Merge pull request #2 from hestiacp/master

Sync with official master

CHANGELOG.md

@@ -11,12 +11,12 @@ All notable changes to this project will be documented in this file.
 - Refactored MultiPHP functionality. MultiPHP will be enabled by default on new installations.
 - Allowed admin user to add or remove PHP versions from webui (edit/server->"Web Server" page).
 - Extended v-extract-fs-archive to allow archive testing and extracting only specific paths (for tar)
-- Added file manager (Tiny File Manager).
 - Allow renaming of existing packages from console (v-rename-package).
 - Webmail IP address is now inherited from web domain when using multiple IPs.
 - Exim now uses the web domain IP if it exists.
 - Public IP is now used when updating webmail DNS record.
 - Added PHP 7.4 to MultiPHP.
+- Add Support for Debian 10 (Buster).
 
 ### Bugfixes
 - Added a detection of web root for add .well-known ACME challenge.
@@ -61,6 +61,14 @@ All notable changes to this project will be documented in this file.
 - Re-Enable force ssl function on let's encrypt certification renew.
 - Added official postgresql repository to be up to date.
 - Hardening MySQL configuration, prevent local infile.
+- Fixed lograte bug and cleans up the messed up nginx/apache2 log permissions.
+- Fixed IfModule mpm_itk.c for apache2 templates.
+- Added mpm_itk for Deb10 single php installation only.
+- Hardening nginx configuration, drop TLSv1.1 support.
+- Fixed excluding folders named "logs" from restore backup, thanks to @davidgolsen.
+- Fixed typo in delete psql database part, thanks to @joshbmarshall.
+- Split long txt records to 255 chunks to prevent bind issues, thanks to @setiseta.
+- Fixed missing restart routine for vsftp on v-add-letsencrypt-host.
 
 ## [1.0.6] - 2019-09-24 - Hotfix
 ### Bugfixes

ISSUE_TEMPLATE.md

@@ -1,18 +1,23 @@
-### The content below is simply a template. Please delete any unnecessary sections from your issue reports.
+### The content below is simply a template. 
+
+**To better assist in troubleshooting and aid with our debugging processes, we ask that you please delete any unnecessary sections below when filling out your issue report.**
+
+**Important: Please DO NOT include any personal or sensitive information in your issue reports, including usernames, passwords, or email addresses.**
 
 ### In a few words, please describe the issue that you're experiencing:
-Please enter your response here (e.g. When I click on the Web tab, a blank page is displayed).
+Please enter your response here (e.g. When I try adding a web domain, an error message appeared stating that the php-fpm pool did not exist).
 
 ### What steps did you take when the issue occured? 
 1. Ex.: Log into the Hestia Control Panel using Firefox
 2. Ex.: Click on the Web tab
-3. ...
+3. Ex.: Click on Add Web Domain
+4. Ex.: Attempted to add a domain and received an error.
 
 ### Expected behavior:
-Please enter your response here (e.g. A list of hosted web domains should appear).
+Please enter your response here (e.g. the web domain should have been added successfully).
 
 ### Operating system distribution and release:
-Please enter your response here (e.g. Ubuntu 18.04.2 LTS)
+Please enter your response here (e.g. Ubuntu 18.04.3 LTS)
 
 ### Which version of Hestia Control Panel is currently installed?
 You can find this information in $HESTIA/conf/hestia.conf by running the following command:

README.md

@@ -3,9 +3,17 @@
 **Current stable release:** Version 1.0.6, released on September 26th, 2019.<br>
 **Current development release:** Version 1.1.0, release date yet to be determined.
 
-**We're looking for some extra hands on deck!**
+**Welcome!**
 ---------------------------- 
-Are you a software developer, tester, or have experience in writing documentation or guides? Do you have some spare time to contribute and want to help further the development of Hestia Control Panel?<br><br>Please send an email to info@hestiacp.com with a quick outline of your previous experience in any of these areas or where you think you could help on the project and we'll reach out to discuss with you further. 
+Hestia Control Panel offers easy to use web and command line interfaces, enabling web server administrators to quickly deploy and manage web domains, mail accounts, and DNS zones from one central location without the hassle of manually deploying and configuring individual components. 
+
+While we have taken every effort to make the interface as friendly as possible (even for new users), it is assumed that you will have some prior knowledge and understanding in the basics how to set up a Linux server and managing web applications.
+
+**We cannot provide support for requests that do not describe in detail the troubleshooting that has already been performed, or for third-party applications which do not directly relate to Hestia Control Panel. Please make sure that you fill in the necessary details in your issue reports, and remove any sections that do not apply to your issue or use case.**
+
+Interested in helping shape the future of Hestia Control Panel?
+---------------------------- 
+Are you a software developer, tester, or have experience in writing documentation or guides and have some time to contibute to the project?<br><br>Please send an email to info@hestiacp.com with a quick outline of your previous experience in any of these areas or where you think you could help on the project and we'll reach out to discuss the next steps.
 
 As always we welcome all feedback and contributions!
 
@@ -67,7 +75,7 @@ You may specify a number of various flags during installation to only install th
 ```bash
 bash hst-install.sh -h
 ```
-Alternatively, @gabizz has made available a command-line script generator at https://gabizz.github.io/hestiacp-scriptline-generator/ which allows you to easily generate the installation command via GUI.
+Alternatively, @gabizz has made available a command-line script generator at https://gabizz.github.io/hestiacp-scriptline-generator/ which allows you to easily generate the installation command via GUI. (Please note that this generator still references the master branch, which is not intended for production use - see development builds below.)
 
 Installing & testing development builds
 =============================
@@ -107,4 +115,4 @@ If you would like to help our developers cover their time and infrastucture cost
 
 License
 =============================
-Hestia Control Panel is licensed under [GPL v3](https://github.com/hestiacp/hestiacp/blob/master/LICENSE) license, and is based on the [VestaCP](https://www.vestacp.com/) project.<br>
+Hestia Control Panel is licensed under [GPL v3](https://github.com/hestiacp/hestiacp/blob/master/LICENSE) license, and is based on the [VestaCP](https://www.vestacp.com/) project.<br>

bin/v-add-letsencrypt-host

@@ -68,14 +68,15 @@ fi
 if [ "$add_ssl" = "yes" ]; then
     # Add let's encrypt ssl
     $BIN/v-add-letsencrypt-domain $user $domain
+    check_result $? "Let's Encrypt SSL creation failed"  $E_UPDATE
 fi
 
 # Add certificate to backend
 $BIN/v-update-host-certificate $user $domain
 
 # Enable automatic ssl forward and hsts
-$BIN/v-add-web-domain-ssl-force $user $domain
-$BIN/v-add-web-domain-ssl-hsts $user $domain
+$BIN/v-add-web-domain-ssl-force $user $domain > /dev/null 2>&1
+$BIN/v-add-web-domain-ssl-hsts $user $domain > /dev/null 2>&1
 
 
 #----------------------------------------------------------#

bin/v-add-mail-account

@@ -62,7 +62,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     if [ "$quota" = 'unlimited' ]; then
         quota='0'
     fi
-    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
+    str="$account:$md5:$user:mail::$HOMEDIR/$user::userdb_quota_rule=*:storage=${quota}M"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
 

bin/v-add-sys-sftp-jail

@@ -73,7 +73,7 @@ done
 
 # Add v-add-sys-sftp-jail to startup
 if [ ! -e "/etc/cron.d/hestia-sftp" ]; then
-    echo "@reboot admin /usr/local/hestia/bin/v-add-sys-sftp-jail" > /etc/cron.d/hestia-sftp
+    echo "@reboot root /usr/local/hestia/bin/v-add-sys-sftp-jail" > /etc/cron.d/hestia-sftp
 fi
 
