Merge branch 'staging/fixes' into main

Author: Kristan Kenney

CHANGELOG.md

@@ -1,6 +1,20 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.3.2] - Service Release
+### Features
+- No new features have been introduced in this release.
+
+### Bugfixes
+- Fixed an issue where Let's Encrypt certificates were not regenerated when changing domain aliases (#1353)
+- Fixed an issue where user name was duplicated when editing FTP users (#1411)
+- Fixed an issue where the iptables service would appear to be in a stopped state when fail2ban is stopped. (#1374)
+- Fixed an issue where the default language value was incorrectly set under Server Settings > Configure.
+- Fixed an issue with the dark theme where available updates were incorrectly displayed.
+- Fixed an issue where local and FTP backup files were not deleted when running `v-delete-user-backup`. (#1421)
+- Fixed an issue where IP addresses could not be deleted (#1423)
+- Improvements have been made to the API's error handling - thanks **@danielalexis**!
+
 ## [1.3.1] - Service Release
 ### Features
 - No new features have been introduced in this release.

CONTRIBUTING.md

@@ -4,16 +4,16 @@ Hestia Control Panel - Contribution Guidelines
 Ways to contribute
 -----------------------
 - **Beta testing**:
-    - Download and install builds from the `beta` branch. Provide feedback to our developers and file any issues that you come across on [GitHub](https://www.github.com/hestiacp/hestiacp/issues).<br>
+    - Download and install builds from the `beta` branch. If you encounter an issue with a beta build, file an issue report on [GitHub](https://www.github.com/hestiacp/hestiacp/issues).<br>
     `v-update-sys-hestia-git hestiacp beta install` will install the latest beta build from our GitHub repository.
 - **Code review and bug fixes**:
-    - Read over the code and if you notice errors (even spelling mistakes), submit a pull request with your fixes.
+    - Read over the code and if you notice errors (even spelling mistakes), submit a pull request with your changes.
 - **New features**:
-    - Is there an awesome feature that you'd love to see included? While our development team tries to fulfill all reasonable requests, it can take time to implement new features depending on the amount of work involved. Submit a pull request with your code and if your idea is approved, we'll review and test it for inclusion with an upcoming release.
+    - Is there an awesome feature that you'd love to see included? Submit a pull request with your changes, and if approved your PR will be reviewed and merged for inclusion in an upcoming release. While our development team tries to accomodate all reasonable requests please remember that it does take time to develop, implement and test new features and as such we may not be able to fulfill all requests or may have to put a feature on backlog for a later date. 
 - **Translations**:
-    - If you are a non-English speaker and would like to improve the quality of the translations used in Hestia Control Panel's web interface, Please go to [Hestia Translate](https://translate.hestiacp.com/projects/hestiacp/) to review the translations. For more information please read [How to contribute with Translations](https://forum.hestiacp.com/t/how-to-contribute-with-translations/1664).  Or open an issue report [GitHub](https://www.github.com/hestiacp/hestiacp/issues) highlighting the issue with the current translation so that it can be corrected.
+    - If you are a non-English speaker and would like to improve the quality of the translations used in Hestia Control Panel's web interface, please go to [Hestia Translate](https://translate.hestiacp.com/projects/hestiacp/) to review the translations database. For more information please read [How to contribute with Translations](https://forum.hestiacp.com/t/how-to-contribute-with-translations/1664) on our forum.  You can also open an issue report [GitHub](https://www.github.com/hestiacp/hestiacp/issues) highlighting the issue with the current translation so that it can be corrected.
 - **Donations**:
-    - If you're not a developer but you still want to make a contribution, you can make a donation to the Hestia Control Panel project to further its development (or if you'd just like to buy our developers a lunch, we'd appreciate that too). We currently accept donations through [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ST87LQH2CHGLA).
+    - If you're not a developer but you still want to make a contribution to support Hestia Control Panel and our developers, you can make a donation to the Hestia Control Panel project to further its development (or if you'd just like to buy our developers a lunch, we'd appreciate that too). We currently accept donations through [PayPal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ST87LQH2CHGLA).
 
