bayrepo/hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Alexey Berezhok
2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
install/upgrade/manual/configure-server-smtp.sh Executable file
View File

@@ -0,0 +1,82 @@
#!/bin/bash
# info: setup SMTP Account for server logging
# options: NONE
# labels:
#
# example: configure-server-smtp.sh
#
# This function provides an user-interactive configuration of a SMTP account
# for the server to use for logging, notification and warn emails etc.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
function setupFiles {
echo "Use SMTP account for server communication (Y/n): "
read use_smtp_prompt
use_smtp="${use_smtp_prompt:-y}"
use_smtp="${use_smtp,,}"
if [ "${use_smtp}" == "y" ]; then
use_smtp=true
echo "Enter SMTP Host:"
read -i $SERVER_SMTP_HOST -e smtp_server_host
echo "Enter SMTP Port:"
read -i $SERVER_SMTP_PORT -e smtp_server_port
echo "Enter SMTP Security:"
read -i $SERVER_SMTP_SECURITY -e smtp_server_security
echo "Enter SMTP Username:"
read -i $SERVER_SMTP_USER -e smtp_server_user_name
echo "Enter SMTP Password (stored as plaintext):"
read -i $SERVER_SMTP_PASSWD -e smtp_server_password
echo "Enter Email Address:"
read -i $SERVER_SMTP_ADDR -e smtp_server_addr
else
use_smtp=false
fi
echo "Summary:
Use SMTP: $use_smtp
SMTP Host: $smtp_server_host
SMTP Port: $smtp_server_port
SMTP Security: $smtp_server_security
SMTP Username: $smtp_server_user_name
SMTP Password: $smtp_server_password
Email Address: $smtp_server_addr
Are these values correct? (y/N)"
read correct_validation
correct="${correct_validation:-n}"
correct="${correct,,}"
if [ "${correct}" != "y" ]; then
echo "Not Proceeding. Restart or Quit (r/Q)?"
read restart_quit_prompt
restart_quit="${restart_quit_prompt:-q}"
restart_quit="${restart_quit,,}"
if [ "${restart_quit}" == "r" ]; then
clear
setupFiles
else
exit 3
fi
else
$BIN/v-change-sys-config-value "USE_SERVER_SMTP" "${use_smtp:-}"
$BIN/v-change-sys-config-value "SERVER_SMTP_HOST" "${smtp_server_host:-}"
$BIN/v-change-sys-config-value "SERVER_SMTP_PORT" "${smtp_server_port:-}"
$BIN/v-change-sys-config-value "SERVER_SMTP_SECURITY" "${smtp_server_security:-}"
$BIN/v-change-sys-config-value "SERVER_SMTP_USER" "${smtp_server_user_name:-}"
$BIN/v-change-sys-config-value "SERVER_SMTP_PASSWD" "${smtp_server_password:-}"
$BIN/v-change-sys-config-value "SERVER_SMTP_ADDR" "${smtp_server_addr:-}"
fi
}
setupFiles

50
install/upgrade/manual/install_awstats_geoip.sh Executable file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
# info: enable GeoIP Awstats
#
# This function enables GeoIP location lookup for
# IP addresses that are listed in awstats.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#check if string already exists
if grep "geoip" $HESTIA/data/templates/web/awstats/awstats.tpl; then
echo "Plugin allready enabled"
exit 0
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ -d /etc/awstats ]; then
perl -MCPAN -f -e "install Geo::IP::PurePerl"
perl -MCPAN -f -e "install Geo::IP"
sed -i '/LoadPlugin=\"geoip GEOIP_STANDARD \/usr\/share\/GeoIP\/GeoIP.dat\"/s/^#//g' /etc/awstats/awstats.conf
echo "LoadPlugin=\"geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat\"" >> $HESTIA/data/templates/web/awstats/awstats.tpl
for user in $($BIN/v-list-sys-users plain); do
$BIN/v-rebuild-web-domains $user no
done
fi
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
# Logging
log_history "Enabled GeoIP Awstats" '' 'admin'
log_event "$OK" "$ARGUMENTS"
exit 0

50
install/upgrade/manual/install_awstats_geoip2.sh Executable file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
# info: enable GeoIP2 in Awstats
#
# This function enables GeoIP2 location lookup for
# IP addresses that are listed in awstats.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#check if string already exists
if grep "geoip2" $HESTIA/data/templates/web/awstats/awstats.tpl; then
echo "Plugin allready enabled"
exit 0
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ -d /etc/awstats ]; then
apt-get install make libssl-dev zlib1g-dev libdata-validate-ip-perl
perl -MCPAN -f -e "GeoIP2::Database::Reader"
sed -i '/LoadPlugin=\"geoip2_country \/pathto\/GeoLite2-Country.mmdb\"/s/^#//g;s/pathto/usr\/share\/GeoIP/g' /etc/awstats/awstats.conf
echo "LoadPlugin=\"geoip2_country /usr/share/GeoIP/GeoLite2-Country.mmdb\"" >> $HESTIA/data/templates/web/awstats/awstats.tpl
for user in $($BIN/v-list-sys-users plain); do
$BIN/v-rebuild-web-domains $user no
done
fi
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
# Logging
log_history "Enabled GeoIP2 Awstats" '' 'admin'
log_event "$OK" "$ARGUMENTS"
exit 0

127
install/upgrade/manual/install_sieve.sh Executable file
View File

@@ -0,0 +1,127 @@
#!/bin/bash
# info: Install / remove sieve / manage-sieve for Dovecot
#
# Thos function installs manage-sieve functionality for dovecot.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"
source_conf "$HESTIA/install/upgrade/upgrade.conf"
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#check if string already exists
if grep "dovecot_virtual_delivery" /etc/exim4/exim4.conf.template; then
echo "Plugin allready enabled"
exit 0
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
HAS_DOVECOT_SIEVE_INSTALLED=$(dpkg --get-selections dovecot-sieve | grep dovecot-sieve | wc -l)
# Folder paths
RC_INSTALL_DIR="/var/lib/roundcube"
RC_CONFIG_DIR="/etc/roundcube"
# If we want to install sieve
if [ "$HAS_DOVECOT_SIEVE_INSTALLED" = "0" ]; then
# if sieve is not installed... install it.
apt-get -qq install dovecot-sieve dovecot-managesieved -y
# dovecot.conf install
sed -i "s/namespace/service stats \{\n unix_listener stats-writer \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n\}\n\nnamespace/g" /etc/dovecot/dovecot.conf
# dovecot conf files
# 10-master.conf
sed -i -E -z "s/ }\n user = dovecot\n}/ \}\n unix_listener auth-master \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n user = dovecot\n\}/g" /etc/dovecot/conf.d/10-master.conf
# 15-lda.conf
sed -i "s/\#mail_plugins = \\\$mail_plugins/mail_plugins = \$mail_plugins quota sieve\n auth_socket_path = \/var\/run\/dovecot\/auth-master/g" /etc/dovecot/conf.d/15-lda.conf
# 20-imap.conf
sed -i "s/mail_plugins = quota imap_quota/mail_plugins = quota imap_quota imap_sieve/g" /etc/dovecot/conf.d/20-imap.conf
# replace dovecot-sieve config files
cp -f $HESTIA_COMMON_DIR/dovecot/sieve/* /etc/dovecot/conf.d
# dovecot default file install
mkdir -p /etc/dovecot/sieve
echo -e "require [\"fileinto\"];\n# rule:[SPAM]\nif header :contains \"X-Spam-Flag\" \"YES\" {\n fileinto \"INBOX.Spam\";\n}\n" > /etc/dovecot/sieve/default
# exim4 install
sed -i "s/\stransport = local_delivery/ transport = dovecot_virtual_delivery/" /etc/exim4/exim4.conf.template
sed -i "s/address_pipe:/dovecot_virtual_delivery:\n driver = pipe\n command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \${extract{1}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/accounts}}}}@\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\n delivery_date_add\n envelope_to_add\n return_path_add\n log_output = true\n log_defer_output = true\n user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n group = mail\n return_output\n\naddress_pipe:/g" /etc/exim4/exim4.conf.template
# roundcube install
mkdir -p $RC_CONFIG_DIR/plugins/managesieve
cp -f $HESTIA_COMMON_DIR/roundcube/plugins/config_managesieve.inc.php $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
ln -s $RC_CONFIG_DIR/plugins/managesieve/config.inc.php $RC_INSTALL_DIR/plugins/managesieve/config.inc.php
# permission changes
chown -R dovecot:mail /var/log/dovecot.log
chmod 660 /var/log/dovecot.log
chown -R root:www-data $RC_CONFIG_DIR/
chmod 751 -R $RC_CONFIG_DIR
chmod 644 $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
sed -i "s/\"archive\"/\"archive\", \"managesieve\"/g" $RC_CONFIG_DIR/config.inc.php
#restart dovecot and exim4
systemctl restart dovecot > /dev/null 2>&1
systemctl restart exim4 > /dev/null 2>&1
else
# Uninstall sieve if it exist
if [ -f "/etc/dovecot/conf.d/90-sieve.conf" ]; then
# dovecot.conf multiline sed
sed -i -E -z "s/service stats \{\n unix_listener stats-writer \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n\}\n\n//g" /etc/dovecot/dovecot.conf
# dovecot conf files
# 10-master.conf
sed -i -E -z "s/ \}\n unix_listener auth-master \{\n group = mail\n mode = 0660\n user = dovecot\n \}\n user = dovecot\n\}/ \}\n user = dovecot\n\}/g" /etc/dovecot/conf.d/10-master.conf
# 15-lda.conf
sed -i -E -z "s/mail_plugins = \\\$mail_plugins sieve\n auth_socket_path = \/run\/dovecot\/auth-master/\#mail_plugins = \$mail_plugins/g" /etc/dovecot/conf.d/15-lda.conf
# 20-imap.conf
sed -i "s/mail_plugins = quota imap_quota imap_sieve/mail_plugins = quota imap_quota/g" /etc/dovecot/conf.d/20-imap.conf
# Delete dovecot-sieve config files
rm -f /etc/dovecot/conf.d/20-managesieve.conf
rm -f /etc/dovecot/conf.d/90-sieve-extprograms.conf
rm -f /etc/dovecot/conf.d/90-sieve.conf
# Dovecot default file
rm -r -f /etc/dovecot/sieve
# If sieve is installed... remove it.
apt-get -qq remove --purge dovecot-sieve -y
# Exim4
sed -i "s/\stransport = dovecot_virtual_delivery/ transport = local_delivery/" /etc/exim4/exim4.conf.template
sed -i "s/dovecot_virtual_delivery:\n driver = pipe\n command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \${extract{1}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains/}}\/accounts}}}}@\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\n delivery_date_add\n envelope_to_add\n return_path_add\n log_output = true\n log_defer_output = true\n user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n group = mail\n return_output\n//g" /etc/exim4/exim4.conf.template
# Roundcube
rm -f -r $RC_CONFIG_DIR/plugins/managesieve
rm -f $RC_INSTALL_DIR/plugins/managesieve/config.inc.php
sed -i "s/\"archive\", \"managesieve\"/\"archive\"/g" $RC_CONFIG_DIR/config.inc.php
#restart dovecot and exim4
systemctl restart dovecot > /dev/null 2>&1
systemctl restart exim4 > /dev/null 2>&1
fi
fi

99
install/upgrade/manual/migrate_apache.sh Executable file
View File

@@ -0,0 +1,99 @@
#!/bin/bash
# info: enable multiphp
#
# This function enables php-fpm backend for standalone apache2 configurations.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
if [ ! -z "$WEB_BACKEND" ]; then
check_result $E_EXISTS "Web backend already enabled" > /dev/null
fi
if [ "$(multiphp_count)" -gt 1 ]; then
check_result $E_EXISTS "Multiphp already enabled" > /dev/null
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
php_v="$(multiphp_default_version)"
$BIN/v-add-web-php "$php_v"
cp -f "${HESTIA_INSTALL_DIR}/php-fpm/www.conf" "/etc/php/${php_v}/fpm/pool.d/www.conf"
systemctl start php${php_v}-fpm
check_result $? "php${php_v}-fpm start failed"
update-alternatives --set php /usr/bin/php${php_v}
if [ ! -z "$WEB_SYSTEM" ]; then
cp -rf "${HESTIA_INSTALL_DIR}/templates/web/$WEB_SYSTEM" "${WEBTPL}/"
fi
sed -i "/^WEB_BACKEND=/d" $HESTIA/conf/hestia.conf
echo "WEB_BACKEND='php-fpm'" >> $HESTIA/conf/hestia.conf
for user in $($BIN/v-list-sys-users plain); do
# Define user data and get suspended status
USER_DATA=$HESTIA/data/users/$user
SUSPENDED=$(get_user_value '$SUSPENDED')
# Check if user is suspended
if [ "$SUSPENDED" = "yes" ]; then
suspended="yes"
$BIN/v-unsuspend-user $user
fi
for domain in $($BIN/v-list-web-domains $user plain | cut -f1); do
SUSPENDED_WEB=$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')
# Check if web domain is suspended
if [ "$SUSPENDED_WEB" = "yes" ]; then
suspended_web="yes"
$BIN/v-unsuspend-web-domain $user $domain
fi
echo "Processing domain: $domain"
$BIN/v-change-web-domain-backend-tpl "$user" "$domain" "PHP-${php_v/\./_}" "no"
$BIN/v-change-web-domain-tpl "$user" "$domain" "default" "no"
# Suspend domain again, if it was suspended
if [ "$suspended_web" = "yes" ]; then
unset suspended_web
$BIN/v-suspend-web-domain $user $domain
fi
done
# Suspend user again, if he was suspended
if [ "$suspended" = "yes" ]; then
unset suspended
$BIN/v-suspend-user $user
fi
done
$BIN/v-update-web-templates "yes"
# Restarting backend
$BIN/v-restart-web-backend "yes"
check_result $? "Backend restart" > /dev/null 2>&1
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
# Logging
log_history "Enabled multiphp $version" '' 'admin'
log_event "$OK" "$ARGUMENTS"
exit

83
install/upgrade/manual/migrate_mpm_event.sh Executable file
View File

@@ -0,0 +1,83 @@
#!/bin/bash
# This script migrates your apache2 installation form mod_prefork to mpm_event.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
source $HESTIA/conf/hestia.conf
# Check if apache2 is in use
if [ "$WEB_SYSTEM" != "apache2" ]; then
echo "Apache2 isn't installed on your system, canceling migration..." && exit 1
fi
# Check if PHP-FPM is instaled
if [ "$WEB_BACKEND" != "php-fpm" ]; then
echo "PHP-FPM not yet installed please run migrate_apache.sh first" && exit 1
fi
# Check if mod_event is already enabled
if [ $(a2query -M) = 'event' ]; then
echo "mod_event is already enabled, canceling migration..." && exit 1
fi
if ! apache2ctl configtest > /dev/null 2>&1; then
echo "Apache2 configtest failed" && exit 1
fi
a2modules="php5.6 php7.0 php7.1 php7.2 php7.3 php7.4 ruid2 mpm_itk mpm_prefork"
changed_a2modules=""
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
for module in $a2modules; do
a2query -q -m "$module" || continue
a2dismod -q "$module"
changed_a2modules="${changed_a2modules} ${module}"
done
a2enmod --quiet mpm_event
cp -f /usr/local/hestia/install/deb/apache2/hestia-event.conf /etc/apache2/conf.d/
# Check if all went well
if ! apache2ctl configtest > /dev/null 2>&1; then
echo "Something went wrong, rolling back. Please try to migrate manually to mpm_event."
a2dismod -q mpm_event
for module in $changed_a2modules; do
a2enmod "$module"
done
rm --force /etc/apache2/conf.d/hestia-event.conf
exit 1
fi
# Validate if www.conf is existent and port 9000 is active
if ! lsof -Pi :9000 -sTCP:LISTEN -t > /dev/null; then
if [ $(ls /etc/php/7.3/fpm/pool.d/www.conf) ]; then
# Replace listen port to 9000
sed -i "s/listen = 127.0.0.1:.*/listen = 127.0.0.1:9000/g" /etc/php/7.3/fpm/pool.d/www.conf
else
# Copy www.conf file
cp -f /usr/local/hestia/install/deb/php-fpm/www.conf /etc/php/7.3/fpm/pool.d/
fi
# Restart php7.3 fpm service.
systemctl restart php7.3-fpm
fi
# Check again if port 9000 is now in use.
if lsof -Pi :9000 -sTCP:LISTEN -t > /dev/null; then
echo "mpm_event module was successfully activated."
else
echo "There went something wrong with your php-fpm configuration - port 9000 isnt active. Please check if webmail and phpmyadmin (if installed) are working properly."
fi
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
systemctl restart apache2

162
install/upgrade/manual/migrate_multiphp.sh Executable file
View File

@@ -0,0 +1,162 @@
#!/bin/bash
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
#
# Migrate legacy multiphp to full php-fpm backend
#
# nginx+fpm (default)
# nothing to be done here,
# (Adding new php backends will make them available on edit/web)
#
# nginx+multiphp,
# nginx+apache+multiphp,
# apache+multiphp:
# Change Hestia WEB_BACKEND from null to php-fpm
# Create backend templates ex: PHP-7_3, PHP-5_6 (in $HESTIA/data/templates/web/php-fpm/)
# v-update-web-templates
# Loop through all web domains
# If official multiphp tpl is used ex: PHP-72, then change backend tpl and set app web template to default
# ( old default.tpl backend maps to PHP-7_3 )
# If not, parse php version from tpl file , fallback to latest version,
# Copy all non-official tpls to php-fpm folder (as app web template includin bash script if present)
#
# a2 (non-fpm) or nginx+a2(non-fpm)
# - Skipped
#
DEFAULT_BTPL="PHP-7_3"
num_php_versions=$(ls -d /etc/php/*/fpm/pool.d 2> /dev/null | wc -l)
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
echo "Found $num_php_versions php versions"
if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
# Legacy multiphp
sed -i "/^WEB_BACKEND=/d" $HESTIA/conf/hestia.conf
echo "WEB_BACKEND='php-fpm'" >> $HESTIA/conf/hestia.conf
for php_ver in $(v-list-sys-php); do
[ ! -d "/etc/php/$php_ver/fpm/pool.d/" ] && continue
cp -f "$HESTIA_INSTALL_DIR/php-fpm/multiphp.tpl" ${WEBTPL}/php-fpm/PHP-${php_ver/\./_}.tpl
done
if [ ! -z "$WEB_SYSTEM" ]; then
cp -rf "${HESTIA_INSTALL_DIR}/templates/web/$WEB_SYSTEM" "${WEBTPL}/"
fi
# Migrate domains
for user in $($BIN/v-list-sys-users plain); do
# Define user data and get suspended status
USER_DATA=$HESTIA/data/users/$user
SUSPENDED=$(get_user_value '$SUSPENDED')
# Check if user is suspended
if [ "$SUSPENDED" = "yes" ]; then
suspended="yes"
$BIN/v-unsuspend-user $user
fi
echo "Migrating legacy multiphp domains for user: $user"
for domain in $($BIN/v-list-web-domains $user plain | cut -f1); do
SUSPENDED_WEB=$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')
# Check if web domain is suspended
if [ "$SUSPENDED_WEB" = "yes" ]; then
suspended_web="yes"
$BIN/v-unsuspend-web-domain $user $domain
fi
echo "Processing domain: $domain"
web_tpl="default"
backend_tpl="$DEFAULT_BTPL"
domain_tpl=$($BIN/v-list-web-domain $user $domain | grep "^TEMPLATE:" | awk '{print $2;}')
if [ "$domain_tpl" = "PHP-56" ]; then
backend_tpl="PHP-5_6"
elif [ "$domain_tpl" = "PHP-70" ]; then
backend_tpl="PHP-7_0"
elif [ "$domain_tpl" = "PHP-71" ]; then
backend_tpl="PHP-7_1"
elif [ "$domain_tpl" = "PHP-72" ]; then
backend_tpl="PHP-7_2"
elif [ "$domain_tpl" = "PHP-73" ] || [ "$domain_tpl" = "default" ] || [ -z "$domain_tpl" ]; then
backend_tpl="PHP-7_3"
elif [ "$domain_tpl" = "PHP-74" ]; then
backend_tpl="PHP-7_4"
else
# Custom domain template used
echo "Domain is using a custom multiphp template (or non-multiphp one)"
web_tpl="$domain_tpl"
if [ -f "${WEBTPL}/$WEB_SYSTEM/php-fpm/$web_tpl.tpl" ]; then
# php-fpm backend folder allready has a template with the same name
web_tpl="custom-$domain_tpl"
fi
# Copy custom template to php-fpm backend folder
mkdir -p "$WEBTPL/$WEB_SYSTEM/php-fpm"
if [ -f "$WEBTPL/$WEB_SYSTEM/$domain_tpl.sh" ]; then
cp "$WEBTPL/$WEB_SYSTEM/$domain_tpl.sh" "$WEBTPL/$WEB_SYSTEM/php-fpm/$web_tpl.sh"
fi
cp "$WEBTPL/$WEB_SYSTEM/$domain_tpl.tpl" "$WEBTPL/$WEB_SYSTEM/php-fpm/$web_tpl.tpl"
cp "$WEBTPL/$WEB_SYSTEM/$domain_tpl.stpl" "$WEBTPL/$WEB_SYSTEM/php-fpm/$web_tpl.stpl"
if [[ $(grep "unix:/" $WEBTPL/$WEB_SYSTEM/$domain_tpl.tpl | egrep -v "^\s*#" | tail -n1) =~ unix:\/run\/php\/php([0-9]+\.[0-9]+)-fpm.+\.sock ]]; then
# Found a custom template that is based on official multiphp one
backend_tpl="PHP-${BASH_REMATCH[1]/\./_}"
echo "Custom multiphp template ($domain_tpl) compatible with backend: $backend_tpl"
# Remove multiphp switching script
rm -f "$WEBTPL/$WEB_SYSTEM/php-fpm/$web_tpl.sh"
# Replace hardcoded php-fpm socket path with tpl variable, ignoring commented lines
sed '/^[[:space:]]*#/!s/unix:.*;/%backend_lsnr%;/g' "$WEBTPL/$WEB_SYSTEM/php-fpm/$web_tpl.tpl"
sed '/^[[:space:]]*#/!s/unix:.*;/%backend_lsnr%;/g' "$WEBTPL/$WEB_SYSTEM/php-fpm/$web_tpl.stpl"
fi
fi
echo "Parsed config: oldTPL=$domain_tpl newTPL:$web_tpl newBackTPL:$backend_tpl"
$BIN/v-change-web-domain-tpl "$user" "$domain" "$web_tpl" "no"
$BIN/v-change-web-domain-backend-tpl "$user" "$domain" "$backend_tpl" "no"
echo -e "--done--\n"
# Suspend domain again, if it was suspended
if [ "$suspended_web" = "yes" ]; then
unset suspended_web
$BIN/v-suspend-web-domain $user $domain
fi
done
# Suspend user again, if he was suspended
if [ "$suspended" = "yes" ]; then
unset suspended
$BIN/v-suspend-user $user
fi
done
# cleanup legacy multiphp templates
for php_ver in $(v-list-sys-php); do
[ ! -d "/etc/php/$php_ver/fpm/pool.d/" ] && continue
echo "Remove legacy multiphp templates for: $php_ver"
[ -f "$WEBTPL/$WEB_SYSTEM/PHP-${php_ver//./}.sh" ] && rm "$WEBTPL/$WEB_SYSTEM/PHP-${php_ver//./}.sh"
[ -f "$WEBTPL/$WEB_SYSTEM/PHP-${php_ver//./}.tpl" ] && rm "$WEBTPL/$WEB_SYSTEM/PHP-${php_ver//./}.tpl"
[ -f "$WEBTPL/$WEB_SYSTEM/PHP-${php_ver//./}.stpl" ] && rm "$WEBTPL/$WEB_SYSTEM/PHP-${php_ver//./}.stpl"
done
# Remove default symlinks
[ -f "$WEBTPL/$WEB_SYSTEM/default.sh" ] && rm "$WEBTPL/$WEB_SYSTEM/default.sh"
[ -f "$WEBTPL/$WEB_SYSTEM/default.tpl" ] && rm "$WEBTPL/$WEB_SYSTEM/default.tpl"
[ -f "$WEBTPL/$WEB_SYSTEM/default.stpl" ] && rm "$WEBTPL/$WEB_SYSTEM/default.stpl"
$BIN/v-update-web-templates 'no'
fi

