Merge remote-tracking branch 'origin/feature/429_iptables6'

bin/v-add-firewall-ipv6-rule

@@ -0,0 +1,94 @@
+#!/bin/bash
+# info: add firewall rule
+# options: ACTION IPV6 PORT [PROTOCOL] [COMMENT] [RULE]
+#
+# The function adds new rule to system firewall
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Argument definition
+action=$(echo $1|tr '[:lower:]' '[:upper:]')
+ipv6=$2
+port_ext=$3
+protocol=${4-TCP}
+protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
+comment=$5
+rule=$6
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/HESTIA.conf
+
+# Get next firewall rule id
+get_next_fw_rule() {
+    if [ -z "$rule" ]; then
+        curr_str=$(grep "RULE=" $HESTIA/data/firewallv6/rules.conf |\
+         cut -f 2 -d \' | sort -n | tail -n1)
+        rule="$((curr_str +1))"
+    fi
+}
+
+sort_fw_rules() {
+    cat $HESTIA/data/firewallv6/rules.conf |\
+        sort -n -k 2 -t \' > $HESTIA/data/firewallv6/rules.conf.tmp
+    mv -f $HESTIA/data/firewallv6/rules.conf.tmp \
+        $HESTIA/data/firewallv6/rules.conf
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'ACTION IPV6 PORT [PROTOCOL] [COMMENT] [RULE]'
+is_format_valid 'action' 'protocol' 'port_ext' 'ipv6'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+get_next_fw_rule
+is_format_valid 'rule'
+is_object_new '../../data/firewallv6/rules' 'RULE' "$rule"
+if [ ! -z "$comment" ]; then
+    is_format_valid 'comment'
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Generating timestamp
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+# Concatenating rule
+str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
+str="$str IP6='$ipv6' COMMENT='$comment' SUSPENDED='no'"
+str="$str TIME='$time' DATE='$date'"
+
+# Adding to config
+echo "$str" >> $HESTIA/data/firewallv6/rules.conf
+
+# Changing permissions
+chmod 660 $HESTIA/data/firewallv6/rules.conf
+
+# Sorting firewall rules by id number
+sort_fw_rules
+
+# Updating system firewall
+$BIN/v-update-firewall-ipv6
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-add-sys-ipv6

@@ -0,0 +1,181 @@
+#!/bin/bash
+# info: add system ip address
+# options: IPV6 NETMASK [INTERFACE] [USER] [IP_STATUS] [IP_NAME]
+#
+# The function adds ipv6 address into a system. It also creates rc scripts. You
+# can specify ipv6 name which will be used as root domain for temporary aliases.
+# For example, if you set a1.myhosting.com as name, each new domain created on
+# this ipv6 will automatically receive alias $domain.a1.myhosting.com. Of course
+# you must have wildcard record *.a1.myhosting.com pointed to ipv6. This feature 
+# is very handy when customer wants to test domain before dns migration.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+ipv6=${1// /}
+netmask=$2
+interface="${3-eth0}"
+user="${4-admin}"
+ip_status="${5-shared}"
+ip_name=$6
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/ipv6.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'IPV6 NETMASK [INTERFACE] [USER] [STATUS] [NAME]'
+is_format_valid 'ipv6' 'netmaskv6' 'interface' 'user' 'ip_status'
+is_ipv6_free
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+if [ ! -z "$ip_name" ] ; then
+    is_format_valid 'ip_name'
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+iface=$(get_ipv6_iface)
+#cidr=$(convert_netmaskv6 $netmask)
+cidr=$netmask
+
+sys_ip_check=$(/sbin/ip -6 addr | grep "$ipv6")
+if [ -z "$sys_ip_check" ]; then
+    # Adding sys ip
+    /sbin/ip addr add $ipv6/$cidr dev $interface
+
+    # Adding RHEL/CentOS/Fedora startup script
+    if [ -e "/etc/redhat-release" ]; then
+        sys_ip="# Added by hestia"
+        sys_ip="$sys_ip\nIPV6INIT=yes"
+        sys_ip="$sys_ip\nIPV6ADDR=$ipv6/$cidr"
+        sys_ip="$sys_ip\nIPV6_DEFAULTGW=$interface"
+        sys_ip="$sys_ip\nIPV6_AUTOCONF=no"
+        #sys_ip="$sys_ip\nIPV6ADDR_SECONDARIES="""
+        echo -e $sys_ip > /etc/sysconfig/network-scripts/ifcfg-$interface
+    fi
+
+    # Adding Debian/Ubuntu startup script
+    if [ -e "/etc/debian_version" ]; then
+        sys_ip="\n# Added by hestia"
+        sys_ip="$sys_ip\niface $interface inet6 static"
+        sys_ip="$sys_ip\naddress $ipv6"
+        sys_ip="$sys_ip\nnetmask $cidr"
+        echo -e $sys_ip >> /etc/network/interfaces
+    fi
+fi
+
+# Generating timestamp
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+# Adding hestia ip
+echo "OWNER='$user'
+STATUS='$ip_status'
+NAME='$ip_name'
+U_SYS_USERS=''
+U_WEB_DOMAINS='0'
+INTERFACE='$interface'
+NETMASK='$netmask'
+NAT=''
+TIME='$time'
+DATE='$date'
+VERSION='6'" > $HESTIA/data/ips/$ipv6
+chmod 660 $HESTIA/data/ips/$ipv6
+
+# WEB support
+if [ ! -z "$WEB_SYSTEM" ]; then
+    web_conf="/etc/$WEB_SYSTEM/conf.d/$ipv6.conf"
+    rm -f $web_conf
+
+    if [ "$WEB_SYSTEM" = 'httpd' ] || [ "$WEB_SYSTEM" = 'apache2' ]; then
+        if [ -z "$(/usr/sbin/apachectl -v | grep Apache/2.4)" ]; then
+            echo "NameVirtualHost [$ipv6]:$WEB_PORT" >  $web_conf
+        fi
+        echo "Listen [$ipv6]:$WEB_PORT" >> $web_conf
+    fi
+
+    if [ "$WEB_SSL" = 'mod_ssl' ]; then
+        if [ -z "$(/usr/sbin/apachectl -v | grep Apache/2.4)" ]; then
+            echo "NameVirtualHost [$ipv6]:$WEB_SSL_PORT" >> $web_conf
+        fi
+        echo "Listen [$ipv6]:$WEB_SSL_PORT" >> $web_conf
+    fi
+fi
+
+# Proxy support
+if [ ! -z "$PROXY_SYSTEM" ]; then
+    cat $WEBTPL/$PROXY_SYSTEM/proxy_ip.tpl |\
+        sed -e "s/%ip%/[$ipv6]/g" \
+            -e "s/%web_port%/$WEB_PORT/g" \
+            -e "s/%proxy_port%/$PROXY_PORT/g" \
+        > /etc/$PROXY_SYSTEM/conf.d/$ipv6.conf
+
+    # mod_rpaf
+    rpaf_conf="/etc/$WEB_SYSTEM/mods-enabled/rpaf.conf"
+    if [ -e "$rpaf_conf" ]; then
+        rpaf_str=$(grep RPAFproxy_ips $rpaf_conf)
+        rpaf_str="$rpaf_str $ipv6"
+        sed -i "s/.*RPAFproxy_ips.*/$rpaf_str/" $rpaf_conf
+    fi
+
+    #mod_remoteip
+    remoteip_conf="/etc/$WEB_SYSTEM/mods-enabled/remoteip.conf"
+    if [ -e "$remoteip_conf" ]; then
+        if [ $( grep -ic "$ipv6" $remoteip_conf ) -eq 0 ]; then
+            sed -i "s/<\/IfModule>/RemoteIPInternalProxy $ipv6\n<\/IfModule>/g" $remoteip_conf
+        fi
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Updating user counters
+increase_user_value "$user" '$IPV6_OWNED'
+if [ "$user" = 'admin' ]; then
+    if [ "$ip_status" = 'shared' ]; then
+        for user in $(ls $HESTIA/data/users); do
+            increase_user_value "$user" '$IPV6_AVAIL'
+        done
+    else
+        increase_user_value 'admin' '$IPV6_AVAIL'
+    fi
+else
+    increase_user_value "$user" '$IPV6_AVAIL'
+    increase_user_value 'admin' '$IPV6_AVAIL'
+fi
+
+# Restarting web server
+$BIN/v-restart-web
+check_result $? "Web restart failed" >/dev/null
+
+# Restarting proxy server
+if [ ! -z "$PROXY_SYSTEM" ]; then
+    $BIN/v-restart-proxy
+    check_result $? "Proxy restart failed" >/dev/null
+fi
+
+# Restarting firewall
+if [ ! -z "$FIREWALL_SYSTEM" ]; then
+    $BIN/v-update-firewall
+fi
+
+# Logging
+log_history "added system ipv6 address $ipv6" '' 'admin'
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-dns-domain-ipv6