 #----------------------------------------------------------#

bin/v-add-user

@@ -99,12 +99,14 @@ fi
 
 # Create default writeable folders
 mkdir $HOMEDIR/$user/.config \
+      $HOMEDIR/$user/.cache \
       $HOMEDIR/$user/.local \
       $HOMEDIR/$user/.composer \
       $HOMEDIR/$user/.ssh
 
 chown $user:$user \
       $HOMEDIR/$user/.config \
+      $HOMEDIR/$user/.cache \
       $HOMEDIR/$user/.local \
       $HOMEDIR/$user/.composer \
       $HOMEDIR/$user/.ssh

bin/v-add-web-php

@@ -44,6 +44,10 @@ if [ ! -f "$HESTIA_INSTALL_DIR/multiphp/$WEB_SYSTEM/PHP-${version//.}.sh" ]; the
     exit
 fi
 
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#

bin/v-change-mail-account-password

@@ -56,7 +56,7 @@ md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 
 if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
-    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
+    str="$account:$md5:$user:mail::$HOMEDIR/$user::userdb_quota_rule=*:storage=${quota}M"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
 

bin/v-change-mail-account-quota

@@ -58,7 +58,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
         quota=0
     fi
     sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
-    str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
+    str="$account:$md5:$user:mail::$HOMEDIR/$user::userdb_quota_rule=*:storage=${quota}M"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
 fi
 

bin/v-change-web-domain-backend-tpl

@@ -118,6 +118,7 @@ else
     # Parsing domain values
     get_domain_values 'web'
     local_ip=$(get_real_ip $IP)
+    BACKEND="$template"
     prepare_web_domain_values
 
     # Rebuilding vhost

bin/v-delete-web-php

@@ -41,6 +41,9 @@ if [ ! -f "$php_fpm" ] && [ ! -f "$HESTIA/data/templates/$WEB_SYSTEM/PHP-$versio
     exit
 fi
 
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
 
 #----------------------------------------------------------#
 #                       Action                             #

bin/v-rebuild-web-domain

@@ -70,9 +70,9 @@ fi
 
 # Deleting backend configs
 if [ ! -z "$WEB_BACKEND" ]; then
+    template=$(get_object_value 'web' 'DOMAIN' "$domain" '$BACKEND')
     prepare_web_backend
     delete_web_backend
-    template=$(get_object_value 'web' 'DOMAIN' "$domain" '$BACKEND')
     $BIN/v-add-web-domain-backend $user $domain $template $restart
 fi
 

bin/v-rebuild-web-domains

@@ -85,6 +85,7 @@ if [ ! -z "$WEB_BACKEND" ]; then
         delete_web_backend
     else
         for domain in $($BIN/v-list-web-domains $user plain |cut -f 1); do
+            template=$(get_object_value 'web' 'DOMAIN' "$domain" '$BACKEND')
             prepare_web_backend
             delete_web_backend
         done

bin/v-restore-user

@@ -284,7 +284,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
         domains="$backup_domains"
     else
         echo "$web" |tr ',' '\n' > $tmpdir/selected.txt
-        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
+        domains=$(echo "$backup_domains" |egrep -x -f $tmpdir/selected.txt)
     fi
 
     # Restoring web domain
@@ -407,8 +407,10 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
             rm -rf $HOMEDIR/$user/web/$domain/public_html/*
         fi
         chmod u+w "$HOMEDIR/$user/web/$domain"
+        [[ -d $HOMEDIR/$user/web/$domain/stats ]] && chmod u+w "$HOMEDIR/$user/web/$domain/stats"
         user_exec tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
             -C "$HOMEDIR/$user/web/$domain/" \
+            --anchored \
             --exclude='logs/*'
         if [ "$?" -ne 0 ]; then
             rm -rf $tmpdir
@@ -451,7 +453,7 @@ if [ "$dns" != 'no' ] && [ ! -z "$DNS_SYSTEM" ]; then
         domains="$backup_domains"
     else
         echo "$dns" |tr ',' '\n' > $tmpdir/selected.txt
-        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
+        domains=$(echo "$backup_domains" |egrep -x -f $tmpdir/selected.txt)
     fi
 
     # Restoring DNS domain
@@ -545,7 +547,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
         domains="$backup_domains"
     else
         echo "$mail" |tr ',' '\n' > $tmpdir/selected.txt
-        domains=$(echo "$backup_domains" |egrep -f $tmpdir/selected.txt)
+        domains=$(echo "$backup_domains" |egrep -x -f $tmpdir/selected.txt)
     fi
 
     # Checking exim username for later chowning
@@ -648,7 +650,7 @@ if [ "$db" != 'no' ] && [ ! -z "$DB_SYSTEM" ]; then
         databases="$backup_databases"
     else
         echo "$db" |tr ',' '\n' > $tmpdir/selected.txt
-        databases=$(echo "$backup_databases" |egrep -f $tmpdir/selected.txt)
+        databases=$(echo "$backup_databases" |egrep -x -f $tmpdir/selected.txt)
     fi
 
     # Restoring database
@@ -759,24 +761,28 @@ if [ "$udir" != 'no' ]; then
             user_dirs="$backup_dirs"
         else
             echo "$udir" |tr ',' '\n' > $tmpdir/selected.txt
-            user_dirs=$(echo "$backup_dirs" |egrep -f $tmpdir/selected.txt)
+            user_dirs=$(echo "$backup_dirs" |egrep -x -f $tmpdir/selected.txt)
         fi
 
         for user_dir in $user_dirs; do
             echo -e "$(date "+%F %T") $user_dir" |tee -a $tmpdir/restore.log
             tar xf "$BACKUP/$backup" -C "$tmpdir" --no-wildcards "./user_dir/$user_dir.tar.gz"
             if [ "$?" -ne 0 ]; then
+                rm -rf $tmpdir
                 error="Can't unpack $user_dir user dir container"
                 echo "$error" |$SENDMAIL -s "$subj" $email $notify
                 sed -i "/ $user /d" $HESTIA/data/queue/backup.pipe
                 check_result "$E_PARSING" "$error"
             fi
 
+            chown "$user" "$tmpdir/user_dir"
             chown "$user" "$HOMEDIR/$user"
+            chown "$user" "$HOMEDIR/$user/$user_dir"
             $BIN/v-extract-fs-archive "$user" "$tmpdir/user_dir/$user_dir.tar.gz" "$HOMEDIR/$user"
             cmdstatus="$?"
             chown root:root "$HOMEDIR/$user"
             if [ "$cmdstatus" -ne 0 ]; then
+                rm -rf $tmpdir
                 error="Can't unpack $user_dir user dir container"
                 echo "$error" |$SENDMAIL -s "$subj" $email $notify
                 sed -i "/ $user /d" $HESTIA/data/queue/backup.pipe

bin/v-unsuspend-web-domain

@@ -71,7 +71,7 @@ fi
 
 # Rebuilding backend configuration
 if [ ! -z "$WEB_BACKEND" ]; then
-    prepare_web_backend
+    prepare_web_backend "$BACKEND"
     delete_web_backend
     template=$(get_object_value 'web' 'DOMAIN' "$domain" '$BACKEND')
     $BIN/v-add-web-domain-backend $user $domain $template $restart

bin/v-update-host-certificate

@@ -81,6 +81,9 @@ if [ ! -z "$MAIL_SYSTEM" ]; then
     # Restart exim (and dovecot if applicable)
     $BIN/v-restart-mail
 fi
+if [ "$FTP_SYSTEM" = "vsftpd" ]; then
+    $BIN/v-restart-ftp
+fi
 $BIN/v-restart-service hestia
 
