA=$VESTA/data/users/$user
|
||||||
|
# Checking user certificates
|
||||||
|
lecounter=0
|
||||||
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
|
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
|
||||||
|
|
||||||
limit_check=1
|
crt="$VESTA/data/users/$user/ssl/$domain.crt"
|
||||||
fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
crt_data=$(openssl x509 -text -in "$crt")
|
||||||
|
expire=$(echo "$crt_data" |grep "Not After")
|
||||||
if [[ "$hostname" = "$domain" ]]; then
|
expire=$(echo "$expire" |cut -f 2,3,4 -d :)
|
||||||
if [[ "$fail_counter" -eq 7 ]]; then
|
expire=$(date -d "$expire" +%s)
|
||||||
limit_check=0
|
|
||||||
fi
|
|
||||||
if [[ "$fail_counter" -eq 8 ]]; then
|
|
||||||
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
|
||||||
send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
|
|
||||||
# echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
|
|
||||||
echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
|
|
||||||
not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
|
|
||||||
expiration=$(date -d "$not_after" +%s)
|
|
||||||
now=$(date +%s)
|
now=$(date +%s)
|
||||||
seconds_valid=$((expiration - now))
|
expire=$((expire - now))
|
||||||
days_valid=$((seconds_valid / 86400))
|
expire=$((expire / 86400))
|
||||||
if [[ "$days_valid" -lt 31 ]]; then
|
domain=$(basename $crt |sed -e "s/.crt$//")
|
||||||
if [ $lecounter -gt 0 ]; then
|
if [[ "$expire" -lt 31 ]]; then
|
||||||
sleep 120
|
|
||||||
fi
|
|
||||||
((lecounter++))
|
|
||||||
aliases=$(echo "$crt_data" |grep DNS:)
|
aliases=$(echo "$crt_data" |grep DNS:)
|
||||||
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
|
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
|
||||||
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
|
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
|
||||||
aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
|
aliases=$(echo "$aliases" |grep -v "^$domain$")
|
||||||
|
if [ ! -z "$aliases" ]; then
|
||||||
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
|
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
|
||||||
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
|
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
if [[ $msg == *"is suspended" ]]; then
|
|
||||||
echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
||||||
else
|
|
||||||
echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
||||||
echo "$domain $msg"
|
echo "$domain $msg"
|
||||||
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
fi
|
||||||
echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
|
else
|
||||||
echo "fail_counter = $fail_counter"
|
msg==$($BIN/v-add-letsencrypt-domain $user $domain)
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "$domain $msg"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if [ $lecounter -gt 0 ]; then
|
||||||
|
sleep 10
|
||||||
|
fi
|
||||||
|
((lecounter++))
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# info: update system ip
|
# info: update system ip
|
||||||
# options: [NONE]
|
# options: [USER] [IP_STATUS]
|
||||||
#
|
#
|
||||||
# The function scans configured ip in the system and register them with vesta
|
# The function scans configured ip in the system and register them with vesta
|
||||||
# internal database. This call is intended for use on vps servers, where ip is
|
# internal database. This call is intended for use on vps servers, where ip is
|
||||||
|
|
@ -11,10 +11,12 @@
|
||||||
# Variable&Function #
|
# Variable&Function #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Importing system variables
|
# Argument definition
|
||||||
source /etc/profile
|
user=${1-admin}
|
||||||
|
ip_status=${2-shared}
|
||||||
|
|
||||||
# Includes
|
# Includes
|
||||||
|
source /etc/profile.d/vesta.sh
|
||||||
source $VESTA/func/main.sh
|
source $VESTA/func/main.sh
|
||||||
source $VESTA/func/ip.sh
|
source $VESTA/func/ip.sh
|
||||||
source $VESTA/conf/vesta.conf
|
source $VESTA/conf/vesta.conf
|
||||||
|
|
@ -24,84 +26,87 @@ source $VESTA/conf/vesta.conf
|
||||||
# Verifications #
|
# Verifications #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
|
check_args '0' "$#" '[USER] [IP_STATUS]'
|
||||||
|
is_format_valid 'user' 'ip_status'
|
||||||
|
is_object_valid 'user' 'USER' "$user" "$user"
|
||||||
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
# Listing system ip addresses
|
# Get list of ip addresses
|
||||||
ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/)
|
ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}')
|
||||||
v_ips=$(ls $VESTA/data/ips/)
|
ip_list=$(echo "$ip_list"|cut -f 1 -d /)
|
||||||
ip_num=$(echo "$ips" |wc -l)
|
ip_num=$(echo "$ip_list" | wc -l)
|
||||||
v_ip_num=$(echo "$v_ips" |wc -l)
|
|
||||||
|
|
||||||
# Checking primary IP change
|
# WorkAround for DHCP IP address
|
||||||
if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
|
vst_ip_list=$(ls $VESTA/data/ips/)
|
||||||
if [ "$ips" != "$v_ips" ]; then
|
vst_ip_num=$(echo "$vst_ip_list" | wc -l)
|
||||||
new=$ips
|
|
||||||
old=$v_ips
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating configs
|
if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then
|
||||||
if [ ! -z "$old" ]; then
|
if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then
|
||||||
|
new=$ip_list
|
||||||
|
old=$vst_ip_list
|
||||||
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
|
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
|
||||||
|
|
||||||
# Updating PROXY
|
|
||||||
if [ ! -z "$PROXY_SYSTEM" ]; then
|
if [ ! -z "$PROXY_SYSTEM" ]; then
|
||||||
cd /etc/$PROXY_SYSTEM/conf.d
|
mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \
|
||||||
if [ -e "$old.conf" ]; then
|
/etc/$PROXY_SYSTEM/conf.d/$new.conf
|
||||||
mv $old.conf $new.conf
|
sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf
|
||||||
