github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-20 21:34:11 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: github:master
Branches Tags
github:master
github:vesta-2.0
github:feature/r-1.0.0.7
github:fix/edit-server
github:feature/reset-mail
github:release/1.0.0-6-api
github:release/1.0.0-6-ui
github:feature/responsive-design
github:feature/disk-percentage-values
github:feature/static-media
github:feature/api-enhancements
github:feature/improved-panel-and-fm
github:Skamasle-patch-10
github:feature/improved-le-and-csr
github:feature/restart-system
github:feature/improved-web-and-server
github:feature/improved-react-ui
github:feature/updated-api-responses
github:feature/react-ui-and-api
github:feature/new-api-interface
github:feature/new-react-ui
github:release/react-integration
github:react-integration
github:Skamasle-patch-9
github:Skamasle-patch-8
github:react-fm
github:dpeca-patch-2
github:Skamasle-patch-7
github:Skamasle-patch-6
github:Skamasle-patch-5
github:Skamasle-patch-4
github:Skamasle-patch-3
github:madeITBelgium-patch-5
github:madeITBelgium-patch-4
github:Skamasle-patch-2
github:dpeca-patch-exim-3
github:dpeca-patch-exim-2
github:dpeca-patch-exim-1
github:Skamasle-patch-1
github:madeITBelgium-patch-1462
github:dpeca-patch-1
github:revert-1323-permissions
github:madeITBelgium-patch-3
github:madeITBelgium-patch-1
github:madeITBelgium-patch-2
github:revert-1065-patch-12
github:madeITBelgium-patch-fix-xxd
github:SysVoid-patch-1
github:revert-516-fix-sec-osci
github:js-stuff
github:0.9.8-9
github:0.9.7
github:0.9.6
github:0.9.5
github:0.9.4
github:1.0.0-5
github:1.0.0-4
github:1.0.0-3
github:0.9.8-27
github:0.9.8-25
github:0.9.8-24
github:0.9.8-23
github:0.9.8-21
github:0.9.8-20
github:0.9.8-19
github:0.9.8-18
github:0.9.8-17
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10
..
compare: github:0.9.8-23
Branches Tags
github:master
github:vesta-2.0
github:feature/r-1.0.0.7
github:fix/edit-server
github:feature/reset-mail
github:release/1.0.0-6-api
github:release/1.0.0-6-ui
github:feature/responsive-design
github:feature/disk-percentage-values
github:feature/static-media
github:feature/api-enhancements
github:feature/improved-panel-and-fm
github:Skamasle-patch-10
github:feature/improved-le-and-csr
github:feature/restart-system
github:feature/improved-web-and-server
github:feature/improved-react-ui
github:feature/updated-api-responses
github:feature/react-ui-and-api
github:feature/new-api-interface
github:feature/new-react-ui
github:release/react-integration
github:react-integration
github:Skamasle-patch-9
github:Skamasle-patch-8
github:react-fm
github:dpeca-patch-2
github:Skamasle-patch-7
github:Skamasle-patch-6
github:Skamasle-patch-5
github:Skamasle-patch-4
github:Skamasle-patch-3
github:madeITBelgium-patch-5
github:madeITBelgium-patch-4
github:Skamasle-patch-2
github:dpeca-patch-exim-3
github:dpeca-patch-exim-2
github:dpeca-patch-exim-1
github:Skamasle-patch-1
github:madeITBelgium-patch-1462
github:dpeca-patch-1
github:revert-1323-permissions
github:madeITBelgium-patch-3
github:madeITBelgium-patch-1
github:madeITBelgium-patch-2
github:revert-1065-patch-12
github:madeITBelgium-patch-fix-xxd
github:SysVoid-patch-1
github:revert-516-fix-sec-osci
github:js-stuff
github:0.9.8-9
github:0.9.7
github:0.9.6
github:0.9.5
github:0.9.4
github:1.0.0-5
github:1.0.0-4
github:1.0.0-3
github:0.9.8-27
github:0.9.8-25
github:0.9.8-24
github:0.9.8-23
github:0.9.8-21
github:0.9.8-20
github:0.9.8-19
github:0.9.8-18
github:0.9.8-17
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10

No commits in common. "master" and "0.9.8-23" have entirely different histories.
master ... 0.9.8-23

1713 changed files with 17300 additions and 83243 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -4,6 +4,3 @@
*.gz *.gz
.vscode .vscode
.DS_Store .DS_Store
src/react/node_modules
src/react/build
/.idea

8
README.md
View file

@ -1,8 +1,6 @@
[Vesta Control Panel](http://vestacp.com/) [Vesta Control Panel](http://vestacp.com/)
================================================== ==================================================
Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
[![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
* Vesta is an open source hosting control panel. * Vesta is an open source hosting control panel.
@ -18,7 +16,7 @@ ssh root@your.server
Download the installation script, and run it: Download the installation script, and run it:
```bash ```bash
curl https://vestacp.com/pub/vst-install.sh | bash curl http://vestacp.com/pub/vst-install.sh | bash
``` ```
How to install (3 step) How to install (3 step)
@ -31,7 +29,7 @@ ssh root@your.server
Download the installation script: Download the installation script:
```bash ```bash
curl -O https://vestacp.com/pub/vst-install.sh curl -O http://vestacp.com/pub/vst-install.sh
``` ```
Then run it: Then run it:
```bash ```bash
@ -40,5 +38,5 @@ bash vst-install.sh
License License
---------------------------- ----------------------------
Vesta is licensed under [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license Vesta is licensed under [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license

5
SECURITY.md
View file

@ -1,5 +0,0 @@
# Security Policy
## Reporting a Vulnerability
Please report security issues to dev@vestacp.com

4
bin/v-activate-vesta-license
View file

@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
# Checking arg number # Checking arg number
check_args '2' "$#" 'MODULE LICENSE' check_args '2' "$#" 'MODULE LICENSE'
is_user_format_valid "$license" "license"
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
@ -35,7 +35,7 @@ is_user_format_valid "$license" "license"
# Activating license # Activating license
v_host='https://vestacp.com/checkout' v_host='https://vestacp.com/checkout'
answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module") answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
check_result $? "cant' connect to vestacp.com " $E_CONNECT check_result $? "cant' connect to vestacp.com " $E_CONNECT
# Checking server answer # Checking server answer

7
bin/v-add-backup-host
View file

@ -38,7 +38,8 @@ EOF
sftpc() { sftpc() {
expect -f "-" <<EOF "$@" expect -f "-" <<EOF "$@"
set count 0 set count 0
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
Port=$port $user@$host
expect { expect {
"password:" { "password:" {
send "$password\r" send "$password\r"
@ -93,14 +94,12 @@ EOF
if [ "$type" != 'local' ];then if [ "$type" != 'local' ];then
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]" check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
is_format_valid 'user' 'host' 'path' 'port' is_format_valid 'host'
is_password_valid is_password_valid
if [ "$type" = 'sftp' ]; then if [ "$type" = 'sftp' ]; then
which expect >/dev/null 2>&1 which expect >/dev/null 2>&1
check_result $? "expect command not found" $E_NOTEXIST check_result $? "expect command not found" $E_NOTEXIST
fi fi
host "$host" >/dev/null 2>&1
check_result $? "host connection failed" "$E_CONNECT"
fi fi

2
bin/v-add-dns-on-web-alias
View file

@ -55,7 +55,7 @@ if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
fi fi
# Adding top-level domain and then its sub # Adding top-level domain and then its sub
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null $BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' $restart >> /dev/null
# Checking top-level domain # Checking top-level domain
if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then

8
bin/v-add-dns-record
View file

@ -45,12 +45,10 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
fi fi
fi fi
if [ $rtype != "CAA" ]; then dvalue=${dvalue//\"/}
dvalue=${dvalue//\"/}
if [[ "$dvalue" =~ [\;[:space:]] ]]; then if [[ "$dvalue" =~ [\;[:space:]] ]]; then
dvalue='"'"$dvalue"'"' dvalue='"'"$dvalue"'"'
fi
fi fi
# Additional argument formatting # Additional argument formatting

10
bin/v-add-firewall-chain
View file

@ -22,7 +22,7 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
iptables="/sbin/iptables" iptables="/sbin/iptables"
# Get vesta port by reading nginx.conf # Get vesta port by reading nginx.conf
vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||") vestaport=$(grep 'listen' /usr/local/vesta/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
if [ -z "$vestaport" ]; then if [ -z "$vestaport" ]; then
vestaport=8083 vestaport=8083
fi fi
@ -47,13 +47,7 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
# Checking known chains # Checking known chains
case $chain in case $chain in
SSH) # Get ssh port by reading ssh config file. SSH) port=22; protocol=TCP ;;
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [ -z "$sshport" ]; then
sshport=22
fi
port=$sshport;
protocol=TCP ;;
FTP) port=21; protocol=TCP ;; FTP) port=21; protocol=TCP ;;
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;; MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
DNS) port=53; protocol=UDP ;; DNS) port=53; protocol=UDP ;;

368
bin/v-add-letsencrypt-domain
View file

@ -1,8 +1,13 @@
#!/bin/bash #!/bin/bash
# info: check letsencrypt domain # info: adding letsencrypt ssl cetificate for domain
# options: USER DOMAIN [ALIASES] # options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
# #
# The function check and validates domain with Let's Encript # The function turns on SSL support for a domain. Parameter ssl_dir is a path
