Merge pull request #1523 from hestiacp/staging/features

Staging/features

bin/v-add-web-domain-fast-cgi-cache

@@ -0,0 +1,110 @@
+#!/bin/bash
+# info: Adding fast cgi nginx support
+# options: USER DOMAIN [DEBUG]
+# labels: hestia web
+#
+# example: v-add-web-domain-fast-cgi-cache user domain.tld
+#
+# Function enables fast cgi support for Nginx
+# Add "yes" as last parameter append debug information to response headers
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+debug=$3
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN DEBUG'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Check if web server is NGINX standalone
+if [ "$WEB_SYSTEM" != 'nginx' ]; then
+    echo "Error: NGINX not in Stand Alone mode"
+    exit $E_NOTEXIST
+fi
+
+
+if ! grep --quiet "forcessl" $HESTIA/data/templates/web/nginx/default.tpl; then
+    $BIN/v-update-web-templates
+fi
+fastcgi="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.fastcgi_cache.conf"
+no_cache='$no_cache'
+cookie_session='$cookie_session'
+http_x_update='$http_x_update'
+status='$upstream_cache_status'
+
+cat << EOF > $fastcgi
+    fastcgi_cache $domain;
+    fastcgi_no_cache $no_cache;
+    fastcgi_cache_bypass $no_cache;
+    fastcgi_cache_bypass $cookie_session $http_x_update;
+EOF
+
+if [ ! -z "$debug" ]; then
+    echo "    add_header \"X-STATUS\" \"$status\";" >> $fastcgi
+fi
+
+chown root:$user $fastcgi
+chmod 640 $fastcgi
+
+str="fastcgi_cache_path /var/cache/nginx/php-fpm/$domain levels=2" 
+str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" 
+conf='/etc/nginx/conf.d/01_fast_cgi_caching_pool.conf'
+if [ -e "$conf" ]; then
+    if [ -z "$(grep "=${domain}:" $conf)" ]; then
+        echo "$str" >> $conf
+    fi
+else
+    echo "$str" >> $conf
+fi
+
+mkdir -p /var/cache/nginx/php-fpm/$domain
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+if [ -z "$FASTCGI" ]; then
+    add_object_key "web" 'DOMAIN' "$domain" 'FASTCGI_CACHE' 'ALIAS'
+fi
+
+# Set FASTCGI flag to enabled
+update_object_value 'web' 'DOMAIN' "$domain" '$FASTCGI_CACHE' 'yes'
+
+# Restart web server
+$BIN/v-restart-web
+check_result $? "Web restart failed" > /dev/null
+
+# Logging
+log_history "enabled fast cgi support for $domain"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-add-web-domain-ssl-preset

@@ -0,0 +1,38 @@
+#!/bin/bash
+# info: Delete auth log file for user
+#
+# The function for deleting a users auth log file
+
+# Argument definition
+user=$1
+date=$(date "+%F %T")
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'USER'
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -f $USER_DATA/auth.log ]; then
+    touch  $USER_DATA/auth.log
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+rm $USER_DATA/auth.log
+
+log_history "Authentication log for $user was cleared on $date."
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-web-domain-fast-cgi-cache

@@ -0,0 +1,77 @@
+#!/bin/bash
+# info: remove fast cgi nginx support
+# options: USER DOMAIN [RESTART]
+# labels: hestia web
+#
+# example: v-delete-web-domain-fast-cgi-cache user domain.tld
+#
+# The function removes fast cgi cache.
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+is_object_valid 'web' 'DOMAIN' "$domain" "$FASTCGI_CACHE"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Remove fast cgi configs
+if [ -f $HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.fastcgi_cache.conf ]; then
+    rm -f $HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.fastcgi_cache.conf
+fi
+
+# Delete cache folder on disabling
+if [ -d /var/cache/nginx/php-fpm/$domain ]; then
+    rm -f /var/cache/nginx/php-fpm/$domain
+fi
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+if [ -z "$FASTCGI_CACHE" ]; then
+    add_object_key "web" 'DOMAIN' "$domain" 'FASTCGI_CACHE' 'ALIAS'
+fi
+
+# Set FASTCGI flag to disabled
+update_object_value 'web' 'DOMAIN' "$domain" '$FASTCGI_CACHE' ''
+
+# Restart services if requested
+if [ ! -z "$restart" ]; then
+    $BIN/v-restart-web
+    check_result $? "Web restart failed" >/dev/null
+fi
+
+# Logging
+log_history "disabled fast cgi support for $domain"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-list-sys-config

@@ -1,7 +1,7 @@
 #!/bin/bash
 # info: list system configuration
 # options: [FORMAT]
-# labels: 
+# labels:
 #
 # example: v-list-sys-config json
 #
@@ -61,6 +61,7 @@ json_list() {
         "DB_PMA_ALIAS": "'$DB_PMA_ALIAS'",
         "DB_PGA_ALIAS": "'$DB_PGA_ALIAS'",
         "LOGIN_STYLE": "'$LOGIN_STYLE'",
+        "INACTIVE_SESSION_TIMEOUT": "'$INACTIVE_SESSION_TIMEOUT'",
         "SOFTACULOUS": "'$SOFTACULOUS'"
     }
 }'

bin/v-list-user-auth-log

@@ -0,0 +1,118 @@
+#!/bin/bash
+# info: list user log
+# options: USER [FORMAT]
+#
+# The function of obtaining the list of 10 last users commands.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+format=${2-shell}
+
+# Includes
+source $HESTIA/func/main.sh
+
+# JSON list function
+json_list() {
+    IFS=$'\n'
+    i=1
+    objects=$(echo "$logs" |wc -l)
+    echo "{"
+    for str in $logs; do
+        IP=$(echo "$str" |cut -f 2 -d \')
+        FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
+        DATE=$(echo "$str" |cut -f 6 -d \')
+        TIME=$(echo "$str" |cut -f 8 -d \')
+        ACTIVE=$(echo "$str" |cut -f 10 -d \')
+        echo -n '    "'$i'": {
+            "IP": "'$IP'",
+            "FINGERPRINT": "'$FINGERPRINT'",
+            "TIME": "'$TIME'",
+            "DATE": "'$DATE'",
+            "ACTIVE": "'$ACTIVE'"
+        }'
+        if [ "$i" -lt "$objects" ]; then
+            echo ','
+        else
+            echo
+        fi
+        ((i++))
+        done
+    echo '}'
+}
+
+shell_list() {
+    IFS=$'\n'
+    echo "DATE~TIME~IP~FINGERPRINT~ACTIVE"
+    echo "----~----~--~-----------~------"
+    for str in $logs; do
+        IP=$(echo "$str" |cut -f 2 -d \')
+        FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
+        DATE=$(echo "$str" |cut -f 6 -d \')
+        TIME=$(echo "$str" |cut -f 8 -d \')
+        ACTIVE=$(echo "$str" |cut -f 10 -d \')
+        echo "$DATE~$TIME~$IP~$FINGERPRINT~$ACTIVE"
+    done
+}
+
+# PLAIN list function
+plain_list() {
+    IFS=$'\n'
+    for str in $logs; do
+        IP=$(echo "$str" |cut -f 2 -d \')
+        FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
+        DATE=$(echo "$str" |cut -f 6 -d \')
+        TIME=$(echo "$str" |cut -f 8 -d \')
+        ACTIVE=$(echo "$str" |cut -f 10 -d \')
+        echo -e "$DATE\t$TIME\t$IP\t$FINGERPRINT\t$ACTIVE"
+    done
+}
+
+# CSV list function
+csv_list() {
+    IFS=$'\n'
+    echo "ID,CMD,UNDO,TIME,DATE"
+    for str in $logs; do
+        IP=$(echo "$str" |cut -f 2 -d \')
+        FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
+        DATE=$(echo "$str" |cut -f 6 -d \')
+        TIME=$(echo "$str" |cut -f 8 -d \')
+        ACTIVE=$(echo "$str" |cut -f 10 -d \')
+        echo "$DATE,$TIME,$IP,$FINGERPRINT,$ACTIVE"
+
+    done
+}
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'USER [FORMAT]'
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Parsing history log
+logs=$(tail -n 10 $USER_DATA/auth.log 2>/dev/null)
+
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list |column -t -s '~';;
+esac
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+exit

