Merge master into core-ubuntu-20.04

Author: ScIT-Raphael

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 ### Features
 
 ### Bugfixes
+- Disable Apache2 Server Status Module by default.
+- Do not allow to change the password of a non-hestia user. Thanks to Alexandre Zanni!
+- Use sury repository for Apache2 packages.
+- Check whether Nginx, Apache2 and MariaDB are selected for installation prior to adding third party repositories.
+- Remove duplicated set-cookie line in default fpm config.
+- Adjust let's encrypt validation check for idn domains, thanks to @zanami!
+- Set backup download location on restore for ftp/sftp, thanks to @Daniyal-Javani!
+- Ignore empty lines when listing firewall rules
 
 ## [1.1.1] - 2020-03-24 - Hotfix
 ### Features

bin/v-add-firewall-chain

@@ -62,6 +62,7 @@ case $chain in
     WEB)        port='80,443'; protocol=TCP  ;;
     DB)         port='3306,5432'; protocol=TCP  ;;
     HESTIA)     port=$hestiaport; protocol=TCP  ;;
+    RECIDIVE)   port='1:65535'; protocol=TCP  ;;
     *)          check_args '2' "$#" 'CHAIN PORT' ;;
 esac
 

bin/v-add-letsencrypt-domain

@@ -134,6 +134,9 @@ fi
 # Check if dns records exist for requested domain/aliases
 if [ "$proto" = "http-01" ]; then
     for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
+        if [[ "$identifier" = *[![:ascii:]]* ]]; then
+            identifier=$(idn -t --quiet -a $identifier)
+        fi
         if ! nslookup "${identifier}" > /dev/null 2>&1 ; then
             check_result $E_NOTEXIST "DNS record for $identifier doesn't exist"
         fi

bin/v-add-web-domain-ssl

@@ -109,7 +109,6 @@ if [ ! -z "$PROXY_SYSTEM" ] && [ ! -z "$PROXY" ]; then
     add_web_config "$PROXY_SYSTEM" "$PROXY.stpl"
 fi
 
-
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
@@ -121,6 +120,9 @@ increase_user_value "$user" '$U_WEB_SSL'
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HOME' "$SSL_HOME"
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL' "yes"
 
+# Enabling automatic SSL redirection
+$BIN/v-add-web-domain-ssl-force "$user" "$domain"
+
 # Restarting web server
 $BIN/v-restart-web $restart
 check_result $? "Web restart failed" >/dev/null

bin/v-change-mail-account-password

@@ -55,6 +55,9 @@ salt=$(generate_password "$PW_MATRIX" "8")
 md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
+    quota=$(grep $account $HESTIA/data/users/${user}/mail/${domain}.conf)
+    quota=$(echo $quota | awk '{ print $7 }' | sed -e "s/'//g" )
+    quota=$(echo $quota | cut -d "=" -f 2 | sed -e "s/unlimited/0/g")
     sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
     str="$account:$md5:$user:mail::$HOMEDIR/$user::userdb_quota_rule=*:storage=${quota}M"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd

bin/v-change-user-password

@@ -13,6 +13,10 @@
 user=$1
 password=$2; HIDE=2
 
+# Importing system enviroment  as we run this script
+# mostly by cron wich not read it by itself
+source /etc/profile
+
 # Includes
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf

bin/v-list-firewall

@@ -22,6 +22,7 @@ json_list() {
     objects=$(grep RULE $HESTIA/data/firewall/rules.conf |wc -l)
     echo "{"
     while read str; do
+        [[ -z "$str" ]] && continue;
         parse_object_kv_list "$str"
         echo -n '    "'$RULE'": {
         "ACTION": "'$ACTION'",
@@ -49,6 +50,7 @@ shell_list() {
     echo "RULE^ACTION^PROTO^PORT^IP^SPND^DATE"
     echo "----^------^-----^----^--^----^----"
     while read str; do
+        [[ -z "$str" ]] && continue;
         parse_object_kv_list "$str"
         echo "$RULE^$ACTION^$PROTOCOL^$PORT^$IP^$SUSPENDED^$DATE"
     done < <(cat $HESTIA/data/firewall/rules.conf)
@@ -58,6 +60,7 @@ shell_list() {
 plain_list() {
     IFS=$'\n'
     while read str; do
+        [[ -z "$str" ]] && continue;
         parse_object_kv_list "$str"
         echo -ne "$RULE\t$ACTION\t$PROTOCOL\t$PORT\t$IP\t$COMMENT\t"
         echo -e "$SUSPENDED\t$TIME\t$DATE"
@@ -69,6 +72,7 @@ csv_list() {
     IFS=$'\n'
     echo "RULE,ACTION,PROTOCOL,PORT,IP,COMMENT,SUSPENDED,TIME,DATE"
     while read str; do
+        [[ -z "$str" ]] && continue;
         parse_object_kv_list "$str"
         echo -n "$RULE,$ACTION,$PROTOCOL,$PORT,$IP,\"$COMMENT\","
         echo "$SUSPENDED,$TIME,$DATE"

bin/v-restore-user

@@ -41,6 +41,7 @@ ftpc() {
     /usr/bin/ftp -n $HOST $PORT <<EOF
     quote USER $USERNAME
     quote PASS $PASSWORD
+    lcd $BACKUP
     binary
     $1
     $2

install/deb/fail2ban/jail.local

@@ -48,7 +48,7 @@ maxretry = 5
 [recidive]
 enabled  = true
 filter   = recidive
-action   = hestia[name=HESTIA]
+action   = hestia[name=RECIDIVE]
 logpath  = /var/log/fail2ban.log
 maxretry = 5
 findtime = 86400

install/deb/templates/web/nginx/php-fpm/default.stpl

@@ -19,7 +19,6 @@ server {
         location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
             expires     max;
             fastcgi_hide_header "Set-Cookie";
-            fastcgi_hide_header "Set-Cookie";
         }
 
         location ~ [^/]\.php(/|$) {