github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-20 21:34:11 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: github:master
Branches Tags
github:master
github:vesta-2.0
github:feature/r-1.0.0.7
github:fix/edit-server
github:feature/reset-mail
github:release/1.0.0-6-api
github:release/1.0.0-6-ui
github:feature/responsive-design
github:feature/disk-percentage-values
github:feature/static-media
github:feature/api-enhancements
github:feature/improved-panel-and-fm
github:Skamasle-patch-10
github:feature/improved-le-and-csr
github:feature/restart-system
github:feature/improved-web-and-server
github:feature/improved-react-ui
github:feature/updated-api-responses
github:feature/react-ui-and-api
github:feature/new-api-interface
github:feature/new-react-ui
github:release/react-integration
github:react-integration
github:Skamasle-patch-9
github:Skamasle-patch-8
github:react-fm
github:dpeca-patch-2
github:Skamasle-patch-7
github:Skamasle-patch-6
github:Skamasle-patch-5
github:Skamasle-patch-4
github:Skamasle-patch-3
github:madeITBelgium-patch-5
github:madeITBelgium-patch-4
github:Skamasle-patch-2
github:dpeca-patch-exim-3
github:dpeca-patch-exim-2
github:dpeca-patch-exim-1
github:Skamasle-patch-1
github:madeITBelgium-patch-1462
github:dpeca-patch-1
github:revert-1323-permissions
github:madeITBelgium-patch-3
github:madeITBelgium-patch-1
github:madeITBelgium-patch-2
github:revert-1065-patch-12
github:madeITBelgium-patch-fix-xxd
github:SysVoid-patch-1
github:revert-516-fix-sec-osci
github:js-stuff
github:0.9.8-9
github:0.9.7
github:0.9.6
github:0.9.5
github:0.9.4
github:1.0.0-5
github:1.0.0-4
github:1.0.0-3
github:0.9.8-27
github:0.9.8-25
github:0.9.8-24
github:0.9.8-23
github:0.9.8-21
github:0.9.8-20
github:0.9.8-19
github:0.9.8-18
github:0.9.8-17
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10
..
compare: github:0.9.8-23
Branches Tags
github:master
github:vesta-2.0
github:feature/r-1.0.0.7
github:fix/edit-server
github:feature/reset-mail
github:release/1.0.0-6-api
github:release/1.0.0-6-ui
github:feature/responsive-design
github:feature/disk-percentage-values
github:feature/static-media
github:feature/api-enhancements
github:feature/improved-panel-and-fm
github:Skamasle-patch-10
github:feature/improved-le-and-csr
github:feature/restart-system
github:feature/improved-web-and-server
github:feature/improved-react-ui
github:feature/updated-api-responses
github:feature/react-ui-and-api
github:feature/new-api-interface
github:feature/new-react-ui
github:release/react-integration
github:react-integration
github:Skamasle-patch-9
github:Skamasle-patch-8
github:react-fm
github:dpeca-patch-2
github:Skamasle-patch-7
github:Skamasle-patch-6
github:Skamasle-patch-5
github:Skamasle-patch-4
github:Skamasle-patch-3
github:madeITBelgium-patch-5
github:madeITBelgium-patch-4
github:Skamasle-patch-2
github:dpeca-patch-exim-3
github:dpeca-patch-exim-2
github:dpeca-patch-exim-1
github:Skamasle-patch-1
github:madeITBelgium-patch-1462
github:dpeca-patch-1
github:revert-1323-permissions
github:madeITBelgium-patch-3
github:madeITBelgium-patch-1
github:madeITBelgium-patch-2
github:revert-1065-patch-12
github:madeITBelgium-patch-fix-xxd
github:SysVoid-patch-1
github:revert-516-fix-sec-osci
github:js-stuff
github:0.9.8-9
github:0.9.7
github:0.9.6
github:0.9.5
github:0.9.4
github:1.0.0-5
github:1.0.0-4
github:1.0.0-3
github:0.9.8-27
github:0.9.8-25
github:0.9.8-24
github:0.9.8-23
github:0.9.8-21
github:0.9.8-20
github:0.9.8-19
github:0.9.8-18
github:0.9.8-17
github:0.9.8-16
github:0.9.8-15
github:0.9.8-13
github:0.9.8-12
github:0.9.8-11
github:0.9.8-10

No commits in common. "master" and "0.9.8-23" have entirely different histories.
master ... 0.9.8-23

1713 changed files with 17300 additions and 83243 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -4,6 +4,3 @@
*.gz
.vscode
.DS_Store
src/react/node_modules
src/react/build
/.idea

8
README.md
View file

@ -1,8 +1,6 @@
[Vesta Control Panel](http://vestacp.com/)
==================================================
Vesta is back under active development as of 25 February 2024. We are commited to open source, and will engage with the community to identify the new roadmap for Vesta. Stay tuned!
[![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
* Vesta is an open source hosting control panel.
@ -18,7 +16,7 @@ ssh root@your.server
Download the installation script, and run it:
```bash
curl https://vestacp.com/pub/vst-install.sh | bash
curl http://vestacp.com/pub/vst-install.sh | bash
```
How to install (3 step)
@ -31,7 +29,7 @@ ssh root@your.server
Download the installation script:
```bash
curl -O https://vestacp.com/pub/vst-install.sh
curl -O http://vestacp.com/pub/vst-install.sh
```
Then run it:
```bash
@ -40,5 +38,5 @@ bash vst-install.sh
License
----------------------------
Vesta is licensed under [GPL v3 ](https://github.com/outroll/vesta/blob/master/LICENSE) license
Vesta is licensed under [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license

5
SECURITY.md
View file

@ -1,5 +0,0 @@
# Security Policy
## Reporting a Vulnerability
Please report security issues to dev@vestacp.com

4
bin/v-activate-vesta-license
View file

@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
# Checking arg number
check_args '2' "$#" 'MODULE LICENSE'
is_user_format_valid "$license" "license"
#----------------------------------------------------------#
# Action #
@ -35,7 +35,7 @@ is_user_format_valid "$license" "license"
# Activating license
v_host='https://vestacp.com/checkout'
answer=$(curl -s "$v_host/activate.php?licence_key=$license&module=$module")
answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
check_result $? "cant' connect to vestacp.com " $E_CONNECT
# Checking server answer

7
bin/v-add-backup-host
View file

@ -38,7 +38,8 @@ EOF
sftpc() {
expect -f "-" <<EOF "$@"
set count 0
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
Port=$port $user@$host
expect {
"password:" {
send "$password\r"
@ -93,14 +94,12 @@ EOF
if [ "$type" != 'local' ];then
check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
is_format_valid 'user' 'host' 'path' 'port'
is_format_valid 'host'
is_password_valid
if [ "$type" = 'sftp' ]; then
which expect >/dev/null 2>&1
check_result $? "expect command not found" $E_NOTEXIST
fi
host "$host" >/dev/null 2>&1
check_result $? "host connection failed" "$E_CONNECT"
fi

2
bin/v-add-dns-on-web-alias
View file

@ -55,7 +55,7 @@ if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
fi
# Adding top-level domain and then its sub
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' $restart >> /dev/null
# Checking top-level domain
if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then

2
bin/v-add-dns-record
View file

@ -45,13 +45,11 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
fi
fi
if [ $rtype != "CAA" ]; then
dvalue=${dvalue//\"/}
if [[ "$dvalue" =~ [\;[:space:]] ]]; then
dvalue='"'"$dvalue"'"'
fi
fi
# Additional argument formatting
format_domain

10
bin/v-add-firewall-chain
View file

@ -22,7 +22,7 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
iptables="/sbin/iptables"
# Get vesta port by reading nginx.conf
vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
vestaport=$(grep 'listen' /usr/local/vesta/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
if [ -z "$vestaport" ]; then
vestaport=8083
fi
@ -47,13 +47,7 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
# Checking known chains
case $chain in
SSH) # Get ssh port by reading ssh config file.
