bayrepo
/
hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Delete deprecated updates

Browse Source
devel
Alexey Berezhok 9 months ago
parent 8a1db81366
commit 0402e9ac0e
74 changed files with 2 additions and 3358 deletions
Show Stats Download Patch File Download Diff File

30
install/upgrade/versions/0.9.8-29.sh
Unescape View File

@ -1,30 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 0.9.8-28
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Add amd64 to repositories to prevent notifications - https://goo.gl/hmsSV7
if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/nginx.list; then
sed -i s/"deb "/"deb [arch=amd64] "/g /etc/apt/sources.list.d/nginx.list
fi
if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/mariadb.list; then
sed -i s/"deb "/"deb [arch=amd64] "/g /etc/apt/sources.list.d/mariadb.list
fi
# Fix named rule for AppArmor - https://goo.gl/SPqHdq
if [ "$DNS_SYSTEM" = 'bind9' ] && [ ! -f /etc/apparmor.d/local/usr.sbin.named ]; then
echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
fi
# Remove obsolete ports.conf if exists.
if [ -f /usr/local/hestia/data/firewall/ports.conf ]; then
rm -f /usr/local/hestia/data/firewall/ports.conf
fi
# Move clamav to proper location - https://goo.gl/zNuM11
if [ ! -d /usr/local/hestia/web/edit/server/clamav-daemon ]; then
mv /usr/local/hestia/web/edit/server/clamd /usr/local/web/edit/server/clamav-daemon
fi

16
install/upgrade/versions/1.0.1.sh
Unescape View File

@ -1,16 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Remove global options from nginx.conf to prevent conflicts with other web packages
# and remove OCSP SSL stapling from global configuration as it has moved to per-domain availability in this release.
if [ -e /etc/nginx/nginx.conf ]; then
sed -i "/add_header X-Frame-Options SAMEORIGIN;/d" /etc/nginx/nginx.conf
sed -i "/add_header X-Content-Type-Options nosniff;/d" /etc/nginx/nginx.conf
sed -i "/ssl_stapling on;/d" /etc/nginx/nginx.conf
sed -i "/ssl_stapling_verify on;/d" /etc/nginx/nginx.conf
fi

74
install/upgrade/versions/1.0.2.sh
Unescape View File

@ -1,74 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Replace dhparam 1024 with dhparam 4096
echo "[ * ] Increasing Diffie-Hellman Parameter strength to 4096-bit..."
if [ -e /etc/ssl/dhparam.pem ]; then
mv /etc/ssl/dhparam.pem $HESTIA_BACKUP/conf/
fi
cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl/
chmod 600 /etc/ssl/dhparam.pem
# Enhance Vsftpd security
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
echo "[ * ] Hardening Vsftpd SSL configuration..."
cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
sed -i "s|ssl_tlsv1=YES|ssl_tlsv1=NO|g" /etc/vsftpd.conf
fi
# Enhance Dovecot security
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
echo "[ * ] Hardening Dovecot SSL configuration..."
mv /etc/dovecot/conf.d/10-ssl.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA/install/deb/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/
fi
# Update DNS resolvers in hestia-nginx's configuration
echo "[ * ] Updating DNS resolvers for Hestia Internal Web Server..."
dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
for ip in $dns_resolver; do
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
resolver="$ip $resolver"
fi
done
if [ ! -z "$resolver" ]; then
sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
fi
# Remove Webalizer and set AWStats as default
WEBALIZER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep webalizer)
if [ ! -z "$WEBALIZER_CHECK" ]; then
echo "[ * ] Set awstats as default web statistics backend..."
$HESTIA/bin/v-change-sys-config-value 'STATS_SYSTEM' 'awstats'
fi
# Remove old hestia.conf files from Apache & NGINX if they exist
if [ -f "/etc/apache2/conf.d/hestia.conf" ]; then
echo "[ * ] Removing old Apache configuration file from previous version of Hestia Control Panel..."
rm -f /etc/apache2/conf.d/hestia.conf
fi
if [ -f "/etc/httpd/conf.h.d/hestia.conf" ]; then
echo "[ * ] Removing old Apache configuration file from previous version of Hestia Control Panel..."
rm -f /etc/httpd/conf.h.d/hestia.conf
fi
if [ -f "/etc/nginx/conf.d/hestia.conf" ]; then
echo "[ * ] Removing old NGINX configuration file from previous version of Hestia Control Panel..."
rm -f /etc/nginx/conf.d/hestia.conf
fi
# Update webmail templates to enable OCSP/SSL stapling
if [ ! -z "$IMAP_SYSTEM" ]; then
echo "[ * ] Enabling OCSP stapling support for webmail services..."
$BIN/v-update-mail-templates > /dev/null 2>&1
fi
# Enhance webmail security
if [ -e "/etc/nginx/conf.d/webmail.inc" ]; then
cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
fi

7
install/upgrade/versions/1.0.3.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.0.4.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.0.5.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.0.6.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

278
install/upgrade/versions/1.00.0-190618.sh
Unescape View File

@ -1,278 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.00.0-190618
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
if [ "$WEB_SYSTEM" = "httpd" ]; then
confd="conf.h.d"
else
confd="conf.d"
fi
if [ "$PROXY_SYSTEM" = "httpd" ]; then
pconfd="conf.h.d"
else
pconfd="conf.d"
fi
# Add webmail alias variable to system configuration if non-existent
if [ -z "$WEBMAIL_ALIAS" ]; then
echo "[ * ] Updating webmail alias configuration..."
$HESTIA/bin/v-change-sys-config-value 'WEBMAIL_ALIAS' "webmail"
fi
# Update Apache and Nginx configuration to support new file structure
if [ -f /etc/apache2/apache.conf ]; then
echo "[ * ] Updating Apache configuration..."
mv /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/apache2/apache.conf /etc/apache2/apache.conf
fi
if [ -f /etc/nginx/nginx.conf ]; then
echo "[ * ] Updating NGINX configuration..."
mv /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/nginx.conf
fi
# Generate dhparam
if [ ! -e /etc/ssl/dhparam.pem ]; then
echo "[ * ] Enabling HTTPS Strict Transport Security (HSTS) support..."
mv /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/
# Copy dhparam
cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl/
# Update DNS servers in nginx.conf
dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
sed -i "s/1.0.0.1 1.1.1.1/$dns_resolver/g" /etc/nginx/nginx.conf
fi
# Back up default package and install latest version
if [ -d $HESTIA/data/packages/ ]; then
echo "[ * ] Replacing default packages..."
cp -f $HESTIA/data/packages/default.pkg $HESTIA_BACKUP/packages/
fi
# Remove old Office 365 template as there is a newer version with an updated name
if [ -f $HESTIA/data/templates/dns/o365.tpl ]; then
rm -f $HESTIA/data/templates/dns/o365.tpl
fi
# Back up and remove default index.html if it exists
if [ -f /var/www/html/index.html ]; then
mv /var/www/html/index.html $HESTIA_BACKUP/templates/
fi
# Configure default success page and set permissions on CSS, JavaScript, and Font dependencies for unassigned hosts
if [ ! -d /var/www/html ]; then
mkdir -p /var/www/html/
fi
if [ ! -d /var/www/document_errors/ ]; then
mkdir -p /var/www/document_errors/
fi
cp -rf $HESTIA_INSTALL_DIR/templates/web/unassigned/* /var/www/html/
cp -rf $HESTIA_INSTALL_DIR/templates/web/skel/document_errors/* /var/www/document_errors/
chmod 644 /var/www/html/*
chmod 644 /var/www/document_errors/*
for user in $($BIN/v-list-users plain | cut -f1); do
USER_DATA=$HESTIA/data/users/$user
for domain in $($BIN/v-list-web-domains $user plain | cut -f 1); do
WEBFOLDER="/home/$user/web/$domain/public_html"
folderchecksum=$(find "$WEBFOLDER/css" "$WEBFOLDER/js" "$WEBFOLDER/webfonts" -type f -print0 2> /dev/null | sort -z | xargs -r0 cat | md5sum | cut -d" " -f1)
if [ "$folderchecksum" = "926feacc51384fe13598631f9d1360c3" ]; then
rm -rf "$WEBFOLDER/css" "$WEBFOLDER/js" "$WEBFOLDER/webfonts"
fi
unset folderchecksum
unset WEBFOLDER
done
done
folderchecksum=$(find /var/www/html/css /var/www/html/js /var/www/html/webfonts -type f -print0 2> /dev/null | sort -z | xargs -r0 cat | md5sum | cut -d" " -f1)
if [ "$folderchecksum" = "d148d5173e5e4162d7af0a60585392cb" ]; then
rm -rf /var/www/html/css /var/www/html/js /var/www/html/webfonts
fi
unset folderchecksum
# Correct other permissions
if [ -d "/var/cache/bind" ]; then
chown bind:bind /var/cache/bind
fi
if [ -d "/etc/roundcube" ]; then
chmod 640 /etc/roundcube/debian-db*
chown root:www-data /etc/roundcube/debian-db*
fi
# Add a general group for normal users created by Hestia
echo "[ * ] Verifying ACLs and hardening user permissions..."
if [ -z "$(grep ^hestia-users: /etc/group)" ]; then
groupadd --system "hestia-users"
fi
# Make sure non-admin users belong to correct Hestia group
for user in $($BIN/v-list-users plain | cut -f1); do
if [ "$user" != "admin" ]; then
usermod -a -G "hestia-users" "$user"
setfacl -m "u:$user:r-x" "$HOMEDIR/$user"
# Update FTP users groups membership
uid=$(id -u $user)
for ftp_user in $(cat /etc/passwd | grep -v "^$user:" | grep "^$user.*:$uid:$uid:" | cut -d ":" -f1); do
usermod -a -G "hestia-users" "$ftp_user"
done
fi
setfacl -m "g:hestia-users:---" "$HOMEDIR/$user"
done
# Add unassigned hosts configuration to Nginx and Apache
for ipaddr in $($BIN/v-list-sys-ips plain | cut -f1); do
web_conf="/etc/$WEB_SYSTEM/$confd/$ipaddr.conf"
rm -f $web_conf
if [ "$WEB_SYSTEM" = "apache2" ]; then
echo "[ * ] Adding unassigned hosts configuration to Apache..."
if [ -z "$(/usr/sbin/apache2 -v | grep Apache/2.4)" ]; then
echo "NameVirtualHost $ipaddr:$WEB_PORT" > $web_conf
fi
echo "Listen $ipaddr:$WEB_PORT" >> $web_conf
cat $HESTIA_INSTALL_DIR/apache2/unassigned.conf >> $web_conf
sed -i 's/directIP/'$ipaddr'/g' $web_conf
sed -i 's/directPORT/'$WEB_PORT'/g' $web_conf
if [ "$WEB_SSL" = 'mod_ssl' ]; then
if [ -z "$(/usr/sbin/apache2 -v | grep Apache/2.4)" ]; then
sed -i "1s/^/NameVirtualHost $ipaddr:$WEB_SSL_PORT\n/" $web_conf
fi
sed -i "1s/^/Listen $ipaddr:$WEB_SSL_PORT\n/" $web_conf
sed -i 's/directSSLPORT/'$WEB_SSL_PORT'/g' $web_conf
fi
elif [ "$WEB_SYSTEM" = "nginx" ]; then
cp -f $HESTIA_INSTALL_DIR/nginx/unassigned.inc $web_conf
sed -i 's/directIP/'$ipaddr'/g' $web_conf
fi
if [ "$PROXY_SYSTEM" = "nginx" ]; then
echo "[ * ] Adding unassigned hosts configuration to Nginx..."
cat $WEBTPL/$PROXY_SYSTEM/proxy_ip.tpl \
| sed -e "s/%ip%/$ipaddr/g" \
-e "s/%web_port%/$WEB_PORT/g" \
-e "s/%proxy_port%/$PROXY_PORT/g" \
> /etc/$PROXY_SYSTEM/$pconfd/$ipaddr.conf
fi
done
# Cleanup php session files not changed in the last 7 days (60*24*7 minutes)
if [ ! -f /etc/cron.daily/php-session-cleanup ]; then
echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup
echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
fi
chmod 755 /etc/cron.daily/php-session-cleanup
# Fix empty pool error message for MultiPHP
php_versions=$(ls /etc/php/*/fpm -d 2> /dev/null | wc -l)
if [ "$php_versions" -gt 1 ]; then
echo "[ * ] Updating Multi-PHP configuration..."
for v in $($BIN/v-list-sys-php plain); do
if [ ! -d "/etc/php/$v/fpm/pool.d/" ]; then
continue
fi
cp -f $HESTIA_INSTALL_DIR/php-fpm/dummy.conf /etc/php/$v/fpm/pool.d/
v1=$(echo "$v" | sed -e 's/[.]//')
sed -i "s/9999/99$v1/g" /etc/php/$v/fpm/pool.d/dummy.conf
done
fi
# Set Purge to false in Roundcube configuration - https://goo.gl/3Nja3u
echo "[ * ] Updating Roundcube configuration..."
if [ -f /etc/roundcube/config.inc.php ]; then
sed -i "s/\['flag_for_deletion'] = 'Purge';/\['flag_for_deletion'] = false;/gI" /etc/roundcube/config.inc.php
fi
if [ -f /etc/roundcube/defaults.inc.php ]; then
sed -i "s/\['flag_for_deletion'] = 'Purge';/\['flag_for_deletion'] = false;/gI" /etc/roundcube/defaults.inc.php
fi
if [ -f /etc/roundcube/main.inc.php ]; then
sed -i "s/\['flag_for_deletion'] = 'Purge';/\['flag_for_deletion'] = false;/gI" /etc/roundcube/main.inc.php
fi
# Remove old OS-specific installation files if they exist to free up space
if [ -d $HESTIA/install/ubuntu ]; then
echo "[ * ] Removing old HestiaCP installation files for Ubuntu..."
rm -rf $HESTIA/install/ubuntu
fi
if [ -d $HESTIA/install/debian ]; then
echo "[ * ] Removing old HestiaCP installation files for Debian..."
rm -rf $HESTIA/install/debian
fi
# Fix Dovecot configuration
echo "[ * ] Updating Dovecot IMAP/POP server configuration..."
if [ -f /etc/dovecot/conf.d/15-mailboxes.conf ]; then
mv /etc/dovecot/conf.d/15-mailboxes.conf $HESTIA_BACKUP/conf/
fi
if [ -f /etc/dovecot/dovecot.conf ]; then
# Update Dovecot configuration and restart Dovecot service
mv /etc/dovecot/dovecot.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_COMMON_DIR/dovecot/dovecot.conf /etc/dovecot/dovecot.conf
systemctl restart dovecot
sleep 0.5
fi
# Fix Exim configuration
if [ -f /etc/exim4/exim4.conf.template ]; then
echo "[ * ] Updating Exim SMTP server configuration..."
mv /etc/exim4/exim4.conf.template $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim4/exim4.conf.template
# Reconfigure spam filter and virus scanning
if [ ! -z "$ANTISPAM_SYSTEM" ]; then
sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
sed -i "s/#SPAM_SCORE/SPAM_SCORE/g" /etc/exim4/exim4.conf.template
fi
if [ ! -z "$ANTIVIRUS_SYSTEM" ]; then
sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
fi
fi
# Add IMAP system variable to configuration if Dovecot is installed
if [ -z "$IMAP_SYSTEM" ]; then
if [ -f /usr/bin/dovecot ]; then
echo "[ * ] Adding missing IMAP_SYSTEM variable to hestia.conf..."
echo "IMAP_SYSTEM = 'dovecot'" >> $HESTIA/conf/hestia.conf
fi
fi
# Run sftp jail once
$HESTIA/bin/v-add-sys-sftp-jail
# Enable SFTP subsystem for SSH
sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
if [ ! -z "$sftp_subsys_enabled" ]; then
echo "[ * ] Updating SFTP subsystem configuration..."
sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
systemctl restart ssh
fi
# Remove and migrate obsolete object keys
for user in $($BIN/v-list-users plain | cut -f1); do
USER_DATA=$HESTIA/data/users/$user
# Web keys
for domain in $($BIN/v-list-web-domains $user plain | cut -f 1); do
obskey=$(get_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL')
if [ ! -z "$obskey" ]; then
echo "[ * ] Fixing HTTP-to-HTTPS redirection for $domain"
update_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL' ''
# copy value under new key name
add_object_key "web" 'DOMAIN' "$domain" 'SSL_FORCE' 'SSL_HOME'
update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' "$obskey"
fi
unset FORCESSL
done
sed -i "s/\sFORCESSL=''//g" $USER_DATA/web.conf
done