sed -i "s/$old/$new/g" $new.conf
|
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating WEB
|
|
||||||
if [ ! -z "$WEB_SYSTEM" ]; then
|
if [ ! -z "$WEB_SYSTEM" ]; then
|
||||||
cd /etc/$WEB_SYSTEM/conf.d
|
mv /etc/$WEB_SYSTEM/conf.d/$old.conf \
|
||||||
if [ -e "$old.conf" ]; then
|
/etc/$WEB_SYSTEM/conf.d/$new.conf
|
||||||
mv $old.conf $new.conf
|
sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf
|
||||||
sed -i "s/$old/$new/g" $new.conf
|
|
||||||
fi
|
|
||||||
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
|
sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf
|
||||||
|
|
||||||
|
# Rebuild web domains
|
||||||
for user in $(ls $VESTA/data/users/); do
|
for user in $(ls $VESTA/data/users/); do
|
||||||
$BIN/v-rebuild-web-domains $user no
|
$BIN/v-rebuild-web-domains $user no
|
||||||
done
|
done
|
||||||
$BIN/v-restart-proxy
|
fi
|
||||||
$BIN/v-restart-web
|
if [ ! -z "$FTP_SYSTEM" ];then
|
||||||
|
ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
|
||||||
|
sed -i "s/$old/$new/g" $ftpd_conf_file
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Restarting web server
|
||||||
|
$BIN/v-restart-web
|
||||||
|
|
||||||
|
# Restarting ftp server
|
||||||
|
$BIN/v-restart-ftp
|
||||||
|
|
||||||
|
# Restarting proxy server
|
||||||
|
if [ ! -z "$PROXY_SYSTEM" ]; then
|
||||||
|
$BIN/v-restart-proxy
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Restarting firewall
|
||||||
|
if [ ! -z "$FIREWALL_SYSTEM" ]; then
|
||||||
|
$BIN/v-update-firewall
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Updating DNS
|
|
||||||
if [ ! -z "$DNS_SYSTEM" ]; then
|
if [ ! -z "$DNS_SYSTEM" ]; then
|
||||||
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf
|
# Rebuild dns domains
|
||||||
sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf
|
|
||||||
for user in $(ls $VESTA/data/users/); do
|
for user in $(ls $VESTA/data/users/); do
|
||||||
|
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf
|
||||||
|
sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf
|
||||||
$BIN/v-rebuild-dns-domains $user no
|
$BIN/v-rebuild-dns-domains $user no
|
||||||
done
|
done
|
||||||
$BIN/v-restart-dns
|
$BIN/v-restart-dns
|
||||||
|
check_result $? "dns restart failed" >/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Updating FTP
|
# No further comparation is needed
|
||||||
if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then
|
exit
|
||||||
conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf)
|
|
||||||
if [ ! -z "$conf" ]; then
|
|
||||||
sed -i "s/$old/$new/g" $conf
|
|
||||||
$BIN/v-restart-ftp
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Updating firewall
|
|
||||||
if [ ! -z "$FIREWALL_SYSTEM" ]; then
|
|
||||||
sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
|
|
||||||
$BIN/v-update-firewall
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Adding system IP
|
# Compare ips
|
||||||
for ip in $ips; do
|
for ip in $ip_list; do
|
||||||
check_ifconfig=$(/sbin/ifconfig |grep "$ip")
|
check_ifconfig=$(/sbin/ifconfig |grep "$ip")
|
||||||
if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then
|
if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then
|
||||||
interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq)
|
interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq)
|
||||||
interface=$(echo "$interface" |cut -f 1 -d : |head -n 1)
|
interface=$(echo "$interface" |cut -f 1 -d : |head -n 1)
|
||||||
netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ )
|
netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ )
|
||||||
netmask=$(convert_cidr $netmask)
|
netmask=$(convert_cidr $netmask)
|
||||||
|
|
@ -109,11 +114,12 @@ for ip in $ips; do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# Updating NAT
|
# Checking NAT
|
||||||
pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
|
pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
|
||||||
if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then
|
if [ ! -z "$pub_ip" ] && [ ! -e "$VESTA/data/ips/$pub_ip" ]; then
|
||||||
if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then
|
check_nat=$(grep -R "$pub_ip" $VESTA/data/ips/)
|
||||||
ip=$(ls -t $VESTA/data/ips/ |head -n1)
|
if [ -z "$check_nat" ]; then
|
||||||
|
ip=$(ls -t $VESTA/data/ips/|head -n1)
|
||||||
$BIN/v-change-sys-ip-nat $ip $pub_ip
|
$BIN/v-change-sys-ip-nat $ip $pub_ip
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
|
|
@ -61,13 +61,13 @@ fi
|
||||||
# Parsing data
|
# Parsing data
|
||||||
if [ "$period" = 'daily' ]; then
|
if [ "$period" = 'daily' ]; then
|
||||||
mem=$(free -m)
|
mem=$(free -m)
|
||||||
used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}')
|
used=$(echo "$mem" |grep Mem |awk '{print $3}')
|
||||||
if [ -z "$(echo "$mem" | grep available)" ]; then
|
if [ -z "$(echo "$mem" | grep available)" ]; then
|
||||||
free=$(echo "$mem" |grep buff/cache |awk '{print $4}')
|
free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
|
||||||
else
|
else
|
||||||
free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}')
|
free=$(echo "$mem" |grep Mem |awk '{print $7}')
|
||||||
fi
|
fi
|
||||||
swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}')
|
swap=$(echo "$mem" |grep Swap |awk '{print $3}')
|
||||||
|
|
||||||
# Updating rrd
|
# Updating rrd
|
||||||
rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free
|
rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free
|
||||||
|
|
|
||||||
|
|
@ -85,7 +85,7 @@ for host in $hosts; do
|
||||||
# Parsing data
|
# Parsing data
|
||||||
q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
|
q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
|
||||||
FROM pg_stat_database;'
|
FROM pg_stat_database;'
|
||||||
status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
|
status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?"
