wcp/install/upgrade/versions/1.6.0.sh at main · ghzhost/wcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/bin/bash

# Hestia Control Panel upgrade script for target version 1.6.0

#######################################################################################
#######                      Place additional commands below.                   #######
#######################################################################################
####### Pass through information to the end user in case of a issue or problem  #######
#######                                                                         #######
####### Use add_upgrade_message "My message here" to include a message          #######
####### in the upgrade notification email. Example:                             #######
#######                                                                         #######
####### add_upgrade_message "My message here"                                   #######
#######                                                                         #######
####### You can use \n within the string to create new lines.                   #######
#######################################################################################

upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'yes'
upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'

# Delete compsoser to force update to composer v2
rm -fr /home/admin/.composer

if [ "$MAIL_SYSTEM" = "exim4" ]; then
	echo "[ * ] Update exim4 config to support rate limits"
	# Upgrade config exim for custom limits
	sed -i '115,250 s/ratelimit             = 200 \/ 1h \/ $authenticated_id/          set acl_c_msg_limit = \${if exists{\/etc\/exim4\/domains\/\${lookup{\$sender_address_domain}dsearch{\/etc\/exim4\/domains\/}}\/limits} {\${extract{1}{:}{\${lookup{\$sender_address_local_part@\$sender_address_domain}lsearch{\/etc\/exim4\/domains\/\${lookup{\$sender_address_domain}dsearch{\/etc\/exim4\/domains\/}}\/limits}}}}} {\${readfile{\/etc\/exim4\/limit.conf}}} }\n ratelimit     = \$acl_c_msg_limit \/ 1h \/ strict\/ \$authenticated_id/g' /etc/exim4/exim4.conf.template
	sed -i '115,250 s/warn    ratelimit     = 100 \/ 1h \/ strict \/ $authenticated_id/warn    ratelimit     = ${eval:$acl_c_msg_limit \/ 2} \/ 1h \/ strict \/ $authenticated_id/g' /etc/exim4/exim4.conf.template
	# Add missing limit.conf file
	cp $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/limit.conf
	cp $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/system.filter

	acl=$(cat /etc/exim4/exim4.conf.template | grep "set acl_m3")
	if [ -z "$acl" ]; then
		echo "[ * ] Add support for optional rejecting spam"
		sed -i 's/ warn    set acl_m1    = no/ warn    set acl_m1    = no \n          set acl_m3    = no/g' /etc/exim4/exim4.conf.template
		sed -i 's|                          set acl_m1    = yes|              set acl_m1    = yes \n  warn    condition     = \${if exists {/etc/exim4/domains/\$domain/reject_spam}{yes}{no}} \n         set acl_m3    = yes|g' /etc/exim4/exim4.conf.template
		sed -i 's|         message        = SpamAssassin detected spam (from \$sender_address to \$recipients).|        message        = SpamAssassin detected spam (from $sender_address to $recipients).\n\n  # Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled\n  deny   message        = This message scored \$spam_score spam points\n          spam           = debian-spamd:true \n          condition      = \${if eq{\$acl_m3}{yes}{yes}{no}} \n          condition      = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}}	|g' /etc/exim4/exim4.conf.template
	fi

	if ! grep -q "send_via_unauthenticated_smtp_relay" /etc/exim4/exim4.conf.template; then
		echo '[ * ] Enabling SMTP relay support...'
		# Add smtp relay router
		insert='send_via_unauthenticated_smtp_relay:\n  driver = manualroute\n  address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT\n  domains = !+local_domains\n  require_files = SMTP_RELAY_FILE\n  condition = ${if eq{SMTP_RELAY_USER}{}}\n  transport = remote_smtp\n  route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}\n  no_more\n  no_verify\n'

		line=$(expr $(sed -n '/begin routers/=' /etc/exim4/exim4.conf.template) + 2)
		sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
	fi
fi

if [ -f "/etc/dovecot/conf.d/10-ssl.conf" ]; then
	sed -i 's|ssl_min_protocol = TLSv1.1|ssl_min_protocol = TLSv1.2|' /etc/dovecot/conf.d/10-ssl.conf
	if ! grep -q "!TLSv1.1" /etc/dovecot/conf.d/10-ssl.conf; then
		sed -i 's|ssl_protocols = !SSLv3 !TLSv1|ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1|' /etc/dovecot/conf.d/10-ssl.conf
	fi
fi

if [ -f "/etc/default/spamassassin" ]; then
	echo "[ * ] Enable Samassassin Cronjob"
	sed -i "s/#CRON=1/CRON=1/" /etc/default/spamassassin
fi