 #----------------------------------------------------------#

bin/v-update-sys-hestia-git

@@ -374,12 +374,18 @@ fi
 #################################################################################
 
 if [ "$install" = 'yes' ] || [ "$install" = 'y' ]; then
-    echo "Installing packages..."
-    for i in $DEB_DIR/*.deb; do
-        # Install all available packages
-        dpkg -i $i
-    done
-    unset $answer
-    # Remove temporary files
-    rm -rf $BUILD_DIR
+    echo "!!! Development builds should not be installed on systems with live production data without understanding the potential risks involved. !!!"
+    read -p 'Do you want to proceed the package installation? [y/n] ' answer
+    if [ "$answer" = 'y' ] || [ "$answer" = 'Y'  ]; then
+        echo "Installing packages..."
+        for i in $DEB_DIR/*.deb; do
+            # Install all available packages
+            dpkg -i $i
+        done
+        unset $answer
+        # Remove temporary files
+        rm -rf $BUILD_DIR
+    else
+        check_result 1 "Package installation cancelled..."
+    fi
 fi

func/db.sh

@@ -322,7 +322,7 @@ delete_pgsql_database() {
     psql_connect $HOST
 
     query="REVOKE ALL PRIVILEGES ON DATABASE $database FROM $DBUSER"
-    psql_qyery "$query" > /dev/null
+    psql_query "$query" > /dev/null
 
     query="DROP DATABASE $database"
     psql_query "$query" > /dev/null

func/domain.sh

@@ -84,14 +84,17 @@ is_web_alias_new() {
 
 # Prepare web backend
 prepare_web_backend() {
+    # Accept first function argument as backend template otherwise fallback to $template global variable
+    local backend_template=${1:-$template}
+
     pool=$(find -L /etc/php/ -name "$domain.conf" -exec dirname {} \;)
     # Check if multiple-PHP installed
     regex="socket-(\d+)_(\d+)"
-    if [[ $template =~ ^PHP-([0-9])\_([0-9])$ ]]; then
+    if [[ $backend_template =~ ^PHP-([0-9])\_([0-9])$ ]]; then
         backend_version="${BASH_REMATCH[1]}.${BASH_REMATCH[2]}"
         pool=$(find -L /etc/php/$backend_version -type d \( -name "pool.d" -o -name "*fpm.d" \))
     else
-        backend_version=$(php -r "echo (float)phpversion();")
+        backend_version=$(multiphp_default_version)
         if [ -z "$pool" ] || [ -z "$BACKEND" ]; then 
             pool=$(find -L /etc/php/$backend_version -type d \( -name "pool.d" -o -name "*fpm.d" \))
         fi
@@ -160,7 +163,7 @@ prepare_web_domain_values() {
     fi
 
     if [ ! -z "$WEB_BACKEND" ]; then
-        prepare_web_backend
+        prepare_web_backend "$BACKEND"
     fi
 
     server_alias=''
@@ -463,6 +466,10 @@ update_domain_zone() {
             VALUE=$(idn --quiet -a -t "$VALUE")
         fi
 
+        if [ "$TYPE" = 'TXT' ] && [[ ${VALUE:0:1} != '"' ]]; then
+            VALUE=$(echo $VALUE | fold -w 255 | xargs -I '$' echo -n '"$"')
+        fi
+
         if [ "$SUSPENDED" != 'yes' ]; then
             eval echo -e "\"$fields\""|sed "s/%quote%/'/g" >> $zn_conf
         fi

func/main.sh

@@ -1072,15 +1072,33 @@ multiphp_count() {
 }
 
 multiphp_versions() {
+    local -a php_versions_list;
+    local php_ver;
     if [ "$(multiphp_count)" -gt 0 ] ; then
-        for php_ver in $(ls /etc/php/); do
+        for php_ver in $(ls -v /etc/php/); do
             [ ! -d "/etc/php/$php_ver/fpm/pool.d/" ] && continue
-            echo -n "$php_ver "
+            php_versions_list+=($php_ver)
         done
-        echo -en '\n'
+        echo "${php_versions_list[@]}"
     fi
 }
 
+multiphp_default_version() {
+    # Get system wide default php version (set by update-alternatives)
+    local sys_phpversion=$(php -r "echo (float)phpversion();")
+
+    # Check if the system php also has php-fpm enabled, otherwise return
+    # the most recent php version which does have it installed.
+    if [ ! -d "/etc/php/$sys_phpversion/fpm/pool.d/" ]; then
+        local all_versions="$(multiphp_versions)"
+        if [ ! -z "$all_versions" ]; then
+            sys_phpversion="${all_versions##*\ }";
+        fi
+    fi
+
+    echo "$sys_phpversion"
+}
+
 # Run arbitrary cli commands with dropped privileges
 # Note: setpriv --init-groups is not available on debian9 (util-linux 2.29.2)
 # Input:

func/rebuild.sh

@@ -50,10 +50,25 @@ rebuild_user_conf() {
     if [ -e "$HOMEDIR/$user/conf" ]; then
         chattr -i $HOMEDIR/$user/conf > /dev/null 2>&1
     fi
-    mkdir -p $HOMEDIR/$user/conf
+
+    # Create default writeable folders
+    mkdir -p \
+        $HOMEDIR/$user/conf \
+        $HOMEDIR/$user/.config \
+        $HOMEDIR/$user/.cache \
+        $HOMEDIR/$user/.local \
+        $HOMEDIR/$user/.composer \
+        $HOMEDIR/$user/.ssh
+
     chmod a+x $HOMEDIR/$user
     chmod a+x $HOMEDIR/$user/conf
-    chown $user:$user $HOMEDIR/$user
+    chown $user:$user \
+        $HOMEDIR/$user \
+        $HOMEDIR/$user/.config \
+        $HOMEDIR/$user/.cache \
+        $HOMEDIR/$user/.local \
+        $HOMEDIR/$user/.composer \
+        $HOMEDIR/$user/.ssh
     chown root:root $HOMEDIR/$user/conf
 
     $BIN/v-add-user-sftp-jail "$user"
@@ -511,7 +526,7 @@ rebuild_mail_domain_conf() {
 
         # Adding mail directiry
         if [ ! -e $HOMEDIR/$user/mail/$domain_idn ]; then
-            $BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/mail/$domain_idn"
+            mkdir "$HOMEDIR/$user/mail/$domain_idn"
         fi
 
         # Adding catchall email

install/deb/dovecot/conf.d/20-imap.conf

@@ -14,6 +14,7 @@ protocol imap {
 
   # Space separated list of plugins to load (default is global mail_plugins).
   #mail_plugins = $mail_plugins
+  mail_plugins = quota imap_quota
 
   # IMAP logout format string:
   #  %i - total number of bytes read from client

install/deb/dovecot/conf.d/20-pop3.conf

@@ -78,6 +78,7 @@ protocol pop3 {
 
   # Space separated list of plugins to load (default is global mail_plugins).
   #mail_plugins = $mail_plugins
+  mail_plugins = quota
 
   # Workarounds for various client bugs:
   #   outlook-no-nuls:

install/deb/dovecot/conf.d/90-quota.conf

@@ -0,0 +1,84 @@
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+# Quota limits are set using "quota_rule" parameters. To get per-user quota
+# limits, you can set/override them by returning "quota_rule" extra field
+# from userdb. It's also possible to give mailbox-specific limits, for example
+# to give additional 100 MB when saving to Trash:
+
+plugin {
+  #quota_rule = *:storage=1G
+  #quota_rule2 = Trash:storage=+100M
+
+  # LDA/LMTP allows saving the last mail to bring user from under quota to
+  # over quota, if the quota doesn't grow too high. Default is to allow as
+  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
+  #quota_grace = 10%%
+
+  # Quota plugin can also limit the maximum accepted mail size.
+  #quota_max_mail_size = 100M
+}
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is excecuted, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+  #quota_warning = storage=95%% quota-warning 95 %u
+  #quota_warning2 = storage=80%% quota-warning 80 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+#service quota-warning {
+#  executable = script /usr/local/bin/quota-warning.sh
+#  user = dovecot
+#  unix_listener quota-warning {
+#    user = vmail
+#  }
+#}
+
+##
+## Quota backends
+##
+
+# Multiple backends are supported:
+#   dirsize: Find and sum all the files found from mail directory.
+#            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
+#   dict: Keep quota stored in dictionary (eg. SQL)
+#   maildir: Maildir++ quota
+#   fs: Read-only support for filesystem quota
+
+plugin {
+  #quota = dirsize:User quota
+  quota = maildir:User quota
+  #quota = dict:User quota::proxy::quota
+  #quota = fs:User quota
+}
+
+# Multiple quota roots are also possible, for example this gives each user
+# their own 100MB quota and one shared 1GB quota within the domain:
+plugin {
+  #quota = dict:user::proxy::quota
+  #quota2 = dict:domain:%d:proxy::quota_domain
+  #quota_rule = *:storage=102400
+  #quota2_rule = *:storage=1048576
+}
+

install/deb/logrotate/apache2

@@ -5,7 +5,7 @@
     notifempty
     compress
     delaycompress
-    create 640 root adm
+    create 640
     sharedscripts
     postrotate
         /etc/init.d/apache2 reload > /dev/null || true
@@ -16,4 +16,4 @@
         run-parts /etc/logrotate.d/httpd-prerotate; \
         fi; \
         endscript
-}
+}

install/deb/logrotate/nginx

@@ -5,9 +5,9 @@
     notifempty
     compress
     delaycompress
-    create 640 nginx adm
+    create 640
     sharedscripts
     postrotate
         [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
         endscript
-}
+}

install/deb/multiphp/apache2/PHP-56.stpl

@@ -24,17 +24,9 @@
     SSLCertificateFile %ssl_crt%
     SSLCertificateKeyFile %ssl_key%
     %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-56.tpl