bin/v-list-web-domain

@@ -44,6 +44,7 @@ json_list() {
         "BACKEND": "'$BACKEND'",
         "PROXY": "'$PROXY'",
         "PROXY_EXT": "'$PROXY_EXT'",
+        "FASTCGI_CACHE": "'$FASTCGI_CACHE'",
         "CUSTOM_DOCROOT": "'$CUSTOM_DOCROOT'",
         "SUSPENDED": "'$SUSPENDED'",
         "TIME": "'$TIME'",

bin/v-log-user-login

@@ -0,0 +1,45 @@
+#!/bin/bash
+# info: add user login
+# options: USER IP [FINGERPRINT]
+
+# Argument definition
+user=$1
+ip=$2
+fingerprint=${3}
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER IP [FINGERPRINT]'
+is_format_valid 'user' 'ip'
+is_object_valid 'user' 'USER' "$user"
+
+browser=$(echo $browser | sed -e "s/\'//g");
+
+# Generating timestamp
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+if [ ! -f $USER_DATA/auth.log ]; then
+    touch  $USER_DATA/auth.log
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="active='no'" '$2 == finger {$5=active}1' $USER_DATA/auth.log   
+
+echo "IP='$ip' FINGERPRINT='$fingerprint' DATE='$date' TIME='$time' active='yes'" >> $USER_DATA/auth.log
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+exit

bin/v-log-user-logout

@@ -0,0 +1,35 @@
+#!/bin/bash
+# info: Log User logout event
+# options: USER FINGERPRINT
+
+# Argument definition
+user=$1
+fingerprint=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER FINGERPRINT'
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -f $USER_DATA/auth.log ]; then
+    touch  $USER_DATA/auth.log
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="active='no'" '$2 == finger {$5=active}1' $USER_DATA/auth.log 
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+exit

bin/v-purge-web-domain-nginx-cache

@@ -0,0 +1,67 @@
+#!/bin/bash
+# info: Empty nginx cache
+# options: USER DOMAIN MODE
+# labels: hestia web
+#
+# example: v-purge-web-domain-nginx-cache user domain.tld proxy
+#
+# The function clears Nginx cache.
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+is_object_valid 'web' 'DOMAIN' "$domain" "$FASTCGI_CACHE"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Empty Fast CGI Cache 
+if [ -d /var/cache/nginx/php-fpm/$domain ]; then
+    rm -fr /var/cache/nginx/php-fpm/$domain/*
+fi
+# Empty Proxy Cache
+if [ -d /var/cache/nginx/$domain ]; then
+    rm -fr /var/cache/nginx/$domain/*
+fi
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Restart services if requested
+if [ ! -z "$restart" ]; then
+    $BIN/v-restart-web
+    check_result $? "Web restart failed" >/dev/null
+fi
+
+# Logging
+log_history "purged nginx cache for $domain"
+log_event "$OK" "$ARGUMENTS"
+
+exit

func/upgrade.sh

@@ -126,6 +126,13 @@ upgrade_health_check() {
         echo "[ ! ] Adding missing variable to hestia.conf: LOGIN_STYLE ('default')"
         $BIN/v-change-sys-config-value "LOGIN_STYLE" "default"
     fi
+
+    # Inactive session timeout
+    if [ -z "$INACTIVE_SESSION_TIMEOUT" ]; then
+        echo "[ ! ] Adding missing variable to hestia.conf: INACTIVE_SESSION_TIMEOUT ('60')"
+        $BIN/v-change-sys-config-value "INACTIVE_SESSION_TIMEOUT" "60"
+    fi
+    
     
     echo "[ * ] Health check complete. Starting upgrade from $VERSION to $new_version..."
     echo "============================================================================="

install/deb/nginx/nginx.conf

@@ -131,6 +131,14 @@ http {
     proxy_cache_use_stale error timeout invalid_header http_502;
     proxy_cache_valid any 1d;
 
+    # FastCGI Cache settings
+    fastcgi_cache_path /var/cache/nginx/php-fpm levels=2 keys_zone=fcgi_cache:10m inactive=60m max_size=1024m;
+    fastcgi_cache_key "$host$request_uri $cookie_user";
+    fastcgi_temp_path  /var/cache/nginx/temp;
+    fastcgi_ignore_headers Expires Cache-Control;
+    fastcgi_cache_use_stale error timeout invalid_header;
+    fastcgi_cache_valid any 1d;
+
     # Cache bypass
     map $http_cookie $no_cache {
         default 0;

install/deb/templates/web/nginx/caching.stpl

@@ -17,7 +17,7 @@ server {
     location / {
         proxy_pass      https://%ip%:%web_ssl_port%;
 
-        proxy_cache cache;
+        proxy_cache %domain%;
         proxy_cache_valid 15m;
         proxy_cache_valid 404 1m;
         proxy_no_cache $no_cache;

install/deb/templates/web/nginx/caching.tpl

@@ -12,7 +12,7 @@ server {
     location / {
         proxy_pass      http://%ip%:%web_port%;
 
-        proxy_cache cache;
+        proxy_cache %domain%;
         proxy_cache_valid 15m;
         proxy_cache_valid 404 1m;
         proxy_no_cache $no_cache;

install/deb/templates/web/nginx/php-fpm/cms_made_simple.stpl

@@ -35,6 +35,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         }
     }

install/deb/templates/web/nginx/php-fpm/cms_made_simple.tpl

@@ -30,6 +30,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         }
     }

install/deb/templates/web/nginx/php-fpm/codeigniter2.stpl

@@ -35,8 +35,9 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/codeigniter2.tpl

@@ -30,8 +30,9 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/codeigniter3.stpl

@@ -36,6 +36,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/codeigniter3.tpl

@@ -31,6 +31,8 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/datalife_engine.stpl

@@ -107,6 +107,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/datalife_engine.tpl

@@ -102,6 +102,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/default.stpl

@@ -35,6 +35,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/default.tpl

@@ -30,6 +30,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;     
         }
     }
 

install/deb/templates/web/nginx/php-fpm/dokuwiki.stpl

@@ -38,6 +38,7 @@ server {
             fastcgi_index   index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/dokuwiki.tpl

@@ -33,6 +33,7 @@ server {
             fastcgi_index   index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/drupal-composer.stpl

@@ -60,7 +60,8 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include /etc/nginx/fastcgi_params;
+            include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal-composer.tpl

@@ -56,7 +56,8 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include /etc/nginx/fastcgi_params;
+            include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal-social.stpl

@@ -60,7 +60,8 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include /etc/nginx/fastcgi_params;
+            include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal-social.tpl

@@ -56,7 +56,8 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include /etc/nginx/fastcgi_params;
+            include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal6.stpl

@@ -74,7 +74,8 @@ server {
         fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_pass %backend_lsnr%;             
-        include /etc/nginx/fastcgi_params;
+        include         /etc/nginx/fastcgi_params;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
     }
 
     location /error/ {

install/deb/templates/web/nginx/php-fpm/drupal6.tpl

@@ -69,7 +69,8 @@ server {
         fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_pass %backend_lsnr%;             
-        include /etc/nginx/fastcgi_params;
+        include         /etc/nginx/fastcgi_params;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
     }
 
     location /error/ {

install/deb/templates/web/nginx/php-fpm/drupal7.stpl

@@ -75,7 +75,8 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include /etc/nginx/fastcgi_params;
+            include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal7.tpl

@@ -70,7 +70,8 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
-            include /etc/nginx/fastcgi_params;
+            include         /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal8.stpl

@@ -76,6 +76,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal8.tpl

@@ -72,6 +72,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/joomla.stpl

@@ -42,7 +42,8 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/joomla.tpl

@@ -37,7 +37,8 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/laravel.stpl

@@ -34,7 +34,8 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/laravel.tpl

@@ -28,7 +28,8 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/magento.stpl

@@ -33,7 +33,8 @@ server {
             fastcgi_pass   %backend_lsnr%;
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-            include        /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/setup/(?!pub/). {
@@ -55,7 +56,8 @@ server {
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             fastcgi_param  PATH_INFO        $fastcgi_path_info;
-            include        /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         # Deny everything but index.php
@@ -164,7 +166,8 @@ server {
 