# to directory where 2 or 3 ssl files can be found. Certificate file
# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
# authority domain.tld.ca file is optional. If home directory parameter
# (ssl_home) is not set, https domain uses public_shtml as separate
# documentroot directory.
#----------------------------------------------------------# #----------------------------------------------------------#
@ -13,9 +18,8 @@
user=$1 user=$1
domain=$2 domain=$2
aliases=$3 aliases=$3
restart=$4
# LE API notify=$5
API='https://acme-v02.api.letsencrypt.org'
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -23,346 +27,98 @@ source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
# Additional argument formatting # Additional argument formatting
format_identifier_idn() { format_domain_idn
identifier_idn=$identifier
if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
identifier_idn=$(idn -t --quiet -a $identifier_idn)
fi
}
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
# Save http response to file passed as "$4" arg or print to stdout if not provided
# http response headers are always sent to stdout
local save_to_file=${4:-"/dev/stdout"}
curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
}
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [ALIASES]' check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
is_format_valid 'user' 'domain' 'aliases' is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain"
get_domain_values 'web'
echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
if [[ "$aliases" != "*.$domain" ]]; then
for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
if [ -z "$check_alias" ]; then
echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_NOTEXIST "domain alias $alias doesn't exist"
fi
done
fi;
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Parsing domain data
get_domain_values 'web'
# Registering LetsEncrypt user account # Registering LetsEncrypt user account
echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-add-letsencrypt-user $user $BIN/v-add-letsencrypt-user $user
echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
touch $VESTA/data/queue/letsencrypt.pipe touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice "LETSENCRYPT" "Account registration failed" send_notice "LETSENCRYPT" "Account registration failed"
echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "LE account registration" >/dev/null check_result $E_CONNECT "LE account registration" >/dev/null
fi fi
# Parsing LetsEncrypt account data # Parsing LetsEncrypt account data
source $USER_DATA/ssl/le.conf source $USER_DATA/ssl/le.conf
email=$EMAIL
# Checking wildcard alias # Validating domain and aliases
if [ "$aliases" = "*.$domain" ]; then i=1
echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
wildcard='yes' $BIN/v-check-letsencrypt-domain $user $alias
proto="dns-01" if [ "$?" -ne 0 ]; then
if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then touch $VESTA/data/queue/letsencrypt.pipe
echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
check_result $E_NOTEXIST "DNS domain $domain doesn't exist" send_notice "LETSENCRYPT" "$alias validation failed"
fi check_result $E_INVALID "LE domain validation" >/dev/null
else
proto="http-01"
fi
# Requesting nonce / STEP 1
echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(curl -s -I "$API/directory")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt nonce request status $status"
fi
# Placing new order / STEP 2
echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
url="$API/acme/new-order"
payload='{"identifiers":['
for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
format_identifier_idn
payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
done
payload=$(echo "$payload"|sed "s/,$//")
payload=$payload']}'
echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$url" "$payload" "$nonce")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 201 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt new auth status $status"
fi
# Requesting authorization token / STEP 3
echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
for auth in $authz; do
payload=''
echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$auth" "$payload" "$nonce")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
fi fi
# Configuring challenge / STEP 4 # Checking LE limits per account
echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log if [ "$i" -gt 100 ]; then
echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log touch $VESTA/data/queue/letsencrypt.pipe
if [ "$wildcard" = 'yes' ]; then sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
record=$(printf "%s" "$token.$THUMB" |\ send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
openssl dgst -sha256 -binary |encode_base64) check_result $E_LIMIT "LE can't sign more than 100 domains"
old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
for old_record in $old_records; do
$BIN/v-delete-dns-record "$user" "$domain" "$old_record"
done
$BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
exitstatus=$?
echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
if [ "$exitstatus" -ne 0 ]; then
echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
fi
check_result $exitstatus "DNS _acme-challenge record wasn't created"
else
if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
# if vesta is behind main nginx
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
acme_challenge="$well_known/acme-challenge"
mkdir -p $acme_challenge
echo "$token.$THUMB" > $acme_challenge/$token
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
chown -R $user:$user $well_known
else
# default nginx method
conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
# if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
> $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$THUMB'";' >> $conf
echo '}' >> $conf
# fi
echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-restart-proxy
if [ -z "$PROXY_SYSTEM" ]; then
# apache-less variant
echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-restart-web
fi
exitstatus=$?
if [ "$exitstatus" -ne 0 ]; then
echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
fi
check_result $exitstatus "Proxy restart failed" >/dev/null
fi
else
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
acme_challenge="$well_known/acme-challenge"
mkdir -p $acme_challenge
echo "$token.$THUMB" > $acme_challenge/$token
chown -R $user:$user $well_known
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
# $BIN/v-restart-web
# check_result $? "Web restart failed" >/dev/null
fi
fi
# Requesting ACME validation / STEP 5
echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
validation_check=$(echo "$answer" |grep '"valid"')
echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
if [[ ! -z "$validation_check" ]]; then
validation='valid'
else
validation='pending'
fi
# Doing pol check on status
i=1
while [ "$validation" = 'pending' ]; do
echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
payload='{}'
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$url" "$payload" "$nonce")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt validation status $status"
fi
i=$((i + 1))
if [ "$i" -gt 10 ]; then
echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt domain validation timeout"
fi
sleeping=$((i*2))
echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
sleep $sleeping
done
if [ "$validation" = 'invalid' ]; then
echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt domain verification failed"
fi fi
i=$((i++))
done done
# Generating CSR
# Generating new ssl certificate ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}') "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
# Sending CSR to finalize order / STEP 6 # Signing CSR
echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
if [ "$?" -ne 0 ]; then
csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64) touch $VESTA/data/queue/letsencrypt.pipe
payload='{"csr":"'$csr'"}' sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log send_notice "LETSENCRYPT" "$alias validation failed"
answer=$(query_le_v2 "$finalize" "$payload" "$nonce") check_result "$E_INVALID" "LE $domain validation"
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
fi fi
echo "$crt" > $ssl_dir/$domain.crt
# Downloading signed certificate / STEP 7 # Dowloading CA certificate
echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log le_certs='https://letsencrypt.org/certs'
echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log x1='lets-encrypt-x1-cross-signed.pem.txt'
answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem") x3='lets-encrypt-x3-cross-signed.pem.txt'
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') if [ -z "$(echo $issuer|grep X3)" ]; then
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
if [[ "$status" -ne 200 ]]; then else
[ -d "$ssl_dir" ] && rm -rf "$ssl_dir" curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
fi
# Splitting up downloaded pem
# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
ca_end=$(( pem_lines - crt_end + 1 ))
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
# Temporary fix for double "END CERTIFICATE"
if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
sed -i '1,2d' $ssl_dir/$domain.ca
fi fi
# Adding SSL # Adding SSL
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME') ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1 $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
exitstatus=$? if [ "$?" -ne '0' ]; then
echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
if [ "$exitstatus" -ne '0' ]; then
touch $VESTA/data/queue/letsencrypt.pipe touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
send_notice 'LETSENCRYPT' "$domain certificate installation failed" send_notice 'LETSENCRYPT' "$domain certificate installation failed"
check_result $exitstatus "SSL install" >/dev/null check_result $? "SSL install" >/dev/null
fi fi
# Adding LE autorenew cronjob # Adding LE autorenew cronjob
@ -379,19 +135,23 @@ if [ -z "$LETSENCRYPT" ]; then
fi fi
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes' update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
#----------------------------------------------------------# #----------------------------------------------------------#
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#
# Deleteing task from queue # Restarting web
touch $VESTA/data/queue/letsencrypt.pipe $BIN/v-restart-web $restart
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe if [ "$?" -ne 0 ]; then
send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
fi
# Notifying user # Notifying user
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully" send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
# Deleteing task from queue
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
# Logging # Logging
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

125
bin/v-add-letsencrypt-user
View file

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
# info: register letsencrypt user account # info: register letsencrypt user account
# options: USER # options: USER [EMAIL]
# #
# The function creates and register LetsEncript account # The function creates and register LetsEncript account key
#----------------------------------------------------------# #----------------------------------------------------------#
@ -11,9 +11,8 @@
# Argument definition # Argument definition
user=$1 user=$1
email=$2
# LE API key_size=4096
API='https://acme-v02.api.letsencrypt.org'
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -24,38 +23,15 @@ encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n=' cat |base64 |tr '+/' '-_' |tr -d '\r\n='
} }
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
curl -s -i -d "$post_data" "$1" -H "$content"
}
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER' check_args '1' "$#" 'USER [EMAIL]'
is_format_valid 'user' is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
if [ -e "$USER_DATA/ssl/le.conf" ]; then if [ -e "$USER_DATA/ssl/le.conf" ]; then
source "$USER_DATA/ssl/le.conf"
fi
if [ ! -z "$KID" ]; then
exit exit
fi fi
@ -64,57 +40,57 @@ fi
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
api='https://acme-v01.api.letsencrypt.org'
# Defining user email if [ -z "$email" ]; then
if [[ -z "$EMAIL" ]]; then email=$(get_user_value '$CONTACT')
EMAIL=$(get_user_value '$CONTACT')
fi fi
# Defining user agreement agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
agreement=''
# Generating user key # Generating key
KEY="$USER_DATA/ssl/user.key" key="$USER_DATA/ssl/user.key"
if [ ! -e "$KEY" ]; then if [ ! -e "$key" ]; then
openssl genrsa -out $KEY 4096 >/dev/null 2>&1 openssl genrsa -out $key $key_size >/dev/null 2>&1
chmod 600 $KEY chmod 600 $key
fi fi
# Defining key exponent # Defining key exponent
if [ -z "$EXPONENT" ]; then exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\ grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ xxd -r -p |encode_base64)
xxd -r -p |encode_base64)
fi
# Defining key modulus # Defining key modulus
if [ -z "$MODULUS" ]; then modulus=$(openssl rsa -in "$key" -modulus -noout |\
MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\ sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
fi
