Skip to content

Commit 85fd4e0

Browse files
LupulLupul
committed
Installer: Allow only ipv4 resolvers in nginx config
- Related issue hestiacp#361 Increase Installer verbosity
1 parent a738a7d commit 85fd4e0

File tree

2 files changed

+56
-3
lines changed

2 files changed

+56
-3
lines changed

install/hst-install-debian.sh

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -888,6 +888,7 @@ rm -f /usr/sbin/policy-rc.d
888888
# Configure system #
889889
#----------------------------------------------------------#
890890

891+
echo "Configure System"
891892
# Enable SSH password authentication
892893
sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config
893894

@@ -943,6 +944,7 @@ chmod 755 /usr/bin/rssh
943944
# Configure Hestia #
944945
#----------------------------------------------------------#
945946

947+
echo "Configure Hestia"
946948
# Installing sudo configuration
947949
mkdir -p /etc/sudoers.d
948950
cp -f $hestiacp/sudo/admin /etc/sudoers.d/
@@ -1088,6 +1090,7 @@ cp -rf $hestiacp/firewall $HESTIA/data/
10881090
$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1
10891091

10901092
# Generating SSL certificate
1093+
echo "Generate ssl certificate"
10911094
$HESTIA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
10921095
'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
10931096

@@ -1097,6 +1100,7 @@ key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
10971100
key_end=$(grep -n "END RSA" /tmp/hst.pem |cut -f 1 -d:)
10981101

10991102
# Adding SSL certificate
1103+
echo "Add ssl certificate to Hestia"
11001104
cd $HESTIA/ssl
11011105
sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
11021106
sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
@@ -1110,6 +1114,7 @@ rm /tmp/hst.pem
11101114
#----------------------------------------------------------#
11111115

11121116
if [ "$nginx" = 'yes' ]; then
1117+
echo "Configure Nginx Webserver"
11131118
rm -f /etc/nginx/conf.d/*.conf
11141119
cp -f $hestiacp/nginx/nginx.conf /etc/nginx/
11151120
cp -f $hestiacp/nginx/status.conf /etc/nginx/conf.d/
@@ -1119,6 +1124,7 @@ if [ "$nginx" = 'yes' ]; then
11191124
mkdir -p /etc/nginx/conf.d/domains
11201125
mkdir -p /var/log/nginx/domains
11211126
if [ "$apache" = 'no' ] && [ "$multiphp" = 'yes' ]; then
1127+
echo "Configure Nginx MultiPHP"
11221128
rm -fr $HESTIA/data/templates/web/nginx/*
11231129
for v in "${multiphp_v[@]}"; do
11241130
update-rc.d php$v-fpm defaults > /dev/null 2>&1
@@ -1144,7 +1150,14 @@ if [ "$nginx" = 'yes' ]; then
11441150

11451151
# Update dns servers in nginx.conf
11461152
dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
1147-
sed -i "s/1.0.0.1 1.1.1.1/$dns_resolver/g" /etc/nginx/nginx.conf
1153+
for ip in $dns_resolver; do
1154+
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
1155+
resolver="$ip $resolver"
1156+
fi
1157+
done
1158+
if [ ! -z "$resolver" ]; then
1159+
sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
1160+
fi
11481161

11491162
update-rc.d nginx defaults > /dev/null 2>&1
11501163
service nginx start >> $LOG
@@ -1157,6 +1170,7 @@ fi
11571170
#----------------------------------------------------------#
11581171

11591172
if [ "$apache" = 'yes' ]; then
1173+
echo "Configure Apache Webserver"
11601174
cp -f $hestiacp/apache2/apache2.conf /etc/apache2/
11611175
cp -f $hestiacp/apache2/status.conf /etc/apache2/mods-enabled/
11621176
cp -f $hestiacp/logrotate/apache2 /etc/logrotate.d/
@@ -1177,6 +1191,7 @@ if [ "$apache" = 'yes' ]; then
11771191
chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log
11781192
chmod 751 /var/log/apache2/domains
11791193
if [ "$multiphp" = 'yes' ] ; then
1194+
echo "Configure Apache MultiPHP"
11801195
a2enmod proxy_fcgi setenvif > /dev/null 2>&1
11811196
for v in "${multiphp_v[@]}"; do
11821197
a2enconf php$v-fpm-fpm > /dev/null 2>&1
@@ -1207,6 +1222,7 @@ fi
12071222
#----------------------------------------------------------#
12081223