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [ -z "$sshport" ]; then
sshport=22
fi
port=$sshport;
protocol=TCP ;;
SSH) port=22; protocol=TCP ;;
FTP) port=21; protocol=TCP ;;
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
DNS) port=53; protocol=UDP ;;

366
bin/v-add-letsencrypt-domain
View file

@ -1,8 +1,13 @@
#!/bin/bash
# info: check letsencrypt domain
# options: USER DOMAIN [ALIASES]
# info: adding letsencrypt ssl cetificate for domain
# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
#
# The function check and validates domain with Let's Encript
# The function turns on SSL support for a domain. Parameter ssl_dir is a path
# to directory where 2 or 3 ssl files can be found. Certificate file
# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
# authority domain.tld.ca file is optional. If home directory parameter
# (ssl_home) is not set, https domain uses public_shtml as separate
# documentroot directory.
#----------------------------------------------------------#
@ -13,9 +18,8 @@
user=$1
domain=$2
aliases=$3
# LE API
API='https://acme-v02.api.letsencrypt.org'
restart=$4
notify=$5
# Includes
source $VESTA/func/main.sh
@ -23,346 +27,98 @@ source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
# Additional argument formatting
format_identifier_idn() {
identifier_idn=$identifier
if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
identifier_idn=$(idn -t --quiet -a $identifier_idn)
fi
}
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
# Save http response to file passed as "$4" arg or print to stdout if not provided
# http response headers are always sent to stdout
local save_to_file=${4:-"/dev/stdout"}
curl --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
}
format_domain_idn
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [ALIASES]'
is_format_valid 'user' 'domain' 'aliases'
check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
get_domain_values 'web'
echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
if [[ "$aliases" != "*.$domain" ]]; then
for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
if [ -z "$check_alias" ]; then
echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_NOTEXIST "domain alias $alias doesn't exist"
fi
done
fi;
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing domain data
get_domain_values 'web'
# Registering LetsEncrypt user account
echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-add-letsencrypt-user $user
echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
if [ "$?" -ne 0 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice "LETSENCRYPT" "Account registration failed"
echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "LE account registration" >/dev/null
fi
# Parsing LetsEncrypt account data
source $USER_DATA/ssl/le.conf
email=$EMAIL
# Checking wildcard alias
if [ "$aliases" = "*.$domain" ]; then
echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
wildcard='yes'
proto="dns-01"
if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
fi
else
proto="http-01"
fi
# Requesting nonce / STEP 1
echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(curl -s -I "$API/directory")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt nonce request status $status"
fi
# Placing new order / STEP 2
echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
url="$API/acme/new-order"
payload='{"identifiers":['
for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
format_identifier_idn
payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
done
payload=$(echo "$payload"|sed "s/,$//")
payload=$payload']}'
echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$url" "$payload" "$nonce")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 201 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt new auth status $status"
fi
# Requesting authorization token / STEP 3
echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
for auth in $authz; do
payload=''
echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$auth" "$payload" "$nonce")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
url=$(echo "$answer" |grep -A3 $proto |grep '"url"' |cut -f 4 -d \")
echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
fi
# Configuring challenge / STEP 4
echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
if [ "$wildcard" = 'yes' ]; then
record=$(printf "%s" "$token.$THUMB" |\
openssl dgst -sha256 -binary |encode_base64)
old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
for old_record in $old_records; do
$BIN/v-delete-dns-record "$user" "$domain" "$old_record"
done
$BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
exitstatus=$?
echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
if [ "$exitstatus" -ne 0 ]; then
echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
fi
check_result $exitstatus "DNS _acme-challenge record wasn't created"
else
if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
# if vesta is behind main nginx
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
acme_challenge="$well_known/acme-challenge"
mkdir -p $acme_challenge
echo "$token.$THUMB" > $acme_challenge/$token
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
chown -R $user:$user $well_known
else
# default nginx method
conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
# if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
> $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$THUMB'";' >> $conf
echo '}' >> $conf
# fi
echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-restart-proxy
if [ -z "$PROXY_SYSTEM" ]; then
# apache-less variant
echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-restart-web
fi
exitstatus=$?
if [ "$exitstatus" -ne 0 ]; then
echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
fi
check_result $exitstatus "Proxy restart failed" >/dev/null
fi
else
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
acme_challenge="$well_known/acme-challenge"
mkdir -p $acme_challenge
echo "$token.$THUMB" > $acme_challenge/$token
chown -R $user:$user $well_known
echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
# $BIN/v-restart-web
# check_result $? "Web restart failed" >/dev/null
fi
fi
# Requesting ACME validation / STEP 5
echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
validation_check=$(echo "$answer" |grep '"valid"')
echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
if [[ ! -z "$validation_check" ]]; then
validation='valid'
else
validation='pending'
fi
# Doing pol check on status
# Validating domain and aliases
i=1
while [ "$validation" = 'pending' ]; do
echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log
payload='{}'
echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$url" "$payload" "$nonce")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt validation status $status"
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
$BIN/v-check-letsencrypt-domain $user $alias
if [ "$?" -ne 0 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice "LETSENCRYPT" "$alias validation failed"
check_result $E_INVALID "LE domain validation" >/dev/null
fi
i=$((i + 1))
if [ "$i" -gt 10 ]; then
echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt domain validation timeout"
fi
sleeping=$((i*2))
echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
sleep $sleeping
done
if [ "$validation" = 'invalid' ]; then
echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt domain verification failed"
# Checking LE limits per account
if [ "$i" -gt 100 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
check_result $E_LIMIT "LE can't sign more than 100 domains"
fi
i=$((i++))
done
# Generating new ssl certificate
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
# Generating CSR
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
# Sending CSR to finalize order / STEP 6
echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log
csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
payload='{"csr":"'$csr'"}'
echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
# Signing CSR
crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
if [ "$?" -ne 0 ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice "LETSENCRYPT" "$alias validation failed"
check_result "$E_INVALID" "LE $domain validation"
fi
echo "$crt" > $ssl_dir/$domain.crt
# Downloading signed certificate / STEP 7
echo "[$(date)] : --- Downloading signed certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
if [[ "$status" -ne 200 ]]; then
[ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
fi
# Splitting up downloaded pem
# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
ca_end=$(( pem_lines - crt_end + 1 ))
# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
# Temporary fix for double "END CERTIFICATE"
if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
sed -i '1,2d' $ssl_dir/$domain.ca
# Dowloading CA certificate
le_certs='https://letsencrypt.org/certs'
x1='lets-encrypt-x1-cross-signed.pem.txt'
x3='lets-encrypt-x3-cross-signed.pem.txt'
issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
if [ -z "$(echo $issuer|grep X3)" ]; then
curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
else
curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
fi
# Adding SSL
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
$BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
exitstatus=$?
echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
if [ "$exitstatus" -ne '0' ]; then
if [ "$?" -ne '0' ]; then
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
send_notice 'LETSENCRYPT' "$domain certificate installation failed"
check_result $exitstatus "SSL install" >/dev/null
check_result $? "SSL install" >/dev/null
fi
# Adding LE autorenew cronjob
@ -379,19 +135,23 @@ if [ -z "$LETSENCRYPT" ]; then
fi
update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Deleteing task from queue
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
# Restarting web
$BIN/v-restart-web $restart
if [ "$?" -ne 0 ]; then
send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
fi
# Notifying user
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
# Deleteing task from queue
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
# Logging
log_event "$OK" "$ARGUMENTS"

117
bin/v-add-letsencrypt-user
View file

@ -1,8 +1,8 @@
#!/bin/bash
# info: register letsencrypt user account
# options: USER
# options: USER [EMAIL]
#
# The function creates and register LetsEncript account
# The function creates and register LetsEncript account key
#----------------------------------------------------------#
@ -11,9 +11,8 @@
# Argument definition
user=$1
# LE API
API='https://acme-v02.api.letsencrypt.org'