67
install/upgrade/manual/migrate_ngnix_apache_nginx-php-fpm.sh Executable file
View File

@@ -0,0 +1,67 @@
#!/bin/bash
# Function Description
# Manual upgrade script from Nginx + Apache2 + PHP-FPM to Nginx + PHP-FPM
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
if [ "$WEB_BACKEND" != "php-fpm" ]; then
check_result $E_NOTEXISTS "PHP-FPM is not enabled" > /dev/null
exit 1
fi
if [ "$WEB_SYSTEM" != "apache2" ]; then
check_result $E_NOTEXISTS "Apache2 is not enabled" > /dev/null
exit 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Remove apache2 from config
sed -i "/^WEB_PORT/d" $HESTIA/conf/hestia.conf
sed -i "/^WEB_SSL/d" $HESTIA/conf/hestia.conf
sed -i "/^WEB_SSL_PORT/d" $HESTIA/conf/hestia.conf
sed -i "/^WEB_RGROUPS/d" $HESTIA/conf/hestia.conf
sed -i "/^WEB_SYSTEM/d" $HESTIA/conf/hestia.conf
# Remove nginx (proxy) from config
sed -i "/^PROXY_PORT/d" $HESTIA/conf/hestia.conf
sed -i "/^PROXY_SSL_PORT/d" $HESTIA/conf/hestia.conf
sed -i "/^PROXY_SYSTEM/d" $HESTIA/conf/hestia.conf
# Add Nginx settings to config
echo "WEB_PORT='80'" >> $HESTIA/conf/hestia.conf
echo "WEB_SSL='openssl'" >> $HESTIA/conf/hestia.conf
echo "WEB_SSL_PORT='443'" >> $HESTIA/conf/hestia.conf
echo "WEB_SYSTEM='nginx'" >> $HESTIA/conf/hestia.conf
rm $HESTIA/conf/defaults/hestia.conf
cp $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
# Rebuild web config
for user in $($BIN/v-list-users plain | cut -f1); do
echo $user
for domain in $($BIN/v-list-web-domains $user plain | cut -f1); do
$BIN/v-change-web-domain-tpl $user $domain 'default'
$BIN/v-rebuild-web-domain $user $domain no
done
done
systemctl restart nginx

198
install/upgrade/manual/migrate_phpmyadmin.sh Executable file
View File

@@ -0,0 +1,198 @@
#!/bin/bash
# info: Disconnect phpMyadmin from APT and solving issues with PHPMyadmin accidental updates from ATP
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
source $HESTIA/func/main.sh
# get current phpmyadmin version
source $HESTIA/install/upgrade/upgrade.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
echo "To remove phpMyAdmin you will need use the root password. Password can be found in /usr/local/hestia/conf/mysql.conf"
read -p 'Would you like to continue? [y/n]'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Remove PMA SSO first
sso="no"
if [ "$PHPMYADMIN_KEY" != "" ]; then
sso="yes"
$BIN/v-delete-sys-pma-sso
fi
# Create an backup of current config
echo "[ * ] Backing up old configuration files..."
mkdir -p /root/hst_backup_man/phmyadmin
cp -r /etc/phpmyadmin/* /root/hst_backup_man/phmyadmin
mkdir -p /root/hst_backup_man/var_phmyadmin
cp -r /var/lib/phpmyadmin/* /root/hst_backup_man/var_phmyadmin
echo '[ * ] Marking phpmyadmin as held in apt...'
apt-mark hold phpmyadmin
echo '[ * ] Removing old folders...'
# make sure everything is deleted
rm -f -r /usr/share/phpmyadmin
rm -f -r /etc/phpmyadmin
rm -f -r /var/lib/phpmyadmin/
echo '[ * ] Creating new folders...'
# Create folders
mkdir -p /usr/share/phpmyadmin
mkdir -p /etc/phpmyadmin
mkdir -p /etc/phpmyadmin/conf.d/
mkdir /usr/share/phpmyadmin/tmp
chmod 770 /usr/share/phpmyadmin/tmp/
chown root:www-data /usr/share/phpmyadmin/tmp/
mkdir -p /etc/phpmyadmin/conf.d/
# Configuring Apache2 for PHPMYADMIN
if [ "$WEB_SYSTEM" == "apache2" ]; then
cp -f $HESTIA_INSTALL_DIR/pma/apache.conf /etc/phpmyadmin/
rm /etc/apache2/conf.d/phpmyadmin.conf
ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf
fi
PASS=$(generate_password)
echo "[ * ] Installing phpMyAdmin version v$pma_v..."
# Download latest phpmyadmin release
wget --quiet https://files.phpmyadmin.net/phpMyAdmin/$pma_v/phpMyAdmin-$pma_v-all-languages.tar.gz
# Unpack files
tar xzf phpMyAdmin-$pma_v-all-languages.tar.gz
# Overwrite old files
cp -rf phpMyAdmin-$pma_v-all-languages/* /usr/share/phpmyadmin
# Create copy of config file
cp -f $HESTIA_COMMON_DIR/phpmyadmin/config.inc.php /etc/phpmyadmin/
mkdir -p /var/lib/phpmyadmin/tmp
chmod 770 -R /var/lib/phpmyadmin/tmp
# Set config and log directory
sed -i "s|'configFile' => ROOT_PATH . 'config.inc.php',|'configFile' => '/etc/phpmyadmin/config.inc.php',|g" /usr/share/phpmyadmin/libraries/vendor_config.php
# Generate blowfish
blowfish=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
sed -i "s|%blowfish_secret%|$blowfish|" /etc/phpmyadmin/config.inc.php
# Clear Up
rm -fr phpMyAdmin-$pma_v-all-languages
rm -f phpMyAdmin-$pma_v-all-languages.tar.gz
if [ -z "$DB_PMA_ALIAS" ]; then
echo "DB_PMA_ALIAS='phpmyadmin'" >> $HESTIA/conf/hestia.conf
fi
$BIN/v-change-sys-db-alias 'pma' "phpmyadmin"
# Special thanks to Pavel Galkin (https://skurudo.ru)
# https://github.com/skurudo/phpmyadmin-fixer
echo "[ * ] Creating localhost configuration..."
#ubuntu phpmyadmin path
pmapath="/etc/phpmyadmin/conf.d/01-localhost.php"
echo "<?php " >> $pmapath
echo "\$cfg['Servers'][\$i]['host'] = 'localhost';" >> $pmapath
echo "\$cfg['Servers'][\$i]['port'] = '3306';" >> $pmapath
echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath
echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath
echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath
echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath
echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath
echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath
echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath
echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath
echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath
echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath
echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath
echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath
echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath
echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath
echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath
echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath
echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath
echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath
echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath
echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath
echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath
echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath
echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath
echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath
#SOME WORK with DATABASE (table / user)
PMADB=phpmyadmin
PMAUSER=pma
echo '[ * ] Dropping database (could throw an error if successful)...'
# removed tabs due to here doc errors
#DROP USER and TABLE
mysql -uroot << MYSQL_PMA1
DROP USER '$PMAUSER'@'localhost';
DROP DATABASE $PMADB;
FLUSH PRIVILEGES;
MYSQL_PMA1
#CREATE PMA USER
if [ -f '/usr/bin/mariadb' ]; then
mysql="mariadb"
else
mysql="mysql"
fi
mysql_out=$(mktemp)
$mysql -e 'SELECT VERSION()' > $mysql_out
mysql_ver=$(cat $mysql_out | tail -n1 | cut -f 1 -d -)
mysql_ver_sub=$(echo $mysql_ver | cut -d '.' -f1)
mysql_ver_sub_sub=$(echo $mysql_ver | cut -d '.' -f2)
if [ "$mysql" = "mysql" ] && [ "$mysql_ver_sub" -ge 8 ]; then
query="CREATE USER '$PMAUSER'@'localhost' IDENTIFIED BY '$PASS';"
$mysql -uroot -e "$query" > /dev/null
query="CREATE DATABASE $PMADB;"
$mysql -uroot -e "$query" > /dev/null
query="GRANT USAGE ON $PMADB.* TO '$PMAUSER'@'localhost';"
$mysql -uroot -e "$query" > /dev/null
query="GRANT ALL PRIVILEGES ON $PMADB.* TO '$PMAUSER'@'localhost';"
$mysql -uroot -e "$query" > /dev/null
query="FLUSH PRIVILEGES;"
$mysql -uroot -e "$query" > /dev/null
else
query="CREATE USER '$PMAUSER'@'localhost' IDENTIFIED BY '$PASS';"
$mysql -uroot -e "$query" > /dev/null
query="CREATE DATABASE $PMADB;"
$mysql -uroot -e "$query" > /dev/null
query="GRANT USAGE ON $PMADB.* TO '$PMAUSER'@'localhost' IDENTIFIED BY '$PASS';"
$mysql -uroot -e "$query" > /dev/null
query="GRANT ALL PRIVILEGES ON $PMADB.* TO '$PMAUSER'@'localhost';"
$mysql -uroot -e "$query" > /dev/null
query="FLUSH PRIVILEGES;"
$mysql -uroot -e "$query" > /dev/null
fi
#MYSQL DB and TABLES ADDITION
mysql -uroot < $HESTIA_COMMON_DIR/phpmyadmin/create_tables.sql
if [ "$sso" == "yes" ]; then
$BIN/v-add-sys-pma-sso
fi
fi

55
install/upgrade/manual/migrate_roundcube.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/bin/bash
# info: Disconnect Roundcube from APT and solving issues with Roundcube accidental updates from ATP
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
source $HESTIA/func/main.sh
# get current Roundcube version
source $HESTIA/install/upgrade/upgrade.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
if [ ! -d "/usr/share/roundcube/" ]; then
echo "ERROR: Roundcube is not managed by apt."
exit 2
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
echo "To remove Roundcube you will need use the root password. Password can be found in /usr/local/hestia/conf/mysql.conf"
read -p 'Would you like to continue? [y/n]' -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]; then
version=$(cat /usr/share/roundcube/index.php | grep -o -E '[0-9].[0-9].[0-9]+' | head -1)
# Backup database
echo "#version $version" >> ~/roundcube.sql
echo "SET FOREIGN_KEY_CHECKS = 0;" >> ~/roundcube.sql
mysqldump --add-drop-table roundcube >> ~/roundcube.sql
echo "SET FOREIGN_KEY_CHECKS = 1;" >> ~/roundcube.sql
echo '[ * ] Remove Roundcube via ATP'
apt-get autoremove roundcube-core roundcube-mysql roundcube-plugins
echo '[ * ] Delete possible trail'
# make sure everything is deleted
rm -f -r /usr/share/roundcube
rm -f -r /etc/roundcube
rm -f -r /var/lib/roundcube/
# Install Roundcube
$BIN/v-add-sys-roundcube
# restore backup
echo "SET FOREIGN_KEY_CHECKS = 0;" > ~/drop_all_tables.sql
(mysqldump --add-drop-table --no-data -u root roundcube | grep 'DROP TABLE') >> ./drop_all_tables.sql
echo "SET FOREIGN_KEY_CHECKS = 1;" >> ~/drop_all_tables.sql
mysql -u root roundcube < ./drop_all_tables.sql
mysql roundcube < ~/roundcube.sql
/var/lib/roundcube/bin/update.sh --version "$version"
fi

53
install/upgrade/manual/remove-mail-stack.sh Normal file
View File

@@ -0,0 +1,53 @@
#!/bin/bash
# Function Description
# Soft remove the mail stack
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/conf/hestia.conf
source $HESTIA/conf/hestia.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
echo "This will soft remove the mail stack from HestiaCP and disable related systemd service."
echo "You won't be able to access mail related configurations from HestiaCP."
echo "Your existing mail data and apt packages will be kept back."
read -p 'Would you like to continue? [y/n]'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ "$ANTISPAM_SYSTEM" == "spamassassin" ]; then
echo Removing Spamassassin
sed -i "/^ANTISPAM_SYSTEM/d" $HESTIA/conf/hestia.conf
systemctl disable --now spamassassin
fi
if [ "$ANTIVIRUS_SYSTEM" == "clamav-daemon" ]; then
echo Removing ClamAV
sed -i "/^ANTIVIRUS_SYSTEM/d" $HESTIA/conf/hestia.conf
systemctl disable --now clamav-daemon clamav-freshclam
fi
if [ "$IMAP_SYSTEM" == "dovecot" ]; then
echo Removing Dovecot
sed -i "/^IMAP_SYSTEM/d" $HESTIA/conf/hestia.conf
systemctl disable --now dovecot
fi
if [ "$MAIL_SYSTEM" == "exim4" ]; then
echo Removing Exim4
sed -i "/^MAIL_SYSTEM/d" $HESTIA/conf/hestia.conf
systemctl disable --now exim4
fi

69
install/upgrade/manual/upgrade_mariadb.sh Executable file
View File

@@ -0,0 +1,69 @@
#!/bin/bash
# This script validates and upgrades the MariaDB version
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Set MariaDB Target Version
mariadb_v='10.11'
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Detect installed MariaDB version
mysql_v="$(mysqld -V | awk '{print $3}' | cut -d: -f1)"
if [ "${mysql_v%.*}" = "$mariadb_v" ]; then
echo "[ ! ] MariaDB version ($mariadb_v) is already up to date."
exit 0
else
echo "[ * ] Upgrading MariaDB version to ($mariadb_v)..."
fi
# Get OS details
os="$(grep "^ID=" /etc/os-release | cut -d= -f2)"
codename="$(lsb_release -s -c)"
case $(arch) in
x86_64)
arch="amd64"
;;
aarch64)
arch="arm64"
;;
*)
echo "[ ! ] Error: $(arch) is currently not supported!"
exit 1
;;
esac
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Installing MariaDB repository
apt="/etc/apt/sources.list.d"
echo "[ * ] Installing MariaDB repository..."
echo "deb [arch=$arch signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://dlm.mariadb.com/repo/mariadb-server/$mariadb_v/repo/$os $codename main" > $apt/mariadb.list
curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1
# Update repository
echo "[ * ] Update apt repository..."
apt update -qq > /dev/null 2>&1
# Stop and uninstall old version
echo "[ * ] Stop and remove old MariaDB Server (${mysql_v%.*})..."
systemctl -q stop mariadb mysql 2> /dev/null
apt remove -qq mariadb-server -y > /dev/null 2>&1
# Install new version and run upgrade
echo "[ * ] Installing new MariaDB Server, start and run upgrade..."
apt install -qq mariadb-server -y
update-rc.d mariadb defaults > /dev/null 2>&1
systemctl -q daemon-reload
systemctl -q enable mariadb
systemctl -q start mariadb
mariadb-upgrade

26
install/upgrade/manual/upgrade_multi_php.sh Executable file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
# Update www.conf to a different version so users can safely delete older php version.
# www.conf is used for Roundcube, Rainloop, SnappyMail and phpmyadmin
# Removal of the "www.conf" php version will cause issues with Rainloop not working. Current script updates it to the latest version of PHP installed. If that is not wanted use this script
version=$1
if [ ! -x "$(command -v php)" ]; then
echo "PHP is not installed. Aborting."
exit 1
fi
# Verify php version format
if [[ ! $version =~ ^[0-9]\.[0-9]+ ]]; then
echo "The PHP version format is invalid, it should look like [0-9].[0-9]."
echo "Example: 7.0, 7.4"
exit
fi
if [ ! -f /etc/php/$version/fpm/pool.d/dummy.conf ]; then
echo "PHP versions doesn't exists"
exit
fi
rm -f /etc/php/*/fpm/pool.d/www.conf
cp -f $HESTIA/install/deb/php-fpm/www.conf /etc/php/$version/fpm/pool.d/www.conf
$HESTIA/bin/v-restart-web-backend

66
install/upgrade/manual/upgrade_php.sh Executable file
View File

@@ -0,0 +1,66 @@
#!/bin/bash
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
phpnewversion=7.4
phpoldversion=7.3
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
if [ ! -x "$(command -v php)" ]; then
echo "PHP is not installed. Aborting."
exit 1
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
echo "PHP current version : $phpoldversion"
echo "PHP target version : $phpnewversion"
echo "Do you want to upgrade PHP now? [Y|N]"
read upgradeconfirmation
if [ "$upgradeconfirmation" = "Y" ] || [ "$upgradeconfirmation" = "y" ]; then
echo "Process: Upgrading PHP to $phpnewversion"
echo ""
cd /tmp
dpkg-query --showformat='${Package}\t\n' --show | grep php$phpoldversion > /tmp/phpoldpackages.txt
cp -a /tmp/phpoldpackages.txt /tmp/phpnewpackages.txt
sed -i "s|$phpoldversion|$phpnewversion|g" /tmp/phpnewpackages.txt
apt-get update > /dev/null 2>&1
apt-get install $(cat /tmp/phpnewpackages.txt)
update-rc.d php$phpnewversion-fpm defaults
mv /etc/php/$phpoldversion/cli/php.ini /etc/php/$phpnewversion/cli/php.ini
mv /etc/php/$phpoldversion/fpm/php.ini /etc/php/$phpnewversion/fpm/php.ini
sed -i "s|$phpoldversion|$phpnewversion|g" /etc/php/$phpoldversion/fpm/php-fpm.conf
mv /etc/php/$phpoldversion/fpm/php-fpm.conf /etc/php/$phpnewversion/fpm/php-fpm.conf
rm -rf /etc/php/$phpnewversion/fpm/pool.d
mkdir -p /etc/php/$phpnewversion/fpm/pool.d
mv /etc/php/$phpoldversion/fpm/pool.d/* /etc/php/$phpnewversion/fpm/pool.d
mv /etc/logrotate.d/php$phpoldversion-fpm /etc/logrotate.d/php$phpnewversion-fpm
sed -i "s|$phpoldversion|$phpnewversion|g" /etc/logrotate.d/php$phpnewversion-fpm
rm -rf /etc/logrotate.d/php$phpnewversion-fpm.dpkg-dist
systemctl stop php$phpoldversion-php
apt-get purge $(cat /tmp/phpoldpackages.txt)
apt-get -y purge php-imagick
apt-get -y install php$phpnewversion-imagick
systemctl restart php$phpnewversion-fpm
rm -rf /etc/php/$phpoldversion
rm -rf /var/lib/php/modules/$phpoldversion
rm -rf /tmp/phpoldpackages.txt
rm -rf /tmp/phpnewpackages.txt
if [ -d /var/cache/nginx/micro ]; then
rm -rf /var/cache/nginx/micro/*
fi
systemctl reload nginx
echo ""
echo "PHP has been upgraded succcesfully to version $phpnewversion"
else
echo "Process: Aborted"
exit 0
fi

18
install/upgrade/patch/3462-exim-helo-autenticted-users.patch Normal file
View File

@@ -0,0 +1,18 @@
36c36
122c122,123
< drop message = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
---
> drop !authenticated = *
> message = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
127c128,129
< drop condition = ${if isip{$sender_helo_name}}
---
> drop !authenticated = *
> condition = ${if isip{$sender_helo_name}}
130c132,133
< drop condition = ${if eq{[$interface_address]}{$sender_helo_name}}
---
> drop !authenticated = *
> condition = ${if eq{[$interface_address]}{$sender_helo_name}}
>
>

