Merge branch 'develop' into webui-refresh-winterfell

Author: Kristan Kenney

.gitignore

@@ -3,5 +3,7 @@
 *.gzip
 *.gz
 *.bz2
+*.deb
+
 .vscode
 .DS_Store

bin/v-add-letsencrypt-domain

@@ -49,7 +49,11 @@ query_le_v2() {
     curl -s -i -d "$post_data" "$1" -H "$content"
 }
 
-
+# Set DNS CAA record retrieval commands
+if [ ! -z "$DNS_SYSTEM" ]; then
+    dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
+    caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "CAA" | cut -d' ' -f1)
+fi
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -122,11 +126,33 @@ if [ "$proto" = "http-01" ]; then
     done
 fi
 
+# Ensure DNS CAA record exists for Let's Encrypt before requesting certificate
+if [ ! -z "$DNS_SYSTEM" ]; then
+    # Check for DNS zone
+    if [ "$dns_domain" = "$domain" ]; then
+        # Replace DNS domain CAA records with Let's Encrypt values
+        if [ -z "$caa_record" ]; then
+            $BIN/v-add-dns-record $user $domain '@' 'CAA' 'issue 0 "letsencrypt.org"'
+        else
+            $BIN/v-delete-dns-record $user $domain $caa_record
+            $BIN/v-add-dns-record $user $domain '@' 'CAA' 'issue 0 "letsencrypt.org"'
+        fi
+    fi
+fi
+
 # Requesting nonce / STEP 1
 answer=$(curl -s -I "$LE_API/directory")
 nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
 status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ')
 if [[ "$status" -ne 200 ]]; then
+    # Delete DNS CAA record
+    if [ ! -z "$DNS_SYSTEM" ]; then
+        if [ "$dns_domain" = "$domain" ]; then
+            if [ ! -z "$caa_record" ]; then
+                $BIN/v-delete-dns-record $user $domain $caa_record
+            fi
+        fi
+    fi
     check_result $E_CONNECT "Let's Encrypt nonce request status $status"
 fi
 
@@ -147,6 +173,14 @@ authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
 finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
 status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
 if [[ "$status" -ne 201 ]]; then
+    # Delete DNS CAA record
+    if [ ! -z "$DNS_SYSTEM" ]; then
+        if [ "$dns_domain" = "$domain" ]; then
+            if [ ! -z "$caa_record" ]; then
+                $BIN/v-delete-dns-record $user $domain $caa_record
+            fi
+        fi
+    fi
     check_result $E_CONNECT "Let's Encrypt new auth status $status"
 fi
 
@@ -159,6 +193,17 @@ for auth in $authz; do
     nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
     status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ')
     if [[ "$status" -ne 200 ]]; then
+        # Delete DNS CAA record
+        if [ ! -z "$DNS_SYSTEM" ]; then
+            dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
+            caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "letsencrypt" | cut -d' ' -f1)
+
+            if [ "$dns_domain" = "$domain" ]; then
+                if [ ! -z "$caa_record" ]; then
+                    $BIN/v-delete-dns-record $user $domain $caa_record
+                fi
+            fi
+        fi
         check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
     fi
 
@@ -232,16 +277,49 @@ for auth in $authz; do
         nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
         status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ')
         if [[ "$status" -ne 200 ]]; then
+            # Delete DNS CAA record
+            if [ ! -z "$DNS_SYSTEM" ]; then
+                dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
+                caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "letsencrypt" | cut -d' ' -f1)
+
+                if [ "$dns_domain" = "$domain" ]; then
+                    if [ ! -z "$caa_record" ]; then
+                        $BIN/v-delete-dns-record $user $domain $caa_record
+                    fi
+                fi
+            fi
             check_result $E_CONNECT "Let's Encrypt validation status $status"
         fi
 
         i=$((i + 1))
         if [ "$i" -gt 10 ]; then
+            # Delete DNS CAA record
+            if [ ! -z "$DNS_SYSTEM" ]; then
+                dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
+                caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "letsencrypt" | cut -d' ' -f1)
+
+                if [ "$dns_domain" = "$domain" ]; then
+                    if [ ! -z "$caa_record" ]; then
+                        $BIN/v-delete-dns-record $user $domain $caa_record
+                    fi
+                fi
+            fi
             check_result $E_CONNECT "Let's Encrypt domain validation timeout"
         fi
         sleep 1
     done
     if [ "$validation" = 'invalid' ]; then
+        # Delete DNS CAA record
+        if [ ! -z "$DNS_SYSTEM" ]; then
+            dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
+            caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "letsencrypt" | cut -d' ' -f1)
+
+            if [ "$dns_domain" = "$domain" ]; then
+                if [ ! -z "$caa_record" ]; then
+                    $BIN/v-delete-dns-record $user $domain $caa_record
+                fi
+            fi
+        fi    
         check_result $E_CONNECT "Let's Encrypt domain verification failed"
     fi
 done