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-        include        /etc/nginx/fastcgi_params;
+        include /etc/nginx/fastcgi_params;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
     }
 
     gzip on;

install/deb/templates/web/nginx/php-fpm/magento.tpl

@@ -28,7 +28,8 @@ server {
             fastcgi_pass   %backend_lsnr%;
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-            include        /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/setup/(?!pub/). {
@@ -50,7 +51,8 @@ server {
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             fastcgi_param  PATH_INFO        $fastcgi_path_info;
-            include        /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         # Deny everything but index.php
@@ -159,7 +161,8 @@ server {
 
         fastcgi_index  index.php;
         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-        include        /etc/nginx/fastcgi_params;
+        include /etc/nginx/fastcgi_params;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
     }
 
     gzip on;

install/deb/templates/web/nginx/php-fpm/modx.stpl

@@ -51,6 +51,7 @@ server {
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $request_filename;
         include /etc/nginx/fastcgi_params;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
     }
 
     location /error/ {

install/deb/templates/web/nginx/php-fpm/modx.tpl

@@ -45,6 +45,7 @@ server {
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $request_filename;
         include /etc/nginx/fastcgi_params;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
     }
 
     location /error/ {

install/deb/templates/web/nginx/php-fpm/moodle.stpl

@@ -69,7 +69,8 @@ server {
             fastcgi_param SCRIPT_FILENAME $request_filename;
 	    fastcgi_param PHP_VALUE open_basedir="/home/%user%/web/%domain%/private/moodledata:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/phppgadmin:/etc/roundcube:/var/lib/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt";
             fastcgi_intercept_errors on;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/moodle.tpl

@@ -65,7 +65,8 @@ server {
             fastcgi_param SCRIPT_FILENAME $request_filename;
 	    fastcgi_param PHP_VALUE open_basedir="/home/%user%/web/%domain%/private/moodledata:/home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/phppgadmin:/etc/roundcube:/var/lib/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt";
             fastcgi_intercept_errors on;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/opencart.stpl

@@ -34,7 +34,8 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/opencart.tpl

@@ -28,7 +28,8 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/owncloud.stpl

@@ -58,6 +58,8 @@ server {
             fastcgi_param PATH_INFO $fastcgi_path_info;
             #fastcgi_param HTTPS on;
             fastcgi_pass    %backend_lsnr%;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/owncloud.tpl

@@ -53,6 +53,8 @@ server {
             fastcgi_param PATH_INFO $fastcgi_path_info;
             #fastcgi_param HTTPS on;
             fastcgi_pass    %backend_lsnr%;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/piwik.stpl

@@ -42,7 +42,8 @@ server {
             }
 
             fastcgi_pass    %backend_lsnr%;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/piwik.tpl

@@ -37,7 +37,8 @@ server {
             }
 
             fastcgi_pass    %backend_lsnr%;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/prestashop.stpl

@@ -120,6 +120,7 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/prestashop.tpl

@@ -115,6 +115,7 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/pyrocms.stpl

@@ -40,7 +40,8 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/pyrocms.tpl

@@ -35,7 +35,8 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/sendy.stpl

@@ -53,6 +53,7 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location /l/ {

install/deb/templates/web/nginx/php-fpm/sendy.tpl

@@ -49,6 +49,7 @@ server {
             fastcgi_pass %backend_lsnr%;
             fastcgi_index index.php;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location /l/ {

install/deb/templates/web/nginx/php-fpm/thunder.stpl

@@ -61,6 +61,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/thunder.tpl

@@ -57,6 +57,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/wordpress.stpl

@@ -51,7 +51,8 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/wordpress.tpl

@@ -46,7 +46,8 @@ server {
 
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
+            include /etc/nginx/fastcgi_params;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
         }
     }
 

install/hst-install-debian.sh

@@ -1089,6 +1089,9 @@ echo "LANGUAGE='$lang'" >> $HESTIA/conf/hestia.conf
 # Login in screen
 echo "LOGIN_STYLE='default'" >> $HESTIA/conf/hestia.conf
 
+# Inactive session timeout
+echo "INACTIVE_SESSION_TIMEOUT='60'" >> $HESTIA/conf/hestia.conf
+
 # Version & Release Branch
 echo "VERSION='${HESTIA_INSTALL_VER}'" >> $HESTIA/conf/hestia.conf
 echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf
@@ -1687,7 +1690,6 @@ if [ "$mysql" = 'yes' ]; then
     source $HESTIA_INSTALL_DIR/phpmyadmin/pma.sh > /dev/null 2>&1
 fi
 
-
 #----------------------------------------------------------#
 #                   Configure Admin User                   #
 #----------------------------------------------------------#

install/hst-install-ubuntu.sh

@@ -1140,6 +1140,9 @@ echo "LANGUAGE='$lang'" >> $HESTIA/conf/hestia.conf
 # Login in screen
 echo "LOGIN_STYLE='default'" >> $HESTIA/conf/hestia.conf
 
+# Inactive session timeout
+echo "INACTIVE_SESSION_TIMEOUT='60'" >> $HESTIA/conf/hestia.conf
+
 # Version & Release Branch
 echo "VERSION='${HESTIA_INSTALL_VER}'" >> $HESTIA/conf/hestia.conf
 echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf
@@ -1722,7 +1725,6 @@ else
     echo "API='no'" >> $HESTIA/conf/hestia.conf
 fi
 
-
 #----------------------------------------------------------#
 #                      Fix phpmyadmin                      #
 #----------------------------------------------------------#

install/rhel/bind/named.conf

@@ -0,0 +1,3 @@
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";
+include "/etc/named.conf.options";

install/rhel/bind/named.conf.options

@@ -0,0 +1,24 @@
+options {
+        directory "/var/named";
+         // If there is a firewall between you and nameservers you want
+        // to talk to, you may need to fix the firewall to allow multiple
+        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+         // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+         // forwarders {
+        //      0.0.0.0;
+        // };
+         //========================================================================
+        // If BIND logs error messages about the root key being expired,
+        // you will need to update your keys.  See https://www.isc.org/bind-keys
+        //========================================================================
+        dnssec-validation auto;
+        auth-nxdomain no;
+        allow-recursion { 127.0.0.1; ::1; };
+        allow-transfer {"none";};
+        hostname none;
+        server-id none;
+        version none;
+};

install/rhel/clamav/clamd.conf

@@ -0,0 +1,60 @@
+#Automatically Generated by clamav-base postinst
+#To reconfigure clamd run #dpkg-reconfigure clamav-base
+#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
+LocalSocket /var/run/clamav/clamd.ctl
+FixStaleSocket true
+LocalSocketGroup clamav
+LocalSocketMode 666
+# TemporaryDirectory is not set to its default /tmp here to make overriding
+# the default with environment variables TMPDIR/TMP/TEMP possible
+User clamav
+# AllowSupplementaryGroups true
+ScanMail true
+ScanArchive true
+ArchiveBlockEncrypted false
+MaxDirectoryRecursion 15
+FollowDirectorySymlinks false
+FollowFileSymlinks false
+ReadTimeout 180
+MaxThreads 12
+MaxConnectionQueueLength 15
+LogSyslog false
+LogFacility LOG_LOCAL6
+LogClean false
+LogVerbose true
+PidFile /var/run/clamav/clamd.pid
+DatabaseDirectory /var/lib/clamav
+SelfCheck 3600
+Foreground false
+Debug false
+ScanPE true
+ScanOLE2 true
+ScanHTML true
+ExitOnOOM false
+LeaveTemporaryFiles false
+AlgorithmicDetection true
+ScanELF true
+IdleTimeout 30
+PhishingSignatures true
+PhishingScanURLs true
+PhishingAlwaysBlockSSLMismatch false
+PhishingAlwaysBlockCloak false
+DetectPUA false
+ScanPartialMessages false
+HeuristicScanPrecedence false
+StructuredDataDetection false
+CommandReadTimeout 5
+SendBufTimeout 200
+MaxQueue 100
+ExtendedDetectionInfo true
+OLE2BlockMacros false
+StreamMaxLength 25M
+LogFile /var/log/clamav/clamav.log
+LogTime true
+LogFileUnlock false
+LogFileMaxSize 0
+Bytecode true
+BytecodeSecurity TrustSigned
+BytecodeTimeout 60000
+OfficialDatabaseOnly false
+CrossFilesystems true