38
install/upgrade/patch/3661-exim-srs-support.patch Normal file
View File

@@ -0,0 +1,38 @@
17a18,19
> SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}
>
326a332,348
> inbound_srs:
> driver = redirect
> senders = :
> domains = +local_domains
> # detect inbound bounces which are SRS'd, and decode them
> condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
> data = $srs_recipient
>
> inbound_srs_failure:
> driver = redirect
> senders = :
> domains = +local_domains
> # detect inbound bounces which look SRS'd but are invalid
> condition = ${if inbound_srs {$local_part} {}}
> allow_fail
> data = :fail: Invalid SRS recipient address
>
358d379
< condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}
387a409,422
> remote_forwarded_smtp:
> driver = smtp
> helo_data = ${lookup dnsdb{>: defer_never,ptr=$sending_ip_address}{${listextract{1}{$value}}}{$primary_hostname}}
> dkim_domain = DKIM_DOMAIN
> dkim_selector = mail
> dkim_private_key = DKIM_PRIVATE_KEY
> dkim_canon = relaxed
> dkim_strict = 0
> hosts_try_fastopen = !*.l.google.com
> interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}
> # modify the envelope from, for mails that we forward
> max_rcpt = 1
> return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
>

66
install/upgrade/upgrade.conf Normal file
View File

@@ -0,0 +1,66 @@
#######################################################################################
####### User preferences #######
#######################################################################################
# These values can be modified by the user in $HESTIA/conf/hestia.conf
# and can be adjusted from within the Web UI from Server Settings > Configure > Updates.
# Send an "upgrade complete" notification to the admin's e-mail address:
# UPGRADE_SEND_EMAIL='true'
# Send the update installation log to the admin's e-mail address:
# UPGRADE_SEND_EMAIL_LOG='true'
# Enable verbose logging and debug information
# DEBUG_MODE='true'
#######################################################################################
####### Upgrade switches #######
#######################################################################################
# Update default templates when performing an upgrade
# These flags should be set to true if any changes are made to the template files
# to ensure that they are properly updated on the end-user's system.
UPGRADE_UPDATE_WEB_TEMPLATES='false'
UPGRADE_UPDATE_MAIL_TEMPLATES='false'
UPGRADE_UPDATE_DNS_TEMPLATES='false'
# Post installation clean-up
UPGRADE_REPLACE_KNOWN_KEYS='true'
UPGRADE_REBUILD_USERS='false'
UPGRADE_RESTART_SERVICES='true'
#######################################################################################
####### PHP version support #######
#######################################################################################
# Supported PHP versions
multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2")
#######################################################################################
####### 3rd Party Software Updates #######
#######################################################################################
# Check if update is required by matching versions if version != current version run update
# Set version of phpMyAdmin to install during upgrade if not already installed
pma_v='5.2.1'
# Set version of phppgadmin to install during upgrade if not already installed
pga_v='7.14.4'
# Set version of RoundCube (Webmail) to update during upgrade if not already installed
# Note: only applies to "non-apt installs >= 1.4.0 or manually phased out"
rc_v='1.6.2'
# Set version of SnappyMail (Webmail) to update during upgrade if not already installed
sm_v='2.28.4'
# Update the File Manager or it's configuration file
# Check if Filegator requires an update based on current version and setting below
# UPGRADE_UPDATE_FILEMANAGER_CONFIG: Updates only the configuration file if changes are made but now new issue has been issued!
UPGRADE_UPDATE_FILEMANAGER_CONFIG='false'
# Set version of File manager to update during upgrade if not already installed
fm_v='7.9.2'
# Backblaze
b2_v='3.6.0'

30
install/upgrade/versions/0.9.8-29.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 0.9.8-28
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Add amd64 to repositories to prevent notifications - https://goo.gl/hmsSV7
if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/nginx.list; then
sed -i s/"deb "/"deb [arch=amd64] "/g /etc/apt/sources.list.d/nginx.list
fi
if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/mariadb.list; then
sed -i s/"deb "/"deb [arch=amd64] "/g /etc/apt/sources.list.d/mariadb.list
fi
# Fix named rule for AppArmor - https://goo.gl/SPqHdq
if [ "$DNS_SYSTEM" = 'bind9' ] && [ ! -f /etc/apparmor.d/local/usr.sbin.named ]; then
echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
fi
# Remove obsolete ports.conf if exists.
if [ -f /usr/local/hestia/data/firewall/ports.conf ]; then
rm -f /usr/local/hestia/data/firewall/ports.conf
fi
# Move clamav to proper location - https://goo.gl/zNuM11
if [ ! -d /usr/local/hestia/web/edit/server/clamav-daemon ]; then
mv /usr/local/hestia/web/edit/server/clamd /usr/local/web/edit/server/clamav-daemon
fi

16
install/upgrade/versions/1.0.1.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Remove global options from nginx.conf to prevent conflicts with other web packages
# and remove OCSP SSL stapling from global configuration as it has moved to per-domain availability in this release.
if [ -e /etc/nginx/nginx.conf ]; then
sed -i "/add_header X-Frame-Options SAMEORIGIN;/d" /etc/nginx/nginx.conf
sed -i "/add_header X-Content-Type-Options nosniff;/d" /etc/nginx/nginx.conf
sed -i "/ssl_stapling on;/d" /etc/nginx/nginx.conf
sed -i "/ssl_stapling_verify on;/d" /etc/nginx/nginx.conf
fi

70
install/upgrade/versions/1.0.2.sh Normal file
View File

@@ -0,0 +1,70 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Replace dhparam 1024 with dhparam 4096
echo "[ * ] Increasing Diffie-Hellman Parameter strength to 4096-bit..."
if [ -e /etc/ssl/dhparam.pem ]; then
mv /etc/ssl/dhparam.pem $HESTIA_BACKUP/conf/
fi
cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl/
chmod 600 /etc/ssl/dhparam.pem
# Enhance Vsftpd security
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
echo "[ * ] Hardening Vsftpd SSL configuration..."
cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
sed -i "s|ssl_tlsv1=YES|ssl_tlsv1=NO|g" /etc/vsftpd.conf
fi
# Enhance Dovecot security
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
echo "[ * ] Hardening Dovecot SSL configuration..."
mv /etc/dovecot/conf.d/10-ssl.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA/install/deb/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/
fi
# Update DNS resolvers in hestia-nginx's configuration
echo "[ * ] Updating DNS resolvers for Hestia Internal Web Server..."
dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
for ip in $dns_resolver; do
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
resolver="$ip $resolver"
fi
done
if [ ! -z "$resolver" ]; then
sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
fi
# Remove Webalizer and set AWStats as default
WEBALIZER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep webalizer)
if [ ! -z "$WEBALIZER_CHECK" ]; then
echo "[ * ] Set awstats as default web statistics backend..."
$HESTIA/bin/v-change-sys-config-value 'STATS_SYSTEM' 'awstats'
fi
# Remove old hestia.conf files from Apache & NGINX if they exist
if [ -f "/etc/apache2/conf.d/hestia.conf" ]; then
echo "[ * ] Removing old Apache configuration file from previous version of Hestia Control Panel..."
rm -f /etc/apache2/conf.d/hestia.conf
fi
if [ -f "/etc/nginx/conf.d/hestia.conf" ]; then
echo "[ * ] Removing old NGINX configuration file from previous version of Hestia Control Panel..."
rm -f /etc/nginx/conf.d/hestia.conf
fi
# Update webmail templates to enable OCSP/SSL stapling
if [ ! -z "$IMAP_SYSTEM" ]; then
echo "[ * ] Enabling OCSP stapling support for webmail services..."
$BIN/v-update-mail-templates > /dev/null 2>&1
fi
# Enhance webmail security
if [ -e "/etc/nginx/conf.d/webmail.inc" ]; then
cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
fi

7
install/upgrade/versions/1.0.3.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.0.4.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.0.5.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.0.6.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

267
install/upgrade/versions/1.00.0-190618.sh Normal file
View File

@@ -0,0 +1,267 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.00.0-190618
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Add webmail alias variable to system configuration if non-existent
if [ -z "$WEBMAIL_ALIAS" ]; then
echo "[ * ] Updating webmail alias configuration..."
$HESTIA/bin/v-change-sys-config-value 'WEBMAIL_ALIAS' "webmail"
fi
# Update Apache and Nginx configuration to support new file structure
if [ -f /etc/apache2/apache.conf ]; then
echo "[ * ] Updating Apache configuration..."
mv /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/apache2/apache.conf /etc/apache2/apache.conf
fi
if [ -f /etc/nginx/nginx.conf ]; then
echo "[ * ] Updating NGINX configuration..."
mv /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/nginx.conf
fi
# Generate dhparam
if [ ! -e /etc/ssl/dhparam.pem ]; then
echo "[ * ] Enabling HTTPS Strict Transport Security (HSTS) support..."
mv /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/
# Copy dhparam
cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl/
# Update DNS servers in nginx.conf
dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
sed -i "s/1.0.0.1 1.1.1.1/$dns_resolver/g" /etc/nginx/nginx.conf
fi
# Back up default package and install latest version
if [ -d $HESTIA/data/packages/ ]; then
echo "[ * ] Replacing default packages..."
cp -f $HESTIA/data/packages/default.pkg $HESTIA_BACKUP/packages/
fi
# Remove old Office 365 template as there is a newer version with an updated name
if [ -f $HESTIA/data/templates/dns/o365.tpl ]; then
rm -f $HESTIA/data/templates/dns/o365.tpl
fi
# Back up and remove default index.html if it exists
if [ -f /var/www/html/index.html ]; then
mv /var/www/html/index.html $HESTIA_BACKUP/templates/
fi
# Configure default success page and set permissions on CSS, JavaScript, and Font dependencies for unassigned hosts
if [ ! -d /var/www/html ]; then
mkdir -p /var/www/html/
fi
if [ ! -d /var/www/document_errors/ ]; then
mkdir -p /var/www/document_errors/
fi
cp -rf $HESTIA_INSTALL_DIR/templates/web/unassigned/* /var/www/html/
cp -rf $HESTIA_INSTALL_DIR/templates/web/skel/document_errors/* /var/www/document_errors/
chmod 644 /var/www/html/*
chmod 644 /var/www/document_errors/*
for user in $($BIN/v-list-users plain | cut -f1); do
USER_DATA=$HESTIA/data/users/$user
for domain in $($BIN/v-list-web-domains $user plain | cut -f 1); do
WEBFOLDER="/home/$user/web/$domain/public_html"
folderchecksum=$(find "$WEBFOLDER/css" "$WEBFOLDER/js" "$WEBFOLDER/webfonts" -type f -print0 2> /dev/null | sort -z | xargs -r0 cat | md5sum | cut -d" " -f1)
if [ "$folderchecksum" = "926feacc51384fe13598631f9d1360c3" ]; then
rm -rf "$WEBFOLDER/css" "$WEBFOLDER/js" "$WEBFOLDER/webfonts"
fi
unset folderchecksum
unset WEBFOLDER
done
done
folderchecksum=$(find /var/www/html/css /var/www/html/js /var/www/html/webfonts -type f -print0 2> /dev/null | sort -z | xargs -r0 cat | md5sum | cut -d" " -f1)
if [ "$folderchecksum" = "d148d5173e5e4162d7af0a60585392cb" ]; then
rm -rf /var/www/html/css /var/www/html/js /var/www/html/webfonts
fi
unset folderchecksum
# Correct other permissions
if [ -d "/var/cache/bind" ]; then
chown bind:bind /var/cache/bind
fi
if [ -d "/etc/roundcube" ]; then
chmod 640 /etc/roundcube/debian-db*
chown root:www-data /etc/roundcube/debian-db*
fi
# Add a general group for normal users created by Hestia
echo "[ * ] Verifying ACLs and hardening user permissions..."
if [ -z "$(grep ^hestia-users: /etc/group)" ]; then
groupadd --system "hestia-users"
fi
# Make sure non-admin users belong to correct Hestia group
for user in $($BIN/v-list-users plain | cut -f1); do
if [ "$user" != "admin" ]; then
usermod -a -G "hestia-users" "$user"
setfacl -m "u:$user:r-x" "$HOMEDIR/$user"
# Update FTP users groups membership
uid=$(id -u $user)
for ftp_user in $(cat /etc/passwd | grep -v "^$user:" | grep "^$user.*:$uid:$uid:" | cut -d ":" -f1); do
usermod -a -G "hestia-users" "$ftp_user"
done
fi
setfacl -m "g:hestia-users:---" "$HOMEDIR/$user"
done
# Add unassigned hosts configuration to Nginx and Apache
for ipaddr in $($BIN/v-list-sys-ips plain | cut -f1); do
web_conf="/etc/$WEB_SYSTEM/conf.d/$ipaddr.conf"
rm -f $web_conf
if [ "$WEB_SYSTEM" = "apache2" ]; then
echo "[ * ] Adding unassigned hosts configuration to Apache..."
if [ -z "$(/usr/sbin/apache2 -v | grep Apache/2.4)" ]; then
echo "NameVirtualHost $ipaddr:$WEB_PORT" > $web_conf
fi
echo "Listen $ipaddr:$WEB_PORT" >> $web_conf
cat $HESTIA_INSTALL_DIR/apache2/unassigned.conf >> $web_conf
sed -i 's/directIP/'$ipaddr'/g' $web_conf
sed -i 's/directPORT/'$WEB_PORT'/g' $web_conf
if [ "$WEB_SSL" = 'mod_ssl' ]; then
if [ -z "$(/usr/sbin/apache2 -v | grep Apache/2.4)" ]; then
sed -i "1s/^/NameVirtualHost $ipaddr:$WEB_SSL_PORT\n/" $web_conf
fi
sed -i "1s/^/Listen $ipaddr:$WEB_SSL_PORT\n/" $web_conf
sed -i 's/directSSLPORT/'$WEB_SSL_PORT'/g' $web_conf
fi
elif [ "$WEB_SYSTEM" = "nginx" ]; then
cp -f $HESTIA_INSTALL_DIR/nginx/unassigned.inc $web_conf
sed -i 's/directIP/'$ipaddr'/g' $web_conf
fi
if [ "$PROXY_SYSTEM" = "nginx" ]; then
echo "[ * ] Adding unassigned hosts configuration to Nginx..."
cat $WEBTPL/$PROXY_SYSTEM/proxy_ip.tpl \
| sed -e "s/%ip%/$ipaddr/g" \
-e "s/%web_port%/$WEB_PORT/g" \
-e "s/%proxy_port%/$PROXY_PORT/g" \
> /etc/$PROXY_SYSTEM/conf.d/$ipaddr.conf
fi
done
# Cleanup php session files not changed in the last 7 days (60*24*7 minutes)
if [ ! -f /etc/cron.daily/php-session-cleanup ]; then
echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup
echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
fi
chmod 755 /etc/cron.daily/php-session-cleanup
# Fix empty pool error message for MultiPHP
php_versions=$(ls /etc/php/*/fpm -d 2> /dev/null | wc -l)
if [ "$php_versions" -gt 1 ]; then
echo "[ * ] Updating Multi-PHP configuration..."
for v in $($BIN/v-list-sys-php plain); do
if [ ! -d "/etc/php/$v/fpm/pool.d/" ]; then
continue
fi
cp -f $HESTIA_INSTALL_DIR/php-fpm/dummy.conf /etc/php/$v/fpm/pool.d/
v1=$(echo "$v" | sed -e 's/[.]//')
sed -i "s/9999/99$v1/g" /etc/php/$v/fpm/pool.d/dummy.conf
done
fi
# Set Purge to false in Roundcube configuration - https://goo.gl/3Nja3u
echo "[ * ] Updating Roundcube configuration..."
if [ -f /etc/roundcube/config.inc.php ]; then
sed -i "s/\['flag_for_deletion'] = 'Purge';/\['flag_for_deletion'] = false;/gI" /etc/roundcube/config.inc.php
fi
if [ -f /etc/roundcube/defaults.inc.php ]; then
sed -i "s/\['flag_for_deletion'] = 'Purge';/\['flag_for_deletion'] = false;/gI" /etc/roundcube/defaults.inc.php
fi
if [ -f /etc/roundcube/main.inc.php ]; then
sed -i "s/\['flag_for_deletion'] = 'Purge';/\['flag_for_deletion'] = false;/gI" /etc/roundcube/main.inc.php
fi
# Remove old OS-specific installation files if they exist to free up space
if [ -d $HESTIA/install/ubuntu ]; then
echo "[ * ] Removing old HestiaCP installation files for Ubuntu..."
rm -rf $HESTIA/install/ubuntu
fi
if [ -d $HESTIA/install/debian ]; then
echo "[ * ] Removing old HestiaCP installation files for Debian..."
rm -rf $HESTIA/install/debian
fi
# Fix Dovecot configuration
echo "[ * ] Updating Dovecot IMAP/POP server configuration..."
if [ -f /etc/dovecot/conf.d/15-mailboxes.conf ]; then
mv /etc/dovecot/conf.d/15-mailboxes.conf $HESTIA_BACKUP/conf/
fi
if [ -f /etc/dovecot/dovecot.conf ]; then
# Update Dovecot configuration and restart Dovecot service
mv /etc/dovecot/dovecot.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA_COMMON_DIR/dovecot/dovecot.conf /etc/dovecot/dovecot.conf
systemctl restart dovecot
sleep 0.5
fi
# Fix Exim configuration
if [ -f /etc/exim4/exim4.conf.template ]; then
echo "[ * ] Updating Exim SMTP server configuration..."
mv /etc/exim4/exim4.conf.template $HESTIA_BACKUP/conf/
cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim4/exim4.conf.template
# Reconfigure spam filter and virus scanning
if [ ! -z "$ANTISPAM_SYSTEM" ]; then
sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
sed -i "s/#SPAM_SCORE/SPAM_SCORE/g" /etc/exim4/exim4.conf.template
fi
if [ ! -z "$ANTIVIRUS_SYSTEM" ]; then
sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
fi
fi
# Add IMAP system variable to configuration if Dovecot is installed
if [ -z "$IMAP_SYSTEM" ]; then
if [ -f /usr/bin/dovecot ]; then
echo "[ * ] Adding missing IMAP_SYSTEM variable to hestia.conf..."
echo "IMAP_SYSTEM = 'dovecot'" >> $HESTIA/conf/hestia.conf
fi
fi
# Run sftp jail once
$HESTIA/bin/v-add-sys-sftp-jail
# Enable SFTP subsystem for SSH
sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
if [ ! -z "$sftp_subsys_enabled" ]; then
echo "[ * ] Updating SFTP subsystem configuration..."
sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
systemctl restart ssh
fi
# Remove and migrate obsolete object keys
for user in $($BIN/v-list-users plain | cut -f1); do
USER_DATA=$HESTIA/data/users/$user
# Web keys
for domain in $($BIN/v-list-web-domains $user plain | cut -f 1); do
obskey=$(get_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL')
if [ ! -z "$obskey" ]; then
echo "[ * ] Fixing HTTP-to-HTTPS redirection for $domain"
update_object_value 'web' 'DOMAIN' "$domain" '$FORCESSL' ''
# copy value under new key name
add_object_key "web" 'DOMAIN' "$domain" 'SSL_FORCE' 'SSL_HOME'
update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' "$obskey"
fi
unset FORCESSL
done
sed -i "s/\sFORCESSL=''//g" $USER_DATA/web.conf
done