@@ -21,17 +21,9 @@
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
     </Directory>
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-70.stpl

@@ -24,17 +24,9 @@
     SSLCertificateFile %ssl_crt%
     SSLCertificateKeyFile %ssl_key%
     %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.0-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.0-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-70.tpl

@@ -21,17 +21,9 @@
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
     </Directory>
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.0-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.0-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-71.stpl

@@ -24,17 +24,9 @@
     SSLCertificateFile %ssl_crt%
     SSLCertificateKeyFile %ssl_key%
     %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.1-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.1-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-71.tpl

@@ -21,17 +21,9 @@
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
     </Directory>
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.1-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.1-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-72.stpl

@@ -24,17 +24,9 @@
     SSLCertificateFile %ssl_crt%
     SSLCertificateKeyFile %ssl_key%
     %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.2-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.2-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-72.tpl

@@ -21,17 +21,9 @@
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
     </Directory>
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.2-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.2-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-73.stpl

@@ -24,17 +24,9 @@
     SSLCertificateFile %ssl_crt%
     SSLCertificateKeyFile %ssl_key%
     %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.3-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.3-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-73.tpl

@@ -21,17 +21,9 @@
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
     </Directory>
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.3-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.3-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-74.stpl

@@ -24,17 +24,9 @@
     SSLCertificateFile %ssl_crt%
     SSLCertificateKeyFile %ssl_key%
     %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/multiphp/apache2/PHP-74.tpl

@@ -21,17 +21,9 @@
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
     </Directory>
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost/"
+        SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/nginx/nginx.conf

@@ -106,7 +106,7 @@ http {
     ssl_session_cache   shared:SSL:20m;
     ssl_session_timeout 60m;
     ssl_buffer_size     1400;
-    ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_protocols       TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
     ssl_dhparam         /etc/ssl/dhparam.pem;

install/deb/php-fpm/multiphp.tpl

@@ -17,7 +17,7 @@ pm.status_path = /status
 
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
-php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
+php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/var/log/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
 php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f admin@%domain%
 
 env[PATH] = /usr/local/bin:/usr/bin:/bin

install/deb/templates/web/apache2/default.stpl

@@ -33,7 +33,7 @@
         RUidGid %user% %group%
         RGroups www-data
     </IfModule>
-    <IfModule itk.c>
+    <IfModule mpm_itk.c>
         AssignUserID %user% %group%
     </IfModule>
 

install/deb/templates/web/apache2/default.tpl

@@ -30,7 +30,7 @@
         RUidGid %user% %group%
         RGroups www-data
     </IfModule>
-    <IfModule itk.c>
+    <IfModule mpm_itk.c>
         AssignUserID %user% %group%
     </IfModule>
 

install/deb/templates/web/apache2/hosting.stpl

@@ -39,7 +39,7 @@
         RUidGid %user% %group%
         RGroups www-data
     </IfModule>
-    <IfModule itk.c>
+    <IfModule mpm_itk.c>
         AssignUserID %user% %group%
     </IfModule>
 

install/deb/templates/web/apache2/hosting.tpl

@@ -36,7 +36,7 @@
         RUidGid %user% %group%
         RGroups www-data
     </IfModule>
-    <IfModule itk.c>
+    <IfModule mpm_itk.c>
         AssignUserID %user% %group%
     </IfModule>
 

install/deb/templates/web/apache2/php-fpm/default.stpl

@@ -24,17 +24,9 @@
     SSLCertificateFile %ssl_crt%
     SSLCertificateKeyFile %ssl_key%
     %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:%backend_lsnr%|fcgi://localhost/"
+        SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/templates/web/apache2/php-fpm/default.tpl

@@ -21,17 +21,9 @@
         AllowOverride All
         Options +Includes -Indexes +ExecCGI
     </Directory>
-#    <IfModule mod_ruid2.c>
-#        RMode config
-#        RUidGid %user% %group%
-#        RGroups www-data
-#    </IfModule>
-#    <IfModule itk.c>
-#        AssignUserID %user% %group%
-#    </IfModule>
 
     <FilesMatch \.php$>
-        SetHandler "proxy:%backend_lsnr%|fcgi://localhost/"
+        SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
     </FilesMatch>
     SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
 

install/deb/templates/web/php-fpm/default.tpl

@@ -17,7 +17,7 @@ pm.status_path = /status
 
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
-php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
+php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/var/log/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
 php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f admin@%domain%
 
 env[HOSTNAME] = $HOSTNAME

install/deb/templates/web/php-fpm/no-php.tpl

@@ -17,7 +17,7 @@
 
 ;php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 ;php_admin_value[session.save_path] = /home/%user%/tmp
-;php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
+;php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/var/log/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
 ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f admin@%domain%
 
 ;env[HOSTNAME] = $HOSTNAME

install/deb/templates/web/php-fpm/socket.tpl

@@ -17,7 +17,7 @@ pm.status_path = /status
 
 php_admin_value[upload_tmp_dir] = /home/%user%/tmp
 php_admin_value[session.save_path] = /home/%user%/tmp
-php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
+php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/var/log/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
 php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f admin@%domain%
 
 env[HOSTNAME] = $HOSTNAME

install/hst-install-debian.sh

@@ -22,7 +22,7 @@ codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
 HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 
 # Define software versions
-pma_v='4.9.3'
+pma_v='4.9.4'
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4")
 fpm_v="7.3"
 
@@ -43,9 +43,9 @@ elif [ "$release" -eq 9 ]; then
     software="nginx apache2 apache2-utils apache2-suexec-custom
         libapache2-mod-ruid2 libapache2-mod-fcgid libapache2-mod-php$fpm_v 
         php$fpm_v php$fpm_v-common php$fpm_v-cgi php$fpm_v-mysql php$fpm_v-curl
-        php$fpm_v-pgsql php$fpm_v-imagick php$fpm_v-imap php$fpm_v-ldap php$fpm_v-apcu awstats
-        php$fpm_v-zip php$fpm_v-bz2 php$fpm_v-cli php$fpm_v-gd
-        php$fpm_v-intl php$fpm_v-json php$fpm_v-mbstring
+        php$fpm_v-pgsql php$fpm_v-imagick php$fpm_v-imap php$fpm_v-ldap
+        php$fpm_v-apcu awstats php$fpm_v-zip php$fpm_v-bz2 php$fpm_v-cli
+        php$fpm_v-gd php$fpm_v-intl php$fpm_v-json php$fpm_v-mbstring
         php$fpm_v-opcache php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml
         vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon
         spamassassin dovecot-imapd dovecot-pop3d roundcube-core net-tools
@@ -57,16 +57,20 @@ elif [ "$release" -eq 9 ]; then
         unrar-free vim-common acl sysstat rsyslog setpriv"
 elif [ "$release" -eq 10 ]; then
     software="nginx apache2 apache2-utils apache2-suexec-custom
-        apache2-suexec-pristine libapache2-mod-fcgid libapache2-mod-php php
-        php-common php-cgi php-mysql php-curl php-pgsql php-imap php-ldap php-apcu
-        php-imagick awstats vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy 
-        clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core net-tools
-        roundcube-mysql roundcube-plugins mariadb-client mariadb-common
+        apache2-suexec-pristine libapache2-mod-fcgid libapache2-mpm-itk 
+        libapache2-mod-php$fpm_v php$fpm_v php$fpm_v-common php$fpm_v-cgi
+        php$fpm_v-mysql php$fpm_v-curl php$fpm_v-pgsql php$fpm_v-imagick 
+        php$fpm_v-imap php$fpm_v-ldap php$fpm_v-apcu awstats php$fpm_v-zip
+        php$fpm_v-bz2 php$fpm_v-cli php$fpm_v-gd php$fpm_v-intl php$fpm_v-json
+        php$fpm_v-mbstring php$fpm_v-opcache php$fpm_v-pspell php$fpm_v-readline
+        php$fpm_v-xml awstats vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy 
+        clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core
+        net-tools roundcube-mysql roundcube-plugins mariadb-client mariadb-common
         mariadb-server postgresql postgresql-contrib phpmyadmin phppgadmin mc
-        flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota
-        e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils
-        bsdmainutils cron hestia hestia-nginx hestia-php expect libmail-dkim-perl
-        unrar-free vim-common acl sysstat rsyslog util-linux"
+        flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs
+        bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron
+        hestia hestia-nginx hestia-php expect libmail-dkim-perl unrar-free
+        vim-common acl sysstat rsyslog util-linux"
 fi
 