# Defining JWK # Defining key thumb
jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}' thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
# Defining key thumbnail # Defining JWK header
if [ -z "$THUMB" ]; then header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)" header='{"alg":"RS256","jwk":'"$header"'}'
fi
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Requesting ACME nonce # Defining registration query
nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n') query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
query=$query'"agreement":"'$agreement'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Creating ACME account # Sending request to LetsEncrypt API
url="$API/acme/new-acct" answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
payload='{"termsOfServiceAgreed": true}' status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
answer=$(query_le_v2 "$url" "$payload" "$nonce")
kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
# Checking answer status # Checking http answer status
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
if [[ "${status:0:2}" -ne "20" ]]; then check_result $E_CONNECT "LetsEncrypt account registration $status"
check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
fi fi
@ -123,17 +99,12 @@ fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Adding le.conf # Adding le.conf
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf chmod 660 $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
chmod 660 $USER_DATA/ssl/le.conf
else
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi
# Logging # Logging
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

106
bin/v-add-sys-mail-ssl
View file

@ -1,106 +0,0 @@
#!/bin/bash
# info: copy mail ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to mail SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/mail.crt"
vst_key="$VESTA/ssl/mail.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old >/dev/null 2>&1
mv $vst_key $vst_key.old >/dev/null 2>&1
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Updating vesta.conf
if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

97
bin/v-add-sys-vesta-ssl
View file

@ -1,97 +0,0 @@
#!/bin/bash
# info: add vesta ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to vesta SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old
mv $vst_key $vst_key.old
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
if [ ! -z "$FTP_SYSTEM" ]; then
$BIN/v-restart-service "$FTP_SYSTEM"
fi
if [ -e "/var/run/vesta-nginx.pid" ]; then
kill -HUP $(cat /var/run/vesta-nginx.pid)
else
service vesta restart
fi
fi
# Updating vesta.conf
if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

19
bin/v-add-web-domain
View file

@ -48,8 +48,6 @@ is_object_unsuspended 'user' 'USER' "$user"
is_package_full 'WEB_DOMAINS' 'WEB_ALIASES' is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
is_domain_new 'web' "$domain,$aliases" is_domain_new 'web' "$domain,$aliases"
is_dir_symlink $HOMEDIR/$user/web is_dir_symlink $HOMEDIR/$user/web
if_dir_exists $HOMEDIR/$user/web/$domain
is_dir_symlink $HOMEDIR/$user/web/$domain
if [ ! -z "$ip" ]; then if [ ! -z "$ip" ]; then
is_ip_valid "$ip" "$user" is_ip_valid "$ip" "$user"
else else
@ -65,7 +63,7 @@ fi
source $USER_DATA/user.conf source $USER_DATA/user.conf
# Creating domain directories # Creating domain directories
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \ mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \ $HOMEDIR/$user/web/$domain/document_errors \
@ -82,7 +80,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
$HOMEDIR/$user/web/$domain/logs/ $HOMEDIR/$user/web/$domain/logs/
# Adding domain skeleton # Adding domain skeleton
sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1 cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
sed -i "s/%domain%/$domain/g" $file sed -i "s/%domain%/$domain/g" $file
done done
@ -91,9 +89,9 @@ done
chown -R $user:$user $HOMEDIR/$user/web/$domain chown -R $user:$user $HOMEDIR/$user/web/$domain
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/* chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.* chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
# Addding PHP-FPM backend # Addding PHP-FPM backend
if [ ! -z "$WEB_BACKEND" ]; then if [ ! -z "$WEB_BACKEND" ]; then
@ -115,12 +113,9 @@ if [ "$aliases" = 'none' ]; then
ALIAS='' ALIAS=''
else else
ALIAS="www.$domain" ALIAS="www.$domain"
if [ -z "$aliases" ]; then if [ ! -z "$aliases" ]; then
ALIAS="www.$domain" ALIAS="$ALIAS,$aliases"
else
ALIAS="$aliases"
fi fi
ip_alias=$(get_ip_alias $domain) ip_alias=$(get_ip_alias $domain)
if [ ! -z "$ip_alias" ]; then if [ ! -z "$ip_alias" ]; then
ALIAS="$ALIAS,$ip_alias" ALIAS="$ALIAS,$ip_alias"

2
bin/v-add-web-domain-backend
View file

@ -46,7 +46,7 @@ fi
# Allocating backend port # Allocating backend port
backend_port=9000 backend_port=9000
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*) ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
ports=$(echo "$ports" |sed "s/://" |sort -n) ports=$(echo "$ports" |sed "s/://" |sort -n)
for port in $ports; do for port in $ports; do
if [ "$backend_port" -eq "$port" ]; then if [ "$backend_port" -eq "$port" ]; then

2
bin/v-add-web-domain-ftp
View file

@ -84,7 +84,7 @@ fi
/usr/sbin/useradd $ftp_user \ /usr/sbin/useradd $ftp_user \
-s $shell \ -s $shell \
-o -u $(id -u $user) \ -o -u $(id -u $user) \
-g $(id -g $user) \ -g $(id -u $user) \
-M -d "$ftp_path_a" > /dev/null 2>&1 -M -d "$ftp_path_a" > /dev/null 2>&1
# Set ftp user password # Set ftp user password

22
bin/v-add-web-domain-ssl
View file

@ -120,22 +120,6 @@ check_result $? "Web restart failed" >/dev/null
$BIN/v-restart-proxy $restart $BIN/v-restart-proxy $restart
check_result $? "Proxy restart failed" >/dev/null check_result $? "Proxy restart failed" >/dev/null
# Updating system ssl dependencies
if [ ! -z "$VESTA_CERTIFICATE" ]; then
crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
hostname=$(hostname) hostname=$(hostname)
if [ "$hostname" = "$domain" ]; then if [ "$hostname" = "$domain" ]; then
@ -143,12 +127,6 @@ if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
fi fi
fi fi
UPDATE_SSL_SCRIPT=''
source $VESTA/conf/vesta.conf
if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
eval "$UPDATE_SSL_SCRIPT $user $domain"
fi
# Logging # Logging
log_history "enabled ssl support for $domain" log_history "enabled ssl support for $domain"
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

39
bin/v-backup-user
View file

@ -216,32 +216,24 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
cp $USER_DATA/ssl/$domain.* vesta/ cp $USER_DATA/ssl/$domain.* vesta/
fi fi
# Changin dir to documentroot
cd $HOMEDIR/$user/web/$domain
# Define exclude arguments # Define exclude arguments
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
set -f set -f
fargs=() fargs=()
fargs+=(--exclude='./logs/*') fargs+=(--exclude='logs/*')
if [ ! -z "$exlusion" ]; then if [ ! -z "$exlusion" ]; then
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
for xpath in $xdirs; do for xpath in $xdirs; do
if [ -d "$xpath" ]; then fargs+=(--exclude=$xpath/*)
fargs+=(--exclude=$xpath/*) echo "$(date "+%F %T") excluding directory $xpath"
echo "$(date "+%F %T") excluding directory $xpath" msg="$msg\n$(date "+%F %T") excluding directory $xpath"
msg="$msg\n$(date "+%F %T") excluding directory $xpath"
else
echo "$(date "+%F %T") excluding file $xpath"
msg="$msg\n$(date "+%F %T") excluding file $xpath"
fargs+=(--exclude=$xpath)
fi
done done
fi fi
set +f set +f
# Backup files # Backup files
tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz cd $HOMEDIR/$user/web/$domain
tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
done done
# Print total # Print total
@ -460,15 +452,11 @@ if [ "$USER" != '*' ]; then
fi fi
fargs=() fargs=()
for xpath in $(echo "$USER" |tr ',' '\n'); do for xpath in $(echo "$USER" |tr ',' '\n'); do
if [ -d "$xpath" ]; then fargs+=(-not)
fargs+=(--exclude=$xpath/*) fargs+=(-path)
echo "$(date "+%F %T") excluding directory $xpath" |\ fargs+=("./$xpath*")
echo "$(date "+%F %T") excluding directory $xpath" |\
tee -a $BACKUP/$user.log tee -a $BACKUP/$user.log
else
echo "$(date "+%F %T") excluding file $xpath" |\
tee -a $BACKUP/$user.log
fargs+=(--exclude=$xpath)
fi
done done
IFS=$'\n' IFS=$'\n'
@ -479,12 +467,11 @@ if [ "$USER" != '*' ]; then
exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$") exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
if [ -z "$exclusion" ]; then if [ -z "$exclusion" ]; then
((i ++)) ((i ++))
udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g") udir_list="$udir_list $udir"
udir_list="$udir_list $udir_str"
echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
# Backup files and dirs # Backup files and dirs
tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
fi fi
done done
set +f set +f
@ -595,7 +582,7 @@ ftp_backup() {
fi fi
# Debug info # Debug info
echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar" echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
# Checking ftp connection # Checking ftp connection
fconn=$(ftpc) fconn=$(ftpc)

3
bin/v-backup-users
View file

@ -28,9 +28,6 @@ if [ -z "$BACKUP_SYSTEM" ]; then
exit exit
fi fi
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf) check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
log=$VESTA/log/backup.log log=$VESTA/log/backup.log
if [ ! -z "$check_suspend" ]; then if [ ! -z "$check_suspend" ]; then

5
bin/v-change-mail-account-password
View file

@ -52,11 +52,8 @@ salt=$(generate_password "$PW_MATRIX" "8")
md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)" md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
if [[ "$MAIL_SYSTEM" =~ exim ]]; then if [[ "$MAIL_SYSTEM" =~ exim ]]; then
quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M" str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
fi fi

1
bin/v-change-sys-config-value
View file

@ -28,7 +28,6 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
check_args '2' "$#" 'KEY VALUE' check_args '2' "$#" 'KEY VALUE'
is_format_valid 'key' is_format_valid 'key'
format_no_quotes "$value" 'value'
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #

13
bin/v-change-sys-service-config
View file

@ -63,7 +63,6 @@ case $service in
spamd) dst=$($BIN/v-list-sys-spamd-config plain);; spamd) dst=$($BIN/v-list-sys-spamd-config plain);;
spamassassin) dst=$($BIN/v-list-sys-spamd-config plain);; spamassassin) dst=$($BIN/v-list-sys-spamd-config plain);;
clamd) dst=$($BIN/v-list-sys-clamd-config plain);; clamd) dst=$($BIN/v-list-sys-clamd-config plain);;
clamd.scan) dst=$($BIN/v-list-sys-clamd-config plain);;
cron) dst='/etc/crontab';; cron) dst='/etc/crontab';;
crond) dst='/etc/crontab';; crond) dst='/etc/crontab';;
fail2ban) dst='/etc/fail2ban/jail.local';; fail2ban) dst='/etc/fail2ban/jail.local';;
@ -96,21 +95,13 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
if [ "$service" = 'php' ]; then if [ "$service" = 'php' ]; then
if [ "$WEB_SYSTEM" = "nginx" ]; then if [ "$WEB_SYSTEM" = "nginx" ]; then
if [ $(ps --no-headers -o comm 1) == systemd ]; then service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
service=$(systemctl | grep -o -E "php.*fpm.*\.service")
service=${service//.service/}
else
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
fi
else else
service=$WEB_SYSTEM service=$WEB_SYSTEM
fi fi
fi fi
for single_service in $service; do service $service restart >/dev/null 2>&1
service $single_service restart >/dev/null 2>&1
done <<< "$service"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
for config in $dst; do for config in $dst; do
cat $config.vst.back > $config cat $config.vst.back > $config

35
bin/v-change-user-package
View file

@ -16,12 +16,16 @@ force=$3
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
is_package_avalable() { is_package_avalable() {
source $USER_DATA/user.conf usr_data=$(cat $USER_DATA/user.conf)
IFS=$'\n'
for key in $usr_data; do
eval ${key%%=*}=${key#*=}
done
WEB_DOMAINS='0' WEB_DOMAINS='0'
DATABASES='0' DATABASES='0'
MAIL_DOMAINS='0' MAIL_DOMAINS='0'
@ -29,13 +33,9 @@ is_package_avalable() {
DISK_QUOTA='0' DISK_QUOTA='0'
BANDWIDTH='0' BANDWIDTH='0'
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE") pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
IFS=$'\n' grep -v DATE)
for str in $pkg_data; do eval $pkg_data
key=$(echo $str |cut -f 1 -d =)
value=$(echo $str |cut -f 2 -d \')
eval $key="$value"
done
# Checking usage agains package limits # Checking usage agains package limits
if [ "$WEB_DOMAINS" != 'unlimited' ]; then if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,22 +73,11 @@ is_package_avalable() {
check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
fi fi
fi fi
# Checking templates
is_web_template_valid $WEB_TEMPLATE
is_dns_template_valid $DNS_TEMPLATE
is_proxy_template_valid $PROXY_TEMPLATE
} }
change_user_package() { change_user_package() {
source $USER_DATA/user.conf eval $(cat $USER_DATA/user.conf)
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE") eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
IFS=$'\n'
for str in $pkg_data; do
key=$(echo $str |cut -f 1 -d =)
value=$(echo $str |cut -f 2 -d \')
eval $key="$value"
done
echo "FNAME='$FNAME' echo "FNAME='$FNAME'
LNAME='$LNAME' LNAME='$LNAME'
PACKAGE='$package' PACKAGE='$package'
@ -167,7 +156,7 @@ fi
change_user_package change_user_package