install/rhel/clamav/clamd.service

@@ -0,0 +1,14 @@
+[Unit]
+Description = clamd scanner (%i) daemon
+After = syslog.target nss-lookup.target network.target
+
+[Service]
+Type = simple
+ExecStartPre = /usr/bin/mkdir -p /var/run/clamav
+ExecStartPre = /usr/bin/chown -R clamav:clamav /var/run/clamav
+ExecStart = /usr/sbin/clamd -c /etc/clamd.conf
+Restart = on-failure
+PrivateTmp = true
+
+[Install]
+WantedBy=multi-user.target

install/rhel/clamav/freshclam.conf

@@ -0,0 +1,210 @@
+##
+## Example config file for freshclam
+## Please read the freshclam.conf(5) manual before editing this file.
+##
+
+
+# Comment or remove the line below.
+#Example
+
+# Path to the database directory.
+# WARNING: It must match clamd.conf's directive!
+# Default: hardcoded (depends on installation options)
+#DatabaseDirectory /var/lib/clamav
+
+# Path to the log file (make sure it has proper permissions)
+# Default: disabled
+#UpdateLogFile /var/log/freshclam.log
+
+# Maximum size of the log file.
+# Value of 0 disables the limit.
+# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
+# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
+# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
+# log rotation (the LogRotate option) will always be enabled.
+# Default: 1M
+#LogFileMaxSize 2M
+
+# Log time with each message.
+# Default: no
+#LogTime yes
+
+# Enable verbose logging.
+# Default: no
+#LogVerbose yes
+
+# Use system logger (can work together with UpdateLogFile).
+# Default: no
+#LogSyslog yes
+
+# Specify the type of syslog messages - please refer to 'man syslog'
+# for facility names.
+# Default: LOG_LOCAL6
+#LogFacility LOG_MAIL
+
+# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
+# Default: no
+#LogRotate yes
+
+# This option allows you to save the process identifier of the daemon
+# Default: disabled
+#PidFile /var/run/freshclam.pid
+
+# By default when started freshclam drops privileges and switches to the
+# "clamav" user. This directive allows you to change the database owner.
+# Default: clamav (may depend on installation options)
+DatabaseOwner clamav
+
+# Use DNS to verify virus database version. Freshclam uses DNS TXT records
+# to verify database and software versions. With this directive you can change
+# the database verification domain.
+# WARNING: Do not touch it unless you're configuring freshclam to use your
+# own database verification domain.
+# Default: current.cvd.clamav.net
+#DNSDatabaseInfo current.cvd.clamav.net
+
+# database.clamav.net is now the primary domain name to be used world-wide.
+# Now that CloudFlare is being used as our Content Delivery Network (CDN),
+# this one domain name works world-wide to direct freshclam to the closest
+# geographic endpoint.
+# If the old db.XY.clamav.net domains are set, freshclam will automatically
+# use database.clamav.net instead.
+DatabaseMirror database.clamav.net
+
+# How many attempts to make before giving up.
+# Default: 3 (per mirror)
+#MaxAttempts 5
+
+# With this option you can control scripted updates. It's highly recommended
+# to keep it enabled.
+# Default: yes
+#ScriptedUpdates yes
+
+# By default freshclam will keep the local databases (.cld) uncompressed to
+# make their handling faster. With this option you can enable the compression;
+# the change will take effect with the next database update.
+# Default: no
+#CompressLocalDatabase no
+
+# With this option you can provide custom sources for database files.
+# This option can be used multiple times. Support for:
+#   http(s)://, ftp(s)://, or file://
+# Default: no custom URLs
+#DatabaseCustomURL http://myserver.example.com/mysigs.ndb
+#DatabaseCustomURL https://myserver.example.com/mysigs.ndb
+#DatabaseCustomURL https://myserver.example.com:4567/whitelist.wdb
+#DatabaseCustomURL ftp://myserver.example.com/example.ldb
+#DatabaseCustomURL ftps://myserver.example.com:4567/example.ndb
+#DatabaseCustomURL file:///mnt/nfs/local.hdb
+
+# This option allows you to easily point freshclam to private mirrors.
+# If PrivateMirror is set, freshclam does not attempt to use DNS
+# to determine whether its databases are out-of-date, instead it will
+# use the If-Modified-Since request or directly check the headers of the
+# remote database files. For each database, freshclam first attempts
+# to download the CLD file. If that fails, it tries to download the
+# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
+# and ScriptedUpdates. It can be used multiple times to provide
+# fall-back mirrors.
+# Default: disabled
+#PrivateMirror mirror1.example.com
+#PrivateMirror mirror2.example.com
+
+# Number of database checks per day.
+# Default: 12 (every two hours)
+#Checks 24
+
+# Proxy settings
+# The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind
+# of proxy is used.
+#   http://     HTTP Proxy. Default when no scheme or proxy type is specified.
+#   https://    HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS and NSS)
+#   socks4://   SOCKS4 Proxy.
+#   socks4a://  SOCKS4a Proxy. Proxy resolves URL hostname.
+#   socks5://   SOCKS5 Proxy.
+#   socks5h://  SOCKS5 Proxy. Proxy resolves URL hostname.
+# Default: disabled
+#HTTPProxyServer https://proxy.example.com
+#HTTPProxyPort 1234
+#HTTPProxyUsername myusername
+#HTTPProxyPassword mypass
+
+# If your servers are behind a firewall/proxy which applies User-Agent
+# filtering you can use this option to force the use of a different
+# User-Agent header.
+# Default: clamav/version_number
+#HTTPUserAgent SomeUserAgentIdString
+
+# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
+# multi-homed systems.
+# Default: Use OS'es default outgoing IP address.
+#LocalIPAddress aaa.bbb.ccc.ddd
+
+# Send the RELOAD command to clamd.
+# Default: no
+#NotifyClamd /path/to/clamd.conf
+
+# Run command after successful database update.
+# Default: disabled
+#OnUpdateExecute command
+
+# Run command when database update process fails.
+# Default: disabled
+#OnErrorExecute command
+
+# Run command when freshclam reports outdated version.
+# In the command string %v will be replaced by the new version number.
+# Default: disabled
+#OnOutdatedExecute command
+
+# Don't fork into background.
+# Default: no
+#Foreground yes
+
+# Enable debug messages in libclamav.
+# Default: no
+#Debug yes
+
+# Timeout in seconds when connecting to database server.
+# Default: 30
+#ConnectTimeout 60
+
+# Timeout in seconds when reading from database server.
+# Default: 0
+#ReceiveTimeout 1800
+
+# With this option enabled, freshclam will attempt to load new
+# databases into memory to make sure they are properly handled
+# by libclamav before replacing the old ones.
+# Default: yes
+#TestDatabases yes
+
+# This option enables support for Google Safe Browsing. When activated for
+# the first time, freshclam will download a new database file
+# (safebrowsing.cvd) which will be automatically loaded by clamd and
+# clamscan during the next reload, provided that the heuristic phishing
+# detection is turned on. This database includes information about websites
+# that may be phishing sites or possible sources of malware. When using this
+# option, it's mandatory to run freshclam at least every 30 minutes.
+# Freshclam uses the ClamAV's mirror infrastructure to distribute the
+# database and its updates but all the contents are provided under Google's
+# terms of use.
+# See https://transparencyreport.google.com/safe-browsing/overview
+# and https://www.clamav.net/documents/safebrowsing for more information.
+# Default: no
+#SafeBrowsing yes
+
+# This option enables downloading of bytecode.cvd, which includes additional
+# detection mechanisms and improvements to the ClamAV engine.
+# Default: yes
+#Bytecode no
+
+# Include an optional signature databases (opt-in).
+# This option can be used multiple times.
+#ExtraDatabase dbname1
+#ExtraDatabase dbname2
+
+# Exclude a standard signature database (opt-out).
+# This option can be used multiple times.
+#ExcludeDatabase dbname1
+#ExcludeDatabase dbname2

install/rhel/dovecot/conf.d/10-auth.conf

@@ -0,0 +1,5 @@
+disable_plaintext_auth = no
+auth_username_format = %u
+auth_verbose = yes
+auth_mechanisms = plain login
+!include auth-passwdfile.conf.ext