224
install/upgrade/versions/1.1.0.sh Normal file
View File

@@ -0,0 +1,224 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.1.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Set default theme
if [ -z $THEME ]; then
echo "[ * ] Enabling support for themes..."
$BIN/v-change-sys-theme 'default'
fi
# Reduce SSH login grace time
if [ -e /etc/ssh/sshd_config ]; then
echo "[ * ] Hardening SSH daemon configuration..."
sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
fi
# Implement recidive jail for fail2ban
if [ ! -z "$FIREWALL_EXTENSION" ]; then
if ! cat /etc/fail2ban/jail.local | grep -q "\[recidive\]"; then
echo -e "\n\n[recidive]\nenabled = true\nfilter = recidive\naction = hestia[name=HESTIA]\nlogpath = /var/log/fail2ban.log\nmaxretry = 3\nfindtime = 86400\nbantime = 864000" >> /etc/fail2ban/jail.local
fi
fi
# Enable OCSP SSL stapling and harden nginx configuration for roundcube
if [ ! -z "$IMAP_SYSTEM" ]; then
echo "[ * ] Hardening security of Roundcube webmail..."
$BIN/v-update-mail-templates > /dev/null 2>&1
if [ -e /etc/nginx/conf.d/webmail.inc ]; then
cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
fi
fi
# Fix restart queue
if [ -z "$($BIN/v-list-cron-jobs admin | grep 'v-update-sys-queue restart')" ]; then
command="sudo $BIN/v-update-sys-queue restart"
$BIN/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
fi
# Remove deprecated line from ClamAV configuration file
if [ -e "/etc/clamav/clamd.conf" ]; then
clamd_conf_update_check=$(grep DetectBrokenExecutables /etc/clamav/clamd.conf)
if [ ! -z "$clamd_conf_update_check" ]; then
echo "[ * ] Updating ClamAV configuration..."
sed -i '/DetectBrokenExecutables/d' /etc/clamav/clamd.conf
fi
fi
# Remove errornous history.log file created by certain builds due to bug in v-restart-system
if [ -e $HESTIA/data/users/history.log ]; then
rm -f $HESTIA/data/users/history.log
fi
# Use exim4 server hostname instead of mail domain and remove hardcoded mail prefix
if [ ! -z "$MAIL_SYSTEM" ]; then
echo "[ * ] Updating exim configuration..."
if cat /etc/exim4/exim4.conf.template | grep -q 'helo_data = mail.${sender_address_domain}'; then
sed -i 's/helo_data = mail.${sender_address_domain}/helo_data = ${primary_hostname}/g' /etc/exim4/exim4.conf.template
fi
if ! grep -q '^OUTGOING_IP = /' /etc/exim4/exim4.conf.template; then
sed -i '/^OUTGOING_IP/d' /etc/exim4/exim4.conf.template
sed -i 's|^begin acl|OUTGOING_IP = /etc/exim4/domains/$sender_address_domain/ip\nbegin acl|' /etc/exim4/exim4.conf.template
fi
if ! grep -q 'interface =' /etc/exim4/exim4.conf.template; then
sed -i '/interface =/d' /etc/exim4/exim4.conf.template
sed -i 's|dkim_strict = 0|dkim_strict = 0\n interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}|' /etc/exim4/exim4.conf.template
fi
fi
# Members of admin group should be permitted to enter admin folder
if [ -d /home/admin ]; then
setfacl -m "g:admin:r-x" /home/admin
fi
# Fix sftp jail cronjob
if [ -e "/etc/cron.d/hestia-sftp" ]; then
if ! cat /etc/cron.d/hestia-sftp | grep -q 'root'; then
echo "@reboot root /usr/local/hestia/bin/v-add-sys-sftp-jail" > /etc/cron.d/hestia-sftp
fi
fi
# Create default writeable folders for all users
echo "[ * ] Updating default writable folders for all users..."
for user in $($HESTIA/bin/v-list-sys-users plain); do
mkdir -p \
$HOMEDIR/$user/.cache \
$HOMEDIR/$user/.config \
$HOMEDIR/$user/.local \
$HOMEDIR/$user/.composer \
$HOMEDIR/$user/.ssh
chown $user:$user \
$HOMEDIR/$user/.cache \
$HOMEDIR/$user/.config \
$HOMEDIR/$user/.local \
$HOMEDIR/$user/.composer \
$HOMEDIR/$user/.ssh
done
# Remove redundant fail2ban jail
if fail2ban-client status sshd > /dev/null 2>&1; then
fail2ban-client stop sshd > /dev/null 2>&1
if [ -f /etc/fail2ban/jail.d/defaults-debian.conf ]; then
mkdir -p $HESTIA_BACKUP/conf/fail2ban/jail.d
mv /etc/fail2ban/jail.d/defaults-debian.conf $HESTIA_BACKUP/conf/fail2ban/jail.d/
fi
fi
# Update Office 365/Microsoft 365 DNS template
if [ -e "$HESTIA/data/templates/dns/office365.tpl" ]; then
echo "[ * ] Updating DNS template for Office 365..."
cp -f $HESTIA/install/deb/templates/dns/office365.tpl $HESTIA/data/templates/dns/office365.tpl
fi
# Ensure that backup compression level is correctly set
GZIP_LVL_CHECK=$(cat $HESTIA/conf/hestia.conf | grep BACKUP_GZIP)
if [ -z "$GZIP_LVL_CHECK" ]; then
echo "[ * ] Updating backup compression level variable..."
$BIN/v-change-sys-config-value "BACKUP_GZIP" '9'
fi
# Randomize Roundcube des_key for better security
if [ -f "/etc/roundcube/config.inc.php" ]; then
rcDesKey="$(openssl rand -base64 30 | tr -d "/" | cut -c1-24)"
sed -i "s/vtIOjLZo9kffJoqzpSbm5r1r/$rcDesKey/g" /etc/roundcube/config.inc.php
fi
# Place robots.txt to prevent webmail crawling by search engine bots.
if [ -e "/var/lib/roundcube/" ]; then
if [ ! -f "/var/lib/roundcube/robots.txt" ]; then
echo "User-agent: *" > /var/lib/roundcube/robots.txt
echo "Disallow: /" >> /var/lib/roundcube/robots.txt
fi
fi
# Installing postgresql repo
if [ -e "/etc/postgresql" ]; then
echo "[ * ] Enabling native PostgreSQL APT repository..."
osname="$(cat /etc/os-release | grep "^ID\=" | sed "s/ID\=//g")"
if [ "$osname" = "ubuntu" ]; then
codename="$(lsb_release -s -c)"
else
codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))"
fi
echo "deb http://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > /etc/apt/sources.list.d/postgresql.list
wget --quiet https://www.postgresql.org/media/keys/ACCC4CF8.asc -O /tmp/psql_signing.key
APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/psql_signing.key > /dev/null 2>&1
rm /tmp/psql_signing.key
fi
# Hardening MySQL configuration, prevent local infile.
if [ -e "/etc/mysql/my.cnf" ]; then
mysql_local_infile_check=$(grep local-infile /etc/mysql/my.cnf)
if [ -z "$mysql_local_infile_check" ]; then
echo "[ * ] Hardening MySQL configuration..."
sed -i '/symbolic-links\=0/a\local-infile=0' /etc/mysql/my.cnf
fi
fi
# Hardening nginx configuration, drop TLSv1.1 support.
if [ -e "/etc/nginx/nginx.conf" ]; then
nginx_tls_check=$(grep TLSv1.1 /etc/nginx/nginx.conf)
if [ ! -z "$nginx_tls_check" ]; then
echo "[ * ] Updating nginx security settings - disabling TLS v1.1..."
sed -i 's/TLSv1.1 //g' /etc/nginx/nginx.conf
fi
fi
# Fix logrotate permission bug for nginx
if [ -e "/etc/logrotate/nginx" ]; then
sed -i "s/create 640 nginx adm/create 640/g" /etc/logrotate.d/nginx
fi
# Fix logrotate permission bug for apache
if [ -e "/etc/logrotate/apache2" ]; then
sed -i "s/create 640 root adm/create 640/g" /etc/logrotate.d/apache2
fi
# Repair messed up user log permissions from the logrotate bug. Ignoring errors
for user in $($HESTIA/bin/v-list-users plain | cut -f1); do
for domain in $($HESTIA/bin/v-list-web-domains $user plain | cut -f1); do
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* > /dev/null 2>&1
for sub_domain in $($HESTIA/bin/v-list-web-domain $user $domain plain | cut -f7 | tr ',' '\n'); do
chown root:$user /var/log/$WEB_SYSTEM/domains/$sub_domain.* > /dev/null 2>&1
done
done
done
chown root:root /var/log/$WEB_SYSTEM/domains/$WEBMAIL_ALIAS* > /dev/null 2>&1
# Enable IMAP/POP3 quota information
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
echo "[ * ] Enabling IMAP quota information reporting..."
if [ -e /etc/dovecot/conf.d/20-pop3.conf ]; then
cp -f $HESTIA/install/deb/dovecot/conf.d/20-pop3.conf /etc/dovecot/conf.d/20-pop3.conf
fi
if [ -e /etc/dovecot/conf.d/20-imap.conf ]; then
cp -f $HESTIA/install/deb/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf
fi
if [ -e /etc/dovecot/conf.d/90-quota.conf ]; then
cp -f $HESTIA/install/deb/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf
fi
fi
# Trigger multiphp legacy migration script
num_php_versions=$(ls -d /etc/php/*/fpm/pool.d 2> /dev/null | wc -l)
if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
echo "[ * ] Enabling modular Multi-PHP backend..."
cp -rf $HESTIA/data/templates/web $HESTIA_BACKUP/templates/web
bash $HESTIA/install/upgrade/manual/migrate_multiphp.sh > /dev/null 2>&1
fi
# Disable global subfolder alias for webmail in favor of subdomain
if [ -e /etc/nginx/conf.d/webmail.inc ]; then
rm -f /etc/nginx/conf.d/webmail.inc
fi
if [ -e /etc/apache2/conf.d/roundcube.conf ]; then
rm -f /etc/apache2/conf.d/roundcube.conf
fi

20
install/upgrade/versions/1.1.1.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.1.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Remove 5s delay when sending mail through exim4
if [ -e "/etc/exim4/exim4.conf.template" ]; then
echo "[ * ] Updating exim4 configuration..."
sed -i "s|rfc1413_query_timeout = 5s|rfc1413_query_timeout = 0s|g" /etc/exim4/exim4.conf.template
fi
# Fix phpMyAdmin blowfish and tmp directory issues
if [ -e "/usr/share/phpmyadmin/libraries/vendor_config.php" ]; then
echo "[ * ] Updating phpMyAdmin configuration..."
sed -i "s|define('CONFIG_DIR', ROOT_PATH);|define('CONFIG_DIR', '/etc/phpmyadmin/');|" /usr/share/phpmyadmin/libraries/vendor_config.php
sed -i "s|define('TEMP_DIR', ROOT_PATH . 'tmp/');|define('TEMP_DIR', '/var/lib/phpmyadmin/tmp/');|" /usr/share/phpmyadmin/libraries/vendor_config.php
fi

219
install/upgrade/versions/1.2.0.sh Normal file
View File

@@ -0,0 +1,219 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Check iptables paths and add symlinks when necessary
if [ ! -e "/sbin/iptables" ]; then
if which iptables; then
ln -s "$(which iptables)" /sbin/iptables
elif [ -e "/usr/sbin/iptables" ]; then
ln -s /usr/sbin/iptables /sbin/iptables
elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables; then
autoiptables=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables | cut -d '' -f 2)
if [ -x "$autoiptables" ]; then
ln -s "$autoiptables" /sbin/iptables
fi
fi
fi
if [ ! -e "/sbin/iptables-save" ]; then
if which iptables-save; then
ln -s "$(which iptables-save)" /sbin/iptables-save
elif [ -e "/usr/sbin/iptables-save" ]; then
ln -s /usr/sbin/iptables-save /sbin/iptables-save
elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save; then
autoiptables_save=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save | cut -d '' -f 2)
if [ -x "$autoiptables_save" ]; then
ln -s "$autoiptables_save" /sbin/iptables-save
fi
fi
fi
if [ ! -e "/sbin/iptables-restore" ]; then
if which iptables-restore; then
ln -s "$(which iptables-restore)" /sbin/iptables-restore
elif [ -e "/usr/sbin/iptables-restore" ]; then
ln -s /usr/sbin/iptables-restore /sbin/iptables-restore
elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore; then
autoiptables_restore=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore | cut -d '' -f 2)
if [ -x "$autoiptables_restore" ]; then
ln -s "$autoiptables_restore" /sbin/iptables-restore
fi
fi
fi
if [ -e "/etc/apache2/mods-enabled/status.conf" ]; then
sed -i '/Allow from all/d' /etc/apache2/mods-enabled/status.conf
fi
# Add sury apache2 repository
if [ "$WEB_SYSTEM" = "apache2" ] && [ ! -e "/etc/apt/sources.list.d/apache2.list" ]; then
echo "[ * ] Configuring sury.org Apache2 repository..."
# Check OS and install related repository
if [ -e "/etc/os-release" ]; then
type=$(grep "^ID=" /etc/os-release | cut -f 2 -d '=')
if [ "$type" = "ubuntu" ]; then
codename="$(lsb_release -s -c)"
echo "deb http://ppa.launchpad.net/ondrej/apache2/ubuntu $codename main" > /etc/apt/sources.list.d/apache2.list
elif [ "$type" = "debian" ]; then
codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))"
echo "deb https://packages.sury.org/apache2/ $codename main" > /etc/apt/sources.list.d/apache2.list
wget --quiet https://packages.sury.org/apache2/apt.gpg -O /tmp/apache2_signing.key
APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/apache2_signing.key > /dev/null 2>&1
fi
fi
fi
# Roundcube fixes for PHP 7.4 compatibility
if [ -d /usr/share/roundcube ]; then
echo "[ * ] Updating Roundcube configuration..."
[ -f "/usr/share/roundcube/plugins/enigma/lib/enigma_ui.php" ] && sed -i 's/$identities, "\\n"/"\\n", $identities/g' /usr/share/roundcube/plugins/enigma/lib/enigma_ui.php
[ -f "/usr/share/roundcube/program/lib/Roundcube/rcube_contacts.php" ] && sed -i 's/(array_keys($post_search), \x27|\x27)/(\x27|\x27, array_keys($post_search))/g' /usr/share/roundcube/program/lib/Roundcube/rcube_contacts.php
[ -f "/usr/share/roundcube/program/lib/Roundcube/rcube_db.php" ] && sed -i 's/implode($name, \x27.\x27)/implode(\x27.\x27, $name)/g' /usr/share/roundcube/program/lib/Roundcube/rcube_db.php
[ -f "/usr/share/roundcube/program/steps/addressbook/search.inc" ] && sed -i 's/$fields, \x27,\x27/\x27,\x27, $fields/g' /usr/share/roundcube/program/steps/addressbook/search.inc
[ -f "/usr/share/roundcube/program/steps/addressbook/search.inc" ] && sed -i 's/implode($fields, \x27,\x27)/implode(\x27,\x27, $fields)/g' /usr/share/roundcube/program/steps/addressbook/search.inc
[ -f "/usr/share/roundcube/program/steps/mail/sendmail.inc" ] && sed -i 's/implode($bstyle, \x27; \x27)/implode(\x27; \x27, $bstyle)/g' /usr/share/roundcube/program/steps/mail/sendmail.inc
fi
# Enable Roundcube plugins
if [ -d /usr/share/roundcube ]; then
cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_newmail_notifier.inc.php /etc/roundcube/plugins/newmail_notifier/config.inc.php
cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_zipdownload.inc.php /etc/roundcube/plugins/zipdownload/config.inc.php
[ -f "/etc/roundcube/config.inc.php" ] && sed -i "s/array('password')/array('password','newmail_notifier','zipdownload')/g" /etc/roundcube/config.inc.php
fi
# HELO support for multiple domains and IPs
if [ -e "/etc/exim4/exim4.conf.template" ]; then
echo "[ * ] Updating exim4 configuration..."
sed -i 's|helo_data = ${primary_hostname}|helo_data = ${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{$sender_address_domain}lsearch*{\/etc\/exim4\/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}|g' /etc/exim4/exim4.conf.template
fi
# Add daily midnight cron
if [ -z "$($BIN/v-list-cron-jobs admin | grep 'v-update-sys-queue daily')" ]; then
echo "[ * ] Updating cron jobs..."
command="sudo $BIN/v-update-sys-queue daily"
$BIN/v-add-cron-job 'admin' '01' '00' '*' '*' '*' "$command"
fi
[ ! -f "touch $HESTIA/data/queue/daily.pipe" ] && touch $HESTIA/data/queue/daily.pipe
# Remove existing network-up hooks so they get regenerated when updating the firewall
# - network hook will also restore ipset config during start-up
if [ -f "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks" ]; then
rm "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
$BIN/v-update-firewall
fi
if [ -f "/etc/network/if-pre-up.d/iptables" ]; then
rm "/etc/network/if-pre-up.d/iptables"
$BIN/v-update-firewall
fi
# Add hestia-event.conf, if the server is running apache2
if [ "$WEB_SYSTEM" = "apache2" ]; then
echo "[ * ] Updating Apache2 configuration..."
# Cleanup
rm --force /etc/apache2/mods-available/hestia-event.conf
rm --force /etc/apache2/mods-enabled/hestia-event.conf
rm --force /etc/apache2/conf-available/hestia-event.conf
rm --force /etc/apache2/conf-enabled/hestia-event.conf
if [ $(a2query -M) = 'event' ] && [ ! -e "/etc/apache2/conf.d/hestia-event.conf" ]; then
cp -f $HESTIA_INSTALL_DIR/apache2/hestia-event.conf /etc/apache2/conf.d/
fi
# Move apache mod_status config to /mods-available and rename it to prevent losing changes on upgrade
cp -f $HESTIA_INSTALL_DIR/apache2/status.conf /etc/apache2/mods-available/hestia-status.conf
cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load
a2dismod --quiet status > /dev/null 2>&1
a2enmod --quiet hestia-status > /dev/null 2>&1
rm --force /etc/apache2/mods-enabled/status.conf # a2dismod will not remove the file if it isn't a symlink
fi
# Install File Manager during upgrade if environment variable oesn't already exist and isn't set to false
# so that we don't override preference
FILE_MANAGER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep "FILE_MANAGER='false'")
if [ -z "$FILE_MANAGER_CHECK" ]; then
if [ ! -e "$HESTIA/web/fm/configuration.php" ]; then
echo "[ ! ] Installing File Manager..."
# Install the File Manager
$HESTIA/bin/v-add-sys-filemanager quiet
else
echo "[ * ] Updating File Manager configuration..."
# Update configuration.php
cp -f $HESTIA_INSTALL_DIR/filemanager/filegator/configuration.php $HESTIA/web/fm/configuration.php
# Set environment variable for interface
$HESTIA/bin/v-change-sys-config-value 'FILE_MANAGER' 'true'
fi
fi
# Enable nginx module loading
if [ -f "/etc/nginx/nginx.conf" ]; then
echo "[ * ] Updating NGINX configuration..."
if [ ! -d "/etc/nginx/modules-enabled" ]; then
mkdir -p "/etc/nginx/modules-enabled"
fi
if ! grep --silent "include /etc/nginx/modules-enabled" /etc/nginx/nginx.conf; then
sed -i '/^pid/ a include /etc/nginx/modules-enabled/*.conf;' /etc/nginx/nginx.conf
fi
fi
# Fix public_(s)html group ownership
echo "[ * ] Updating public_(s)html ownership..."
for user in $($HESTIA/bin/v-list-sys-users plain); do
# skip users with missing home folder
[[ -d /home/${user}/ ]] || continue
# skip users without web domains
ls /home/${user}/web/*/public_*html > /dev/null 2>&1 || continue
chown --silent --no-dereference :www-data /home/$user/web/*/public_*html
done
# Fix phpMyAdmin blowfish_secret error message due to incorrect permissions
if [ -e /var/lib/phpmyadmin/blowfish_secret.inc.php ]; then
echo "[ * ] Updating phpMyAdmin permissions..."
chmod 0644 /var/lib/phpmyadmin/blowfish_secret.inc.php
fi
# Ensure that backup compression level is correctly set
GZIP_LVL_CHECK=$(cat $HESTIA/conf/hestia.conf | grep BACKUP_GZIP)
if [ -z "$GZIP_LVL_CHECK" ]; then
echo "[ * ] Updating backup compression level variable..."
$BIN/v-change-sys-config-value "BACKUP_GZIP" '9'
fi
# Update phpMyAdmin/phpPgAdmin templates and set missing alias variables if necessary
if [ -e "/var/lib/phpmyadmin" ]; then
PMA_ALIAS_CHECK=$(cat $HESTIA/conf/hestia.conf | grep DB_PMA_ALIAS)
if [ -z "$PMA_ALIAS_CHECK" ]; then
echo "[ * ] Updating phpMyAdmin alias..."
$HESTIA/bin/v-change-sys-db-alias "pma" "phpMyAdmin"
else
echo "[ * ] Updating phpMyAdmin configuration..."
$HESTIA/bin/v-change-sys-db-alias "pma" "$DB_PMA_ALIAS"
fi
fi
if [ -e "/var/lib/phppgadmin" ]; then
PGA_ALIAS_CHECK=$(cat $HESTIA/conf/hestia.conf | grep DB_PGA_ALIAS)
if [ -z "$PGA_ALIAS_CHECK" ]; then
echo "[ * ] Updating phpPgAdmin alias..."
$HESTIA/bin/v-change-sys-db-alias "pga" "phpPgAdmin"
else
echo "[ * ] Updating phpPgAdmin configuration..."
$HESTIA/bin/v-change-sys-db-alias "pga" "$DB_PGA_ALIAS"
fi
fi
# Ensure that backup compression level is correctly set
GZIP_LVL_CHECK=$(cat $HESTIA/conf/hestia.conf | grep BACKUP_GZIP)
if [ -z "$GZIP_LVL_CHECK" ]; then
echo "[ * ] Updating backup compression level variable..."
$BIN/v-change-sys-config-value "BACKUP_GZIP" '9'
fi

7
install/upgrade/versions/1.2.1.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

48
install/upgrade/versions/1.2.2.sh Normal file
View File

@@ -0,0 +1,48 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Enhance Vsftpd security
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
echo "[ ! ] Hardening Vsftpd TLS configuration..."
if [ -e /etc/vsftpd.conf ]; then
rm -f /etc/vsftpd.conf
fi
cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
chmod 644 /etc/vsftpd.conf
fi
# Rework apt repositories
apt="/etc/apt/sources.list.d"
echo "[ * ] Hardening APT repositories..."
if [ -f "$apt/nginx.list" ]; then
if grep -q "http://nginx.org/packages/mainline/" $apt/nginx.list; then
echo " ----- NGINX"
sed -i "s/http\:\/\/nginx.org/https\:\/\/nginx.org/g" $apt/nginx.list
fi
fi
if [ -f "$apt/php.list" ]; then
if grep -q "http://packages.sury.org/" $apt/php.list; then
echo " ----- PHP"
sed -i "s/http\:\/\/packages.sury.org/https\:\/\/packages.sury.org/g" $apt/php.list
fi
fi
if [ -f "$apt/mariadb.list" ]; then
if grep -q "http://ams2.mirrors.digitalocean.com" $apt/mariadb.list; then
echo " ----- MariaDB"
sed -i "s/http\:\/\/ams2.mirrors.digitalocean.com/https\:\/\/mirror.mva-n.net/g" $apt/mariadb.list
fi
fi
if [ -f "$apt/postgresql.list" ]; then
if grep -q "http://apt.postgresql.org" $apt/postgresql.list; then
echo " ----- PostgreSQL"
sed -i "s/http\:\/\/apt.postgresql.org/https\:\/\/apt.postgresql.org/g" $apt/postgresql.list
fi
fi