 Development Guidelines
 -----------------------
@@ -25,28 +25,27 @@ Development for this project takes place in branches to effectively develop, man
 
 We have three primary or "evergreen" branches, which exist throughout our product's lifetime. Please refer to the following table for a description:
 
-| Branch        | Description     | Cycle           |
-|---------------|:---------------:|:---------------:|
-| `main`        | Contains a snapshot of the latest development code.<br>**Not intended for production use and contains code from a merge snapshot.** | Daily  |
-| `beta`        | Contains a snapshot of the next version which is currently in testing.<br>**Not intended for production but should be highly stable.**  | Weekly |
-| `release`     | Contains a snapshot of the latest stable release.<br>**Intended for production use. This repository contains the same code as our compiled packages.** | Monthly |
+| Branch        | Description     
+|---------------|:---------------:|
+| `main`        | Contains a snapshot of the latest development code.<br>**Not intended for production use and contains code from a merge snapshot.**
+| `beta`        | Contains a snapshot of the next version which is currently in testing.<br>**Not intended for production use, however code from this branch should be stable.**
+| `release`     | Contains a snapshot of the latest stable release.<br>**Intended for production use. This repository contains the same code as our compiled packages.**
 
 ### Creating a new branch and submitting pull requests
-The first step is to create a fork of the `hestiacp/hestiacp` repository under your account so that you may submit pull requests and patches via GitHub. 
+The first step is to create a fork of the `hestiacp/hestiacp` repository under your GitHub account so that you may submit pull requests and patches.
 
-Once you've created your fork, clone the repository to your computer and make sure that you've checked out the `main` branch. **Always** create a new topic branch for you work. When submitting pull requests it is important that you target the correct branch to ensure that your changes are properly integrated and tested based on our release schedule. When creating a new branch, we ask that you please adhere to the following naming conventions as much as possible:
+Once you've created your fork, clone the repository to your computer and make sure that you've checked out the `main` branch. **Always** create a new topic branch for your work.
 
 ### Branch naming convention:
 - **Prefix:** `topic/` (such as **fix**, **feature**, **refactor**, etc.)
-- **ID**: `888` (GitHub Issue ID if an issue exists) -or- `2020-07` (Year-Month if an issue does not already exist)
-- **Separator:** `_` (underscore)
+- **ID**: `888` (GitHub Issue ID if an issue exists)
 - **Title:** `my-awesome-patch`
 
 Branch name examples:
-* `feature/777_my-awesome-new-feature` or `feature/2020-07_my-other-new-feature`
-* `fix/000_some-bug-fix` or `fix/2020-07_this-feature-is-broken`
-* `refactor/2020-07_v-change-domain-owner`
-* `test/2020-07_mail-domain-ssl`
+* `feature/777-my-awesome-new-feature` or `feature/my-other-new-feature`
+* `fix/000-some-bug-fix` or `fix/this-feature-is-broken`
+* `refactor/v-change-domain-owner`
+* `test/mail-domain-ssl`
 
 ### Squashing commits for smaller changes
 To aid other developers and keep the project's commit history clean, please **squash your commits** when it's appropriate. For example with smaller commits related to the same piece of code, such as commits labelled "Fixed item 1", "Adjusted color of button XYZ", "Adjusted alignment of button XYZ" can be squashed into one commit with the title "Fixed button issues in item". 
@@ -55,48 +54,9 @@ To aid other developers and keep the project's commit history clean, please **sq
 - Our internal development team will review your work and validate your request.
 - Your changes will be tested to ensure that there are no issues.
 - If changes need to be made, you will be notified via GitHub.
-- Once approved, your code will be merged to the appropriate `staging/*` branch based on the chart below:
-
-All pull requests must include a brief but descriptive title, and a description of the changes that you've made with as much detail as possible. **Only include commits that are related to your feature, bug fix, or patch in your pull request.**
-
-| Topic branches:              | Primary Target:             | Final destination:                    | 
-| -----------------------------|:---------------------------:|:-------------------------------------:|
-| **`feature/*`**              | `staging/features`          | `main`                                |
-| **`fix/*`**                  | `staging/fixes`             | `main` **and** `beta` *or* `release`  |
-| **`refactor/*`**             | `staging/refactoring`       | `main`                                |
-| **`test/*`**                 | `staging/tests`             | `main`                                |
-| **`doc/*`**                  | `staging/docs`              | `main`, `beta`, *or* `release`        |
-
-Our development and release cycles
------------------------
-### During the development cycle:
-- `topic/*` branches are submitted to our team via a pull request. Your changes will be reviewed and tested, and if all appropriate quality assurance checks pass the branch will be merged to the corresponding `staging/*` branch.
-
-- `staging/*` branches merge into `main` at various intervals throughout the development process.
-
-- When all planned features and fixes have been merged to `main`, the code is tested for regressions and bugs.
-
-- A snapshot of `main` is pushed to a temporary branch called `staging/refactoring`, and final code review, refactoring, and optimization takes place. Once complete, `staging/refactoring` merges back to `main` bringing the codebase up-to-date. All other `staging/*` branches synchronize with `main` at this time.
-
-- After final validation checks pass, our development team signs off on the release and the code is pushed from `main` to `beta`.
-
-### During the release cycle:
-- **What happens when code moves from `main` to `beta`**:<br>
-    - **No new feature requests will be approved**.
-    - `main` will receive an increment in it's version number signaling the start of a new development cycle.
-    - `fix/*` topic branches/commits will be cherry picked to `beta` as necessary.
-    - `staging/docs` will merge into `beta` prior to the code being pushed to `release` to bring documentation and supporting files up-to-date.
-
-- If all quality assurance checks pass, our development team will then:
-    - Sign off on the code in `beta`.
-    - Push the code to the `release` branch and create a corresponding version tag.
-    - Compile new packages and publish them to our APT repository. 
-    - **Notes:**
-        - `release` always contains the highest released version of Hestia Control Panel.
-        - For major releases, a `release/vX.x` branch will be created for maintenance and servicing purposes.
-
-
+- Once approved, your code will be merged for inclusion in an upcoming release of Hestia Control Panel.
 