# Update user shell # Update user shell
shell_conf=$(echo "$pkg_data" |grep 'SHELL' |cut -f 2 -d \') shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
shell=$(grep -w "$shell_conf" /etc/shells |head -n1) shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
/usr/bin/chsh -s "$shell" "$user" &>/dev/null /usr/bin/chsh -s "$shell" "$user" &>/dev/null

7
bin/v-change-user-password
View file

@ -13,10 +13,6 @@
user=$1 user=$1
password=$2; HIDE=2 password=$2; HIDE=2
# Importing system enviroment as we run this script
# mostly by cron wich not read it by itself
source /etc/profile
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
@ -26,9 +22,6 @@ source $VESTA/conf/vesta.conf
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
if [ "$user" = "root" ]; then
check_result $E_FORBIDEN "Changing root password is forbiden"
fi
check_args '2' "$#" 'USER PASSWORD' check_args '2' "$#" 'USER PASSWORD'
is_format_valid 'user' is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

60
bin/v-change-vesta-port
View file

@ -1,60 +0,0 @@
#!/bin/bash
# info: change vesta port
# options: port
#
# Function will change vesta port
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
port=$1
if [ -z "$VESTA" ]; then
VESTA="/usr/local/vesta"
fi
# Get current vesta port by reading nginx.conf
oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
if [ -z "$oldport" ]; then
oldport=8083
fi
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Checking permissions
if [ "$(id -u)" != '0' ]; then
check_result $E_FORBIDEN "You must be root to execute this script"
fi
check_args '1' "$#" 'PORT'
is_int_format_valid "$port" 'port number'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
fi
sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
$VESTA/bin/v-update-firewall
systemctl restart fail2ban.service
sed -i "s| $oldport | $port |g" /etc/iptables.rules
systemctl restart vesta
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit 0;

2
bin/v-change-web-domain-backend-tpl
View file

@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf
# Allocating backend port # Allocating backend port
backend_port=9000 backend_port=9000
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*) ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
ports=$(echo "$ports" |sed "s/://" |sort -n) ports=$(echo "$ports" |sed "s/://" |sort -n)
for port in $ports; do for port in $ports; do
if [ "$backend_port" -eq "$port" ]; then if [ "$backend_port" -eq "$port" ]; then

162
bin/v-check-letsencrypt-domain Executable file
View file

@ -0,0 +1,162 @@
#!/bin/bash
# info: check letsencrypt domain
# options: USER DOMAIN
#
# The function check and validates domain with LetsEncript
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Additional argument formatting
format_domain_idn
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
if [ -z "$rdomain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
r_domain=$(echo "$rdomain" |cut -f 2 -d \')
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
query='{"resource":"new-authz","identifier"'
query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
# Checking http answer status
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
if [[ "$status" -ne "201" ]]; then
check_result $E_CONNECT "LetsEncrypt challenge request $status"
fi
# Parsing domain nonce,token and uri
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
# Adding location wrapper for request challenge
if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$thumb'";' >> $conf
echo '}' >> $conf
fi
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
else
acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
if [ ! -d "$acme" ]; then
mkdir -p $acme
fi
echo "$token.$thumb" > $acme/$token
chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
fi
# Restarting web server
if [ -z "$PROXY_SYSTEM" ]; then
$BIN/v-restart-web
check_result $? "Proxy restart failed" >/dev/null
else
$BIN/v-restart-proxy
$BIN/v-restart-web
check_result $? "Web restart failed" >/dev/null
fi
# Defining ACME query (request validation)
query='{"resource":"challenge","type":"http-01","keyAuthorization"'
query=$query':"'$token.$thumb'","token":"'$token'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$uri")
# Checking domain validation status
i=1
status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
while [ "$status" = 'pending' ]; do
answer=$(curl -s -i "$location")
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
sleep 1
i=$((i + 1))
if [ "$i" -gt 60 ]; then
check_result $E_CONNECT "$detail"
fi
done
if [ "$status" = 'invalid' ]; then
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
check_result $E_CONNECT "$detail"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

2
bin/v-deactivate-vesta-license
View file

@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
# Activating license # Activating license
v_host='https://vestacp.com/checkout' v_host='https://vestacp.com/checkout'
answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module") answer=$(curl -s $v_host/cancel.php?licence_key=$license)
check_result $? "cant' connect to vestacp.com " $E_CONNECT check_result $? "cant' connect to vestacp.com " $E_CONNECT
# Checking server answer # Checking server answer

2
bin/v-delete-mail-domain
View file

@ -56,7 +56,7 @@ fi
# Deleting dkim dns record # Deleting dkim dns record
if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
records=$($BIN/v-list-dns-records $user $domain plain) records=$($BIN/v-list-dns-records $user $domain plain)
dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1) dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
for id in $dkim_records; do for id in $dkim_records; do
$BIN/v-delete-dns-record $user $domain $id $BIN/v-delete-dns-record $user $domain $id
done done

75
bin/v-delete-sys-mail-ssl
View file

@ -1,75 +0,0 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
# Moving old certificates
if [ -e "$VESTA/ssl/mail.crt" ]; then
mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
fi
if [ -e "VESTA/ssl/mail.key" ]; then
mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
fi
# Updating vesta.conf value
sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

37
bin/v-delete-sys-vesta-ssl
View file

@ -1,37 +0,0 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Updating vesta.conf value
sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

2
bin/v-delete-user-favourites
View file

@ -32,8 +32,6 @@ case $system in
DNS_REC) is_format_valid 'id' ;; DNS_REC) is_format_valid 'id' ;;
*) is_format_valid 'object' *) is_format_valid 'object'
esac esac
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"

8
bin/v-delete-web-domain-ssl
View file

@ -57,13 +57,7 @@ fi
# Deleting old certificate # Deleting old certificate
tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d) tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
# remove certificate files - do not use wildcard, as this might remove other domains
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
mv $USER_DATA/ssl/$domain.* $tmpdir mv $USER_DATA/ssl/$domain.* $tmpdir
chown -R $user:$user $tmpdir chown -R $user:$user $tmpdir

2
bin/v-extract-fs-archive
View file

@ -82,7 +82,7 @@ fi
# Extracting ziped archive # Extracting ziped archive
if [ ! -z "$(echo $src_file |grep -i '.zip')" ]; then if [ ! -z "$(echo $src_file |grep -i '.zip')" ]; then
sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1 sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1 sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
rc=$? rc=$?
fi fi

2
bin/v-generate-ssl-cert
View file

@ -67,7 +67,7 @@ fi
args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]' args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
check_args '7' "$#" "$args_usage" check_args '7' "$#" "$args_usage"
is_format_valid 'domain' 'alias' 'format' is_format_valid 'domain_alias' 'format'
#----------------------------------------------------------# #----------------------------------------------------------#

2
bin/v-insert-dns-domain
View file

@ -50,7 +50,7 @@ if [ "$flush" = 'records' ]; then
fi fi
# Flush domain # Flush domain
if [ "$flush" != 'no' ]; then if [ "$flush" ! = 'no' ]; then
sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null sed -i "/DOMAIN='$DOMAIN'/d" $USER_DATA/dns.conf 2> /dev/null
fi fi

1
bin/v-list-dns-domain
View file

@ -71,7 +71,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'dns' 'DOMAIN' "$domain" is_object_valid 'dns' 'DOMAIN' "$domain"

11
bin/v-list-letsencrypt-user
View file

@ -23,8 +23,7 @@ json_list() {
"EMAIL": "'$EMAIL'", "EMAIL": "'$EMAIL'",
"EXPONENT": "'$EXPONENT'", "EXPONENT": "'$EXPONENT'",
"MODULUS": "'$MODULUS'", "MODULUS": "'$MODULUS'",
"THUMB": "'$THUMB'", "THUMB: "'$THUMB'"
"KID": "'$KID'"
}' }'
echo '}' echo '}'
} }
@ -36,18 +35,17 @@ shell_list() {
echo "THUMB: $THUMB" echo "THUMB: $THUMB"
echo "EXPONENT: $EXPONENT" echo "EXPONENT: $EXPONENT"
echo "MODULUS: $MODULUS" echo "MODULUS: $MODULUS"
echo "KID: $KID"
} }
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID" echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB"
} }
# CSV list function # CSV list function
csv_list() { csv_list() {
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID" echo "USER,EMAIL,EXPONENT,MODULUS,THUMB"
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID" echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB"
} }
@ -56,7 +54,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist" check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"

3
bin/v-list-mail-domain-dkim-dns
View file

@ -57,7 +57,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'mail' 'DOMAIN' "$domain" is_object_valid 'mail' 'DOMAIN' "$domain"
@ -68,7 +67,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
# Parsing domain keys # Parsing domain keys
if [ -e "$USER_DATA/mail/$domain.pub" ]; then if [ -e "$USER_DATA/mail/$domain.pub" ]; then
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r") pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----")
pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g') pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
else else
pub="DKIM-SUPPORT-IS-NOT-ACTIVATED" pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"

19
bin/v-list-sys-config
View file

@ -51,9 +51,7 @@ json_list() {
"MAIL_URL": "'$MAIL_URL'", "MAIL_URL": "'$MAIL_URL'",
"DB_PMA_URL": "'$DB_PMA_URL'", "DB_PMA_URL": "'$DB_PMA_URL'",
"DB_PGA_URL": "'$DB_PGA_URL'", "DB_PGA_URL": "'$DB_PGA_URL'",
"SOFTACULOUS": "'$SOFTACULOUS'", "SOFTACULOUS": "'$SOFTACULOUS'"
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
} }
}' }'
} }
@ -140,12 +138,6 @@ shell_list() {
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
echo "Language: $LANGUAGE" echo "Language: $LANGUAGE"
fi fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
echo "Mail SSL: $MAIL_CERTIFICATE"
fi
if [ ! -z "$VESTA_CERTIFICATE" ]; then
echo "Vesta SSL: $VESTA_CERTIFICATE"
fi
echo "Version: $VERSION" echo "Version: $VERSION"
} }
@ -159,8 +151,7 @@ plain_list() {
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t" echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t" echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t" echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t" echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
echo -e "$VESTA_CERTIFICATE"
} }
@ -174,8 +165,7 @@ csv_list() {
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM'," echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY'," echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP'," echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS'," echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
echo echo
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL'," echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT'," echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@ -186,7 +176,6 @@ csv_list() {
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY'," echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP'," echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'" echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
echo echo
} }
@ -198,7 +187,7 @@ csv_list() {
# Listing data # Listing data
case $format in case $format in
json) json_list ;; json) json_list ;;
plain) plain_list ;; plain) shell_list ;;
csv) csv_list ;; csv) csv_list ;;
shell) shell_list ;; shell) shell_list ;;
esac esac

135
bin/v-list-sys-mail-ssl
View file

@ -1,135 +0,0 @@
#!/bin/bash
# info: list mail ssl certificate
# options: [FORMAT]
#
# The function of obtaining mail ssl files.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
echo '{'
echo -e "\t\"MAIL\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CA\": \"$ca\","
echo " \"SUBJECT\": \"$subj\","
echo " \"ALIASES\": \"$alt_dns\","
echo " \"NOT_BEFORE\": \"$before\","
echo " \"NOT_AFTER\": \"$after\","
echo " \"SIGNATURE\": \"$signature\","
echo " \"PUB_KEY\": \"$pub_key\","
echo " \"ISSUER\": \"$issuer\""
echo -e "\t}\n}"
}
# SHELL list function
shell_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$crt" ]; then
echo
echo
echo "SUBJECT: $subj"
if [ ! -z "$alt_dns" ]; then
echo "ALIASES: ${alt_dns//,/ }"
fi
echo "VALID FROM: $before"
echo "VALID TIL: $after"
echo "SIGNATURE: $signature"
echo "PUB_KEY: $pub_key"
echo "ISSUER: $issuer"
fi
}