7
install/upgrade/versions/1.2.3.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.2.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

76
install/upgrade/versions/1.3.0.sh Normal file
View File

@@ -0,0 +1,76 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Add NPM to the default writeable folder list
echo "[ * ] Updating default writable folders for all users..."
for user in $($HESTIA/bin/v-list-sys-users plain); do
mkdir -p \
$HOMEDIR/$user/.npm
chown $user:$user \
$HOMEDIR/$user/.npm
done
# Add default SSL Certificate config when ip is visited
if [ "$PROXY_SYSTEM" = "nginx" ]; then
echo "[ * ] Updating nginx configuration..."
while read IP; do
rm /etc/nginx/conf.d/$IP.conf
cat $WEBTPL/$PROXY_SYSTEM/proxy_ip.tpl \
| sed -e "s/%ip%/$IP/g" \
-e "s/%web_port%/$WEB_PORT/g" \
-e "s/%proxy_port%/$PROXY_PORT/g" \
-e "s/%proxy_ssl_port%/$PROXY_SSL_PORT/g" \
> /etc/$PROXY_SYSTEM/conf.d/$IP.conf
done < <(ls $HESTIA/data/ips/)
fi
if [ "$FTP_SYSTEM" == "proftpd" ]; then
echo "[ * ] Updating ProFTPd TLS configuration..."
if [ -e /etc/proftpd/proftpd.conf ]; then
rm /etc/proftpd/proftpd.conf
fi
if [ -e /etc/proftpd/tls.conf ]; then
rm /etc/proftpd/tls.conf
fi
cp -f $HESTIA_INSTALL_DIR/proftpd/proftpd.conf /etc/proftpd/
cp -f $HESTIA_INSTALL_DIR/proftpd/tls.conf /etc/proftpd/
fi
# Update exim configuration
if [ -e "/etc/exim4/exim4.conf.template" ]; then
echo "[ * ] Updating exim4 configuration..."
sed -i 's/${if match {${lc:$mime_filename}}{\\N(\\.ade|\\.adp|\\.bat|\\.chm|\\.cmd|\\.com|\\.cpl|\\.exe|\\.hta|\\.ins|\\.isp|\\.jse|\\.lib|\\.lnk|\\.mde|\\.msc|\\.msp|\\.mst|\\.pif|\\.scr|\\.sct|\\.shb|\\.sys|\\.vb|\\.vbe|\\.vbs|\\.vxd|\\.wsc|\\.wsf|\\.wsh)$\\N}{1}{0}}/${if match {${lc:$mime_filename}}{\\N(\\.ace|\\.ade|\\.adp|\\.app|\\.arj|\\.asp|\\.aspx|\\.asx|\\.bas|\\.bat|\\.cab|\\.cer|\\.chm|\\.cmd|\\.cnt|\\.com|\\.cpl|\\.crt|\\.csh|\\.der|\\.diagcab|\\.dll|\\.efi|\\.exe|\\.fla|\\.fon|\\.fxp|\\.gadget|\\.grp|\\.hlp|\\.hpj|\\.hta|\\.htc|\\.img|\\.inf|\\.ins|\\.iso|\\.isp|\\.its|\\.jar|\\.jnlp|\\.js|\\.jse|\\.ksh|\\.lib|\\.lnk|\\.mad|\\.maf|\\.mag|\\.mam|\\.maq|\\.mar|\\.mas|\\.mat|\\.mau|\\.mav|\\.maw|\\.mcf|\\.mda|\\.mdb|\\.mde|\\.mdt|\\.mdw|\\.mdz|\\.msc|\\.msh|\\.msh1|\\.msh1xml|\\.msh2|\\.msh2xml|\\.mshxml|\\.msi|\\.msp|\\.mst|\\.msu|\\.ops|\\.osd|\\.pcd|\\.pif|\\.pl|\\.plg|\\.prf|\\.prg|\\.printerexport|\\.ps1|\\.ps1xml|\\.ps2|\\.ps2xml|\\.psc1|\\.psc2|\\.psd1|\\.psdm1|\\.pst|\\.py|\\.pyc|\\.pyo|\\.pyw|\\.pyz|\\.pyzw|\\.reg|\\.scf|\\.scr|\\.sct|\\.sfx|\\.shb|\\.shs|\\.swf|\\.sys|\\.theme|\\.tmp|\\.ttf|\\.url|\\.vb|\\.vba|\\.vbe|\\.vbp|\\.vbs|\\.vhd|\\.vhdx|\\.vsmacros|\\.vsw|\\.vxd|\\.webpnp|\\.website|\\.wim|\\.ws|\\.wsc|\\.wsf|\\.wsh|\\.xbap|\\.xll|\\.xnk)$\\N}{1}{0}}/g' /etc/exim4/exim4.conf.template
fi
# Restrict access to /proc fs
if [ ! -e "/etc/cron.d/hestia-proc" ]; then
echo "[ * ] Restricting access to /proc fs..."
mount -o remount,defaults,hidepid=2 /proc > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "[ ! ] WARNING: Cannot remount /proc (LXC containers require additional permissions be added to host apparmor profile)"
else
echo "@reboot root sleep 5 && mount -o remount,defaults,hidepid=2 /proc" > /etc/cron.d/hestia-proc
fi
fi
# Change backup mode to zstd.
echo "[ * ] Setting zstd backup compression type as default..."
$BIN/v-change-sys-config-value "BACKUP_MODE" "zstd"
# Set LOGIN_STYLE variable in hestia.conf
echo "[ * ] Updating configuration file: hestia.conf..."
$BIN/v-change-sys-config-value "LOGIN_STYLE" "default"
# Remove old lanugage files.
if [ -e $HESTIA/web/inc/i18n/en.php ]; then
echo "[ * ] Performing language library clean-up..."
rm -fr $HESTIA/web/inc/i18n
fi

21
install/upgrade/versions/1.3.1.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Remove duplicate values in U_SYS_USERS variable for ips
for ip in $($BIN/v-list-sys-ips plain | cut -f1); do
current_usr=$(grep "U_SYS_USERS=" $HESTIA/data/ips/$ip | cut -f 2 -d \')
new_usr=$(echo "$current_usr" \
| sed "s/,/\n/g" \
| sort -u \
| sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$new_usr" ]; then
sed -i "s/U_SYS_USERS='$current_usr'/U_SYS_USERS='$new_usr'/g" $HESTIA/data/ips/$ip
fi
done

7
install/upgrade/versions/1.3.2.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

21
install/upgrade/versions/1.3.3.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Check if keys folder exists and adjust permissions
if [ -d "$HESTIA/data/keys" ]; then
echo '[ * ] Update permissions'
chmod 750 "$HESTIA/data/keys"
chown admin:root "$HESTIA/data/keys"
fi
if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
echo '[ * ] Create global Hestia config'
mkdir -p /etc/hestiacp
echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
fi

17
install/upgrade/versions/1.3.4.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.3.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
echo '[ * ] Updating System Administrator account permissions...'
$HESTIA/bin/v-change-user-role admin admin
# Send end-of-life notification to admin user on servers running Ubuntu 16.04
if [ "$OS_TYPE" = "Ubuntu" ]; then
if [ "$OS_VERSION" = '16.04' ]; then
$HESTIA/bin/v-add-user-notification admin 'IMPORTANT: End of support for Ubuntu 16.04 LTS' '<b>Hestia Control Panel no longer supports Ubuntu 16.04 LTS</b>, as a result your server will no longer receive upgrades or security patches after <b>v1.3.4</b>.<br><br>Please upgrade to a supported operating system.'
fi
fi

198
install/upgrade/versions/1.4.0.sh Normal file
View File

@@ -0,0 +1,198 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Add support for nginx FastCGI cache (standalone)
if [ -e "/etc/nginx/nginx.conf" ]; then
check=$(cat /etc/nginx/nginx.conf | grep 'fastcgi_cache_path')
if [ -z "$check" ]; then
echo "[ * ] Enabling nginx FastCGI cache support..."
sed -i 's/# Cache bypass/# FastCGI cache\n fastcgi_cache_path \/var\/cache\/nginx\/micro levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=30m;\n fastcgi_cache_key \"$scheme$request_method$host$request_uri\";\n fastcgi_cache_methods GET HEAD;\n fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;\n fastcgi_ignore_headers Cache-Control Expires Set-Cookie;\n add_header X-FastCGI-Cache \$upstream_cache_status;\n\n # Cache bypass/g' /etc/nginx/nginx.conf
sed -i 's/ fastcgi_cache_lock_timeout 5s;/ fastcgi_cache_lock_timeout 5s;\n fastcgi_cache_background_update on;\n fastcgi_cache_revalidate on;/g' /etc/nginx/nginx.conf
fi
fi
if [ -e "/etc/nginx/nginx.conf" ]; then
echo "[ * ] Updating nginx configuration with changes to Cloudflare IP addresses"
sed -i 's/ set_real_ip_from 104.16.0.0\/12;/ set_real_ip_from 104.16.0.0\/13;\n set_real_ip_from 104.24.0.0\/14;/g' /etc/nginx/nginx.conf
fi
# Populating HELO/SMTP Banner for existing IPs
if [ "$MAIL_SYSTEM" == "exim4" ]; then
# Check if we've already done this upgrade before proceeding
if ! grep -q ^smtp_active_hostname /etc/exim4/exim4.conf.template; then
source $HESTIA/func/ip.sh
echo "[ * ] Populating HELO/SMTP Banner value for existing IP addresses..."
> /etc/exim4/mailhelo.conf
for ip in $($BIN/v-list-sys-ips plain | cut -f1); do
helo=$(is_ip_rdns_valid $ip)
if [ ! -z "$helo" ]; then
$BIN/v-change-sys-ip-helo $ip $helo
fi
done
# Update exim configuration
echo "[ * ] Updating exim4 configuration..."
# Add new smtp_active_hostname variable to exim config
sed -i '/^smtp_banner = \$smtp_active_hostname$/a smtp_active_hostname = ${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{$interface_address}lsearch{\/etc\/exim4\/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}' /etc/exim4/exim4.conf.template
# Lookup HELO address by sending ip instead of sending domain
sed -i 's/helo_data = \${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{\$sender_address_domain}lsearch\*{\/etc\/exim4\/mailhelo.conf}{\$value}{\$primary_hostname}}}{\$primary_hostname}}/helo_data = ${if exists {\/etc\/exim4\/mailhelo.conf}{${lookup{$sending_ip_address}lsearch{\/etc\/exim4\/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}/' /etc/exim4/exim4.conf.template
fi
fi
# Upgrading Mail System
if [ "$MAIL_SYSTEM" == "exim4" ]; then
if ! grep -q "send_via_smtp_relay" /etc/exim4/exim4.conf.template; then
echo '[ * ] Enabling SMTP relay support...'
if grep -q "driver = plaintext" /etc/exim4/exim4.conf.template; then
disable_smtp_relay=true
echo '[ ! ] ERROR: SMTP Relay upgrade failed:'
echo ''
echo 'Because of the complexity of the SMTP Relay upgrade,'
echo 'we were unable to safely modify your existing exim config file.'
echo 'If you would like to use the new SMTP Relay features,'
echo 'you will have to replace or modify your config with the one found'
echo 'on GitHub at https://github.com/hestiacp/hestiacp/blob/release/install/deb/exim/exim4.conf.template.'
echo 'Your exim config file will be found here: /etc/exim4/exim4.conf.template'
$HESTIA/bin/v-add-user-notification admin 'SMTP Relay upgrade failed' 'Because of the complexity of the SMTP Relay upgrade, we were unable to safely modify your existing exim config file.<br><br>If you would like to use the new SMTP Relay features, you will have to replace or modify your config with the one <a href="https://github.com/hestiacp/hestiacp/blob/release/install/deb/exim/exim4.conf.template" target="_blank">found on GitHub</a>.<br><br>Your exim config file will be found here:<br><br><code>/etc/exim4/exim4.conf.template</code>'
else
disable_smtp_relay=false
fi
# Add smtp relay macros to exim config
insert='SMTP_RELAY_FILE = ${if exists{/etc/exim4/domains/${sender_address_domain}/smtp_relay.conf}{/etc/exim4/domains/$sender_address_domain/smtp_relay.conf}{/etc/exim4/smtp_relay.conf}}\n\SMTP_RELAY_HOST=${lookup{host}lsearch{SMTP_RELAY_FILE}}\n\SMTP_RELAY_PORT=${lookup{port}lsearch{SMTP_RELAY_FILE}}\n\SMTP_RELAY_USER=${lookup{user}lsearch{SMTP_RELAY_FILE}}\n\SMTP_RELAY_PASS=${lookup{pass}lsearch{SMTP_RELAY_FILE}}\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/ACL CONFIGURATION/=' /etc/exim4/exim4.conf.template) - 1)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
# Add smtp relay authenticator
insert='smtp_relay_login:\n\ driver = plaintext\n\ public_name = LOGIN\n\ hide client_send = : SMTP_RELAY_USER : SMTP_RELAY_PASS\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/begin authenticators/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
# Add smtp relay router
insert='send_via_smtp_relay:\n\ driver = manualroute\n\ address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT\n\ domains = !+local_domains\n\ require_files = SMTP_RELAY_FILE\n\ transport = smtp_relay_smtp\n\ route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}\n\ no_more\n\ no_verify\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/begin routers/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
# Add smtp relay transport
insert='smtp_relay_smtp:\n\ driver = smtp\n\ hosts_require_auth = $host_address\n\ hosts_require_tls = $host_address\n'
if [ "$disable_smtp_relay" = true ]; then
insert=$(sed 's/^/#/g; s/\\n/\\n#/g; s/.$//' <<< $insert)
fi
line=$(expr $(sed -n '/begin transports/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
fi
fi
# Set default webmail system for mail domains
if [ -n "$WEBMAIL_SYSTEM" ]; then
for user in $($BIN/v-list-users plain | cut -f1); do
for domain in $($BIN/v-list-mail-domains $user plain | cut -f1); do
$BIN/v-add-mail-domain-webmail $user $domain '' no
done
done
fi
# Fix PostgreSQL repo
if [ -f /etc/apt/sources.list.d/postgresql.list ]; then
echo "[ * ] Updating PostgreSQL repository..."
sed -i 's|deb https://apt.postgresql.org/pub/repos/apt/|deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/|g' /etc/apt/sources.list.d/postgresql.list
fi
# Remove API file if API is set to "no"
if [ "$API" = "no" ]; then
if [ -f "$HESTIA/web/api/index.php" ]; then
echo "[ * ] Disabling API access..."
$HESTIA/bin/v-change-sys-api remove
fi
fi
# Back up users existing configuration data to $HESTIA/conf/defaults/hestia.conf
if [ ! -f "$HESTIA/conf/defaults/hestia.conf" ]; then
echo "[ * ] Creating known good configuration data for system recovery..."
if [ ! -d "$HESTIA/conf/defaults/" ]; then
mkdir -p "$HESTIA/conf/defaults/"
fi
cp -f $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
fi
if [ -f "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks" ]; then
echo "[ * ] Fix potenial issue with multiple network adapters and netplan..."
rm "/usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks"
$BIN/v-update-firewall
fi
# Consolidate nginx (standalone) templates used by active websites
if [ "$WEB_SYSTEM" = "nginx" ]; then
echo "[ * ] Consolidating nginx templates for Drupal & CodeIgniter..."
sed -i "s|TPL='drupal6'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='drupal7'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='drupal8'|TPL='drupal'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='codeigniter2'|TPL='codeigniter'|g" $HESTIA/data/users/*/web.conf
sed -i "s|TPL='codeigniter3'|TPL='codeigniter'|g" $HESTIA/data/users/*/web.conf
fi
# Remove outdated nginx templates
echo "[ * ] Removing outdated nginx templates..."
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal6.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal7.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/drupal8.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/codeigniter2.*tpl
rm -rf $HESTIA/data/templates/web/nginx/php-fpm/codeigniter3.*tpl
# Clean up old Hestia controlled webapps
if [ -d "$HESTIA/web/images/webapps/" ]; then
echo "[ * ] Clean up old web apps code..."
rm -rf $HESTIA/web/images/webapps/
rm -rf $HESTIA/web/src/app/WebApp/Installers/LaravelSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/OpencartSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/PrestashopSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/SymfonySetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/WordpressSetup.php
rm -rf $HESTIA/web/src/app/WebApp/Installers/Joomla
fi
# Update ClamAV configuration file
if [ -f "/etc/clamav/clamd.conf" ]; then
cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/clamav/
$HESTIA/bin/v-add-user-notification admin 'ClamAV config has been overwritten' 'Warning: If you have manualy changed /etc/clamav/clamd.conf and any changes you made will be lost an backup has been created in the /root/hst_backups folder with the original config. If you have not changed the config file you can ignore this message'
fi
##### COMMANDS FOR V1.5.X
# Back up default package and install latest version
if [ -d $HESTIA/data/packages/ ]; then
echo "[ * ] Migrating legacy default package for all users..."
$HESTIA/bin/v-rename-user-package default custom > /dev/null 2>&1
echo "[ * ] Replacing default package..."
cp -f $HESTIA_INSTALL_DIR/packages/default.pkg $HESTIA/data/packages/
fi

7
install/upgrade/versions/1.4.1.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

7
install/upgrade/versions/1.4.10.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.10
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

27
install/upgrade/versions/1.4.11.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.11
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Fix the potential issue of loading firewall rules
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Updating firewall configuration..."
# Just in case, delete the legacy version loading script again to prevent any residue
rm -f /usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks /etc/network/if-pre-up.d/iptables
# The firewall rules are loading by Systemd, the old loading script is no longer needed
rm -f /usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables /etc/network/if-pre-up.d/hestia-iptables
$BIN/v-update-firewall
fi
if [ -f "/etc/exim4/exim4.conf.template" ]; then
test=$(grep 'require_files = ${local_part}:+${home}/.forward' /etc/exim4/exim4.conf.template)
if [ -z "$test" ]; then
echo "[ * ] Fix bug where email send to news@domain.com is handled by /var/spool/news"
insert="\ require_files = \${local_part}:+\${home}/.forward\n\ domains = +local_domains"
line=$(expr $(sed -n '/userforward/=' /etc/exim4/exim4.conf.template) + 1)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
fi
fi

16
install/upgrade/versions/1.4.12.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.12
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
if [ "$exim_version" = "4.94" ]; then
echo "[ ! ] Fixing issue with Exim 4.94 (#2087 - Unable send email)..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's|OUTGOING_IP = /etc/exim4/domains/$sender_address_domain/ip|OUTGOING_IP = /etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/ip|g' /etc/exim4/exim4.conf.template
sed -i 's|SMTP_RELAY_FILE = ${if exists{/etc/exim4/domains/${sender_address_domain}/smtp_relay.conf}{/etc/exim4/domains/$sender_address_domain/smtp_relay.conf}{/etc/exim4/smtp_relay.conf}}|SMTP_RELAY_FILE = ${if exists{/etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/smtp_relay.conf}{/etc/exim4/domains/${lookup{$sender_address_domain}dsearch{/etc/exim4/domains}}/smtp_relay.conf}{/etc/exim4/smtp_relay.conf}}|g' /etc/exim4/exim4.conf.template
fi
fi

51
install/upgrade/versions/1.4.13.sh Normal file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.13
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
servername=$(hostname -f)
# Check if hostname is valid according to RFC1178
if [[ $(echo "$servername" | grep -o "\." | wc -l) -lt 2 ]] || [[ $servername =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "[ * ] Hostname does not follow RFC1178 standard Please check email send regarding the update!"
add_upgrade_message "We've noticed that you're using a invalid hostname. Please have a look at the RFC1178 standard (https://datatracker.ietf.org/doc/html/rfc1178) and use a valid one (ex. hostname.domain.tld). You can change the hostname using v-change-sys-hostname and also add a ssl certificate using v-add-letsencypt-host (proper dns A record mandatory). You'll find more informations in our documentation: https://hestiacp.com/docs/server-administration/ssl-certificates.html#how-to-setup-let-s-encrypt-for-the-control-panel"
$HESTIA/bin/v-add-user-notification admin "Invalid Hostname detected" "Warning: We've noticed that you're using a invalid hostname. Please have a look at the <a href=\"https://datatracker.ietf.org/doc/html/rfc1178\" target=\"_blank\">RFC1178 standard</a> and use a valid one (ex. hostname.domain.tld). You can change the hostname using v-change-sys-hostname and also add a ssl certificate using v-add-letsencypt-host (proper dns A record mandatory). You'll find more informations in our <a href=\"https://hestiacp.com/docs/server-administration/ssl-certificates.html#how-to-setup-let-s-encrypt-for-the-control-panel\" target=\"_blank\">documentation</a>."
fi
# Empty $HESTIA/ssl/mail/ due to bug in #2066
if [ -e "$HESTIA/ssl/mail/" ]; then
rm -fr $HESTIA/ssl/mail/*
fi
# Reset PMA SSO
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Updating hestia-sso for phpMyAdmin..."
$BIN/v-delete-sys-pma-sso
$BIN/v-add-sys-pma-sso
fi
# Loading firewall rules Systemd unit needs update. #2100
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Updating loading firewall configuration..."
$BIN/v-delete-sys-firewall
$BIN/v-add-sys-firewall
fi
# Remove old files/folders from previous versions of Hestia Control Panel
if [ -d "$HESTIA/web/edit/file/" ]; then
rm -fr $HESTIA/web/edit/file/
fi
if [ -d "$HESTIA/web/edit/server/theme/" ]; then
rm -fr $HESTIA/web/edit/server/theme/
fi