@@ -0,0 +1,120 @@
+#!/bin/bash
+# info: change dns domain ip address
+# options: USER DOMAIN IPV6
+#
+# The function for changing the main ipv6 of DNS zone.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+ipv6=$3
+restart=$4
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/ipv6.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+# Additional argument formatting
+format_domain
+format_domain_idn
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'USER DOMAIN IPV6'
+is_format_valid 'user' 'domain'
+is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'dns' 'DOMAIN' "$domain"
+is_object_unsuspended 'dns' 'DOMAIN' "$domain"
+
+if [ "$ipv6" != "no" ]; then
+    is_format_valid 'ipv6'
+fi
+if [ "$ipv6" != "no" ]; then
+    is_ipv6_valid "$ipv6" "$user"
+else
+    ipv6=''
+fi
+
+# Get old ip
+get_domain_values 'dns'
+if [ -z @"$ipv6" ] && [ -z "$IP" ]; then
+    check_result $E_INVALID "IP or IPv6 is required"
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+old=$IP6
+
+if [ -z "$old" ]; then
+    #Create new
+    # Generating timestamp
+    time_n_date=$(date +'%T %F')
+    time=$(echo "$time_n_date" |cut -f 1 -d \ )
+    date=$(echo "$time_n_date" |cut -f 2 -d \ )
+    ip=""
+    add_dns_config_records
+else
+    if [ ! -z "$ipv6" ]; then
+        # Changing records
+        sed -i "s/$old/$ipv6/g" $USER_DATA/dns/$domain.conf
+    else
+        #Delete configs
+        ipv6=""
+        ip=$IP
+        remove_dns_config_records
+    fi
+fi
+
+# Changing ip
+update_object_value 'dns' 'DOMAIN' "$domain" '$IP6' "$ipv6"
+
+#update counters
+records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')"
+update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records"
+records=$(wc -l $USER_DATA/dns/*.conf | cut -f 1 -d ' ')
+update_user_value "$user" '$U_DNS_RECORDS' "$records"
+
+# Updating zone
+if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
+    update_domain_serial
+    update_domain_zone
+fi
+
+# Updating dns-cluster queue
+if [ ! -z "$DNS_CLUSTER" ]; then
+    # Check for first sync
+    dlock=$(grep "domain $user $domain" $HESTIA/data/queue/dns-cluster.pipe)
+    if [ -z "$dlock" ]; then
+        cmd="$BIN/v-add-remote-dns-domain $user $domain domain yes"
+        echo "$cmd" >> $HESTIA/data/queue/dns-cluster.pipe
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+# Restarting named
+$BIN/v-restart-dns $restart
+check_result $? "DNS restart failed" >/dev/null
+
+# Logging
+log_history "changed dns ipv6 for $domain to $ipv6"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-firewall-ipv6-rule