239
install/upgrade/versions/1.1.0.sh
Unescape View File

@ -1,239 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.1.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Set default theme
if [ -z $THEME ]; then
echo "[ * ] Enabling support for themes..."
$BIN/v-change-sys-theme 'default'
fi
# Reduce SSH login grace time
if [ -e /etc/ssh/sshd_config ]; then
echo "[ * ] Hardening SSH daemon configuration..."
sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
fi
# Implement recidive jail for fail2ban
if [ ! -z "$FIREWALL_EXTENSION" ]; then
if ! cat /etc/fail2ban/jail.local | grep -q "\[recidive\]"; then
echo -e "\n\n[recidive]\nenabled = true\nfilter = recidive\naction = hestia[name=HESTIA]\nlogpath = /var/log/fail2ban.log\nmaxretry = 3\nfindtime = 86400\nbantime = 864000" >> /etc/fail2ban/jail.local
fi
fi
# Enable OCSP SSL stapling and harden nginx configuration for roundcube
if [ ! -z "$IMAP_SYSTEM" ]; then
echo "[ * ] Hardening security of Roundcube webmail..."
$BIN/v-update-mail-templates > /dev/null 2>&1
if [ -e /etc/nginx/conf.d/webmail.inc ]; then
cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
fi
fi
# Fix restart queue
if [ -z "$($BIN/v-list-cron-jobs admin | grep 'v-update-sys-queue restart')" ]; then
command="sudo $BIN/v-update-sys-queue restart"
$BIN/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
fi
# Remove deprecated line from ClamAV configuration file
if [ -e "/etc/clamav/clamd.conf" ]; then
clamd_conf_update_check=$(grep DetectBrokenExecutables /etc/clamav/clamd.conf)
if [ ! -z "$clamd_conf_update_check" ]; then
echo "[ * ] Updating ClamAV configuration..."
sed -i '/DetectBrokenExecutables/d' /etc/clamav/clamd.conf
fi
fi
# Remove errornous history.log file created by certain builds due to bug in v-restart-system
if [ -e $HESTIA/data/users/history.log ]; then
rm -f $HESTIA/data/users/history.log
fi
# Use exim4 server hostname instead of mail domain and remove hardcoded mail prefix
if [ ! -z "$MAIL_SYSTEM" ]; then
echo "[ * ] Updating exim configuration..."
if cat /etc/exim4/exim4.conf.template | grep -q 'helo_data = mail.${sender_address_domain}'; then
sed -i 's/helo_data = mail.${sender_address_domain}/helo_data = ${primary_hostname}/g' /etc/exim4/exim4.conf.template
fi
if ! grep -q '^OUTGOING_IP = /' /etc/exim4/exim4.conf.template; then
sed -i '/^OUTGOING_IP/d' /etc/exim4/exim4.conf.template
sed -i 's|^begin acl|OUTGOING_IP = /etc/exim4/domains/$sender_address_domain/ip\nbegin acl|' /etc/exim4/exim4.conf.template
fi
if ! grep -q 'interface =' /etc/exim4/exim4.conf.template; then
sed -i '/interface =/d' /etc/exim4/exim4.conf.template
sed -i 's|dkim_strict = 0|dkim_strict = 0\n interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}|' /etc/exim4/exim4.conf.template
fi
fi
# Members of admin group should be permitted to enter admin folder
if [ -d /home/admin ]; then
setfacl -m "g:admin:r-x" /home/admin
fi
# Fix sftp jail cronjob
if [ -e "/etc/cron.d/hestia-sftp" ]; then
if ! cat /etc/cron.d/hestia-sftp | grep -q 'root'; then
echo "@reboot root /usr/local/hestia/bin/v-add-sys-sftp-jail" > /etc/cron.d/hestia-sftp
fi
fi
# Create default writeable folders for all users
echo "[ * ] Updating default writable folders for all users..."
for user in $($HESTIA/bin/v-list-sys-users plain); do
mkdir -p \
$HOMEDIR/$user/.cache \
$HOMEDIR/$user/.config \
$HOMEDIR/$user/.local \
$HOMEDIR/$user/.composer \
$HOMEDIR/$user/.ssh
chown $user:$user \
$HOMEDIR/$user/.cache \
$HOMEDIR/$user/.config \
$HOMEDIR/$user/.local \
$HOMEDIR/$user/.composer \
$HOMEDIR/$user/.ssh
done
# Remove redundant fail2ban jail
if fail2ban-client status sshd > /dev/null 2>&1; then
fail2ban-client stop sshd > /dev/null 2>&1
if [ -f /etc/fail2ban/jail.d/defaults-debian.conf ]; then
mkdir -p $HESTIA_BACKUP/conf/fail2ban/jail.d
mv /etc/fail2ban/jail.d/defaults-debian.conf $HESTIA_BACKUP/conf/fail2ban/jail.d/
fi
fi
# Update Office 365/Microsoft 365 DNS template
if [ -e "$HESTIA/data/templates/dns/office365.tpl" ]; then
echo "[ * ] Updating DNS template for Office 365..."
cp -f $HESTIA/install/deb/templates/dns/office365.tpl $HESTIA/data/templates/dns/office365.tpl
fi
# Ensure that backup compression level is correctly set
GZIP_LVL_CHECK=$(cat $HESTIA/conf/hestia.conf | grep BACKUP_GZIP)
if [ -z "$GZIP_LVL_CHECK" ]; then
echo "[ * ] Updating backup compression level variable..."
$BIN/v-change-sys-config-value "BACKUP_GZIP" '9'
fi
# Randomize Roundcube des_key for better security
if [ -f "/etc/roundcube/config.inc.php" ]; then
rcDesKey="$(openssl rand -base64 30 | tr -d "/" | cut -c1-24)"
sed -i "s/vtIOjLZo9kffJoqzpSbm5r1r/$rcDesKey/g" /etc/roundcube/config.inc.php
fi
# Place robots.txt to prevent webmail crawling by search engine bots.
if [ -e "/var/lib/roundcube/" ]; then
if [ ! -f "/var/lib/roundcube/robots.txt" ]; then
echo "User-agent: *" > /var/lib/roundcube/robots.txt
echo "Disallow: /" >> /var/lib/roundcube/robots.txt
fi
fi
# Installing postgresql repo
if [ -e "/etc/postgresql" ]; then
echo "[ * ] Enabling native PostgreSQL APT repository..."
osname="$(cat /etc/os-release | grep "^ID\=" | sed "s/ID\=//g")"
if [ "$osname" = "ubuntu" ]; then
codename="$(lsb_release -s -c)"
else
codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))"
fi
echo "deb http://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list
wget --quiet https://www.postgresql.org/media/keys/ACCC4CF8.asc -O /tmp/psql_signing.key
APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/psql_signing.key > /dev/null 2>&1
rm /tmp/psql_signing.key
fi
# Hardening MySQL configuration, prevent local infile.
if [ -e "/etc/mysql/my.cnf" ]; then
mysql_local_infile_check=$(grep local-infile /etc/mysql/my.cnf)
if [ -z "$mysql_local_infile_check" ]; then
echo "[ * ] Hardening MySQL configuration..."
sed -i '/symbolic-links\=0/a\local-infile=0' /etc/mysql/my.cnf
fi
fi
# Hardening nginx configuration, drop TLSv1.1 support.
if [ -e "/etc/nginx/nginx.conf" ]; then
nginx_tls_check=$(grep TLSv1.1 /etc/nginx/nginx.conf)
if [ ! -z "$nginx_tls_check" ]; then
echo "[ * ] Updating nginx security settings - disabling TLS v1.1..."
sed -i 's/TLSv1.1 //g' /etc/nginx/nginx.conf
fi
fi
# Fix logrotate permission bug for nginx
if [ -e "/etc/logrotate/nginx" ]; then
sed -i "s/create 640 nginx adm/create 640/g" /etc/logrotate.d/nginx
fi
# Fix logrotate permission bug for apache
if [ -e "/etc/logrotate/apache2" ]; then
sed -i "s/create 640 root adm/create 640/g" /etc/logrotate.d/apache2
fi
# Repair messed up user log permissions from the logrotate bug. Ignoring errors
for user in $($HESTIA/bin/v-list-users plain | cut -f1); do
for domain in $($HESTIA/bin/v-list-web-domains $user plain | cut -f1); do
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* > /dev/null 2>&1
for sub_domain in $($HESTIA/bin/v-list-web-domain $user $domain plain | cut -f7 | tr ',' '\n'); do
chown root:$user /var/log/$WEB_SYSTEM/domains/$sub_domain.* > /dev/null 2>&1
done
done
done
chown root:root /var/log/$WEB_SYSTEM/domains/$WEBMAIL_ALIAS* > /dev/null 2>&1
# Enable IMAP/POP3 quota information
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
echo "[ * ] Enabling IMAP quota information reporting..."
if [ -e /etc/dovecot/conf.d/20-pop3.conf ]; then
if [ -e /etc/redhat-release ]; then
cp -f $HESTIA/install/rpm/dovecot/conf.d/20-pop3.conf /etc/dovecot/conf.d/20-pop3.conf
else
cp -f $HESTIA/install/deb/dovecot/conf.d/20-pop3.conf /etc/dovecot/conf.d/20-pop3.conf
fi
fi
if [ -e /etc/dovecot/conf.d/20-imap.conf ]; then
if [ -e /etc/redhat-release ]; then
cp -f $HESTIA/install/rpm/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf
else
cp -f $HESTIA/install/deb/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf
fi
fi
if [ -e /etc/dovecot/conf.d/90-quota.conf ]; then
if [ -e /etc/redhat-release ]; then
cp -f $HESTIA/install/deb/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf
else
cp -f $HESTIA/install/deb/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf
fi
fi
fi
# Trigger multiphp legacy migration script
num_php_versions=$(ls -d /etc/php/*/fpm/pool.d 2> /dev/null | wc -l)
if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
echo "[ * ] Enabling modular Multi-PHP backend..."
cp -rf $HESTIA/data/templates/web $HESTIA_BACKUP/templates/web
bash $HESTIA/install/upgrade/manual/migrate_multiphp.sh > /dev/null 2>&1
fi
# Disable global subfolder alias for webmail in favor of subdomain
if [ -e /etc/nginx/conf.d/webmail.inc ]; then
rm -f /etc/nginx/conf.d/webmail.inc
fi
if [ -e /etc/apache2/conf.d/roundcube.conf ]; then
rm -f /etc/apache2/conf.d/roundcube.conf
fi
if [ -e /etc/httpd/conf.h.d/roundcube.conf ]; then
rm -f /etc/httpd/conf.h.d/roundcube.conf
fi

20
install/upgrade/versions/1.1.1.sh
Unescape View File

@ -1,20 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.1.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Remove 5s delay when sending mail through exim4
if [ -e "/etc/exim4/exim4.conf.template" ]; then
echo "[ * ] Updating exim4 configuration..."
sed -i "s|rfc1413_query_timeout = 5s|rfc1413_query_timeout = 0s|g" /etc/exim4/exim4.conf.template
fi
# Fix phpMyAdmin blowfish and tmp directory issues
if [ -e "/usr/share/phpmyadmin/libraries/vendor_config.php" ]; then
echo "[ * ] Updating phpMyAdmin configuration..."
sed -i "s|define('CONFIG_DIR', ROOT_PATH);|define('CONFIG_DIR', '/etc/phpmyadmin/');|" /usr/share/phpmyadmin/libraries/vendor_config.php
sed -i "s|define('TEMP_DIR', ROOT_PATH . 'tmp/');|define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');|" /usr/share/phpmyadmin/libraries/vendor_config.php
fi