email=$2
key_size=4096
# Includes
source $VESTA/func/main.sh
@ -24,38 +23,15 @@ encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
curl -s -i -d "$post_data" "$1" -H "$content"
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'USER'
check_args '1' "$#" 'USER [EMAIL]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
if [ -e "$USER_DATA/ssl/le.conf" ]; then
source "$USER_DATA/ssl/le.conf"
fi
if [ ! -z "$KID" ]; then
exit
fi
@ -64,57 +40,57 @@ fi
# Action #
#----------------------------------------------------------#
# Defining user email
if [[ -z "$EMAIL" ]]; then
EMAIL=$(get_user_value '$CONTACT')
api='https://acme-v01.api.letsencrypt.org'
if [ -z "$email" ]; then
email=$(get_user_value '$CONTACT')
fi
# Defining user agreement
agreement=''
agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
# Generating user key
KEY="$USER_DATA/ssl/user.key"
if [ ! -e "$KEY" ]; then
openssl genrsa -out $KEY 4096 >/dev/null 2>&1
chmod 600 $KEY
# Generating key
key="$USER_DATA/ssl/user.key"
if [ ! -e "$key" ]; then
openssl genrsa -out $key $key_size >/dev/null 2>&1
chmod 600 $key
fi
# Defining key exponent
if [ -z "$EXPONENT" ]; then
EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
xxd -r -p |encode_base64)
fi
# Defining key modulus
if [ -z "$MODULUS" ]; then
MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
modulus=$(openssl rsa -in "$key" -modulus -noout |\
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
fi
# Defining JWK
jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
# Defining key thumb
thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
# Defining key thumbnail
if [ -z "$THUMB" ]; then
THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
fi
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Requesting ACME nonce
nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
# Defining registration query
query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
query=$query'"agreement":"'$agreement'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Creating ACME account
url="$API/acme/new-acct"
payload='{"termsOfServiceAgreed": true}'
answer=$(query_le_v2 "$url" "$payload" "$nonce")
kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
# Checking answer status
status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
if [[ "${status:0:2}" -ne "20" ]]; then
check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
# Checking http answer status
if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
check_result $E_CONNECT "LetsEncrypt account registration $status"
fi
@ -123,17 +99,12 @@ fi
#----------------------------------------------------------#
# Adding le.conf
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
chmod 660 $USER_DATA/ssl/le.conf
else
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"

106
bin/v-add-sys-mail-ssl
View file

@ -1,106 +0,0 @@
#!/bin/bash
# info: copy mail ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to mail SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/mail.crt"
vst_key="$VESTA/ssl/mail.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old >/dev/null 2>&1
mv $vst_key $vst_key.old >/dev/null 2>&1
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Updating vesta.conf
if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

97
bin/v-add-sys-vesta-ssl
View file

@ -1,97 +0,0 @@
#!/bin/bash
# info: add vesta ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to vesta SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old
mv $vst_key $vst_key.old
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
if [ ! -z "$FTP_SYSTEM" ]; then
$BIN/v-restart-service "$FTP_SYSTEM"
fi
if [ -e "/var/run/vesta-nginx.pid" ]; then
kill -HUP $(cat /var/run/vesta-nginx.pid)
else
service vesta restart
fi
fi
# Updating vesta.conf
if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

19
bin/v-add-web-domain
View file

@ -48,8 +48,6 @@ is_object_unsuspended 'user' 'USER' "$user"
is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
is_domain_new 'web' "$domain,$aliases"
is_dir_symlink $HOMEDIR/$user/web
if_dir_exists $HOMEDIR/$user/web/$domain
is_dir_symlink $HOMEDIR/$user/web/$domain
if [ ! -z "$ip" ]; then
is_ip_valid "$ip" "$user"
else
@ -65,7 +63,7 @@ fi
source $USER_DATA/user.conf
# Creating domain directories
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \
@ -82,7 +80,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
$HOMEDIR/$user/web/$domain/logs/
# Adding domain skeleton
sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
sed -i "s/%domain%/$domain/g" $file
done
@ -91,9 +89,9 @@ done
chown -R $user:$user $HOMEDIR/$user/web/$domain
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
# Addding PHP-FPM backend
if [ ! -z "$WEB_BACKEND" ]; then
@ -115,12 +113,9 @@ if [ "$aliases" = 'none' ]; then
ALIAS=''
else
ALIAS="www.$domain"
if [ -z "$aliases" ]; then
ALIAS="www.$domain"
else
ALIAS="$aliases"
if [ ! -z "$aliases" ]; then
ALIAS="$ALIAS,$aliases"
fi
ip_alias=$(get_ip_alias $domain)
if [ ! -z "$ip_alias" ]; then
ALIAS="$ALIAS,$ip_alias"

2
bin/v-add-web-domain-backend
View file

@ -46,7 +46,7 @@ fi
# Allocating backend port
backend_port=9000
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
ports=$(echo "$ports" |sed "s/://" |sort -n)
for port in $ports; do
if [ "$backend_port" -eq "$port" ]; then

2
bin/v-add-web-domain-ftp
View file

@ -84,7 +84,7 @@ fi
/usr/sbin/useradd $ftp_user \
-s $shell \
-o -u $(id -u $user) \
-g $(id -g $user) \
-g $(id -u $user) \
-M -d "$ftp_path_a" > /dev/null 2>&1
# Set ftp user password

22
bin/v-add-web-domain-ssl
View file

@ -120,22 +120,6 @@ check_result $? "Web restart failed" >/dev/null
$BIN/v-restart-proxy $restart
check_result $? "Proxy restart failed" >/dev/null
# Updating system ssl dependencies
if [ ! -z "$VESTA_CERTIFICATE" ]; then
crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
hostname=$(hostname)
if [ "$hostname" = "$domain" ]; then
@ -143,12 +127,6 @@ if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
fi
fi
UPDATE_SSL_SCRIPT=''
source $VESTA/conf/vesta.conf
if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
eval "$UPDATE_SSL_SCRIPT $user $domain"
fi
# Logging
log_history "enabled ssl support for $domain"
log_event "$OK" "$ARGUMENTS"

31
bin/v-backup-user
View file

@ -216,32 +216,24 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
cp $USER_DATA/ssl/$domain.* vesta/
fi
# Changin dir to documentroot
cd $HOMEDIR/$user/web/$domain
# Define exclude arguments
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
set -f
fargs=()
fargs+=(--exclude='./logs/*')
fargs+=(--exclude='logs/*')
if [ ! -z "$exlusion" ]; then
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
for xpath in $xdirs; do
if [ -d "$xpath" ]; then
fargs+=(--exclude=$xpath/*)
echo "$(date "+%F %T") excluding directory $xpath"
msg="$msg\n$(date "+%F %T") excluding directory $xpath"
else
echo "$(date "+%F %T") excluding file $xpath"
msg="$msg\n$(date "+%F %T") excluding file $xpath"
fargs+=(--exclude=$xpath)
fi
done
fi
set +f
# Backup files
tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
cd $HOMEDIR/$user/web/$domain
tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
done
# Print total
@ -460,15 +452,11 @@ if [ "$USER" != '*' ]; then
fi
fargs=()
for xpath in $(echo "$USER" |tr ',' '\n'); do
if [ -d "$xpath" ]; then
fargs+=(--exclude=$xpath/*)
fargs+=(-not)
fargs+=(-path)
fargs+=("./$xpath*")
echo "$(date "+%F %T") excluding directory $xpath" |\
tee -a $BACKUP/$user.log
else
echo "$(date "+%F %T") excluding file $xpath" |\
tee -a $BACKUP/$user.log
fargs+=(--exclude=$xpath)
fi
done
IFS=$'\n'
@ -479,12 +467,11 @@ if [ "$USER" != '*' ]; then
exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
if [ -z "$exclusion" ]; then
((i ++))
udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g")
udir_list="$udir_list $udir_str"
udir_list="$udir_list $udir"
echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
# Backup files and dirs
tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
fi
done
set +f
@ -595,7 +582,7 @@ ftp_backup() {
fi
# Debug info
echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar"
echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
# Checking ftp connection
fconn=$(ftpc)

3
bin/v-backup-users
View file

@ -28,9 +28,6 @@ if [ -z "$BACKUP_SYSTEM" ]; then
exit
fi
for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
log=$VESTA/log/backup.log
if [ ! -z "$check_suspend" ]; then

5
bin/v-change-mail-account-password
View file

@ -52,11 +52,8 @@ salt=$(generate_password "$PW_MATRIX" "8")
md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
quota=$(grep $account $VESTA/data/users/${user}/mail/${domain}.conf)
quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
str="$account:$md5:$user:mail::$HOMEDIR/$user:${quota}M"
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
fi

1
bin/v-change-sys-config-value
View file

@ -28,7 +28,6 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
check_args '2' "$#" 'KEY VALUE'
is_format_valid 'key'
format_no_quotes "$value" 'value'
#----------------------------------------------------------#
# Action #

13
bin/v-change-sys-service-config
View file

@ -63,7 +63,6 @@ case $service in
spamd) dst=$($BIN/v-list-sys-spamd-config plain);;
spamassassin) dst=$($BIN/v-list-sys-spamd-config plain);;
clamd) dst=$($BIN/v-list-sys-clamd-config plain);;
clamd.scan) dst=$($BIN/v-list-sys-clamd-config plain);;
cron) dst='/etc/crontab';;
crond) dst='/etc/crontab';;
fail2ban) dst='/etc/fail2ban/jail.local';;
@ -96,21 +95,13 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
if [ "$service" = 'php' ]; then
if [ "$WEB_SYSTEM" = "nginx" ]; then
if [ $(ps --no-headers -o comm 1) == systemd ]; then
service=$(systemctl | grep -o -E "php.*fpm.*\.service")
service=${service//.service/}
else
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
fi
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
else
service=$WEB_SYSTEM
fi
fi
for single_service in $service; do
service $single_service restart >/dev/null 2>&1
done <<< "$service"
service $service restart >/dev/null 2>&1
if [ $? -ne 0 ]; then
for config in $dst; do
cat $config.vst.back > $config

33
bin/v-change-user-package
View file

@ -16,12 +16,16 @@ force=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
is_package_avalable() {
source $USER_DATA/user.conf
usr_data=$(cat $USER_DATA/user.conf)
IFS=$'\n'
for key in $usr_data; do
eval ${key%%=*}=${key#*=}
done
WEB_DOMAINS='0'
DATABASES='0'
MAIL_DOMAINS='0'
@ -29,13 +33,9 @@ is_package_avalable() {
DISK_QUOTA='0'
BANDWIDTH='0'
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
IFS=$'\n'
for str in $pkg_data; do