+All pull requests must include a brief but descriptive title, and a detailed description of the changes that you've made. **Only include commits that are related to your feature, bug fix, or patch in your pull request!**
 
 Thank you!
 -----------------------

README.md

@@ -26,10 +26,11 @@ Features and Services
 * Let's Encrypt SSL support with wildcard certificates
 * Firewall with brute-force attack detection and IP lists (iptables, fail2ban, and ipset).
 
-Supported operating systems
+Supported platforms and operating systems
 ----------------------------
-* Debian 10, 9 (amd64 only)
-* Ubuntu 20.04 LTS, 18.04 LTS, or 16.04 LTS (amd64 only)
+* **CPU Architecture:** AMD64 (x86_64 Intel/AMD)
+* **Debian:** 10, 9
+* **Ubuntu:** 20.04 LTS, 18.04 LTS, or 16.04 LTS
 * **NOTE:** Hestia Control Panel must be installed on top of a fresh operating system installation to ensure proper functionality.
 
 Installing Hestia Control Panel
@@ -67,7 +68,7 @@ Alternatively, @gabizz has made available a command-line script generator at htt
 
 Installing Hestia Control Panel
 ============================
-Updates of existing installations are performed by the Auto Updater. If you want to do this manually, you can do it via the apt package manager;
+Automatic Updates are enabled by default on new installations of Hestia Control Panel and can be managed from **Server Settings > Updates**. To manually check for and install available updates, use the apt package manager:
 ```bash
 apt-get update
 apt-get upgrade

bin/v-add-letsencrypt-domain

@@ -100,17 +100,36 @@ fi
 
 
 
+# Dump debug info
+debug_log() {
+    echo -e "\n==[${1}]==\n${2}\n" >> "$log_file"
+}
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
+
+
+
 # Generate correct variables for mail domain SSL certificates
 if [ ! -z "$mail" ]; then
     root_domain=$domain
     domain="mail.$root_domain"
     aliases="$WEBMAIL_ALIAS.$root_domain"
 fi
 
+log_file="/var/log/hestia/LE-${user}-${domain}-$(date +%Y%m%d-%H%M%S).log"
+touch "$log_file"
+chmod 600 "$log_file"
+
+echo -e "\n\n=============================
+WEB_SYSTEM: ${WEB_SYSTEM}
+PROXY_SYSTEM: ${PROXY_SYSTEM}
+user: ${user}
+domain: ${domain}
+" >> "$log_file"
+
 # Registering LetsEncrypt user account
 $BIN/v-add-letsencrypt-user $user
 if [ "$?" -ne 0  ]; then
@@ -134,6 +153,12 @@ else
     proto="http-01"
 fi
 
+echo -e "
+- aliases: ${aliases}
+- proto: ${proto}
+- wildcard: ${wildcard}
+" >> "$log_file"
+
 # Check if dns records exist for requested domain/aliases
 if [ "$proto" = "http-01" ]; then
     for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
@@ -164,6 +189,9 @@ fi
 answer=$(curl -s -I "$LE_API/directory")
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+
+debug_log "Step 1" "- status: ${status}\n- nonce: ${nonce}\n- answer: ${answer}"
+
 if [[ "$status" -ne 200 ]]; then
     # Delete DNS CAA record
     if [ ! -z "$DNS_SYSTEM" ]; then
@@ -192,6 +220,9 @@ nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
 finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
 status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
+
+debug_log "Step 2" "- status: ${status}\n- nonce: ${nonce}\n- authz: ${authz}\n- finalize: ${finalize}\n- payload: ${payload}\n- answer: ${answer}"
+
 if [[ "$status" -ne 201 ]]; then
     # Delete DNS CAA record
     if [ ! -z "$DNS_SYSTEM" ]; then
@@ -212,6 +243,9 @@ for auth in $authz; do
     token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
     nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
     status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+
+    debug_log "Step 3" "- status: ${status}\n- nonce: ${nonce}\n- url: ${url}\n- token: ${token}\n- answer: ${answer}"
+
