Refactor upgrade scripts and routine for previous releases

Author: Kristan Kenney

install/upgrade/restart.sh

@@ -29,6 +29,12 @@ fi
 if [ ! -z $DNS_SYSTEM ]; then
 	$BIN/v-restart-dns $restart
 fi
+for v in `ls /etc/php/`; do
+	if [ -e /etc/php/$v/fpm ]; then
+		sleep 5
+		$BIN/v-restart-service php$v-fpm $restart
+	fi
+done
 
 # Restart SSH daemon and Hestia Control Panel service
 $BIN/v-restart-service ssh $restart

install/upgrade/versions/0.9.8-28.sh

@@ -1,9 +1,11 @@
 #!/bin/bash
-HESTIA="/usr/local/hestia"
-HESTIA_BACKUP="/root/hst_upgrade/$(date +%d%m%Y%H%M)"
-spinner="/-\|"
 
-function version_ge(){ test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" -o ! -z "$1" -a "$1" = "$2"; }
+# Hestia Control Panel upgrade script for target version 0.9.8-28
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+
 
 # Add amd64 to repositories to prevent notifications - https://goo.gl/hmsSV7
 if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/nginx.list; then

install/upgrade/versions/1.0.1.sh

@@ -1,24 +1,10 @@
 #!/bin/bash
 
-# Define version check function
-function version_ge(){ test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" -o ! -z "$1" -a "$1" = "$2"; }
+# Hestia Control Panel upgrade script for target version 1.0.1
 
-# Set new version number
-NEW_VERSION="1.0.1"
-
-# Set phpMyAdmin version for upgrade
-pma_v='4.9.0.1'
-
-# Set backup folder
-HESTIA_BACKUP="/root/hst_upgrade/$(date +%d%m%Y%H%M)"
-
-# Set installation source folder
-hestiacp="$HESTIA/install/deb"
-
-# Load hestia.conf
-source /usr/local/hestia/conf/hestia.conf
-
-####### Place additional commands below. #######
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
 
 # Ensure that users from previous releases are set to the correct stable release branch
 if [ $RELEASE_BRANCH = "master" ] || [ $RELEASE_BRANCH = "develop" ]; then
@@ -27,55 +13,18 @@ if [ $RELEASE_BRANCH = "master" ] || [ $RELEASE_BRANCH = "develop" ]; then
     echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf
 fi
 
-# Add amd64 to repositories to prevent notifications - https://goo.gl/hmsSV7
-if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/nginx.list; then
-    sed -i s/"deb "/"deb [arch=amd64] "/g /etc/apt/sources.list.d/nginx.list
 # Back up old template files and install the latest versions
 if [ -d $HESTIA/data/templates/ ]; then
-    echo "(*) Updating and rebuild web templates..."
+    echo "(*) Updating web templates to enable per-domain HSTS/OCSP SSL support..."
     cp -rf $HESTIA/data/templates $HESTIA_BACKUP/templates/
-    $HESTIA/bin/v-update-web-templates
+    $HESTIA/bin/v-update-web-templates >/dev/null 2>&1
 fi
 