install/rhel/dovecot/conf.d/10-logging.conf

@@ -0,0 +1 @@
+log_path = /var/log/dovecot.log

install/rhel/dovecot/conf.d/10-mail.conf

@@ -0,0 +1,8 @@
+mail_privileged_group = mail
+mail_access_groups = mail
+mail_location = maildir:%h/mail/%d/%n
+pop3_uidl_format = %08Xu%08Xv
+
+mailbox_list_index = yes
+mailbox_idle_check_interval = 30 secs
+maildir_copy_with_hardlinks = yes

install/rhel/dovecot/conf.d/10-master.conf

@@ -0,0 +1,29 @@
+service imap-login {
+  inet_listener imap {
+  }
+  inet_listener imaps {
+  }
+}
+
+service pop3-login {
+  inet_listener pop3 {
+  }
+  inet_listener pop3s {
+  }
+}
+
+
+service imap {
+}
+
+service pop3 {
+}
+
+service auth {
+  unix_listener auth-client {
+    group = mail
+    mode = 0660
+    user = dovecot
+  }
+  user = dovecot
+}

install/rhel/dovecot/conf.d/10-ssl.conf

@@ -0,0 +1,13 @@
+ssl = yes
+#ssl_protocols = !SSLv3 !TLSv1
+ssl_prefer_server_ciphers = yes
+ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+
+ssl_cert = </usr/local/hestia/ssl/certificate.crt
+ssl_key = </usr/local/hestia/ssl/certificate.key
+
+# From and up to version 2.2
+#ssl_dh_parameters_length = 4096
+
+# From version 2.3
+#ssl_dh = </etc/ssl/dhparam.pem

install/rhel/dovecot/conf.d/15-mailboxes.conf

@@ -0,0 +1,76 @@
+##
+## Mailbox definitions
+##
+
+# Each mailbox is specified in a separate mailbox section. The section name
+# specifies the mailbox name. If it has spaces, you can put the name
+# "in quotes". These sections can contain the following mailbox settings:
+#
+# auto:
+#   Indicates whether the mailbox with this name is automatically created
+#   implicitly when it is first accessed. The user can also be automatically
+#   subscribed to the mailbox after creation. The following values are
+#   defined for this setting:
+#
+#     no        - Never created automatically.
+#     create    - Automatically created, but no automatic subscription.
+#     subscribe - Automatically created and subscribed.
+#
+# special_use:
+#   A space-separated list of SPECIAL-USE flags (RFC 6154) to use for the
+#   mailbox. There are no validity checks, so you could specify anything
+#   you want in here, but it's not a good idea to use flags other than the
+#   standard ones specified in the RFC:
+#
+#     \All      - This (virtual) mailbox presents all messages in the
+#                 user's message store.
+#     \Archive  - This mailbox is used to archive messages.
+#     \Drafts   - This mailbox is used to hold draft messages.
+#     \Flagged  - This (virtual) mailbox presents all messages in the
+#                 user's message store marked with the IMAP \Flagged flag.
+#     \Junk     - This mailbox is where messages deemed to be junk mail
+#                 are held.
+#     \Sent     - This mailbox is used to hold copies of messages that
+#                 have been sent.
+#     \Trash    - This mailbox is used to hold messages that have been
+#                 deleted.
+#
+# comment:
+#   Defines a default comment or note associated with the mailbox. This
+#   value is accessible through the IMAP METADATA mailbox entries
+#   "/shared/comment" and "/private/comment". Users with sufficient
+#   privileges can override the default value for entries with a custom
+#   value.
+
+# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
+namespace inbox {
+  inbox = yes
+  # These mailboxes are widely used and could perhaps be created automatically:
+  mailbox Drafts {
+    special_use = \Drafts
+  }
+  mailbox Junk {
+    special_use = \Junk
+  }
+  mailbox Trash {
+    special_use = \Trash
+  }
+
+  # For \Sent mailboxes there are two widely used names. We'll mark both of
+  # them as \Sent. User typically deletes one of them if duplicates are created.
+  mailbox Sent {
+    special_use = \Sent
+  }
+
+  # If you have a virtual "All messages" mailbox:
+  #mailbox virtual/All {
+  #  special_use = \All
+  #  comment = All my messages
+  #}
+
+  # If you have a virtual "Flagged" mailbox:
+  #mailbox virtual/Flagged {
+  #  special_use = \Flagged
+  #  comment = All my flagged messages
+  #}
+}

install/rhel/dovecot/conf.d/20-imap.conf

@@ -0,0 +1,59 @@
+##
+## IMAP specific settings
+##
+
+protocol imap {
+  # Maximum IMAP command line length. Some clients generate very long command
+  # lines with huge mailboxes, so you may need to raise this if you get
+  # "Too long argument" or "IMAP command line too large" errors often.
+  #imap_max_line_length = 64k
+
+  # Maximum number of IMAP connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+  mail_plugins = quota imap_quota
+
+  # IMAP logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #imap_logout_format = bytes=%i/%o
+
+  # Override the IMAP CAPABILITY response. If the value begins with '+',
+  # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+  #imap_capability = 
+
+  # How long to wait between "OK Still here" notifications when client is
+  # IDLEing.
+  #imap_idle_notify_interval = 2 mins
+
+  # ID field names and values to send to clients. Using * as the value makes
+  # Dovecot use the default value. The following fields have default values
+  # currently: name, version, os, os-version, support-url, support-email.
+  #imap_id_send = 
+
+  # ID fields sent by client to log. * means everything.
+  #imap_id_log =
+
+  # Workarounds for various client bugs:
+  #   delay-newmail:
+  #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
+  #     and CHECK commands. Some clients ignore them otherwise, for example OSX
+  #     Mail (<v2.1). Outlook Express breaks more badly though, without this it
+  #     may show user "Message no longer in server" errors. Note that OE6 still
+  #     breaks even with this workaround if synchronization is set to
+  #     "Headers Only".
+  #   tb-extra-mailbox-sep:
+  #     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+  #     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+  #     ignore the extra '/' instead of treating it as invalid mailbox name.
+  #   tb-lsub-flags:
+  #     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+  #     This makes Thunderbird realize they aren't selectable and show them
+  #     greyed out, instead of only later giving "not selectable" popup error.
+  #
+  # The list is space-separated.
+  #imap_client_workarounds = 
+}

