Merge branch 'main' into release

Author: jaapmarcus

CHANGELOG.md

@@ -1,6 +1,25 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.4.11] - Service release 
+
+### Features
+
+- Added support for Debian 11  (Bullseye) #1611
+- Added support for openssl in hestia-php 
+- Use hestia-php for installing dependencies to solve issue user configurations (hestia-php 7.4.22 required)
+- Replace old firewall system with systemd service / startup script #2064 @myrevery
+- Add Quick installers for GravCMS, Docuwiki and Mediawiki (#2002) @PsychotherapistSam
+
+### Bugfixes
+
+- Improve handling upgrade of Roundcube #1917
+- Fix an issue with sorting the update scripts when version goes higher then 1.x.10 
+- Allow the use of multiple CAA records for domain. #2073
+- Add missing group (www-data) to migrate_phpmyadmin script #2077 @bet0x
+- Fix an issue where news@domain.com get forwarded to /var/spool/news
+- Synced up translations with HestiaCP (IT, PL, RU, SK and ZN-CN updated)
+
 ## [1.4.10] - Service release 
 
 ### Features
@@ -15,6 +34,8 @@ All notable changes to this project will be documented in this file.
 - Fixed an issue with deleting multiple mail accounts (#2047)
 - Fixed an issue with phpmailer + non latin characters (#2050) thanks @Faymir
 - Remove caching template for CraftCMS (#2039) @anvme 
+- Fixed an issue with phpmailer + non latin characters (#2050) thanks @Faymir 
+- Fix Unable to load dynamic library 'pdo_mysql.so' after php reinstalling (#2069)
 
 ## [1.4.9] - Service release 
 

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.4.8 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
+**Latest stable release:** Version 1.4.11 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
@@ -22,14 +22,14 @@ Features and Services
 * Multiple PHP versions (5.6 - 8.0, 7.4 as default)
 * DNS Server (Bind) with clustering capabilities
 * POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Roundcube, Rainloop)
-* MariaDB or PostgreSQL databases
+* MariaDB and/or PostgreSQL databases
 * Let's Encrypt SSL support with wildcard certificates
 * Firewall with brute-force attack detection and IP lists (iptables, fail2ban, and ipset).
 
 Supported platforms and operating systems
 ----------------------------
 * **CPU Architecture:** AMD64 (x86_64 Intel/AMD)
-* **Debian:** 10 or 9
+* **Debian:** 11, 10 or 9
 * **Ubuntu:** 20.04 LTS or 18.04 LTS
 * **NOTE:** Hestia Control Panel must be installed on top of a fresh operating system installation to ensure proper functionality.
 

bin/v-add-letsencrypt-domain

@@ -78,7 +78,7 @@ fi
 # Set DNS CAA record retrieval commands
 if [ ! -z "$DNS_SYSTEM" ]; then
     dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
-    caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "CAA" | cut -d' ' -f1)
+    caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "CAA" | grep -i "letsencrypt.org" | cut -d' ' -f1 )    
 fi
 
 if [ -z "$mail" ] || [ "$mail" = 'no' ]; then

bin/v-add-mail-account

@@ -72,6 +72,10 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
 
+# Create mail account folder (mailbox)
+ mkdir $HOMEDIR/$user/mail/$domain/$account
+ chown $user:mail $HOMEDIR/$user/mail/$domain/$account
+ chmod 700 $HOMEDIR/$user/mail/$domain/$account
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-add-sys-filemanager

@@ -63,6 +63,8 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
+openssl_installed=$(/usr/local/hestia/php/bin/php -m | grep openssl);
+
 rm --recursive --force "$FM_INSTALL_DIR"
 mkdir -p "$FM_INSTALL_DIR"
 cd "$FM_INSTALL_DIR"
@@ -78,7 +80,11 @@ cp --recursive --force ${HESTIA_INSTALL_DIR}/filemanager/filegator/* "${FM_INSTA
 
 chown $user: -R "${FM_INSTALL_DIR}"
 
-COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+if [ -z "$openssl_version"  ]; then 
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+else
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/local/hestia/php/bin/php $COMPOSER_BIN --quiet --no-dev install
+fi
 
 # Check if installation was successful, if not abort script and throw error message notification and clean-up
 if [ $? -ne 0 ]; then

bin/v-add-sys-phpmailer

@@ -65,7 +65,12 @@ rm --recursive --force ${PM_INSTALL_DIR}/vendor
 mkdir -p ${PM_INSTALL_DIR}/vendor
 chown $user: -R ${PM_INSTALL_DIR}/vendor
 
-COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+openssl_installed=$(/usr/local/hestia/php/bin/php -m | grep openssl);
+if [ -z "$openssl_version"  ]; then 
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php $COMPOSER_BIN --quiet --no-dev install
+else
+    COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/local/hestia/php/bin/php $COMPOSER_BIN --quiet --no-dev install
+fi
 
 # Check if installation was successful, if not abort script and throw error message notification and clean-up
 if [ $? -ne 0 ]; then

bin/v-add-sys-roundcube

@@ -89,7 +89,7 @@ if [ "$UPDATE" == "no" ]; then
     [ ! -f "${RC_INSTALL_DIR}/${RC_FILE}" ] && wget "$RC_URL" --retry-connrefused --quiet -O "${RC_INSTALL_DIR}/${RC_FILE}"
 
     tar xzf $RC_FILE
-    cp -rf $RC_EXTRACT/* $RC_INSTALL_DIR
+    cp -rT $RC_EXTRACT $RC_INSTALL_DIR
 
     # Delete old config folder
     cp $RC_INSTALL_DIR/config/defaults.inc.php $RC_CONFIG_DIR/defaults.inc.php
@@ -111,11 +111,20 @@ if [ "$UPDATE" == "no" ]; then
     ln -s $RC_CONFIG_DIR/plugins/newmail_notifier/config.inc.php ./plugins/newmail_notifier/config.inc.php
     cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_zipdownload.inc.php $RC_CONFIG_DIR/plugins/zipdownload/config.inc.php
     ln -s $RC_CONFIG_DIR/plugins/zipdownload/config.inc.php ./plugins/zipdownload/config.inc.php
+    # Set up correct permissions roundcube    
+    chown -R root:www-data $RC_CONFIG_DIR/
+    chmod 751 -R $RC_CONFIG_DIR    
+    chmod 644 $RC_CONFIG_DIR/config.inc.php
+    chmod 644 $RC_CONFIG_DIR/plugins/password/config.inc.php
+    chmod 644 $RC_CONFIG_DIR/plugins/newmail_notifier/config.inc.php
+    chmod 644 $RC_CONFIG_DIR/plugins/zipdownload/config.inc.php
 
+    # Add robots.txt
+    echo "User-agent: *" > /var/lib/roundcube/robots.txt
+    echo "Disallow: /" >> /var/lib/roundcube/robots.txt
 
-    chmod 640 $RC_CONFIG_DIR/config.inc.php
-    chown root:www-data $RC_CONFIG_DIR/config.inc.php
-    
+    chown -R root:www-data $RC_INSTALL_DIR
+  
     # Log file 
     if [ ! -d  $RC_LOG ];then
         mkdir $RC_LOG
@@ -146,10 +155,6 @@ if [ "$UPDATE" == "no" ]; then
     rm -f -r $RC_INSTALL_DIR/$RC_FILE;
     rm -f -r $RC_INSTALL_DIR/$RC_EXTRACT;
 
-    # Add robots.txt
-    echo "User-agent: *" > /var/lib/roundcube/robots.txt
-    echo "Disallow: /" >> /var/lib/roundcube/robots.txt
-    
     # Updating hestia.conf
     if [ -z "$(grep WEBMAIL_SYSTEM $HESTIA/conf/hestia.conf)" ]; then
         $BIN/v-change-sys-config-value 'WEBMAIL_SYSTEM' 'roundcube'
@@ -165,27 +170,22 @@ if [ "$UPDATE" == "no" ]; then
 
     phpenmod mcrypt > /dev/null 2>&1
 else
-    rm  -f -r $RC_INSTALL_DIR
-    mkdir $RC_INSTALL_DIR
     cd "$RC_INSTALL_DIR"
     [ ! -f "${RC_INSTALL_DIR}/${RC_FILE}" ] && wget "$RC_URL" --quiet -O "${RC_INSTALL_DIR}/${RC_FILE}"
 
     tar xzf $RC_FILE
-    cp -rf $RC_EXTRACT/* $RC_INSTALL_DIR
 
-    cp -f $RC_INSTALL_DIR/config/defaults.inc.php $RC_CONFIG_DIR/defaults.inc.php
-    rm -f -r $RC_INSTALL_DIR/config/
-    ln -s $RC_CONFIG_DIR/ ./config
-
-    ln -s $RC_CONFIG_DIR/plugins/password/config.inc.php ./plugins/password/config.inc.php
-    ln -s $RC_CONFIG_DIR/plugins/newmail_notifier/config.inc.php ./plugins/newmail_notifier/config.inc.php
-    ln -s $RC_CONFIG_DIR/plugins/zipdownload/config.inc.php ./plugins/zipdownload/config.inc.php  
+    # Run Roundcube upgrade script
+    $RC_INSTALL_DIR/$RC_EXTRACT/bin/installto.sh -y $RC_INSTALL_DIR > /dev/null 2>&1
+    $RC_INSTALL_DIR/bin/update.sh --version "$version" > /dev/null 2>&1
+    chown -R root:www-data $RC_INSTALL_DIR
 
