Merge branch 'main' into nginx-agents

jaapmarcus · web-flow · commit 23c904aa2a08 · 2021-06-19T10:06:27.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,10 +4,13 @@ All notable changes to this project will be documented in this file.
 ## [1.4.4] - Service release
 
 ### Features
+
 - Add nginx user_agent separation to desktop/mobile (e.g. for fastcgi cache)
 
 ### Bugfixes
 
+- Add template for when webmail is disabled allowing to generate SSL. 
+
 ## [1.4.3] - Service release
 
 ### Features
diff --git a/bin/v-add-mail-domain-webmail b/bin/v-add-mail-domain-webmail
@@ -60,7 +60,7 @@ check_args '2' "$#" 'USER DOMAIN [WEBMAIL] [RESTART]'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM'
-is_type_valid "$WEBMAIL_SYSTEM" "$webmail"
+is_type_valid "$WEBMAIL_SYSTEM disabled" "$webmail"
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"
@@ -126,11 +126,16 @@ else
         if [ "$WEB_SYSTEM" = "nginx" ]; then
             WEBMAIL_TEMPLATE="web_system"
         fi
-    else
+    elif [ "$webmail" == "rainloop" ]; then
         WEBMAIL_TEMPLATE="rainloop"
         if [ ! -z "$PROXY_SYSTEM" ]; then
             PROXY_TEMPLATE="default_rainloop"
         fi
+    else
+        WEBMAIL_TEMPLATE="disabled"
+        if [ ! -z "$PROXY_SYSTEM" ]; then
+            PROXY_TEMPLATE="disabled"
+        fi
     fi
     
     add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.tpl"
diff --git a/bin/v-delete-web-php b/bin/v-delete-web-php
@@ -81,10 +81,11 @@ done
 # Do a blank echo to get the \n back
 echo
 
-# Check if installation was sucessfully
+# Check if installation was successfully
 if [ -f "$php_fpm" ]; then
     echo "ERROR: Uninstallation failed, please run the following command manually for debugging:"
     echo "apt-get purge $mph"
+    exit 1; 
 fi
 
 # Cleanup php folder
diff --git a/func/rebuild.sh b/func/rebuild.sh
@@ -588,6 +588,11 @@ rebuild_mail_domain_conf() {
         if [ ! -e $HOMEDIR/$user/mail/$domain_idn ]; then
             mkdir "$HOMEDIR/$user/mail/$domain_idn"
         fi
+        
+        # Webamil client
+        if [ "$WEBAMIL" = '' ]; then
+           $HESTIA/bin/v-add-mail-domain-webmail $user $domain 'roundcube' 'no'
+        fi
 
         # Adding catchall email
         dom_aliases=$HOMEDIR/$user/conf/mail/$domain/aliases
diff --git a/install/deb/phpmyadmin/hestia-sso.php b/install/deb/phpmyadmin/hestia-sso.php
@@ -74,35 +74,39 @@ function delete_temp_user ($database, $user, $dbuser, $host){
 
     function get_user_ip(){
         // Saving user IPs to the session for preventing session hijacking
-        $user_combined_ip = $_SERVER['REMOTE_ADDR'];
+        $user_combined_ip = array(); 
+        if($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']){
+            $user_combined_ip[] = $_SERVER['REMOTE_ADDR'];
+        }
         if(isset($_SERVER['HTTP_CLIENT_IP'])){
             $user_combined_ip .=  '|'. $_SERVER['HTTP_CLIENT_IP'];
         }
         if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED_FOR']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_X_FORWARDED_FOR'];
+                $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED_FOR'];
             }
         }
         if(isset($_SERVER['HTTP_FORWARDED_FOR'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED_FOR']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_FORWARDED_FOR'];
+                $user_combined_ip[] = $_SERVER['HTTP_FORWARDED_FOR'];
             }
         }
         if(isset($_SERVER['HTTP_X_FORWARDED'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_X_FORWARDED'];
+               $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED'];
             }
-        }        if(isset($_SERVER['HTTP_FORWARDED'])){
+        }        
+        if(isset($_SERVER['HTTP_FORWARDED'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_FORWARDED'];
+                $user_combined_ip[] =  '|'. $_SERVER['HTTP_FORWARDED'];
             }
         }
         if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
             if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
-              $user_combined_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+              $user_combined_ip[] = $_SERVER['HTTP_CF_CONNECTING_IP'];
             }
         }
-        return $user_combined_ip;
+        return implode($user_combined_ip,'|');
     }
 }
 