     if [[ "$status" -ne 200 ]]; then
         # Delete DNS CAA record
         if [ ! -z "$DNS_SYSTEM" ]; then
@@ -303,6 +337,9 @@ for auth in $authz; do
         nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
         status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
         details=$(echo "$answer"| grep detail | cut -f 1 -d ',' | cut -f 2-4 -d ':' | cut -f 2 -d '"')
+
+        debug_log "Step 5" "- status: ${status}\n- nonce: ${nonce}\n- validation: ${validation}\n- details: ${details}\n- answer: ${answer}"
+
         if [[ "$status" -ne 200 ]]; then
             # Delete DNS CAA record
             if [ ! -z "$DNS_SYSTEM" ]; then
@@ -315,6 +352,7 @@ for auth in $authz; do
                     fi
                 fi
             fi
+            debug_log "Abort Step 5" "=> Wrong status"
             check_result $E_CONNECT "Let's Encrypt validation status $status. Details: $details"
         fi
 
@@ -331,6 +369,7 @@ for auth in $authz; do
                     fi
                 fi
             fi
+            debug_log "Abort Step 5" "=> Too many validation retries"
             check_result $E_CONNECT "Let's Encrypt domain validation timeout"
         fi
         sleep $((i*2))
@@ -362,6 +401,9 @@ answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
 nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
 certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
+
+debug_log "Step 6" "- status: ${status}\n- nonce: ${nonce}\n- payload: ${payload}\n- certificate: ${certificate}\n- answer: ${answer}"
+
 if [[ "$status" -ne 200 ]]; then
     [ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
     check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
@@ -370,6 +412,12 @@ fi
 # Downloading signed certificate / STEP 7
 answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
 status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+
+debug_log "Step 7" "- status: ${status}\n- answer: ${answer}"
+debug_log "CERT DIR" "$(ls -las "$ssl_dir/")"
+debug_log "CERT PEM" "$(cat "$ssl_dir/$domain.pem")"
+
+
 if [[ "$status" -ne 200 ]]; then
     [ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
     check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status:$status"
@@ -384,10 +432,13 @@ ca_end=$(grep -n  "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
 ca_end=$(( pem_lines - crt_end + 1 ))
 tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
 
+debug_log "CERT CRT" "$(cat "$ssl_dir/$domain.crt")"
+debug_log "CERT CA-1" "$(cat "$ssl_dir/$domain.ca")"
 # Temporary fix for double "END CERTIFICATE"
 if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
     sed -i '1,2d' $ssl_dir/$domain.ca
 fi
+debug_log "CERT CA-2" "$(cat "$ssl_dir/$domain.ca")"
 
 # Rename certs for mail
 if [ ! -z "$mail" ]; then
@@ -467,4 +518,7 @@ send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
 # Logging
 log_event "$OK" "$ARGUMENTS"
 
+# Cleanup debug since the SSL was issues succesfully
+rm -f "$log_file"
+
 exit

bin/v-add-letsencrypt-host

@@ -3,6 +3,8 @@
 # options: NONE
 # labels: hestia
 #
+# example: v-add-letsencrypt-host
+#
 # The function check and validates the backend certificate and generate
 # a new let's encrypt certificate.
 

bin/v-change-web-domain-ip

@@ -76,13 +76,13 @@ fi
 #                       Hestia                             #
 #----------------------------------------------------------#
 
+# Update config
+update_object_value 'web' 'DOMAIN' "$domain" '$IP' "$3"
+
 # Update counters
 increase_ip_value "$new"
 decrease_ip_value "$old"
 
-# Update config
-update_object_value 'web' 'DOMAIN' "$domain" '$IP' "$3"
-
 # Restart web server
 $BIN/v-restart-web $restart
 check_result $? "WEB restart failed" >/dev/null