key=$(echo $str |cut -f 1 -d =)
value=$(echo $str |cut -f 2 -d \')
eval $key="$value"
done
pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
grep -v DATE)
eval $pkg_data
# Checking usage agains package limits
if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@ -73,22 +73,11 @@ is_package_avalable() {
check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
fi
fi
# Checking templates
is_web_template_valid $WEB_TEMPLATE
is_dns_template_valid $DNS_TEMPLATE
is_proxy_template_valid $PROXY_TEMPLATE
}
change_user_package() {
source $USER_DATA/user.conf
pkg_data=$(cat $VESTA/data/packages/$package.pkg| egrep -v "TIME|DATE")
IFS=$'\n'
for str in $pkg_data; do
key=$(echo $str |cut -f 1 -d =)
value=$(echo $str |cut -f 2 -d \')
eval $key="$value"
done
eval $(cat $USER_DATA/user.conf)
eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
echo "FNAME='$FNAME'
LNAME='$LNAME'
PACKAGE='$package'

7
bin/v-change-user-password
View file

@ -13,10 +13,6 @@
user=$1
password=$2; HIDE=2
# Importing system enviroment as we run this script
# mostly by cron wich not read it by itself
source /etc/profile
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
@ -26,9 +22,6 @@ source $VESTA/conf/vesta.conf
# Verifications #
#----------------------------------------------------------#
if [ "$user" = "root" ]; then
check_result $E_FORBIDEN "Changing root password is forbiden"
fi
check_args '2' "$#" 'USER PASSWORD'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"

60
bin/v-change-vesta-port
View file

@ -1,60 +0,0 @@
#!/bin/bash
# info: change vesta port
# options: port
#
# Function will change vesta port
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
port=$1
if [ -z "$VESTA" ]; then
VESTA="/usr/local/vesta"
fi
# Get current vesta port by reading nginx.conf
oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
if [ -z "$oldport" ]; then
oldport=8083
fi
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Checking permissions
if [ "$(id -u)" != '0' ]; then
check_result $E_FORBIDEN "You must be root to execute this script"
fi
check_args '1' "$#" 'PORT'
is_int_format_valid "$port" 'port number'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
fi
sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
$VESTA/bin/v-update-firewall
systemctl restart fail2ban.service
sed -i "s| $oldport | $port |g" /etc/iptables.rules
systemctl restart vesta
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit 0;

2
bin/v-change-web-domain-backend-tpl
View file

@ -52,7 +52,7 @@ rm -f $pool/$backend_type.conf
# Allocating backend port
backend_port=9000
ports=$(grep listen $pool/* 2>/dev/null |grep -o :[0-9].*)
ports=$(grep -v '^;' $pool/* 2>/dev/null |grep listen |grep -o :[0-9].*)
ports=$(echo "$ports" |sed "s/://" |sort -n)
for port in $ports; do
if [ "$backend_port" -eq "$port" ]; then

162
bin/v-check-letsencrypt-domain Executable file
View file

@ -0,0 +1,162 @@
#!/bin/bash
# info: check letsencrypt domain
# options: USER DOMAIN
#
# The function check and validates domain with LetsEncript
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Additional argument formatting
format_domain_idn
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
if [ -z "$rdomain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
r_domain=$(echo "$rdomain" |cut -f 2 -d \')
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
query='{"resource":"new-authz","identifier"'
query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
# Checking http answer status
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
if [[ "$status" -ne "201" ]]; then
check_result $E_CONNECT "LetsEncrypt challenge request $status"
fi
# Parsing domain nonce,token and uri
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
# Adding location wrapper for request challenge
if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$thumb'";' >> $conf
echo '}' >> $conf
fi
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
else
acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
if [ ! -d "$acme" ]; then
mkdir -p $acme
fi
echo "$token.$thumb" > $acme/$token
chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
fi
# Restarting web server
if [ -z "$PROXY_SYSTEM" ]; then
$BIN/v-restart-web
check_result $? "Proxy restart failed" >/dev/null
else
$BIN/v-restart-proxy
$BIN/v-restart-web
check_result $? "Web restart failed" >/dev/null
fi
# Defining ACME query (request validation)
query='{"resource":"challenge","type":"http-01","keyAuthorization"'
query=$query':"'$token.$thumb'","token":"'$token'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$uri")
# Checking domain validation status
i=1
status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
while [ "$status" = 'pending' ]; do
answer=$(curl -s -i "$location")
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
sleep 1
i=$((i + 1))
if [ "$i" -gt 60 ]; then
check_result $E_CONNECT "$detail"
fi
done
if [ "$status" = 'invalid' ]; then
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
check_result $E_CONNECT "$detail"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

2
bin/v-deactivate-vesta-license
View file

@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
# Activating license
v_host='https://vestacp.com/checkout'
answer=$(curl -s "$v_host/cancel.php?licence_key=$license&module=$module")
answer=$(curl -s $v_host/cancel.php?licence_key=$license)
check_result $? "cant' connect to vestacp.com " $E_CONNECT
# Checking server answer

2
bin/v-delete-mail-domain
View file

@ -56,7 +56,7 @@ fi
# Deleting dkim dns record
if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
records=$($BIN/v-list-dns-records $user $domain plain)
dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
for id in $dkim_records; do
$BIN/v-delete-dns-record $user $domain $id
done

75
bin/v-delete-sys-mail-ssl
View file

@ -1,75 +0,0 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
# Moving old certificates
if [ -e "$VESTA/ssl/mail.crt" ]; then
mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
fi
if [ -e "VESTA/ssl/mail.key" ]; then
mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
fi
# Updating vesta.conf value
sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

37
bin/v-delete-sys-vesta-ssl
View file

@ -1,37 +0,0 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Updating vesta.conf value
sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

2
bin/v-delete-user-favourites
View file

@ -32,8 +32,6 @@ case $system in
DNS_REC) is_format_valid 'id' ;;
*) is_format_valid 'object'
esac
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"

8
bin/v-delete-web-domain-ssl
View file

@ -57,13 +57,7 @@ fi
# Deleting old certificate
tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
# remove certificate files - do not use wildcard, as this might remove other domains
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
mv $USER_DATA/ssl/$domain.* $tmpdir
chown -R $user:$user $tmpdir

2
bin/v-extract-fs-archive
View file

@ -82,7 +82,7 @@ fi
# Extracting ziped archive
if [ ! -z "$(echo $src_file |grep -i '.zip')" ]; then
sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
rc=$?
fi

2
bin/v-generate-ssl-cert
View file

@ -67,7 +67,7 @@ fi
args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
check_args '7' "$#" "$args_usage"
is_format_valid 'domain' 'alias' 'format'
is_format_valid 'domain_alias' 'format'
#----------------------------------------------------------#

1
bin/v-list-dns-domain
View file

@ -71,7 +71,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'dns' 'DOMAIN' "$domain"

11
bin/v-list-letsencrypt-user
View file

@ -23,8 +23,7 @@ json_list() {
"EMAIL": "'$EMAIL'",
"EXPONENT": "'$EXPONENT'",
"MODULUS": "'$MODULUS'",
"THUMB": "'$THUMB'",
"KID": "'$KID'"
"THUMB: "'$THUMB'"
}'
echo '}'
}
@ -36,18 +35,17 @@ shell_list() {
echo "THUMB: $THUMB"
echo "EXPONENT: $EXPONENT"
echo "MODULUS: $MODULUS"
echo "KID: $KID"
}
# PLAIN list function
plain_list() {
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID"
echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB"
}
# CSV list function
csv_list() {
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID"
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID"
echo "USER,EMAIL,EXPONENT,MODULUS,THUMB"
echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB"
}
@ -56,7 +54,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"

3
bin/v-list-mail-domain-dkim-dns
View file

@ -57,7 +57,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'mail' 'DOMAIN' "$domain"
@ -68,7 +67,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
# Parsing domain keys
if [ -e "$USER_DATA/mail/$domain.pub" ]; then
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----")
pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
else
pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"

19
bin/v-list-sys-config
View file

@ -51,9 +51,7 @@ json_list() {
"MAIL_URL": "'$MAIL_URL'",
"DB_PMA_URL": "'$DB_PMA_URL'",
"DB_PGA_URL": "'$DB_PGA_URL'",
"SOFTACULOUS": "'$SOFTACULOUS'",
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
"SOFTACULOUS": "'$SOFTACULOUS'"
}
}'
}
@ -140,12 +138,6 @@ shell_list() {
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
echo "Language: $LANGUAGE"
fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
echo "Mail SSL: $MAIL_CERTIFICATE"
fi
if [ ! -z "$VESTA_CERTIFICATE" ]; then
echo "Vesta SSL: $VESTA_CERTIFICATE"
fi
echo "Version: $VERSION"
}
@ -159,8 +151,7 @@ plain_list() {
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
echo -e "$VESTA_CERTIFICATE"
echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL"
}
@ -174,8 +165,7 @@ csv_list() {
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'"
echo
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@ -186,7 +176,6 @@ csv_list() {
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
echo
}
@ -198,7 +187,7 @@ csv_list() {
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
plain) shell_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac

135
bin/v-list-sys-mail-ssl
View file

@ -1,135 +0,0 @@
#!/bin/bash
# info: list mail ssl certificate
# options: [FORMAT]
#
# The function of obtaining mail ssl files.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
echo '{'
echo -e "\t\"MAIL\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CA\": \"$ca\","
echo " \"SUBJECT\": \"$subj\","
echo " \"ALIASES\": \"$alt_dns\","
echo " \"NOT_BEFORE\": \"$before\","
echo " \"NOT_AFTER\": \"$after\","
echo " \"SIGNATURE\": \"$signature\","
echo " \"PUB_KEY\": \"$pub_key\","
echo " \"ISSUER\": \"$issuer\""
echo -e "\t}\n}"
}
# SHELL list function
shell_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$crt" ]; then