diff --git a/install/deb/templates/mail/apache2/disabled.stpl b/install/deb/templates/mail/apache2/disabled.stpl
@@ -0,0 +1,22 @@
+<VirtualHost %ip%:%web_ssl_port%>
+    ServerName %domain_idn%
+    ServerAlias %alias%
+    Alias / /var/lib/roundcube/
+    Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile         %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.crt
+    SSLCertificateKeyFile      %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.key
+    
+    <Directory /var/www/html>
+        Options +FollowSymLinks
+        AllowOverride All
+        order allow,deny
+        allow from all
+    </Directory>
+
+    IncludeOptional %home%/%user%/conf/mail/%root_domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
diff --git a/install/deb/templates/mail/apache2/disabled.tpl b/install/deb/templates/mail/apache2/disabled.tpl
@@ -0,0 +1,17 @@
+<VirtualHost %ip%:%web_port%>
+    ServerName %domain_idn%
+    ServerAlias %alias%
+    Alias / /var/lib/roundcube/
+    Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    
+    SSLEngine on
+    SSLVerifyClient none
+    
+    <Directory /var/www/html>
+        Options +FollowSymLinks
+        AllowOverride All
+        order allow,deny
+        allow from all
+    </Directory>
+</VirtualHost>
diff --git a/install/deb/templates/mail/nginx/default_disabled.stpl b/install/deb/templates/mail/nginx/default_disabled.stpl
@@ -0,0 +1,33 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/lib/roundcube;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        try_files $uri $uri/ =404;
+        alias /var/www/html;
+    }
+
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+	
+    location @fallback {
+        proxy_pass https://%ip%:%web_ssl_port%;
+    }
+
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
+}
diff --git a/install/deb/templates/mail/nginx/default_disabled.tpl b/install/deb/templates/mail/nginx/default_disabled.tpl
@@ -0,0 +1,33 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/lib/roundcube;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+    
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+    
+    location / {
+        try_files $uri $uri/ =404;
+        alias /var/www/html;
+    }
+    
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+    
+    location @fallback {
+        proxy_pass https://%ip%:%web_ssl_port%;
+    }
+    
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
+}
diff --git a/install/deb/templates/mail/nginx/disabled.stpl b/install/deb/templates/mail/nginx/disabled.stpl
@@ -0,0 +1,30 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/www/html;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location ~ /\.(?!well-known\/) {
+    deny all;
+    return 404;
+    }
+    
+    
+    location / {
+    try_files $uri $uri/ =404;
+    }
+    
+    location /error/ {
+    alias /var/www/document_errors/;
+    }
+
+
+    include %home%/%user%/conf/mail/%root_domain%/%web_system%.conf_*;
+}
diff --git a/install/deb/templates/mail/nginx/disabled.tpl b/install/deb/templates/mail/nginx/disabled.tpl
@@ -0,0 +1,26 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/www/html;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    include %home%/%user%/conf/mail/%root_domain%/nginx.forcessl.conf*;
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+	
+    include %home%/%user%/conf/mail/%root_domain%/%web_system%.conf_*;
+}
diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh
@@ -1757,8 +1757,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
 fi
 
 if [ "$exim" = 'yes' ]; then
-# Set HELO for IP as it didn't set during v-change-sys-hostname
-$HESTIA/bin/v-change-sys-ip-helo $ip $servername
+    # Set HELO for IP as it didn't set during v-change-sys-hostname
+    $HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
 fi
 