|
||||||
if [ '0' -ne "$code" ]; then
|
if [ '0' -ne "$code" ]; then
|
||||||
active=0
|
active=0
|
||||||
slow=0
|
slow=0
|
||||||
|
|
|
||||||
|
|
@ -28,32 +28,12 @@ source $VESTA/conf/vesta.conf
|
||||||
# Checking arg number
|
# Checking arg number
|
||||||
check_args '1' "$#" 'PACKAGE'
|
check_args '1' "$#" 'PACKAGE'
|
||||||
|
|
||||||
valid=0
|
|
||||||
if [ "$package" = "vesta" ]; then
|
|
||||||
valid=1
|
|
||||||
fi
|
|
||||||
if [ "$package" = "vesta-nginx" ]; then
|
|
||||||
valid=1
|
|
||||||
fi
|
|
||||||
if [ "$package" = "vesta-php" ]; then
|
|
||||||
valid=1
|
|
||||||
fi
|
|
||||||
if [ "$package" = "vesta-ioncube" ]; then
|
|
||||||
valid=1
|
|
||||||
fi
|
|
||||||
if [ "$package" = "vesta-softaculous" ]; then
|
|
||||||
valid=1
|
|
||||||
fi
|
|
||||||
if [ $valid -eq 0 ]; then
|
|
||||||
echo "Package $package is not valid"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
# Action #
|
# Action #
|
||||||
#----------------------------------------------------------#
|
#----------------------------------------------------------#
|
||||||
|
|
||||||
if [ -n "$(command -v yum)" ]; then
|
if [ -d "/etc/sysconfig" ]; then
|
||||||
# Clean yum chache
|
# Clean yum chache
|
||||||
yum -q clean all
|
yum -q clean all
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,6 @@ for user in $user_list; do
|
||||||
IP_OWNED=0
|
IP_OWNED=0
|
||||||
U_USERS=0
|
U_USERS=0
|
||||||
U_DISK=0
|
U_DISK=0
|
||||||
DISK=0
|
|
||||||
U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
|
U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
|
||||||
if [ -z "$U_DISK_DIRS" ]; then
|
if [ -z "$U_DISK_DIRS" ]; then
|
||||||
U_DISK_DIRS=0
|
U_DISK_DIRS=0
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user"
|
||||||
# Updating disk quota
|
# Updating disk quota
|
||||||
# Had quota equals package value. Soft quota equals 90% of package value for warnings.
|
# Had quota equals package value. Soft quota equals 90% of package value for warnings.
|
||||||
quota=$(get_user_value '$DISK_QUOTA')
|
quota=$(get_user_value '$DISK_QUOTA')
|
||||||
soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
|
soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .)
|
||||||
hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
|
hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .)
|
||||||
|
|
||||||
# Searching home mount point
|
# Searching home mount point
|
||||||
|
|
|
||||||
|
|
@ -67,9 +67,6 @@ TOTAL_USERS=0
|
||||||
|
|
||||||
# Updating user stats
|
# Updating user stats
|
||||||
for user in $user_list; do
|
for user in $user_list; do
|
||||||
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
|
|
||||||
continue;
|
|
||||||
fi
|
|
||||||
USER_DATA=$VESTA/data/users/$user
|
USER_DATA=$VESTA/data/users/$user
|
||||||
source $USER_DATA/user.conf
|
source $USER_DATA/user.conf
|
||||||
next_month=$(date +'%m/01/%y' -d '+ 1 month')
|
next_month=$(date +'%m/01/%y' -d '+ 1 month')
|
||||||
|
|
|
||||||
|
|
@ -55,14 +55,14 @@ mysql_query() {
|
||||||
|
|
||||||
mysql_dump() {
|
mysql_dump() {
|
||||||
err="/tmp/e.mysql"
|
err="/tmp/e.mysql"
|
||||||
mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
|
mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err
|
||||||
if [ '0' -ne "$?" ]; then
|
if [ '0' -ne "$?" ]; then
|
||||||
rm -rf $tmpdir
|
rm -rf $tmpdir
|
||||||
if [ "$notify" != 'no' ]; then
|
if [ "$notify" != 'no' ]; then
|
||||||
echo -e "Can't dump database $database\n$(cat $err)" |\
|
echo -e "Can't dump database $database\n$(cat $err)" |\
|
||||||
$SENDMAIL -s "$subj" $email
|
$SENDMAIL -s "$subj" $email
|
||||||
fi
|
fi
|
||||||
echo "Error: dump $database failed\n$(cat $err)"
|
echo "Error: dump $database failed"
|
||||||
log_event "$E_DB" "$ARGUMENTS"
|
log_event "$E_DB" "$ARGUMENTS"
|
||||||
exit $E_DB
|
exit $E_DB
|
||||||
fi
|
fi
|
||||||
|
|
@ -322,7 +322,7 @@ delete_pgsql_database() {
|
||||||
psql_connect $HOST
|
psql_connect $HOST
|
||||||
|
|
||||||
query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
|
query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
|
||||||
psql_query "$query" > /dev/null
|
psql_qyery "$query" > /dev/null
|
||||||
|
|
||||||
query="DROP DATABASE $database"
|
query="DROP DATABASE $database"
|
||||||
psql_query "$query" > /dev/null
|
psql_query "$query" > /dev/null
|
||||||
|
|
|
||||||
|
|
@ -215,11 +215,7 @@ add_web_config() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
trigger="${2/%.tpl/.sh}"
|
trigger="${2/.*pl/.sh}"
|
||||||
if [[ "$2" =~ stpl$ ]]; then
|
|
||||||
trigger="${2/%.stpl/.sh}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
|
if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
|
||||||
$WEBTPL/$1/$WEB_BACKEND/$trigger \
|
$WEBTPL/$1/$WEB_BACKEND/$trigger \
|
||||||
$user $domain $local_ip $HOMEDIR \
|
$user $domain $local_ip $HOMEDIR \
|
||||||
|
|