echo
echo
echo "SUBJECT: $subj"
if [ ! -z "$alt_dns" ]; then
echo "ALIASES: ${alt_dns//,/ }"
fi
echo "VALID FROM: $before"
echo "VALID TIL: $after"
echo "SIGNATURE: $signature"
echo "PUB_KEY: $pub_key"
echo "ISSUER: $issuer"
fi
}
# PLAIN list function
plain_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$ca" ]; then
echo -e "\n$ca"
fi
if [ ! -z "$crt" ]; then
echo "$subj"
echo "${alt_dns//,/ }"
echo "$before"
echo "$after"
echo "$signature"
echo "$pub_key"
echo "$issuer"
fi
}
# CSV list function
csv_list() {
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
echo "PUB_KEY,ISSUER"
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing SSL certificate
if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
exit
fi
crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
# Parsing SSL certificate details without CA
info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

1
bin/v-list-user
View file

@ -154,7 +154,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"

1
bin/v-list-user-backup
View file

@ -75,7 +75,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '2' "$#" 'USER BACKUP [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'backup' 'BACKUP' "$backup"

2
bin/v-list-user-backups
View file

@ -22,7 +22,7 @@ json_list() {
i=1
objects=$(grep BACKUP $USER_DATA/backup.conf |wc -l)
echo "{"
while read -r str; do
while read str; do
eval $str
echo -n ' "'$BACKUP'": {
"TYPE": "'$TYPE'",

8
bin/v-list-user-package
View file

@ -22,7 +22,6 @@ json_list() {
echo '{'
echo ' "'$PACKAGE'": {
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
"WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -48,7 +47,6 @@ json_list() {
shell_list() {
echo "PACKAGE: $PACKAGE"
echo "WEB TEMPLATE: $WEB_TEMPLATE"
echo "BACKEND_TEMPLATE: $BACKEND_TEMPLATE"
echo "PROXY TEMPLATE: $PROXY_TEMPLATE"
echo "DNS TEMPLATE: $DNS_TEMPLATE"
echo "WEB DOMAINS: $WEB_DOMAINS"
@ -70,7 +68,7 @@ shell_list() {
# PLAIN list function
plain_list() {
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -78,11 +76,11 @@ plain_list() {
# CSV list function
csv_list() {
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"

9
bin/v-list-user-packages
View file

@ -27,7 +27,6 @@ json_list() {
source $VESTA/data/packages/$package
echo -n ' "'$PACKAGE'": {
"WEB_TEMPLATE": "'$WEB_TEMPLATE'",
"BACKEND_TEMPLATE": "'$BACKEND_TEMPLATE'",
"PROXY_TEMPLATE": "'$PROXY_TEMPLATE'",
"DNS_TEMPLATE": "'$DNS_TEMPLATE'",
"WEB_DOMAINS": "'$WEB_DOMAINS'",
@ -66,7 +65,7 @@ shell_list() {
package_data=$(cat $VESTA/data/packages/$package)
package_data=$(echo "$package_data" |sed -e 's/unlimited/unlim/g')
eval $package_data
echo -n "$PACKAGE $WEB_TEMPLATE $BACKEND_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
echo -n "$PACKAGE $WEB_TEMPLATE $WEB_DOMAINS $DNS_DOMAINS "
echo "$MAIL_DOMAINS $DATABASES $SHELL $DISK_QUOTA $BANDWIDTH"
done
}
@ -76,7 +75,7 @@ plain_list() {
for package in $packages; do
source $VESTA/data/packages/$package
PACKAGE=${package/.pkg/}
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
echo -ne "$PACKAGE\t$WEB_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
echo -ne "$WEB_DOMAINS\t$WEB_ALIASES\t$DNS_DOMAINS\t$DNS_RECORDS\t"
echo -ne "$MAIL_DOMAINS\t$MAIL_ACCOUNTS\t$DATABASES\t$CRON_JOBS\t"
echo -e "$DISK_QUOTA\t$BANDWIDTH\t$NS\t$SHELL\t$BACKUPS\t$TIME\t$DATE"
@ -85,13 +84,13 @@ plain_list() {
# CSV list function
csv_list() {
echo -n "PACKAGE,WEB_TEMPLATE,BACKEND_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
echo -n "PACKAGE,WEB_TEMPLATE,PROXY_TEMPLATE,DNS_TEMPLATE,"
echo -n "WEB_DOMAINS,WEB_ALIASES,DNS_DOMAINS,DNS_RECORDS,"
echo -n "MAIL_DOMAINS,MAIL_ACCOUNTS,DATABASES,CRON_JOBS,"
echo "DISK_QUOTA,BANDWIDTH,NS,SHELL,BACKUPS,TIME,DATE"
for package in $packages; do
PACKAGE=${package/.pkg/}
echo -n "$PACKAGE,$WEB_TEMPLATE,$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
echo -n "$PACKAGE,$WEB_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
echo -n "$WEB_DOMAINS,$WEB_ALIASES,$DNS_DOMAINS,$DNS_RECORDS,"
echo -n "$MAIL_DOMAINS,$MAIL_ACCOUNTS,$DATABASES,$CRON_JOBS,"
echo "$DISK_QUOTA,$BANDWIDTH,\"$NS\",$SHELL,$BACKUPS,$TIME,$DATE"

1
bin/v-list-user-stats
View file

@ -115,7 +115,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"

25
bin/v-list-users
View file

@ -15,14 +15,9 @@ format=${1-shell}
# JSON list function
json_list() {
echo '{'
object_count=$(grep '@' /etc/passwd |wc -l)
i=1
while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
if [ $i -gt 1 ]; then
echo ","
fi
source $VESTA/data/users/$USER/user.conf
echo -n ' "'$USER'": {
"FNAME": "'$FNAME'",
@ -79,8 +74,14 @@ json_list() {
"TIME": "'$TIME'",
"DATE": "'$DATE'"
}'
if [ "$i" -lt "$object_count" ]; then
echo ','
else
echo
fi
((i++))
done < <(grep '@' /etc/passwd |cut -f1 -d:)
echo '}'
}
@ -89,9 +90,6 @@ shell_list() {
echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE"
echo "---- --- --- --- --- -- ---- -- ---- ----"
while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf
echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS"
echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE"
@ -101,9 +99,6 @@ shell_list() {
# PLAIN list function
plain_list() {
while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf
echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t"
echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t"
@ -136,9 +131,6 @@ csv_list() {
echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES"
echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE"
while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
source $VESTA/data/users/$USER/user.conf
echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE,"
echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE,"
@ -159,9 +151,6 @@ csv_list() {
# Raw list function
raw_list() {
while read USER; do
if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then
continue;
fi
echo $VESTA/data/users/$USER/user.conf
cat $VESTA/data/users/$USER/user.conf
done < <(grep '@' /etc/passwd |cut -f1 -d:)

1
bin/v-list-web-domain
View file

@ -110,7 +110,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"

4
bin/v-list-web-domain-ssl
View file

@ -19,7 +19,6 @@ source $VESTA/func/main.sh
# JSON list function
json_list() {
issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g")
echo '{'
echo -e "\t\"$domain\": {"
echo " \"CRT\": \"$crt\","
@ -98,7 +97,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
@ -112,7 +110,7 @@ if [ -e "$USER_DATA/ssl/$domain.crt" ]; then
crt=$(cat $USER_DATA/ssl/$domain.crt |sed ':a;N;$!ba;s/\n/\\n/g')
info=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =|cut -f 2 -d \")
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )

1
bin/v-list-web-domains
View file

@ -100,7 +100,6 @@ csv_list() {
#----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"

6
bin/v-restart-proxy
View file

@ -50,13 +50,7 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
fi
# Restart system
if [ ! -f "/etc/debian_version" ]; then
service $PROXY_SYSTEM restart >/dev/null 2>&1
else
systemctl reset-failed $PROXY_SYSTEM
systemctl restart $PROXY_SYSTEM > /dev/null 2>&1
fi
if [ $? -ne 0 ]; then
send_email_report
check_result $E_RESTART "$PROXY_SYSTEM restart failed"

35
bin/v-restore-user
View file

@ -56,7 +56,6 @@ ftpc() {
quote USER $USERNAME
quote PASS $PASSWORD
binary
lcd $BACKUP
$1
$2
$3
@ -290,7 +289,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
if [ -z "$web" ] || [ "$web" = '*' ]; then
domains="$backup_domains"
else
echo "$web" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
fi
@ -407,21 +406,15 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
fi
# Restoring web domain data
chown $user $tmpdir
chmod u+w $HOMEDIR/$user/web/$domain
sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
-C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \
2> $HOMEDIR/$user/web/$domain/restore_errors.log
if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
-C $HOMEDIR/$user/web/$domain/
if [ "$?" -ne 0 ]; then
rm -rf $tmpdir
error="can't unpack $domain data tarball"
echo "$error" |$SENDMAIL -s "$subj" $email $notify
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
check_result "$E_PARSING" "$error"
fi
#if [ "$?" -ne 0 ]; then
# rm -rf $tmpdir
# error="can't unpack $domain data tarball"
# echo "$error" |$SENDMAIL -s "$subj" $email $notify
# sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
# check_result "$E_PARSING" "$error"
#fi
# Applying Fix for tar < 1.24
find $HOMEDIR/$user/web/$domain -type d \
@ -459,7 +452,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
if [ -z "$dns" ] || [ "$dns" = '*' ]; then
domains="$backup_domains"
else
echo "$dns" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
fi
@ -539,7 +532,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
if [ -z "$mail" ] || [ "$mail" = '*' ]; then
domains="$backup_domains"
else
echo "$mail" | tr ',' '\n' | sed -e "s/^/^/" > $tmpdir/selected.txt
echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
fi
@ -599,9 +592,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
# Restoring emails
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
chown $user $tmpdir
chmod u+w $HOMEDIR/$user/mail/$domain_idn
sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
-C $HOMEDIR/$user/mail/$domain_idn/
if [ "$?" -ne 0 ]; then
rm -rf $tmpdir
@ -636,7 +627,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
if [ -z "$db" ] || [ "$db" = '*' ]; then
databases="$backup_databases"
else
echo "$db" |tr ',' '\n' | sed -e "s/$/$/" > $tmpdir/selected.txt
echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
fi

14
bin/v-schedule-user-restore
View file

@ -23,19 +23,6 @@ udir=$8
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# Check backup ownership function
is_backup_available() {
passed=false
if [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
passed=true
elif [[ $2 =~ ^$1.[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9].tar$ ]]; then
passed=true
fi
if [ $passed = false ]; then
check_result $E_FORBIDEN "permission denied"
fi
}
#----------------------------------------------------------#
# Verifications #
@ -47,7 +34,6 @@ is_system_enabled "$BACKUP_SYSTEM" 'BACKUP_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_backup_enabled
is_backup_scheduled 'restore'
is_backup_available "$user" "$backup"
#----------------------------------------------------------#

23
bin/v-search-object
View file

@ -84,22 +84,6 @@ OLD_IFS=$IFS
IFS=$'\n'
# User loop
search_user=$(ls -1 $VESTA/data/users |grep $object)
for user in $search_user; do
if [ -e "$VESTA/data/users/$user/user.conf" ]; then
source $VESTA/data/users/$user/user.conf
((i ++))
type=$(echo $type|cut -f1 -d \.)