12091224
if [ "$phpfpm" = 'yes' ]; then
1225+
echo "Configure PHP-FPM"
12101226
cp -f $hestiacp/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
12111227
update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1
12121228
service php$fpm_v-fpm start >> $LOG
@@ -1218,6 +1234,7 @@ fi
12181234
# Configure PHP #
12191235
#----------------------------------------------------------#
12201236

1237+
echo "Configure PHP Timezone"
12211238
ZONE=$(timedatectl > /dev/null 2>&1|grep Timezone|awk '{print $2}')
12221239
if [ -z "$ZONE" ]; then
12231240
ZONE='UTC'
@@ -1239,6 +1256,7 @@ chmod 755 /etc/cron.daily/php-session-cleanup
12391256
#----------------------------------------------------------#
12401257

12411258
if [ "$vsftpd" = 'yes' ]; then
1259+
echo "Configure Vsftpd"
12421260
cp -f $hestiacp/vsftpd/vsftpd.conf /etc/
12431261
touch /var/log/vsftpd.log
12441262
chown root:adm /var/log/vsftpd.log
@@ -1258,6 +1276,7 @@ fi
12581276
#----------------------------------------------------------#
12591277

12601278
if [ "$proftpd" = 'yes' ]; then
1279+
echo "Configure ProFTPD server"
12611280
echo "127.0.0.1 $servername" >> /etc/hosts
12621281
cp -f $hestiacp/proftpd/proftpd.conf /etc/proftpd/
12631282
update-rc.d proftpd defaults > /dev/null 2>&1
@@ -1271,6 +1290,7 @@ fi
12711290
#----------------------------------------------------------#
12721291

12731292
if [ "$mysql" = 'yes' ]; then
1293+
echo "Configure MariaDB server"
12741294
mycnf="my-small.cnf"
12751295
if [ $memory -gt 1200000 ]; then
12761296
mycnf="my-medium.cnf"
@@ -1349,6 +1369,7 @@ fi
13491369
#----------------------------------------------------------#
13501370

13511371
if [ "$postgresql" = 'yes' ]; then
1372+
echo "Configure PostgreSQL database server"
13521373
ppass=$(gen_pass)
13531374
cp -f $hestiacp/postgresql/pg_hba.conf /etc/postgresql/*/main/
13541375
service postgresql restart
@@ -1367,6 +1388,7 @@ fi
13671388
#----------------------------------------------------------#
13681389

13691390
if [ "$named" = 'yes' ]; then
1391+
echo "Configure Bind DNS server"
13701392
cp -f $hestiacp/bind/named.conf /etc/bind/
13711393
cp -f $hestiacp/bind/named.conf.options /etc/bind/
13721394
chown root:bind /etc/bind/named.conf
@@ -1398,6 +1420,7 @@ fi
13981420
#----------------------------------------------------------#
13991421

14001422
if [ "$exim" = 'yes' ]; then
1423+
echo "Configure Exim mail server"
14011424
gpasswd -a Debian-exim mail > /dev/null 2>&1
14021425
cp -f $hestiacp/exim/exim4.conf.template /etc/exim4/
14031426
cp -f $hestiacp/exim/dnsbl.conf /etc/exim4/
@@ -1433,6 +1456,7 @@ fi
14331456
#----------------------------------------------------------#
14341457

14351458
if [ "$dovecot" = 'yes' ]; then
1459+
echo "Configure Dovecot"
14361460
gpasswd -a dovecot mail > /dev/null 2>&1
14371461
cp -rf $hestiacp/dovecot /etc/
14381462
cp -f $hestiacp/logrotate/dovecot /etc/logrotate.d/
@@ -1485,6 +1509,7 @@ fi
14851509
#----------------------------------------------------------#
14861510

14871511
if [ "$spamd" = 'yes' ]; then
1512+
echo "Configure SpamAssassin"
14881513
update-rc.d spamassassin defaults > /dev/null 2>&1
14891514
sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
14901515
service spamassassin start >> $LOG
@@ -1501,6 +1526,7 @@ fi
15011526
#----------------------------------------------------------#
15021527

15031528
if [ "$dovecot" = 'yes' ] && [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
1529+
echo "Configure Roundcube"
15041530
if [ "$apache" = 'yes' ]; then
15051531
cp -f $hestiacp/roundcube/apache.conf /etc/roundcube/
15061532
ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf
@@ -1570,6 +1596,7 @@ fi
15701596
#----------------------------------------------------------#
15711597