@@ -0,0 +1,85 @@
+#!/bin/bash
+# info: change firewall rule
+# options: RULE ACTION IPV6 PORT [PROTOCOL] [COMMENT]
+#
+# The function is used for changing existing firewall rule.
+# It fully replace rule with new one but keeps same id.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Argument definition
+rule=$1
+action=$(echo $2|tr '[:lower:]' '[:upper:]')
+ipv6=$3
+port_ext=$4
+protocol=${5-TCP}
+protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
+comment=$6
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/HESTIA.conf
+
+# Sort function
+sort_fw_rules() {
+    cat $HESTIA/data/firewallv6/rules.conf |\
+        sort -n -k 2 -t \' > $HESTIA/data/firewallv6/rules.conf.tmp
+    mv -f $HESTIA/data/firewallv6/rules.conf.tmp \
+        $HESTIA/data/firewallv6/rules.conf
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '5' "$#" 'RULE ACTION IPV6  PORT [PROTOCOL] [COMMENT]'
+is_format_valid 'rule' 'action' 'protocol' 'port_ext' 'ipv6'
+if [ ! -z "$comment" ]; then
+    is_format_valid 'comment'
+fi
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Generating timestamp
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+# Concatenating firewall rule
+str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
+str="$str IP6='$ipv6' COMMENT='$comment' SUSPENDED='no'"
+str="$str TIME='$time' DATE='$date'"
+
+# Deleting old rule
+sed -i "/RULE='$rule' /d" $HESTIA/data/firewallv6/rules.conf
+
+# Adding new
+echo "$str" >> $HESTIA/data/firewallv6/rules.conf
+
+# Sorting firewall rules by id number
+sort_fw_rules
+
+# Updating system firewall
+$BIN/v-update-firewall-ipv6
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-sys-ipv6-name

@@ -0,0 +1,48 @@
+#!/bin/bash
+# info: change ip name
+# options: IPV6 NAME
+#
+# The function for changing the name of the ip.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+ipv6=$1
+ip_name=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/ipv6.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'IPV6 IP_NAME'
+is_format_valid 'ipv6'
+is_format_valid 'ip_name'
+is_ipv6_valid "$ipv6"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Changing ip name
+update_ipv6_value '$NAME' "$ip_name"
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "changed associated name of $ipv6 to $ip_name" '' 'admin'
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-sys-ipv6-owner

@@ -0,0 +1,48 @@
+#!/bin/bash
+# info: change ip name
+# options: IPV6 NAME
+#
+# The function for changing the name of the ip.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+ipv6=$1
+ip_name=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/ipv6.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'IPV6 IP_NAME'
+is_format_valid 'ipv6'
+is_format_valid 'ip_name'
+is_ipv6_valid "$ipv6"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Changing ip name
+update_ipv6_value '$NAME' "$ip_name"
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "changed associated name of $ipv6 to $ip_name" '' 'admin'
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-sys-ipv6-status

@@ -0,0 +1,56 @@
+#!/bin/bash
+# info: change ip status
+# options: IPV6 IP_STATUS
+#
+# The function of changing an ip address's status.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+ipv6=$1
+ip_status=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/ipv6.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'IPV6 IP_STATUS'
+is_format_valid 'ipv6' 'ip_status'
+is_ipv6_valid "$ipv6"
+if [ "$ip_status" = "$(get_ipv6_value '$STATUS')" ]; then
+    check_result "$E_EXISTS" "status $ip_status is already set"
+fi
+web_domains=$(get_ipv6_value '$U_WEB_DOMAINS')
+sys_user=$(get_ipv6_value '$U_SYS_USERS')
+ip_owner=$(get_ipv6_value '$OWNER')
+if [ "$web_domains" -ne '0' ] && [ "$sys_user" != "$ip_owner" ]; then
+    check_result "$E_INUSE" "ip $ipv6 is used"
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Changing ip name
+update_ipv6_value '$STATUS' "$ip_status"
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "changed $ipv6 status to $ip_status" '' 'admin'
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-web-domain-ipv6

@@ -0,0 +1,120 @@
+#!/bin/bash
+# info: change dns domain ip address
+# options: USER DOMAIN IPV6
+#
+# The function for changing the main ipv6 of DNS zone.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+ipv6=$3
+restart=$4
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/ipv6.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+# Additional argument formatting
+format_domain
+format_domain_idn
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'USER DOMAIN IPV6'
+is_format_valid 'user' 'domain'
+is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'dns' 'DOMAIN' "$domain"
+is_object_unsuspended 'dns' 'DOMAIN' "$domain"
+
+if [ "$ipv6" != "no" ]; then
+    is_format_valid 'ipv6'
+fi
+if [ "$ipv6" != "no" ]; then
+    is_ipv6_valid "$ipv6" "$user"
+else
+    ipv6=''
+fi
+
+# Get old ip
+get_domain_values 'dns'
+if [ -z @"$ipv6" ] && [ -z "$IP" ]; then
+    check_result $E_INVALID "IP or IPv6 is required"
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+old=$IP6
+
+if [ -z "$old" ]; then
+    #Create new
+    # Generating timestamp
+    time_n_date=$(date +'%T %F')
+    time=$(echo "$time_n_date" |cut -f 1 -d \ )
+    date=$(echo "$time_n_date" |cut -f 2 -d \ )
+    ip=""
+    add_dns_config_records
+else
+    if [ ! -z "$ipv6" ]; then
+        # Changing records
+        sed -i "s/$old/$ipv6/g" $USER_DATA/dns/$domain.conf
+    else
+        #Delete configs
+        ipv6=""
+        ip=$IP
+        remove_dns_config_records
+    fi
+fi
+
+# Changing ip
+update_object_value 'dns' 'DOMAIN' "$domain" '$IP6' "$ipv6"
+
+#update counters
+records="$(wc -l $USER_DATA/dns/$domain.conf | cut -f1 -d ' ')"
+update_object_value 'dns' 'DOMAIN' "$domain" '$RECORDS' "$records"
+records=$(wc -l $USER_DATA/dns/*.conf | cut -f 1 -d ' ')
+update_user_value "$user" '$U_DNS_RECORDS' "$records"
+
+# Updating zone
+if [[ "$DNS_SYSTEM" =~ named|bind ]]; then
+    update_domain_serial
+    update_domain_zone
+fi
+
+# Updating dns-cluster queue
+if [ ! -z "$DNS_CLUSTER" ]; then
+    # Check for first sync
+    dlock=$(grep "domain $user $domain" $HESTIA/data/queue/dns-cluster.pipe)
+    if [ -z "$dlock" ]; then
+        cmd="$BIN/v-add-remote-dns-domain $user $domain domain yes"
+        echo "$cmd" >> $HESTIA/data/queue/dns-cluster.pipe
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+# Restarting named
+$BIN/v-restart-dns $restart
+check_result $? "DNS restart failed" >/dev/null
+
+# Logging
+log_history "changed dns ipv6 for $domain to $ipv6"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-firewall-ipv6-rule