str="ID='$i' USER='$user' TYPE='user' KEY='$user'"
str="$str RESULT='$user' ALIAS=''"
str="$str LINK='$user' PARENT=''"
str="$str SUSPENDED='$SUSPENDED' TIME='$TIME'"
str="$str DATE='$DATE'"
echo $str >> $conf
fi
done
# User data loop
for user in $(ls $VESTA/data/users/); do
# Search query
search=$(grep "$object" \
@ -170,13 +154,12 @@ for user in $(ls $VESTA/data/users/); do
# DNS Records
if [ "$type" = 'dns' ]; then
if [ -n "$(echo $RECORD $VALUE |grep $object)" ]; then
dom="$(echo $row|cut -f 1 -d :|cut -f 9 -d /|sed 's/.conf//')"
if [ -n "$(echo $RECORD |grep $object)" ]; then
key="RECORD"
result="$RECORD.$dom"
result="$RECORD.$DOMAIN"
suspended=$SUSPENDED
object_link=$ID
object_parent=$dom
object_parent=$DOMAIN
object_time=$TIME
object_date=$DATE
((i ++))

93
bin/v-search-ssl-certificates
View file

@ -1,93 +0,0 @@
#!/bin/bash
# info: search ssl certificates
# options: [FORMAT]
#
# The function to obtain the list of available ssl certificates.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
IFS=$'\n'
objects=$(echo "$search_cmd" |wc -l)
i=1
echo '['
for str in $search_cmd; do
eval $str
if [ "$i" -lt "$objects" ]; then
echo -e "\t\"$USER:$DOMAIN\","
else
echo -e "\t\"$USER:$DOMAIN\""
fi
(( ++i))
done
echo "]"
}
# SHELL list function
shell_list() {
IFS=$'\n'
echo "USER DOMAIN"
echo "---- ------"
for str in $search_cmd; do
eval $str
echo "$USER $DOMAIN"
done
}
# PLAIN list function
plain_list() {
IFS=$'\n'
for str in $search_cmd; do
eval $str
echo -e "$USER\t$DOMAIN"
done
}
# CSV list function
csv_list() {
IFS=$'\n'
echo "USER,DOMAIN"
for str in $search_cmd; do
eval $str
echo "$USER,$DOMAIN"
done
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
cut -f 1 -d ' ' |\
sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list |column -t ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

110
bin/v-sign-letsencrypt-csr Executable file
View file

@ -0,0 +1,110 @@
#!/bin/bash
# info: sing letsencrypt csr
# options: USER DOMAIN CSR_DIR [FORMAT]
#
# The function signs certificate request using LetsEncript API
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
csr="$3/$domain.csr"
format=$4
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '3' "$#" 'USER DOMAIN CSR'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
if [ -z "$check_domain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
if [ ! -e "$csr" ]; then
check_result $E_NOTEXIST "$csr doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
csr=$(openssl req -in $csr -outform DER |encode_base64)
query='{"resource":"new-cert","csr":"'$csr'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(mktemp)
curl -s -d "$data" "$api/acme/new-cert" -o $answer
if [ ! -z "$(grep Error $answer)" ]; then
detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
detail=$(echo "$detail" |awk -F "::" '{print $2}')
rm $answer
check_result $E_LIMIT "$detail"
fi
# Printing certificate
crt=$(cat "$answer" |openssl base64 -e)
rm $answer
if [ "$format" != 'json' ]; then
echo "-----BEGIN CERTIFICATE-----"
echo "$crt"
echo "-----END CERTIFICATE-----"
else
echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
echo -n '-----BEGIN CERTIFICATE-----\n'
echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
echo -n '-----END CERTIFICATE-----'
echo -e "\"\n\t\t}\n\t}"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

3
bin/v-unsuspend-mail-account
View file

@ -48,9 +48,6 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
if [[ "$MAIL_SYSTEM" =~ exim ]]; then
md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
if [ "$quota" = 'unlimited' ]; then
quota=0
fi
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd

5
bin/v-update-firewall
View file

@ -51,6 +51,11 @@ if [ $? -ne 0 ]; then
conntrack_ftp='no'
fi
# Checking custom OpenSSH port
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then
sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
fi
# Creating temporary file
tmp=$(mktemp)

71
bin/v-update-letsencrypt-ssl
View file

@ -22,63 +22,46 @@ source $VESTA/conf/vesta.conf
# Action #
#----------------------------------------------------------#
lecounter=0
hostname=$(hostname)
# Defining user list
users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
# Checking user certificates
for user in $($BIN/v-list-users plain |cut -f 1); do
# Checking users
for user in $users; do
USER_DATA=$VESTA/data/users/$user
# Checking user certificates
lecounter=0
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
limit_check=1
fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
if [[ "$hostname" = "$domain" ]]; then
if [[ "$fail_counter" -eq 7 ]]; then
limit_check=0
fi
if [[ "$fail_counter" -eq 8 ]]; then
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
fi
fi
if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
# echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
continue;
fi
crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
expiration=$(date -d "$not_after" +%s)
crt="$VESTA/data/users/$user/ssl/$domain.crt"
crt_data=$(openssl x509 -text -in "$crt")
expire=$(echo "$crt_data" |grep "Not After")
expire=$(echo "$expire" |cut -f 2,3,4 -d :)
expire=$(date -d "$expire" +%s)
now=$(date +%s)
seconds_valid=$((expiration - now))
days_valid=$((seconds_valid / 86400))
if [[ "$days_valid" -lt 31 ]]; then
if [ $lecounter -gt 0 ]; then
sleep 120
fi
((lecounter++))
expire=$((expire - now))
expire=$((expire / 86400))
domain=$(basename $crt |sed -e "s/.crt$//")
if [[ "$expire" -lt 31 ]]; then
aliases=$(echo "$crt_data" |grep DNS:)
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//")
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
aliases=$(echo "$aliases" |grep -v "^$domain$")
if [ ! -z "$aliases" ]; then
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
if [ $? -ne 0 ]; then
if [[ $msg == *"is suspended" ]]; then
echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
else
echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
echo "$domain $msg"
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
echo "fail_counter = $fail_counter"
fi
else
msg==$($BIN/v-add-letsencrypt-domain $user $domain)
if [ $? -ne 0 ]; then
echo "$domain $msg"
fi
fi
if [ $lecounter -gt 0 ]; then
sleep 10
fi
((lecounter++))
fi
done
done

2
bin/v-update-sys-ip
View file

@ -44,7 +44,7 @@ if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
fi
# Updating configs
if [ ! -z "$old" ]; then
if [ ! -z "$new" ]; then
mv $VESTA/data/ips/$old $VESTA/data/ips/$new
# Updating PROXY

8
bin/v-update-sys-rrd-mem
View file

@ -61,13 +61,13 @@ fi
# Parsing data
if [ "$period" = 'daily' ]; then
mem=$(free -m)
used=$(echo "$mem" |awk '(NR == 2)' |awk '{print $3}')
used=$(echo "$mem" |grep Mem |awk '{print $3}')
if [ -z "$(echo "$mem" | grep available)" ]; then
free=$(echo "$mem" |grep buff/cache |awk '{print $4}')
free=$(echo "$mem" |grep buffers/cache |awk '{print $4}')
else
free=$(echo "$mem" |awk '(NR == 2)' |awk '{print $7}')
free=$(echo "$mem" |grep Mem |awk '{print $7}')
fi
swap=$(echo "$mem" |awk '(NR == 3)' |awk '{print $3}')
swap=$(echo "$mem" |grep Swap |awk '{print $3}')
# Updating rrd
rrdtool update $RRD/mem/mem.rrd N:$used:$swap:$free

2
bin/v-update-sys-rrd-pgsql
View file

@ -85,7 +85,7 @@ for host in $hosts; do
# Parsing data
q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
FROM pg_stat_database;'
status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?"