15721598
if [ "$fail2ban" = 'yes' ]; then
1599+
echo "Configure Fail2Ban"
15731600
cp -rf $hestiacp/fail2ban /etc/
15741601
if [ "$dovecot" = 'no' ]; then
15751602
fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2)

install/hst-install-ubuntu.sh

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -862,6 +862,7 @@ rm -f /usr/sbin/policy-rc.d
862862
# Configure system #
863863
#----------------------------------------------------------#
864864

865+
echo "Configure System"
865866
# Enable SSH password authentication
866867
sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config
867868

@@ -913,6 +914,7 @@ chmod 755 /usr/bin/rssh
913914
# Configure Hestia #
914915
#----------------------------------------------------------#
915916

917+
echo "Configure Hestia"
916918
# Installing sudo configuration
917919
mkdir -p /etc/sudoers.d
918920
cp -f $hestiacp/sudo/admin /etc/sudoers.d/
@@ -1053,6 +1055,7 @@ cp -rf $hestiacp/firewall $HESTIA/data/
10531055
$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1
10541056

10551057
# Generating SSL certificate
1058+
echo "Generate ssl certificate"
10561059
$HESTIA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
10571060
'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
10581061

@@ -1062,6 +1065,7 @@ key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
10621065
key_end=$(grep -n "END RSA" /tmp/hst.pem |cut -f 1 -d:)
10631066

10641067
# Adding SSL certificate
1068+
echo "Add ssl certificate to Hestia"
10651069
cd $HESTIA/ssl
10661070
sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
10671071
sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
@@ -1080,6 +1084,7 @@ fi
10801084
#----------------------------------------------------------#
10811085

10821086
if [ "$nginx" = 'yes' ]; then
1087+
echo "Configure Nginx Webserver"
10831088
rm -f /etc/nginx/conf.d/*.conf
10841089
cp -f $hestiacp/nginx/nginx.conf /etc/nginx/
10851090
cp -f $hestiacp/nginx/status.conf /etc/nginx/conf.d/
@@ -1089,6 +1094,7 @@ if [ "$nginx" = 'yes' ]; then
10891094
mkdir -p /etc/nginx/conf.d/domains
10901095
mkdir -p /var/log/nginx/domains
10911096
if [ "$apache" = 'no' ] && [ "$multiphp" = 'yes' ]; then
1097+
echo "Configure Nginx MultiPHP"
10921098
rm -fr $HESTIA/data/templates/web/nginx/*
10931099
for v in "${multiphp_v[@]}"; do
10941100
update-rc.d php$v-fpm defaults > /dev/null 2>&1
@@ -1114,7 +1120,14 @@ if [ "$nginx" = 'yes' ]; then
11141120

11151121
# Update dns servers in nginx.conf
11161122
dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
1117-
sed -i "s/1.0.0.1 1.1.1.1/$dns_resolver/g" /etc/nginx/nginx.conf
1123+
for ip in $dns_resolver; do
1124+
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
1125+
resolver="$ip $resolver"
1126+
fi
1127+
done
1128+
if [ ! -z "$resolver" ]; then
1129+
sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
1130+
fi
11181131

11191132
update-rc.d nginx defaults > /dev/null 2>&1
11201133
service nginx start >> $LOG
@@ -1127,6 +1140,7 @@ fi
11271140
#----------------------------------------------------------#
11281141

11291142
if [ "$apache" = 'yes' ]; then
1143+
echo "Configure Apache Webserver"
11301144
cp -f $hestiacp/apache2/apache2.conf /etc/apache2/
11311145
cp -f $hestiacp/apache2/status.conf /etc/apache2/mods-enabled/
11321146
cp -f $hestiacp/logrotate/apache2 /etc/logrotate.d/
@@ -1147,6 +1161,7 @@ if [ "$apache" = 'yes' ]; then
11471161
chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log
11481162
chmod 751 /var/log/apache2/domains
11491163
if [ "$multiphp" = 'yes' ] ; then
1164+
echo "Configure Apache MultiPHP"
11501165
a2enmod proxy_fcgi setenvif > /dev/null 2>&1
11511166
for v in "${multiphp_v[@]}"; do
11521167
a2enconf php$v-fpm-fpm > /dev/null 2>&1
@@ -1173,6 +1188,7 @@ fi
11731188
#----------------------------------------------------------#
11741189