@@ -0,0 +1,51 @@
+#!/bin/bash
+# info: delete firewall rule
+# options: RULE
+#
+# The function deletes firewall rule.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Argument definition
+rule=$1
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/HESTIA.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'RULE'
+is_format_valid 'rule'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Deleting rule
+sed -i "/RULE='$rule' /d" $HESTIA/data/firewallv6/rules.conf
+
+# Updating system firewall
+$BIN/v-update-firewall-ipv6
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-sys-ipv6

@@ -0,0 +1,149 @@
+#!/bin/bash
+# info: delete system ipv6
+# options: IPV6
+#
+# The function for deleting a system ip. It does not allow to delete first ip
+# on interface and do not allow to delete ip which is used by a web domain.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+ipv6=$1
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/ipv6.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'IPV6'
+is_format_valid 'ipv6'
+is_ip_valid "$ipv6"
+is_ip_key_empty '$U_WEB_DOMAINS'
+is_ip_key_empty '$U_SYS_USERS'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Import ip variables
+source $HESTIA/data/ips/$ipv6
+cidr=$(convert_netmaskv6 $NETMASK)
+
+# Checking main ip on the interface
+interface=$(/sbin/ip  -6 addr | grep "$ipv6/$cidr" | awk '{print $NF}')
+if [ ! -z "$interface" ] && [ -z "$(echo $interface |cut -s -f2 -d :)" ]; then
+    echo "Error: can't delete main IP address"
+    log_event "$E_FORBIDEN" "$ARGUMENTS"
+    exit $E_FORBIDEN
+fi
+
+# Deleting system ip
+if [ ! -z "$interface" ]; then
+    /sbin/ip -6 addr del $ip/$cidr dev $INTERFACE
+    if [ "$?" -ne 0 ]; then
+        echo "Error: can't delete system ip"
+        log_event "$E_FORBIDEN" "$ARGUMENTS"
+        exit $E_FORBIDEN
+    fi
+fi
+
+# Deleting startup conf on RHEL/CentOS/Fedora
+if [ -e "/etc/sysconfig/network-scripts/ifcfg-$interface" ]; then
+    rm -f /etc/sysconfig/network-scripts/ifcfg-$interface
+fi
+
+# Deleting startup conf on Debian/Ubuntu
+if [ -e "/etc/network/interfaces" ]; then
+    ip_str=$(grep -n $ip$ /etc/network/interfaces |cut -f1 -d:)
+    if [ ! -z "$ip_str" ]; then
+        first_str=$((ip_str - 3))
+        last_str=$((ip_str + 1))
+        sed -i "$first_str,$last_str d" /etc/network/interfaces
+    fi
+fi
+
+# Deleting hestia ip
+rm -f $HESTIA/data/ips/$ipv6
+
+# Deleting web config
+if [ ! -z "$WEB_SYSTEM" ]; then
+    rm -f /etc/$WEB_SYSTEM/conf.d/$ipv6.conf
+fi
+
+# Deleting proxy config
+if [ ! -z "$PROXY_SYSTEM" ]; then
+    rm -f /etc/$PROXY_SYSTEM/conf.d/$ipv6.conf
+
+    # mod_extract_forwarded
+    fw_conf="/etc/$WEB_SYSTEM/conf.d/mod_extract_forwarded.conf"
+    if [ -e "$fw_conf" ]; then
+        ips=$(grep 'MEFaccept 127.0.0.1' $fw_conf)
+        new_ips=$(echo "$ips" | sed "s/$ipv6//" )
+        sed -i "s/$ips/$new_ips/g" $fw_conf
+    fi
+
+    # mod_rpaf
+    rpaf_conf="/etc/$WEB_SYSTEM/mods-enabled/rpaf.conf"
+    if [ -e "$rpaf_conf" ]; then
+        ips=$(grep RPAFproxy_ips $rpaf_conf)
+        new_ips=$(echo "$rpaf_str" | sed "s/$ipv6//")
+        sed -i "s/$ips/$new_ips/g" $rpaf_conf
+    fi
+    
+    #mod_remoteip
+    remoteip_conf="/etc/$WEB_SYSTEM/mods-enabled/remoteip.conf"
+    if [ -e "$remoteip_conf" ]; then
+        sed -i "s/RemoteIPInternalProxy $ipv6//g" $remoteip_conf
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Updating user conf
+if [ ! -z "$OWNER" ]; then
+    decrease_user_value "$OWNER" '$IPV6_OWNED'
+fi
+
+if [ "$OWNER" = 'admin' ]; then
+    if [ "$STATUS" = 'shared' ]; then
+        for user in $(ls $HESTIA/data/users/); do
+            decrease_user_value "$user" '$IPV6_AVAIL'
+        done
+    fi
+else
+    decrease_user_value "$OWNER" '$IPV6_AVAIL'
+fi
+
+# Restarting web server
+$BIN/v-restart-web
+check_result $? "Web restart failed" >/dev/null
+
+# Restarting proxy server
+if [ ! -z "$PROXY_SYSTEM" ]; then
+    $BIN/v-restart-proxy
+    check_result $? "Proxy restart failed" >/dev/null
+fi
+
+# Restarting firewall
+if [ ! -z "$FIREWALL_SYSTEM" ]; then
+    $BIN/v-update-firewall
+fi
+
+# Logging
+log_history "deleted system ip address $ip"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-list-firewall-ipv6