if [ '0' -ne "$code" ]; then
active=0
slow=0

22
bin/v-update-sys-vesta
View file

@ -28,32 +28,12 @@ source $VESTA/conf/vesta.conf
# Checking arg number
check_args '1' "$#" 'PACKAGE'
valid=0
if [ "$package" = "vesta" ]; then
valid=1
fi
if [ "$package" = "vesta-nginx" ]; then
valid=1
fi
if [ "$package" = "vesta-php" ]; then
valid=1
fi
if [ "$package" = "vesta-ioncube" ]; then
valid=1
fi
if [ "$package" = "vesta-softaculous" ]; then
valid=1
fi
if [ $valid -eq 0 ]; then
echo "Package $package is not valid"
exit 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ -n "$(command -v yum)" ]; then
if [ -d "/etc/sysconfig" ]; then
# Clean yum chache
yum -q clean all

1
bin/v-update-user-counters
View file

@ -53,7 +53,6 @@ for user in $user_list; do
IP_OWNED=0
U_USERS=0
U_DISK=0
DISK=0
U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS')
if [ -z "$U_DISK_DIRS" ]; then
U_DISK_DIRS=0

3
bin/v-update-user-stats
View file

@ -67,9 +67,6 @@ TOTAL_USERS=0
# Updating user stats
for user in $user_list; do
if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
continue;
fi
USER_DATA=$VESTA/data/users/$user
source $USER_DATA/user.conf
next_month=$(date +'%m/01/%y' -d '+ 1 month')

6
func/db.sh
View file

@ -55,14 +55,14 @@ mysql_query() {
mysql_dump() {
err="/tmp/e.mysql"
mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err
if [ '0' -ne "$?" ]; then
rm -rf $tmpdir
if [ "$notify" != 'no' ]; then
echo -e "Can't dump database $database\n$(cat $err)" |\
$SENDMAIL -s "$subj" $email
fi
echo "Error: dump $database failed\n$(cat $err)"
echo "Error: dump $database failed"
log_event "$E_DB" "$ARGUMENTS"
exit $E_DB
fi
@ -322,7 +322,7 @@ delete_pgsql_database() {
psql_connect $HOST
query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
psql_query "$query" > /dev/null
psql_qyery "$query" > /dev/null
query="DROP DATABASE $database"
psql_query "$query" > /dev/null

28
func/domain.sh
View file

@ -215,11 +215,7 @@ add_web_config() {
fi
fi
trigger="${2/%.tpl/.sh}"
if [[ "$2" =~ stpl$ ]]; then
trigger="${2/%.stpl/.sh}"
fi
trigger="${2/.*pl/.sh}"
if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
$WEBTPL/$1/$WEB_BACKEND/$trigger \
$user $domain $local_ip $HOMEDIR \
@ -289,11 +285,9 @@ del_web_config() {
if [[ "$2" =~ stpl$ ]]; then
conf="$HOMEDIR/$user/conf/web/s$1.conf"
fi
if [ -e "$conf" ]; then
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
sed -i "$top_line,$bottom_line d" $conf
fi
fi
# clean-up for both config styles if there is no more domains
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
if [ "$web_domain" -eq '0' ]; then
@ -343,7 +337,7 @@ is_web_domain_cert_valid() {
check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
fi
openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
openssl s_server -quiet -cert $ssl_dir/$domain.crt \
-key $ssl_dir/$domain.key >> /dev/null 2>&1 &
pid=$!
sleep 0.5
@ -412,24 +406,6 @@ update_domain_zone() {
VALUE=$(idn --quiet -a -t "$VALUE")
fi
# Split long TXT entries into 255 chunks
if [ "$TYPE" = 'TXT' ]; then
txtlength=${#VALUE}
if [ $txtlength -gt 255 ]; then
already_chunked=0
if [[ $VALUE == *"\" \""* ]] || [[ $VALUE == *"\"\""* ]]; then
already_chunked=1
fi
if [ $already_chunked -eq 0 ]; then
if [[ ${VALUE:0:1} = '"' ]]; then
txtlength=$(( $txtlength - 2 ))
VALUE=${VALUE:1:txtlength}
fi
VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
fi
fi
fi
if [ "$SUSPENDED" != 'yes' ]; then
eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
fi

2
func/ip.sh
View file

@ -141,7 +141,7 @@ get_real_ip() {
else
nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
if [ ! -z "$nat" ]; then
echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
fi
fi
}

119
func/main.sh
View file

@ -35,7 +35,6 @@ E_DB=17
E_RRD=18
E_UPDATE=19
E_RESTART=20
E_TEAPOT=418
# Event string for logger
for ((I=1; I <= $# ; I++)); do
@ -213,8 +212,7 @@ is_object_new() {
# Check if object is valid
is_object_valid() {
if [ $2 = 'USER' ]; then
user_vst_dir=$(basename $3)
if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
if [ ! -d "$VESTA/data/users/$3" ]; then
check_result $E_NOTEXIST "$1 $3 doesn't exist"
fi
else
@ -296,20 +294,6 @@ is_dir_symlink() {
fi
}
# Check if file exists
if_file_exists() {
if [[ -f "$1" ]]; then
check_result $E_FORBIDEN "$1 file exists"
fi
}
# Check if directory exists
if_dir_exists() {
if [[ -d "$1" ]]; then
check_result $E_FORBIDEN "$1 directory exists"
fi
}
# Get object value
get_object_value() {
object=$(grep "$2='$3'" $USER_DATA/$1.conf)
@ -675,7 +659,7 @@ is_dbuser_format_valid() {
# DNS record type validator
is_dns_type_format_valid() {
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA'
if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
check_result $E_INVALID "invalid dns record type format :: $1"
fi
@ -831,23 +815,6 @@ is_format_valid_shell() {
exit $E_INVALID
fi
}
format_no_quotes() {
exclude="['|\"]"
if [[ "$1" =~ $exclude ]]; then
check_result "$E_INVALID" "Invalid $2 contains qoutes (\" or ') :: $1"
fi
is_no_new_line_format "$1"
}
is_no_new_line_format() {
test=$(echo "$1" | head -n1 );
if [[ "$test" != "$1" ]]; then
check_result "$E_INVALID" "invalid value :: $1"
fi
}
# Format validation controller
is_format_valid() {
for arg_name in $*; do
@ -856,7 +823,6 @@ is_format_valid() {
case $arg_name in
account) is_user_format_valid "$arg" "$arg_name";;
action) is_fw_action_format_valid "$arg";;
alias) is_alias_format_valid "$arg" ;;
aliases) is_alias_format_valid "$arg" ;;
antispam) is_boolean_format_valid "$arg" 'antispam' ;;
antivirus) is_boolean_format_valid "$arg" 'antivirus' ;;
@ -882,7 +848,6 @@ is_format_valid() {
host) is_object_format_valid "$arg" "$arg_name" ;;
hour) is_cron_format_valid "$arg" $arg_name ;;
id) is_int_format_valid "$arg" 'id' ;;
interface) is_interface_format_valid "$arg" ;;
ip) is_ip_format_valid "$arg" ;;
ip_name) is_domain_format_valid "$arg" 'IP name';;
ip_status) is_ip_status_format_valid "$arg" ;;
@ -968,85 +933,7 @@ format_aliases() {
aliases=$(echo "$aliases" |tr -s '.')