# PLAIN list function
plain_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$ca" ]; then
echo -e "\n$ca"
fi
if [ ! -z "$crt" ]; then
echo "$subj"
echo "${alt_dns//,/ }"
echo "$before"
echo "$after"
echo "$signature"
echo "$pub_key"
echo "$issuer"
fi
}
# CSV list function
csv_list() {
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
echo "PUB_KEY,ISSUER"
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing SSL certificate
if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
exit
fi
crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
# Parsing SSL certificate details without CA
info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

1
bin/v-list-user
View file

@ -154,7 +154,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

1
bin/v-list-user-backup
View file

@ -75,7 +75,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER BACKUP [FORMAT]' check_args '2' "$#" 'USER BACKUP [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'backup' 'BACKUP' "$backup" is_object_valid 'backup' 'BACKUP' "$backup"

2
bin/v-list-user-backups
View file

@ -22,7 +22,7 @@ json_list() {
i=1 i=1
objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l) objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
echo "{" echo "{"
while read -r str; do while read str; do
eval $str eval $str
echo -n ' "'$BACKUP'": { echo -n ' "'$BACKUP'": {
"TYPE": "'$TYPE'", "TYPE": "'$TYPE'",

8
bin/v-list-user-package
View file

@ -22,7 +22,6 @@ json_list() {
echo '{' echo '{'
echo ' "'$PACKAGE'": { echo ' "'$PACKAGE'": {
"WEB_TEMPLATE": "'$WEB_TEMPLATE'", "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'", "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
"DNS_TEMPLATE": "'$DNS_TEMPLATE'", "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
"WEB_DOMAINS": "'$WEB_DOMAINS'", "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -48,7 +47,6 @@ json_list() {
shell_list() { shell_list() {
echo "PACKAGE: $PACKAGE" echo "PACKAGE: $PACKAGE"
echo "WEB TEMPLATE: $WEB_TEMPLATE" echo "WEB TEMPLATE: $WEB_TEMPLATE"
echo "BACKEND_TEMPLATE: $BACKEND_TEMPLATE"
echo "PROXY TEMPLATE: $PROXY_TEMPLATE" echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
echo "DNS TEMPLATE: $DNS_TEMPLATE" echo "DNS TEMPLATE: $DNS_TEMPLATE"
echo "WEB DOMAINS: $WEB_DOMAINS" echo "WEB DOMAINS: $WEB_DOMAINS"
@ -70,7 +68,7 @@ shell_list() {
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t" echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t" echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE" echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -78,11 +76,11 @@ plain_list() {
# CSV list function # CSV list function
csv_list() { csv_list() {
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE," echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS," echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS," echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE" echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS," echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS," echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE" echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"

9
bin/v-list-user-packages
View file

@ -27,7 +27,6 @@ json_list() {
source $VESTA/data/packages/$package source $VESTA/data/packages/$package
echo -n ' "'$PACKAGE'": { echo -n ' "'$PACKAGE'": {
"WEB_TEMPLATE": "'$WEB_TEMPLATE'", "WEB_TEMPLATE": "'$WEB_TEMPLATE'",
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'", "PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
"DNS_TEMPLATE": "'$DNS_TEMPLATE'", "DNS_TEMPLATE": "'$DNS_TEMPLATE'",
"WEB_DOMAINS": "'$WEB_DOMAINS'", "WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -66,7 +65,7 @@ shell_list() {
package_data=$(cat $VESTA/data/packages/$package) package_data=$(cat $VESTA/data/packages/$package)
package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g') package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
eval $package_data eval $package_data
echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS " echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH" echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
done done
} }
@ -76,7 +75,7 @@ plain_list() {
for package in $packages; do for package in $packages; do
source $VESTA/data/packages/$package source $VESTA/data/packages/$package
PACKAGE=${package/.pkg/} PACKAGE=${package/.pkg/}
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t" echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t" echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE" echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -85,13 +84,13 @@ plain_list() {
# CSV list function # CSV list function
csv_list() { csv_list() {
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE," echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS," echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS," echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE" echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
for package in $packages; do for package in $packages; do
PACKAGE=${package/.pkg/} PACKAGE=${package/.pkg/}
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS," echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS," echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE" echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"

1
bin/v-list-user-stats
View file

@ -115,7 +115,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

25
bin/v-list-users
View file

@ -15,14 +15,9 @@ format=${1-shell}
# JSON list function # JSON list function
json_list() { json_list() {
echo '{' echo '{'
object_count=$(grep '@' /etc/passwd |wc -l)
i=1 i=1
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
if [ $i -gt 1 ]; then
echo ","
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n ' "'$USER'": { echo -n ' "'$USER'": {
"FNAME": "'$FNAME'", "FNAME": "'$FNAME'",
@ -79,8 +74,14 @@ json_list() {
"TIME": "'$TIME'", "TIME": "'$TIME'",
"DATE": "'$DATE'" "DATE": "'$DATE'"
}' }'
if [ "$i" -lt "$object_count" ]; then
echo ','
else
echo
fi
((i++)) ((i++))
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)
echo '}' echo '}'
} }
@ -89,9 +90,6 @@ shell_list() {
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE" echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
echo "---- --- --- --- --- -- ---- -- ---- ----" echo "---- --- --- --- --- -- ---- -- ---- ----"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS" echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@ -101,9 +99,6 @@ shell_list() {
# PLAIN list function # PLAIN list function
plain_list() { plain_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t" echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@ -136,9 +131,6 @@ csv_list() {
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf source $VESTA/data/users/$USER/user.conf
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE," echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@ -159,9 +151,6 @@ csv_list() {
# Raw list function # Raw list function
raw_list() { raw_list() {
while read USER; do while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
echo $VESTA/data/users/$USER/user.conf echo $VESTA/data/users/$USER/user.conf
cat $VESTA/data/users/$USER/user.conf cat $VESTA/data/users/$USER/user.conf
done < <(grep '@' /etc/passwd |cut -f1 -d:) done < <(grep '@' /etc/passwd |cut -f1 -d:)

1
bin/v-list-web-domain
View file

@ -110,7 +110,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"

4
bin/v-list-web-domain-ssl
View file

@ -19,7 +19,6 @@ source $VESTA/func/main.sh
# JSON list function # JSON list function
json_list() { json_list() {
issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
echo '{' echo '{'
echo -e "\t\"$domain\": {" echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\"," echo " \"CRT\": \"$crt\","
@ -98,7 +97,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"
@ -112,7 +110,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g') crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt) info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \") subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //") before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //") after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 ) signature=$(echo "$info" |grep "Algorithm:" |head -n1 )

1
bin/v-list-web-domains
View file

@ -100,7 +100,6 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

8
bin/v-restart-proxy
View file

@ -50,13 +50,7 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
fi fi
# Restart system # Restart system
if [ ! -f "/etc/debian_version" ]; then service $PROXY_SYSTEM restart >/dev/null 2>&1
service $PROXY_SYSTEM restart >/dev/null 2>&1
else
systemctl reset-failed $PROXY_SYSTEM
systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
fi
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
send_email_report send_email_report
check_result $E_RESTART "$PROXY_SYSTEM restart failed" check_result $E_RESTART "$PROXY_SYSTEM restart failed"

35
bin/v-restore-user
View file

@ -56,7 +56,6 @@ ftpc() {
quote USER $USERNAME quote USER $USERNAME
quote PASS $PASSWORD quote PASS $PASSWORD
binary binary
lcd $BACKUP
$1 $1
$2 $2
$3 $3
@ -290,7 +289,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
if [ -z "$web" ] || [ "$web" = '*' ]; then if [ -z "$web" ] || [ "$web" = '*' ]; then
domains="$backup_domains" domains="$backup_domains"
else else
echo "$web" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt) domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
fi fi
@ -407,21 +406,15 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
fi fi
# Restoring web domain data # Restoring web domain data
chown $user $tmpdir tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
chmod u+w $HOMEDIR/$user/web/$domain -C $HOMEDIR/$user/web/$domain/
sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ if [ "$?" -ne 0 ]; then
-C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \ rm -rf $tmpdir
2> $HOMEDIR/$user/web/$domain/restore_errors.log error="can't unpack $domain data tarball"
if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then echo "$error" |$SENDMAIL -s "$subj" $email $notify
chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
check_result "$E_PARSING" "$error"
fi fi
#if [ "$?" -ne 0 ]; then
# rm -rf $tmpdir
# error="can't unpack $domain data tarball"
# echo "$error" |$SENDMAIL -s "$subj" $email $notify
# sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
# check_result "$E_PARSING" "$error"
#fi
# Applying Fix for tar < 1.24 # Applying Fix for tar < 1.24
find $HOMEDIR/$user/web/$domain -type d \ find $HOMEDIR/$user/web/$domain -type d \
@ -459,7 +452,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
if [ -z "$dns" ] || [ "$dns" = '*' ]; then if [ -z "$dns" ] || [ "$dns" = '*' ]; then
domains="$backup_domains" domains="$backup_domains"
else else
echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt) domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
fi fi
@ -539,7 +532,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
if [ -z "$mail" ] || [ "$mail" = '*' ]; then if [ -z "$mail" ] || [ "$mail" = '*' ]; then
domains="$backup_domains" domains="$backup_domains"
else else
echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt) domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
fi fi
@ -599,9 +592,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
# Restoring emails # Restoring emails
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
chown $user $tmpdir tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
chmod u+w $HOMEDIR/$user/mail/$domain_idn
sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
-C $HOMEDIR/$user/mail/$domain_idn/ -C $HOMEDIR/$user/mail/$domain_idn/
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
rm -rf $tmpdir rm -rf $tmpdir
@ -636,7 +627,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
if [ -z "$db" ] || [ "$db" = '*' ]; then if [ -z "$db" ] || [ "$db" = '*' ]; then
databases="$backup_databases" databases="$backup_databases"
else else
echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt) databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
fi fi

14
bin/v-schedule-user-restore
View file

@ -23,19 +23,6 @@ udir=$8
source $VESTA/func/main.sh source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
# Check backup ownership function
is_backup_available() {
passed=false
if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
passed=true
elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
passed=true
fi
if [ $passed = false ]; then
check_result $E_FORBIDEN "permission denied"
fi
}
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
@ -47,7 +34,6 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_backup_enabled is_backup_enabled
is_backup_scheduled 'restore' is_backup_scheduled 'restore'
is_backup_available "$user" "$backup"
#----------------------------------------------------------# #----------------------------------------------------------#

23
bin/v-search-object
View file

@ -84,22 +84,6 @@ OLD_IFS=$IFS
IFS=$'\n' IFS=$'\n'
# User loop # User loop
search_user=$(ls -1 $VESTA/data/users |grep $object)
for user in $search_user; do
if [ -e "$VESTA/data/users/$user/user.conf" ]; then
source $VESTA/data/users/$user/user.conf
((i ++))
type=$(echo $type|cut -f1 -d \.)