219
install/upgrade/versions/1.2.0.sh
Unescape View File

@ -1,219 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Check iptables paths and add symlinks when necessary
if [ ! -e "/sbin/iptables" ]; then
if which iptables; then
ln -s "$(which iptables)" /sbin/iptables
elif [ -e "/usr/sbin/iptables" ]; then
ln -s /usr/sbin/iptables /sbin/iptables
elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables; then
autoiptables=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables | cut -d '' -f 2)
if [ -x "$autoiptables" ]; then
ln -s "$autoiptables" /sbin/iptables
fi
fi
fi
if [ ! -e "/sbin/iptables-save" ]; then
if which iptables-save; then
ln -s "$(which iptables-save)" /sbin/iptables-save
elif [ -e "/usr/sbin/iptables-save" ]; then
ln -s /usr/sbin/iptables-save /sbin/iptables-save
elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save; then
autoiptables_save=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save | cut -d '' -f 2)
if [ -x "$autoiptables_save" ]; then
ln -s "$autoiptables_save" /sbin/iptables-save
fi
fi
fi
if [ ! -e "/sbin/iptables-restore" ]; then
if which iptables-restore; then
ln -s "$(which iptables-restore)" /sbin/iptables-restore
elif [ -e "/usr/sbin/iptables-restore" ]; then
ln -s /usr/sbin/iptables-restore /sbin/iptables-restore
elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore; then
autoiptables_restore=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore | cut -d '' -f 2)
if [ -x "$autoiptables_restore" ]; then
ln -s "$autoiptables_restore" /sbin/iptables-restore
fi
fi
fi
if [ -e "/etc/apache2/mods-enabled/status.conf" ]; then
sed -i '/Allow from all/d' /etc/apache2/mods-enabled/status.conf
fi
# Add sury apache2 repository
if [ "$WEB_SYSTEM" = "apache2" ] && [ ! -e "/etc/apt/sources.list.d/apache2.list" ]; then
echo "[ * ] Configuring sury.org Apache2 repository..."
# Check OS and install related repository
if [ -e "/etc/os-release" ]; then
type=$(grep "^ID=" /etc/os-release | cut -f 2 -d '=')
if [ "$type" = "ubuntu" ]; then
codename="$(lsb_release -s -c)"
echo "deb http://ppa.launchpad.net/ondrej/apache2/ubuntu $codename main" > /etc/apt/sources.list.d/apache2.list
elif [ "$type" = "debian" ]; then
codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))"
echo "deb https://packages.sury.org/apache2/ $codename main" > /etc/apt/sources.list.d/apache2.list
wget --quiet https://packages.sury.org/apache2/apt.gpg -O /tmp/apache2_signing.key
APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/apache2_signing.key > /dev/null 2>&1
fi
fi
fi
# Roundcube fixes for PHP 7.4 compatibility
if [ -d /usr/share/roundcube ]; then
echo "[ * ] Updating Roundcube configuration..."
[ -f "/usr/share/roundcube/plugins/enigma/lib/enigma_ui.php" ] && sed -i 's/$identities, "\\n"/"\\n", $identities/g' /usr/share/roundcube/plugins/enigma/lib/enigma_ui.php
[ -f "/usr/share/roundcube/program/lib/Roundcube/rcube_contacts.php" ] && sed -i 's/(array_keys($post_search), \x27|\x27)/(\x27|\x27, array_keys($post_search))/g' /usr/share/roundcube/program/lib/Roundcube/rcube_contacts.php
[ -f "/usr/share/roundcube/program/lib/Roundcube/rcube_db.php" ] && sed -i 's/implode($name, \x27.\x27)/implode(\x27.\x27, $name)/g' /usr/share/roundcube/program/lib/Roundcube/rcube_db.php
[ -f "/usr/share/roundcube/program/steps/addressbook/search.inc" ] && sed -i 's/$fields, \x27,\x27/\x27,\x27, $fields/g' /usr/share/roundcube/program/steps/addressbook/search.inc
[ -f "/usr/share/roundcube/program/steps/addressbook/search.inc" ] && sed -i 's/implode($fields, \x27,\x27)/implode(\x27,\x27, $fields)/g' /usr/share/roundcube/program/steps/addressbook/search.inc
[ -f "/usr/share/roundcube/program/steps/mail/sendmail.inc" ] && sed -i 's/implode($bstyle, \x27; \x27)/implode(\x27; \x27, $bstyle)/g' /usr/share/roundcube/program/steps/mail/sendmail.inc
fi
# Enable Roundcube plugins
if [ -d /usr/share/roundcube ]; then
cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_newmail_notifier.inc.php /etc/roundcube/plugins/newmail_notifier/config.inc.php
cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_zipdownload.inc.php /etc/roundcube/plugins/zipdownload/config.inc.php
[ -f "/etc/roundcube/config.inc.php" ] && sed -i "s/array('password')/array('password','newmail_notifier','zipdownload')/g" /etc/roundcube/config.inc.php
fi
# HELO support for multiple domains and IPs
if [ -e "/etc/exim4/exim4.conf.template" ]; then
echo "[ * ] Updating exim4 configuration..."
sed -i 's|helo_data = ${primary_hostname}|helo_data = ${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{$sender_address_domain}lsearch*{\/etc\/exim4\/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}|g' /etc/exim4/exim4.conf.template
fi
# Add daily midnight cron
if [ -z "$($BIN/v-list-cron-jobs admin | grep 'v-update-sys-queue daily')" ]; then
echo "[ * ] Updating cron jobs..."
command="sudo $BIN/v-update-sys-queue daily"
$BIN/v-add-cron-job 'admin' '01' '00' '*' '*' '*' "$command"
fi
[ ! -f "touch $HESTIA/data/queue/daily.pipe" ] && touch $HESTIA/data/queue/daily.pipe
# Remove existing network-up hooks so they get regenerated when updating the firewall
# - network hook will also restore ipset config during start-up
if [ -f "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks" ]; then
rm "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
$BIN/v-update-firewall
fi
if [ -f "/etc/network/if-pre-up.d/iptables" ]; then
rm "/etc/network/if-pre-up.d/iptables"
$BIN/v-update-firewall
fi
# Add hestia-event.conf, if the server is running apache2
if [ "$WEB_SYSTEM" = "apache2" ]; then
echo "[ * ] Updating Apache2 configuration..."
# Cleanup
rm --force /etc/apache2/mods-available/hestia-event.conf
rm --force /etc/apache2/mods-enabled/hestia-event.conf
rm --force /etc/apache2/conf-available/hestia-event.conf
rm --force /etc/apache2/conf-enabled/hestia-event.conf
if [ $(a2query -M) = 'event' ] && [ ! -e "/etc/apache2/conf.d/hestia-event.conf" ]; then
cp -f $HESTIA_INSTALL_DIR/apache2/hestia-event.conf /etc/apache2/conf.d/
fi
# Move apache mod_status config to /mods-available and rename it to prevent losing changes on upgrade
cp -f $HESTIA_INSTALL_DIR/apache2/status.conf /etc/apache2/mods-available/hestia-status.conf
cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load
a2dismod --quiet status > /dev/null 2>&1
a2enmod --quiet hestia-status > /dev/null 2>&1
rm --force /etc/apache2/mods-enabled/status.conf # a2dismod will not remove the file if it isn't a symlink
fi
# Install File Manager during upgrade if environment variable oesn't already exist and isn't set to false
# so that we don't override preference
FILE_MANAGER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep "FILE_MANAGER='false'")
if [ -z "$FILE_MANAGER_CHECK" ]; then
if [ ! -e "$HESTIA/web/fm/configuration.php" ]; then
echo "[ ! ] Installing File Manager..."
# Install the File Manager
$HESTIA/bin/v-add-sys-filemanager quiet
else
echo "[ * ] Updating File Manager configuration..."
# Update configuration.php
cp -f $HESTIA_INSTALL_DIR/filemanager/filegator/configuration.php $HESTIA/web/fm/configuration.php
# Set environment variable for interface
$HESTIA/bin/v-change-sys-config-value 'FILE_MANAGER' 'true'
fi
fi
# Enable nginx module loading
if [ -f "/etc/nginx/nginx.conf" ]; then
echo "[ * ] Updating NGINX configuration..."
if [ ! -d "/etc/nginx/modules-enabled" ]; then
mkdir -p "/etc/nginx/modules-enabled"
fi
if ! grep --silent "include /etc/nginx/modules-enabled" /etc/nginx/nginx.conf; then
sed -i '/^pid/ a include /etc/nginx/modules-enabled/*.conf;' /etc/nginx/nginx.conf
fi
fi
# Fix public_(s)html group ownership
echo "[ * ] Updating public_(s)html ownership..."
for user in $($HESTIA/bin/v-list-sys-users plain); do
# skip users with missing home folder
[[ -d /home/${user}/ ]] || continue
# skip users without web domains
ls /home/${user}/web/*/public_*html > /dev/null 2>&1 || continue
chown --silent --no-dereference :www-data /home/$user/web/*/public_*html
done
# Fix phpMyAdmin blowfish_secret error message due to incorrect permissions
if [ -e /var/lib/phpmyadmin/blowfish_secret.inc.php ]; then
echo "[ * ] Updating phpMyAdmin permissions..."
chmod 0644 /var/lib/phpmyadmin/blowfish_secret.inc.php
fi
# Ensure that backup compression level is correctly set
GZIP_LVL_CHECK=$(cat $HESTIA/conf/hestia.conf | grep BACKUP_GZIP)
if [ -z "$GZIP_LVL_CHECK" ]; then
echo "[ * ] Updating backup compression level variable..."
$BIN/v-change-sys-config-value "BACKUP_GZIP" '9'
fi
# Update phpMyAdmin/phpPgAdmin templates and set missing alias variables if necessary
if [ -e "/var/lib/phpmyadmin" ]; then
PMA_ALIAS_CHECK=$(cat $HESTIA/conf/hestia.conf | grep DB_PMA_ALIAS)
if [ -z "$PMA_ALIAS_CHECK" ]; then
echo "[ * ] Updating phpMyAdmin alias..."
$HESTIA/bin/v-change-sys-db-alias "pma" "phpMyAdmin"
else
echo "[ * ] Updating phpMyAdmin configuration..."
$HESTIA/bin/v-change-sys-db-alias "pma" "$DB_PMA_ALIAS"
fi
fi
if [ -e "/var/lib/phppgadmin" ]; then
PGA_ALIAS_CHECK=$(cat $HESTIA/conf/hestia.conf | grep DB_PGA_ALIAS)
if [ -z "$PGA_ALIAS_CHECK" ]; then
echo "[ * ] Updating phpPgAdmin alias..."
$HESTIA/bin/v-change-sys-db-alias "pga" "phpPgAdmin"
else
echo "[ * ] Updating phpPgAdmin configuration..."
$HESTIA/bin/v-change-sys-db-alias "pga" "$DB_PGA_ALIAS"
fi
fi
# Ensure that backup compression level is correctly set
GZIP_LVL_CHECK=$(cat $HESTIA/conf/hestia.conf | grep BACKUP_GZIP)
if [ -z "$GZIP_LVL_CHECK" ]; then
echo "[ * ] Updating backup compression level variable..."
$BIN/v-change-sys-config-value "BACKUP_GZIP" '9'
fi

7
install/upgrade/versions/1.2.1.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

48
install/upgrade/versions/1.2.2.sh
Unescape View File

@ -1,48 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Enhance Vsftpd security
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
echo "[ ! ] Hardening Vsftpd TLS configuration..."
if [ -e /etc/vsftpd.conf ]; then
rm -f /etc/vsftpd.conf
fi
cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
chmod 644 /etc/vsftpd.conf
fi
# Rework apt repositories
apt="/etc/apt/sources.list.d"
echo "[ * ] Hardening APT repositories..."
if [ -f "$apt/nginx.list" ]; then
if grep -q "http://nginx.org/packages/mainline/" $apt/nginx.list; then
echo " ----- NGINX"
sed -i "s/http\:\/\/nginx.org/https\:\/\/nginx.org/g" $apt/nginx.list
fi
fi
if [ -f "$apt/php.list" ]; then
if grep -q "http://packages.sury.org/" $apt/php.list; then
echo " ----- PHP"
sed -i "s/http\:\/\/packages.sury.org/https\:\/\/packages.sury.org/g" $apt/php.list
fi
fi
if [ -f "$apt/mariadb.list" ]; then
if grep -q "http://ams2.mirrors.digitalocean.com" $apt/mariadb.list; then
echo " ----- MariaDB"
sed -i "s/http\:\/\/ams2.mirrors.digitalocean.com/https\:\/\/mirror.mva-n.net/g" $apt/mariadb.list
fi
fi
if [ -f "$apt/postgresql.list" ]; then
if grep -q "http://apt.postgresql.org" $apt/postgresql.list; then
echo " ----- PostgreSQL"
sed -i "s/http\:\/\/apt.postgresql.org/https\:\/\/apt.postgresql.org/g" $apt/postgresql.list
fi
fi

7
install/upgrade/versions/1.2.3.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

76
install/upgrade/versions/1.3.0.sh
Unescape View File

@ -1,76 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Add NPM to the default writeable folder list
echo "[ * ] Updating default writable folders for all users..."
for user in $($HESTIA/bin/v-list-sys-users plain); do
mkdir -p \
$HOMEDIR/$user/.npm
chown $user:$user \
$HOMEDIR/$user/.npm
done
# Add default SSL Certificate config when ip is visited
if [ "$PROXY_SYSTEM" = "nginx" ]; then
echo "[ * ] Updating nginx configuration..."
while read IP; do
rm /etc/nginx/conf.d/$IP.conf
cat $WEBTPL/$PROXY_SYSTEM/proxy_ip.tpl \
| sed -e "s/%ip%/$IP/g" \
-e "s/%web_port%/$WEB_PORT/g" \
-e "s/%proxy_port%/$PROXY_PORT/g" \
-e "s/%proxy_ssl_port%/$PROXY_SSL_PORT/g" \
> /etc/$PROXY_SYSTEM/conf.d/$IP.conf
done < <(ls $HESTIA/data/ips/)
fi
if [ "$FTP_SYSTEM" == "proftpd" ]; then
echo "[ * ] Updating ProFTPd TLS configuration..."
if [ -e /etc/proftpd/proftpd.conf ]; then
rm /etc/proftpd/proftpd.conf
fi
if [ -e /etc/proftpd/tls.conf ]; then
rm /etc/proftpd/tls.conf
fi
cp -f $HESTIA_INSTALL_DIR/proftpd/proftpd.conf /etc/proftpd/
cp -f $HESTIA_INSTALL_DIR/proftpd/tls.conf /etc/proftpd/
fi
# Update exim configuration
if [ -e "/etc/exim4/exim4.conf.template" ]; then
echo "[ * ] Updating exim4 configuration..."
sed -i 's/${if match {${lc:$mime_filename}}{\\N(\\.ade|\\.adp|\\.bat|\\.chm|\\.cmd|\\.com|\\.cpl|\\.exe|\\.hta|\\.ins|\\.isp|\\.jse|\\.lib|\\.lnk|\\.mde|\\.msc|\\.msp|\\.mst|\\.pif|\\.scr|\\.sct|\\.shb|\\.sys|\\.vb|\\.vbe|\\.vbs|\\.vxd|\\.wsc|\\.wsf|\\.wsh)$\\N}{1}{0}}/${if match {${lc:$mime_filename}}{\\N(\\.ace|\\.ade|\\.adp|\\.app|\\.arj|\\.asp|\\.aspx|\\.asx|\\.bas|\\.bat|\\.cab|\\.cer|\\.chm|\\.cmd|\\.cnt|\\.com|\\.cpl|\\.crt|\\.csh|\\.der|\\.diagcab|\\.dll|\\.efi|\\.exe|\\.fla|\\.fon|\\.fxp|\\.gadget|\\.grp|\\.hlp|\\.hpj|\\.hta|\\.htc|\\.img|\\.inf|\\.ins|\\.iso|\\.isp|\\.its|\\.jar|\\.jnlp|\\.js|\\.jse|\\.ksh|\\.lib|\\.lnk|\\.mad|\\.maf|\\.mag|\\.mam|\\.maq|\\.mar|\\.mas|\\.mat|\\.mau|\\.mav|\\.maw|\\.mcf|\\.mda|\\.mdb|\\.mde|\\.mdt|\\.mdw|\\.mdz|\\.msc|\\.msh|\\.msh1|\\.msh1xml|\\.msh2|\\.msh2xml|\\.mshxml|\\.msi|\\.msp|\\.mst|\\.msu|\\.ops|\\.osd|\\.pcd|\\.pif|\\.pl|\\.plg|\\.prf|\\.prg|\\.printerexport|\\.ps1|\\.ps1xml|\\.ps2|\\.ps2xml|\\.psc1|\\.psc2|\\.psd1|\\.psdm1|\\.pst|\\.py|\\.pyc|\\.pyo|\\.pyw|\\.pyz|\\.pyzw|\\.reg|\\.scf|\\.scr|\\.sct|\\.sfx|\\.shb|\\.shs|\\.swf|\\.sys|\\.theme|\\.tmp|\\.ttf|\\.url|\\.vb|\\.vba|\\.vbe|\\.vbp|\\.vbs|\\.vhd|\\.vhdx|\\.vsmacros|\\.vsw|\\.vxd|\\.webpnp|\\.website|\\.wim|\\.ws|\\.wsc|\\.wsf|\\.wsh|\\.xbap|\\.xll|\\.xnk)$\\N}{1}{0}}/g' /etc/exim4/exim4.conf.template
fi
# Restrict access to /proc fs
if [ ! -e "/etc/cron.d/hestia-proc" ]; then
echo "[ * ] Restricting access to /proc fs..."
mount -o remount,defaults,hidepid=2 /proc > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "[ ! ] WARNING: Cannot remount /proc (LXC containers require additional permissions be added to host apparmor profile)"
else
echo "@reboot root sleep 5 && mount -o remount,defaults,hidepid=2 /proc" > /etc/cron.d/hestia-proc
fi
fi
# Change backup mode to zstd.
echo "[ * ] Setting zstd backup compression type as default..."
$BIN/v-change-sys-config-value "BACKUP_MODE" "zstd"
# Set LOGIN_STYLE variable in hestia.conf
echo "[ * ] Updating configuration file: hestia.conf..."
$BIN/v-change-sys-config-value "LOGIN_STYLE" "default"
# Remove old lanugage files.
if [ -e $HESTIA/web/inc/i18n/en.php ]; then
echo "[ * ] Performing language library clean-up..."
rm -fr $HESTIA/web/inc/i18n
fi

21
install/upgrade/versions/1.3.1.sh
Unescape View File

@ -1,21 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Remove duplicate values in U_SYS_USERS variable for ips
for ip in $($BIN/v-list-sys-ips plain | cut -f1); do
current_usr=$(grep "U_SYS_USERS=" $HESTIA/data/ips/$ip | cut -f 2 -d \')
new_usr=$(echo "$current_usr" \
| sed "s/,/\n/g" \
| sort -u \
| sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$new_usr" ]; then
sed -i "s/U_SYS_USERS='$current_usr'/U_SYS_USERS='$new_usr'/g" $HESTIA/data/ips/$ip
fi
done

7
install/upgrade/versions/1.3.2.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

21
install/upgrade/versions/1.3.3.sh
Unescape View File

@ -1,21 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Check if keys folder exists and adjust permissions
if [ -d "$HESTIA/data/keys" ]; then
echo '[ * ] Update permissions'
chmod 750 "$HESTIA/data/keys"
chown admin:root "$HESTIA/data/keys"
fi
if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
echo '[ * ] Create global Hestia config'
mkdir -p /etc/hestiacp
echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
fi