-# Update Apache and Nginx configuration to support new file structure
-echo "(*) Updating web server configuration..."
-if [ -f /etc/apache2/apache.conf ]; then
-    mv  /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
-    cp -f $HESTIA/install/deb/apache2/apache.conf /etc/apache2/apache.conf
-fi
-if [ -f /etc/nginx/nginx.conf ]; then
-    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
-    cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
+# Remove global options from nginx.conf to prevent conflicts with other web packages
+# and remove OCSP SSL stapling from global configuration as it has moved to per-domain availability in this release.
+if [ -e /etc/nginx/nginx.conf ]; then
+    sed -i "/add_header          X-Frame-Options SAMEORIGIN;/d" /etc/nginx/nginx.conf
+    sed -i "/add_header          X-Content-Type-Options nosniff;/d" /etc/nginx/nginx.conf
+    sed -i "/ssl_stapling        on;/d" /etc/nginx/nginx.conf
+    sed -i "/ssl_stapling_verify on;/d" /etc/nginx/nginx.conf
 fi
-
-# Generate dhparam
-if [ ! -e /etc/ssl/dhparam.pem ]; then
-    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
-    cp -f $hestiacp/nginx/nginx.conf /etc/nginx/
-
-    # Copy dhparam
-    cp -f $hestiacp/ssl/dhparam.pem /etc/ssl/
-
-    # Update DNS servers in nginx.conf
-    dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
-    for ip in $dns_resolver; do
-        if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            resolver="$ip $resolver"
-        fi
-    done
-    if [ ! -z "$resolver" ]; then
-        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
-    fi
-
-    # Remove global options from nginx.conf to prevent conflicts with other web packages
-    if [ -e /etc/nginx/nginx.conf ]; then
-        sed -i "/add_header          X-Frame-Options SAMEORIGIN;/d" /etc/nginx/nginx.conf
-        sed -i "/add_header          X-Content-Type-Options nosniff;/d" /etc/nginx/nginx.conf
-    fi
-
-    # Restart Nginx service
-    systemctl restart nginx >/dev/null 2>&1
-fi
-
-
-

install/upgrade/versions/1.00.0-190618.sh

@@ -1,66 +1,60 @@
 #!/bin/bash
 
-# Define version check function
-function version_ge(){ test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" -o ! -z "$1" -a "$1" = "$2"; }
+# Hestia Control Panel upgrade script for target version 1.00.0-190618
 
-# Load hestia.conf
-source /usr/local/hestia/conf/hestia.conf
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
 
-####### Place additional commands below. #######
+# Add webmail alias variable to system configuration if non-existent
+WEBMAIL_ALIAS_CHECK=$(cat $HESTIA/conf/hestia.conf | grep WEBMAIL_ALIAS)
+if [ -z "$WEBMAIL_ALIAS_CHECK" ]; then
+    echo "(*) Adding global webmail alias to system configuration..."
+    sed -i "/WEBMAIL_ALIAS/d" $HESTIA/conf/hestia.conf
+    echo "WEBMAIL_ALIAS='webmail'" >> $HESTIA/conf/hestia.conf
+fi
 
-# Add amd64 to repositories to prevent notifications - https://goo.gl/hmsSV7
-if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/nginx.list; then
-    sed -i s/"deb "/"deb [arch=amd64] "/g /etc/apt/sources.list.d/nginx.list
+# Update Apache and Nginx configuration to support new file structure
+if [ -f /etc/apache2/apache.conf ]; then
+    echo "(*) Updating Apache configuration..."
+    mv  /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
+    cp -f $HESTIA/install/deb/apache2/apache.conf /etc/apache2/apache.conf
 fi
-if ! grep -q 'arch=amd64' /etc/apt/sources.list.d/mariadb.list; then
-    sed -i s/"deb "/"deb [arch=amd64] "/g /etc/apt/sources.list.d/mariadb.list
+if [ -f /etc/nginx/nginx.conf ]; then
+    echo "(*) Updating NGINX configuration..."
+    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
+    cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
 fi
 
-# Add webmail alias variable to system configuration if non-existent
-imap_check=$(cat $HESTIA/conf/hestia.conf | grep IMAP_SYSTEM)
-if [ ! -z "$imap_check" ]; then
-    WEBMAIL_ALIAS_CHECK=$(cat $HESTIA/conf/hestia.conf | grep WEBMAIL_ALIAS)
-    if [ -z "$WEBMAIL_ALIAS_CHECK" ]; then
-        echo "(*) Adding global webmail alias to system configuration..."
-        sed -i "/WEBMAIL_ALIAS/d" $HESTIA/conf/hestia.conf
-        echo "WEBMAIL_ALIAS='webmail'" >> $HESTIA/conf/hestia.conf
-    fi
-fi
+# Generate dhparam
+if [ ! -e /etc/ssl/dhparam.pem ]; then
+    echo "(*) Enabling HTTPS Strict Transport Security (HSTS) support..."
+    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
+    cp -f $hestiacp/nginx/nginx.conf /etc/nginx/
 