@ -273,7 +269,7 @@ replace_web_config() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Delete web configuration
|
# Delete web configuartion
|
||||||
del_web_config() {
|
del_web_config() {
|
||||||
conf="$HOMEDIR/$user/conf/web/$domain.$1.conf"
|
conf="$HOMEDIR/$user/conf/web/$domain.$1.conf"
|
||||||
if [[ "$2" =~ stpl$ ]]; then
|
if [[ "$2" =~ stpl$ ]]; then
|
||||||
|
|
@ -289,15 +285,13 @@ del_web_config() {
|
||||||
if [[ "$2" =~ stpl$ ]]; then
|
if [[ "$2" =~ stpl$ ]]; then
|
||||||
conf="$HOMEDIR/$user/conf/web/s$1.conf"
|
conf="$HOMEDIR/$user/conf/web/s$1.conf"
|
||||||
fi
|
fi
|
||||||
if [ -e "$conf" ]; then
|
|
||||||
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
|
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
|
||||||
sed -i "$top_line,$bottom_line d" $conf
|
sed -i "$top_line,$bottom_line d" $conf
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
# clean-up for both config styles if there is no more domains
|
# clean-up for both config styles if there is no more domains
|
||||||
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
|
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
|
||||||
if [ "$web_domain" -eq '0' ]; then
|
if [ "$web_domain" -eq '0' ]; then
|
||||||
sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf
|
sed -i "/.*\/$user\/.*/d" /etc/$1/conf.d/vesta.conf
|
||||||
if [ -f "$conf" ]; then
|
if [ -f "$conf" ]; then
|
||||||
rm -f $conf
|
rm -f $conf
|
||||||
fi
|
fi
|
||||||
|
|
@ -343,7 +337,7 @@ is_web_domain_cert_valid() {
|
||||||
check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
|
check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
|
openssl s_server -quiet -cert $ssl_dir/$domain.crt \
|
||||||
-key $ssl_dir/$domain.key >> /dev/null 2>&1 &
|
-key $ssl_dir/$domain.key >> /dev/null 2>&1 &
|
||||||
pid=$!
|
pid=$!
|
||||||
sleep 0.5
|
sleep 0.5
|
||||||
|
|
@ -412,24 +406,6 @@ update_domain_zone() {
|
||||||
VALUE=$(idn --quiet -a -t "$VALUE")
|
VALUE=$(idn --quiet -a -t "$VALUE")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Split long TXT entries into 255 chunks
|
|
||||||
if [ "$TYPE" = 'TXT' ]; then
|
|
||||||
txtlength=${#VALUE}
|
|
||||||
if [ $txtlength -gt 255 ]; then
|
|
||||||
already_chunked=0
|
|
||||||
if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
|
|
||||||
already_chunked=1
|
|
||||||
fi
|
|
||||||
if [ $already_chunked -eq 0 ]; then
|
|
||||||
if [[ ${VALUE:0:1} = '"' ]]; then
|
|
||||||
txtlength=$(( $txtlength - 2 ))
|
|
||||||
VALUE=${VALUE:1:txtlength}
|
|
||||||
fi
|
|
||||||
VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$SUSPENDED" != 'yes' ]; then
|
if [ "$SUSPENDED" != 'yes' ]; then
|
||||||
eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
|
eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ get_ip_iface() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Check ip address specific value
|
# Check ip address speciefic value
|
||||||
is_ip_key_empty() {
|
is_ip_key_empty() {
|
||||||
key="$1"
|
key="$1"
|
||||||
string=$(cat $VESTA/data/ips/$ip)
|
string=$(cat $VESTA/data/ips/$ip)
|
||||||
|
|
@ -141,7 +141,7 @@ get_real_ip() {
|
||||||
else
|
else
|
||||||
nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
|
nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
|
||||||
if [ ! -z "$nat" ]; then
|
if [ ! -z "$nat" ]; then
|
||||||
echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
|
echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
||||||
132
func/main.sh
132
func/main.sh
|
|
@ -35,7 +35,6 @@ E_DB=17
|
||||||
E_RRD=18
|
E_RRD=18
|
||||||
E_UPDATE=19
|
E_UPDATE=19
|
||||||
E_RESTART=20
|
E_RESTART=20
|
||||||
E_TEAPOT=418
|
|
||||||
|
|
||||||
# Event string for logger
|
# Event string for logger
|
||||||
for ((I=1; I <= $# ; I++)); do
|
for ((I=1; I <= $# ; I++)); do
|
||||||
|
|
@ -213,8 +212,7 @@ is_object_new() {
|
||||||
# Check if object is valid
|
# Check if object is valid
|
||||||
is_object_valid() {
|
is_object_valid() {
|
||||||
if [ $2 = 'USER' ]; then
|
if [ $2 = 'USER' ]; then
|
||||||
user_vst_dir=$(basename $3)
|
if [ ! -d "$VESTA/data/users/$3" ]; then
|
||||||
if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
|
|
||||||
check_result $E_NOTEXIST "$1 $3 doesn't exist"
|
check_result $E_NOTEXIST "$1 $3 doesn't exist"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
@ -296,20 +294,6 @@ is_dir_symlink() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check if file exists
|
|
||||||
if_file_exists() {
|
|
||||||
if [[ -f "$1" ]]; then
|
|
||||||
check_result $E_FORBIDEN "$1 file exists"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check if directory exists
|
|
||||||
if_dir_exists() {
|
|
||||||
if [[ -d "$1" ]]; then
|
|
||||||
check_result $E_FORBIDEN "$1 directory exists"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get object value
|
# Get object value
|
||||||
get_object_value() {
|
get_object_value() {