17
install/upgrade/versions/1.3.4.sh
Unescape View File

@ -1,17 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
echo '[ * ] Updating System Administrator account permissions...'
$HESTIA/bin/v-change-user-role admin admin
# Send end-of-life notification to admin user on servers running Ubuntu 16.04
if [ "$OS_TYPE" = "Ubuntu" ]; then
if [ "$OS_VERSION" = '16.04' ]; then
$HESTIA/bin/v-add-user-notification admin 'IMPORTANT: End of support for Ubuntu 16.04 LTS' '<b>Hestia Control Panel no longer supports Ubuntu 16.04 LTS</b>, as a result your server will no longer receive upgrades or security patches after <b>v1.3.4</b>.<br><br>Please upgrade to a supported operating system.'
fi
fi

198
install/upgrade/versions/1.4.0.sh
Unescape View File

@ -1,198 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Add support for nginx FastCGI cache (standalone)
if [ -e "/etc/nginx/nginx.conf" ]; then
check=$(cat /etc/nginx/nginx.conf | grep 'fastcgi_cache_path')
if [ -z "$check" ]; then
echo "[ * ] Enabling nginx FastCGI cache support..."
sed -i 's/# Cache bypass/# FastCGI cache\n fastcgi_cache_path \/var\/cache\/nginx\/micro levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=30m;\n fastcgi_cache_key \"$scheme$request_method$host$request_uri\";\n fastcgi_cache_methods GET HEAD;\n fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;\n fastcgi_ignore_headers Cache-Control Expires Set-Cookie;\n add_header X-FastCGI-Cache \$upstream_cache_status;\n\n # Cache bypass/g' /etc/nginx/nginx.conf
sed -i 's/ fastcgi_cache_lock_timeout 5s;/ fastcgi_cache_lock_timeout 5s;\n fastcgi_cache_background_update on;\n fastcgi_cache_revalidate on;/g' /etc/nginx/nginx.conf
fi
fi
if [ -e "/etc/nginx/nginx.conf" ]; then
echo "[ * ] Updating nginx configuration with changes to Cloudflare IP addresses"
sed -i 's/ set_real_ip_from 104.16.0.0\/12;/ set_real_ip_from 104.16.0.0\/13;\n set_real_ip_from 104.24.0.0\/14;/g' /etc/nginx/nginx.conf
fi
# Populating HELO/SMTP Banner for existing IPs
if [ "$MAIL_SYSTEM" == "exim4" ]; then
# Check if we've already done this upgrade before proceeding
if ! grep -q ^smtp_active_hostname /etc/exim4/exim4.conf.template; then
source $HESTIA/func/ip.sh
echo "[ * ] Populating HELO/SMTP Banner value for existing IP addresses..."
> /etc/exim4/mailhelo.conf
for ip in $($BIN/v-list-sys-ips plain | cut -f1); do
helo=$(is_ip_rdns_valid $ip)
if [ ! -z "$helo" ]; then
$BIN/v-change-sys-ip-helo $ip $helo
fi
done
# Update exim configuration
echo "[ * ] Updating exim4 configuration..."
# Add new smtp_active_hostname variable to exim config
sed -i '/^smtp_banner = \$smtp_active_hostname$/a smtp_active_hostname = ${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{$interface_address}lsearch{\/etc\/exim4\/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}' /etc/exim4/exim4.conf.template
# Lookup HELO address by sending ip instead of sending domain
sed -i 's/helo_data = \${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{\$sender_address_domain}lsearch\*{\/etc\/exim4\/mailhelo.conf}{\$value}{\$primary_hostname}}}{\$primary_hostname}}/helo_data = ${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{$sending_ip_address}lsearch{\/etc\/exim4\/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}/' /etc/exim4/exim4.conf.template
fi
fi
# Upgrading Mail System
if [ "$MAIL_SYSTEM" == "exim4" ]; then
if ! grep -q "send_via_smtp_relay" /etc/exim4/exim4.conf.template; then
echo '[ * ] Enabling SMTP relay support...'
if grep -q "driver = plaintext" /etc/exim4/exim4.conf.template; then
disable_smtp_relay=true
echo '[ ! ] ERROR: SMTP Relay upgrade failed:'
echo ''
echo 'Because of the complexity of the SMTP Relay upgrade,'
echo 'we were unable to safely modify your existing exim config file.'
echo 'If you would like to use the new SMTP Relay features,'
echo 'you will have to replace or modify your config with the one found'
echo 'on GitHub at https://github.com/hestiacp/hestiacp/blob/release/install/deb/exim/exim4.conf.template.'
echo 'Your exim config file will be found here: /etc/exim4/exim4.conf.template'
$HESTIA/bin/v-add-user-notification admin 'SMTP Relay upgrade failed' 'Because of the complexity of the SMTP Relay upgrade, we were unable to safely modify your existing exim config file.<br><br>If you would like to use the new SMTP Relay features, you will have to replace or modify your config with the one <a href="https://github.com/hestiacp/hestiacp/blob/release/install/deb/exim/exim4.conf.template" target="_blank">found on GitHub</a>.<br><br>Your exim config file will be found here:<br><br><code>/etc/exim4/exim4.conf.template</code>'
else
disable_smtp_relay=false
fi
# Add smtp relay macros to exim config
insert='SMTP_RELAY_FILE = ${if exists{/etc/exim4/domains/${sender_address_domain}/smtp_relay.conf}{/etc/exim4/domains/$sender_address_domain/smtp_relay.conf}{/etc/exim4/smtp_relay.conf}}\n\SMTP_RELAY_HOST=${lookup{host}lsearch{SMTP_RELAY_FILE}}\n\SMTP_RELAY_PORT=${lookup{port}lsearch{SMTP_RELAY_FILE}}\n\SMTP_RELAY_USER=${lookup{user}lsearch{SMTP_RELAY_FILE}}\n\SMTP_RELAY_PASS=${lookup{pass}lsearch{SMTP_RELAY_FILE}}\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/ACL CONFIGURATION/=' /etc/exim4/exim4.conf.template) - 1)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
# Add smtp relay authenticator
insert='smtp_relay_login:\n\ driver = plaintext\n\ public_name = LOGIN\n\ hide client_send = : SMTP_RELAY_USER : SMTP_RELAY_PASS\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/begin authenticators/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
# Add smtp relay router
insert='send_via_smtp_relay:\n\ driver = manualroute\n\ address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT\n\ domains = !+local_domains\n\ require_files = SMTP_RELAY_FILE\n\ transport = smtp_relay_smtp\n\ route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}\n\ no_more\n\ no_verify\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/begin routers/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
# Add smtp relay transport
insert='smtp_relay_smtp:\n\ driver = smtp\n\ hosts_require_auth = $host_address\n\ hosts_require_tls = $host_address\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/begin transports/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
fi
fi
# Set default webmail system for mail domains
if [ -n "$WEBMAIL_SYSTEM" ]; then
for user in $($BIN/v-list-users plain | cut -f1); do
for domain in $($BIN/v-list-mail-domains $user plain | cut -f1); do
$BIN/v-add-mail-domain-webmail $user $domain '' no
done
done
fi
# Fix PostgreSQL repo
if [ -f /etc/apt/sources.list.d/postgresql.list ]; then
echo "[ * ] Updating PostgreSQL repository..."
sed -i 's|deb https://apt.postgresql.org/pub/repos/apt/|deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/|g' /etc/apt/sources.list.d/postgresql.list
fi
# Remove API file if API is set to "no"
if [ "$API" = "no" ]; then
if [ -f "$HESTIA/web/api/index.php" ]; then
echo "[ * ] Disabling API access..."
$HESTIA/bin/v-change-sys-api remove
fi
fi
# Back up users existing configuration data to $HESTIA/conf/defaults/hestia.conf
if [ ! -f "$HESTIA/conf/defaults/hestia.conf" ]; then
echo "[ * ] Creating known good configuration data for system recovery..."
if [ ! -d "$HESTIA/conf/defaults/" ]; then
mkdir -p "$HESTIA/conf/defaults/"
fi
cp -f $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
fi
if [ -f "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks" ]; then
echo "[ * ] Fix potenial issue with multiple network adapters and netplan..."
rm "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
$BIN/v-update-firewall
fi
# Consolidate nginx (standalone) templates used by active websites
if [ "$WEB_SYSTEM" = "nginx" ]; then
echo "[ * ] Consolidating nginx templates for Drupal & CodeIgniter..."
sed -i "s|TPL='drupal6'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='drupal7'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='drupal8'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='codeigniter2'|TPL='codeigniter'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='codeigniter3'|TPL='codeigniter'|g" $HESTIA/data/users/*/web.conf
fi
# Remove outdated nginx templates
echo "[ * ] Removing outdated nginx templates..."
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal6.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal7.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal8.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/codeigniter2.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/codeigniter3.*tpl
# Clean up old Hestia controlled webapps
if [ -d "$HESTIA/web/images/webapps/" ]; then
echo "[ * ] Clean up old web apps code..."
rm -rf $HESTIA/web/images/webapps/
rm -rf $HESTIA/web/src/app/WebApp/Installers/LaravelSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/OpencartSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/PrestashopSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/SymfonySetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/WordpressSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/Joomla
fi
# Update ClamAV configuration file
if [ -f "/etc/clamav/clamd.conf" ]; then
cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/clamav/
$HESTIA/bin/v-add-user-notification admin 'ClamAV config has been overwritten' 'Warning: If you have manualy changed /etc/clamav/clamd.conf and any changes you made will be lost an backup has been created in the /root/hst_backups folder with the original config. If you have not changed the config file you can ignore this message'
fi
##### COMMANDS FOR V1.5.X
# Back up default package and install latest version
if [ -d $HESTIA/data/packages/ ]; then
echo "[ * ] Migrating legacy default package for all users..."
$HESTIA/bin/v-rename-user-package default custom > /dev/null 2>&1
echo "[ * ] Replacing default package..."
cp -f $HESTIA_INSTALL_DIR/packages/default.pkg $HESTIA/data/packages/
fi

7
install/upgrade/versions/1.4.1.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.4.10.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.10
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

27
install/upgrade/versions/1.4.11.sh
Unescape View File

@ -1,27 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.11
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Fix the potential issue of loading firewall rules
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Updating firewall configuration..."
# Just in case, delete the legacy version loading script again to prevent any residue
rm -f /usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks /etc/network/if-pre-up.d/iptables
# The firewall rules are loading by Systemd, the old loading script is no longer needed
rm -f /usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables /etc/network/if-pre-up.d/hestia-iptables
$BIN/v-update-firewall
fi
if [ -f "/etc/exim4/exim4.conf.template" ]; then
test=$(grep 'require_files = ${local_part}:+${home}/.forward' /etc/exim4/exim4.conf.template)
if [ -z "$test" ]; then
echo "[ * ] Fix bug where email send to news@domain.com is handled by /var/spool/news"
insert="\ require_files = \${local_part}:+\${home}/.forward\n\ domains = +local_domains"
line=$(expr $(sed -n '/userforward/=' /etc/exim4/exim4.conf.template) + 1)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
fi
fi

16
install/upgrade/versions/1.4.12.sh
Unescape View File

@ -1,16 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.12
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
if [ "$exim_version" = "4.94" ]; then
echo "[ ! ] Fixing issue with Exim 4.94 (#2087 - Unable send email)..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's|OUTGOING_IP = /etc/exim4/domains/$sender_address_domain/ip|OUTGOING_IP = /etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/ip|g' /etc/exim4/exim4.conf.template
sed -i 's|SMTP_RELAY_FILE = ${if exists{/etc/exim4/domains/${sender_address_domain}/smtp_relay.conf}{/etc/exim4/domains/$sender_address_domain/smtp_relay.conf}{/etc/exim4/smtp_relay.conf}}|SMTP_RELAY_FILE = ${if exists{/etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/smtp_relay.conf}{/etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/smtp_relay.conf}{/etc/exim4/smtp_relay.conf}}|g' /etc/exim4/exim4.conf.template
fi
fi

51
install/upgrade/versions/1.4.13.sh
Unescape View File

@ -1,51 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.13
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
servername=$(hostname -f)
# Check if hostname is valid according to RFC1178
if [[ $(echo "$servername" | grep -o "\." | wc -l) -lt 2 ]] || [[ $servername =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "[ * ] Hostname does not follow RFC1178 standard Please check email send regarding the update!"
add_upgrade_message "We've noticed that you're using a invalid hostname. Please have a look at the RFC1178 standard (https://datatracker.ietf.org/doc/html/rfc1178) and use a valid one (ex. hostname.domain.tld). You can change the hostname using v-change-sys-hostname and also add a ssl certificate using v-add-letsencypt-host (proper dns A record mandatory). You'll find more informations in our documentation: https://hestiacp.com/docs/server-administration/ssl-certificates.html#how-to-setup-let-s-encrypt-for-the-control-panel"
$HESTIA/bin/v-add-user-notification admin "Invalid Hostname detected" "Warning: We've noticed that you're using a invalid hostname. Please have a look at the <a href=\"https://datatracker.ietf.org/doc/html/rfc1178\" target=\"_blank\">RFC1178 standard</a> and use a valid one (ex. hostname.domain.tld). You can change the hostname using v-change-sys-hostname and also add a ssl certificate using v-add-letsencypt-host (proper dns A record mandatory). You'll find more informations in our <a href=\"https://hestiacp.com/docs/server-administration/ssl-certificates.html#how-to-setup-let-s-encrypt-for-the-control-panel\" target=\"_blank\">documentation</a>."
fi
# Empty $HESTIA/ssl/mail/ due to bug in #2066
if [ -e "$HESTIA/ssl/mail/" ]; then
rm -fr $HESTIA/ssl/mail/*
fi
# Reset PMA SSO
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Updating hestia-sso for phpMyAdmin..."
$BIN/v-delete-sys-pma-sso
$BIN/v-add-sys-pma-sso
fi
# Loading firewall rules Systemd unit needs update. #2100
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Updating loading firewall configuration..."
$BIN/v-delete-sys-firewall
$BIN/v-add-sys-firewall
fi
# Remove old files/folders from previous versions of Hestia Control Panel
if [ -d "$HESTIA/web/edit/file/" ]; then
rm -fr $HESTIA/web/edit/file/
fi
if [ -d "$HESTIA/web/edit/server/theme/" ]; then
rm -fr $HESTIA/web/edit/server/theme/
fi

21
install/upgrade/versions/1.4.14.sh
Unescape View File

@ -1,21 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.14
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -f "/etc/network/interfaces" ] && [ -f "/etc/netplan/60-hestia.yaml" ]; then
add_upgrade_message "Warning: Please check your network configuration!\n\nDuring this update network compatibility issues were detected. Both /etc/network/interfaces and /etc/netplan/60-hestia.yaml exist which can lead to issues after a system reboot. Please review your network configuration."
$HESTIA/bin/v-add-user-notification admin "WARNING: Invalid network configuration detected\n\nDuring this update network compatibility issues were detected. Both /etc/network/interfaces and /etc/netplan/60-hestia.yaml exist which can lead to issues after a system reboot. Please review your network configuration."
fi

29
install/upgrade/versions/1.4.15.sh
Unescape View File

@ -1,29 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.15
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
if [ "$exim_version" = "4.94" ]; then
echo "[ ! ] Updating Exim configuration..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's|file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}.msg|file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg|g' /etc/exim4/exim4.conf.template
sed -i 's| from = "${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"| from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"|g' /etc/exim4/exim4.conf.template
fi
fi

20
install/upgrade/versions/1.4.16.sh
Unescape View File

@ -1,20 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.16
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi

20
install/upgrade/versions/1.4.17.sh
Unescape View File

@ -1,20 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.17
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass trough information to the end user incase of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### to the upgrade email. Please add it using: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi

29
install/upgrade/versions/1.4.2.sh
Unescape View File

@ -1,29 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Optimize loading firewall rules
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Fix the issue of loading firewall rules..."
# Add rule to ensure the rule will be added when we update the firewall / /etc/iptables.rules
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
rm -f /usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks /etc/network/if-pre-up.d/iptables
$BIN/v-update-firewall
fi
# Fix potential issue of updating to Nginx 1.21.0
if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
default_conf="/etc/nginx/conf.d/default.conf"
nginx_conf="/etc/nginx/nginx.conf"
[ -f "${default_conf}" ] && mv -f ${default_conf} ${default_conf}.dpkg-dist
[ -f "${default_conf}.dpkg-new" ] && mv -f ${default_conf}.dpkg-new ${default_conf}.dpkg-dist
[ -f "${nginx_conf}.dpkg-new" ] && mv -f ${nginx_conf}.dpkg-new ${nginx_conf}.dpkg-dist
[ -f "${nginx_conf}.dpkg-old" ] && mv -f ${nginx_conf} ${nginx_conf}.dpkg-dist \
&& rm -f ${nginx_conf}.dpkg-old \
&& cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/
fi

20
install/upgrade/versions/1.4.3.sh
Unescape View File

@ -1,20 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Improve generate and loading firewall rules
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Fix the issue of generate firewall rules..."
$BIN/v-update-firewall
fi
# Reset PMA SSO
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Refressh hestia-sso for PMA..."
$BIN/v-delete-sys-pma-sso
$BIN/v-add-sys-pma-sso
fi

37
install/upgrade/versions/1.4.4.sh
Unescape View File

@ -1,37 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
if [ -d "/etc/nginx/conf.d/" ]; then
#Add nginx user_agent separation to desktop/mobile
cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
fi
if [ -d "/etc/phpmyadmin/" ]; then
echo "[ * ] Secure PHPmyAdmin"
# limit access to /etc/phpmyadmin/ and /usr/share/phpmyadmin/tmp and so on
chown -R root:www-data /etc/phpmyadmin/
chmod -R 640 /etc/phpmyadmin/*
if [ -d "/etc/phpmyadmin/conf.d/" ]; then
chmod 750 /etc/phpmyadmin/conf.d/
fi
if [ -d "/var/lib/phpmyadmin/tmp" ]; then
chown root:www-data /usr/share/phpmyadmin/tmp
chmod 770 /usr/share/phpmyadmin/tmp
fi
if [ -d "/var/lib/phpmyadmin/tmp" ]; then
chmod 770 /var/lib/phpmyadmin/tmp
chown root:www-data /usr/share/phpmyadmin/tmp
fi
fi
# Reset PMA SSO to fix bug with Nginx + Apache2
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Refressh hestia-sso for PMA..."
$BIN/v-delete-sys-pma-sso quiet
$BIN/v-add-sys-pma-sso quiet
fi

7
install/upgrade/versions/1.4.5.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

12
install/upgrade/versions/1.4.6.sh
Unescape View File

@ -1,12 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
rm -rf /usr/share/phpmyadmin/tmp/*
fi

11
install/upgrade/versions/1.4.7.sh
Unescape View File

@ -1,11 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
if [ -n "$DB_PGA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pga' "$DB_PGA_ALIAS"
fi

28
install/upgrade/versions/1.4.8.sh
Unescape View File

@ -1,28 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.8
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
echo "[ * ] Configuring PHPMailer..."
$HESTIA/bin/v-add-sys-phpmailer quiet
matches=$(grep -o 'ENFORCE_SUBDOMAIN_OWNERSHIP' $HESTIA/conf/hestia.conf | wc -l)
if [ "$matches" -gt 1 ]; then
echo "[ * ] Removing double matches ENFORCE_SUBDOMAIN_OWNERSHIP key"
source $HESTIA/conf/hestia.conf
sed -i "/ENFORCE_SUBDOMAIN_OWNERSHIP='$ENFORCE_SUBDOMAIN_OWNERSHIP'/d" $HESTIA/conf/hestia.conf
$HESTIA/bin/v-change-sys-config-value "ENFORCE_SUBDOMAIN_OWNERSHIP" "$ENFORCE_SUBDOMAIN_OWNERSHIP"
fi
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
version=$(dovecot --version | cut -f -2 -d .)
if [ "$version" = "2.3" ]; then
echo "[ * ] Update dovecot config to sync with 2.3 settings"
sed -i 's|ssl_dh_parameters_length = 4096|#ssl_dh_parameters_length = 4096|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_dh = </etc/ssl/dhparam.pem|ssl_dh = </etc/ssl/dhparam.pem|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl_protocols = !SSLv3 !TLSv1|ssl_min_protocol=TLSv1.1|g' /etc/dovecot/conf.d/10-ssl.conf
fi
fi

7
install/upgrade/versions/1.4.9.sh
Unescape View File

@ -1,7 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.9
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

89
install/upgrade/versions/1.5.0.sh
Unescape View File

@ -1,89 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'true'
if [ -n "$DB_PMA_ALIAS" ]; then
if [ -e "/etc/apache2/conf.d/phpmyadmin.conf" ]; then
rm /etc/apache2/conf.d/phpmyadmin.conf
touch /etc/apache2/conf.d/phpmyadmin.inc
fi
if [ -e "/etc/httpd/conf.h.d/phpmyadmin.conf" ]; then
rm /etc/httpd/conf.h.d/phpmyadmin.conf
touch /etc/httpd/conf.h.d/phpmyadmin.inc
fi
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi
if [ -n "$DB_PGA_ALIAS" ]; then
if [ -e "/etc/apache2/conf.d/phppgadmin.conf" ]; then
rm /etc/apache2/conf.d/phppgadmin.conf
touch /etc/apache2/conf.d/phppgadmin.inc
fi
if [ -e "/etc/httpd/conf.h.d/phppgadmin.conf" ]; then
rm /etc/httpd/conf.h.d/phppgadmin.conf
touch /etc/httpd/conf.h.d/phppgadmin.inc
fi
$HESTIA/bin/v-change-sys-db-alias 'pga' "$DB_PGA_ALIAS"
fi
if [ -n "$MAIL_SYSTEM" ]; then
echo "[ ! ] Updating Exim configuration..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's/^smtp_active_hostname = \${if exists {\/etc\/exim4\/mailhelo\.conf}{\${lookup{\$interface_address}lsearch{\/etc\/exim4\/mailhelo\.conf}{\$value}{\$primary_hostname}}}{\$primary_hostname}}$/smtp_active_hostname = \${lookup dnsdb{>: ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
sed -i 's/^ helo_data = \${if exists {\/etc\/exim4\/mailhelo\.conf}{\${lookup{\$sending_ip_address}lsearch{\/etc\/exim4\/mailhelo\.conf}{\$value}{\$primary_hostname}}}{\$primary_hostname}}$/ helo_data = \${lookup dnsdb{>: ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
# When 1.5.0 beta was installed
sed -i 's/^smtp_active_hostname = \${lookup dnsdb{ptr=\$interface_address}{\$value}{\$primary_hostname}}$/smtp_active_hostname = \${lookup dnsdb{>: ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
sed -i 's/^ helo_data = \${lookup dnsdb{ptr=\$sending_ip_address}{\$value}{\$primary_hostname}}$/ helo_data = \${lookup dnsdb{>: ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
fi
# Clean up legacy mailhelo file
rm -f /etc/${MAIL_SYSTEM}/mailhelo.conf
# Clean up legacy ip variable
for ip in $($BIN/v-list-sys-ips plain | cut -f1); do
sed '/^HELO/d' $HESTIA/data/ips/$ip > /dev/null
done
fi
if [ -L "/var/log/hestia" ]; then
echo "[ ! ] Updating log file location: /usr/local/hestia/log/* to /var/log/hestia/..."
rm /var/log/hestia
mkdir -p /var/log/hestia
cp /usr/local/hestia/log/* /var/log/hestia/
rm -rf /usr/local/hestia/log
ln -s /var/log/hestia /usr/local/hestia/log
touch /var/log/hestia/auth.log /var/log/hestia/error.log /var/log/hestia/system.log /var/log/hestia/nginx-error.log /var/log/hestia/nginx-access.log
fi
if [ -d "/var/log/roundcube" ]; then
chown www-data:root /var/log/roundcube
chmod 751 /var/log/roundcube
fi
if [ -d "/etc/roundcube" ]; then
chmod 644 /etc/roundcube/defaults.inc.php
chmod 644 /etc/roundcube/mimetypes.php
fi

56
install/upgrade/versions/1.5.1.sh
Unescape View File

@ -1,56 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'true'
RHOST='apt.hestiacp.com'
codename="$(lsb_release -s -c)"
if [ -z "$codename" ]; then
codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))"
fi
architecture="$(arch)"
case $architecture in
x86_64)
ARCH="amd64"
;;
aarch64)
ARCH="arm64"
;;
*) ;;
esac
chmod +x $HESTIA/install/deb/
echo "[ * ] Updating hestia apt configuration..."
sed -i "s|deb https://$RHOST/ $codename main|deb [arch=$ARCH] https://$RHOST/ $codename main|g" /etc/apt/sources.list.d/hestia.list
if [ -n "$IMAP_SYSTEM" ]; then
echo "[ * ] Updating dovecot configuration..."
sed -i "s/mail_plugins = \$mail_plugins sieve/mail_plugins = \$mail_plugins quota sieve/g" /etc/dovecot/conf.d/15-lda.conf
fi
if [ -n "$MAIL_SYSTEM" ]; then
echo "[ ! ] Updating Exim configuration..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's/^smtp_active_hostname = \${lookup dnsdb{>: ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}$/smtp_active_hostname = \${lookup dnsdb{>: defer_never,ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
sed -i 's/^ helo_data = \${lookup dnsdb{>: ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}$/ helo_data = \${lookup dnsdb{>: defer_never,ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
fi
fi

40
install/upgrade/versions/1.5.10.sh
Unescape View File

@ -1,40 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.10
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# shellcheck source=/usr/local/hestia/func/db.sh
source $HESTIA/func/db.sh
if [ -n "$(echo $DB_SYSTEM | grep -w mysql)" ]; then
mysql_connect 'localhost'
version=$(mysql --defaults-file=/usr/local/hestia/conf/.mysql.localhost -e 'SELECT VERSION()')
mysql_version=$(echo $version | grep -o -E '[0-9]*.[0-9].[0-9]+' | head -n1)
mysql_version2=$(echo $mysql_version | grep -o -E '[0-9]*.[0-9]' | head -n1)
if [ "$mysql_version2" = "10.6" ]; then
test=$(mysql -e "select * from mysql.global_priv;" | grep root | grep unix_socket)
if [ -z "$test" ]; then
echo "[ ! ] Updating MariaDB permissions to fix startup issue "
mysql --defaults-file=/usr/local/hestia/conf/.mysql.localhost -e "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';"
fi
fi
fi

50
install/upgrade/versions/1.5.11.sh
Unescape View File

@ -1,50 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.11
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
PORT=$(cat $HESTIA/nginx/conf/nginx.conf | grep "listen" | sed 's/[^0-9]*//g')
if [ "$PORT" != "8083" ]; then
# Update F2B chains config
if [ -f "$HESTIA/data/firewall/chains.conf" ]; then
# Update value in chains.conf
sed -i "s/PORT='8083'/PORT='$PORT'/g" $HESTIA/data/firewall/chains.conf
fi
# Restart services
if [ -n "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != no ]; then
$HESTIA/bin/v-stop-firewall
$HESTIA/bin/v-update-firewall
fi
fi
# Fix Roundcube logdir permission
if [ -d "/var/log/roundcube" ]; then
chown www-data:www-data /var/log/roundcube
fi
# Fix bug in nginx.conf for proxy cache
if [ -d "/etc/nginx/nginx.conf" ]; then
echo "[ ! ] Fixed an issue with proxy cache and redirects"
sed -i 's/proxy_cache_key "$host$request_uri $cookie_user";/proxy_cache_key "$scheme$request_method$host$request_uri";/g' /etc/nginx/nginx.conf
fi

22
install/upgrade/versions/1.5.2.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

22
install/upgrade/versions/1.5.3.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

22
install/upgrade/versions/1.5.4.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

103
install/upgrade/versions/1.5.5.sh
Unescape View File

@ -1,103 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Update php-fpm.conf
for version in $($BIN/v-list-sys-php plain); do
cp -f $HESTIA_INSTALL_DIR/php-fpm/php-fpm.conf /etc/php/$version/fpm/
sed -i "s/fpm_v/$version/g" /etc/php/$version/fpm/php-fpm.conf
done
echo "[ * ] Updating apt keyring configuration..."
mkdir -p /root/.gnupg && chmod 700 /root/.gnupg
if [ ! -f "/usr/share/keyrings/nginx-keyring.gpg" ]; then
# Get Architecture
architecture="$(arch)"
case $architecture in
x86_64)
ARCH="amd64"
;;
aarch64)
ARCH="arm64"
;;
*)
echo " [ ! ] Unsuported architectrue"
;;
esac
#Get OS details
os=$(grep "^ID=" /etc/os-release | cut -f 2 -d '=')
codename="$(lsb_release -s -c)"
release="$(lsb_release -s -r)"
mariadb_v=$(mysql -V | awk 'NR==1{print $5}' | head -c 4)
RHOST='apt.hestiacp.com'
apt="/etc/apt/sources.list.d"
if [ -f "$apt/nginx.list" ]; then
rm $apt/nginx.list
echo " [ * ] NGINX"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$os/ $codename nginx" > $apt/nginx.list
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1
fi
if [ "$os" = "debian" ]; then
if [ -f "$apt/php.list" ]; then
rm $apt/php.list
echo " [ * ] PHP"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/php/ $codename main" > $apt/php.list
curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/sury-keyring.gpg > /dev/null 2>&1
fi
if [ -f "$apt/apache2.list" ]; then
rm $apt/apache2.list
echo " [ * ] Apache2"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/apache2-keyring.gpg] https://packages.sury.org/apache2/ $codename main" > $apt/apache2.list
curl -s https://packages.sury.org/apache2/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/apache2-keyring.gpg > /dev/null 2>&1
fi
fi
if [ -f "$apt/mariadb.list" ]; then
rm $apt/mariadb.list
echo " [ * ] MariaDB"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://mirror.mva-n.net/mariadb/repo/$mariadb_v/$os $codename main" > $apt/mariadb.list
curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1
fi
if [ -f "$apt/hestia.list" ]; then
rm $apt/hestia.list
echo " [ * ] Hestia"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/hestia-keyring.gpg] https://$RHOST/ $codename main" > $apt/hestia.list
gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
apt-key del A189E93654F0B0E5 > /dev/null 2>&1
fi
if [ -f "$apt/postgresql.list" ]; then
rm $apt/postgresql.list
echo "[ * ] PostgreSQL"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
curl -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /usr/share/keyrings/postgresql-keyring.gpg > /dev/null 2>&1
fi
fi
if [ ! -f "$HESTIA/data/packages/system.pkg" ]; then
echo "[ * ] Install default system package."
cp -f $HESTIA/install/deb/packages/system.pkg $HESTIA/data/packages/system.pkg
fi

27
install/upgrade/versions/1.5.6.sh
Unescape View File

@ -1,27 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
echo "[ * ] Refresh Hostname SSL..."
hostname=$(hostname)
user=$($HESTIA/bin/v-search-domain-owner "$hostname")
$HESTIA/bin/v-update-host-certificate "$user" "$hostname"

22
install/upgrade/versions/1.5.7.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

33
install/upgrade/versions/1.5.8.sh
Unescape View File

@ -1,33 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.8
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
echo "[ * ] Create .gnupg directory..."
mkdir -p /root/.gnupg/ && chmod 700 /root/.gnupg/
echo "[ * ] Ensure jail is enabled for sftp or ftp users..."
shells="rssh|nologin"
for user in $(grep "$HOMEDIR" /etc/passwd | egrep "$shells" | cut -f 1 -d:); do
if [ -d "$HESTIA/data/users/$user" ]; then
$BIN/v-add-user-sftp-jail "$user" "no" > /dev/null 2>&1
fi
done