11751190
if [ "$phpfpm" = 'yes' ]; then
1191+
echo "Configure PHP-FPM"
11761192
cp -f $hestiacp/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
11771193
update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1
11781194
service php$fpm_v-fpm start >> $LOG
@@ -1183,7 +1199,7 @@ fi
11831199
#----------------------------------------------------------#
11841200
# Configure PHP #
11851201
#----------------------------------------------------------#
1186-
1202+
echo "Configure PHP Timezone"
11871203
ZONE=$(timedatectl > /dev/null 2>&1|grep Timezone|awk '{print $2}')
11881204
if [ -z "$ZONE" ]; then
11891205
ZONE='UTC'
@@ -1205,6 +1221,7 @@ chmod 755 /etc/cron.daily/php-session-cleanup
12051221
#----------------------------------------------------------#
12061222

12071223
if [ "$vsftpd" = 'yes' ]; then
1224+
echo "Configure Vsftpd"
12081225
cp -f $hestiacp/vsftpd/vsftpd.conf /etc/
12091226
touch /var/log/vsftpd.log
12101227
chown root:adm /var/log/vsftpd.log
@@ -1224,6 +1241,7 @@ fi
12241241
#----------------------------------------------------------#
12251242

12261243
if [ "$proftpd" = 'yes' ]; then
1244+
echo "Configure ProFTPD server"
12271245
echo "127.0.0.1 $servername" >> /etc/hosts
12281246
cp -f $hestiacp/proftpd/proftpd.conf /etc/proftpd/
12291247
update-rc.d proftpd defaults > /dev/null 2>&1
@@ -1237,6 +1255,7 @@ fi
12371255
#----------------------------------------------------------#
12381256

12391257
if [ "$mysql" = 'yes' ]; then
1258+
echo "Configure MariaDB server"
12401259
mycnf="my-small.cnf"
12411260
if [ $memory -gt 1200000 ]; then
12421261
mycnf="my-medium.cnf"
@@ -1315,6 +1334,7 @@ fi
13151334
#----------------------------------------------------------#
13161335

13171336
if [ "$postgresql" = 'yes' ]; then
1337+
echo "Configure PostgreSQL database server"
13181338
ppass=$(gen_pass)
13191339
cp -f $hestiacp/postgresql/pg_hba.conf /etc/postgresql/*/main/
13201340
service postgresql restart
@@ -1333,6 +1353,7 @@ fi
13331353
#----------------------------------------------------------#
13341354

13351355
if [ "$named" = 'yes' ]; then
1356+
echo "Configure Bind DNS server"
13361357
cp -f $hestiacp/bind/named.conf /etc/bind/
13371358
cp -f $hestiacp/bind/named.conf.options /etc/bind/
13381359
chown root:bind /etc/bind/named.conf
@@ -1364,6 +1385,7 @@ fi
13641385
#----------------------------------------------------------#
13651386

13661387
if [ "$exim" = 'yes' ]; then
1388+
echo "Configure Exim mail server"
13671389
gpasswd -a Debian-exim mail > /dev/null 2>&1
13681390
cp -f $hestiacp/exim/exim4.conf.template /etc/exim4/
13691391
cp -f $hestiacp/exim/dnsbl.conf /etc/exim4/
@@ -1399,6 +1421,7 @@ fi
13991421
#----------------------------------------------------------#
14001422

14011423
if [ "$dovecot" = 'yes' ]; then
1424+
echo "Configure Dovecot"
14021425
gpasswd -a dovecot mail > /dev/null 2>&1
14031426
cp -rf $hestiacp/dovecot /etc/
14041427
cp -f $hestiacp/logrotate/dovecot /etc/logrotate.d/
@@ -1440,6 +1463,7 @@ fi
14401463
#----------------------------------------------------------#
14411464

14421465
if [ "$spamd" = 'yes' ]; then
1466+
echo "Configure SpamAssassin"
14431467
update-rc.d spamassassin defaults > /dev/null 2>&1
14441468
sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
14451469
service spamassassin start >> $LOG
@@ -1456,6 +1480,7 @@ fi
14561480
#----------------------------------------------------------#
14571481

14581482
if [ "$dovecot" = 'yes' ] && [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
1483+
echo "Configure Roundcube"
14591484
if [ "$apache" = 'yes' ]; then
14601485
cp -f $hestiacp/roundcube/apache.conf /etc/roundcube/
14611486
ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf
@@ -1503,6 +1528,7 @@ fi
15031528
#----------------------------------------------------------#
15041529

15051530
if [ "$fail2ban" = 'yes' ]; then
1531+
echo "Configure Fail2ban"
15061532
cp -rf $hestiacp/fail2ban /etc/
15071533
if [ "$dovecot" = 'no' ]; then
15081534
fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2)

0 commit comments

Comments
 (0)