-# Load global variables
-source $HESTIA/conf/hestia.conf
-
-# Load hestia main functions
-source /usr/local/hestia/func/main.sh
-
-# Detect OS
-case $(head -n1 /etc/issue | cut -f 1 -d ' ') in
-    Debian)     os="debian" ;;
-    Ubuntu)     os="ubuntu" ;;
-esac
-
-# Detect release for Debian
-if [ "$os" = "debian" ]; then
-    release=$(cat /etc/debian_version|grep -o [0-9]|head -n1)
-    VERSION='debian'
-elif [ "$os" = "ubuntu" ]; then
-    release="$(lsb_release -s -r)"
-    VERSION='ubuntu'
-fi
+    # Copy dhparam
+    cp -f $hestiacp/ssl/dhparam.pem /etc/ssl/
 
-# Configure apt to retry downloading on error
-if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
-    echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
+    # Update DNS servers in nginx.conf
+    dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
+    sed -i "s/1.0.0.1 1.1.1.1/$dns_resolver/g" /etc/nginx/nginx.conf
 fi
 
-# Update default page templates
-echo "(*) Replacing default templates and packages..."
-
 # Back up default package and install latest version
 if [ -d $HESTIA/data/packages/ ]; then
+    echo "(*) Replacing default packages..."
     cp -f $HESTIA/data/packages/default.pkg $HESTIA_BACKUP/packages/
 fi
 
+# Back up old template files and install the latest versions
+if [ -d $HESTIA/data/templates/ ]; then
+    echo "(*) Replacing default Web, DNS, and Mail templates..."
+    cp -rf $HESTIA/data/templates $HESTIA_BACKUP/templates/
+    $HESTIA/bin/v-update-web-templates >/dev/null 2>&1
+    $HESTIA/bin/v-update-dns-templates >/dev/null 2>&1
+	$HESTIA/bin/v-update-mail-templates >/dev/null 2>&1
+fi
+
 # Remove old Office 365 template as there is a newer version with an updated name
 if [ -f $HESTIA/data/templates/dns/o365.tpl ]; then
     rm -f $HESTIA/data/templates/dns/o365.tpl
@@ -178,16 +172,16 @@ if [ ! -f /etc/cron.daily/php-session-cleanup ]; then
     echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
     echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
 fi
-chmod 755 /etc/cron.daily/php-session-cleanup
+    chmod 755 /etc/cron.daily/php-session-cleanup
 
 # Fix empty pool error message for MultiPHP
 php_versions=$(ls /etc/php/*/fpm -d 2>/dev/null |wc -l)
 if [ "$php_versions" -gt 1 ]; then
+    echo "(*) Updating Multi-PHP configuration..."
     for v in $(ls /etc/php/); do
         if [ ! -d "/etc/php/$v/fpm/pool.d/" ]; then
             continue
         fi
-        echo "(*) Updating Multi-PHP configuration..."
         cp -f $hestiacp/php-fpm/dummy.conf /etc/php/$v/fpm/pool.d/
         v1=$(echo "$v" | sed -e 's/[.]//')
         sed -i "s/9999/99$v1/g" /etc/php/$v/fpm/pool.d/dummy.conf
@@ -260,14 +254,15 @@ if [ ! -z "$WEBALIZER_CHECK" ]; then
     sed -i "s/STATS_SYSTEM='webalizer,awstats'/STATS_SYSTEM='awstats'/g" $HESTIA/conf/hestia.conf
 fi
 