# Adding LE autorenew cronjob if there are none
if [ -z "$(grep v-update-lets $HESTIA/data/users/admin/cron.conf)" ]; then
	min=$(generate_password '012345' '2')
	hour=$(generate_password '1234567' '1')
	command="sudo $BIN/v-update-letsencrypt-ssl"
	$BIN/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command"
fi

# Add apis if they don't exist
# Changes have been made make sure to overwrite them to prevent issues in the future
cp -rf $HESTIA_INSTALL_DIR/api $HESTIA/data/

# Update Cloudflare address
if [ -f /etc/nginx/nginx.conf ] && [ "$(grep 'set_real_ip_from 2405:8100::/32' /etc/nginx/nginx.conf)" = "" ]; then
	echo "[ * ] Updating nginx configuration with changes to Cloudflare IP addresses"
	sed -i "/#set_real_ip_from  2405:b500::\/32;/d" /etc/nginx/nginx.conf
	sed -i "/#set_real_ip_from  2606:4700::\/32;/d" /etc/nginx/nginx.conf
	sed -i "/#set_real_ip_from  2803:f800::\/32;/d" /etc/nginx/nginx.conf
	sed -i "/#set_real_ip_from  2c0f:f248::\/32;/d" /etc/nginx/nginx.conf
	sed -i "/#set_real_ip_from  2a06:98c0::\/29;/d" /etc/nginx/nginx.conf
	sed -i "s/#set_real_ip_from  2400:cb00::\/32;/# set_real_ip_from 2400:cb00::\/32;\n    # set_real_ip_from 2606:4700::\/32;\n    # set_real_ip_from 2803:f800::\/32;\n    # set_real_ip_from 2405:b500::\/32;\n    # set_real_ip_from 2405:8100::\/32;\n    # set_real_ip_from 2a06:98c0::\/29;\n    # set_real_ip_from 2c0f:f248::\/32;/g" /etc/nginx/nginx.conf
fi

if [ -n "$PHPMYADMIN_KEY" ]; then
	echo "[ * ] Refresh PMA SSO key due to update phpmyadmin"
	$BIN/v-delete-sys-pma-sso quiet
	$BIN/v-add-sys-pma-sso quiet
fi

#Fixed an issue with Exim4 and Ubutnu22.04 in beta version
release=$(lsb_release -sr)
if [ "$release" = "22.04" ]; then
	if [ -d "/etc/exim4/" ]; then
		rm -fr /etc/exim4/exim.conf.template
		cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.94.template /etc/exim4/exim4.conf.template
		if [ "$ANTIVIRUS_SYSTEM" = 'clamav-daemon' ]; then
			sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
		fi
		if [ "$ANTISPAM_SYSTEM" = 'spamassassin' ]; then
			sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
		fi

	fi
fi

# Mute output v-add-sys-sftp-jail out put then enabling sftp on boot
if [ -f "/etc/cron.d/hestia-sftp" ]; then
	rm /etc/cron.d/hestia-sftp
	echo "@reboot root sleep 60 && /usr/local/hestia/bin/v-add-sys-sftp-jail > /dev/null" > /etc/cron.d/hestia-sftp
fi

ips=$(ls /usr/local/hestia/data/ips/ | wc -l)
release=$(lsb_release -s -i)
if [ $release = 'Ubuntu' ]; then
	if [ $ips -gt 1 ]; then
		add_upgrade_message "Warning: Please check your network configuration!\n\n A bug has been discovered that might affect your setup and can lead to issues after a system reboot. Please review your network configuration. See https://github.com/hestiacp/hestiacp/pull/2612#issuecomment-1135571835 for more info regarding this issue!"
		$HESTIA/bin/v-add-user-notification admin "Warning: Please check your network configuration!\n\n A bug has been discovered that might affect your setup and can lead to issues after a system reboot. Please review your network configuration. <a href='https://github.com/hestiacp/hestiacp/pull/2612#issuecomment-1135571835'>More info</a>"
	fi
fi

if [ -d /etc/phpmyadmin/conf.d ]; then
	for file in /etc/phpmyadmin/conf.d/*; do
		if [ -z "$(grep -i 'information_schema' $file)" ]; then
			echo "[ * ] Update phpMyAdmin server configuration"
			echo "\$cfg['Servers'][\$i]['hide_db'] = 'information_schema';" >> $file
		fi
	done
fi