|
||||||
object=$(grep "$2='$3'" $USER_DATA/$1.conf)
|
object=$(grep "$2='$3'" $USER_DATA/$1.conf)
|
||||||
|
|
@ -548,7 +532,7 @@ is_user_format_valid() {
|
||||||
is_domain_format_valid() {
|
is_domain_format_valid() {
|
||||||
object_name=${2-domain}
|
object_name=${2-domain}
|
||||||
exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]"
|
exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]"
|
||||||
if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then
|
if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then
|
||||||
check_result $E_INVALID "invalid $object_name format :: $1"
|
check_result $E_INVALID "invalid $object_name format :: $1"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -675,7 +659,7 @@ is_dbuser_format_valid() {
|
||||||
|
|
||||||
# DNS record type validator
|
# DNS record type validator
|
||||||
is_dns_type_format_valid() {
|
is_dns_type_format_valid() {
|
||||||
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
|
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA'
|
||||||
if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
|
if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
|
||||||
check_result $E_INVALID "invalid dns record type format :: $1"
|
check_result $E_INVALID "invalid dns record type format :: $1"
|
||||||
fi
|
fi
|
||||||
|
|
@ -821,32 +805,6 @@ is_password_format_valid() {
|
||||||
check_result $E_INVALID "invalid password format :: $1"
|
check_result $E_INVALID "invalid password format :: $1"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
# Missing function -
|
|
||||||
# Before: validate_format_shell
|
|
||||||
# After: is_format_valid_shell
|
|
||||||
is_format_valid_shell() {
|
|
||||||
if [ -z "$(grep -w $1 /etc/shells)" ]; then
|
|
||||||
echo "Error: shell $1 is not valid"
|
|
||||||
log_event "$E_INVALID" "$EVENT"
|
|
||||||
exit $E_INVALID
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
format_no_quotes() {
|
|
||||||
exclude="['|\"]"
|
|
||||||
if [[ "$1" =~ $exclude ]]; then
|
|
||||||
check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
|
|
||||||
fi
|
|
||||||
is_no_new_line_format "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
is_no_new_line_format() {
|
|
||||||
test=$(echo "$1" | head -n1 );
|
|
||||||
if [[ "$test" != "$1" ]]; then
|
|
||||||
check_result "$E_INVALID" "invalid value :: $1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Format validation controller
|
# Format validation controller
|
||||||
is_format_valid() {
|
is_format_valid() {
|
||||||
|
|
@ -856,7 +814,6 @@ is_format_valid() {
|
||||||
case $arg_name in
|
case $arg_name in
|
||||||
account) is_user_format_valid "$arg" "$arg_name";;
|
account) is_user_format_valid "$arg" "$arg_name";;
|
||||||
action) is_fw_action_format_valid "$arg";;
|
action) is_fw_action_format_valid "$arg";;
|
||||||
alias) is_alias_format_valid "$arg" ;;
|
|
||||||
aliases) is_alias_format_valid "$arg" ;;
|
aliases) is_alias_format_valid "$arg" ;;
|
||||||
antispam) is_boolean_format_valid "$arg" 'antispam' ;;
|
antispam) is_boolean_format_valid "$arg" 'antispam' ;;
|
||||||
antivirus) is_boolean_format_valid "$arg" 'antivirus' ;;
|
antivirus) is_boolean_format_valid "$arg" 'antivirus' ;;
|
||||||
|
|
@ -882,7 +839,6 @@ is_format_valid() {
|
||||||
host) is_object_format_valid "$arg" "$arg_name" ;;
|
host) is_object_format_valid "$arg" "$arg_name" ;;
|
||||||
hour) is_cron_format_valid "$arg" $arg_name ;;
|
hour) is_cron_format_valid "$arg" $arg_name ;;
|
||||||
id) is_int_format_valid "$arg" 'id' ;;
|
id) is_int_format_valid "$arg" 'id' ;;
|
||||||
interface) is_interface_format_valid "$arg" ;;
|
|
||||||
ip) is_ip_format_valid "$arg" ;;
|
ip) is_ip_format_valid "$arg" ;;
|
||||||
ip_name) is_domain_format_valid "$arg" 'IP name';;
|
ip_name) is_domain_format_valid "$arg" 'IP name';;
|
||||||
ip_status) is_ip_status_format_valid "$arg" ;;
|
ip_status) is_ip_status_format_valid "$arg" ;;
|
||||||
|
|
@ -917,8 +873,6 @@ is_format_valid() {
|
||||||
rtype) is_dns_type_format_valid "$arg" ;;
|
rtype) is_dns_type_format_valid "$arg" ;;
|
||||||
rule) is_int_format_valid "$arg" "rule id" ;;
|
rule) is_int_format_valid "$arg" "rule id" ;;
|
||||||
soa) is_domain_format_valid "$arg" 'SOA' ;;
|
soa) is_domain_format_valid "$arg" 'SOA' ;;
|
||||||
#missing command: is_format_valid_shell
|
|
||||||
shell) is_format_valid_shell "$arg" ;;
|
|
||||||
stats_pass) is_password_format_valid "$arg" ;;
|
stats_pass) is_password_format_valid "$arg" ;;
|
||||||
stats_user) is_user_format_valid "$arg" "$arg_name" ;;
|
stats_user) is_user_format_valid "$arg" "$arg_name" ;;
|
||||||
template) is_object_format_valid "$arg" "$arg_name" ;;
|
template) is_object_format_valid "$arg" "$arg_name" ;;
|
||||||
|
|
@ -968,85 +922,7 @@ format_aliases() {
|
||||||
aliases=$(echo "$aliases" |tr -s '.')
|
aliases=$(echo "$aliases" |tr -s '.')