str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
str="$str RESULT='$user' ALIAS=''"
str="$str LINK='$user' PARENT=''"
str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
str="$str DATE='$DATE'"
echo $str >> $conf
fi
done
# User data loop
for user in $(ls $VESTA/data/users/); do for user in $(ls $VESTA/data/users/); do
# Search query # Search query
search=$(grep "$object" \ search=$(grep "$object" \
@ -170,13 +154,12 @@ for user in $(ls $VESTA/data/users/); do
# DNS Records # DNS Records
if [ "$type" = 'dns' ]; then if [ "$type" = 'dns' ]; then
if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then if [ -n "$(echo $RECORD |grep $object)" ]; then
dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
key="RECORD" key="RECORD"
result="$RECORD.$dom" result="$RECORD.$DOMAIN"
suspended=$SUSPENDED suspended=$SUSPENDED
object_link=$ID object_link=$ID
object_parent=$dom object_parent=$DOMAIN
object_time=$TIME object_time=$TIME
object_date=$DATE object_date=$DATE
((i ++)) ((i ++))

93
bin/v-search-ssl-certificates
View file

@ -1,93 +0,0 @@
#!/bin/bash
# info: search ssl certificates
# options: [FORMAT]
#
# The function to obtain the list of available ssl certificates.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
IFS=$'\n'
objects=$(echo "$search_cmd" |wc -l)
i=1
echo '['
for str in $search_cmd; do
eval $str
if [ "$i" -lt "$objects" ]; then
echo -e "\t\"$USER:$DOMAIN\","
else
echo -e "\t\"$USER:$DOMAIN\""
fi
(( ++i))
done
echo "]"
}
# SHELL list function
shell_list() {
IFS=$'\n'
echo "USER DOMAIN"
echo "---- ------"
for str in $search_cmd; do
eval $str
echo "$USER $DOMAIN"
done
}
# PLAIN list function
plain_list() {
IFS=$'\n'
for str in $search_cmd; do
eval $str
echo -e "$USER\t$DOMAIN"
done
}
# CSV list function
csv_list() {
IFS=$'\n'
echo "USER,DOMAIN"
for str in $search_cmd; do
eval $str
echo "$USER,$DOMAIN"
done
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
cut -f 1 -d ' ' |\
sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list |column -t ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

110
bin/v-sign-letsencrypt-csr Executable file
View file

@ -0,0 +1,110 @@
#!/bin/bash
# info: sing letsencrypt csr
# options: USER DOMAIN CSR_DIR [FORMAT]
#
# The function signs certificate request using LetsEncript API
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
csr="$3/$domain.csr"
format=$4
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '3' "$#" 'USER DOMAIN CSR'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
if [ -z "$check_domain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
if [ ! -e "$csr" ]; then
check_result $E_NOTEXIST "$csr doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
csr=$(openssl req -in $csr -outform DER |encode_base64)
query='{"resource":"new-cert","csr":"'$csr'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(mktemp)
curl -s -d "$data" "$api/acme/new-cert" -o $answer
if [ ! -z "$(grep Error $answer)" ]; then
detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
detail=$(echo "$detail" |awk -F "::" '{print $2}')
rm $answer
check_result $E_LIMIT "$detail"
fi
# Printing certificate
crt=$(cat "$answer" |openssl base64 -e)
rm $answer
if [ "$format" != 'json' ]; then
echo "-----BEGIN CERTIFICATE-----"
echo "$crt"
echo "-----END CERTIFICATE-----"
else
echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
echo -n '-----BEGIN CERTIFICATE-----\n'
echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
echo -n '-----END CERTIFICATE-----'
echo -e "\"\n\t\t}\n\t}"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

3
bin/v-unsuspend-mail-account
View file

@ -48,9 +48,6 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
if [[ "$MAIL_SYSTEM" =~ exim ]]; then if [[ "$MAIL_SYSTEM" =~ exim ]]; then
md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5') md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA') quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
if [ "$quota" = 'unlimited' ]; then
quota=0
fi
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota" str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd

5
bin/v-update-firewall
View file

@ -51,6 +51,11 @@ if [ $? -ne 0 ]; then
conntrack_ftp='no' conntrack_ftp='no'
fi fi
# Checking custom OpenSSH port
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then
sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
fi
# Creating temporary file # Creating temporary file
tmp=$(mktemp) tmp=$(mktemp)

77
bin/v-update-letsencrypt-ssl
View file

@ -22,63 +22,46 @@ source $VESTA/conf/vesta.conf
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
lecounter=0 # Defining user list
hostname=$(hostname) users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log # Checking users
for user in $users; do
# Checking user certificates
for user in $($BIN/v-list-users plain |cut -f 1); do
USER_DATA=$VESTA/data/users/$user USER_DATA=$VESTA/data/users/$user
# Checking user certificates
lecounter=0
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
limit_check=1 crt="$VESTA/data/users/$user/ssl/$domain.crt"
fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT') crt_data=$(openssl x509 -text -in "$crt")
expire=$(echo "$crt_data" |grep "Not After")
if [[ "$hostname" = "$domain" ]]; then expire=$(echo "$expire" |cut -f 2,3,4 -d :)
if [[ "$fail_counter" -eq 7 ]]; then expire=$(date -d "$expire" +%s)
limit_check=0
fi
if [[ "$fail_counter" -eq 8 ]]; then
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
fi
fi
if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
# echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
continue;
fi
crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
expiration=$(date -d "$not_after" +%s)
now=$(date +%s) now=$(date +%s)
seconds_valid=$((expiration - now)) expire=$((expire - now))
days_valid=$((seconds_valid / 86400)) expire=$((expire / 86400))
if [[ "$days_valid" -lt 31 ]]; then domain=$(basename $crt |sed -e "s/.crt$//")
if [ $lecounter -gt 0 ]; then if [[ "$expire" -lt 31 ]]; then
sleep 120
fi
((lecounter++))
aliases=$(echo "$crt_data" |grep DNS:) aliases=$(echo "$crt_data" |grep DNS:)
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g") aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
aliases=$(echo "$aliases" |egrep -v "^$domain,?$") aliases=$(echo "$aliases" |grep -v "^$domain$")
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') if [ ! -z "$aliases" ]; then
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
if [ $? -ne 0 ]; then msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
if [[ $msg == *"is suspended" ]]; then if [ $? -ne 0 ]; then
echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log echo "$domain $msg"
else fi
echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log else
msg==$($BIN/v-add-letsencrypt-domain $user $domain)
if [ $? -ne 0 ]; then
echo "$domain $msg" echo "$domain $msg"
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
echo "fail_counter = $fail_counter"
fi fi
fi fi
if [ $lecounter -gt 0 ]; then
sleep 10
fi
((lecounter++))
fi fi
done done
done done

2
bin/v-update-sys-ip
View file

@ -44,7 +44,7 @@ if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
fi fi
# Updating configs # Updating configs
if [ ! -z "$old" ]; then if [ ! -z "$new" ]; then
mv $VESTA/data/ips/$old $VESTA/data/ips/$new mv $VESTA/data/ips/$old $VESTA/data/ips/$new
# Updating PROXY # Updating PROXY

8
bin/v-update-sys-rrd-mem
View file

@ -61,13 +61,13 @@ fi
# Parsing data # Parsing data
if [ "$period" = 'daily' ]; then if [ "$period" = 'daily' ]; then
mem=$(free -m) mem=$(free -m)
used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}') used=$(echo "$mem" |grep Mem |awk '{print $3}')
if [ -z "$(echo "$mem" | grep available)" ]; then if [ -z "$(echo "$mem" | grep available)" ]; then
free=$(echo "$mem" |grep buff/cache |awk '{print $4}') free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
else else
free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}') free=$(echo "$mem" |grep Mem |awk '{print $7}')
fi fi
swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}') swap=$(echo "$mem" |grep Swap |awk '{print $3}')
# Updating rrd # Updating rrd
rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free

2
bin/v-update-sys-rrd-pgsql
View file

@ -85,7 +85,7 @@ for host in $hosts; do
# Parsing data # Parsing data
q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends) q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
FROM pg_stat_database;' FROM pg_stat_database;'
status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?" status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?"
if [ '0' -ne "$code" ]; then if [ '0' -ne "$code" ]; then
active=0 active=0
slow=0 slow=0

22
bin/v-update-sys-vesta
View file

@ -28,32 +28,12 @@ source $VESTA/conf/vesta.conf
# Checking arg number # Checking arg number
check_args '1' "$#" 'PACKAGE' check_args '1' "$#" 'PACKAGE'
valid=0
if [ "$package" = "vesta" ]; then
valid=1
fi
if [ "$package" = "vesta-nginx" ]; then
valid=1
fi
if [ "$package" = "vesta-php" ]; then
valid=1
fi
if [ "$package" = "vesta-ioncube" ]; then
valid=1
fi
if [ "$package" = "vesta-softaculous" ]; then
valid=1
fi
if [ $valid -eq 0 ]; then
echo "Package $package is not valid"
exit 1
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
if [ -n "$(command -v yum)" ]; then if [ -d "/etc/sysconfig" ]; then
# Clean yum chache # Clean yum chache
yum -q clean all yum -q clean all

1
bin/v-update-user-counters
View file

@ -53,7 +53,6 @@ for user in $user_list; do
IP_OWNED=0 IP_OWNED=0
U_USERS=0 U_USERS=0
U_DISK=0 U_DISK=0
DISK=0
U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS') U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
if [ -z "$U_DISK_DIRS" ]; then if [ -z "$U_DISK_DIRS" ]; then
U_DISK_DIRS=0 U_DISK_DIRS=0

3
bin/v-update-user-stats
View file

@ -67,9 +67,6 @@ TOTAL_USERS=0
# Updating user stats # Updating user stats
for user in $user_list; do for user in $user_list; do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
USER_DATA=$VESTA/data/users/$user USER_DATA=$VESTA/data/users/$user
source $USER_DATA/user.conf source $USER_DATA/user.conf
next_month=$(date +'%m/01/%y' -d '+ 1 month') next_month=$(date +'%m/01/%y' -d '+ 1 month')

6
func/db.sh
View file

@ -55,14 +55,14 @@ mysql_query() {
mysql_dump() { mysql_dump() {
err="/tmp/e.mysql" err="/tmp/e.mysql"
mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err
if [ '0' -ne "$?" ]; then if [ '0' -ne "$?" ]; then
rm -rf $tmpdir rm -rf $tmpdir
if [ "$notify" != 'no' ]; then if [ "$notify" != 'no' ]; then
echo -e "Can't dump database $database\n$(cat $err)" |\ echo -e "Can't dump database $database\n$(cat $err)" |\
$SENDMAIL -s "$subj" $email $SENDMAIL -s "$subj" $email
fi fi
echo "Error: dump $database failed\n$(cat $err)" echo "Error: dump $database failed"
log_event "$E_DB" "$ARGUMENTS" log_event "$E_DB" "$ARGUMENTS"
exit $E_DB exit $E_DB
fi fi
@ -322,7 +322,7 @@ delete_pgsql_database() {
psql_connect $HOST psql_connect $HOST
query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER" query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
psql_query "$query" > /dev/null psql_qyery "$query" > /dev/null
query="DROP DATABASE $database" query="DROP DATABASE $database"
psql_query "$query" > /dev/null psql_query "$query" > /dev/null

32
func/domain.sh
View file

@ -215,11 +215,7 @@ add_web_config() {
fi fi
fi fi
trigger="${2/%.tpl/.sh}" trigger="${2/.*pl/.sh}"
if [[ "$2" =~ stpl$ ]]; then
trigger="${2/%.stpl/.sh}"
fi
if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
$WEBTPL/$1/$WEB_BACKEND/$trigger \ $WEBTPL/$1/$WEB_BACKEND/$trigger \
$user $domain $local_ip $HOMEDIR \ $user $domain $local_ip $HOMEDIR \
@ -289,10 +285,8 @@ del_web_config() {
if [[ "$2" =~ stpl$ ]]; then if [[ "$2" =~ stpl$ ]]; then
conf="$HOMEDIR/$user/conf/web/s$1.conf" conf="$HOMEDIR/$user/conf/web/s$1.conf"
fi fi
if [ -e "$conf" ]; then get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf sed -i "$top_line,$bottom_line d" $conf
sed -i "$top_line,$bottom_line d" $conf
fi
fi fi
# clean-up for both config styles if there is no more domains # clean-up for both config styles if there is no more domains
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
@ -343,7 +337,7 @@ is_web_domain_cert_valid() {
check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)" check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
fi fi
openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \ openssl s_server -quiet -cert $ssl_dir/$domain.crt \
-key $ssl_dir/$domain.key >> /dev/null 2>&1 & -key $ssl_dir/$domain.key >> /dev/null 2>&1 &
pid=$! pid=$!