 # Defining help function
@@ -453,7 +457,7 @@ fi
 if [ "$apache" = 'yes' ] && [ "$nginx"  = 'yes' ] ; then
     echo '   - Apache Web Server (as backend)'
 fi
-if [ "$phpfpm"  = 'yes' ]; then
+if [ "$phpfpm"  = 'yes' ] && [ "$multiphp" = 'no' ]; then
     echo '   - PHP-FPM Application Server'
 fi
 if [ "$multiphp"  = 'yes' ]; then
@@ -757,6 +761,7 @@ if [ "$apache" = 'no' ]; then
     software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//")
     software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//")
     software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//")
+    software=$(echo "$software" | sed -e "s/libapache2-mpm-itk//")
 fi
 if [ "$vsftpd" = 'no' ]; then
     software=$(echo "$software" | sed -e "s/vsftpd//")
@@ -810,6 +815,7 @@ if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then
 fi
 if [ "$phpfpm" = 'yes' ]; then
     software=$(echo "$software" | sed -e "s/php$fpm_v-cgi//")
+    software=$(echo "$software" | sed -e "s/libapache2-mpm-itk//")
 fi
 if [ -d "$withdebs" ]; then
     software=$(echo "$software" | sed -e "s/hestia-nginx//")
@@ -1153,7 +1159,11 @@ if [ "$apache" = 'yes' ]; then
     a2enmod suexec > /dev/null 2>&1
     a2enmod ssl > /dev/null 2>&1
     a2enmod actions > /dev/null 2>&1
-    a2enmod ruid2 > /dev/null 2>&1
+    if [ "$release" -eq 10 ]; then
+        a2enmod mpm_itk > /dev/null 2>&1
+    else
+        a2enmod ruid2 > /dev/null 2>&1
+    fi
     mkdir -p /etc/apache2/conf.d
     mkdir -p /etc/apache2/conf.d/domains
     echo "# Powered by hestia" > /etc/apache2/sites-available/default
@@ -1183,18 +1193,19 @@ if [ "$multiphp" = 'yes' ] ; then
     for v in "${multiphp_v[@]}"; do
         cp -r /etc/php/$v/ /root/hst_install_backups/php$v/
         rm -f /etc/php/$v/fpm/pool.d/*
-
-        $HESTIA/bin/v-add-web-php "$v"
+        echo "(*) Install PHP version $v..."
+        $HESTIA/bin/v-add-web-php "$v" > /dev/null 2>&1
     done
 fi
 
 if [ "$phpfpm" = 'yes' ]; then
     echo "(*) Configuring PHP-FPM..."
-    $HESTIA/bin/v-add-web-php "$fpm_v"
+    $HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1
     cp -f $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
     update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1
     systemctl start php$fpm_v-fpm >> $LOG
     check_result $? "php-fpm start failed"
+    update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1
 fi
 
 
@@ -1823,11 +1834,11 @@ $HESTIA/bin/v-add-user-notification admin 'Welcome!' 'For more information on ho
 echo "(!) IMPORTANT: You must logout or restart the server before continuing."
 echo ""
 if [ "$interactive" = 'yes' ]; then
-    echo -n " Do you want to logout now? [Y/N] "
-    read resetshell
+    echo -n " Do you want to reboot now? [Y/N] "
+    read reboot
 
-    if [ "$resetshell" = "Y" ] || [ "$resetshell" = "y" ]; then
-        exit
+    if [ "$reboot" = "Y" ] || [ "$reboot" = "y" ]; then
+        reboot
     fi
 fi
 

install/hst-install-ubuntu.sh

@@ -22,7 +22,7 @@ codename="$(lsb_release -s -c)"
 HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 
 # Define software versions
-pma_v='4.9.3'
+pma_v='4.9.4'
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4")
 fpm_v="7.3"
 
@@ -420,7 +420,7 @@ fi
 if [ "$apache" = 'yes' ] && [ "$nginx"  = 'yes' ] ; then
     echo '   - Apache Web Server (as backend)'
 fi
-if [ "$phpfpm"  = 'yes' ]; then
+if [ "$phpfpm"  = 'yes' ] && [ "$multiphp" = 'no' ]; then
     echo '   - PHP-FPM Application Server'
 fi
 if [ "$multiphp"  = 'yes' ]; then
@@ -789,6 +789,10 @@ if [ -d "$withdebs" ]; then
     software=$(echo "$software" | sed -e "s/hestia//")
 fi
 
+if [ "$release" = '16.04' ]; then
+    software=$(echo "$software" | sed -e "s/setpriv/util-linux/")
+fi
+
 #----------------------------------------------------------#
 #                 Disable Apparmor on LXC                  #
 #----------------------------------------------------------#
@@ -1160,18 +1164,19 @@ if [ "$multiphp" = 'yes' ] ; then
     for v in "${multiphp_v[@]}"; do
         cp -r /etc/php/$v/ /root/hst_install_backups/php$v/
         rm -f /etc/php/$v/fpm/pool.d/*
-
-        $HESTIA/bin/v-add-web-php "$v"
+        echo "(*) Install PHP version $v..."
+        $HESTIA/bin/v-add-web-php "$v" > /dev/null 2>&1
     done
 fi
 
 if [ "$phpfpm" = 'yes' ]; then
     echo "(*) Configuring PHP-FPM..."
-    $HESTIA/bin/v-add-web-php "$fpm_v"
+    $HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1
     cp -f $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
     update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1
     systemctl start php$fpm_v-fpm >> $LOG
     check_result $? "php-fpm start failed"
+    update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1
 fi
 
 
@@ -1760,11 +1765,11 @@ $HESTIA/bin/v-add-user-notification admin 'Welcome!' 'For more information on ho
 echo "(!) IMPORTANT: You must logout or restart the server before continuing."
 echo ""
 if [ "$interactive" = 'yes' ]; then
-    echo -n " Do you want to logout now? [Y/N] "
-    read resetshell
+    echo -n " Do you want to reboot now? [Y/N] "
+    read reboot
 