21
install/upgrade/versions/1.4.14.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.14
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -f "/etc/network/interfaces" ] && [ -f "/etc/netplan/60-hestia.yaml" ]; then
add_upgrade_message "Warning: Please check your network configuration!\n\nDuring this update network compatibility issues were detected. Both /etc/network/interfaces and /etc/netplan/60-hestia.yaml exist which can lead to issues after a system reboot. Please review your network configuration."
$HESTIA/bin/v-add-user-notification admin "WARNING: Invalid network configuration detected\n\nDuring this update network compatibility issues were detected. Both /etc/network/interfaces and /etc/netplan/60-hestia.yaml exist which can lead to issues after a system reboot. Please review your network configuration."
fi

29
install/upgrade/versions/1.4.15.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.15
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
if [ "$exim_version" = "4.94" ]; then
echo "[ ! ] Updating Exim configuration..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's|file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}.msg|file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg|g' /etc/exim4/exim4.conf.template
sed -i 's| from = "${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"| from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}"|g' /etc/exim4/exim4.conf.template
fi
fi

20
install/upgrade/versions/1.4.16.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.16
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi

20
install/upgrade/versions/1.4.17.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.17
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass trough information to the end user incase of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### to the upgrade email. Please add it using: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi

29
install/upgrade/versions/1.4.2.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Optimize loading firewall rules
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Fix the issue of loading firewall rules..."
# Add rule to ensure the rule will be added when we update the firewall / /etc/iptables.rules
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
rm -f /usr/lib/networkd-dispatcher/routable.d/50-ifup-hooks /etc/network/if-pre-up.d/iptables
$BIN/v-update-firewall
fi
# Fix potential issue of updating to Nginx 1.21.0
if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
default_conf="/etc/nginx/conf.d/default.conf"
nginx_conf="/etc/nginx/nginx.conf"
[ -f "${default_conf}" ] && mv -f ${default_conf} ${default_conf}.dpkg-dist
[ -f "${default_conf}.dpkg-new" ] && mv -f ${default_conf}.dpkg-new ${default_conf}.dpkg-dist
[ -f "${nginx_conf}.dpkg-new" ] && mv -f ${nginx_conf}.dpkg-new ${nginx_conf}.dpkg-dist
[ -f "${nginx_conf}.dpkg-old" ] && mv -f ${nginx_conf} ${nginx_conf}.dpkg-dist \
&& rm -f ${nginx_conf}.dpkg-old \
&& cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/
fi

20
install/upgrade/versions/1.4.3.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Improve generate and loading firewall rules
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Fix the issue of generate firewall rules..."
$BIN/v-update-firewall
fi
# Reset PMA SSO
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Refressh hestia-sso for PMA..."
$BIN/v-delete-sys-pma-sso
$BIN/v-add-sys-pma-sso
fi

37
install/upgrade/versions/1.4.4.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
if [ -d "/etc/nginx/conf.d/" ]; then
#Add nginx user_agent separation to desktop/mobile
cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
fi
if [ -d "/etc/phpmyadmin/" ]; then
echo "[ * ] Secure PHPmyAdmin"
# limit access to /etc/phpmyadmin/ and /usr/share/phpmyadmin/tmp and so on
chown -R root:www-data /etc/phpmyadmin/
chmod -R 640 /etc/phpmyadmin/*
if [ -d "/etc/phpmyadmin/conf.d/" ]; then
chmod 750 /etc/phpmyadmin/conf.d/
fi
if [ -d "/var/lib/phpmyadmin/tmp" ]; then
chown root:www-data /usr/share/phpmyadmin/tmp
chmod 770 /usr/share/phpmyadmin/tmp
fi
if [ -d "/var/lib/phpmyadmin/tmp" ]; then
chmod 770 /var/lib/phpmyadmin/tmp
chown root:www-data /usr/share/phpmyadmin/tmp
fi
fi
# Reset PMA SSO to fix bug with Nginx + Apache2
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Refressh hestia-sso for PMA..."
$BIN/v-delete-sys-pma-sso quiet
$BIN/v-add-sys-pma-sso quiet
fi

7
install/upgrade/versions/1.4.5.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

12
install/upgrade/versions/1.4.6.sh Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
if [ -n "$DB_PMA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
rm -rf /usr/share/phpmyadmin/tmp/*
fi

11
install/upgrade/versions/1.4.7.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
if [ -n "$DB_PGA_ALIAS" ]; then
$HESTIA/bin/v-change-sys-db-alias 'pga' "$DB_PGA_ALIAS"
fi

28
install/upgrade/versions/1.4.8.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.8
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
echo "[ * ] Configuring PHPMailer..."
$HESTIA/bin/v-add-sys-phpmailer quiet
matches=$(grep -o 'ENFORCE_SUBDOMAIN_OWNERSHIP' $HESTIA/conf/hestia.conf | wc -l)
if [ "$matches" -gt 1 ]; then
echo "[ * ] Removing double matches ENFORCE_SUBDOMAIN_OWNERSHIP key"
source $HESTIA/conf/hestia.conf
sed -i "/ENFORCE_SUBDOMAIN_OWNERSHIP='$ENFORCE_SUBDOMAIN_OWNERSHIP'/d" $HESTIA/conf/hestia.conf
$HESTIA/bin/v-change-sys-config-value "ENFORCE_SUBDOMAIN_OWNERSHIP" "$ENFORCE_SUBDOMAIN_OWNERSHIP"
fi
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
version=$(dovecot --version | cut -f -2 -d .)
if [ "$version" = "2.3" ]; then
echo "[ * ] Update dovecot config to sync with 2.3 settings"
sed -i 's|ssl_dh_parameters_length = 4096|#ssl_dh_parameters_length = 4096|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_dh = </etc/ssl/dhparam.pem|ssl_dh = </etc/ssl/dhparam.pem|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|ssl_protocols = !SSLv3 !TLSv1|ssl_min_protocol=TLSv1.1|g' /etc/dovecot/conf.d/10-ssl.conf
fi
fi

7
install/upgrade/versions/1.4.9.sh Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.4.9
#######################################################################################
####### Place additional commands below. #######
#######################################################################################

81
install/upgrade/versions/1.5.0.sh Normal file
View File

@@ -0,0 +1,81 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'true'
if [ -n "$DB_PMA_ALIAS" ]; then
if [ -e "/etc/apache2/conf.d/phpmyadmin.conf" ]; then
rm /etc/apache2/conf.d/phpmyadmin.conf
touch /etc/apache2/conf.d/phpmyadmin.inc
fi
$HESTIA/bin/v-change-sys-db-alias 'pma' "$DB_PMA_ALIAS"
fi
if [ -n "$DB_PGA_ALIAS" ]; then
if [ -e "/etc/apache2/conf.d/phppgadmin.conf" ]; then
rm /etc/apache2/conf.d/phppgadmin.conf
touch /etc/apache2/conf.d/phppgadmin.inc
fi
$HESTIA/bin/v-change-sys-db-alias 'pga' "$DB_PGA_ALIAS"
fi
if [ -n "$MAIL_SYSTEM" ]; then
echo "[ ! ] Updating Exim configuration..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's/^smtp_active_hostname = \${if exists {\/etc\/exim4\/mailhelo\.conf}{\${lookup{\$interface_address}lsearch{\/etc\/exim4\/mailhelo\.conf}{\$value}{\$primary_hostname}}}{\$primary_hostname}}$/smtp_active_hostname = \${lookup dnsdb{>: ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
sed -i 's/^ helo_data = \${if exists {\/etc\/exim4\/mailhelo\.conf}{\${lookup{\$sending_ip_address}lsearch{\/etc\/exim4\/mailhelo\.conf}{\$value}{\$primary_hostname}}}{\$primary_hostname}}$/ helo_data = \${lookup dnsdb{>: ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
# When 1.5.0 beta was installed
sed -i 's/^smtp_active_hostname = \${lookup dnsdb{ptr=\$interface_address}{\$value}{\$primary_hostname}}$/smtp_active_hostname = \${lookup dnsdb{>: ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
sed -i 's/^ helo_data = \${lookup dnsdb{ptr=\$sending_ip_address}{\$value}{\$primary_hostname}}$/ helo_data = \${lookup dnsdb{>: ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
fi
# Clean up legacy mailhelo file
rm -f /etc/${MAIL_SYSTEM}/mailhelo.conf
# Clean up legacy ip variable
for ip in $($BIN/v-list-sys-ips plain | cut -f1); do
sed '/^HELO/d' $HESTIA/data/ips/$ip > /dev/null
done
fi
if [ -L "/var/log/hestia" ]; then
echo "[ ! ] Updating log file location: /usr/local/hestia/log/* to /var/log/hestia/..."
rm /var/log/hestia
mkdir -p /var/log/hestia
cp /usr/local/hestia/log/* /var/log/hestia/
rm -rf /usr/local/hestia/log
ln -s /var/log/hestia /usr/local/hestia/log
touch /var/log/hestia/auth.log /var/log/hestia/error.log /var/log/hestia/system.log /var/log/hestia/nginx-error.log /var/log/hestia/nginx-access.log
fi
if [ -d "/var/log/roundcube" ]; then
chown www-data:root /var/log/roundcube
chmod 751 /var/log/roundcube
fi
if [ -d "/etc/roundcube" ]; then
chmod 644 /etc/roundcube/defaults.inc.php
chmod 644 /etc/roundcube/mimetypes.php
fi

56
install/upgrade/versions/1.5.1.sh Normal file
View File

@@ -0,0 +1,56 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'true'
RHOST='apt.hestiacp.com'
codename="$(lsb_release -s -c)"
if [ -z "$codename" ]; then
codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))"
fi
architecture="$(arch)"
case $architecture in
x86_64)
ARCH="amd64"
;;
aarch64)
ARCH="arm64"
;;
*) ;;
esac
chmod +x $HESTIA/install/deb/
echo "[ * ] Updating hestia apt configuration..."
sed -i "s|deb https://$RHOST/ $codename main|deb [arch=$ARCH] https://$RHOST/ $codename main|g" /etc/apt/sources.list.d/hestia.list
if [ -n "$IMAP_SYSTEM" ]; then
echo "[ * ] Updating dovecot configuration..."
sed -i "s/mail_plugins = \$mail_plugins sieve/mail_plugins = \$mail_plugins quota sieve/g" /etc/dovecot/conf.d/15-lda.conf
fi
if [ -n "$MAIL_SYSTEM" ]; then
echo "[ ! ] Updating Exim configuration..."
if [ -f "/etc/exim4/exim4.conf.template" ]; then
sed -i 's/^smtp_active_hostname = \${lookup dnsdb{>: ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}$/smtp_active_hostname = \${lookup dnsdb{>: defer_never,ptr=\$interface_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
sed -i 's/^ helo_data = \${lookup dnsdb{>: ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}$/ helo_data = \${lookup dnsdb{>: defer_never,ptr=\$sending_ip_address}{\${listextract{1}{\$value}}}{\$primary_hostname}}/' /etc/exim4/exim4.conf.template
fi
fi

40
install/upgrade/versions/1.5.10.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.10
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# shellcheck source=/usr/local/hestia/func/db.sh
source $HESTIA/func/db.sh
if [ -n "$(echo $DB_SYSTEM | grep -w mysql)" ]; then
mysql_connect 'localhost'
version=$(mysql --defaults-file=/usr/local/hestia/conf/.mysql.localhost -e 'SELECT VERSION()')
mysql_version=$(echo $version | grep -o -E '[0-9]*.[0-9].[0-9]+' | head -n1)
mysql_version2=$(echo $mysql_version | grep -o -E '[0-9]*.[0-9]' | head -n1)
if [ "$mysql_version2" = "10.6" ]; then
test=$(mysql -e "select * from mysql.global_priv;" | grep root | grep unix_socket)
if [ -z "$test" ]; then
echo "[ ! ] Updating MariaDB permissions to fix startup issue "
mysql --defaults-file=/usr/local/hestia/conf/.mysql.localhost -e "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';"
fi
fi
fi

50
install/upgrade/versions/1.5.11.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.11
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
PORT=$(cat $HESTIA/nginx/conf/nginx.conf | grep "listen" | sed 's/[^0-9]*//g')
if [ "$PORT" != "8083" ]; then
# Update F2B chains config
if [ -f "$HESTIA/data/firewall/chains.conf" ]; then
# Update value in chains.conf
sed -i "s/PORT='8083'/PORT='$PORT'/g" $HESTIA/data/firewall/chains.conf
fi
# Restart services
if [ -n "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != no ]; then
$HESTIA/bin/v-stop-firewall
$HESTIA/bin/v-update-firewall
fi
fi
# Fix Roundcube logdir permission
if [ -d "/var/log/roundcube" ]; then
chown www-data:www-data /var/log/roundcube
fi
# Fix bug in nginx.conf for proxy cache
if [ -d "/etc/nginx/nginx.conf" ]; then
echo "[ ! ] Fixed an issue with proxy cache and redirects"
sed -i 's/proxy_cache_key "$host$request_uri $cookie_user";/proxy_cache_key "$scheme$request_method$host$request_uri";/g' /etc/nginx/nginx.conf
fi

22
install/upgrade/versions/1.5.2.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

22
install/upgrade/versions/1.5.3.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

22
install/upgrade/versions/1.5.4.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

103
install/upgrade/versions/1.5.5.sh Normal file
View File

@@ -0,0 +1,103 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Update php-fpm.conf
for version in $($BIN/v-list-sys-php plain); do
cp -f $HESTIA_INSTALL_DIR/php-fpm/php-fpm.conf /etc/php/$version/fpm/
sed -i "s/fpm_v/$version/g" /etc/php/$version/fpm/php-fpm.conf
done
echo "[ * ] Updating apt keyring configuration..."
mkdir -p /root/.gnupg && chmod 700 /root/.gnupg
if [ ! -f "/usr/share/keyrings/nginx-keyring.gpg" ]; then
# Get Architecture
architecture="$(arch)"
case $architecture in
x86_64)
ARCH="amd64"
;;
aarch64)
ARCH="arm64"
;;
*)
echo " [ ! ] Unsuported architectrue"
;;
esac
#Get OS details
os=$(grep "^ID=" /etc/os-release | cut -f 2 -d '=')
codename="$(lsb_release -s -c)"
release="$(lsb_release -s -r)"
mariadb_v=$(mysql -V | awk 'NR==1{print $5}' | head -c 4)
RHOST='apt.hestiacp.com'
apt="/etc/apt/sources.list.d"
if [ -f "$apt/nginx.list" ]; then
rm $apt/nginx.list
echo " [ * ] NGINX"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$os/ $codename nginx" > $apt/nginx.list
curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1
fi
if [ "$os" = "debian" ]; then
if [ -f "$apt/php.list" ]; then
rm $apt/php.list
echo " [ * ] PHP"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/php/ $codename main" > $apt/php.list
curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/sury-keyring.gpg > /dev/null 2>&1
fi
if [ -f "$apt/apache2.list" ]; then
rm $apt/apache2.list
echo " [ * ] Apache2"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/apache2-keyring.gpg] https://packages.sury.org/apache2/ $codename main" > $apt/apache2.list
curl -s https://packages.sury.org/apache2/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/apache2-keyring.gpg > /dev/null 2>&1
fi
fi
if [ -f "$apt/mariadb.list" ]; then
rm $apt/mariadb.list
echo " [ * ] MariaDB"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://mirror.mva-n.net/mariadb/repo/$mariadb_v/$os $codename main" > $apt/mariadb.list
curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1
fi
if [ -f "$apt/hestia.list" ]; then
rm $apt/hestia.list
echo " [ * ] Hestia"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/hestia-keyring.gpg] https://$RHOST/ $codename main" > $apt/hestia.list
gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
apt-key del A189E93654F0B0E5 > /dev/null 2>&1
fi
if [ -f "$apt/postgresql.list" ]; then
rm $apt/postgresql.list
echo "[ * ] PostgreSQL"
echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
curl -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /usr/share/keyrings/postgresql-keyring.gpg > /dev/null 2>&1
fi
fi
if [ ! -f "$HESTIA/data/packages/system.pkg" ]; then
echo "[ * ] Install default system package."
cp -f $HESTIA/install/deb/packages/system.pkg $HESTIA/data/packages/system.pkg
fi

27
install/upgrade/versions/1.5.6.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
echo "[ * ] Refresh Hostname SSL..."
hostname=$(hostname)
user=$($HESTIA/bin/v-search-domain-owner "$hostname")
$HESTIA/bin/v-update-host-certificate "$user" "$hostname"

22
install/upgrade/versions/1.5.7.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

33
install/upgrade/versions/1.5.8.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.8
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
echo "[ * ] Create .gnupg directory..."
mkdir -p /root/.gnupg/ && chmod 700 /root/.gnupg/
echo "[ * ] Ensure jail is enabled for sftp or ftp users..."
shells="rssh|nologin"
for user in $(grep "$HOMEDIR" /etc/passwd | egrep "$shells" | cut -f 1 -d:); do
if [ -d "$HESTIA/data/users/$user" ]; then
$BIN/v-add-user-sftp-jail "$user" "no" > /dev/null 2>&1
fi
done

22
install/upgrade/versions/1.5.9.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.5.9
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

133
install/upgrade/versions/1.6.0.sh Normal file
View File

@@ -0,0 +1,133 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Delete compsoser to force update to composer v2
rm -fr /home/admin/.composer
if [ "$MAIL_SYSTEM" = "exim4" ]; then
echo "[ * ] Update exim4 config to support rate limits"
# Upgrade config exim for custom limits
sed -i '115,250 s/ratelimit = 200 \/ 1h \/ $authenticated_id/ set acl_c_msg_limit = \${if exists{\/etc\/exim4\/domains\/\${lookup{\$sender_address_domain}dsearch{\/etc\/exim4\/domains\/}}\/limits} {\${extract{1}{:}{\${lookup{\$sender_address_local_part@\$sender_address_domain}lsearch{\/etc\/exim4\/domains\/\${lookup{\$sender_address_domain}dsearch{\/etc\/exim4\/domains\/}}\/limits}}}}} {\${readfile{\/etc\/exim4\/limit.conf}}} }\n ratelimit = \$acl_c_msg_limit \/ 1h \/ strict\/ \$authenticated_id/g' /etc/exim4/exim4.conf.template
sed -i '115,250 s/warn ratelimit = 100 \/ 1h \/ strict \/ $authenticated_id/warn ratelimit = ${eval:$acl_c_msg_limit \/ 2} \/ 1h \/ strict \/ $authenticated_id/g' /etc/exim4/exim4.conf.template
# Add missing limit.conf file
cp $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/limit.conf
cp $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/system.filter
acl=$(cat /etc/exim4/exim4.conf.template | grep "set acl_m3")
if [ -z "$acl" ]; then
echo "[ * ] Add support for optional rejecting spam"
sed -i 's/ warn set acl_m1 = no/ warn set acl_m1 = no \n set acl_m3 = no/g' /etc/exim4/exim4.conf.template
sed -i 's| set acl_m1 = yes| set acl_m1 = yes \n warn condition = \${if exists {/etc/exim4/domains/\$domain/reject_spam}{yes}{no}} \n set acl_m3 = yes|g' /etc/exim4/exim4.conf.template
sed -i 's| message = SpamAssassin detected spam (from \$sender_address to \$recipients).| message = SpamAssassin detected spam (from $sender_address to $recipients).\n\n # Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled\n deny message = This message scored \$spam_score spam points\n spam = debian-spamd:true \n condition = \${if eq{\$acl_m3}{yes}{yes}{no}} \n condition = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}} |g' /etc/exim4/exim4.conf.template
fi
if ! grep -q "send_via_unauthenticated_smtp_relay" /etc/exim4/exim4.conf.template; then
echo '[ * ] Enabling SMTP relay support...'
# Add smtp relay router
insert='send_via_unauthenticated_smtp_relay:\n driver = manualroute\n address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT\n domains = !+local_domains\n require_files = SMTP_RELAY_FILE\n condition = ${if eq{SMTP_RELAY_USER}{}}\n transport = remote_smtp\n route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}\n no_more\n no_verify\n'
line=$(expr $(sed -n '/begin routers/=' /etc/exim4/exim4.conf.template) + 2)
sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
fi
fi
if [ -f "/etc/dovecot/conf.d/10-ssl.conf" ]; then
sed -i 's|ssl_min_protocol = TLSv1.1|ssl_min_protocol = TLSv1.2|' /etc/dovecot/conf.d/10-ssl.conf
if ! grep -q "!TLSv1.1" /etc/dovecot/conf.d/10-ssl.conf; then
sed -i 's|ssl_protocols = !SSLv3 !TLSv1|ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1|' /etc/dovecot/conf.d/10-ssl.conf
fi
fi
if [ -f "/etc/default/spamassassin" ]; then
echo "[ * ] Enable Samassassin Cronjob"
sed -i "s/#CRON=1/CRON=1/" /etc/default/spamassassin
fi
# Adding LE autorenew cronjob if there are none
if [ -z "$(grep v-update-lets $HESTIA/data/users/admin/cron.conf)" ]; then
min=$(generate_password '012345' '2')
hour=$(generate_password '1234567' '1')
command="sudo $BIN/v-update-letsencrypt-ssl"
$BIN/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command"
fi
# Add apis if they don't exist
# Changes have been made make sure to overwrite them to prevent issues in the future
cp -rf $HESTIA_INSTALL_DIR/api $HESTIA/data/
# Update Cloudflare address
if [ -f /etc/nginx/nginx.conf ] && [ "$(grep 'set_real_ip_from 2405:8100::/32' /etc/nginx/nginx.conf)" = "" ]; then
echo "[ * ] Updating nginx configuration with changes to Cloudflare IP addresses"
sed -i "/#set_real_ip_from 2405:b500::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2606:4700::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2803:f800::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2c0f:f248::\/32;/d" /etc/nginx/nginx.conf
sed -i "/#set_real_ip_from 2a06:98c0::\/29;/d" /etc/nginx/nginx.conf
sed -i "s/#set_real_ip_from 2400:cb00::\/32;/# set_real_ip_from 2400:cb00::\/32;\n # set_real_ip_from 2606:4700::\/32;\n # set_real_ip_from 2803:f800::\/32;\n # set_real_ip_from 2405:b500::\/32;\n # set_real_ip_from 2405:8100::\/32;\n # set_real_ip_from 2a06:98c0::\/29;\n # set_real_ip_from 2c0f:f248::\/32;/g" /etc/nginx/nginx.conf
fi
if [ -n "$PHPMYADMIN_KEY" ]; then
echo "[ * ] Refresh PMA SSO key due to update phpmyadmin"
$BIN/v-delete-sys-pma-sso quiet
$BIN/v-add-sys-pma-sso quiet
fi
#Fixed an issue with Exim4 and Ubutnu22.04 in beta version
release=$(lsb_release -sr)
if [ "$release" = "22.04" ]; then
if [ -d "/etc/exim4/" ]; then
rm -fr /etc/exim4/exim.conf.template
cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.94.template /etc/exim4/exim4.conf.template
if [ "$ANTIVIRUS_SYSTEM" = 'clamav-daemon' ]; then
sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
fi
if [ "$ANTISPAM_SYSTEM" = 'spamassassin' ]; then
sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
fi
fi
fi
# Mute output v-add-sys-sftp-jail out put then enabling sftp on boot
if [ -f "/etc/cron.d/hestia-sftp" ]; then
rm /etc/cron.d/hestia-sftp
echo "@reboot root sleep 60 && /usr/local/hestia/bin/v-add-sys-sftp-jail > /dev/null" > /etc/cron.d/hestia-sftp
fi
ips=$(ls /usr/local/hestia/data/ips/ | wc -l)
release=$(lsb_release -s -i)
if [ $release = 'Ubuntu' ]; then
if [ $ips -gt 1 ]; then
add_upgrade_message "Warning: Please check your network configuration!\n\n A bug has been discovered that might affect your setup and can lead to issues after a system reboot. Please review your network configuration. See https://github.com/hestiacp/hestiacp/pull/2612#issuecomment-1135571835 for more info regarding this issue!"
$HESTIA/bin/v-add-user-notification admin "Warning: Please check your network configuration!\n\n A bug has been discovered that might affect your setup and can lead to issues after a system reboot. Please review your network configuration. <a href='https://github.com/hestiacp/hestiacp/pull/2612#issuecomment-1135571835'>More info</a>"
fi
fi
if [ -d /etc/phpmyadmin/conf.d ]; then
for file in /etc/phpmyadmin/conf.d/*; do
if [ -z "$(grep -i 'information_schema' $file)" ]; then
echo "[ * ] Update phpMyAdmin server configuration"
echo "\$cfg['Servers'][\$i]['hide_db'] = 'information_schema';" >> $file
fi
done
fi