install/rhel/dovecot/conf.d/20-pop3.conf

@@ -0,0 +1,92 @@
+##
+## POP3 specific settings
+##
+
+protocol pop3 {
+  # Don't try to set mails non-recent or seen with POP3 sessions. This is
+  # mostly intended to reduce disk I/O. With maildir it doesn't move files
+  # from new/ to cur/, with mbox it doesn't write Status-header.
+  #pop3_no_flag_updates = no
+
+  # Support LAST command which exists in old POP3 specs, but has been removed
+  # from new ones. Some clients still wish to use this though. Enabling this
+  # makes RSET command clear all \Seen flags from messages.
+  #pop3_enable_last = no
+
+  # If mail has X-UIDL header, use it as the mail's UIDL.
+  #pop3_reuse_xuidl = no
+
+  # Keep the mailbox locked for the entire POP3 session.
+  #pop3_lock_session = no
+
+  # POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
+  # Many POP3 servers violate this by returning the sizes with LF linefeeds,
+  # because it's faster to get. When this setting is enabled, Dovecot still
+  # tries to do the right thing first, but if that requires opening the
+  # message, it fallbacks to the easier (but incorrect) size.
+  #pop3_fast_size_lookups = no
+
+  # POP3 UIDL (unique mail identifier) format to use. You can use following
+  # variables, along with the variable modifiers described in
+  # doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
+  #
+  #  %v - Mailbox's IMAP UIDVALIDITY
+  #  %u - Mail's IMAP UID
+  #  %m - MD5 sum of the mailbox headers in hex (mbox only)
+  #  %f - filename (maildir only)
+  #  %g - Mail's GUID
+  #
+  # If you want UIDL compatibility with other POP3 servers, use:
+  #  UW's ipop3d         : %08Xv%08Xu
+  #  Courier             : %f or %v-%u (both might be used simultaneosly)
+  #  Cyrus (<= 2.1.3)    : %u
+  #  Cyrus (>= 2.1.4)    : %v.%u
+  #  Dovecot v0.99.x     : %v.%u
+  #  tpop3d              : %Mf
+  #
+  # Note that Outlook 2003 seems to have problems with %v.%u format which was
+  # Dovecot's default, so if you're building a new server it would be a good
+  # idea to change this. %08Xu%08Xv should be pretty fail-safe.
+  #
+  #pop3_uidl_format = %08Xu%08Xv
+
+  # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
+  # won't change those UIDLs. Currently this works only with Maildir.
+  #pop3_save_uidl = no
+
+  # What to do about duplicate UIDLs if they exist?
+  #   allow: Show duplicates to clients.
+  #   rename: Append a temporary -2, -3, etc. counter after the UIDL.
+  #pop3_uidl_duplicates = allow
+
+  # POP3 logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #  %t - number of TOP commands
+  #  %p - number of bytes sent to client as a result of TOP command
+  #  %r - number of RETR commands
+  #  %b - number of bytes sent to client as a result of RETR command
+  #  %d - number of deleted messages
+  #  %m - number of messages (before deletion)
+  #  %s - mailbox size in bytes (before deletion)
+  #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
+  #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+
+  # Maximum number of POP3 connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+  mail_plugins = quota
+
+  # Workarounds for various client bugs:
+  #   outlook-no-nuls:
+  #     Outlook and Outlook Express hang if mails contain NUL characters.
+  #     This setting replaces them with 0x80 character.
+  #   oe-ns-eoh:
+  #     Outlook Express and Netscape Mail breaks if end of headers-line is
+  #     missing. This option simply sends it if it's missing.
+  # The list is space-separated.
+  #pop3_client_workarounds = 
+}

install/rhel/dovecot/conf.d/90-quota.conf

@@ -0,0 +1,84 @@
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+# Quota limits are set using "quota_rule" parameters. To get per-user quota
+# limits, you can set/override them by returning "quota_rule" extra field
+# from userdb. It's also possible to give mailbox-specific limits, for example
+# to give additional 100 MB when saving to Trash:
+
+plugin {
+  #quota_rule = *:storage=1G
+  #quota_rule2 = Trash:storage=+100M
+
+  # LDA/LMTP allows saving the last mail to bring user from under quota to
+  # over quota, if the quota doesn't grow too high. Default is to allow as
+  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
+  #quota_grace = 10%%
+
+  # Quota plugin can also limit the maximum accepted mail size.
+  #quota_max_mail_size = 100M
+}
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is excecuted, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+  #quota_warning = storage=95%% quota-warning 95 %u
+  #quota_warning2 = storage=80%% quota-warning 80 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+#service quota-warning {
+#  executable = script /usr/local/bin/quota-warning.sh
+#  user = dovecot
+#  unix_listener quota-warning {
+#    user = vmail
+#  }
+#}
+
+##
+## Quota backends
+##
+
+# Multiple backends are supported:
+#   dirsize: Find and sum all the files found from mail directory.
+#            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
+#   dict: Keep quota stored in dictionary (eg. SQL)
+#   maildir: Maildir++ quota
+#   fs: Read-only support for filesystem quota
+
+plugin {
+  #quota = dirsize:User quota
+  quota = maildir:User quota
+  #quota = dict:User quota::proxy::quota
+  #quota = fs:User quota
+}
+
+# Multiple quota roots are also possible, for example this gives each user
+# their own 100MB quota and one shared 1GB quota within the domain:
+plugin {
+  #quota = dict:user::proxy::quota
+  #quota2 = dict:domain:%d:proxy::quota_domain
+  #quota_rule = *:storage=102400
+  #quota2_rule = *:storage=1048576
+}
+

install/rhel/dovecot/conf.d/auth-passwdfile.conf.ext

@@ -0,0 +1,9 @@
+passdb {
+  driver = passwd-file
+  args = scheme=MD5-CRYPT username_format=%n /etc/exim/domains/%d/passwd
+}
+
+userdb {
+  driver = passwd-file
+  args = username_format=%n /etc/exim/domains/%d/passwd
+}

install/rhel/dovecot/dovecot.conf

@@ -0,0 +1,58 @@
+protocols = imap pop3
+listen = *, ::
+base_dir = /var/run/dovecot/
+login_greeting = Mail Delivery Agent
+!include conf.d/*.conf
+!include_try conf.d/domains/*.conf
+
+namespace {
+    type = private
+    separator = /
+    inbox = yes
+    list = yes
+
+    mailbox Archive {
+        auto = subscribe
+        special_use = \Archive
+    }
+
+    mailbox Drafts {
+        auto = subscribe
+        special_use = \Drafts
+    }
+
+    mailbox Trash {
+        auto = subscribe
+        special_use = \Trash
+    }
+
+    mailbox "Deleted Messages" {
+        auto = no
+        special_use = \Trash
+    }
+
+    mailbox Spam {
+        auto = subscribe
+        special_use = \Junk
+    }
+
+    mailbox Junk {
+        auto = no
+        special_use = \Junk
+    }
+
+    mailbox Sent {
+        auto = subscribe
+        special_use = \Sent
+    }
+
+    mailbox "Sent Mail" {
+        auto = no
+        special_use = \Sent
+    }
+    
+    mailbox "Sent Messages" {
+        auto = no
+        special_use = \Sent
+    }
+}