-    if [ "$resetshell" = "Y" ] || [ "$resetshell" = "y" ]; then
-        exit
+    if [ "$reboot" = "Y" ] || [ "$reboot" = "y" ]; then
+        reboot
     fi
 fi
 

install/upgrade/manual/migrate_apache.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+# info: enable multiphp 
+#
+# The function enables php-fpm backend for standalone apache2 setups
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+if [ ! -z "$WEB_BACKEND" ]; then
+    check_result $E_EXISTS "Web backend already enabled" >/dev/null
+fi
+
+if [ "$(multiphp_count)" -gt 1 ]; then
+    check_result $E_EXISTS "Multiphp allready enabled" >/dev/null
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+php_v="$(multiphp_default_version)"
+
+$BIN/v-add-web-php "$php_v"
+
+cp -f "${HESTIA_INSTALL_DIR}/php-fpm/www.conf" "/etc/php/${php_v}/fpm/pool.d/www.conf"
+systemctl start php${php_v}-fpm
+check_result $? "php${php_v}-fpm start failed"
+update-alternatives --set php /usr/bin/php${php_v}
+
+if [ ! -z "$WEB_SYSTEM" ]; then
+    cp -rf "${HESTIA_INSTALL_DIR}/templates/web/$WEB_SYSTEM" "${WEBTPL}/"
+fi
+
+sed -i "/^WEB_BACKEND=/d" $HESTIA/conf/hestia.conf
+echo "WEB_BACKEND='php-fpm'" >> $HESTIA/conf/hestia.conf
+
+for user in $($BIN/v-list-sys-users plain); do
+
+    # Define user data and get suspended status
+    USER_DATA=$HESTIA/data/users/$user
+    SUSPENDED=$(get_user_value '$SUSPENDED')
+
+    # Check if user is suspended
+    if [ "$SUSPENDED" = "yes" ]; then
+        suspended="yes"
+        $BIN/v-unsuspend-user $user
+    fi
+
+    for domain in $($BIN/v-list-web-domains $user plain |cut -f1); do
+        SUSPENDED_WEB=$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')
+        # Check if web domain is suspended
+        if [ "$SUSPENDED_WEB" = "yes" ]; then
+            suspended_web="yes"
+            $BIN/v-unsuspend-web-domain $user $domain
+        fi
+
+        echo "Processing domain: $domain"
+        $BIN/v-change-web-domain-backend-tpl "$user" "$domain" "PHP-${php_v/\./_}" "no"
+        $BIN/v-change-web-domain-tpl "$user" "$domain" "default" "no"
+
+        # Suspend domain again, if it was suspended
+        if [ "$suspended_web" = "yes" ]; then
+            unset suspended_web
+            $BIN/v-suspend-web-domain $user $domain
+        fi
+    done
+
+    # Suspend user again, if he was suspended
+    if [ "$suspended" = "yes" ]; then
+        unset suspended
+        $BIN/v-suspend-user $user
+    fi
+done
+
+$BIN/v-update-web-templates "yes"
+
+# Restarting backend
+$BIN/v-restart-web-backend "yes"
+check_result $? "Backend restart" >/dev/null 2>&1
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "Enabled multiphp $version" '' 'admin'
+log_event "$OK" "$ARGUMENTS"
+
+exit

install/upgrade/manual/migrate-190718-multiphp.sh → install/upgrade/manual/migrate_multiphp.sh

@@ -48,8 +48,23 @@ if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
 
     # Migrate domains
     for user in $($BIN/v-list-sys-users plain); do
+        # Define user data and get suspended status
+        USER_DATA=$HESTIA/data/users/$user
+        SUSPENDED=$(get_user_value '$SUSPENDED')
+
+        # Check if user is suspended
+        if [ "$SUSPENDED" = "yes" ]; then
+            suspended="yes"
+            $BIN/v-unsuspend-user $user
+        fi
         echo "Migrating legacy multiphp domains for user: $user"
         for domain in $($BIN/v-list-web-domains $user plain |cut -f1); do
+            SUSPENDED_WEB=$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')
+            # Check if web domain is suspended
+            if [ "$SUSPENDED_WEB" = "yes" ]; then
+                suspended_web="yes"
+                $BIN/v-unsuspend-web-domain $user $domain
+            fi
             echo "Processing domain: $domain"
             web_tpl="default"
             backend_tpl="$DEFAULT_BTPL"
@@ -65,7 +80,7 @@ if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
                 backend_tpl="PHP-7_2"
             elif [ "$domain_tpl" = "PHP-73" ] || [ "$domain_tpl" = "default" ] || [ -z "$domain_tpl" ]; then
                 backend_tpl="PHP-7_3"
-            elif [ "$domain_tpl" = "PHP-74"]; then
+            elif [ "$domain_tpl" = "PHP-74" ]; then
                 backend_tpl="PHP-7_4"
             else
                 # Custom domain template used
@@ -106,7 +121,19 @@ if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
             $BIN/v-change-web-domain-tpl "$user" "$domain" "$web_tpl" "no"
             $BIN/v-change-web-domain-backend-tpl "$user" "$domain" "$backend_tpl" "no"
             echo -e "--done--\n"
+
+            # Suspend domain again, if it was suspended
+            if [ "$suspended_web" = "yes" ]; then
+                unset suspended_web
+                $BIN/v-suspend-web-domain $user $domain
+            fi
         done
+
+        # Suspend user again, if he was suspended
+        if [ "$suspended" = "yes" ]; then
+            unset suspended
+            $BIN/v-suspend-user $user
+        fi
     done
 
     # cleanup legacy multiphp templates

install/upgrade/manual/upgrade_mariadb.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# This script validates and upgrades the MariaDB version to 10.4
+
+# Set MariaDB Target Version
+mariadb_v='10.4'
+
+# Load OS informations
+source /etc/os-release
+
+# Detect installed mariadb version
+IFS=' ' read -r -a mysql_v <<< $(mysqld -V)
+mysql_v=$(echo "${mysql_v[2]}" | cut -c1-4)
+
+if [ "$mysql_v" = "$mariadb_v" ]; then
+    echo "Version is already up to date, cancelling."
+    exit 0
+fi
+
+# Detect operating system and load codename
+if [ "$ID" = "ubuntu" ]; then
+    codename="$(lsb_release -s -c)"
+elif [ "$ID" = "debian" ]; then
+    codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
+else
+    echo "Can't detect the os version, cancelling."
+    exit 1
+fi
+
+# Installing MariaDB repo
+echo "Add new MariaDB repository..."
+apt="/etc/apt/sources.list.d/"
+if [ "$id" = "ubuntu" ]; then
+    echo "deb [arch=amd64] http://ams2.mirrors.digitalocean.com/mariadb/repo/$mariadb_v/$ID $codename main" > $apt/mariadb.list
+    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8 > /dev/null 2>&1
+else
+    echo "deb [arch=amd64] http://ams2.mirrors.digitalocean.com/mariadb/repo/$mariadb_v/$ID $codename main" > $apt/mariadb.list
+    if [ "$id" -eq "jessie" ]; then
+        APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com CBCB082A1BB943DB > /dev/null 2>&1
+    else
+        APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com F1656F24C74CD1D8 > /dev/null 2>&1
+    fi
+fi
+
+# Update repository
+echo "Update apt repository..."
+apt update -qq  > /dev/null 2>&1
+
+# Stop and uninstall mysql server
+echo "Stop and remove old MariaDB server..."
+systemctl stop mysql > /dev/null 2>&1
+apt remove -qq mariadb-server -y  > /dev/null 2>&1
+
+# Install new version and run upgrader
+echo "Installing new MariaDB Server, start and run upgrade..."
+apt install -qq mariadb-server -y  > /dev/null 2>&1
+systemctl start mysql > /dev/null 2>&1
+mysql_upgrade

install/upgrade/versions/latest.sh

@@ -58,10 +58,18 @@ fi
 
 # Use exim4 server hostname instead of mail domain and remove hardcoded mail prefix
 if [ ! -z "$MAIL_SYSTEM" ]; then
+    echo "(*) Updating exim configuration..."
     if cat /etc/exim4/exim4.conf.template | grep -q 'helo_data = mail.${sender_address_domain}'; then
-        echo "(*) Updating exim configuration..."
         sed -i 's/helo_data = mail.${sender_address_domain}/helo_data = ${primary_hostname}/g' /etc/exim4/exim4.conf.template
     fi
+    if ! grep -q '^OUTGOING_IP = /' /etc/exim4/exim4.conf.template; then
+        sed -i '/^OUTGOING_IP/d' /etc/exim4/exim4.conf.template
+        sed -i 's|^begin acl|OUTGOING_IP = /etc/exim4/domains/$sender_address_domain/ip\nbegin acl|' /etc/exim4/exim4.conf.template
+    fi
+    if ! grep -q 'interface =' /etc/exim4/exim4.conf.template; then
+        sed -i '/interface =/d' /etc/exim4/exim4.conf.template
+        sed -i 's|dkim_strict = 0|dkim_strict = 0\n  interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}|' /etc/exim4/exim4.conf.template
+    fi
 fi
 