|
||||||
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
|
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
|
||||||
aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
|
aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
|
||||||
aliases=$(echo "$aliases" |sed -e "/^$/d")
|
aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d")
|
||||||
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
|
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
alter_web_counter() {
|
|
||||||
user=$1
|
|
||||||
domain=$2
|
|
||||||
USER_DATA=$VESTA/data/users/$user
|
|
||||||
|
|
||||||
varc=$3
|
|
||||||
vard="\$${varc}"
|
|
||||||
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
|
|
||||||
|
|
||||||
if [ -z "$counter" ]; then
|
|
||||||
add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
|
|
||||||
counter=0
|
|
||||||
fi
|
|
||||||
|
|
||||||
((counter++))
|
|
||||||
backup_counter=$counter
|
|
||||||
|
|
||||||
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
|
|
||||||
counter=$backup_counter
|
|
||||||
|
|
||||||
echo $counter
|
|
||||||
}
|
|
||||||
|
|
||||||
reset_web_counter() {
|
|
||||||
user=$1
|
|
||||||
domain=$2
|
|
||||||
USER_DATA=$VESTA/data/users/$user
|
|
||||||
|
|
||||||
varc=$3
|
|
||||||
vard="\$${varc}"
|
|
||||||
|
|
||||||
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
|
|
||||||
}
|
|
||||||
|
|
||||||
get_web_counter() {
|
|
||||||
user=$1
|
|
||||||
domain=$2
|
|
||||||
USER_DATA=$VESTA/data/users/$user
|
|
||||||
|
|
||||||
varc=$3
|
|
||||||
vard="\$${varc}"
|
|
||||||
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
|
|
||||||
|
|
||||||
if [ -z "$counter" ]; then
|
|
||||||
counter=0
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo $counter
|
|
||||||
}
|
|
||||||
|
|
||||||
# Simple chmod wrapper that skips symlink files after glob expand
|
|
||||||
# Taken from HestiaCP
|
|
||||||
no_symlink_chmod() {
|
|
||||||
local filemode=$1; shift;
|
|
||||||
|
|
||||||
for i in "$@"; do
|
|
||||||
[[ -L ${i} ]] && continue
|
|
||||||
|
|
||||||
chmod "${filemode}" "${i}"
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
# $1 = subject
|
|
||||||
# $2 = body
|
|
||||||
send_email_to_admin() {
|
|
||||||
email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
|
|
||||||
email=$(echo "$email" | cut -f 2 -d "'")
|
|
||||||
if [ -z "$email" ]; then
|
|
||||||
if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
|
|
||||||
email=$NOTIFY_ADMIN_FULL_BACKUP
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if [ -z "$email" ]; then
|
|
||||||
return;
|
|
||||||
fi
|
|
||||||
echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
|
|
||||||
}
|
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ rebuild_user_conf() {
|
||||||
mkdir -p $HOMEDIR/$user/conf
|
mkdir -p $HOMEDIR/$user/conf
|
||||||
chmod a+x $HOMEDIR/$user
|
chmod a+x $HOMEDIR/$user
|
||||||
chmod a+x $HOMEDIR/$user/conf
|
chmod a+x $HOMEDIR/$user/conf
|
||||||
chown --no-dereference $user:$user $HOMEDIR/$user
|
chown $user:$user $HOMEDIR/$user
|
||||||
chown root:root $HOMEDIR/$user/conf
|
chown root:root $HOMEDIR/$user/conf
|
||||||
|
|
||||||
# Update disk pipe
|
# Update disk pipe
|
||||||
|
|
@ -80,7 +80,7 @@ rebuild_user_conf() {
|
||||||
chmod 751 $HOMEDIR/$user/conf/web
|
chmod 751 $HOMEDIR/$user/conf/web
|
||||||
chmod 751 $HOMEDIR/$user/web
|
chmod 751 $HOMEDIR/$user/web
|
||||||
chmod 771 $HOMEDIR/$user/tmp
|
chmod 771 $HOMEDIR/$user/tmp
|
||||||
chown --no-dereference $user:$user $HOMEDIR/$user/web
|
chown $user:$user $HOMEDIR/$user/web
|
||||||
if [ -z "$create_user" ]; then
|
if [ -z "$create_user" ]; then
|
||||||
$BIN/v-rebuild-web-domains $user $restart
|
$BIN/v-rebuild-web-domains $user $restart
|
||||||
fi
|
fi
|
||||||
|
|
@ -152,7 +152,7 @@ rebuild_web_domain_conf() {
|
||||||
prepare_web_domain_values
|
prepare_web_domain_values
|
||||||
|
|
||||||
# Rebuilding domain directories
|
# Rebuilding domain directories
|
||||||
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
|
mkdir -p $HOMEDIR/$user/web/$domain \
|
||||||
$HOMEDIR/$user/web/$domain/public_html \
|
$HOMEDIR/$user/web/$domain/public_html \
|
||||||
$HOMEDIR/$user/web/$domain/public_shtml \
|
$HOMEDIR/$user/web/$domain/public_shtml \
|
||||||
$HOMEDIR/$user/web/$domain/document_errors \
|
$HOMEDIR/$user/web/$domain/document_errors \
|
||||||
|
|
@ -178,15 +178,14 @@ rebuild_web_domain_conf() {
|
||||||
|
|
||||||
# Propagating html skeleton
|
# Propagating html skeleton
|
||||||
if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
|
if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
|
||||||
sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
|
cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/
|
||||||
$HOMEDIR/$user/web/$domain/
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set folder permissions
|
# Set folder permissions
|
||||||
no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
|
chmod 551 $HOMEDIR/$user/web/$domain \
|
||||||
$HOMEDIR/$user/web/$domain/stats \
|
$HOMEDIR/$user/web/$domain/stats \
|
||||||
$HOMEDIR/$user/web/$domain/logs
|
$HOMEDIR/$user/web/$domain/logs
|
||||||
no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
|
chmod 751 $HOMEDIR/$user/web/$domain/private \
|
||||||
$HOMEDIR/$user/web/$domain/cgi-bin \
|
$HOMEDIR/$user/web/$domain/cgi-bin \
|
||||||
$HOMEDIR/$user/web/$domain/public_html \
|
$HOMEDIR/$user/web/$domain/public_html \
|
||||||
$HOMEDIR/$user/web/$domain/public_shtml \