22
install/upgrade/versions/1.5.9.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.9
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

133
install/upgrade/versions/1.6.0.sh
Unescape View File

@ -1,133 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Delete compsoser to force update to composer v2
rm -fr /home/admin/.composer
if [ "$MAIL_SYSTEM" = "exim4" ]; then
echo "[ * ] Update exim4 config to support rate limits"
# Upgrade config exim for custom limits
sed -i '115,250 s/ratelimit = 200 \/ 1h \/ $authenticated_id/ set acl_c_msg_limit = \${if exists{\/etc\/exim4\/domains\/\${lookup{\$sender_address_domain}dsearch{\/etc\/exim4\/domains\/}}\/limits} {\${extract{1}{:}{\${lookup{\$sender_address_local_part@\$sender_address_domain}lsearch{\/etc\/exim4\/domains\/\${lookup{\$sender_address_domain}dsearch{\/etc\/exim4\/domains\/}}\/limits}}}}} {\${readfile{\/etc\/exim4\/limit.conf}}} }\n ratelimit = \$acl_c_msg_limit \/ 1h \/ strict\/ \$authenticated_id/g' /etc/exim4/exim4.conf.template
sed -i '115,250 s/warn ratelimit = 100 \/ 1h \/ strict \/ $authenticated_id/warn ratelimit = ${eval:$acl_c_msg_limit \/ 2} \/ 1h \/ strict \/ $authenticated_id/g' /etc/exim4/exim4.conf.template
# Add missing limit.conf file
cp $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/limit.conf
cp $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/system.filter
acl=$(cat /etc/exim4/exim4.conf.template | grep "set acl_m3")
if [ -z "$acl" ]; then
echo "[ * ] Add support for optional rejecting spam"
sed -i 's/ warn set acl_m1 = no/ warn set acl_m1 = no \n set acl_m3 = no/g' /etc/exim4/exim4.conf.template
sed -i 's| set acl_m1 = yes| set acl_m1 = yes \n warn condition = \${if exists {/etc/exim4/domains/\$domain/reject_spam}{yes}{no}} \n set acl_m3 = yes|g' /etc/exim4/exim4.conf.template
sed -i 's| message = SpamAssassin detected spam (from \$sender_address to \$recipients).| message = SpamAssassin detected spam (from $sender_address to $recipients).\n\n # Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled\n deny message = This message scored \$spam_score spam points\n spam = debian-spamd:true \n condition = \${if eq{\$acl_m3}{yes}{yes}{no}} \n condition = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}} |g' /etc/exim4/exim4.conf.template
fi
if ! grep -q "send_via_unauthenticated_smtp_relay" /etc/exim4/exim4.conf.template; then
echo '[ * ] Enabling SMTP relay support...'
# Add smtp relay router
insert='send_via_unauthenticated_smtp_relay:\n driver = manualroute\n address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT\n domains = !+local_domains\n require_files = SMTP_RELAY_FILE\n condition = ${if eq{SMTP_RELAY_USER}{}}\n transport = remote_smtp\n route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}\n no_more\n no_verify\n'
line=$(expr $(sed -n '/begin routers/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
fi
fi
if [ -f "/etc/dovecot/conf.d/10-ssl.conf" ]; then
sed -i 's|ssl_min_protocol = TLSv1.1|ssl_min_protocol = TLSv1.2|' /etc/dovecot/conf.d/10-ssl.conf
if ! grep -q "!TLSv1.1" /etc/dovecot/conf.d/10-ssl.conf; then
sed -i 's|ssl_protocols = !SSLv3 !TLSv1|ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1|' /etc/dovecot/conf.d/10-ssl.conf
fi
fi
if [ -f "/etc/default/spamassassin" ]; then
echo "[ * ] Enable Samassassin Cronjob"
sed -i "s/#CRON=1/CRON=1/" /etc/default/spamassassin
fi
# Adding LE autorenew cronjob if there are none
if [ -z "$(grep v-update-lets $HESTIA/data/users/admin/cron.conf)" ]; then
min=$(generate_password '012345' '2')
hour=$(generate_password '1234567' '1')
command="sudo $BIN/v-update-letsencrypt-ssl"
$BIN/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command"
fi
# Add apis if they don't exist
# Changes have been made make sure to overwrite them to prevent issues in the future
cp -rf $HESTIA_INSTALL_DIR/api $HESTIA/data/
# Update Cloudflare address
if [ -f /etc/nginx/nginx.conf ] && [ "$(grep 'set_real_ip_from 2405:8100::/32' /etc/nginx/nginx.conf)" = "" ]; then
echo "[ * ] Updating nginx configuration with changes to Cloudflare IP addresses"
sed -i "/#set_real_ip_from 2405:b500::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2606:4700::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2803:f800::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2c0f:f248::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2a06:98c0::\/29;/d" /etc/nginx/nginx.conf
sed -i "s/#set_real_ip_from 2400:cb00::\/32;/# set_real_ip_from 2400:cb00::\/32;\n # set_real_ip_from 2606:4700::\/32;\n # set_real_ip_from 2803:f800::\/32;\n # set_real_ip_from 2405:b500::\/32;\n # set_real_ip_from 2405:8100::\/32;\n # set_real_ip_from 2a06:98c0::\/29;\n # set_real_ip_from 2c0f:f248::\/32;/g" /etc/nginx/nginx.conf
fi
if [ -n "$PHPMYADMIN_KEY" ]; then
echo "[ * ] Refresh PMA SSO key due to update phpmyadmin"
$BIN/v-delete-sys-pma-sso quiet
$BIN/v-add-sys-pma-sso quiet
fi
#Fixed an issue with Exim4 and Ubutnu22.04 in beta version
release=$(lsb_release -sr)
if [ "$release" = "22.04" ]; then
if [ -d "/etc/exim4/" ]; then
rm -fr /etc/exim4/exim.conf.template
cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.94.template /etc/exim4/exim4.conf.template
if [ "$ANTIVIRUS_SYSTEM" = 'clamav-daemon' ]; then
sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
fi
if [ "$ANTISPAM_SYSTEM" = 'spamassassin' ]; then
sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
fi
fi
fi
# Mute output v-add-sys-sftp-jail out put then enabling sftp on boot
if [ -f "/etc/cron.d/hestia-sftp" ]; then
rm /etc/cron.d/hestia-sftp
echo "@reboot root sleep 60 && /usr/local/hestia/bin/v-add-sys-sftp-jail > /dev/null" > /etc/cron.d/hestia-sftp
fi
ips=$(ls /usr/local/hestia/data/ips/ | wc -l)
release=$(lsb_release -s -i)
if [ $release = 'Ubuntu' ]; then
if [ $ips -gt 1 ]; then
add_upgrade_message "Warning: Please check your network configuration!\n\n A bug has been discovered that might affect your setup and can lead to issues after a system reboot. Please review your network configuration. See https://github.com/hestiacp/hestiacp/pull/2612#issuecomment-1135571835 for more info regarding this issue!"
$HESTIA/bin/v-add-user-notification admin "Warning: Please check your network configuration!\n\n A bug has been discovered that might affect your setup and can lead to issues after a system reboot. Please review your network configuration. <a href='https://github.com/hestiacp/hestiacp/pull/2612#issuecomment-1135571835'>More info</a>"
fi
fi
if [ -d /etc/phpmyadmin/conf.d ]; then
for file in /etc/phpmyadmin/conf.d/*; do
if [ -z "$(grep -i 'information_schema' $file)" ]; then
echo "[ * ] Update phpMyAdmin server configuration"
echo "\$cfg['Servers'][\$i]['hide_db'] = 'information_schema';" >> $file
fi
done
fi

51
install/upgrade/versions/1.6.1.sh
Unescape View File

@ -1,51 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Fix exim rate limit send issue
if [ "$MAIL_SYSTEM" = "exim4" ]; then
acl=$(cat /etc/exim4/exim4.conf.template | grep '${extract{1}{:}{${lookup{$sender_address_local_part@$sender_address_domain}')
if [ ! -z "$acl" ]; then
echo "[ * ] Fixed an issue with rate limits and alias mail addresses"
sed -i 's/${extract{1}{:}{${lookup{$sender_address_local_part@$sender_address_domain}/${extract{1}{:}{${lookup{$authenticated_id}/' /etc/exim4/exim4.conf.template
fi
spamscore=$(cat /etc/exim4/exim4.conf.template | grep 'SPAM_REJECT_SCORE =')
if [ -z "$spamscore" ]; then
echo "[ * ] Fixed an issue reject spam not working properly."
sed -i '/SPAM_SCORE = .*/a SPAM_REJECT_SCORE = 100' /etc/exim4/exim4.conf.template
sed -i '/ set acl_m1 = yes/a warn condition = ${if exists {/etc/exim4/domains/$domain/reject_spam}{yes}{no}}\n set acl_m3 = yes' /etc/exim4/exim4.conf.template
fi
fi
# With setup from installer
if [ -f "/etc/apt/sources.list.d/hestia-beta.list" ]; then
echo "[ ! ] Change to stable release!"
rm /etc/apt/sources.list.d/hestia-beta.list
sed -i 's/#//g' /etc/apt/sources.list.d/hestia.list
fi
check=$(cat /etc/apt/sources.list.d/hestia.list | grep "beta.hestiacp.com")
if [ ! -z "$check" ]; then
echo "[ ! ] Change to stable release!"
sed -i '/beta.hestiacp.com/d' /etc/apt/sources.list.d/hestia.list
sed -i 's/#//g' /etc/apt/sources.list.d/hestia.list
fi

25
install/upgrade/versions/1.6.10.sh
Unescape View File

@ -1,25 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.9
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Delete all tmp files create by hestia that are left in place
rm -fr /tmp/vst*

33
install/upgrade/versions/1.6.12.sh
Unescape View File

@ -1,33 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.12
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f "/etc/fail2ban/jail.local" ]; then
sed -i "s|/var/log/mysql.log|/var/log/mysql/error.log|g" /etc/fail2ban/jail.local
fi
# Fixed firewall loading failed after reboot, applying update to hestia-iptables Systemd unit.
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Update loading firewall rules service..."
$BIN/v-delete-sys-firewall
$BIN/v-add-sys-firewall
fi

22
install/upgrade/versions/1.6.13.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.13
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

29
install/upgrade/versions/1.6.14.sh
Unescape View File

@ -1,29 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.14
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Clean up firewall rules restore file.
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
add_upgrade_message "About iptables rules [non-urgent]\n\nJust in case, if you added custom iptables rules in an unsupported way, they may have been lost.\n\nSee this issue to learn more:\nhttps://github.com/hestiacp/hestiacp/issues/3128"
echo "[ * ] Clean up firewall rules restore file..."
$BIN/v-update-firewall
fi

38
install/upgrade/versions/1.6.2.sh
Unescape View File

@ -1,38 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ "$MAIL_SYSTEM" == "exim4" ]; then
alc=$(cat /etc/exim4/exim4.conf.template | grep '${lookup{${domain:$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits')
if [ -z "$alc" ]; then
sed -i 's| set acl_c_msg_limit|#string1\n#replaceme|' /etc/exim4/exim4.conf.template
sed -i '/#replaceme/d' /etc/exim4/exim4.conf.template
sed -i 's|#string1|set acl_c_msg_limit = \${if exists{/etc/exim4/domains/\${lookup{\${domain:\$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits}{\${lookup {\$authenticated_id} lsearch{/etc/exim4/domains/\${lookup{${domain:\$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits}{\$value}{\${readfile{/etc/exim4/limit.conf}}}}}{\${readfile{/etc/exim4/limit.conf}}} }|g' /etc/exim4/exim4.conf.template
fi
system_filter=$(cat /etc/exim4/exim4.conf.template | grep 'system_filter')
if [ -z "$system_filter" ]; then
sed -i '/SMTP_RELAY_PASS = \${lookup{pass}lsearch{SMTP_RELAY_FILE}}/a #shouldberemoved\n# Custom Filter\nsystem_filter = \/etc\/exim4\/system.filter\nsystem_filter_user = Debian-exim' /etc/exim4/exim4.conf.template
# Keep the spacing between the reley_pass and Custom Filter we need to insert a dummy text and remove it later on
sed -i 's/#shouldberemoved//g' /etc/exim4/exim4.conf.template
fi
fi

30
install/upgrade/versions/1.6.3.sh
Unescape View File

@ -1,30 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ "$MAIL_SYSTEM" == "exim4" ]; then
host=$(cat /etc/exim4/exim4.conf.template | grep hosts_try_fastopen)
if [ -z "$host" ]; then
echo "[ * ] Fix an issue with sending large attachments to Google / Gmail"
sed -i '/dkim_strict = .*/a hosts_try_fastopen = !*.l.google.com' /etc/exim4/exim4.conf.template
fi
fi

22
install/upgrade/versions/1.6.4.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

22
install/upgrade/versions/1.6.5.sh
Unescape View File

@ -1,22 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

30
install/upgrade/versions/1.6.6.sh
Unescape View File

@ -1,30 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f "/etc/roundcube/config.inc.php" ]; then
if [ -n "$(grep 'ssl://localhost' /etc/roundcube/config.inc.php)" ]; then
# Echo prepare for 1.6.0 update
sed -i "s|ssl://localhost|localhost|g" /etc/roundcube/config.inc.php
sed -i "s|993|143|g" /etc/roundcube/config.inc.php
fi
fi

30
install/upgrade/versions/1.6.7.sh
Unescape View File

@ -1,30 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f "/etc/roundcube/config.inc.php" ]; then
sed -i "s/\$config\['auto_create_user'] = false;/\$config\['auto_create_user'] = true;/g" /etc/roundcube/config.inc.php
sed -i "s/\$config\['prefer_html'] = false;/\$config\['prefer_html'] = true;/g" /etc/roundcube/config.inc.php
#For older installs
sed -i "s/\$config\['default_host']/\$config\['imap_host']/g" /etc/roundcube/config.inc.php
fi

46
install/upgrade/versions/1.6.8.sh
Unescape View File

@ -1,46 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version unreleased
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f /etc/nginx/nginx.conf ]; then
sed -i "s/fastcgi_buffers 4 256k;/fastcgi_buffers 8 256k;/g" /etc/nginx/nginx.conf
fi
# Sync up config files #2819
if [ -f "/etc/roundcube/config.inc.php" ]; then
sed -i "s/?>//" /etc/roundcube/config.inc.php
sed -i "s/?>//" /etc/roundcube/mimetypes.php
fi
for version in $($HESTIA/bin/v-list-sys-php plain); do
# Increase max upload and max post size
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 100M/g" /etc/php/$version/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 100M/g" /etc/php/$version/fpm/php.ini
sed -i "s/max_execution_time = 30$/max_execution_time = 60/g" /etc/php/$version/fpm/php.ini
done
if [ -d /etc/roundcube ]; then
if [ ! -f /etc/logrotate.d/roundcube ]; then
echo "[ * ] Create config roundcube logrotate file"
cp -f $HESTIA_INSTALL_DIR/logrotate/roundcube /etc/logrotate.d/
fi
fi

28
install/upgrade/versions/1.6.9.sh
Unescape View File

@ -1,28 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version unreleased
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Update api key permissions
if [ -f "$HESTIA/data/api/sync-dns-cluster" ]; then
rm $HESTIA/data/api/sync-dns-cluster
cp $HESTIA/install/deb/api/sync-dns-cluster $HESTIA/data/api/sync-dns-cluster
fi