-    $RC_INSTALL_DIR/bin/update.sh --version "$version"
-        
-    rm -f -r $RC_INSTALL_DIR/installer;
-    rm -f -r $RC_INSTALL_DIR/$RC_FILE;
-    rm -f -r $RC_INSTALL_DIR/$RC_EXTRACT;  
+    #clean up the mess
+    if [ -d "$RC_INSTALL_DIR/installer" ]; then
+        rm -f -r $RC_INSTALL_DIR/installer
+    fi
+    rm -f -r $RC_INSTALL_DIR/$RC_FILE
+    rm -f -r $RC_INSTALL_DIR/$RC_EXTRACT
 fi
 #----------------------------------------------------------#
 #                       Logging                            #

bin/v-add-web-php

@@ -58,7 +58,7 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-mph="php$version-mbstring php$version-bcmath php$version-cli php$version-curl
+mph="php$version-common php$version-mbstring php$version-bcmath php$version-cli php$version-curl
      php$version-fpm php$version-gd php$version-intl php$version-mysql
      php$version-soap php$version-xml php$version-zip php$version-mbstring
      php$version-json php$version-bz2 php$version-pspell php$version-imagick php$version-pgsql

bin/v-delete-web-php

@@ -55,11 +55,12 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-mph="php$version-mbstring php$version-bcmath php$version-cli php$version-curl
-     php$version-fpm php$version-gd php$version-intl php$version-mysql
-     php$version-soap php$version-xml php$version-zip php$version-mbstring
-     php$version-json php$version-bz2 php$version-pspell"
-
+mph="php$version-common php$version-mbstring php$version-bcmath php$version-cli php$version-curl
+ php$version-fpm php$version-gd php$version-intl php$version-mysql
+ php$version-soap php$version-xml php$version-zip php$version-mbstring
+ php$version-json php$version-bz2 php$version-pspell php$version-imagick php$version-pgsql
+ php$version-imap php$version-ldap"
+ 
 # Check is version is 7.1 or below to add mcrypt
 if [[ `echo "$version 7.2" | awk '{print ($1 < $2)}'` == 1 ]]; then
     mph="$mph php$version-mcrypt"

bin/v-stop-firewall

@@ -76,29 +76,25 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
-    routable="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
-    preup="/etc/network/if-pre-up.d/hestia-iptables"
-    # Recreate the Hestia iptables rules loading script
-    rm -f $routable $preup
-    if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
-        echo '#!/bin/sh' > $routable
-        echo '' >> $routable
-        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $routable
-        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $routable
-        echo 'fi' >> $routable
-        echo '' >> $routable
-        echo "exit 0" >> $routable
-        chmod +x $routable
-    else
-        echo '#!/bin/sh' > $preup
-        echo '' >> $preup
-        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
-        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
-        echo 'fi' >> $preup
-        echo '' >> $preup
-        echo "exit 0" >> $preup
-        chmod +x $preup
+    sd_unit="/lib/systemd/system/hestia-iptables.service"
+    if [ ! -e "$sd_unit" ]; then
+        echo "[Unit]" >> $sd_unit
+        echo "Description=Loading Hestia firewall rules" >> $sd_unit
+        echo "DefaultDependencies=no" >> $sd_unit
+        echo "Wants=network-pre.target local-fs.target" >> $sd_unit
+        echo "Before=network-pre.target" >> $sd_unit
+        echo "After=local-fs.target" >> $sd_unit
+        echo "" >> $sd_unit
+        echo "[Service]" >> $sd_unit
+        echo "Type=oneshot" >> $sd_unit
+        echo "RemainAfterExit=yes" >> $sd_unit
+        echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset" >> $sd_unit
+        echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+        echo "" >> $sd_unit
+        echo "[Install]" >> $sd_unit
+        echo "WantedBy=multi-user.target" >> $sd_unit
     fi
+    systemctl is-enabled hestia-iptables >/dev/null 2>&1 && systemctl disable hestia-iptables >/dev/null 2>&1
 fi