install/rhel/exim/dnsbl.conf

@@ -0,0 +1,2 @@
+bl.spamcop.net
+zen.spamhaus.org

install/rhel/exim/exim.conf

@@ -0,0 +1,426 @@
+######################################################################
+#                                                                    #
+#          Exim configuration file for Hestia Control Panel          #
+#                                                                    #
+######################################################################
+
+#SPAMASSASSIN = yes
+#SPAM_SCORE = 50
+#CLAMD =  yes
+
+smtp_banner = $smtp_active_hostname
+add_environment = <; PATH=/bin:/usr/bin
+keep_environment =
+disable_ipv6 = true
+
+domainlist local_domains = dsearch;/etc/exim/domains/
+domainlist relay_to_domains = dsearch;/etc/exim/domains/
+hostlist relay_from_hosts = 127.0.0.1
+hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
+hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf
+no_local_from_check
+untrusted_set_sender = *
+acl_smtp_connect = acl_check_spammers
+acl_smtp_mail = acl_check_mail
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
+
+.ifdef SPAMASSASSIN
+spamd_address = 127.0.0.1 783
+.endif
+
+.ifdef CLAMD
+av_scanner = clamd: /var/run/clamav/clamd.ctl
+.endif
+
+log_selector = +tls_sni
+
+tls_advertise_hosts = *
+
+# We test that $tls_in_sni is a valid domain, by an arbitrary email address foo@domain.tld .
+# Then, we extract the domain with a function that would fail if the email address is invalid.
+# If the certificate exists, we will use it, otherwise the default certificate in /etc/ssl will be used.
+tls_certificate = \
+        ${if and {\
+                     { eq {${domain:foo@$tls_in_sni}} {$tls_in_sni}}\
+                     { exists{/usr/local/hestia/ssl/mail/$tls_in_sni.crt} }\
+                 }\
+                 {/usr/local/hestia/ssl/mail/$tls_in_sni.crt}\
+                 {/usr/local/hestia/ssl/certificate.crt}\
+         }
+
+tls_privatekey = \
+        ${if and {\
+                     { eq {${domain:foo@$tls_in_sni}} {$tls_in_sni}}\
+                     { exists{/usr/local/hestia/ssl/mail/$tls_in_sni.key} }\
+                 }\
+                 {/usr/local/hestia/ssl/mail/$tls_in_sni.key}\
+                 {/usr/local/hestia/ssl/certificate.key}\
+         }
+
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
+never_users = root
+host_lookup = *
+rfc1413_hosts = *
+rfc1413_query_timeout = 5s
+ignore_bounce_errors_after = 2d
+timeout_frozen_after = 7d
+
+DKIM_DOMAIN = ${lc:${domain:$h_from:}}
+DKIM_FILE = /etc/exim/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim/domains/}}/dkim.pem
+DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
+
+OUTGOING_IP = /etc/exim/domains/$sender_address_domain/ip
+
+
+######################################################################
+#                       ACL CONFIGURATION                            #
+#         Specifies access control lists for incoming SMTP mail      #
+######################################################################
+
+acl_not_smtp = acl_not_smtp
+
+begin acl
+
+# Limit per user for PHP scripts
+acl_not_smtp:
+  deny    message       = Website of user $authenticated_id is sending too many emails - rate overlimit = $sender_rate / $sender_rate_period
+  ratelimit             = 200 / 1h / $authenticated_id
+
+  warn    ratelimit     = 100 / 1h / strict / $authenticated_id
+  log_message           = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period
+
+  accept
+
+acl_check_spammers:
+  accept  hosts         = +whitelist
+
+  drop    message       = Your host in blacklist on this server.
+          log_message   = Host in blacklist
+          hosts         = +spammers
+
+  accept
+
+
+acl_check_mail:
+  deny    condition     = ${if eq{$sender_helo_name}{}}
+          message       = HELO required before MAIL
+
+  drop    message       = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
+          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
+          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
+          delay         = 45s
+
+  drop    condition     = ${if isip{$sender_helo_name}}
+          message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
+
+  drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+          message       = $interface_address is _my_ address
+
+  accept
+
+
+acl_check_rcpt:
+  accept  hosts         = :
+
+# Limit per email account for SMTP auhenticated users
+  deny    message       = Email account $authenticated_id is sending too many emails - rate overlimit = $sender_rate / $sender_rate_period
+  ratelimit             = 200 / 1h / $authenticated_id
+
+  warn    ratelimit     = 100 / 1h / strict / $authenticated_id
+  log_message           = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period
+
+  deny    message       = Restricted characters in address
+          domains       = +local_domains
+          local_parts   = ^[.] : ^.*[@%!/|]
+
+  deny    message       = Restricted characters in address
+          domains       = !+local_domains
+          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  require verify        = sender
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+
+  accept  authenticated = *
+          control       = submission/domain=
+
+  deny    message       = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+          hosts         = !+whitelist
+          dnslists      = ${readfile {/etc/exim/dnsbl.conf}{:}}
+
+  require message       = relay not permitted
+          domains       = +local_domains : +relay_to_domains
+
+  deny    message       = smtp auth required
+         sender_domains = +local_domains
+         !authenticated = *
+
+  require verify        = recipient
+
+.ifdef CLAMD
+  warn    set acl_m0    = no
+
+  warn    condition     = ${if exists {/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/antivirus}{yes}{no}}
+          set acl_m0    = yes
+.endif
+
+.ifdef SPAMASSASSIN
+  warn    set acl_m1    = no
+
+  warn    condition     = ${if exists {/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/antispam}{yes}{no}}
+          set acl_m1    = yes
+.endif
+
+  accept
+
+
+acl_check_data:
+.ifdef CLAMD
+  deny   message        = Message contains a virus ($malware_name) and has been rejected
+         malware        = */defer_ok
+         condition      = ${if eq{$acl_m0}{yes}{yes}{no}}
+.endif
+
+.ifdef SPAMASSASSIN
+  warn   !authenticated = *
+         hosts          = !+relay_from_hosts
+         condition      = ${if < {$message_size}{1024K}}
+         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
+         spam           = debian-spamd:true/defer_ok
+         add_header     = X-Spam-Score: $spam_score_int
+         add_header     = X-Spam-Bar: $spam_bar
+         add_header     = X-Spam-Report: $spam_report
+         set acl_m2     = $spam_score_int
+
+  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
+         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
+         add_header     = X-Spam-Status: Yes
+         message        = SpamAssassin detected spam (from $sender_address to $recipients).
+.endif
+
+  accept
+
+
+acl_check_mime:
+  deny   message        = Blacklisted file extension detected
+         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}}
+
+  accept
+
+
+
+######################################################################
+#                   AUTHENTICATION CONFIGURATION                     #
+######################################################################
+begin authenticators
+
+dovecot_plain:
+  driver = dovecot
+  public_name = PLAIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+dovecot_login:
+  driver = dovecot
+  public_name = LOGIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+
+
+######################################################################
+#                      ROUTERS CONFIGURATION                         #
+#               Specifies how addresses are handled                  #
+######################################################################
+begin routers
+
+#smarthost:
+#  driver = manualroute
+#  domains = ! +local_domains
+#  transport = remote_smtp
+#  route_list = * smartrelay.hestiacp.com
+#  no_more
+#  no_verify
+
+dnslookup:
+  driver = dnslookup
+  domains = !+local_domains
+  transport = remote_smtp
+  no_more
+
+userforward:
+  driver = redirect
+  check_local_user
+  file = $home/.forward
+  allow_filter
+  no_verify
+  no_expn
+  check_ancestor
+  file_transport = address_file
+  pipe_transport = address_pipe
+  reply_transport = address_reply
+
+procmail:
+  driver = accept
+  check_local_user
+  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+  transport = procmail
+  no_verify
+
+autoreplay:
+  driver = accept
+  require_files = /etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/autoreply.${local_part}.msg
+  condition = ${if exists{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/autoreply.${local_part}.msg}{yes}{no}}
+  retry_use_local_part
+  transport = userautoreply
+  unseen
+
+aliases:
+  driver = redirect
+  headers_add = X-redirected: yes
+  data = ${extract{1}{:}{${lookup{$local_part@${lookup{$domain}dsearch{/etc/exim/domains/}}}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/aliases}}}}
+  require_files = /etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/aliases
+  redirect_router = dnslookup
+  pipe_transport = address_pipe
+  unseen
+
+localuser_fwd_only:
+  driver = accept
+  transport = devnull
+  condition = ${if exists{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/fwd_only}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/fwd_only}{true}{false}}}}
+
+localuser_spam:
+  driver = accept
+  transport = local_spam_delivery
+  condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/passwd}{yes}{no_such_user}}}}
+
+localuser:
+  driver = accept
+  transport = local_delivery
+  condition = ${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/passwd}{true}{false}}
+
+catchall:
+  driver = redirect
+  headers_add = X-redirected: yes
+  require_files = /etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/aliases
+  data = ${extract{1}{:}{${lookup{*@${lookup{$domain}dsearch{/etc/exim/domains/}}}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/aliases}}}}
+  file_transport = local_delivery
+  redirect_router = dnslookup
+
+terminate_alias:
+  driver = accept
+  transport = devnull
+  condition = ${lookup{$local_part@${lookup{$domain}dsearch{/etc/exim/domains/}}}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/aliases}{true}{false}}
+
+
+
+######################################################################
+#                      TRANSPORTS CONFIGURATION                      #
+######################################################################
+begin transports
+
+remote_smtp:
+  driver = smtp
+  helo_data = ${primary_hostname}
+  dkim_domain = DKIM_DOMAIN
+  dkim_selector = mail
+  dkim_private_key = DKIM_PRIVATE_KEY
+  dkim_canon = relaxed
+  dkim_strict = 0
+  interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}
+
+procmail:
+  driver = pipe
+  command = "/usr/bin/procmail -d $local_part"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+  user = $local_part
+  initgroups
+  return_output
+
+local_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/passwd}}}}/mail/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/passwd}}}}/mail/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}}}"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/passwd}}}}M
+  quota_warn_threshold = 75%
+
+local_spam_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/passwd}}}}/mail/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/passwd}}}}/mail/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}}}/.Spam"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/passwd}}}}M
+  quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/passwd}}}}/mail/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}/passwd}}}}/mail/${lookup{${lookup{$domain}dsearch{/etc/exim/domains/}}}dsearch{/etc/exim/domains/}}}}"
+  quota_warn_threshold = 75%
+
+address_pipe:
+  driver = pipe
+  return_output
+
+address_file:
+  driver = appendfile
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
+address_reply:
+  driver = autoreply
+
+userautoreply:
+  driver = autoreply
+  file = /etc/exim/domains/${lookup{$domain}dsearch{/etc/exim/domains/}}/autoreply.${local_part}.msg
+  from = "${local_part}@${domain}"
+  headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
+  subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
+  to = "${sender_address}"
+
+devnull:
+  driver = appendfile
+  file = /dev/null
+
+
+
+######################################################################
+#                      RETRY CONFIGURATION                           #
+######################################################################
+begin retry
+
+# Address or Domain    Error       Retries
+# -----------------    -----       -------
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+
+######################################################################
+#                      REWRITE CONFIGURATION                         #
+######################################################################
+begin rewrite
+
+
+
+######################################################################