121
install/upgrade/versions/1.7.0.sh
Unescape View File

@ -1,121 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
# load config because we need to know if proftpd is installed
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/ip.sh
source $HESTIA/func/ip.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Make sure to sync install quoteshell arg
if [ "$FILE_MANAGER" = "true" ]; then
echo "[ * ] Force update filemanager..."
$HESTIA/bin/v-delete-sys-filemanager quiet
$HESTIA/bin/v-add-sys-filemanager quiet
fi
packages=$(ls --sort=time $HESTIA/data/packages | grep .pkg)
echo "[ * ] Update existing packages to support rate limit mail accounts..."
for package in $packages; do
if [ -z "$(grep -e 'RATE_LIMIT' $HESTIA/data/packages/$package)" ]; then
echo "RATE_LIMIT='200'" >> $HESTIA/data/packages/$package
fi
done
if [ -z "$(grep -e 'condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}' /etc/exim4/exim4.conf.template)" ]; then
for line in $(sed -n '/redirect_router = dnslookup/=' /etc/exim4/exim4.conf.template); do
testline=$((line - 1))
newline=$((line + 1))
if [ "$(awk NR==$testline /etc/exim4/exim4.conf.template)" = " file_transport = local_delivery" ]; then
# Add new line
sed -i "$newline i \ \ condition = \${lookup{$local_part@\$domain}lsearch{/etc/exim4/domains/\${lookup{\$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}" /etc/exim4/exim4.conf.template
fi
done
fi
# Allow Email@domain.com for login
if [ -f "/etc/dovecot/conf.d/10-auth.conf" ]; then
sed -i "s/auth_username_format = %u/auth_username_format = %Lu/g" /etc/dovecot/conf.d/10-auth.conf
fi
# rename /var/run/xx to /run/
for file in /etc/dovecot/dovecot.conf /etc/clamav/clamd.conf /etc/exim/exim.conf.template /etc/logrotate.d/apache2 /etc/logrotate.d/nginx /etc/mysql/my.cnf /etc/nginx/nginx.conf; do
if [ -f "$file" ]; then
echo "[ * ] Update $file legacy /var/run/ to /run/..."
sed -i 's|/var/run/|/run/|g' $file
fi
done
# Update any custom php templates
for file in $HESTIA/data/templates/web/php-fpm/*; do
echo "[ * ] Update $file legacy /var/run/ to /run/..."
sed -i 's|/var/run/|/run/|g' $file
done
for file in /etc/php/*/fpm/pool.d/www.conf; do
echo "[ * ] Update $file legacy /var/run/ to /run/..."
sed -i 's|/var/run/|/run/|g' $file
done
#update proftpd
if [ "$FTP_SYSTEM" = 'proftpd' ]; then
contains_conf_d=$(grep -c "Include /etc/proftpd/conf.d/\*.conf" "/etc/proftpd/proftpd.conf")
# the line below is for testing only:
# echo "contains proftpd? $contains_conf_d"
if [ $contains_conf_d = 0 ]; then
sed -i 's/Include \/etc\/proftpd\/tls.conf/&\nInclude \/etc\/proftpd\/conf.d\/*.conf/' /etc/proftpd/proftpd.conf
fi
$BIN/v-restart-ftp
fi
if echo "$BACKUP_SYSTEM" | grep "google" > /dev/null; then
echo "[ ! ] Deprecation notice: Backup via Google Cloud has been removed setup backup again via Rclone to reinstate the backup and restore capebilities!"
add_upgrade_message "Deprecation notice: Backup via Google Cloud has been removed setup backup again via Rclone to reinstate the backup and restore capebilities!"
fi
if [ -f /etc/logrotate.d/httpd-prerotate/awstats ]; then
echo "[ * ] Update Awstats prerotate to Hestia update method..."
# Replace awstatst function
cp -f $HESTIA_INSTALL_DIR/logrotate/httpd-prerotate/awstats /etc/logrotate.d/httpd-prerotate/
fi
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Refresh hestia-sso for PMA..."
$BIN/v-delete-sys-pma-sso quiet
$BIN/v-add-sys-pma-sso quiet
fi
if [ -f /etc/nginx/nginx.conf ] && [ ! -f /etc/nginx/conf.d/cloudflare.inc ]; then
echo "[ * ] Enable support for updating Cloudflare Ips..."
sed -i '/set_real_ip_from/d' /etc/nginx/nginx.conf
sed -i '/real_ip_header/d' /etc/nginx/nginx.conf
sed -i 's|# Cloudflare https://www.cloudflare.com/ips|# Cloudflare https://www.cloudflare.com/ips\n include /etc/nginx/conf.d/cloudflare.inc;|g' /etc/nginx/nginx.conf
# At a later stage a function will run and will load all the new rules
fi

53
install/upgrade/versions/1.7.1.sh
Unescape View File

@ -1,53 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Moved from 1.6.15.sh
if ! (grep -q 'v-change-user-password' $HESTIA/data/api/billing); then
sed -i "s|v-make-tmp-file'|v-make-tmp-file,v-change-user-password'|g" $HESTIA/data/api/billing
fi
# Apply update for path change of built-in IPset blacklist.sh
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
rm -f $HESTIA/data/firewall/ipset/blacklist.sh
if ($BIN/v-list-firewall-ipset plain | grep -q '/install/deb/firewall/ipset/blacklist.sh'); then
echo "[ * ] Update the path of IPset blacklist.sh..."
sed -i 's|/install/deb/firewall/ipset/blacklist.sh|/install/common/firewall/ipset/blacklist.sh|g' $HESTIA/data/firewall/ipset.conf
fi
fi
if [ "$WEB_SYSTEM" = "apache2" ]; then
if ! (grep -q "$WEBMAIL_ALIAS.*.conf" /etc/apache2/apache2.conf); then
echo "[ * ] Update /etc/apache2/apache2.conf..."
sed -i "s/IncludeOptional conf.d\/domains\/\*.conf/IncludeOptional conf.d\/domains\/$WEBMAIL_ALIAS.*.conf\nIncludeOptional conf.d\/domains\/\*.conf/g" /etc/apache2/apache2.conf
fi
fi
if [ "$WEB_SYSTEM" = "httpd" ]; then
if ! (grep -q "$WEBMAIL_ALIAS.*.conf" /etc/httpd/conf/httpd.conf); then
echo "[ * ] Update /etc/httpd/conf/httpd.conf..."
sed -i "s/IncludeOptional conf.d\/domains\/\*.conf/IncludeOptional conf.d\/domains\/$WEBMAIL_ALIAS.*.conf\nIncludeOptional conf.d\/domains\/\*.conf/g" /etc/httpd/conf/httpd.conf
fi
fi

24
install/upgrade/versions/1.7.2.sh
Unescape View File

@ -1,24 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

29
install/upgrade/versions/1.7.3.sh
Unescape View File

@ -1,29 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if grep -q 'drop message = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid' /etc/exim4/exim4.conf.template; then
echo "[ * ] Update exim4.conf.template ..."
patch /etc/exim4/exim4.conf.template $HESTIA/install/upgrade/patch/3462-exim-helo-autenticted-users.patch
fi