|
$HOMEDIR/$user/web/$domain/public_shtml \
|
||||||
|
|
@ -194,7 +193,7 @@ rebuild_web_domain_conf() {
|
||||||
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
|
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
|
||||||
|
|
||||||
# Set ownership
|
# Set ownership
|
||||||
chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
|
chown $user:$user $HOMEDIR/$user/web/$domain \
|
||||||
$HOMEDIR/$user/web/$domain/private \
|
$HOMEDIR/$user/web/$domain/private \
|
||||||
$HOMEDIR/$user/web/$domain/cgi-bin \
|
$HOMEDIR/$user/web/$domain/cgi-bin \
|
||||||
$HOMEDIR/$user/web/$domain/public_html \
|
$HOMEDIR/$user/web/$domain/public_html \
|
||||||
|
|
@ -601,7 +600,7 @@ rebuild_pgsql_database() {
|
||||||
exit $E_CONNECT
|
exit $E_CONNECT
|
||||||
fi
|
fi
|
||||||
|
|
||||||
query="CREATE ROLE $DBUSER WITH LOGIN"
|
query="CREATE ROLE $DBUSER"
|
||||||
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
||||||
|
|
||||||
query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
|
query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
|
||||||
|
|
@ -618,7 +617,7 @@ rebuild_pgsql_database() {
|
||||||
query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
|
query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
|
||||||
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
||||||
|
|
||||||
query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
|
query="GRANT CONNECT ON DATABASE template1 to $dbuser"
|
||||||
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,6 @@ http {
|
||||||
|
|
||||||
# Compression
|
# Compression
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_vary on;
|
|
||||||
gzip_comp_level 9;
|
gzip_comp_level 9;
|
||||||
gzip_min_length 512;
|
gzip_min_length 512;
|
||||||
gzip_buffers 8 64k;
|
gzip_buffers 8 64k;
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
location /phpmyadmin {
|
location /phpmyadmin {
|
||||||
alias /usr/share/phpmyadmin;
|
alias /usr/share/phpmyadmin/;
|
||||||
|
|
||||||
location ~ /(libraries|setup) {
|
location ~ /(libraries|setup) {
|
||||||
return 404;
|
return 404;
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
location /phppgadmin {
|
location /phppgadmin {
|
||||||
alias /usr/share/phppgadmin;
|
alias /usr/share/phppgadmin/;
|
||||||
|
|
||||||
location ~ ^/phppgadmin/(.*\.php)$ {
|
location ~ ^/phppgadmin/(.*\.php)$ {
|
||||||
alias /usr/share/phppgadmin/$1;
|
alias /usr/share/phppgadmin/$1;
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
location /webmail {
|
location /webmail {
|
||||||
alias /var/lib/roundcube;
|
alias /var/lib/roundcube/;
|
||||||
|
|
||||||
location ~ /(config|temp|logs) {
|
location ~ /(config|temp|logs) {
|
||||||
return 404;
|
return 404;
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,6 @@ Alias /phpmyadmin /usr/share/phpmyadmin
|
||||||
php_admin_flag allow_url_fopen Off
|
php_admin_flag allow_url_fopen Off
|
||||||
php_value include_path .
|
php_value include_path .
|
||||||
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
|
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
|
||||||
php_admin_value sys_temp_dir /var/lib/phpmyadmin/tmp
|
|
||||||
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
|
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
|
||||||
</IfModule>
|
</IfModule>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -137,13 +137,6 @@ if (!empty($dbname)) {
|
||||||
$cfg['UploadDir'] = '';
|
$cfg['UploadDir'] = '';
|
||||||
$cfg['SaveDir'] = '';
|
$cfg['SaveDir'] = '';
|
||||||
|
|
||||||
/*
|
|
||||||
* Temp dir for faster beahivour
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
$cfg['TempDir'] = '/tmp';
|
|
||||||
|
|
||||||
|
|
||||||
/* Support additional configurations */
|
/* Support additional configurations */
|
||||||
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
|
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -4,5 +4,5 @@ Defaults:admin !syslog
|
||||||
Defaults:admin !requiretty
|
Defaults:admin !requiretty
|
||||||
Defaults:root !requiretty
|
Defaults:root !requiretty
|
||||||
|
|
||||||
# sudo is limited to vesta scripts
|
admin ALL=(ALL) ALL
|
||||||
admin ALL=NOPASSWD:/usr/local/vesta/bin/*
|
admin ALL=NOPASSWD:/usr/local/vesta/bin/*
|
||||||
|
|
|
||||||
|
|
@ -15,9 +15,8 @@
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
SSLRequireSSL
|
SSLRequireSSL
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
</Directory>
|
</Directory>
|
||||||
<Directory %home%/%user%/web/%domain%/stats>
|
<Directory %home%/%user%/web/%domain%/stats>
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
</Directory>
|
</Directory>
|
||||||
<Directory %home%/%user%/web/%domain%/stats>
|
<Directory %home%/%user%/web/%domain%/stats>
|
||||||
|
|
|
||||||
|
|
@ -22,9 +22,8 @@
|
||||||
php_admin_flag mysql.allow_persistent off
|
php_admin_flag mysql.allow_persistent off
|
||||||
php_admin_flag safe_mode off
|
php_admin_flag safe_mode off
|
||||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
||||||
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
</Directory>
|
</Directory>
|
||||||
<Directory %home%/%user%/web/%domain%/stats>
|
<Directory %home%/%user%/web/%domain%/stats>
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@
|
||||||
<Directory %docroot%>
|
<Directory %docroot%>
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value upload_max_filesize 10M
|
php_admin_value upload_max_filesize 10M
|
||||||
php_admin_value max_execution_time 20
|