-# Enable SFTP chroot jail capabilities
-$HESTIA/bin/v-add-sys-sftp-jail no
+# Run sftp jail once
+$HESTIA/bin/v-add-sys-sftp-jail
 
 # Enable SFTP subsystem for SSH
 sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
 if [ ! -z "$sftp_subsys_enabled" ]; then
     echo "(*) Updating SFTP subsystem configuration..."
     sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
+    systemctl restart ssh
 fi
 
 # Remove and migrate obsolete object keys
@@ -289,23 +284,3 @@ for user in `ls /usr/local/hestia/data/users/`; do
     done
     sed -i "s/\sFORCESSL=''//g" $USER_DATA/web.conf
 done
-
-# Reset backend port
-if [ ! -z "$BACKEND_PORT" ]; then
-    /usr/local/hestia/bin/v-change-sys-port $BACKEND_PORT
-fi
-
-# Move clamav to proper location - https://goo.gl/zNuM11
-if [ ! -d /usr/local/hestia/web/edit/server/clamav-daemon ]; then
-    mv /usr/local/hestia/web/edit/server/clamd /usr/local/web/edit/server/clamav-daemon
-fi
-
-# Fix named rule for AppArmor - https://goo.gl/SPqHdq
-if [ "$DNS_SYSTEM" = 'bind9' ] && [ ! -f /etc/apparmor.d/local/usr.sbin.named ]; then
-        echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
-fi
-
-# Remove obsolete ports.conf if exists.
-if [ -f /usr/local/hestia/data/firewall/ports.conf ]; then
-    rm -f /usr/local/hestia/data/firewall/ports.conf
-fi

src/deb/hestia/postinst

@@ -1,5 +1,13 @@
 #!/bin/bash
 
+# Configure apt to retry downloading on error
+if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
+    echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
+fi
+
+# Define version check function
+function version_ge(){ test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" -o ! -z "$1" -a "$1" = "$2"; }
+
 # Get package version
 version=$(dpkg -l | awk '$2=="hestia" { print $3 }')
 
@@ -9,13 +17,8 @@ source /usr/local/hestia/func/main.sh
 # Load message variables
 source /usr/local/hestia/install/upgrade/messages.sh
 
-# Run triggers only on updates
-if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
-    exit
-fi
-
 # Set backup folder
-HESTIA_BACKUP="/root/hst_upgrade/$(date +%d%m%Y%H%M)"
+HESTIA_BACKUP="/root/hst_upgrade_backups/$(date +%d%m%Y%H%M)"
 
 # Initialize backup folders
 mkdir -p $HESTIA_BACKUP/conf/
@@ -25,6 +28,11 @@ mkdir -p $HESTIA_BACKUP/templates/
 # Set installation source folder
 hestiacp="$HESTIA/install/deb"
 
+# Run triggers only on updates
+if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+    exit
+fi
+
 # Clear the screen from apt output to prepare for upgrade installer experience
 clear
 welcome_message
@@ -45,7 +53,7 @@ sed -i "/VERSION/d" $HESTIA/conf/hestia.conf
 echo "VERSION='$version'" >> $HESTIA/conf/hestia.conf
 
 # Add upgrade notification to admin user's panel
-$HESTIA/bin/v-add-user-notification admin 'Upgrade complete' 'Your server has been updated to '$version'.<br>Please report any bugs on GitHub at<br><a href="https://github.com/hestiacp/hestiacp/Issues" target="_new">https://github.com/hestiacp/hestiacp/Issues</a><br><br>Have a great day!'
+$HESTIA/bin/v-add-user-notification admin 'Upgrade complete' 'Your server has been updated to Hestia Control Panel version '$version'.<br>Please report any bugs on GitHub at<br><a href="https://github.com/hestiacp/hestiacp/Issues" target="_new">https://github.com/hestiacp/hestiacp/Issues</a><br><br>Have a great day!'
 
 # Restart services for changes to take full effect
 source /usr/local/hestia/install/upgrade/restart.sh