aliases=$(echo "$aliases" |sed -e "s/[.]*$//g")
aliases=$(echo "$aliases" |sed -e "s/^[.]*//")
aliases=$(echo "$aliases" |sed -e "/^$/d")
aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d")
aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//")
fi
}
alter_web_counter() {
user=$1
domain=$2
USER_DATA=$VESTA/data/users/$user
varc=$3
vard="\$${varc}"
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
if [ -z "$counter" ]; then
add_object_key "web" 'DOMAIN' "$domain" "$varc" "TIME"
counter=0
fi
((counter++))
backup_counter=$counter
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "$counter"
counter=$backup_counter
echo $counter
}
reset_web_counter() {
user=$1
domain=$2
USER_DATA=$VESTA/data/users/$user
varc=$3
vard="\$${varc}"
update_object_value 'web' 'DOMAIN' "$domain" "$vard" "0"
}
get_web_counter() {
user=$1
domain=$2
USER_DATA=$VESTA/data/users/$user
varc=$3
vard="\$${varc}"
counter=$(get_object_value 'web' 'DOMAIN' "$domain" "$vard")
if [ -z "$counter" ]; then
counter=0
fi
echo $counter
}
# Simple chmod wrapper that skips symlink files after glob expand
# Taken from HestiaCP
no_symlink_chmod() {
local filemode=$1; shift;
for i in "$@"; do
[[ -L ${i} ]] && continue
chmod "${filemode}" "${i}"
done
}
# $1 = subject
# $2 = body
send_email_to_admin() {
email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf)
email=$(echo "$email" | cut -f 2 -d "'")
if [ -z "$email" ]; then
if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
email=$NOTIFY_ADMIN_FULL_BACKUP
fi
fi
if [ -z "$email" ]; then
return;
fi
echo "$2" | $SENDMAIL -s "$1" "$email" 'yes'
}

19
func/rebuild.sh
View file

@ -51,7 +51,7 @@ rebuild_user_conf() {
mkdir -p $HOMEDIR/$user/conf
chmod a+x $HOMEDIR/$user
chmod a+x $HOMEDIR/$user/conf
chown --no-dereference $user:$user $HOMEDIR/$user
chown $user:$user $HOMEDIR/$user
chown root:root $HOMEDIR/$user/conf
# Update disk pipe
@ -80,7 +80,7 @@ rebuild_user_conf() {
chmod 751 $HOMEDIR/$user/conf/web
chmod 751 $HOMEDIR/$user/web
chmod 771 $HOMEDIR/$user/tmp
chown --no-dereference $user:$user $HOMEDIR/$user/web
chown $user:$user $HOMEDIR/$user/web
if [ -z "$create_user" ]; then
$BIN/v-rebuild-web-domains $user $restart
fi
@ -152,7 +152,7 @@ rebuild_web_domain_conf() {
prepare_web_domain_values
# Rebuilding domain directories
sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \
@ -178,15 +178,14 @@ rebuild_web_domain_conf() {
# Propagating html skeleton
if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
$HOMEDIR/$user/web/$domain/
cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/
fi
# Set folder permissions
no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
chmod 551 $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/stats \
$HOMEDIR/$user/web/$domain/logs
no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
chmod 751 $HOMEDIR/$user/web/$domain/private \
$HOMEDIR/$user/web/$domain/cgi-bin \
$HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \
@ -194,7 +193,7 @@ rebuild_web_domain_conf() {
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
# Set ownership
chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
chown $user:$user $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/private \
$HOMEDIR/$user/web/$domain/cgi-bin \
$HOMEDIR/$user/web/$domain/public_html \
@ -601,7 +600,7 @@ rebuild_pgsql_database() {
exit $E_CONNECT
fi
query="CREATE ROLE $DBUSER WITH LOGIN"
query="CREATE ROLE $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
@ -618,7 +617,7 @@ rebuild_pgsql_database() {
query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
query="GRANT CONNECT ON DATABASE template1 to $dbuser"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
}

1
install/debian/7/nginx/nginx.conf
View file

@ -50,7 +50,6 @@ http {
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 9;
gzip_min_length 512;
gzip_buffers 8 64k;

2
install/debian/7/nginx/phpmyadmin.inc
View file

@ -1,5 +1,5 @@
location /phpmyadmin {
alias /usr/share/phpmyadmin;
alias /usr/share/phpmyadmin/;
location ~ /(libraries|setup) {
return 404;

2
install/debian/7/nginx/phppgadmin.inc
View file

@ -1,5 +1,5 @@
location /phppgadmin {
alias /usr/share/phppgadmin;
alias /usr/share/phppgadmin/;
location ~ ^/phppgadmin/(.*\.php)$ {
alias /usr/share/phppgadmin/$1;

2
install/debian/7/nginx/webmail.inc
View file

@ -1,5 +1,5 @@
location /webmail {
alias /var/lib/roundcube;
alias /var/lib/roundcube/;
location ~ /(config|temp|logs) {
return 404;

1
install/debian/7/pma/apache.conf
View file

@ -15,7 +15,6 @@ Alias /phpmyadmin /usr/share/phpmyadmin
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value sys_temp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
</IfModule>

7
install/debian/7/pma/config.inc.php
View file

@ -137,13 +137,6 @@ if (!empty($dbname)) {
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
/*
* Temp dir for faster beahivour
*
*/
$cfg['TempDir'] = '/tmp';
/* Support additional configurations */
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
{

3
install/debian/7/templates/web/apache2/basedir.stpl
View file

@ -15,9 +15,8 @@
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
</Directory>

1
install/debian/7/templates/web/apache2/basedir.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
</Directory>

1
install/debian/7/templates/web/apache2/default.stpl
View file

@ -17,7 +17,6 @@
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
</Directory>
<Directory %home%/%user%/web/%domain%/stats>

1
install/debian/7/templates/web/apache2/default.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
</Directory>
<Directory %home%/%user%/web/%domain%/stats>

3
install/debian/7/templates/web/apache2/hosting.stpl
View file

@ -22,9 +22,8 @@
php_admin_flag mysql.allow_persistent off
php_admin_flag safe_mode off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
</Directory>
<Directory %home%/%user%/web/%domain%/stats>

2
install/debian/7/templates/web/apache2/hosting.tpl
View file

@ -14,6 +14,7 @@
<Directory %docroot%>
AllowOverride All
Options +Includes -Indexes +ExecCGI
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value upload_max_filesize 10M
php_admin_value max_execution_time 20
php_admin_value post_max_size 8M
@ -23,7 +24,6 @@
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
</Directory>
<Directory %home%/%user%/web/%domain%/stats>

3
install/debian/7/templates/web/apache2/phpcgi.stpl
View file

@ -15,9 +15,8 @@
SSLRequireSSL
AllowOverride All
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php
<Files *.php>

1
install/debian/7/templates/web/apache2/phpcgi.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php
<Files *.php>

3
install/debian/7/templates/web/apache2/phpfcgid.stpl
View file

@ -15,9 +15,8 @@
SSLRequireSSL
AllowOverride All
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
<Files *.php>
SetHandler fcgid-script

1
install/debian/7/templates/web/apache2/phpfcgid.tpl
View file

@ -16,7 +16,6 @@
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value sys_temp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
<Files *.php>
SetHandler fcgid-script

3
install/debian/7/templates/web/nginx/caching.stpl
View file

@ -1,6 +1,7 @@
server {
listen %ip%:%proxy_ssl_port% ssl;
listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;

3
install/debian/7/templates/web/nginx/default.stpl
View file

@ -1,6 +1,7 @@
server {
listen %ip%:%proxy_ssl_port% ssl;
listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;

5
install/debian/7/templates/web/nginx/hosting.stpl
View file

@ -1,6 +1,7 @@
server {
listen %ip%:%proxy_ssl_port% ssl;
listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
@ -30,7 +31,7 @@ server {
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
disable_symlinks if_not_owner from=%sdocroot%;
disable_symlinks if_not_owner from=%docroot%;
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

9
install/debian/7/templates/web/nginx/http2.stpl
View file

@ -1,16 +1,17 @@
server {
listen %ip%:%proxy_ssl_port% ssl http2;
listen %ip%:%proxy_ssl_port% http2;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
error_log /var/log/httpd/domains/%domain%.error.log error;
location / {
proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
access_log /var/log/httpd/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes;
expires max;
try_files $uri @fallback;
}

6
install/debian/7/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server {
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
error_log /var/log/httpd/domains/%domain%.error.log error;
location / {
proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%;
access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
access_log /var/log/httpd/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes;
expires max;
try_files $uri @fallback;
}

22
install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -11,11 +11,6 @@ server {
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico {
log_not_found off;
access_log off;
@ -27,6 +22,11 @@ server {
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
@ -39,7 +39,18 @@ server {
deny all;
}
location / {
try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite;
@ -57,7 +68,6 @@ server {
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;

22
install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -7,11 +7,6 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico {
log_not_found off;
access_log off;
@ -23,6 +18,11 @@ server {
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
@ -35,7 +35,18 @@ server {
deny all;
}
location / {
try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite;
@ -53,7 +64,6 @@ server {
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;

18
install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -11,11 +11,6 @@ server {
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico {
log_not_found off;
access_log off;
@ -27,6 +22,11 @@ server {
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
@ -39,7 +39,14 @@ server {
deny all;
}
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
@ -61,7 +68,6 @@ server {
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;

18
install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -7,11 +7,6 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico {
log_not_found off;
access_log off;
@ -23,6 +18,11 @@ server {
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
@ -35,7 +35,14 @@ server {
deny all;
}
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
@ -57,7 +64,6 @@ server {
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;

17
install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -11,11 +11,6 @@ server {
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico {
log_not_found off;
access_log off;
@ -27,6 +22,11 @@ server {
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
@ -39,13 +39,15 @@ server {
deny all;
}
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
@ -66,7 +68,6 @@ server {
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;

17
install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -7,11 +7,6 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico {
log_not_found off;
access_log off;
@ -23,6 +18,11 @@ server {
access_log off;
}
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
@ -35,13 +35,15 @@ server {
deny all;
}
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
@ -62,7 +64,6 @@ server {
fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;

2
install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl
View file

@ -3,7 +3,7 @@ server {
server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
root %sdocroot%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;

2
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl
View file

@ -1,7 +1,7 @@
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;

89
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl
View file

@ -1,89 +0,0 @@
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

85
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl
View file

@ -1,85 +0,0 @@
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain%.conf*;
}

Some files were not shown because too many files have changed in this diff Show more