bayrepo
/
hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8a1db81366'
${ noResults }
hestiacp/install/upgrade/versions/1.0.2.sh

75 lines
2.9 KiB
Raw Blame History

#!/bin/bash
# Hestia Control Panel upgrade script for target version 1.0.2
#######################################################################################
####### Place additional commands below. #######
#######################################################################################
# Replace dhparam 1024 with dhparam 4096
echo "[ * ] Increasing Diffie-Hellman Parameter strength to 4096-bit..."
if [ -e /etc/ssl/dhparam.pem ]; then
mv /etc/ssl/dhparam.pem $HESTIA_BACKUP/conf/
fi
cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl/
chmod 600 /etc/ssl/dhparam.pem
# Enhance Vsftpd security
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
echo "[ * ] Hardening Vsftpd SSL configuration..."
cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
sed -i "s|ssl_tlsv1=YES|ssl_tlsv1=NO|g" /etc/vsftpd.conf
fi
# Enhance Dovecot security
if [ "$IMAP_SYSTEM" = "dovecot" ]; then
echo "[ * ] Hardening Dovecot SSL configuration..."
mv /etc/dovecot/conf.d/10-ssl.conf $HESTIA_BACKUP/conf/
cp -f $HESTIA/install/deb/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/
fi
# Update DNS resolvers in hestia-nginx's configuration
echo "[ * ] Updating DNS resolvers for Hestia Internal Web Server..."
dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
for ip in $dns_resolver; do
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
resolver="$ip $resolver"
fi
done
if [ ! -z "$resolver" ]; then
sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
fi
# Remove Webalizer and set AWStats as default
WEBALIZER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep webalizer)
if [ ! -z "$WEBALIZER_CHECK" ]; then
echo "[ * ] Set awstats as default web statistics backend..."
$HESTIA/bin/v-change-sys-config-value 'STATS_SYSTEM' 'awstats'
fi
# Remove old hestia.conf files from Apache & NGINX if they exist
if [ -f "/etc/apache2/conf.d/hestia.conf" ]; then
echo "[ * ] Removing old Apache configuration file from previous version of Hestia Control Panel..."
rm -f /etc/apache2/conf.d/hestia.conf
fi
if [ -f "/etc/httpd/conf.h.d/hestia.conf" ]; then
echo "[ * ] Removing old Apache configuration file from previous version of Hestia Control Panel..."
rm -f /etc/httpd/conf.h.d/hestia.conf
fi
if [ -f "/etc/nginx/conf.d/hestia.conf" ]; then
echo "[ * ] Removing old NGINX configuration file from previous version of Hestia Control Panel..."
rm -f /etc/nginx/conf.d/hestia.conf
fi
# Update webmail templates to enable OCSP/SSL stapling
if [ ! -z "$IMAP_SYSTEM" ]; then
echo "[ * ] Enabling OCSP stapling support for webmail services..."
$BIN/v-update-mail-templates > /dev/null 2>&1
fi
# Enhance webmail security
if [ -e "/etc/nginx/conf.d/webmail.inc" ]; then
cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
fi
Reference in new issue View Git Blame Copy Permalink