51
install/upgrade/versions/1.6.1.sh Normal file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Fix exim rate limit send issue
if [ "$MAIL_SYSTEM" = "exim4" ]; then
acl=$(cat /etc/exim4/exim4.conf.template | grep '${extract{1}{:}{${lookup{$sender_address_local_part@$sender_address_domain}')
if [ ! -z "$acl" ]; then
echo "[ * ] Fixed an issue with rate limits and alias mail addresses"
sed -i 's/${extract{1}{:}{${lookup{$sender_address_local_part@$sender_address_domain}/${extract{1}{:}{${lookup{$authenticated_id}/' /etc/exim4/exim4.conf.template
fi
spamscore=$(cat /etc/exim4/exim4.conf.template | grep 'SPAM_REJECT_SCORE =')
if [ -z "$spamscore" ]; then
echo "[ * ] Fixed an issue reject spam not working properly."
sed -i '/SPAM_SCORE = .*/a SPAM_REJECT_SCORE = 100' /etc/exim4/exim4.conf.template
sed -i '/ set acl_m1 = yes/a warn condition = ${if exists {/etc/exim4/domains/$domain/reject_spam}{yes}{no}}\n set acl_m3 = yes' /etc/exim4/exim4.conf.template
fi
fi
# With setup from installer
if [ -f "/etc/apt/sources.list.d/hestia-beta.list" ]; then
echo "[ ! ] Change to stable release!"
rm /etc/apt/sources.list.d/hestia-beta.list
sed -i 's/#//g' /etc/apt/sources.list.d/hestia.list
fi
check=$(cat /etc/apt/sources.list.d/hestia.list | grep "beta.hestiacp.com")
if [ ! -z "$check" ]; then
echo "[ ! ] Change to stable release!"
sed -i '/beta.hestiacp.com/d' /etc/apt/sources.list.d/hestia.list
sed -i 's/#//g' /etc/apt/sources.list.d/hestia.list
fi

25
install/upgrade/versions/1.6.10.sh Normal file
View File

@@ -0,0 +1,25 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.9
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Delete all tmp files create by hestia that are left in place
rm -fr /tmp/vst*

33
install/upgrade/versions/1.6.12.sh Normal file
View File

@@ -0,0 +1,33 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.12
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f "/etc/fail2ban/jail.local" ]; then
sed -i "s|/var/log/mysql.log|/var/log/mysql/error.log|g" /etc/fail2ban/jail.local
fi
# Fixed firewall loading failed after reboot, applying update to hestia-iptables Systemd unit.
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
echo "[ * ] Update loading firewall rules service..."
$BIN/v-delete-sys-firewall
$BIN/v-add-sys-firewall
fi

22
install/upgrade/versions/1.6.13.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.13
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

29
install/upgrade/versions/1.6.14.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.14
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Clean up firewall rules restore file.
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
add_upgrade_message "About iptables rules [non-urgent]\n\nJust in case, if you added custom iptables rules in an unsupported way, they may have been lost.\n\nSee this issue to learn more:\nhttps://github.com/hestiacp/hestiacp/issues/3128"
echo "[ * ] Clean up firewall rules restore file..."
$BIN/v-update-firewall
fi

38
install/upgrade/versions/1.6.2.sh Normal file
View File

@@ -0,0 +1,38 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ "$MAIL_SYSTEM" == "exim4" ]; then
alc=$(cat /etc/exim4/exim4.conf.template | grep '${lookup{${domain:$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits')
if [ -z "$alc" ]; then
sed -i 's| set acl_c_msg_limit|#string1\n#replaceme|' /etc/exim4/exim4.conf.template
sed -i '/#replaceme/d' /etc/exim4/exim4.conf.template
sed -i 's|#string1|set acl_c_msg_limit = \${if exists{/etc/exim4/domains/\${lookup{\${domain:\$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits}{\${lookup {\$authenticated_id} lsearch{/etc/exim4/domains/\${lookup{${domain:\$authenticated_id}}dsearch{/etc/exim4/domains/}}/limits}{\$value}{\${readfile{/etc/exim4/limit.conf}}}}}{\${readfile{/etc/exim4/limit.conf}}} }|g' /etc/exim4/exim4.conf.template
fi
system_filter=$(cat /etc/exim4/exim4.conf.template | grep 'system_filter')
if [ -z "$system_filter" ]; then
sed -i '/SMTP_RELAY_PASS = \${lookup{pass}lsearch{SMTP_RELAY_FILE}}/a #shouldberemoved\n# Custom Filter\nsystem_filter = \/etc\/exim4\/system.filter\nsystem_filter_user = Debian-exim' /etc/exim4/exim4.conf.template
# Keep the spacing between the reley_pass and Custom Filter we need to insert a dummy text and remove it later on
sed -i 's/#shouldberemoved//g' /etc/exim4/exim4.conf.template
fi
fi

30
install/upgrade/versions/1.6.3.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ "$MAIL_SYSTEM" == "exim4" ]; then
host=$(cat /etc/exim4/exim4.conf.template | grep hosts_try_fastopen)
if [ -z "$host" ]; then
echo "[ * ] Fix an issue with sending large attachments to Google / Gmail"
sed -i '/dkim_strict = .*/a hosts_try_fastopen = !*.l.google.com' /etc/exim4/exim4.conf.template
fi
fi

22
install/upgrade/versions/1.6.4.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

22
install/upgrade/versions/1.6.5.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

30
install/upgrade/versions/1.6.6.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f "/etc/roundcube/config.inc.php" ]; then
if [ -n "$(grep 'ssl://localhost' /etc/roundcube/config.inc.php)" ]; then
# Echo prepare for 1.6.0 update
sed -i "s|ssl://localhost|localhost|g" /etc/roundcube/config.inc.php
sed -i "s|993|143|g" /etc/roundcube/config.inc.php
fi
fi

30
install/upgrade/versions/1.6.7.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.6.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f "/etc/roundcube/config.inc.php" ]; then
sed -i "s/\$config\['auto_create_user'] = false;/\$config\['auto_create_user'] = true;/g" /etc/roundcube/config.inc.php
sed -i "s/\$config\['prefer_html'] = false;/\$config\['prefer_html'] = true;/g" /etc/roundcube/config.inc.php
#For older installs
sed -i "s/\$config\['default_host']/\$config\['imap_host']/g" /etc/roundcube/config.inc.php
fi

46
install/upgrade/versions/1.6.8.sh Normal file
View File

@@ -0,0 +1,46 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version unreleased
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ -f /etc/nginx/nginx.conf ]; then
sed -i "s/fastcgi_buffers 4 256k;/fastcgi_buffers 8 256k;/g" /etc/nginx/nginx.conf
fi
# Sync up config files #2819
if [ -f "/etc/roundcube/config.inc.php" ]; then
sed -i "s/?>//" /etc/roundcube/config.inc.php
sed -i "s/?>//" /etc/roundcube/mimetypes.php
fi
for version in $($HESTIA/bin/v-list-sys-php plain); do
# Increase max upload and max post size
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 100M/g" /etc/php/$version/fpm/php.ini
sed -i "s/post_max_size = 8M/post_max_size = 100M/g" /etc/php/$version/fpm/php.ini
sed -i "s/max_execution_time = 30$/max_execution_time = 60/g" /etc/php/$version/fpm/php.ini
done
if [ -d /etc/roundcube ]; then
if [ ! -f /etc/logrotate.d/roundcube ]; then
echo "[ * ] Create config roundcube logrotate file"
cp -f $HESTIA_INSTALL_DIR/logrotate/roundcube /etc/logrotate.d/
fi
fi

28
install/upgrade/versions/1.6.9.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version unreleased
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'no'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'no'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Update api key permissions
if [ -f "$HESTIA/data/api/sync-dns-cluster" ]; then
rm $HESTIA/data/api/sync-dns-cluster
cp $HESTIA/install/deb/api/sync-dns-cluster $HESTIA/data/api/sync-dns-cluster
fi

121
install/upgrade/versions/1.7.0.sh Normal file
View File

@@ -0,0 +1,121 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
# load config because we need to know if proftpd is installed
# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/ip.sh
source $HESTIA/func/ip.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Make sure to sync install quoteshell arg
if [ "$FILE_MANAGER" = "true" ]; then
echo "[ * ] Force update filemanager..."
$HESTIA/bin/v-delete-sys-filemanager quiet
$HESTIA/bin/v-add-sys-filemanager quiet
fi
packages=$(ls --sort=time $HESTIA/data/packages | grep .pkg)
echo "[ * ] Update existing packages to support rate limit mail accounts..."
for package in $packages; do
if [ -z "$(grep -e 'RATE_LIMIT' $HESTIA/data/packages/$package)" ]; then
echo "RATE_LIMIT='200'" >> $HESTIA/data/packages/$package
fi
done
if [ -z "$(grep -e 'condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}' /etc/exim4/exim4.conf.template)" ]; then
for line in $(sed -n '/redirect_router = dnslookup/=' /etc/exim4/exim4.conf.template); do
testline=$((line - 1))
newline=$((line + 1))
if [ "$(awk NR==$testline /etc/exim4/exim4.conf.template)" = " file_transport = local_delivery" ]; then
# Add new line
sed -i "$newline i \ \ condition = \${lookup{$local_part@\$domain}lsearch{/etc/exim4/domains/\${lookup{\$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}" /etc/exim4/exim4.conf.template
fi
done
fi
# Allow Email@domain.com for login
if [ -f "/etc/dovecot/conf.d/10-auth.conf" ]; then
sed -i "s/auth_username_format = %u/auth_username_format = %Lu/g" /etc/dovecot/conf.d/10-auth.conf
fi
# rename /var/run/xx to /run/
for file in /etc/dovecot/dovecot.conf /etc/clamav/clamd.conf /etc/exim/exim.conf.template /etc/logrotate.d/apache2 /etc/logrotate.d/nginx /etc/mysql/my.cnf /etc/nginx/nginx.conf; do
if [ -f "$file" ]; then
echo "[ * ] Update $file legacy /var/run/ to /run/..."
sed -i 's|/var/run/|/run/|g' $file
fi
done
# Update any custom php templates
for file in $HESTIA/data/templates/web/php-fpm/*; do
echo "[ * ] Update $file legacy /var/run/ to /run/..."
sed -i 's|/var/run/|/run/|g' $file
done
for file in /etc/php/*/fpm/pool.d/www.conf; do
echo "[ * ] Update $file legacy /var/run/ to /run/..."
sed -i 's|/var/run/|/run/|g' $file
done
#update proftpd
if [ "$FTP_SYSTEM" = 'proftpd' ]; then
contains_conf_d=$(grep -c "Include /etc/proftpd/conf.d/\*.conf" "/etc/proftpd/proftpd.conf")
# the line below is for testing only:
# echo "contains proftpd? $contains_conf_d"
if [ $contains_conf_d = 0 ]; then
sed -i 's/Include \/etc\/proftpd\/tls.conf/&\nInclude \/etc\/proftpd\/conf.d\/*.conf/' /etc/proftpd/proftpd.conf
fi
$BIN/v-restart-ftp
fi
if echo "$BACKUP_SYSTEM" | grep "google" > /dev/null; then
echo "[ ! ] Deprecation notice: Backup via Google Cloud has been removed setup backup again via Rclone to reinstate the backup and restore capebilities!"
add_upgrade_message "Deprecation notice: Backup via Google Cloud has been removed setup backup again via Rclone to reinstate the backup and restore capebilities!"
fi
if [ -f /etc/logrotate.d/httpd-prerotate/awstats ]; then
echo "[ * ] Update Awstats prerotate to Hestia update method..."
# Replace awstatst function
cp -f $HESTIA_INSTALL_DIR/logrotate/httpd-prerotate/awstats /etc/logrotate.d/httpd-prerotate/
fi
if [ "$PHPMYADMIN_KEY" != "" ]; then
echo "[ * ] Refresh hestia-sso for PMA..."
$BIN/v-delete-sys-pma-sso quiet
$BIN/v-add-sys-pma-sso quiet
fi
if [ -f /etc/nginx/nginx.conf ] && [ ! -f /etc/nginx/conf.d/cloudflare.inc ]; then
echo "[ * ] Enable support for updating Cloudflare Ips..."
sed -i '/set_real_ip_from/d' /etc/nginx/nginx.conf
sed -i '/real_ip_header/d' /etc/nginx/nginx.conf
sed -i 's|# Cloudflare https://www.cloudflare.com/ips|# Cloudflare https://www.cloudflare.com/ips\n include /etc/nginx/conf.d/cloudflare.inc;|g' /etc/nginx/nginx.conf
# At a later stage a function will run and will load all the new rules
fi

46
install/upgrade/versions/1.7.1.sh Normal file
View File

@@ -0,0 +1,46 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Moved from 1.6.15.sh
if ! (grep -q 'v-change-user-password' $HESTIA/data/api/billing); then
sed -i "s|v-make-tmp-file'|v-make-tmp-file,v-change-user-password'|g" $HESTIA/data/api/billing
fi
# Apply update for path change of built-in IPset blacklist.sh
if [ "$FIREWALL_SYSTEM" = "iptables" ]; then
rm -f $HESTIA/data/firewall/ipset/blacklist.sh
if ($BIN/v-list-firewall-ipset plain | grep -q '/install/deb/firewall/ipset/blacklist.sh'); then
echo "[ * ] Update the path of IPset blacklist.sh..."
sed -i 's|/install/deb/firewall/ipset/blacklist.sh|/install/common/firewall/ipset/blacklist.sh|g' $HESTIA/data/firewall/ipset.conf
fi
fi
if [ "$WEB_SYSTEM" = "apache2" ]; then
if ! (grep -q "$WEBMAIL_ALIAS.*.conf" /etc/apache2/apache2.conf); then
echo "[ * ] Update /etc/apache2/apache2.conf..."
sed -i "s/IncludeOptional conf.d\/domains\/\*.conf/IncludeOptional conf.d\/domains\/$WEBMAIL_ALIAS.*.conf\nIncludeOptional conf.d\/domains\/\*.conf/g" /etc/apache2/apache2.conf
fi
fi

24
install/upgrade/versions/1.7.2.sh Normal file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

29
install/upgrade/versions/1.7.3.sh Normal file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if grep -q 'drop message = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid' /etc/exim4/exim4.conf.template; then
echo "[ * ] Update exim4.conf.template ..."
patch /etc/exim4/exim4.conf.template $HESTIA/install/upgrade/patch/3462-exim-helo-autenticted-users.patch
fi

24
install/upgrade/versions/1.7.4.sh Normal file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.4
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

24
install/upgrade/versions/1.7.5.sh Normal file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.5
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

24
install/upgrade/versions/1.7.6.sh Normal file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.6
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

24
install/upgrade/versions/1.7.7.sh Normal file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.7.7
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