24
install/upgrade/versions/1.7.4.sh
Unescape View File

@ -1,24 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

24
install/upgrade/versions/1.7.5.sh
Unescape View File

@ -1,24 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

24
install/upgrade/versions/1.7.6.sh
Unescape View File

@ -1,24 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

24
install/upgrade/versions/1.7.7.sh
Unescape View File

@ -1,24 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

298
install/upgrade/versions/1.8.0.sh
Unescape View File

@ -1,298 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.8.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
os_release="$(lsb_release -s -i | tr "[:upper:]" "[:lower:]")-$(lsb_release -s -r)"
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
if ! grep -qw "^extra_groups = mail$" /etc/dovecot/conf.d/10-master.conf 2> /dev/null; then
sed -i "s/^service auth {/service auth {\n extra_groups = mail\n/g" /etc/dovecot/conf.d/10-master.conf
fi
if [ -f /etc/dovecot/conf.d/90-sieve.conf ]; then
if ! grep -q "sieve_vacation_send_from_recipient" /etc/dovecot/conf.d/90-sieve.conf 2> /dev/null; then
sed -i "s/^plugin {/plugin {\n # This setting determines whether vacation messages are sent with the SMTP MAIL FROM envelope address set to the recipient address of the Sieve script owner.\n sieve_vacation_send_from_recipient = yes\n/g" /etc/dovecot/conf.d/90-sieve.conf
fi
fi
fi
if [ -f /etc/fail2ban/jail.local ]; then
# Add phpmyadmin rule
if ! grep -qw "phpmyadmin-auth" /etc/fail2ban/jail.local 2> /dev/null; then
sed -i '/\[recidive\]/i [phpmyadmin-auth]\nenabled = true\nfilter = phpmyadmin-syslog\naction = hestia[name=WEB]\nlogpath = /var/log/auth.log\nmaxretry = 5\n' /etc/fail2ban/jail.local
fi
fi
if [ "$MAIL_SYSTEM" = "exim4" ]; then
if [ "$os_release" != "debian-10" ]; then
# Exclude Debian 10...
echo "[ * ] Disable SMTPUTF8 for Exim for now"
if ! grep -qw "^smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template 2> /dev/null; then
sed -i "/^domainlist local_domains = dsearch;\/etc\/exim4\/domains/i smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template
fi
fi
fi
# Apply the update for existing users to enable the "Enhanced and Optimized TLS" feature
echo '[ * ] Enable the "Enhanced and Optimized TLS" feature...'
# Configuring global OpenSSL options
tls13_ciphers="TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
if ! grep -qw "^[hestia_openssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then
if [ "$os_release" = "debian-10" ] || [ "$os_release" = "debian-11" ]; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
elif [ "$os_release" = "debian-12" ]; then
if ! grep -qw "^ssl_conf = ssl_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/providers = provider_sect$/a ssl_conf = ssl_sect' /etc/ssl/openssl.cnf
fi
if ! grep -qw "^[ssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '$a \\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
fi
elif [ "$os_release" = "ubuntu-20.04" ]; then
if ! grep -qw "^openssl_conf = default_conf$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/^oid_section = new_oids$/a \\n# System default\nopenssl_conf = default_conf' /etc/ssl/openssl.cnf
fi
if ! grep -qw "^[default_conf]$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '$a [default_conf]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
fi
elif [ "$os_release" = "ubuntu-22.04" ]; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
fi
fi
# Update server configuration files
tls12_ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256"
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
if grep -qw "^ssl_min_protocol = TLSv1.2$" /etc/dovecot/conf.d/10-ssl.conf 2> /dev/null; then
sed -i '/^# See #2012 for TLSv1.1 to 1.2 upgrade$/d;/^ssl_cipher_list = .\+$/d;s/^ssl_min_protocol = TLSv1.2/ssl_cipher_list = '"$tls12_ciphers"'\nssl_min_protocol = TLSv1.2/' /etc/dovecot/conf.d/10-ssl.conf
elif grep -qw "^ssl_protocols = \!SSLv3 \!TLSv1 \!TLSv1.1$" /etc/dovecot/conf.d/10-ssl.conf 2> /dev/null; then
sed -i '/^# See #2012 for TLSv1.1 to 1.2 upgrade$/d;/^ssl_cipher_list = .\+$/d;s/^ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1/ssl_cipher_list = '"$tls12_ciphers"'\nssl_protocols = !SSLv3 !TLSv1 !TLSv1.1/' /etc/dovecot/conf.d/10-ssl.conf
fi
fi
if [ "$MAIL_SYSTEM" = "exim4" ]; then
if grep -qw "^tls_on_connect_ports = 465$" /etc/exim4/exim4.conf.template 2> /dev/null; then
sed -i '/^tls_require_ciphers = .\+$/d;s/^tls_on_connect_ports = 465/tls_on_connect_ports = 465\ntls_require_ciphers = PERFORMANCE:-RSA:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:%SERVER_PRECEDENCE/' /etc/exim4/exim4.conf.template
fi
fi
if [ "$FTP_SYSTEM" = "proftpd" ]; then
if grep -qw "^TLSProtocol TLSv1.2$" /etc/proftpd/tls.conf 2> /dev/null; then
sed -i '/^TLSCipherSuite .\+$/d;/^TLSServerCipherPreference .\+$/d;s/^TLSProtocol TLSv1.2/TLSCipherSuite '"$tls12_ciphers"'\nTLSProtocol TLSv1.2 TLSv1.3\nTLSServerCipherPreference on/;s/^#TLSOptions AllowClientRenegotiations/#TLSOptions AllowClientRenegotiations/;s/^TLSOptions NoSessionReuseRequired AllowClientRenegotiations/TLSOptions NoSessionReuseRequired AllowClientRenegotiations/' /etc/proftpd/tls.conf
fi
fi
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
if grep -q "^ssl_ciphers=.\+$" /etc/vsftpd/vsftpd.conf 2> /dev/null; then
sed -i 's/^ssl_ciphers=.\+$/ssl_ciphers='"$tls12_ciphers"'/' /etc/vsftpd/vsftpd.conf
fi
fi
if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
# Little trick to bypass on my private fork :)
if ! grep -q "quic_bpf" /etc/nginx/nginx.conf && ! grep -q "spdy_headers_comp" /etc/nginx/nginx.conf; then
# Syncing "/etc/nginx/nginx.conf" with mainline, to fix the **** caused by formatter or forgetting to apply updates
echo "[ * ] Syncing NGINX configuration with mainline..."
trap 'rm -fr "$dir_for_compare" /etc/nginx/nginx.conf-staging' EXIT
dir_for_compare="$(mktemp -d)"
nginx_conf_local="$dir_for_compare"/nginx.conf-local
nginx_conf_commit="$dir_for_compare"/nginx.conf-commit
sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' /etc/nginx/nginx.conf | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_local"
# For installations before v1.6.8 (from commit 9b544be to commit b2ad154)
curl -fsLm5 --retry 2 https://raw.githubusercontent.com/hestiacp/hestiacp/b2ad1549a21655837056e4b7883970d51a4b324f/install/deb/nginx/nginx.conf \
| sed 's/fastcgi_buffers 4 256k;/fastcgi_buffers 8 256k;/g;s|/var/run/|/run/|g;/set_real_ip_from/d;/real_ip_header/d;s|# Cloudflare https://www.cloudflare.com/ips|# Cloudflare https://www.cloudflare.com/ips\n include /etc/nginx/conf.d/cloudflare.inc;|g' \
| sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_commit"-b2ad154
# For installations after v1.6.8 but before v1.7.0 (from commit b2ad154 to commit 015b20a)
curl -fsLm5 --retry 2 https://raw.githubusercontent.com/hestiacp/hestiacp/015b20ae1ffb82faaf58b41a5dc9ad1b078b785f/install/deb/nginx/nginx.conf \
| sed 's|/var/run/|/run/|g;/set_real_ip_from/d;/real_ip_header/d;s|# Cloudflare https://www.cloudflare.com/ips|# Cloudflare https://www.cloudflare.com/ips\n include /etc/nginx/conf.d/cloudflare.inc;|g' \
| sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_commit"-015b20a
# For installations after v1.7.0 (commit 555f892)
curl -fsLm5 --retry 2 https://raw.githubusercontent.com/hestiacp/hestiacp/555f89243e54e02458586ae4f7999458cc9d33e9/install/deb/nginx/nginx.conf \
| sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_commit"-555f892
for commit in b2ad154 015b20a 555f892; do
if cmp -s "$nginx_conf_local" "$nginx_conf_commit"-"$commit" 2> /dev/null; then
nginx_conf_compare="same"
cp -f "$HESTIA_INSTALL_DIR"/nginx/nginx.conf /etc/nginx
break
fi
done
if [ "$nginx_conf_compare" != "same" ]; then
echo -e "[ ! ] Manual action required, please view:\n[ - ] $HESTIA_BACKUP/message.log"
add_upgrade_message "Manual Action Required [IMPORTANT]\n\nTo enable the \"Enhanced and Optimized TLS\" feature, we must update the NGINX configuration file (/etc/nginx/nginx.conf).\n\nBut for unknown reason or you edited it, may not be fully apply all the changes in this upgrade.\n\nPlease follow the default configuration file to sync it:\n$HESTIA_INSTALL_DIR/nginx/nginx.conf\n\nBacked up configuration file:\n$HESTIA_BACKUP/conf/nginx/nginx.conf\n\nLearn more:\nhttps://github.com/hestiacp/hestiacp/pull/3555\n\n"
"$BIN"/v-add-user-notification admin "IMPORTANT: Manual Action Required" '<p>To enable the "Enhanced and Optimized TLS" feature, we must update the NGINX configuration file at <code>/etc/nginx/nginx.conf</code>.</p><p>But for unknown reason or you edited it, may not be fully apply all the changes in this upgrade.</p><p>Please follow the default configuration file to sync it:<br><code>'"$HESTIA_INSTALL_DIR"'/nginx/nginx.conf</code></p><p>Backed up configuration file:<br><code>'"$HESTIA_BACKUP"'/conf/nginx/nginx.conf</code></p><p>Visit PR <a href="https://github.com/hestiacp/hestiacp/pull/3555" target="_blank">#3555</a> on GitHub to learn more.</p>'
sed -i "s/""$(grep -m 1 "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='1'/" "$HESTIA"/data/users/admin/notifications.conf
cp -f /etc/nginx/nginx.conf /etc/nginx/nginx.conf-staging
# Apply previously missed updates
sed -i 's/fastcgi_buffers 4 256k;/fastcgi_buffers 8 256k;/;s|https://www.cloudflare.com/||;s/# Cache settings/# Proxy cache/' /etc/nginx/nginx.conf-staging
# Formatting
echo "" >> /etc/nginx/nginx.conf-staging
sed -i '/^[ \t]*$/d;s/^ worker_connections 1024;/\tworker_connections 1024;/;s/^ use epoll;/\tuse epoll;/;s/^ multi_accept on;/\tmulti_accept on;/;s/^ /\t\t/g;s/^ /\t/g;s/^# Worker config/\n# Worker config/;s/^http {/\nhttp {/;s/^\t# Cache bypass/\n\t# Cache bypass/;s/^\t# File cache (static assets)/\n\t# File cache (static assets)/;s/^user www-data;/user www-data;/;s/^worker_processes auto;/worker_processes auto;/;s/^worker_rlimit_nofile 65535;/worker_rlimit_nofile 65535;/;s|^error_log /var/log/nginx/error.log;|error_log /var/log/nginx/error.log;|;s|^pid /run/nginx.pid;|pid /run/nginx.pid;|;s|^include /etc/nginx/modules-enabled/\*.conf;|include /etc/nginx/modules-enabled/\*.conf;|;s/log_not_found off;/log_not_found off;/;s/access_log off;/access_log off;/;s|include /etc/nginx/mime.types;|include /etc/nginx/mime.types;|;s|default_type application/octet-stream;|default_type application/octet-stream;|;s/default 0;/default 0;/;s/~SESS 1;/~SESS 1;/;s|include /etc/nginx/conf.d/|include /etc/nginx/conf.d/|g' /etc/nginx/nginx.conf-staging
# Prepare for update
sed -i '/proxy_bu/d;/proxy_temp/d;/log_format/d;/body_bytes_sent/d;/http_user_agent/d;/gzip/d;/application\/j/d;/application\/x/d;/ssl_/d;/resolver/d;/error_page/d;/\/var\/cache\/nginx/d;/max_size=/d;/_cache_key/d;/_ignore_headers/d;/_cache_use_stale/d;/_cache_valid/d;/_cache_methods/d;/add_header/d;/open_file_cache/d' /etc/nginx/nginx.conf-staging
# Apply the update
sed -i 's/client_max_body_size 256m;/client_max_body_size 1024m;/;s/keepalive_requests 100000;/keepalive_requests 10000;/;s/fastcgi_buffers 8 256k;/fastcgi_buffers 512 4k;/;s/proxy_pass_header Set-Cookie;/proxy_pass_header Set-Cookie;\n\tproxy_buffers 256 4k;\n\tproxy_buffer_size 32k;\n\tproxy_busy_buffers_size 32k;\n\tproxy_temp_file_write_size 256k;/;s/# Log format/# Log format\n\tlog_format main '"'"'$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'"'"';\n\tlog_format bytes '"'"'$body_bytes_sent'"'"';/;s|# Compression|# Compression\n\tgzip on;\n\tgzip_vary on;\n\tgzip_static on;\n\tgzip_comp_level 6;\n\tgzip_min_length 1024;\n\tgzip_buffers 128 4k;\n\tgzip_http_version 1.1;\n\tgzip_types text/css text/javascript text/js text/plain text/richtext text/shtml text/x-component text/x-java-source text/x-markdown text/x-script text/xml image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon font/otf font/ttf font/x-woff multipart/bag multipart/mixed application/eot application/font application/font-sfnt application/font-woff application/javascript application/javascript-binast application/json application/ld+json application/manifest+json application/opentype application/otf application/rss+xml application/ttf application/truetype application/vnd.api+json application/vnd.ms-fontobject application/wasm application/xhtml+xml application/xml application/xml+rss application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-protobuf application/x-ttf;\n\tgzip_proxied any;|;s/# Cloudflare ips/# Cloudflare IPs/;s|# SSL PCI compliance|# SSL PCI compliance\n\tssl_buffer_size 1369;\n\tssl_ciphers "'"$tls12_ciphers"'";\n\tssl_dhparam /etc/ssl/dhparam.pem;\n\tssl_early_data on;\n\tssl_ecdh_curve auto;\n\tssl_prefer_server_ciphers on;\n\tssl_protocols TLSv1.2 TLSv1.3;\n\tssl_session_cache shared:SSL:20m;\n\tssl_session_tickets on;\n\tssl_session_timeout 7d;\n\tresolver 1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;\n\tresolver_timeout 5s;|;s|# Error pages|# Error pages\n\terror_page 403 /error/404.html;\n\terror_page 404 /error/404.html;\n\terror_page 410 /error/410.html;\n\terror_page 500 501 502 503 504 505 /error/50x.html;|;s|# Proxy cache|# Proxy cache\n\tproxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;\n\tproxy_cache_key "$scheme$request_method$host$request_uri";\n\tproxy_temp_path /var/cache/nginx/temp;\n\tproxy_ignore_headers Cache-Control Expires;\n\tproxy_cache_use_stale error timeout invalid_header updating http_502;\n\tproxy_cache_valid any 1d;|;s|# FastCGI cache|# FastCGI cache\n\tfastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m inactive=30m max_size=1024m;\n\tfastcgi_cache_key "$scheme$request_method$host$request_uri";\n\tfastcgi_ignore_headers Cache-Control Expires Set-Cookie;\n\tfastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;\n\tadd_header X-FastCGI-Cache $upstream_cache_status;|;s/# File cache (static assets)/# File cache (static assets)\n\topen_file_cache max=10000 inactive=30s;\n\topen_file_cache_valid 60s;\n\topen_file_cache_min_uses 2;\n\topen_file_cache_errors off;/' /etc/nginx/nginx.conf-staging
# Apply the update for implement TLS 1.3 0-RTT anti-replay and upcoming HTTP/3 support
sed -i '/\/etc\/nginx\/conf\.d\/main\/\*\.conf;/d;/pid \/run\/nginx.pid;/a include /etc/nginx/conf.d/main/*.conf;' /etc/nginx/nginx.conf-staging
sed -i '/Early-Data/d;/proxy_set_header Host $host;/a \\tproxy_set_header Early-Data $rfc_early_data;' /etc/nginx/nginx.conf-staging
# Verify new configuration file
if nginx -c /etc/nginx/nginx.conf-staging -t > /dev/null 2>&1; then
mv -f /etc/nginx/nginx.conf-staging /etc/nginx/nginx.conf
fi
fi
# Implement TLS 1.3 0-RTT anti-replay
echo -e "[ * ] TLS 1.3 0-RTT anti-replay for NGINX, please view:\n[ - ] $HESTIA_BACKUP/message.log"
add_upgrade_message "About TLS 1.3 0-RTT anti-replay for NGINX\n\nIf you use custom templates, please update them (*.stpl) to apply this protection.\n\nFollow the usage or other default templates:\n/etc/nginx/conf.d/0rtt-anti-replay.conf\n\nLearn more:\nhttps://github.com/hestiacp/hestiacp/pull/3692"
"$BIN"/v-add-user-notification admin "About TLS 1.3 0-RTT anti-replay for NGINX" '<p>If you use custom templates, please update them (*.stpl) to apply this protection.</p><p>Follow the usage or other default templates:<br><code>/etc/nginx/conf.d/0rtt-anti-replay.conf</code></p><p>Visit PR <a href="https://github.com/hestiacp/hestiacp/pull/3692" target="_blank">#3692</a> on GitHub to learn more.</p>'
if grep -qw "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf 2> /dev/null; then
sed -i "s/""$(grep -m 1 "About TLS 1.3 0-RTT anti-replay for NGINX" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='2'/" "$HESTIA"/data/users/admin/notifications.conf
else
sed -i "s/""$(grep -m 1 "About TLS 1.3 0-RTT anti-replay for NGINX" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='1'/" "$HESTIA"/data/users/admin/notifications.conf
fi
cp -f "$HESTIA_INSTALL_DIR"/nginx/0rtt-anti-replay.conf /etc/nginx/conf.d
# Update resolver for NGINX
for nameserver in $(grep -is '^nameserver' /etc/resolv.conf | cut -d' ' -f2 | tr '\r\n' ' ' | xargs); do
if [[ "$nameserver" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
if [ -z "$resolver" ]; then
resolver="$nameserver"
else
resolver="$resolver $nameserver"
fi
fi
done
if [ -n "$resolver" ]; then
sed -i "s/1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8/$resolver/g" /etc/nginx/nginx.conf
fi
# Update some configuration files
cp -f "$HESTIA_INSTALL_DIR"/nginx/phpmyadmin.inc "$HESTIA_INSTALL_DIR"/nginx/phppgadmin.inc "$HESTIA_INSTALL_DIR"/nginx/status.conf /etc/nginx/conf.d
[ -n "$DB_PMA_ALIAS" ] && sed -i "s|%pma_alias%|$DB_PMA_ALIAS|g" /etc/nginx/conf.d/phpmyadmin.inc
[ -n "$DB_PGA_ALIAS" ] && sed -i "s|%pga_alias%|$DB_PGA_ALIAS|g" /etc/nginx/conf.d/phppgadmin.inc
# Prepare for upcoming HTTP/3 support, also convenient for users to add directive to "main" context
mkdir -p /etc/nginx/conf.d/main
fi
fi
unset commit nameserver nginx_conf_commit nginx_conf_compare nginx_conf_local os_release tls12_ciphers tls13_ciphers resolver
# Finish configuring the "Enhanced and Optimized TLS" feature
# Update IPs configuration file
# shellcheck source=/usr/local/hestia/func/domain.sh
source $HESTIA/func/domain.sh
if [ "$WEB_SYSTEM" = "nginx" ]; then
while IFS= read -r IP; do
ip_conf="/etc/nginx/conf.d/$IP.conf"
cp -f "$HESTIA_INSTALL_DIR"/nginx/unassigned.inc "$ip_conf"
sed -i "s/directIP/$IP/g" "$ip_conf"
process_http2_directive "$ip_conf"
done < <(ls "$HESTIA"/data/ips/ 2> /dev/null)
elif [ "$PROXY_SYSTEM" = "nginx" ]; then
while IFS= read -r IP; do
cat "$WEBTPL"/nginx/proxy_ip.tpl \
| sed -e "s/%ip%/$IP/g" \
-e "s/%web_port%/$WEB_PORT/g" \
-e "s/%proxy_port%/$PROXY_PORT/g" \
-e "s/%proxy_ssl_port%/$PROXY_SSL_PORT/g" \
> "/etc/nginx/conf.d/$IP.conf"
process_http2_directive "/etc/nginx/conf.d/$IP.conf"
done < <(ls "$HESTIA"/data/ips/ 2> /dev/null)
fi
if [ "$MAIL_SYSTEM" = "exim4" ]; then
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
# if Exim version > 4.95 or greater!
if version_ge "$exim_version" "4.95"; then
if ! grep -q 'SRS_SECRET' /etc/exim4/exim4.conf.template; then
srs=$(generate_password)
echo $srs > /etc/exim4/srs.conf
chmod 640 /etc/exim4/srs.conf
chown root:Debian-exim /etc/exim4/srs.conf
cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.staging
patch /etc/exim4/exim4.conf.template.staging $HESTIA/install/upgrade/patch/3661-exim-srs-support.patch 2>&1
exim -C /etc/exim4/exim4.conf.template.staging 2>&1
if [ "$?" -ne 0 ]; then
add_upgrade_message "Unable to successfully aply the SRS update patch for Exim.\n If you use SMTP relay with the SRS feature use the exim config found in /usr/local/hestia/install/deb/exim/exim4.conf.4.95.template"
"$BIN"/v-add-user-notification admin "Unable to apply patch to Exim config" 'Unable to successfully apply the SRS update patch for Exim.<br /> If you use SMTP relay with the SRS feature use the exim config found in /usr/local/hestia/install/deb/exim/exim4.conf.4.95.template'
if grep -qw "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf 2> /dev/null; then
sed -i "s/""$(grep -m 1 "Unable to apply patch to Exim config" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='3'/" "$HESTIA"/data/users/admin/notifications.conf
else
sed -i "s/""$(grep -m 1 "Unable to apply patch to Exim config" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='2'/" "$HESTIA"/data/users/admin/notifications.conf
fi
echo "[ ! ] Unable to apply SRS update patch for SMTP relay"
else
echo "[ * ] Update exim4.conf.template ..."
cp /etc/exim4/exim4.conf.template.staging /etc/exim4/exim4.conf.template
fi
rm /etc/exim4/exim4.conf.template.staging*
else
sed -i "s/SRS_SECRET = readfile{\/etc\/exim4\/srs.conf}/SRS_SECRET = \${readfile{\/etc\/exim4\/srs.conf}}/g" /etc/exim4/exim4.conf.template
chown root:Debian-exim /etc/exim4/srs.conf
fi
fi
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
# if Exim version > 4.95 or greater!
if version_ge "$exim_version" "4.95"; then
if ! grep -q 'condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}' /etc/exim4/exim4.conf.template; then
for line in $(sed -n '/redirect_router = dnslookup/=' /etc/exim4/exim4.conf.template); do
testline=$((line - 1))
newline=$((line + 1))
if [ "$(awk NR==$testline /etc/exim4/exim4.conf.template)" = " file_transport = local_delivery" ]; then
# Add new line
sed -i "$newline i \ \ condition = \${lookup{\$local_part@\$domain}lsearch{/etc/exim4/domains/\${lookup{\$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}" /etc/exim4/exim4.conf.template
fi
done
fi
fi
fi

34
install/upgrade/versions/1.8.1.sh
Unescape View File

@ -1,34 +0,0 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.8.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ "$MAIL_SYSTEM" = "exim4" ]; then
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
# if Exim version > 4.95 or greater!
if version_ge "$exim_version" "4.95"; then
sed -i "s/SRS_SECRET = readfile{\/etc\/exim4\/srs.conf}/SRS_SECRET = \${readfile{\/etc\/exim4\/srs.conf}}/g" /etc/exim4/exim4.conf.template
chown root:Debian-exim /etc/exim4/srs.conf
chown 644 /etc/exim4/srs.conf
fi
fi

3
src/rpm/hestia/hestia.spec
Unescape View File

@ -84,6 +84,7 @@ if [ -e "/usr/local/hestia/data/users/admin" ]; then
###############################################################
# Load upgrade functions and refresh variables/configuration
source /usr/local/hestia/func/main.sh
source /usr/local/hestia/func/upgrade.sh
upgrade_refresh_config
@ -146,7 +147,7 @@ if [ -e "/usr/local/hestia/data/users/admin" ]; then
update_whitelabel_logo | tee -a $LOG
# Set new version number in hestia.conf
upgrade_set_version
upgrade_set_version $new_version
# Perform account and domain rebuild to ensure configuration files are correct
upgrade_rebuild_users

Write Preview
Loading…
Cancel
Save