 # Configuring libapache2-mod-remoteip
diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -1789,8 +1789,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
 fi
 
 if [ "$exim" = 'yes' ]; then
-# Set HELO for IP as it didn't set during v-change-sys-hostname
-$HESTIA/bin/v-change-sys-ip-helo $ip $servername
+    # Set HELO for IP as it didn't set during v-change-sys-hostname
+    $HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
 fi
 
 # Configuring libapache2-mod-remoteip
diff --git a/install/upgrade/versions/1.4.4.sh b/install/upgrade/versions/1.4.4.sh
@@ -1,4 +1,3 @@
-
 #!/bin/bash
 
 # Hestia Control Panel upgrade script for target version 1.4.4
@@ -7,5 +6,13 @@
 #######                      Place additional commands below.                   #######
 #######################################################################################
 
+
 #Add nginx user_agent separation to desktop/mobile
 cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
+
+# Reset PMA SSO to fix bug with Nginx + Apache2 
+if [ "$PHPMYADMIN_KEY" != "" ]; then
+    echo "[ * ] Refressh hestia-sso for PMA..."
+    $BIN/v-delete-sys-pma-sso 
+    $BIN/v-add-sys-pma-sso 
+fi
diff --git a/web/inc/main.php b/web/inc/main.php
@@ -225,17 +225,15 @@ function humanize_time($usage) {
     if ( $usage > 60 ) {
         $usage = $usage / 60;
         if ( $usage > 24 ) {
-            $usage = $usage / 24;
-            $usage = number_format($usage);
-            $usage .= ' ' . _('day' . ($usage != 1) ?: 's');
+             $usage = $usage / 24;
+             $usage = number_format($usage);
+             return sprintf(ngettext('%d day', '%d days', $usage), $usage);
         } else {
-            $usage = number_format($usage);
-            $usage .= ' ' . _('hour' . ($usage != 1) ?: 's');
+            return sprintf(ngettext('%d hour', '%d hours', $usage), $usage);
         }
     } else {
-        $usage .= ' ' . _('minute' . ($usage != 1) ?: 's');
+        return sprintf(ngettext('%d minute', '%d minutes', $usage), $usage);
     }
-    return $usage;
 }
 
 function humanize_usage_size($usage) {
@@ -269,7 +267,7 @@ function humanize_usage_measure($usage) {
     } else {
         $measure = 'mb';
     }
-    return _($measure);
+    return $measure;
 }
 
 function get_percentage($used,$total) {
diff --git a/web/login/index.php b/web/login/index.php
@@ -6,13 +6,13 @@
 
 $TAB = 'login';
 
-/*
-// Logout
+
 if (isset($_GET['logout'])) {
-    setcookie('limit2fa','',time() - 3600,"/");
+    unset($_SESSION);
+    session_unset();
     session_destroy();
+    header('Location: /login/');
 }
-*/
 
 /* ACTIONS FOR CURRENT USER SESSION */
 if (isset($_SESSION['user'])) {
diff --git a/web/templates/pages/add_mail.html b/web/templates/pages/add_mail.html
@@ -93,13 +93,13 @@
 										<select class="vst-list" name="v_webmail" tabindex="6">
 											<?php foreach ($webmail_clients as $client){
 												echo "\t\t\t\t<option value=\"".htmlentities($client)."\"";
-												if ((!empty($v_webmail)) && ( $v_webmail == $client )) {
+												if (( $v_webmail == $client )) {
 													echo ' selected' ;
 												}
 												echo ">".htmlentities(ucfirst($client))."</option>\n";
 												}
 											?>
-											<option value="" <?php if(empty($v_webmail)){ echo "selected";}?>><?=_('Disabled');?></option>
+											<option value="" <?php if (empty($v_webmail) || $v_webmail == 'disabled' ){ echo "selected";}?>><?=_('Disabled');?></option>
 										</select>
 									</td>
 								</tr>
diff --git a/web/templates/pages/edit_mail.html b/web/templates/pages/edit_mail.html
diff --git a/web/templates/pages/list_log.html b/web/templates/pages/list_log.html
diff --git a/web/templates/pages/list_log_auth.html b/web/templates/pages/list_log_auth.html
diff --git a/web/templates/pages/list_mail_dns.html b/web/templates/pages/list_mail_dns.html
diff --git a/web/templates/pages/login/login_1.html b/web/templates/pages/login/login_1.html
diff --git a/web/templates/pages/login/login_2.html b/web/templates/pages/login/login_2.html
diff --git a/web/templates/pages/login/reset2fa.html b/web/templates/pages/login/reset2fa.html
diff --git a/web/templates/pages/login/reset_1.html b/web/templates/pages/login/reset_1.html

Original file line number	Diff line number	Diff line change
`@@ -74,35 +74,39 @@ function delete_temp_user ($database, $user, $dbuser, $host){`
`74`	`74`
`75`	`75`	`function get_user_ip(){`
`76`	`76`	`// Saving user IPs to the session for preventing session hijacking`
`77`		`- $user_combined_ip = $_SERVER['REMOTE_ADDR'];`
	`77`	`+ $user_combined_ip = array();`
	`78`	`+ if($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']){`
	`79`	`+ $user_combined_ip[] = $_SERVER['REMOTE_ADDR'];`
	`80`	`+ }`
`78`	`81`	`if(isset($_SERVER['HTTP_CLIENT_IP'])){`
`79`	`82`	`$user_combined_ip .= '\|'. $_SERVER['HTTP_CLIENT_IP'];`
`80`	`83`	`}`
`81`	`84`	`if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){`
`82`	`85`	`if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED_FOR']){`
`83`		`- $user_combined_ip .= '\|'. $_SERVER['HTTP_X_FORWARDED_FOR'];`
	`86`	`+ $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED_FOR'];`
`84`	`87`	`}`
`85`	`88`	`}`
`86`	`89`	`if(isset($_SERVER['HTTP_FORWARDED_FOR'])){`
`87`	`90`	`if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED_FOR']){`
`88`		`- $user_combined_ip .= '\|'. $_SERVER['HTTP_FORWARDED_FOR'];`
	`91`	`+ $user_combined_ip[] = $_SERVER['HTTP_FORWARDED_FOR'];`
`89`	`92`	`}`
`90`	`93`	`}`
`91`	`94`	`if(isset($_SERVER['HTTP_X_FORWARDED'])){`
`92`	`95`	`if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED']){`
`93`		`- $user_combined_ip .= '\|'. $_SERVER['HTTP_X_FORWARDED'];`
	`96`	`+ $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED'];`
`94`	`97`	`}`
`95`		`- } if(isset($_SERVER['HTTP_FORWARDED'])){`
	`98`	`+ }`
	`99`	`+ if(isset($_SERVER['HTTP_FORWARDED'])){`
`96`	`100`	`if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED']){`
`97`		`- $user_combined_ip .= '\|'. $_SERVER['HTTP_FORWARDED'];`
	`101`	`+ $user_combined_ip[] = '\|'. $_SERVER['HTTP_FORWARDED'];`
`98`	`102`	`}`
`99`	`103`	`}`
`100`	`104`	`if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){`
`101`	`105`	`if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){`
`102`		`- $user_combined_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];`
	`106`	`+ $user_combined_ip[] = $_SERVER['HTTP_CF_CONNECTING_IP'];`
`103`	`107`	`}`
`104`	`108`	`}`
`105`		`- return $user_combined_ip;`
	`109`	`+ return implode($user_combined_ip,'\|');`
`106`	`110`	`}`
`107`	`111`	`}`
`108`	`112`