bin/v-delete-letsencrypt-domain

@@ -46,6 +46,18 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
+# Delete DNS CAA record
+if [ ! -z "$DNS_SYSTEM" ]; then
+    dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
+    caa_record=$($BIN/v-list-dns-records $user $domain | grep -i "letsencrypt" | cut -d' ' -f1)
+
+    if [ "$dns_domain" = "$domain" ]; then
+        if [ ! -z "$caa_record" ]; then
+            $BIN/v-delete-dns-record $user $domain $caa_record
+        fi
+    fi
+fi
+
 # Delete SSL
 if [ -z "$mail" ]; then
     $BIN/v-delete-web-domain-ssl $user $domain $restart >/dev/null 2>&1

bin/v-rebuild-mail-domains

@@ -45,9 +45,6 @@ U_MAIL_SSL=0
 SUSPENDED_MAIL=0
 U_DISK_MAIL=0
 
-# Update mail templates
-$BIN/v-update-mail-templates
-
 # Checking mail folder
 if [ ! -d "$USER_DATA/mail" ]; then
     rm -f $USER_DATA/mail

bin/v-update-mail-templates

@@ -40,6 +40,11 @@ fi
 # Update templates
 cp -rf $HESTIA/install/$type/templates/mail $HESTIA/data/templates/
 
+# Rebuilding mail domains
+for user in $($BIN/v-list-sys-users plain); do
+    $BIN/v-rebuild-mail-domains $user no
+done
+
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#

bin/v-update-web-templates

@@ -41,23 +41,21 @@ fi
 cp -rf $HESTIA/install/$type/templates/web $HESTIA/data/templates/
 
 # Update Multi-PHP templates
-if [ -d "/etc/php/*/fpm" ]; then
-    php_versions=$(ls /etc/php/*/fpm -d | wc -l)
-    if [ "$php_versions" -gt 1 ]; then
-        if [ "$WEB_SYSTEM" = "nginx" ]; then
-            for tplname in $(ls $HESTIA/data/templates/web/$WEB_SYSTEM/ | grep -v 'default'); do
-                rm -fr $HESTIA/data/templates/web/$WEB_SYSTEM/$tplname
-            done
-        fi
-        for v in $(ls /etc/php/); do
-            if [ ! -d "/etc/php/$v/fpm/pool.d/" ]; then
-                continue
-            fi
-            v_tpl=$(echo "$v" | sed -e 's/[.]//')
-            cp -f $HESTIA/install/$type/multiphp/$WEB_SYSTEM/PHP-$v_tpl.* $HESTIA/data/templates/web/$WEB_SYSTEM/
+php_versions=$(ls /etc/php/*/fpm -d 2>/dev/null | wc -l)
+if [ "$php_versions" -gt 1 ]; then
+    if [ "$WEB_SYSTEM" = "nginx" ]; then
+        for tplname in $(ls $HESTIA/data/templates/web/$WEB_SYSTEM/ | grep -v 'default'); do
+            rm -fr $HESTIA/data/templates/web/$WEB_SYSTEM/$tplname
         done
-        chmod a+x $HESTIA/data/templates/web/$WEB_SYSTEM/*.sh
     fi
+    for v in $(ls /etc/php/); do
+        if [ ! -d "/etc/php/$v/fpm/pool.d/" ]; then
+            continue
+        fi
+        v_tpl=$(echo "$v" | sed -e 's/[.]//')
+        cp -f $HESTIA/install/$type/multiphp/$WEB_SYSTEM/PHP-$v_tpl.* $HESTIA/data/templates/web/$WEB_SYSTEM/
+    done
+    chmod a+x $HESTIA/data/templates/web/$WEB_SYSTEM/*.sh
 fi
 
 # Rebuilding web domains

install/hst-install-debian.sh

@@ -79,6 +79,7 @@ help() {
   -s, --hostname          Set hostname
   -e, --email             Set admin email
   -p, --password          Set admin password
+  -D, --with-debs         Path to Hestia debs
   -f, --force             Force installation
   -h, --help              Print this help
 
@@ -179,6 +180,7 @@ for arg; do
         --email)                args="${args}-e " ;;
         --password)             args="${args}-p " ;;
         --force)                args="${args}-f " ;;
+        --with-debs)            args="${args}-D " ;;
         --help)                 args="${args}-h " ;;
         *)                      [[ "${arg:0:1}" == "-" ]] || delim="\""
                                 args="${args}${delim}${arg}${delim} ";;
@@ -187,7 +189,7 @@ done
 eval set -- "$args"
 
 # Parsing arguments
-while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:fh" Option; do
+while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do
     case $Option in
         a) apache=$OPTARG ;;            # Apache
         n) nginx=$OPTARG ;;             # Nginx
@@ -212,6 +214,7 @@ while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:fh" Option; do
         s) servername=$OPTARG ;;        # Hostname
         e) email=$OPTARG ;;             # Admin email
         p) vpass=$OPTARG ;;             # Admin password
+        D) withdebs=$OPTARG ;;          # Hestia debs path
         f) force='yes' ;;               # Force install
         h) help ;;                      # Help
         *) help ;;                      # Print help (default)
@@ -281,6 +284,11 @@ fi
 # Clear the screen once launch permissions have been verified
 clear
 