@@ -0,0 +1,51 @@
+#!/bin/bash
+# info: delete firewall rule
+# options: RULE
+#
+# The function deletes firewall rule.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Argument definition
+rule=$1
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/HESTIA.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'RULE'
+is_format_valid 'rule'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Deleting rule
+sed -i "/RULE='$rule' /d" $HESTIA/data/firewallv6/rules.conf
+
+# Updating system firewall
+$BIN/v-update-firewall-ipv6
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-list-firewall-ipv6-rule

@@ -0,0 +1,88 @@
+#!/bin/bash
+# info: list firewall rule
+# options: RULE [FORMAT]
+#
+# The function of obtaining firewall rule parameters.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+rule=$1
+format=${2-shell}
+
+# Includes
+source $HESTIA/func/main.sh
+
+json_list() {
+    echo '{'
+    echo '    "'$RULE'": {
+        "ACTION": "'$ACTION'",
+        "PROTOCOL": "'$PROTOCOL'",
+        "PORT": "'$PORT'",
+        "IP6": "'$IP6'",
+        "COMMENT": "'$COMMENT'",
+        "SUSPENDED": "'$SUSPENDED'",
+        "TIME": "'$TIME'",
+        "DATE": "'$DATE'"
+    }'
+    echo '}'
+}
+
+# SHELL list function
+shell_list() {
+    echo "ACTION:         $ACTION"
+    echo "PROTOCOL:       $PROTOCOL"
+    echo "PORT:           $PORT"
+    echo "IP6:            $IP6"
+    echo "COMMENT:        $COMMENT"
+    echo "SUSPENDED:      $SUSPENDED"
+    echo "TIME:           $TIME"
+    echo "DATE:           $DATE"
+}
+
+# PLAIN list function
+plain_list() {
+    echo -ne "$RULE\t$ACTION\t$PROTOCOL\t$PORT\t$IP6\t$COMMENT\t"
+    echo -e "$SUSPENDED\t$TIME\t$DATE"
+}
+
+# CSV list function
+csv_list() {
+    echo "RULE,ACTION,PROTOCOL,PORT,IP6,COMMENT,SUSPENDED,TIME,DATE"
+    echo "$RULE,$ACTION,$PROTOCOL,$PORT,$IP6,$COMMENT,$SUSPENDED,$TIME,$DATE"
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'RULE [FORMAT]'
+is_number_format_valid "$rule" "rule id"
+is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Parsing rules
+eval $(grep "RULE='$rule'" $HESTIA/data/firewallv6/rules.conf)
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+exit

bin/v-suspend-firewall-ipv6-rule

@@ -0,0 +1,49 @@
+#!/bin/bash
+# info: suspend firewall rule
+# options: RULE
+#
+# The function suspends a certain firewall rule.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+rule=$1
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/HESTIA.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'RULE'
+is_format_valid 'rule'
+is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
+is_object_valid '../../data/firewallv6/rules' 'RULE' "$rule"
+is_object_unsuspended '../../data/firewallv6/rules' 'RULE' "$rule"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Suspending rule
+update_object_value ../../data/firewallv6/rules RULE $rule '$SUSPENDED' yes
+
+# Updating system firewall
+$BIN/v-update-firewall-ipv6
+
+
+#----------------------------------------------------------#
+#                       HESTIA                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-update-firewall

@@ -12,6 +12,7 @@
 
 # Defining absolute path for iptables and modprobe
 iptables="/sbin/iptables"
+ip6tables="/sbin/ip6tables"
 modprobe="/sbin/modprobe"
 sysctl="/sbin/sysctl"
 

func/firewall.sh

@@ -23,3 +23,20 @@ heal_iptables_links() {
 		fi
 	done
 }
+heal_ip6tables_links() {
+    packages="ip6tables ip6tables-save ip6tables-restore"
+    for package in $packages; do
+        if [ ! -e "/sbin/${package}" ]; then
+            if which ${package}; then
+                ln -s "$(which ${package})" /sbin/${package}
+            elif [ -e "/usr/sbin/${package}" ]; then
+                ln -s /usr/sbin/${package} /sbin/${package}
+            elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b ${package}; then
+                autoiptables=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b ${package} | cut -d '' -f 2)
+                if [ -x "$autoiptables" ]; then
+                    ln -s "$autoiptables" /sbin/${package}
+                fi
+            fi
+        fi
+    done
+}