 # Members of admin group should be permitted to enter admin folder
@@ -71,8 +79,8 @@ fi
 
 # Fix sftp jail cronjob
 if [ -e "/etc/cron.d/hestia-sftp" ]; then
-    if ! cat /etc/cron.d/hestia-sftp | grep -q 'admin'; then
-        echo "@reboot admin /usr/local/hestia/bin/v-add-sys-sftp-jail" > /etc/cron.d/hestia-sftp
+    if ! cat /etc/cron.d/hestia-sftp | grep -q 'root'; then
+        echo "@reboot root /usr/local/hestia/bin/v-add-sys-sftp-jail" > /etc/cron.d/hestia-sftp
     fi
 fi
 
@@ -80,12 +88,14 @@ fi
 echo "(*) Updating default writable folders for all users..."
 for user in $($HESTIA/bin/v-list-sys-users plain); do
     mkdir -p \
+        $HOMEDIR/$user/.cache \
         $HOMEDIR/$user/.config \
         $HOMEDIR/$user/.local \
         $HOMEDIR/$user/.composer \
         $HOMEDIR/$user/.ssh
 
     chown $user:$user \
+        $HOMEDIR/$user/.cache \
         $HOMEDIR/$user/.config \
         $HOMEDIR/$user/.local \
         $HOMEDIR/$user/.composer \
@@ -150,3 +160,56 @@ if [ -e "/etc/mysql/my.cnf" ]; then
         sed -i '/symbolic-links\=0/a\local-infile=0' /etc/mysql/my.cnf
     fi
 fi
+
+# Hardening nginx configuration, drop TLSv1.1 support.
+if [ -e "/etc/nginx/nginx.conf" ]; then
+    nginx_tls_check=$(grep TLSv1.1 /etc/nginx/nginx.conf)
+    if [ ! -z "$nginx_tls_check" ]; then
+        echo "(*) Hardening nginx configuration, drop TLSv1.1 support..."
+        sed -i 's/TLSv1.1 //g' /etc/nginx/nginx.conf
+    fi
+fi
+
+# Fix logrotate permission bug for nginx
+if [ -e "/etc/logrotate/nginx" ]; then
+    sed -i "s/create 640 nginx adm/create 640/g" /etc/logrotate.d/nginx
+fi
+
+# Fix logrotate permission bug for apache
+if [ -e "/etc/logrotate/apache2" ]; then
+    sed -i "s/create 640 root adm/create 640/g" /etc/logrotate.d/apache2
+fi
+
+# Repair messed up user log permissions from the logrotate bug. Ignoring errors
+for user in $($HESTIA/bin/v-list-users plain | cut -f1); do
+    for domain in $($HESTIA/bin/v-list-web-domains $user plain | cut -f1); do
+        chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* > /dev/null 2>&1
+        for sub_domain in $($HESTIA/bin/v-list-web-domain $user $domain plain | cut -f7 | tr ',' '\n'); do
+            chown root:$user /var/log/$WEB_SYSTEM/domains/$sub_domain.* > /dev/null 2>&1
+        done
+    done
+done
+
+chown root:root /var/log/$WEB_SYSTEM/domains/$WEBMAIL_ALIAS* > /dev/null 2>&1
+
+# Enable IMAP/POP3 quota information
+if [ -z "$IMAP_SYSTEM" ]; then
+    echo "(*) Enabling IMAP quota information reporting ..."
+    if [ -e /etc/dovecot/conf.d/20-pop3.conf ]; then
+        cp -f $HESTIA/install/deb/dovecot/conf.d/20-pop3.conf /etc/dovecot/conf.d/20-pop3.conf
+    fi
+    if [ -e /etc/dovecot/conf.d/20-imap.conf ]; then
+        cp -f $HESTIA/install/deb/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf
+    fi
+    if [ -e /etc/dovecot/conf.d/90-quota.conf ]; then
+        cp -f $HESTIA/install/deb/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf
+    fi
+fi
+
+# Trigger multiphp legacy migration script
+num_php_versions=$(ls -d /etc/php/*/fpm/pool.d 2>/dev/null |wc -l)
+if [ "$num_php_versions" -gt 1 ] && [ -z "$WEB_BACKEND" ]; then
+    echo "(*) Migrate to new multiphp backend system..."
+    cp -rf $HESTIA/data/templates/web $HESTIA_BACKUP/templates/web
+    bash $HESTIA/install/upgrade/manual/migrate_multiphp.sh > /dev/null 2>&1
+fi

src/deb/hestia/postinst

@@ -19,7 +19,7 @@ upgrade_refresh_config
 new_version=$(dpkg -l | awk '$2=="hestia" { print $3 }')
 
 # phpMyAdmin
-pma_v='4.9.3'
+pma_v='4.9.4'
 
 ###############################################################
 #               Begin standard upgrade routines               #
@@ -29,7 +29,6 @@ pma_v='4.9.3'
 upgrade_init_backup
 
 # Set up console display and welcome message
-clear
 upgrade_welcome_message
 
 # Execute version-specific upgrade scripts

src/deb/nginx/control

@@ -1,7 +1,7 @@
 Source: hestia-nginx
 Package: hestia-nginx
 Priority: optional
-Version: 1.17.7
+Version: 1.17.8
 Section: admin
 Maintainer: HestiaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

src/deb/nginx/nginx.conf

@@ -79,7 +79,7 @@ http {
     ssl_session_cache   shared:SSL:10m;
     ssl_session_timeout 60m;
     ssl_buffer_size     1400;
-    ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_protocols       TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
     ssl_dhparam         /etc/ssl/dhparam.pem;

src/deb/php/control

@@ -1,7 +1,7 @@
 Source: hestia-php
 Package: hestia-php
 Priority: optional
-Version: 7.4.1
+Version: 7.4.2
 Section: admin
 Maintainer: HestaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

web/add/webapp/index.php

@@ -31,12 +31,12 @@ if(!in_array($v_domain, $user_domains)) {
 }
 
 $v_web_apps = [
-    [ 'name'=>'Wordpress', 'group'=>'cms', 'enabled'=>true, 'version'=>'5.2.4', 'thumbnail'=>'/images/webapps/wp-thumb.png' ],
+    [ 'name'=>'Wordpress', 'group'=>'cms', 'enabled'=>true, 'version'=>'5.3.2', 'thumbnail'=>'/images/webapps/wp-thumb.png' ],
     [ 'name'=>'Drupal',    'group'=>'cms', 'enabled'=>false,'version'=>'latest', 'thumbnail'=>'/images/webapps/drupal-thumb.png' ],
     [ 'name'=>'Joomla',    'group'=>'cms', 'enabled'=>false,'version'=>'latest', 'thumbnail'=>'/images/webapps/joomla-thumb.png' ],
 
     [ 'name'=>'Opencart',   'group'=>'ecommerce', 'enabled'=>true,  'version'=>'3.0.3.2', 'thumbnail'=>'/images/webapps/opencart-thumb.png' ],
-    [ 'name'=>'Prestashop', 'group'=>'ecommerce', 'enabled'=>true, 'version'=>'1.7.6.1', 'thumbnail'=>'/images/webapps/prestashop-thumb.png' ],
+    [ 'name'=>'Prestashop', 'group'=>'ecommerce', 'enabled'=>true, 'version'=>'1.7.6.3', 'thumbnail'=>'/images/webapps/prestashop-thumb.png' ],
     [ 'name'=>'Magento',    'group'=>'ecommerce', 'enabled'=>false, 'version'=>'latest', 'thumbnail'=>'/images/webapps/magento-thumb.png' ],
 