298
install/upgrade/versions/1.8.0.sh Normal file
View File

@@ -0,0 +1,298 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.8.0
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
os_release="$(lsb_release -s -i | tr "[:upper:]" "[:lower:]")-$(lsb_release -s -r)"
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
if ! grep -qw "^extra_groups = mail$" /etc/dovecot/conf.d/10-master.conf 2> /dev/null; then
sed -i "s/^service auth {/service auth {\n extra_groups = mail\n/g" /etc/dovecot/conf.d/10-master.conf
fi
if [ -f /etc/dovecot/conf.d/90-sieve.conf ]; then
if ! grep -q "sieve_vacation_send_from_recipient" /etc/dovecot/conf.d/90-sieve.conf 2> /dev/null; then
sed -i "s/^plugin {/plugin {\n # This setting determines whether vacation messages are sent with the SMTP MAIL FROM envelope address set to the recipient address of the Sieve script owner.\n sieve_vacation_send_from_recipient = yes\n/g" /etc/dovecot/conf.d/90-sieve.conf
fi
fi
fi
if [ -f /etc/fail2ban/jail.local ]; then
# Add phpmyadmin rule
if ! grep -qw "phpmyadmin-auth" /etc/fail2ban/jail.local 2> /dev/null; then
sed -i '/\[recidive\]/i [phpmyadmin-auth]\nenabled = true\nfilter = phpmyadmin-syslog\naction = hestia[name=WEB]\nlogpath = /var/log/auth.log\nmaxretry = 5\n' /etc/fail2ban/jail.local
fi
fi
if [ "$MAIL_SYSTEM" = "exim4" ]; then
if [ "$os_release" != "debian-10" ]; then
# Exclude Debian 10...
echo "[ * ] Disable SMTPUTF8 for Exim for now"
if ! grep -qw "^smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template 2> /dev/null; then
sed -i "/^domainlist local_domains = dsearch;\/etc\/exim4\/domains/i smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template
fi
fi
fi
# Apply the update for existing users to enable the "Enhanced and Optimized TLS" feature
echo '[ * ] Enable the "Enhanced and Optimized TLS" feature...'
# Configuring global OpenSSL options
tls13_ciphers="TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
if ! grep -qw "^[hestia_openssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then
if [ "$os_release" = "debian-10" ] || [ "$os_release" = "debian-11" ]; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
elif [ "$os_release" = "debian-12" ]; then
if ! grep -qw "^ssl_conf = ssl_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/providers = provider_sect$/a ssl_conf = ssl_sect' /etc/ssl/openssl.cnf
fi
if ! grep -qw "^[ssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '$a \\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
fi
elif [ "$os_release" = "ubuntu-20.04" ]; then
if ! grep -qw "^openssl_conf = default_conf$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/^oid_section = new_oids$/a \\n# System default\nopenssl_conf = default_conf' /etc/ssl/openssl.cnf
fi
if ! grep -qw "^[default_conf]$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '$a [default_conf]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
fi
elif [ "$os_release" = "ubuntu-22.04" ]; then
sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
fi
fi
# Update server configuration files
tls12_ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256"
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
if grep -qw "^ssl_min_protocol = TLSv1.2$" /etc/dovecot/conf.d/10-ssl.conf 2> /dev/null; then
sed -i '/^# See #2012 for TLSv1.1 to 1.2 upgrade$/d;/^ssl_cipher_list = .\+$/d;s/^ssl_min_protocol = TLSv1.2/ssl_cipher_list = '"$tls12_ciphers"'\nssl_min_protocol = TLSv1.2/' /etc/dovecot/conf.d/10-ssl.conf
elif grep -qw "^ssl_protocols = \!SSLv3 \!TLSv1 \!TLSv1.1$" /etc/dovecot/conf.d/10-ssl.conf 2> /dev/null; then
sed -i '/^# See #2012 for TLSv1.1 to 1.2 upgrade$/d;/^ssl_cipher_list = .\+$/d;s/^ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1/ssl_cipher_list = '"$tls12_ciphers"'\nssl_protocols = !SSLv3 !TLSv1 !TLSv1.1/' /etc/dovecot/conf.d/10-ssl.conf
fi
fi
if [ "$MAIL_SYSTEM" = "exim4" ]; then
if grep -qw "^tls_on_connect_ports = 465$" /etc/exim4/exim4.conf.template 2> /dev/null; then
sed -i '/^tls_require_ciphers = .\+$/d;s/^tls_on_connect_ports = 465/tls_on_connect_ports = 465\ntls_require_ciphers = PERFORMANCE:-RSA:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:%SERVER_PRECEDENCE/' /etc/exim4/exim4.conf.template
fi
fi
if [ "$FTP_SYSTEM" = "proftpd" ]; then
if grep -qw "^TLSProtocol TLSv1.2$" /etc/proftpd/tls.conf 2> /dev/null; then
sed -i '/^TLSCipherSuite .\+$/d;/^TLSServerCipherPreference .\+$/d;s/^TLSProtocol TLSv1.2/TLSCipherSuite '"$tls12_ciphers"'\nTLSProtocol TLSv1.2 TLSv1.3\nTLSServerCipherPreference on/;s/^#TLSOptions AllowClientRenegotiations/#TLSOptions AllowClientRenegotiations/;s/^TLSOptions NoSessionReuseRequired AllowClientRenegotiations/TLSOptions NoSessionReuseRequired AllowClientRenegotiations/' /etc/proftpd/tls.conf
fi
fi
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
if grep -q "^ssl_ciphers=.\+$" /etc/vsftpd/vsftpd.conf 2> /dev/null; then
sed -i 's/^ssl_ciphers=.\+$/ssl_ciphers='"$tls12_ciphers"'/' /etc/vsftpd/vsftpd.conf
fi
fi
if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
# Little trick to bypass on my private fork :)
if ! grep -q "quic_bpf" /etc/nginx/nginx.conf && ! grep -q "spdy_headers_comp" /etc/nginx/nginx.conf; then
# Syncing "/etc/nginx/nginx.conf" with mainline, to fix the **** caused by formatter or forgetting to apply updates
echo "[ * ] Syncing NGINX configuration with mainline..."
trap 'rm -fr "$dir_for_compare" /etc/nginx/nginx.conf-staging' EXIT
dir_for_compare="$(mktemp -d)"
nginx_conf_local="$dir_for_compare"/nginx.conf-local
nginx_conf_commit="$dir_for_compare"/nginx.conf-commit
sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' /etc/nginx/nginx.conf | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_local"
# For installations before v1.6.8 (from commit 9b544be to commit b2ad154)
curl -fsLm5 --retry 2 https://raw.githubusercontent.com/hestiacp/hestiacp/b2ad1549a21655837056e4b7883970d51a4b324f/install/deb/nginx/nginx.conf \
| sed 's/fastcgi_buffers 4 256k;/fastcgi_buffers 8 256k;/g;s|/var/run/|/run/|g;/set_real_ip_from/d;/real_ip_header/d;s|# Cloudflare https://www.cloudflare.com/ips|# Cloudflare https://www.cloudflare.com/ips\n include /etc/nginx/conf.d/cloudflare.inc;|g' \
| sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_commit"-b2ad154
# For installations after v1.6.8 but before v1.7.0 (from commit b2ad154 to commit 015b20a)
curl -fsLm5 --retry 2 https://raw.githubusercontent.com/hestiacp/hestiacp/015b20ae1ffb82faaf58b41a5dc9ad1b078b785f/install/deb/nginx/nginx.conf \
| sed 's|/var/run/|/run/|g;/set_real_ip_from/d;/real_ip_header/d;s|# Cloudflare https://www.cloudflare.com/ips|# Cloudflare https://www.cloudflare.com/ips\n include /etc/nginx/conf.d/cloudflare.inc;|g' \
| sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_commit"-015b20a
# For installations after v1.7.0 (commit 555f892)
curl -fsLm5 --retry 2 https://raw.githubusercontent.com/hestiacp/hestiacp/555f89243e54e02458586ae4f7999458cc9d33e9/install/deb/nginx/nginx.conf \
| sed 's|https://www.cloudflare.com/||;/^[ \t]\+resolver .\+;$/d;/^[ \t]\+# Cache settings$/d;/^[ \t]\+# Proxy cache$/d' | sed ':l;N;$!bl;s/[ \n\t]*//g' > "$nginx_conf_commit"-555f892
for commit in b2ad154 015b20a 555f892; do
if cmp -s "$nginx_conf_local" "$nginx_conf_commit"-"$commit" 2> /dev/null; then
nginx_conf_compare="same"
cp -f "$HESTIA_INSTALL_DIR"/nginx/nginx.conf /etc/nginx
break
fi
done
if [ "$nginx_conf_compare" != "same" ]; then
echo -e "[ ! ] Manual action required, please view:\n[ - ] $HESTIA_BACKUP/message.log"
add_upgrade_message "Manual Action Required [IMPORTANT]\n\nTo enable the \"Enhanced and Optimized TLS\" feature, we must update the NGINX configuration file (/etc/nginx/nginx.conf).\n\nBut for unknown reason or you edited it, may not be fully apply all the changes in this upgrade.\n\nPlease follow the default configuration file to sync it:\n$HESTIA_INSTALL_DIR/nginx/nginx.conf\n\nBacked up configuration file:\n$HESTIA_BACKUP/conf/nginx/nginx.conf\n\nLearn more:\nhttps://github.com/hestiacp/hestiacp/pull/3555\n\n"
"$BIN"/v-add-user-notification admin "IMPORTANT: Manual Action Required" '<p>To enable the "Enhanced and Optimized TLS" feature, we must update the NGINX configuration file at <code>/etc/nginx/nginx.conf</code>.</p><p>But for unknown reason or you edited it, may not be fully apply all the changes in this upgrade.</p><p>Please follow the default configuration file to sync it:<br><code>'"$HESTIA_INSTALL_DIR"'/nginx/nginx.conf</code></p><p>Backed up configuration file:<br><code>'"$HESTIA_BACKUP"'/conf/nginx/nginx.conf</code></p><p>Visit PR <a href="https://github.com/hestiacp/hestiacp/pull/3555" target="_blank">#3555</a> on GitHub to learn more.</p>'
sed -i "s/""$(grep -m 1 "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='1'/" "$HESTIA"/data/users/admin/notifications.conf
cp -f /etc/nginx/nginx.conf /etc/nginx/nginx.conf-staging
# Apply previously missed updates
sed -i 's/fastcgi_buffers 4 256k;/fastcgi_buffers 8 256k;/;s|https://www.cloudflare.com/||;s/# Cache settings/# Proxy cache/' /etc/nginx/nginx.conf-staging
# Formatting
echo "" >> /etc/nginx/nginx.conf-staging
sed -i '/^[ \t]*$/d;s/^ worker_connections 1024;/\tworker_connections 1024;/;s/^ use epoll;/\tuse epoll;/;s/^ multi_accept on;/\tmulti_accept on;/;s/^ /\t\t/g;s/^ /\t/g;s/^# Worker config/\n# Worker config/;s/^http {/\nhttp {/;s/^\t# Cache bypass/\n\t# Cache bypass/;s/^\t# File cache (static assets)/\n\t# File cache (static assets)/;s/^user www-data;/user www-data;/;s/^worker_processes auto;/worker_processes auto;/;s/^worker_rlimit_nofile 65535;/worker_rlimit_nofile 65535;/;s|^error_log /var/log/nginx/error.log;|error_log /var/log/nginx/error.log;|;s|^pid /run/nginx.pid;|pid /run/nginx.pid;|;s|^include /etc/nginx/modules-enabled/\*.conf;|include /etc/nginx/modules-enabled/\*.conf;|;s/log_not_found off;/log_not_found off;/;s/access_log off;/access_log off;/;s|include /etc/nginx/mime.types;|include /etc/nginx/mime.types;|;s|default_type application/octet-stream;|default_type application/octet-stream;|;s/default 0;/default 0;/;s/~SESS 1;/~SESS 1;/;s|include /etc/nginx/conf.d/|include /etc/nginx/conf.d/|g' /etc/nginx/nginx.conf-staging
# Prepare for update
sed -i '/proxy_bu/d;/proxy_temp/d;/log_format/d;/body_bytes_sent/d;/http_user_agent/d;/gzip/d;/application\/j/d;/application\/x/d;/ssl_/d;/resolver/d;/error_page/d;/\/var\/cache\/nginx/d;/max_size=/d;/_cache_key/d;/_ignore_headers/d;/_cache_use_stale/d;/_cache_valid/d;/_cache_methods/d;/add_header/d;/open_file_cache/d' /etc/nginx/nginx.conf-staging
# Apply the update
sed -i 's/client_max_body_size 256m;/client_max_body_size 1024m;/;s/keepalive_requests 100000;/keepalive_requests 10000;/;s/fastcgi_buffers 8 256k;/fastcgi_buffers 512 4k;/;s/proxy_pass_header Set-Cookie;/proxy_pass_header Set-Cookie;\n\tproxy_buffers 256 4k;\n\tproxy_buffer_size 32k;\n\tproxy_busy_buffers_size 32k;\n\tproxy_temp_file_write_size 256k;/;s/# Log format/# Log format\n\tlog_format main '"'"'$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'"'"';\n\tlog_format bytes '"'"'$body_bytes_sent'"'"';/;s|# Compression|# Compression\n\tgzip on;\n\tgzip_vary on;\n\tgzip_static on;\n\tgzip_comp_level 6;\n\tgzip_min_length 1024;\n\tgzip_buffers 128 4k;\n\tgzip_http_version 1.1;\n\tgzip_types text/css text/javascript text/js text/plain text/richtext text/shtml text/x-component text/x-java-source text/x-markdown text/x-script text/xml image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon font/otf font/ttf font/x-woff multipart/bag multipart/mixed application/eot application/font application/font-sfnt application/font-woff application/javascript application/javascript-binast application/json application/ld+json application/manifest+json application/opentype application/otf application/rss+xml application/ttf application/truetype application/vnd.api+json application/vnd.ms-fontobject application/wasm application/xhtml+xml application/xml application/xml+rss application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-protobuf application/x-ttf;\n\tgzip_proxied any;|;s/# Cloudflare ips/# Cloudflare IPs/;s|# SSL PCI compliance|# SSL PCI compliance\n\tssl_buffer_size 1369;\n\tssl_ciphers "'"$tls12_ciphers"'";\n\tssl_dhparam /etc/ssl/dhparam.pem;\n\tssl_early_data on;\n\tssl_ecdh_curve auto;\n\tssl_prefer_server_ciphers on;\n\tssl_protocols TLSv1.2 TLSv1.3;\n\tssl_session_cache shared:SSL:20m;\n\tssl_session_tickets on;\n\tssl_session_timeout 7d;\n\tresolver 1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;\n\tresolver_timeout 5s;|;s|# Error pages|# Error pages\n\terror_page 403 /error/404.html;\n\terror_page 404 /error/404.html;\n\terror_page 410 /error/410.html;\n\terror_page 500 501 502 503 504 505 /error/50x.html;|;s|# Proxy cache|# Proxy cache\n\tproxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;\n\tproxy_cache_key "$scheme$request_method$host$request_uri";\n\tproxy_temp_path /var/cache/nginx/temp;\n\tproxy_ignore_headers Cache-Control Expires;\n\tproxy_cache_use_stale error timeout invalid_header updating http_502;\n\tproxy_cache_valid any 1d;|;s|# FastCGI cache|# FastCGI cache\n\tfastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m inactive=30m max_size=1024m;\n\tfastcgi_cache_key "$scheme$request_method$host$request_uri";\n\tfastcgi_ignore_headers Cache-Control Expires Set-Cookie;\n\tfastcgi_cache_use_stale error timeout invalid_header updating http_500 http_503;\n\tadd_header X-FastCGI-Cache $upstream_cache_status;|;s/# File cache (static assets)/# File cache (static assets)\n\topen_file_cache max=10000 inactive=30s;\n\topen_file_cache_valid 60s;\n\topen_file_cache_min_uses 2;\n\topen_file_cache_errors off;/' /etc/nginx/nginx.conf-staging
# Apply the update for implement TLS 1.3 0-RTT anti-replay and upcoming HTTP/3 support
sed -i '/\/etc\/nginx\/conf\.d\/main\/\*\.conf;/d;/pid \/run\/nginx.pid;/a include /etc/nginx/conf.d/main/*.conf;' /etc/nginx/nginx.conf-staging
sed -i '/Early-Data/d;/proxy_set_header Host $host;/a \\tproxy_set_header Early-Data $rfc_early_data;' /etc/nginx/nginx.conf-staging
# Verify new configuration file
if nginx -c /etc/nginx/nginx.conf-staging -t > /dev/null 2>&1; then
mv -f /etc/nginx/nginx.conf-staging /etc/nginx/nginx.conf
fi
fi
# Implement TLS 1.3 0-RTT anti-replay
echo -e "[ * ] TLS 1.3 0-RTT anti-replay for NGINX, please view:\n[ - ] $HESTIA_BACKUP/message.log"
add_upgrade_message "About TLS 1.3 0-RTT anti-replay for NGINX\n\nIf you use custom templates, please update them (*.stpl) to apply this protection.\n\nFollow the usage or other default templates:\n/etc/nginx/conf.d/0rtt-anti-replay.conf\n\nLearn more:\nhttps://github.com/hestiacp/hestiacp/pull/3692"
"$BIN"/v-add-user-notification admin "About TLS 1.3 0-RTT anti-replay for NGINX" '<p>If you use custom templates, please update them (*.stpl) to apply this protection.</p><p>Follow the usage or other default templates:<br><code>/etc/nginx/conf.d/0rtt-anti-replay.conf</code></p><p>Visit PR <a href="https://github.com/hestiacp/hestiacp/pull/3692" target="_blank">#3692</a> on GitHub to learn more.</p>'
if grep -qw "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf 2> /dev/null; then
sed -i "s/""$(grep -m 1 "About TLS 1.3 0-RTT anti-replay for NGINX" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='2'/" "$HESTIA"/data/users/admin/notifications.conf
else
sed -i "s/""$(grep -m 1 "About TLS 1.3 0-RTT anti-replay for NGINX" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='1'/" "$HESTIA"/data/users/admin/notifications.conf
fi
cp -f "$HESTIA_INSTALL_DIR"/nginx/0rtt-anti-replay.conf /etc/nginx/conf.d
# Update resolver for NGINX
for nameserver in $(grep -is '^nameserver' /etc/resolv.conf | cut -d' ' -f2 | tr '\r\n' ' ' | xargs); do
if [[ "$nameserver" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
if [ -z "$resolver" ]; then
resolver="$nameserver"
else
resolver="$resolver $nameserver"
fi
fi
done
if [ -n "$resolver" ]; then
sed -i "s/1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8/$resolver/g" /etc/nginx/nginx.conf
fi
# Update some configuration files
cp -f "$HESTIA_INSTALL_DIR"/nginx/phpmyadmin.inc "$HESTIA_INSTALL_DIR"/nginx/phppgadmin.inc "$HESTIA_INSTALL_DIR"/nginx/status.conf /etc/nginx/conf.d
[ -n "$DB_PMA_ALIAS" ] && sed -i "s|%pma_alias%|$DB_PMA_ALIAS|g" /etc/nginx/conf.d/phpmyadmin.inc
[ -n "$DB_PGA_ALIAS" ] && sed -i "s|%pga_alias%|$DB_PGA_ALIAS|g" /etc/nginx/conf.d/phppgadmin.inc
# Prepare for upcoming HTTP/3 support, also convenient for users to add directive to "main" context
mkdir -p /etc/nginx/conf.d/main
fi
fi
unset commit nameserver nginx_conf_commit nginx_conf_compare nginx_conf_local os_release tls12_ciphers tls13_ciphers resolver
# Finish configuring the "Enhanced and Optimized TLS" feature
# Update IPs configuration file
# shellcheck source=/usr/local/hestia/func/domain.sh
source $HESTIA/func/domain.sh
if [ "$WEB_SYSTEM" = "nginx" ]; then
while IFS= read -r IP; do
ip_conf="/etc/nginx/conf.d/$IP.conf"
cp -f "$HESTIA_INSTALL_DIR"/nginx/unassigned.inc "$ip_conf"
sed -i "s/directIP/$IP/g" "$ip_conf"
process_http2_directive "$ip_conf"
done < <(ls "$HESTIA"/data/ips/ 2> /dev/null)
elif [ "$PROXY_SYSTEM" = "nginx" ]; then
while IFS= read -r IP; do
cat "$WEBTPL"/nginx/proxy_ip.tpl \
| sed -e "s/%ip%/$IP/g" \
-e "s/%web_port%/$WEB_PORT/g" \
-e "s/%proxy_port%/$PROXY_PORT/g" \
-e "s/%proxy_ssl_port%/$PROXY_SSL_PORT/g" \
> "/etc/nginx/conf.d/$IP.conf"
process_http2_directive "/etc/nginx/conf.d/$IP.conf"
done < <(ls "$HESTIA"/data/ips/ 2> /dev/null)
fi
if [ "$MAIL_SYSTEM" = "exim4" ]; then
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
# if Exim version > 4.95 or greater!
if version_ge "$exim_version" "4.95"; then
if ! grep -q 'SRS_SECRET' /etc/exim4/exim4.conf.template; then
srs=$(generate_password)
echo $srs > /etc/exim4/srs.conf
chmod 640 /etc/exim4/srs.conf
chown root:Debian-exim /etc/exim4/srs.conf
cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.staging
patch /etc/exim4/exim4.conf.template.staging $HESTIA/install/upgrade/patch/3661-exim-srs-support.patch 2>&1
exim -C /etc/exim4/exim4.conf.template.staging 2>&1
if [ "$?" -ne 0 ]; then
add_upgrade_message "Unable to successfully aply the SRS update patch for Exim.\n If you use SMTP relay with the SRS feature use the exim config found in /usr/local/hestia/install/deb/exim/exim4.conf.4.95.template"
"$BIN"/v-add-user-notification admin "Unable to apply patch to Exim config" 'Unable to successfully apply the SRS update patch for Exim.<br /> If you use SMTP relay with the SRS feature use the exim config found in /usr/local/hestia/install/deb/exim/exim4.conf.4.95.template'
if grep -qw "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf 2> /dev/null; then
sed -i "s/""$(grep -m 1 "Unable to apply patch to Exim config" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='3'/" "$HESTIA"/data/users/admin/notifications.conf
else
sed -i "s/""$(grep -m 1 "Unable to apply patch to Exim config" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='2'/" "$HESTIA"/data/users/admin/notifications.conf
fi
echo "[ ! ] Unable to apply SRS update patch for SMTP relay"
else
echo "[ * ] Update exim4.conf.template ..."
cp /etc/exim4/exim4.conf.template.staging /etc/exim4/exim4.conf.template
fi
rm /etc/exim4/exim4.conf.template.staging*
else
sed -i "s/SRS_SECRET = readfile{\/etc\/exim4\/srs.conf}/SRS_SECRET = \${readfile{\/etc\/exim4\/srs.conf}}/g" /etc/exim4/exim4.conf.template
chown root:Debian-exim /etc/exim4/srs.conf
fi
fi
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
# if Exim version > 4.95 or greater!
if version_ge "$exim_version" "4.95"; then
if ! grep -q 'condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}' /etc/exim4/exim4.conf.template; then
for line in $(sed -n '/redirect_router = dnslookup/=' /etc/exim4/exim4.conf.template); do
testline=$((line - 1))
newline=$((line + 1))
if [ "$(awk NR==$testline /etc/exim4/exim4.conf.template)" = " file_transport = local_delivery" ]; then
# Add new line
sed -i "$newline i \ \ condition = \${lookup{\$local_part@\$domain}lsearch{/etc/exim4/domains/\${lookup{\$domain}dsearch{/etc/exim4/domains/}}/aliases}{false}{true}}" /etc/exim4/exim4.conf.template
fi
done
fi
fi
fi

34
install/upgrade/versions/1.8.1.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.8.1
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
if [ "$MAIL_SYSTEM" = "exim4" ]; then
exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
# if Exim version > 4.95 or greater!
if version_ge "$exim_version" "4.95"; then
sed -i "s/SRS_SECRET = readfile{\/etc\/exim4\/srs.conf}/SRS_SECRET = \${readfile{\/etc\/exim4\/srs.conf}}/g" /etc/exim4/exim4.conf.template
chown root:Debian-exim /etc/exim4/srs.conf
chown 644 /etc/exim4/srs.conf
fi
fi

37
install/upgrade/versions/1.8.2.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.8.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Disable TLS 1.3 support for ProFTPD versions older than v1.3.7a
if [ "$FTP_SYSTEM" = "proftpd" ]; then
os_release="$(lsb_release -s -i | tr "[:upper:]" "[:lower:]")-$(lsb_release -s -r)"
if [ "$os_release" = "debian-10" ] || [ "$os_release" = "ubuntu-20.04" ]; then
if grep -qw "^TLSProtocol TLSv1.2 TLSv1.3$" test.conf 2> /dev/null; then
sed -i 's/TLSProtocol TLSv1.2 TLSv1.3/TLSProtocol TLSv1.2/' /etc/proftpd/tls.conf
else
sed -i '/^TLSProtocol .\+$/d;/TLSServerCipherPreference on$/i TLSProtocol TLSv1.2' /etc/proftpd/tls.conf
fi
fi
fi

30
install/upgrade/versions/1.8.3.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.8.3
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
####### upgrade_config_set_value only accepts true or false. #######
####### #######
####### Pass through information to the end user in case of a issue or problem #######
####### #######
####### Use add_upgrade_message "My message here" to include a message #######
####### in the upgrade notification email. Example: #######
####### #######
####### add_upgrade_message "My message here" #######
####### #######
####### You can use \n within the string to create new lines. #######
#######################################################################################
upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
# Add new API key permission
if [ -f "$HESTIA/data/api/update-dns-records" ]; then
rm $HESTIA/data/api/update-dns-records
fi
cp $HESTIA/install/common/api/update-dns-records $HESTIA/data/api/update-dns-records