func/ipv6.sh

@@ -0,0 +1,224 @@
+# Check ipv6 ownership
+is_ipv6_owner() {
+    owner=$(grep 'OWNER=' $HESTIA/data/ips/$ipv6 |cut -f 2 -d \')
+    if [ "$owner" != "$user" ]; then
+        check_result $E_FORBIDEN "$ipv6 is not owned by $user"
+    fi
+}
+
+# Check if ipv6 address is free
+is_ipv6_free() {
+    if [ -e "$HESTIA/data/ips/$ipv6" ]; then
+        check_result $E_EXISTS "$ipv6 is already exists"
+    fi
+}
+
+# Get full interface name
+get_ipv6_iface() {
+    i=$(/sbin/ip addr |grep -w $interface |\
+         awk '{print $NF}' |tail -n 1 |cut -f 2 -d :)
+    if [ "$i" = "$interface" ]; then
+        n=0
+    else
+        n=$((i + 1))
+    fi
+    echo "$interface:$n"
+}
+
+
+# Check ipv6 address speciefic value
+is_ipv6_key_empty() {
+    key="$1"
+    string=$(cat $HESTIA/data/ips/$ipv6)
+    eval $string
+    eval value="$key"
+    if [ ! -z "$value" ] && [ "$value" != '0' ]; then
+        key="$(echo $key|sed -e "s/\$U_//")"
+        check_result $E_EXISTS "IP6 is in use / $key = $value"
+    fi
+}
+
+# Update ipv6 address value
+update_ipv6_value() {
+    key="$1"
+    value="$2"
+    conf="$HESTIA/data/ips/$ipv6"
+    str=$(cat $conf)
+    eval $str
+    c_key=$(echo "${key//$/}")
+    eval old="${key}"
+    old=$(echo "$old" | sed -e 's/\\/\\\\/g' -e 's/&/\\&/g' -e 's/\//\\\//g')
+    new=$(echo "$value" | sed -e 's/\\/\\\\/g' -e 's/&/\\&/g' -e 's/\//\\\//g')
+    sed -i "$str_number s/$c_key='${old//\*/\\*}'/$c_key='${new//\*/\\*}'/g"\
+        $conf
+}
+
+# Get ipv6 name
+get_ipv6_alias() {
+    ip_name=$(grep "NAME=" $HESTIA/data/ips/$ipv6 2> /dev/null |cut -f 2 -d \')
+    if [ ! -z "$ip_name" ]; then
+        echo "${1//./-}.$ip_name"
+    fi
+}
+
+# Increase ipv6 value
+increase_ipv6_value() {
+    sip=${1-ipv6}
+    if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then
+        USER=$user
+        web_key='U_WEB_DOMAINS'
+        usr_key='U_SYS_USERS'
+        current_web=$(grep "$web_key=" $HESTIA/data/ips/$sip |cut -f 2 -d \')
+        current_usr=$(grep "$usr_key=" $HESTIA/data/ips/$sip |cut -f 2 -d \')
+        if [ -z "$current_web" ]; then
+            echo "Error: Parsing error"
+            log_event "$E_PARSING" "$ARGUMENTS"
+            exit $E_PARSING
+        fi
+        new_web=$((current_web + 1))
+        if [ -z "$current_usr" ]; then
+            new_usr="$USER"
+        else
+            check_usr=$(echo -e "${current_usr//,/\n}" |grep -w $USER)
+            if [ -z "$check_usr" ]; then
+                new_usr="$current_usr,$USER"
+            else
+                new_usr="$current_usr"
+            fi
+        fi
+
+        sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \
+            $HESTIA/data/ips/$sip
+        sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \
+            $HESTIA/data/ips/$sip
+    fi
+}
+
+# Decrease ipv6 value
+decrease_ipv6_value() {
+    sip=${1-ipv6}
+    if [ "$sip" != "no" ] && [ ! -z "$sip" ]; then
+        USER=$user
+        web_key='U_WEB_DOMAINS'
+        usr_key='U_SYS_USERS'
+
+        current_web=$(grep "$web_key=" $HESTIA/data/ips/$sip |cut -f 2 -d \')
+        current_usr=$(grep "$usr_key=" $HESTIA/data/ips/$sip |cut -f 2 -d \')
+
+        if [ -z "$current_web" ]; then
+            check_result $E_PARSING "Parsing error"
+        fi
+
+        new_web=$((current_web - 1))
+        check_ip=$(grep $sip $USER_DATA/web.conf |wc -l)
+        if [ "$check_ip" -lt 2 ]; then
+            new_usr=$(echo "$current_usr" |\
+                sed "s/,/\n/g"|\
+                sed "s/^$user$//g"|\
+                sed "/^$/d"|\
+                sed ':a;N;$!ba;s/\n/,/g')
+        else
+            new_usr="$current_usr"
+        fi
+
+        sed -i "s/$web_key='$current_web'/$web_key='$new_web'/g" \
+            $HESTIA/data/ips/$sip
+        sed -i "s/$usr_key='$current_usr'/$usr_key='$new_usr'/g" \
+            $HESTIA/data/ips/$sip
+    fi
+}
+
+# Get ipv6 address value
+get_ipv6_value() {
+    key="$1"
+    string=$(cat $HESTIA/data/ips/$ip)
+    eval $string
+    eval value="$key"
+    echo "$value"
+}
+
+
+# Get real ipv6 address
+get_real_ipv6() {
+    if [ -e "$HESTIA/data/ips/$1" ]; then
+        echo $1
+    else
+        nat=$(grep -H "^NAT='$1'" $HESTIA/data/ips/*)
+        if [ ! -z "$nat" ]; then
+            echo "$nat" |cut -f 1 -d : |cut -f 7 -d /
+        fi
+    fi
+}
+
+# Convert CIDR to netmask
+convert_cidrv6() {
+    set -- $(( 5 - ($1 / 8) )) 255 255 255 255 \
+        $(((255 << (8 - ($1 % 8))) & 255 )) 0 0 0
+    if [[ $1 -gt 1 ]]; then
+        shift $1
+    else
+        shift
+    fi
+    echo ${1-0}.${2-0}.${3-0}.${4-0}
+}
+
+# Convert netmask to CIDR
+convert_netmaskv6() {
+    nbits=0
+    IFS=.
+    for dec in $1 ; do
+        case $dec in
+            255) let nbits+=8;;
+            254) let nbits+=7;;
+            252) let nbits+=6;;
+            248) let nbits+=5;;
+            240) let nbits+=4;;
+            224) let nbits+=3;;
+            192) let nbits+=2;;
+            128) let nbits+=1;;
+            0);;
+        esac
+    done
+    echo "$nbits"
+}
+
+# Get user ips
+get_user_ip6s() {
+    dedicated=$(grep -H -A10 "OWNER='$user'" $HESTIA/data/ips/* |grep "VERSION='6'")
+    dedicated=$(echo "$dedicated" |cut -f 1 -d '-' |sed 's=.*/==')
+    shared=$(grep -H -A10 "OWNER='admin'" $HESTIA/data/ips/* |grep -A10 shared |grep "VERSION='6'")
+    shared=$(echo "$shared" |cut -f 1 -d '-' |sed 's=.*/==' |cut -f 1 -d \-)
+    for dedicated_ip in $dedicated; do
+        shared=$(echo "$shared" |grep -v $dedicated_ip)
+    done
+    echo -e "$dedicated\n$shared" |sed "/^$/d"
+}
+
+# Get user ipv6
+get_user_ipv6() {
+    ipv6=$(get_user_ip6s |head -n1)
+    if [ -z "$ipv6" ]; then
+        ipv6="no"
+        #check_result $E_NOTEXIST "no IP6 is available"
+    fi
+}
+
+# Validate ipv6 address
+is_ipv6_valid() {
+    ipv6="$1"
+    if [ ! -e "$HESTIA/data/ips/$1" ]; then
+        check_result $E_NOTEXIST "IP6 $1 doesn't exist"
+    fi
+    if [ ! -z $2 ]; then
+        ip_data=$(cat $HESTIA/data/ips/$1)
+        ip_owner=$(echo "$ip_data" |grep OWNER= |cut -f2 -d \')
+        ip_status=$(echo "$ip_data" |grep STATUS= |cut -f2 -d \')
+        if [ "$ip_owner" != "$user" ] && [ "$ip_status" = 'dedicated' ]; then
+            check_result $E_FORBIDEN "$user user can't use IP6 $1"
+        fi
+        get_user_owner
+        if [ "$ip_owner" != "$user" ] && [ "$ip_owner" != "$owner" ]; then
+            check_result $E_FORBIDEN "$user user can't use IP6 $1"
+        fi
+    fi
+}

install/deb/apache2/status-ipv6.conf

@@ -0,0 +1,9 @@
+Listen 127.0.0.1:8081
+Listen [::1]:8081
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1
+    Allow from [::1]
+</Location>

install/deb/nginx/nginx-ipv6.conf

@@ -0,0 +1,162 @@
+# Server globals
+user                    www-data;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log;
+pid                     /var/run/nginx.pid;
+
+include /etc/nginx/modules-enabled/*.conf;
+
+# Worker config
+events {
+        worker_connections  1024;
+        use                 epoll;
+        multi_accept        on;
+}
+
+http {
+    # Main settings
+    sendfile                        on;
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+    client_header_timeout           180s;
+    client_body_timeout             180s;
+    client_header_buffer_size       2k;
+    client_body_buffer_size         256k;
+    client_max_body_size            256m;
+    large_client_header_buffers     4 8k;
+    send_timeout                    60s;
+    keepalive_timeout               30s;
+    keepalive_requests              100000;
+    reset_timedout_connection       on;
+    server_tokens                   off;
+    server_name_in_redirect         off;
+    server_names_hash_max_size      512;
+    server_names_hash_bucket_size   512;
+    charset                         utf-8;
+
+    # FastCGI settings
+    fastcgi_buffers                 4 256k;
+    fastcgi_buffer_size             256k;
+    fastcgi_busy_buffers_size       256k;
+    fastcgi_temp_file_write_size    256k;
+    fastcgi_connect_timeout         30s;
+    fastcgi_read_timeout            300s;
+    fastcgi_send_timeout            180s;
+    fastcgi_cache_lock              on;
+    fastcgi_cache_lock_timeout      5s;
+    fastcgi_cache_background_update on;
+    fastcgi_cache_revalidate        on;
+    
+    # Proxy settings
+    proxy_redirect                  off;
+    proxy_set_header                Host $host;
+    proxy_set_header                X-Real-IP $remote_addr;
+    proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass_header               Set-Cookie;
+    proxy_buffers                   32 4k;
+    proxy_connect_timeout           30s;
+    proxy_read_timeout              300s;
+    proxy_send_timeout              180s;
+
+    # Log format
+    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
+                        '"$status" $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format  bytes   '$body_bytes_sent';
+    log_not_found off;
+    access_log off;
+
+    # Mime settings
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Compression
+    gzip                on;
+    gzip_static         on;
+    gzip_vary           on;
+    gzip_comp_level     6;
+    gzip_min_length     1024;
+    gzip_buffers        16 8k;
+    gzip_http_version   1.1;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
+    gzip_proxied        any;
+    gzip_disable        "MSIE [1-6]\.";
+
+    # Cloudflare https://www.cloudflare.com/ips
+    set_real_ip_from 173.245.48.0/20;
+    set_real_ip_from 103.21.244.0/22;
+    set_real_ip_from 103.22.200.0/22;
+    set_real_ip_from 103.31.4.0/22;
+    set_real_ip_from 141.101.64.0/18;
+    set_real_ip_from 108.162.192.0/18;
+    set_real_ip_from 190.93.240.0/20;
+    set_real_ip_from 188.114.96.0/20;
+    set_real_ip_from 197.234.240.0/22;
+    set_real_ip_from 198.41.128.0/17;
+    set_real_ip_from 162.158.0.0/15;
+    set_real_ip_from 104.16.0.0/13;
+    set_real_ip_from 104.24.0.0/14;
+    set_real_ip_from 172.64.0.0/13;
+    set_real_ip_from 131.0.72.0/22;
+    set_real_ip_from 2400:cb00::/32;
+    set_real_ip_from 2606:4700::/32;
+    set_real_ip_from 2803:f800::/32;
+    set_real_ip_from 2405:b500::/32;
+    set_real_ip_from 2405:8100::/32;
+    set_real_ip_from 2a06:98c0::/29;
+    set_real_ip_from 2c0f:f248::/32;
+    real_ip_header     CF-Connecting-IP;
+
+    # SSL PCI compliance
+    ssl_session_cache   shared:SSL:20m;
+    ssl_session_timeout 60m;
+    ssl_buffer_size     1400;
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+    ssl_dhparam         /etc/ssl/dhparam.pem;
+    ssl_ecdh_curve      secp384r1;
+    ssl_session_tickets off;
+    resolver 1.0.0.1 [2606:4700:4700::1111] 1.0.0.1 [2606:4700:4700::1001] valid=300s ipv6=on;
+    resolver_timeout    5s;
+
+    # Error pages
+    error_page 403 /error/404.html;
+    error_page 404 /error/404.html;
+    error_page 410 /error/410.html;
+    error_page 500 501 502 503 504 505 /error/50x.html;
+
+    # Proxy cache
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
+    proxy_cache_key "$scheme$request_method$host$request_uri";
+    proxy_temp_path  /var/cache/nginx/temp;
+    proxy_ignore_headers Expires Cache-Control;
+    proxy_cache_use_stale error timeout invalid_header http_502;
+    proxy_cache_valid any 1d;
+
+    # FastCGI cache
+    fastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=30m;
+    fastcgi_cache_key "$scheme$request_method$host$request_uri";
+    fastcgi_cache_methods GET HEAD;
+    fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
+    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+    add_header X-FastCGI-Cache $upstream_cache_status;
+
+    # Cache bypass
+    map $http_cookie $no_cache {
+        default 0;
+        ~SESS 1;
+        ~wordpress_logged_in 1;
+    }
+
+    # File cache (static assets)
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+    # Wildcard include
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/conf.d/domains/*.conf;
+}

