Merge branch 'main' into release

Author: jaapmarcus

CHANGELOG.md

@@ -1,20 +1,38 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.4.6] - Service release 
+
+### Features
+
+- Add support for custom install hooks #1757
+- Add template for CraftCMS #1973 @anvme
+- Upgrade Filegator to 7.6.0
+
+### Bugfixes
+
+- Fix #1961 Renewal Apache2 only SSL certificate fails
+- Fixed #1956 to prevent reset of defined webmail client.
+- Explicitly disable cron reports #1978 
+- Fixed an issue where in rare cases certificate failed to install @dpeca and @myvesta
+- Fixed an issue where composer failed to install when .composer folder is missing
+- Fix #1980 Lets Encrypt Auto Renewal Reverts Webmail Client back to Roundcube
+
 ## [1.4.5] - Service release
 
 ### Bugfixes
 
 - Revert #1943 and rework it to fix possible errors occuring on v-rebuild-cron-jobs.
 - Fixed #1956 to prevent reset of defined webmail client.
+- Explicitly disable cron reports #1978
 
 ## [1.4.4] - Service release
 
 ### Features
 
 - Add nginx user_agent separation to desktop/mobile (e.g. for fastcgi cache)
 - Run phpmyadmin folder under www-data user instead of "user" improving security. (@bet0x)
-- Added new template for mod php users to access phpmymyadmin
+- Added new template for mod php users to access phpmyadmin
 
 ### Bugfixes
 

bin/v-add-letsencrypt-domain

@@ -127,11 +127,12 @@ if [ ! -z "$mail" ]; then
     fi
 fi
 
-log_file="/var/log/hestia/LE-${user}-${domain}-$(date +%Y%m%d-%H%M%S).log"
+log_file="/var/log/hestia/LE-${user}-${domain}.log"
 touch "$log_file"
 chmod 600 "$log_file"
 
 echo -e "\n\n=============================
+Date Time: $(date +%Y-%m-%d) $(date +%H:%M:%S)
 WEB_SYSTEM: ${WEB_SYSTEM}
 PROXY_SYSTEM: ${PROXY_SYSTEM}
 user: ${user}
@@ -331,7 +332,7 @@ for auth in $authz; do
                     check_result $? "Proxy restart failed" > /dev/null
                 fi
             else  
-                get_object_value 'mail' 'DOMAIN' "$domain" "WEBMAIL" 
+                get_object_value 'mail' 'DOMAIN' "$root_domain" "WEBMAIL" 
                 if [ ! -z "$WEBMAIL" ]; then 
                     well_known="/var/lib/$WEBMAIL/.well-known"
                     acme_challenge="$well_known/acme-challenge"
@@ -473,11 +474,11 @@ if [[ "$status" -ne 200 ]]; then
 fi
 
 # Splitting up downloaded pem
-crt_end=$(grep -n END $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
+crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
 head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
 
 pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
-ca_end=$(grep -n  "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
+ca_end=$(grep -n  'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
 ca_end=$(( pem_lines - crt_end + 1 ))
 tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
 

bin/v-add-mail-domain-ssl

@@ -78,15 +78,32 @@ fi
 # Call routine to add SSL configuration to mail domain
 add_mail_ssl_config
 
-# Add webmail configuration to mail domain
-WEBMAIL_TEMPLATE="default"
-if [ "$WEB_SYSTEM" = "nginx" ]; then
-    WEBMAIL_TEMPLATE="web_system"
+if [ "$webmail" == "roundcube" ]; then
+    WEBMAIL_TEMPLATE="default"
+    if [ ! -z "$PROXY_SYSTEM" ]; then
+        PROXY_TEMPLATE="default"
+    fi
+    # Add webmail configuration to mail domain
+    WEBMAIL_TEMPLATE="default"
+    if [ "$WEB_SYSTEM" = "nginx" ]; then
+        WEBMAIL_TEMPLATE="web_system"
+    fi
+elif [ "$webmail" == "rainloop" ]; then
+    WEBMAIL_TEMPLATE="rainloop"
+    if [ ! -z "$PROXY_SYSTEM" ]; then
+        PROXY_TEMPLATE="default_rainloop"
+    fi
+else
+    WEBMAIL_TEMPLATE="disabled"
+    if [ ! -z "$PROXY_SYSTEM" ]; then
+        PROXY_TEMPLATE="default_disabled"
+    fi
 fi
+
 add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.stpl"
 
 if [ ! -z "$PROXY_SYSTEM" ]; then
-    add_webmail_config "$PROXY_SYSTEM" "default.stpl"
+    add_webmail_config "$PROXY_SYSTEM" "${PROXY_TEMPLATE}.stpl"
 fi
 
 # Increase value for domain

bin/v-add-sys-pma-sso

@@ -75,14 +75,14 @@ apikey=$($BIN/v-generate-api-key);
 