php_admin_value max_execution_time 20
|
||||||
php_admin_value post_max_size 8M
|
php_admin_value post_max_size 8M
|
||||||
|
|
@ -23,7 +24,6 @@
|
||||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
|
||||||
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
</Directory>
|
</Directory>
|
||||||
<Directory %home%/%user%/web/%domain%/stats>
|
<Directory %home%/%user%/web/%domain%/stats>
|
||||||
|
|
|
||||||
|
|
@ -15,9 +15,8 @@
|
||||||
SSLRequireSSL
|
SSLRequireSSL
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
Action phpcgi-script /cgi-bin/php
|
Action phpcgi-script /cgi-bin/php
|
||||||
<Files *.php>
|
<Files *.php>
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
Action phpcgi-script /cgi-bin/php
|
Action phpcgi-script /cgi-bin/php
|
||||||
<Files *.php>
|
<Files *.php>
|
||||||
|
|
|
||||||
|
|
@ -15,9 +15,8 @@
|
||||||
SSLRequireSSL
|
SSLRequireSSL
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
<Files *.php>
|
<Files *.php>
|
||||||
SetHandler fcgid-script
|
SetHandler fcgid-script
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@
|
||||||
Options +Includes -Indexes +ExecCGI
|
Options +Includes -Indexes +ExecCGI
|
||||||
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
|
||||||
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
php_admin_value upload_tmp_dir %home%/%user%/tmp
|
||||||
php_admin_value sys_temp_dir %home%/%user%/tmp
|
|
||||||
php_admin_value session.save_path %home%/%user%/tmp
|
php_admin_value session.save_path %home%/%user%/tmp
|
||||||
<Files *.php>
|
<Files *.php>
|
||||||
SetHandler fcgid-script
|
SetHandler fcgid-script
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
server {
|
server {
|
||||||
listen %ip%:%proxy_ssl_port% ssl;
|
listen %ip%:%proxy_ssl_port%;
|
||||||
server_name %domain_idn% %alias_idn%;
|
server_name %domain_idn% %alias_idn%;
|
||||||
|
ssl on;
|
||||||
ssl_certificate %ssl_pem%;
|
ssl_certificate %ssl_pem%;
|
||||||
ssl_certificate_key %ssl_key%;
|
ssl_certificate_key %ssl_key%;
|
||||||
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
server {
|
server {
|
||||||
listen %ip%:%proxy_ssl_port% ssl;
|
listen %ip%:%proxy_ssl_port%;
|
||||||
server_name %domain_idn% %alias_idn%;
|
server_name %domain_idn% %alias_idn%;
|
||||||
|
ssl on;
|
||||||
ssl_certificate %ssl_pem%;
|
ssl_certificate %ssl_pem%;
|
||||||
ssl_certificate_key %ssl_key%;
|
ssl_certificate_key %ssl_key%;
|
||||||
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
server {
|
server {
|
||||||
listen %ip%:%proxy_ssl_port% ssl;
|
listen %ip%:%proxy_ssl_port%;
|
||||||
server_name %domain_idn% %alias_idn%;
|
server_name %domain_idn% %alias_idn%;
|
||||||
|
ssl on;
|
||||||
ssl_certificate %ssl_pem%;
|
ssl_certificate %ssl_pem%;
|
||||||
ssl_certificate_key %ssl_key%;
|
ssl_certificate_key %ssl_key%;
|
||||||
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
||||||
|
|
@ -30,7 +31,7 @@ server {
|
||||||
location ~ /\.hg/ {return 404;}
|
location ~ /\.hg/ {return 404;}
|
||||||
location ~ /\.bzr/ {return 404;}
|
location ~ /\.bzr/ {return 404;}
|
||||||
|
|
||||||
disable_symlinks if_not_owner from=%sdocroot%;
|
disable_symlinks if_not_owner from=%docroot%;
|
||||||
|
|
||||||
include %home%/%user%/conf/web/snginx.%domain%.conf*;
|
include %home%/%user%/conf/web/snginx.%domain%.conf*;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,17 @@
|
||||||
server {
|
server {
|
||||||
listen %ip%:%proxy_ssl_port% ssl http2;
|
listen %ip%:%proxy_ssl_port% http2;
|
||||||
server_name %domain_idn% %alias_idn%;
|
server_name %domain_idn% %alias_idn%;
|
||||||
|
ssl on;
|
||||||
ssl_certificate %ssl_pem%;
|
ssl_certificate %ssl_pem%;
|
||||||
ssl_certificate_key %ssl_key%;
|
ssl_certificate_key %ssl_key%;
|
||||||
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
error_log /var/log/httpd/domains/%domain%.error.log error;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass https://%ip%:%web_ssl_port%;
|
proxy_pass https://%ip%:%web_ssl_port%;
|
||||||
location ~* ^.+\.(%proxy_extentions%)$ {
|
location ~* ^.+\.(%proxy_extentions%)$ {
|
||||||
root %sdocroot%;
|
root %sdocroot%;
|
||||||
access_log /var/log/%web_system%/domains/%domain%.log combined;
|
access_log /var/log/httpd/domains/%domain%.log combined;
|
||||||
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
|
access_log /var/log/httpd/domains/%domain%.bytes bytes;
|
||||||
expires max;
|
expires max;
|
||||||
try_files $uri @fallback;
|
try_files $uri @fallback;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
server {
|
server {
|
||||||
listen %ip%:%proxy_port%;
|
listen %ip%:%proxy_port%;
|
||||||
server_name %domain_idn% %alias_idn%;
|
server_name %domain_idn% %alias_idn%;
|
||||||
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
error_log /var/log/httpd/domains/%domain%.error.log error;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://%ip%:%web_port%;
|
proxy_pass http://%ip%:%web_port%;
|
||||||
location ~* ^.+\.(%proxy_extentions%)$ {
|
location ~* ^.+\.(%proxy_extentions%)$ {
|
||||||
root %docroot%;
|
root %docroot%;
|
||||||
access_log /var/log/%web_system%/domains/%domain%.log combined;
|
access_log /var/log/httpd/domains/%domain%.log combined;
|
||||||
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
|
access_log /var/log/httpd/domains/%domain%.bytes bytes;
|
||||||
expires max;
|
expires max;
|
||||||
try_files $uri @fallback;
|
try_files $uri @fallback;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue