Merge branch 'main' into feature/improve-mail-system-tls

Author: jaapmarcus

CHANGELOG.md

@@ -1,13 +1,24 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-## [Development]
+## [1.4.11] - Service release 
 
 ### Features
 
+- Added support for Debian 11  (Bullseye) #1611
+- Added support for openssl in hestia-php 
+- Use hestia-php for installing dependencies to solve issue user configurations (hestia-php 7.4.22 required)
+- Replace old firewall system with systemd service / startup script #2064 @myrevery
+- Add Quick installers for GravCMS, Docuwiki and Mediawiki (#2002) @PsychotherapistSam
+
 ### Bugfixes
 
 - Improve handling upgrade of Roundcube #1917
+- Fix an issue with sorting the update scripts when version goes higher then 1.x.10 
+- Allow the use of multiple CAA records for domain. #2073
+- Add missing group (www-data) to migrate_phpmyadmin script #2077 @bet0x
+- Fix an issue where news@domain.com get forwarded to /var/spool/news
+- Synced up translations with HestiaCP (IT, PL, RU, SK and ZN-CN updated)
 
 ## [1.4.10] - Service release 
 
@@ -22,6 +33,7 @@ All notable changes to this project will be documented in this file.
 - Fixed security issues in caching templates of Nginx when used as Reverse Proxy
 - Fixed an issue with deleting multiple mail accounts (#2047)
 - Fixed an issue with phpmailer + non latin characters (#2050) thanks @Faymir 
+- Fix Unable to load dynamic library 'pdo_mysql.so' after php reinstalling (#2069)
 
 ## [1.4.9] - Service release 
 

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.4.10 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
+**Latest stable release:** Version 1.4.11 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
@@ -22,14 +22,14 @@ Features and Services
 * Multiple PHP versions (5.6 - 8.0, 7.4 as default)
 * DNS Server (Bind) with clustering capabilities
 * POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Roundcube, Rainloop)
-* MariaDB or PostgreSQL databases
+* MariaDB and/or PostgreSQL databases
 * Let's Encrypt SSL support with wildcard certificates
 * Firewall with brute-force attack detection and IP lists (iptables, fail2ban, and ipset).
 
 Supported platforms and operating systems
 ----------------------------
 * **CPU Architecture:** AMD64 (x86_64 Intel/AMD)
-* **Debian:** 10 or 9
+* **Debian:** 11, 10 or 9
 * **Ubuntu:** 20.04 LTS or 18.04 LTS
 * **NOTE:** Hestia Control Panel must be installed on top of a fresh operating system installation to ensure proper functionality.
 

bin/v-add-letsencrypt-domain

@@ -78,7 +78,7 @@ fi
 # Set DNS CAA record retrieval commands
 if [ ! -z "$DNS_SYSTEM" ]; then
     dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
-    caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "CAA" | cut -d' ' -f1)
+    caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "CAA" | grep -i "letsencrypt.org" | cut -d' ' -f1 )    
 fi
 
 if [ -z "$mail" ] || [ "$mail" = 'no' ]; then

bin/v-add-mail-account

@@ -72,6 +72,10 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
 
+# Create mail account folder (mailbox)
+ mkdir $HOMEDIR/$user/mail/$domain/$account
+ chown $user:mail $HOMEDIR/$user/mail/$domain/$account
+ chmod 700 $HOMEDIR/$user/mail/$domain/$account
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-add-sys-filemanager

@@ -63,6 +63,8 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
+openssl_installed=$(/usr/local/hestia/php/bin/php -m | grep openssl);
+
 rm --recursive --force "$FM_INSTALL_DIR"
 mkdir -p "$FM_INSTALL_DIR"
 cd "$FM_INSTALL_DIR"
@@ -78,7 +80,11 @@ cp --recursive --force ${HESTIA_INSTALL_DIR}/filemanager/filegator/* "${FM_INSTA
 
 chown $user: -R "${FM_INSTALL_DIR}"
 
-COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+if [ -z "$openssl_version"  ]; then 
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+else
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/local/hestia/php/bin/php $COMPOSER_BIN --quiet --no-dev install
+fi
 
 # Check if installation was successful, if not abort script and throw error message notification and clean-up
 if [ $? -ne 0 ]; then

bin/v-add-sys-phpmailer

@@ -65,7 +65,12 @@ rm --recursive --force ${PM_INSTALL_DIR}/vendor
 mkdir -p ${PM_INSTALL_DIR}/vendor
 chown $user: -R ${PM_INSTALL_DIR}/vendor
 
-COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+openssl_installed=$(/usr/local/hestia/php/bin/php -m | grep openssl);
+if [ -z "$openssl_version"  ]; then 
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+else
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/local/hestia/php/bin/php $COMPOSER_BIN --quiet --no-dev install
+fi
 
 # Check if installation was successful, if not abort script and throw error message notification and clean-up
 if [ $? -ne 0 ]; then

bin/v-add-web-php

@@ -58,7 +58,7 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-mph="php$version-mbstring php$version-bcmath php$version-cli php$version-curl
+mph="php$version-common php$version-mbstring php$version-bcmath php$version-cli php$version-curl
      php$version-fpm php$version-gd php$version-intl php$version-mysql
      php$version-soap php$version-xml php$version-zip php$version-mbstring
      php$version-json php$version-bz2 php$version-pspell php$version-imagick php$version-pgsql

bin/v-delete-web-php

@@ -55,11 +55,12 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-mph="php$version-mbstring php$version-bcmath php$version-cli php$version-curl
-     php$version-fpm php$version-gd php$version-intl php$version-mysql
-     php$version-soap php$version-xml php$version-zip php$version-mbstring
-     php$version-json php$version-bz2 php$version-pspell"
-
+mph="php$version-common php$version-mbstring php$version-bcmath php$version-cli php$version-curl
+ php$version-fpm php$version-gd php$version-intl php$version-mysql
+ php$version-soap php$version-xml php$version-zip php$version-mbstring
+ php$version-json php$version-bz2 php$version-pspell php$version-imagick php$version-pgsql
+ php$version-imap php$version-ldap"
+ 
 # Check is version is 7.1 or below to add mcrypt
 if [[ `echo "$version 7.2" | awk '{print ($1 < $2)}'` == 1 ]]; then
     mph="$mph php$version-mcrypt"

bin/v-stop-firewall

@@ -76,29 +76,25 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
-    routable="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
-    preup="/etc/network/if-pre-up.d/hestia-iptables"
-    # Recreate the Hestia iptables rules loading script
-    rm -f $routable $preup
-    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
-        echo '#!/bin/sh' > $routable
-        echo '' >> $routable
-        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $routable
-        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $routable
-        echo 'fi' >> $routable
-        echo '' >> $routable
-        echo "exit 0" >> $routable
-        chmod +x $routable
-    else
-        echo '#!/bin/sh' > $preup
-        echo '' >> $preup
-        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
-        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
-        echo 'fi' >> $preup
-        echo '' >> $preup
-        echo "exit 0" >> $preup
-        chmod +x $preup
+    sd_unit="/lib/systemd/system/hestia-iptables.service"
+    if [ ! -e "$sd_unit" ]; then
+        echo "[Unit]" >> $sd_unit
+        echo "Description=Loading Hestia firewall rules" >> $sd_unit
+        echo "DefaultDependencies=no" >> $sd_unit
+        echo "Wants=network-pre.target local-fs.target" >> $sd_unit
+        echo "Before=network-pre.target" >> $sd_unit
+        echo "After=local-fs.target" >> $sd_unit
+        echo "" >> $sd_unit
+        echo "[Service]" >> $sd_unit
+        echo "Type=oneshot" >> $sd_unit
+        echo "RemainAfterExit=yes" >> $sd_unit
+        echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset" >> $sd_unit
+        echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+        echo "" >> $sd_unit
+        echo "[Install]" >> $sd_unit
+        echo "WantedBy=multi-user.target" >> $sd_unit
     fi
+    systemctl is-enabled hestia-iptables >/dev/null 2>&1 && systemctl disable hestia-iptables >/dev/null 2>&1
 fi
 
 

bin/v-update-firewall

@@ -69,7 +69,7 @@ if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22"  ]; then
 fi
 
 # Load ipset lists before adding Hestia iptables rules
-[ -x "$(which ipset)" ] && $BIN/v-update-firewall-ipset
+$BIN/v-update-firewall-ipset
 
 # Creating temporary file
 tmp=$(mktemp)
@@ -185,31 +185,25 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
-    routable="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
-    preup="/etc/network/if-pre-up.d/hestia-iptables"
-    # Recreate the Hestia iptables rules loading script
-    rm -f $routable $preup
-    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
-        echo '#!/bin/sh' > $routable
-        echo '' >> $routable
-        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $routable
-        echo '    [ -x "'$(which ipset)'" ] && '"${HESTIA}/bin/v-update-firewall-ipset" >> $routable
-        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $routable
-        echo 'fi' >> $routable
-        echo '' >> $routable
-        echo "exit 0" >> $routable
-        chmod +x $routable
-    else
-        echo '#!/bin/sh' > $preup
-        echo '' >> $preup
-        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
-        echo '    [ -x "'$(which ipset)'" ] && '"${HESTIA}/bin/v-update-firewall-ipset" >> $preup
-        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
-        echo 'fi' >> $preup
-        echo '' >> $preup
-        echo "exit 0" >> $preup
-        chmod +x $preup
+    sd_unit="/lib/systemd/system/hestia-iptables.service"
+    if [ ! -e "$sd_unit" ]; then
+        echo "[Unit]" >> $sd_unit
+        echo "Description=Loading Hestia firewall rules" >> $sd_unit
+        echo "DefaultDependencies=no" >> $sd_unit
+        echo "Wants=network-pre.target local-fs.target" >> $sd_unit
+        echo "Before=network-pre.target" >> $sd_unit
+        echo "After=local-fs.target" >> $sd_unit
+        echo "" >> $sd_unit
+        echo "[Service]" >> $sd_unit
+        echo "Type=oneshot" >> $sd_unit
+        echo "RemainAfterExit=yes" >> $sd_unit
+        echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset" >> $sd_unit
+        echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+        echo "" >> $sd_unit
+        echo "[Install]" >> $sd_unit
+        echo "WantedBy=multi-user.target" >> $sd_unit
     fi
+    systemctl is-enabled hestia-iptables >/dev/null 2>&1 || systemctl enable hestia-iptables >/dev/null 2>&1
 fi