 # copy config dir to /usr/share/phpmyadmin/
 cp -f $HESTIA_INSTALL_DIR/phpmyadmin/hestia-sso.php $PMA_INSTALL/hestia-sso.php
-chmod 644 $PMA_INSTALL/hestia-sso.php 
+chmod 640 $PMA_INSTALL/hestia-sso.php 
+chown root:www-data $PMA_INSTALL/hestia-sso.php 
 
 sed -i "s/%PHPMYADMIN_KEY%/$phpmyadminkey/g" $PMA_INSTALL/hestia-sso.php 
 sed -i "s/%API_KEY%/$apikey/g" $PMA_INSTALL/hestia-sso.php 
 sed -i "s/%API_HOST_NAME%/$(hostname)/g" $PMA_INSTALL/hestia-sso.php 
 sed -i "s/%API_HESTIA_PORT%/$BACKEND_PORT/g" $PMA_INSTALL/hestia-sso.php 
 
-
 # Check if config already contains the keys 
 touch $PMA_CONFIG/hestia-sso.inc.php
 chmod 640 $PMA_CONFIG/hestia-sso.inc.php

bin/v-change-sys-port

@@ -77,7 +77,9 @@ else
     sed -i "/COMMENT='HESTIA'/c\RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='$PORT' IP='0.0.0.0/0' COMMENT='HESTIA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'" $HESTIA/data/firewall/rules.conf
 
     # Restart services
-    $HESTIA/bin/v-restart-service iptables
+    if [ -n "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != no ]; then
+        $HESTIA/bin/v-restart-service iptables
+    fi
 
     # Check if Hestia is running
     if [[ $(ps -eaf | grep -i hestia |sed '/^$/d' | wc -l) > 1 ]]; then

bin/v-change-web-domain-backend-tpl

@@ -88,7 +88,7 @@ if [ ! -z "$CUSTOM_DOCROOT" ]; then
 fi
 
 # Checking backend pool configuration
-if [ "$backend_type" = "$user" ]; then
+if [[ "$backend_type" = "$user" && $WEB_BACKEND_POOL = 'user' ]]; then
     conf=$USER_DATA/web.conf
     fields='$DOMAIN'
     nohead=1

bin/v-restart-service

@@ -33,25 +33,26 @@ is_format_valid 'service' 'restart'
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Get installed php versions
-php_versions=$(ls /usr/sbin/php*fpm* | cut -d'/' -f4 | sed 's|php-fpm||')
-
-# Substitute php-fpm service name formats
-for version in $php_versions; do
-    if [ "$service" = "php-fpm${version}" ]; then
-        service="php${version}-fpm"
-    fi
-done
-
-# Multi-instance service restart request handling
-if [ "$service" = "php-fpm" ];then
+if [ -d /usr/sbin/php*/fpm/ ]; then 
+    # Get installed php versions
+    php_versions=$(ls /usr/sbin/php*fpm* | cut -d'/' -f4 | sed 's|php-fpm||')
+    
+    # Substitute php-fpm service name formats
     for version in $php_versions; do
-        service_list="${service_list} php${version}-fpm"
+        if [ "$service" = "php-fpm${version}" ]; then
+            service="php${version}-fpm"
+        fi
     done
-else
-    service_list="$service"
-fi
-
+    
+    # Multi-instance service restart request handling
+    if [ "$service" = "php-fpm" ];then
+        for version in $php_versions; do
+            service_list="${service_list} php${version}-fpm"
+        done
+    else
+        service_list="$service"
+    fi
+fi 
 for service in $service_list; do
 
     if [ "$service" = "iptables" ]; then

bin/v-update-sys-rrd-mysql

@@ -37,6 +37,8 @@ case $period in
     *) exit $E_RRD ;;
 esac
 
+notify="no"
+
 # Checking directory
 if [ ! -d "$RRD/db" ]; then
     mkdir $RRD/db

func/main.sh

@@ -622,6 +622,8 @@ sync_cron_jobs() {
     if [ "$CRON_REPORTS" = 'yes' ]; then
         echo "MAILTO=$CONTACT" > $crontab
         echo 'CONTENT_TYPE="text/plain; charset=utf-8"' >> $crontab
+    else
+        echo 'MAILTO=""' > $crontab
     fi
 
     while read line; do

install/deb/templates/web/nginx/php-fpm/craftcms.stpl

@@ -0,0 +1,82 @@
+#=======================================================================#
+# Default Web Domain Template                                           #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
+#=======================================================================#
+
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%/web;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    # Craft-specific location handlers to ensure AdminCP requests route through index.php
+    # If you change your `cpTrigger`, change it here as well
+    location ^~ /admin {
+        try_files $uri $uri/ @phpfpm_nocache;
+    }
+    location ^~ /index.php/admin {
+        try_files $uri $uri/ @phpfpm_nocache;
+    }
+    location ^~ /cpresources {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+    location ^~ /actions {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+    
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+        location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+            expires 30d;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            try_files $uri =404;
+            fastcgi_pass %backend_lsnr%;
+            fastcgi_index index.php;
+            include /etc/nginx/fastcgi_params;
+            include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include /etc/nginx/conf.d/phpmyadmin.inc*;
+    include /etc/nginx/conf.d/phppgadmin.inc*;
+    include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}