install/rhel/fail2ban/action.d/hestia.conf

@@ -0,0 +1,9 @@
+# Fail2Ban configuration file for hestia
+
+[Definition]
+
+actionstart = /usr/local/hestia/bin/v-add-firewall-chain <name>
+actionstop = /usr/local/hestia/bin/v-delete-firewall-chain <name>
+actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-<name>[ \t]'
+actionban = /usr/local/hestia/bin/v-add-firewall-ban <ip> <name>
+actionunban = /usr/local/hestia/bin/v-delete-firewall-ban <ip> <name>

install/rhel/fail2ban/filter.d/hestia.conf

@@ -0,0 +1,10 @@
+# Fail2Ban filter for unsuccessful hestia authentication attempts
+#
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex =  .* <HOST> failed to login
+ignoreregex =
+

install/rhel/fail2ban/jail.local

@@ -0,0 +1,55 @@
+[ssh-iptables]
+enabled  = true
+filter   = sshd
+action   = hestia[name=SSH]
+logpath  = /var/log/auth.log
+maxretry = 5
+
+[vsftpd-iptables]
+enabled  = false
+filter   = vsftpd
+action   = hestia[name=FTP]
+logpath  = /var/log/vsftpd.log
+maxretry = 5
+
+[exim-iptables]
+enabled  = true
+filter   = exim
+action   = hestia[name=MAIL]
+logpath  = /var/log/exim4/mainlog
+
+[dovecot-iptables]
+enabled  = true
+filter   = dovecot
+action   = hestia[name=MAIL]
+logpath  = /var/log/dovecot.log
+
+[mysqld-iptables]
+enabled  = false
+filter   = mysqld-auth
+action   = hestia[name=DB]
+logpath  = /var/log/mysql.log
+maxretry = 5
+
+[hestia-iptables]
+enabled  = true
+filter   = hestia
+action   = hestia[name=HESTIA]
+logpath  = /var/log/hestia/auth.log
+maxretry = 5
+
+[roundcube-auth]
+enabled  = false
+filter   = roundcube-auth
+action   = hestia[name=WEB]
+logpath  = /var/log/roundcube/errors
+maxretry = 5
+
+[recidive]
+enabled  = true
+filter   = recidive
+action   = hestia[name=HESTIA]
+logpath  = /var/log/fail2ban.log
+maxretry = 5
+findtime = 86400
+bantime  = 864000

install/rhel/firewall/rules.conf

@@ -0,0 +1,10 @@
+RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16'
+RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='HESTIA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='21:47:04' DATE='2018-11-07'
+RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24'
+RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16'

install/rhel/httpd/hestia-event.conf

@@ -0,0 +1,5 @@
+<IfModule mpm_event_module>
+    <FilesMatch \.php$>
+        SetHandler "proxy:fcgi://127.0.0.1:9000"
+    </FilesMatch>
+</IfModule>

install/rhel/httpd/hestia.conf

@@ -0,0 +1,58 @@
+ServerRoot "/etc/httpd"
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+
+<Directory />
+    AllowOverride All
+</Directory>
+
+DocumentRoot "/var/www/html"
+<Directory "/var/www">
+    AllowOverride All
+    Require all granted
+</Directory>
+
+<Directory "/var/www/html">
+    Options Indexes FollowSymLinks
+    AllowOverride All
+    Require all granted
+</Directory>
+
+DirectoryIndex index.php index.html
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+ErrorLog "logs/error_log"
+LogLevel warn
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%b" bytes
+CustomLog "logs/access_log" combined
+
+TypesConfig /etc/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
+#AddHandler cgi-script .cgi
+
+AddDefaultCharset UTF-8
+
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
+
+EnableSendfile on
+
+<IfModule remoteip_module>
+    RemoteIPHeader X-Real-IP
+    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%a %l %u %t \"%r\" %>s %b" common
+</IfModule>
+
+IncludeOptional conf.d/*.conf

install/rhel/httpd/httpd.conf

@@ -0,0 +1,81 @@
+#=======================================================================#
+# Hestia Apache configuration file                                      #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST!                        #
+#=======================================================================#
+
+ServerRoot "/etc/httpd"
+Timeout 30
+KeepAlive Off
+MaxKeepAliveRequests 100
+KeepAliveTimeout 10
+
+<IfModule mpm_prefork_module>
+    StartServers          8
+    MinSpareServers       5
+    MaxSpareServers      20
+    ServerLimit         256
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+<IfModule mpm_worker_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+<IfModule mpm_event_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          200
+    MaxRequestsPerChild 4000
+</IfModule>
+
+User apache
+Group apache
+
+AccessFileName .htaccess
+
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+    Satisfy all
+</Files>
+
+TypesConfig /etc/mime.types
+DefaultType None
+HostnameLookups Off
+
+ErrorLog /var/log/httpd/error.log
+LogLevel warn
+
+# Include module configuration:
+Include conf.modules.d/*.conf
+
+# Include list of ports to listen on and which to use for name based vhosts
+Include conf/ports.conf
+
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+LogFormat "%b" bytes
+
+Include conf.d/*.conf
+IncludeOptional conf.d/domains/*.conf
+
+ErrorDocument 403 /error/403.html
+ErrorDocument 404 /error/404.html
+ErrorDocument 500 /error/50x.html
+ErrorDocument 501 /error/50x.html
+ErrorDocument 502 /error/50x.html
+ErrorDocument 503 /error/50x.html
+ErrorDocument 506 /error/50x.html

install/rhel/httpd/status.conf

@@ -0,0 +1,8 @@
+Listen 127.0.0.1:8081
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1
+#    Allow from all
+</Location>

install/rhel/httpd/unassigned.conf

@@ -0,0 +1,18 @@
+<VirtualHost directIP:directPORT>
+    ServerName directIP
+    DocumentRoot /var/www/html/
+    Alias /error/ /var/www/document_errors/
+
+</VirtualHost>
+
+<VirtualHost directIP:directSSLPORT>
+    ServerName directIP
+    DocumentRoot /var/www/html/
+    Alias /error/ /var/www/document_errors/
+
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile         /usr/local/hestia/ssl/certificate.crt
+    SSLCertificateKeyFile      /usr/local/hestia/ssl/certificate.key
+    
+</VirtualHost>

install/rhel/logrotate/dovecot

@@ -0,0 +1,12 @@
+/var/log/dovecot*.log {
+    rotate 4  
+    weekly
+    missingok
+    notifempty
+    compress
+    delaycompress
+    sharedscripts
+    postrotate
+    doveadm log reopen
+    endscript
+}

install/rhel/logrotate/hestia

@@ -0,0 +1,7 @@
+/usr/local/hestia/log/*.log {
+    rotate 12
+    monthly
+    missingok
+    notifempty
+    create 0600 root root
+}

install/rhel/logrotate/httpd

@@ -0,0 +1,10 @@
+/var/log/httpd/*log /var/log/httpd/domains/*log {
+    missingok
+    notifempty
+    compress
+    sharedscripts
+    postrotate
+        /sbin/service httpd reload > /dev/null 2>/dev/null || true
+        [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
+    endscript
+}

install/rhel/logrotate/nginx

@@ -0,0 +1,13 @@
+/var/log/nginx/*log /var/log/nginx/domains/*log {
+    rotate 4
+    weekly
+    missingok
+    notifempty
+    compress
+    delaycompress
+    create 640
+    sharedscripts
+    postrotate
+        [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
+        endscript
+}

install/rhel/multiphp/httpd/PHP-56.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /var/run/php/php5.6-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ ! -f "$pool_file_56" ]; then
+    echo "$pool_conf" > $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-56.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-56.tpl

@@ -0,0 +1,33 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+        
+    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
+    
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes +ExecCGI
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/var/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-70.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /var/run/php/php7.0-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ ! -f "$pool_file_70" ]; then
+    echo "$pool_conf" > $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-70.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/var/run/php/php7.0-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+