+# Configure apt to retry downloading on error
+if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
+    echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
+fi
+
 # Update apt repository
 echo "Please wait a moment while we update your systems APT repositories..."
 apt-get -qq update
@@ -819,6 +827,11 @@ if [ "$multiphp" = 'yes' ]; then
     software=$(echo "$software" | sed -e 's/php-phpseclib//')
     software=$(echo "$software" | sed -e 's/php-pgsql//')
 fi
+if [ -d "$withdebs" ]; then
+    software=$(echo "$software" | sed -e 's/hestia-nginx//')
+    software=$(echo "$software" | sed -e 's/hestia-php//')
+    software=$(echo "$software" | sed -e 's/hestia//')
+fi
 
 #----------------------------------------------------------#
 #                     Install packages                     #
@@ -850,6 +863,13 @@ echo
 # Check Installation result
 check_result $? "apt-get install failed"
 
+# Install Hestia packages from local folder
+if [ ! -z "$withdebs" ] && [ -d "$withdebs" ]; then
+    dpkg -i $withdebs/hestia_*.deb
+    dpkg -i $withdebs/hestia-php_*.deb
+    dpkg -i $withdebs/hestia-nginx_*.deb
+fi
+
 # Restoring autostart policy
 rm -f /usr/sbin/policy-rc.d
 
@@ -1776,7 +1796,7 @@ echo "(!) IMPORTANT: You must logout or restart the server before continuing."
 echo -n " Do you want to logout now? [Y/N] "
 read resetshell
 
-if [ $resetshell = "Y" ] || [ $resetshell = "y" ]; then
+if [ "$resetshell" = "Y" ] || [ "$resetshell" = "y" ]; then
     logout
 fi
 

install/hst-install-ubuntu.sh

@@ -64,6 +64,7 @@ help() {
   -s, --hostname          Set hostname
   -e, --email             Set admin email
   -p, --password          Set admin password
+  -D, --with-debs         Path to Hestia debs
   -f, --force             Force installation
   -h, --help              Print this help
 
@@ -164,6 +165,7 @@ for arg; do
         --email)                args="${args}-e " ;;
         --password)             args="${args}-p " ;;
         --force)                args="${args}-f " ;;
+        --with-debs)            args="${args}-D " ;;
         --help)                 args="${args}-h " ;;
         *)                      [[ "${arg:0:1}" == "-" ]] || delim="\""
                                 args="${args}${delim}${arg}${delim} ";;
@@ -172,7 +174,7 @@ done
 eval set -- "$args"
 
 # Parsing arguments
-while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:fh" Option; do
+while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do
     case $Option in
         a) apache=$OPTARG ;;            # Apache
         n) nginx=$OPTARG ;;             # Nginx
@@ -197,6 +199,7 @@ while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:fh" Option; do
         s) servername=$OPTARG ;;        # Hostname
         e) email=$OPTARG ;;             # Admin email
         p) vpass=$OPTARG ;;             # Admin password
+        D) withdebs=$OPTARG ;;          # Hestia debs path
         f) force='yes' ;;               # Force install
         h) help ;;                      # Help
         *) help ;;                      # Print help (default)
@@ -266,6 +269,11 @@ fi
 # Clear the screen once launch permissions have been verified
 clear
 
+# Configure apt to retry downloading on error
+if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
+    echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
+fi
+
 # Update apt repository
 echo "Please wait a moment while we update your systems APT repositories..."
 apt-get -qq update
@@ -781,6 +789,11 @@ if [ "$multiphp" = 'yes' ]; then
     software=$(echo "$software" | sed -e 's/php-phpseclib//')
     software=$(echo "$software" | sed -e 's/php-pgsql//')
 fi
+if [ -d "$withdebs" ]; then
+    software=$(echo "$software" | sed -e 's/hestia-nginx//')
+    software=$(echo "$software" | sed -e 's/hestia-php//')
+    software=$(echo "$software" | sed -e 's/hestia//')
+fi
 
 #----------------------------------------------------------#
 #                 Disable Apparmor on LXC                  #
@@ -824,6 +837,13 @@ echo
 # Check Installation result
 check_result $? "apt-get install failed"
 
+# Install Hestia packages from local folder
+if [ ! -z "$withdebs" ] && [ -d "$withdebs" ]; then
+    dpkg -i $withdebs/hestia_*.deb
+    dpkg -i $withdebs/hestia-php_*.deb
+    dpkg -i $withdebs/hestia-nginx_*.deb
+fi
+
 # Restoring autostart policy
 rm -f /usr/sbin/policy-rc.d
 
@@ -1682,7 +1702,7 @@ echo "(!) IMPORTANT: You must logout or restart the server before continuing."
 echo -n " Do you want to logout now? [Y/N] "
 read resetshell
 
-if [ $resetshell = "Y" ] || [ $resetshell = "y" ]; then
+if [ "$resetshell" = "Y" ] || [ "$resetshell" = "y" ]; then
     logout
 fi