sleep 0.5 sleep 0.5
@ -412,24 +406,6 @@ update_domain_zone() {
VALUE=$(idn --quiet -a -t "$VALUE") VALUE=$(idn --quiet -a -t "$VALUE")
fi fi
# Split long TXT entries into 255 chunks
if [ "$TYPE" = 'TXT' ]; then
txtlength=${#VALUE}
if [ $txtlength -gt 255 ]; then
already_chunked=0
if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
already_chunked=1
fi
if [ $already_chunked -eq 0 ]; then
if [[ ${VALUE:0:1} = '"' ]]; then
txtlength=$(( $txtlength - 2 ))
VALUE=${VALUE:1:txtlength}
fi
VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
fi
fi
fi
if [ "$SUSPENDED" != 'yes' ]; then if [ "$SUSPENDED" != 'yes' ]; then
eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
fi fi

2
func/ip.sh
View file

@ -141,7 +141,7 @@ get_real_ip() {
else else
nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*) nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
if [ ! -z "$nat" ]; then if [ ! -z "$nat" ]; then
echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1 echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
fi fi
fi fi
} }

119
func/main.sh
View file

@ -35,7 +35,6 @@ E_DB=17
E_RRD=18 E_RRD=18
E_UPDATE=19 E_UPDATE=19
E_RESTART=20 E_RESTART=20
E_TEAPOT=418
# Event string for logger # Event string for logger
for ((I=1; I <= $# ; I++)); do for ((I=1; I <= $# ; I++)); do
@ -213,8 +212,7 @@ is_object_new() {
# Check if object is valid # Check if object is valid
is_object_valid() { is_object_valid() {
if [ $2 = 'USER' ]; then if [ $2 = 'USER' ]; then
user_vst_dir=$(basename $3) if [ ! -d "$VESTA/data/users/$3" ]; then
if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
check_result $E_NOTEXIST "$1 $3 doesn't exist" check_result $E_NOTEXIST "$1 $3 doesn't exist"
fi fi
else else
@ -296,20 +294,6 @@ is_dir_symlink() {
fi fi
} }
# Check if file exists
if_file_exists() {
if [[ -f "$1" ]]; then
check_result $E_FORBIDEN "$1 file exists"
fi
}
# Check if directory exists
if_dir_exists() {
if [[ -d "$1" ]]; then
check_result $E_FORBIDEN "$1 directory exists"
fi
}
# Get object value # Get object value
get_object_value() { get_object_value() {
object=$(grep "$2='$3'" $USER_DATA/$1.conf) object=$(grep "$2='$3'" $USER_DATA/$1.conf)
@ -675,7 +659,7 @@ is_dbuser_format_valid() {
# DNS record type validator # DNS record type validator
is_dns_type_format_valid() { is_dns_type_format_valid() {
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA' known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA'
if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
check_result $E_INVALID "invalid dns record type format :: $1" check_result $E_INVALID "invalid dns record type format :: $1"
fi fi
@ -831,23 +815,6 @@ is_format_valid_shell() {
exit $E_INVALID exit $E_INVALID
fi fi
} }
format_no_quotes() {
exclude="['|\"]"
if [[ "$1" =~ $exclude ]]; then
check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
fi
is_no_new_line_format "$1"
}
is_no_new_line_format() {
test=$(echo "$1" | head -n1 );
if [[ "$test" != "$1" ]]; then
check_result "$E_INVALID" "invalid value :: $1"
fi
}
# Format validation controller # Format validation controller
is_format_valid() { is_format_valid() {
for arg_name in $*; do for arg_name in $*; do
@ -856,7 +823,6 @@ is_format_valid() {
case $arg_name in case $arg_name in
account) is_user_format_valid "$arg" "$arg_name";; account) is_user_format_valid "$arg" "$arg_name";;
action) is_fw_action_format_valid "$arg";; action) is_fw_action_format_valid "$arg";;
alias) is_alias_format_valid "$arg" ;;
aliases) is_alias_format_valid "$arg" ;; aliases) is_alias_format_valid "$arg" ;;
antispam) is_boolean_format_valid "$arg" 'antispam' ;; antispam) is_boolean_format_valid "$arg" 'antispam' ;;
antivirus) is_boolean_format_valid "$arg" 'antivirus' ;; antivirus) is_boolean_format_valid "$arg" 'antivirus' ;;
@ -882,7 +848,6 @@ is_format_valid() {
host) is_object_format_valid "$arg" "$arg_name" ;; host) is_object_format_valid "$arg" "$arg_name" ;;
hour) is_cron_format_valid "$arg" $arg_name ;; hour) is_cron_format_valid "$arg" $arg_name ;;
id) is_int_format_valid "$arg" 'id' ;; id) is_int_format_valid "$arg" 'id' ;;
interface) is_interface_format_valid "$arg" ;;
ip) is_ip_format_valid "$arg" ;; ip) is_ip_format_valid "$arg" ;;
ip_name) is_domain_format_valid "$arg" 'IP name';; ip_name) is_domain_format_valid "$arg" 'IP name';;
ip_status) is_ip_status_format_valid "$arg" ;; ip_status) is_ip_status_format_valid "$arg" ;;
@ -968,85 +933,7 @@ format_aliases() {
aliases=$(echo "$aliases" |tr -s '.') aliases=$(echo "$aliases" |tr -s '.')
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g") aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
aliases=$(echo "$aliases" |sed -e "s/^[.]*//") aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
aliases=$(echo "$aliases" |sed -e "/^$/d") aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d")
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//") aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
fi fi
} }
alter_web_counter() {
user=$1
domain=$2
USER_DATA=$VESTA/data/users/$user
varc=$3
vard="\$${varc}"
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
if [ -z "$counter" ]; then
add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
counter=0
fi
((counter++))
backup_counter=$counter
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
counter=$backup_counter
echo $counter
}
reset_web_counter() {
user=$1
domain=$2
USER_DATA=$VESTA/data/users/$user
varc=$3
vard="\$${varc}"
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
}
get_web_counter() {
user=$1
domain=$2
USER_DATA=$VESTA/data/users/$user
varc=$3
vard="\$${varc}"
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
if [ -z "$counter" ]; then
counter=0
fi
echo $counter
}
# Simple chmod wrapper that skips symlink files after glob expand
# Taken from HestiaCP
no_symlink_chmod() {
local filemode=$1; shift;
for i in "$@"; do
[[ -L ${i} ]] && continue
chmod "${filemode}" "${i}"
done
}
# $1 = subject
# $2 = body
send_email_to_admin() {
email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
email=$(echo "$email" | cut -f 2 -d "'")
if [ -z "$email" ]; then
if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
email=$NOTIFY_ADMIN_FULL_BACKUP
fi
fi
if [ -z "$email" ]; then
return;
fi
echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
}

19
func/rebuild.sh
View file

@ -51,7 +51,7 @@ rebuild_user_conf() {
mkdir -p $HOMEDIR/$user/conf mkdir -p $HOMEDIR/$user/conf
chmod a+x $HOMEDIR/$user chmod a+x $HOMEDIR/$user
chmod a+x $HOMEDIR/$user/conf chmod a+x $HOMEDIR/$user/conf
chown --no-dereference $user:$user $HOMEDIR/$user chown $user:$user $HOMEDIR/$user
chown root:root $HOMEDIR/$user/conf chown root:root $HOMEDIR/$user/conf
# Update disk pipe # Update disk pipe
@ -80,7 +80,7 @@ rebuild_user_conf() {
chmod 751 $HOMEDIR/$user/conf/web chmod 751 $HOMEDIR/$user/conf/web
chmod 751 $HOMEDIR/$user/web chmod 751 $HOMEDIR/$user/web
chmod 771 $HOMEDIR/$user/tmp chmod 771 $HOMEDIR/$user/tmp
chown --no-dereference $user:$user $HOMEDIR/$user/web chown $user:$user $HOMEDIR/$user/web
if [ -z "$create_user" ]; then if [ -z "$create_user" ]; then
$BIN/v-rebuild-web-domains $user $restart $BIN/v-rebuild-web-domains $user $restart
fi fi
@ -152,7 +152,7 @@ rebuild_web_domain_conf() {
prepare_web_domain_values prepare_web_domain_values
# Rebuilding domain directories # Rebuilding domain directories
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \ mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \ $HOMEDIR/$user/web/$domain/document_errors \
@ -178,15 +178,14 @@ rebuild_web_domain_conf() {
# Propagating html skeleton # Propagating html skeleton
if [ ! -e "$WEBTPL/skel/document_errors/" ]; then if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
sudo -u $user cp -r $WEBTPL/skel/document_errors/ \ cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/
$HOMEDIR/$user/web/$domain/
fi fi
# Set folder permissions # Set folder permissions
no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \ chmod 551 $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/stats \ $HOMEDIR/$user/web/$domain/stats \
$HOMEDIR/$user/web/$domain/logs $HOMEDIR/$user/web/$domain/logs
no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \ chmod 751 $HOMEDIR/$user/web/$domain/private \
$HOMEDIR/$user/web/$domain/cgi-bin \ $HOMEDIR/$user/web/$domain/cgi-bin \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
@ -194,7 +193,7 @@ rebuild_web_domain_conf() {
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
# Set ownership # Set ownership
chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \ chown $user:$user $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/private \ $HOMEDIR/$user/web/$domain/private \
$HOMEDIR/$user/web/$domain/cgi-bin \ $HOMEDIR/$user/web/$domain/cgi-bin \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
@ -601,7 +600,7 @@ rebuild_pgsql_database() {
exit $E_CONNECT exit $E_CONNECT
fi fi
query="CREATE ROLE $DBUSER WITH LOGIN" query="CREATE ROLE $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'" query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
@ -618,7 +617,7 @@ rebuild_pgsql_database() {
query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER" query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="GRANT CONNECT ON DATABASE template1 to $DBUSER" query="GRANT CONNECT ON DATABASE template1 to $dbuser"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
} }

1
install/debian/7/nginx/nginx.conf
View file

@ -50,7 +50,6 @@ http {
# Compression # Compression
gzip on; gzip on;
gzip_vary on;
gzip_comp_level 9; gzip_comp_level 9;
gzip_min_length 512; gzip_min_length 512;
gzip_buffers 8 64k; gzip_buffers 8 64k;

2
install/debian/7/nginx/phpmyadmin.inc
View file

@ -1,5 +1,5 @@
location /phpmyadmin { location /phpmyadmin {
alias /usr/share/phpmyadmin; alias /usr/share/phpmyadmin/;
location ~ /(libraries|setup) { location ~ /(libraries|setup) {
return 404; return 404;

2
install/debian/7/nginx/phppgadmin.inc
View file

@ -1,5 +1,5 @@
location /phppgadmin { location /phppgadmin {
alias /usr/share/phppgadmin; alias /usr/share/phppgadmin/;
location ~ ^/phppgadmin/(.*\.php)$ { location ~ ^/phppgadmin/(.*\.php)$ {
alias /usr/share/phppgadmin/$1; alias /usr/share/phppgadmin/$1;

2
install/debian/7/nginx/webmail.inc
View file

@ -1,5 +1,5 @@
location /webmail { location /webmail {
alias /var/lib/roundcube; alias /var/lib/roundcube/;
location ~ /(config|temp|logs) { location ~ /(config|temp|logs) {
return 404; return 404;

1
install/debian/7/pma/apache.conf
View file

@ -15,7 +15,6 @@ Alias /phpmyadmin /usr/share/phpmyadmin
php_admin_flag allow_url_fopen Off php_admin_flag allow_url_fopen Off
php_value include_path . php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value sys_temp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
</IfModule> </IfModule>

7
install/debian/7/pma/config.inc.php
View file