     [ 'name'=>'Laravel', 'group'=>'starter', 'enabled'=>true, 'version'=>'6.x', 'thumbnail'=>'/images/webapps/laravel-thumb.png' ],

web/edit/server/index.php

@@ -63,6 +63,8 @@ $v_php_versions = array_map(function($php_version) use ($backend_templates, $bac
         "tpl" => strtoupper(str_replace('.', '_', $php_version)),
         "version" => str_ireplace('php-', '', $php_version),
         "usedby" => [],
+        "installed" => false,
+        "protected" => false,
     ];
 
     if(in_array($phpinfo->tpl, $backend_templates)) {
@@ -173,7 +175,7 @@ if (!empty($_POST['save'])) {
 
     // Install/remove php versions
     if (empty($_SESSION['error_msg'])) {
-        if(!empty($v_php_versions) && count($_POST['v_php_versions'] != count($v_php_versions))) {
+        if(!empty($v_php_versions)) {
             $post_php = $_POST['v_php_versions'];
 
             array_map(function($php_version) use ($post_php) {

web/inc/i18n/en.php

@@ -767,8 +767,7 @@ $LANG['en'] = array(
     'Theme' => 'Appearance',
 
     'Operating System' => 'Operating System',
-    'Please wait while php is installed or removed' => 'Adding or removing PHP versions will take roughly 1 minute for every version which will be modified. Please wait until the process is finished and do not refresh the page.',
-    'Avoid adding web domains on admin account' => 'Due to the increased access rights, we strongly advise against using the admin account for direct hosting of web domains.
-    Always use a separate unprivileged user account instead.',
+    'Please wait while php is installed or removed' => 'Adding or removing a version of PHP will take around 1 minute per version. Please wait until the process has completed and do not refresh the page.',
+    'Avoid adding web domains on admin account' => 'It is strongly advised to create a standard user account before adding web domains to the server due to the increased privileges the admin account possesses and potential security risks involved.',
     
 );

web/inc/main.php

@@ -4,7 +4,7 @@ session_start();
 
 define('HESTIA_CMD', '/usr/bin/sudo /usr/local/hestia/bin/');
 define('JS_LATEST_UPDATE', '1491697868');
-define('DEFAULT_PHP_VERSION', 'php-7.3');
+define('DEFAULT_PHP_VERSION', "php-" . exec('php -r "echo (float)phpversion();"'));
 
 $i = 0;
 

web/src/app/WebApp/InstallerInterface.php

@@ -6,4 +6,6 @@ namespace Hestia\WebApp;
 interface InstallerInterface
 {
     public function install(array $options = null);
+    public function getDocRoot(string $append_relative_path = null) : string;
+    public function withDatabase() : bool;
 }

web/src/app/WebApp/Installers/BaseSetup.php

@@ -70,6 +70,8 @@ abstract class BaseSetup implements InstallerInterface {
 
     public function install(array $options=null)
     {
+        $this->appcontext->runUser('v-delete-fs-file', [$this->getDocRoot('robots.txt')]);
+        $this->appcontext->runUser('v-delete-fs-file', [$this->getDocRoot('index.html')]);
         return $this->retrieveResources($options);
     }
 

web/src/app/WebApp/Installers/LaravelSetup.php

@@ -19,4 +19,20 @@ class LaravelSetup extends BaseSetup {
         ],
     ];
 
+    public function install(array $options=null) : bool
+    {
+        parent::install($options);
+        $result = null;
+
+        $htaccess_rewrite = '
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteRule ^(.*)$ public/$1 [L]
+</IfModule>';
+
+        $tmp_configpath = $this->saveTempFile($htaccess_rewrite);
+        $this->appcontext->runUser('v-move-fs-file',[$tmp_configpath, $this->getDocRoot(".htaccess")], $result);
+
+        return ($result->code === 0);
+    }
 }

web/src/app/WebApp/Installers/PrestashopSetup.php

@@ -16,7 +16,7 @@ class PrestashopSetup extends BaseSetup {
             ],
         'database' => true,
         'resources' => [
-            'archive'  => [ 'src' => 'https://github.com/PrestaShop/PrestaShop/releases/download/1.7.6.1/prestashop_1.7.6.1.zip' ],
+            'archive'  => [ 'src' => 'https://github.com/PrestaShop/PrestaShop/releases/download/1.7.6.3/prestashop_1.7.6.3.zip' ],
         ],
 
     ];

web/src/app/WebApp/Installers/SymfonySetup.php

@@ -19,4 +19,23 @@ class SymfonySetup extends BaseSetup {
         ],
     ];
 
+    public function install(array $options=null) : bool
+    {
+        parent::install($options);
+        $result = null;
+
+        $htaccess_rewrite = '
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteRule ^(.*)$ public/$1 [L]
+</IfModule>';
+
+        $this->appcontext->runComposer(["config",  "-d " . $this->getDocRoot(), "extra.symfony.allow-contrib", "true"], $result);
+        $this->appcontext->runComposer(["require", "-d " . $this->getDocRoot(), "symfony/apache-pack"], $result);
+
+        $tmp_configpath = $this->saveTempFile($htaccess_rewrite);
+        $this->appcontext->runUser('v-move-fs-file',[$tmp_configpath, $this->getDocRoot(".htaccess")], $result);
+
+        return ($result->code === 0);
+    }
 }

web/src/app/WebApp/Installers/WordpressSetup.php

@@ -21,7 +21,7 @@ class WordpressSetup extends BaseSetup {
             ],
         'database' => true,
         'resources' => [
-            'archive'  => [ 'src' => 'https://wordpress.org/wordpress-5.2.4.tar.gz' ],
+            'archive'  => [ 'src' => 'https://wordpress.org/wordpress-5.3.2.tar.gz' ],
         ],
         
     ];
@@ -51,7 +51,7 @@ class WordpressSetup extends BaseSetup {
             throw new \Exception("Error installing config file in: " . $tmp_configpath . " to:" . $this->getDocRoot("wp-config.php") . $result->text );
         }
 
-        exec("/usr/bin/curl --post301 --insecure --resolve ".$this->domain.":80:".$this->appcontext->getWebDomainIp($this->domain)." " 
+        exec("/usr/bin/curl --location --post301 --insecure --resolve ".$this->domain.":80:".$this->appcontext->getWebDomainIp($this->domain)." "
             . escapeshellarg("http://".$this->domain."/wp-admin/install.php?step=2")
             . " -d " . escapeshellarg(
                 "weblog_title=" . rawurlencode($options['site_name'])

web/templates/admin/edit_mail.html

@@ -98,7 +98,7 @@
                                             <td class="input-label vst-text">
                                                 <span class="alert alert-info alert-with-icon">
                                                     <i class="fas fa-exclamation"></i>
-                                                    <?=__("Let's Encrypt for mail needs a dns record for mail.$v_domain and $v_webmail_alias.$v_domain!")?><br/>
+                                                    <?=__("Let's Encrypt for mail needs a dns record for mail.$v_domain and $v_webmail_alias!")?><br/>
                                                 </span>
                                                 <label><input type="checkbox" size="20" class="vst-checkbox" name="v_letsencrypt" <?php if($v_letsencrypt == 'yes' || $v_letencrypt == 'on') echo "checked=yes" ?> onclick="App.Actions.MAIL.toggle_letsencrypt(this)"> <?php print __('Lets Encrypt Support');?></label>
                                             </td>

web/templates/admin/list_packages.html

@@ -51,7 +51,7 @@
                 <div class="clearfix l-unit__stat-col--left text-center super-compact"><b><i class="fas fa-mail-bulk" title="<?php print __('Mail Domains');?>"></i></b></div>
                 <div class="clearfix l-unit__stat-col--left text-center super-compact"><b><i class="fas fa-inbox" title="<?php print __('Mail Accounts');?>"></i></b></div>
                 <div class="clearfix l-unit__stat-col--left text-center super-compact"><b><i class="fas fa-database" title="<?php print __('Databases');?>"></i></b></div>
-                <div class="clearfix l-unit__stat-col--left text-center super-compact"><b><i class="fas fa-clock" title="<?php print __('Backups');?>"></i></b></div>
+                <div class="clearfix l-unit__stat-col--left text-center super-compact"><b><i class="fas fa-clock" title="<?php print __('Cron Jobs');?>"></i></b></div>
            </div>
         </div>