@ -137,13 +137,6 @@ if (!empty($dbname)) {
$cfg['UploadDir'] = ''; $cfg['UploadDir'] = '';
$cfg['SaveDir'] = ''; $cfg['SaveDir'] = '';
/*
* Temp dir for faster beahivour
*
*/
$cfg['TempDir'] = '/tmp';
/* Support additional configurations */ /* Support additional configurations */
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
{ {

3
install/debian/7/templates/web/apache2/basedir.stpl
View file

@ -15,9 +15,8 @@
AllowOverride All AllowOverride All
SSLRequireSSL SSLRequireSSL
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
</Directory> </Directory>

1
install/debian/7/templates/web/apache2/basedir.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
</Directory> </Directory>

1
install/debian/7/templates/web/apache2/default.stpl
View file

@ -17,7 +17,6 @@
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>
<Directory %home%/%user%/web/%domain%/stats> <Directory %home%/%user%/web/%domain%/stats>

1
install/debian/7/templates/web/apache2/default.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>
<Directory %home%/%user%/web/%domain%/stats> <Directory %home%/%user%/web/%domain%/stats>

3
install/debian/7/templates/web/apache2/hosting.stpl
View file

@ -22,9 +22,8 @@
php_admin_flag mysql.allow_persistent off php_admin_flag mysql.allow_persistent off
php_admin_flag safe_mode off php_admin_flag safe_mode off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>
<Directory %home%/%user%/web/%domain%/stats> <Directory %home%/%user%/web/%domain%/stats>

2
install/debian/7/templates/web/apache2/hosting.tpl
View file

@ -14,6 +14,7 @@
<Directory %docroot%> <Directory %docroot%>
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value upload_max_filesize 10M php_admin_value upload_max_filesize 10M
php_admin_value max_execution_time 20 php_admin_value max_execution_time 20
php_admin_value post_max_size 8M php_admin_value post_max_size 8M
@ -23,7 +24,6 @@
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>
<Directory %home%/%user%/web/%domain%/stats> <Directory %home%/%user%/web/%domain%/stats>

3
install/debian/7/templates/web/apache2/phpcgi.stpl
View file

@ -15,9 +15,8 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php Action phpcgi-script /cgi-bin/php
<Files *.php> <Files *.php>

1
install/debian/7/templates/web/apache2/phpcgi.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php Action phpcgi-script /cgi-bin/php
<Files *.php> <Files *.php>

3
install/debian/7/templates/web/apache2/phpfcgid.stpl
View file

@ -15,9 +15,8 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
<Files *.php> <Files *.php>
SetHandler fcgid-script SetHandler fcgid-script

1
install/debian/7/templates/web/apache2/phpfcgid.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
<Files *.php> <Files *.php>
SetHandler fcgid-script SetHandler fcgid-script

3
install/debian/7/templates/web/nginx/caching.stpl
View file

@ -1,6 +1,7 @@
server { server {
listen %ip%:%proxy_ssl_port% ssl; listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

3
install/debian/7/templates/web/nginx/default.stpl
View file

@ -1,6 +1,7 @@
server { server {
listen %ip%:%proxy_ssl_port% ssl; listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

5
install/debian/7/templates/web/nginx/hosting.stpl
View file

@ -1,6 +1,7 @@
server { server {
listen %ip%:%proxy_ssl_port% ssl; listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
@ -30,7 +31,7 @@ server {
location ~ /\.hg/ {return 404;} location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;} location ~ /\.bzr/ {return 404;}
disable_symlinks if_not_owner from=%sdocroot%; disable_symlinks if_not_owner from=%docroot%;
include %home%/%user%/conf/web/snginx.%domain%.conf*; include %home%/%user%/conf/web/snginx.%domain%.conf*;
} }

9
install/debian/7/templates/web/nginx/http2.stpl
View file

@ -1,16 +1,17 @@
server { server {
listen %ip%:%proxy_ssl_port% ssl http2; listen %ip%:%proxy_ssl_port% http2;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/httpd/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/httpd/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes; access_log /var/log/httpd/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/debian/7/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/httpd/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined; access_log /var/log/httpd/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes; access_log /var/log/httpd/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

86
install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -11,52 +11,62 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location / {
try_files $uri @rewrite;
}
location @rewrite { location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location / { location ~ /vendor/.*\.php$ {
location = /favicon.ico { deny all;
log_not_found off; return 404;
access_log off; }
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max; }
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ { location ~ '\.php$|^/update.php' {
try_files $uri @rewrite; fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
} fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
location ~ '\.php$|^/update.php' { include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

86
install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -7,52 +7,62 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location / {
try_files $uri @rewrite;
}
location @rewrite { location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1; rewrite ^/(.*)$ /index.php?q=$1;
} }
location / { location ~ /vendor/.*\.php$ {
location = /favicon.ico { deny all;
log_not_found off; return 404;
access_log off; }
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max;
log_not_found off;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~ ^/sites/.*/files/imagecache/ {
try_files $uri @rewrite; try_files $uri @rewrite;
expires max; }
log_not_found off;
}
location ~ ^/sites/.*/files/imagecache/ { location ~ '\.php$|^/update.php' {
try_files $uri @rewrite; fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
} fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
location ~ '\.php$|^/update.php' { include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

90
install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -11,56 +11,62 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite { location = /favicon.ico {
rewrite ^/(.*)$ /index.php?q=$1; log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
} }
location / { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
try_files $uri @rewrite; deny all;
} return 404;
}
location ~ ^(/[a-z\-]+)?/system/files/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri /index.php?$query_string; try_files $uri @rewrite;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
expires max; }
log_not_found off;
}
location ~ '\.php$|^/update.php' { location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; try_files $uri @rewrite;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; expires max;
fastcgi_pass %backend_lsnr%; log_not_found off;
include /etc/nginx/fastcgi_params; }
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

90
install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -7,56 +7,62 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite { location = /favicon.ico {
rewrite ^/(.*)$ /index.php?q=$1; log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
} }
location / { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
try_files $uri @rewrite; deny all;
} return 404;
}
location ~ ^(/[a-z\-]+)?/system/files/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri /index.php?$query_string; try_files $uri @rewrite;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
expires max; }
log_not_found off;
}
location ~ '\.php$|^/update.php' { location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; try_files $uri @rewrite;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; expires max;
fastcgi_pass %backend_lsnr%; log_not_found off;
include /etc/nginx/fastcgi_params; }
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

95
install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -11,61 +11,62 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite { location = /favicon.ico {
rewrite ^/(.*)$ /index.php?q=$1; log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
} }
location / { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
try_files $uri @rewrite; deny all;
} return 404;
}
location ~ ^(/[a-z\-]+)?/system/files/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri /index.php?$query_string; try_files $uri @rewrite;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
expires max; }
log_not_found off;
}
location ~ '\.php$|^/update.php' { location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; try_files $uri @rewrite;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; expires max;
fastcgi_pass %backend_lsnr%; log_not_found off;
include /etc/nginx/fastcgi_params; }
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

95
install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -7,61 +7,62 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite { location = /favicon.ico {
rewrite ^/(.*)$ /index.php?q=$1; log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
} }
location / { location / {
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ ^/sites/.*/files/styles/ { location ~ /vendor/.*\.php$ {
try_files $uri @rewrite; deny all;
} return 404;
}
location ~ ^(/[a-z\-]+)?/system/files/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri /index.php?$query_string; try_files $uri @rewrite;
} }
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri @rewrite; try_files $uri /index.php?$query_string;
expires max; }
log_not_found off;
}
location ~ '\.php$|^/update.php' { location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$; try_files $uri @rewrite;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; expires max;
fastcgi_pass %backend_lsnr%; log_not_found off;
include /etc/nginx/fastcgi_params; }
}
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
} }
error_page 403 /error/404.html; error_page 403 /error/404.html;

2
install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl
View file

@ -3,7 +3,7 @@ server {
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
root %sdocroot%; root %docroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

2
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl
View file

@ -1,7 +1,7 @@
server { server {
listen %ip%:%web_ssl_port%; listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
root %sdocroot%; root %docroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

89
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl
View file

@ -1,89 +0,0 @@
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

Some files were not shown because too many files have changed in this diff Show more