install/deb/nginx/nginx.conf

@@ -1,154 +0,0 @@
-# Server globals
-user                 www-data;
-worker_processes     auto;
-worker_rlimit_nofile 65535;
-error_log            /var/log/nginx/error.log;
-pid                  /run/nginx.pid;
-include              /etc/nginx/modules-enabled/*.conf;
-
-# Worker config
-events {
-	worker_connections 1024;
-	use                epoll;
-	multi_accept       on;
-}
-
-http {
-	# Main settings
-	sendfile                        on;
-	tcp_nopush                      on;
-	tcp_nodelay                     on;
-	client_header_timeout           180s;
-	client_body_timeout             180s;
-	client_header_buffer_size       2k;
-	client_body_buffer_size         256k;
-	client_max_body_size            256m;
-	large_client_header_buffers     4 8k;
-	send_timeout                    60s;
-	keepalive_timeout               30s;
-	keepalive_requests              100000;
-	reset_timedout_connection       on;
-	server_tokens                   off;
-	server_name_in_redirect         off;
-	server_names_hash_max_size      512;
-	server_names_hash_bucket_size   512;
-	charset                         utf-8;
-	# FastCGI settings
-	fastcgi_buffers                 8 256k;
-	fastcgi_buffer_size             256k;
-	fastcgi_busy_buffers_size       256k;
-	fastcgi_temp_file_write_size    256k;
-	fastcgi_connect_timeout         30s;
-	fastcgi_read_timeout            300s;
-	fastcgi_send_timeout            180s;
-	fastcgi_cache_lock              on;
-	fastcgi_cache_lock_timeout      5s;
-	fastcgi_cache_background_update on;
-	fastcgi_cache_revalidate        on;
-	# Proxy settings
-	proxy_redirect                  off;
-	proxy_set_header                Host $host;
-	proxy_set_header                X-Real-IP $remote_addr;
-	proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_pass_header               Set-Cookie;
-	proxy_buffers                   32 4k;
-	proxy_buffer_size               8k;
-	proxy_connect_timeout           30s;
-	proxy_read_timeout              300s;
-	proxy_send_timeout              180s;
-	# Log format
-	log_format                      main '$remote_addr - $remote_user [$time_local] $request '
-	  '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
-	log_format                      bytes '$body_bytes_sent';
-	log_not_found                   off;
-	access_log                      off;
-	# Mime settings
-	include                         /etc/nginx/mime.types;
-	default_type                    application/octet-stream;
-	# Compression
-	gzip                            on;
-	gzip_static                     on;
-	gzip_vary                       on;
-	gzip_comp_level                 6;
-	gzip_min_length                 1024;
-	gzip_buffers                    16 8k;
-	gzip_http_version               1.1;
-	gzip_types                      text/plain text/css text/javascript text/js text/xml
-	  application/json application/javascript application/x-javascript application/xml
-	  application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
-	gzip_proxied                    any;
-	gzip_disable                    "MSIE [1-6]\.";
-	# Cloudflare https://www.cloudflare.com/ips
-	set_real_ip_from                103.21.244.0/22;
-	set_real_ip_from                103.22.200.0/22;
-	set_real_ip_from                103.31.4.0/22;
-	set_real_ip_from                104.16.0.0/13;
-	set_real_ip_from                104.24.0.0/14;
-	set_real_ip_from                108.162.192.0/18;
-	set_real_ip_from                131.0.72.0/22;
-	set_real_ip_from                141.101.64.0/18;
-	set_real_ip_from                162.158.0.0/15;
-	set_real_ip_from                172.64.0.0/13;
-	set_real_ip_from                173.245.48.0/20;
-	set_real_ip_from                188.114.96.0/20;
-	set_real_ip_from                190.93.240.0/20;
-	set_real_ip_from                197.234.240.0/22;
-	set_real_ip_from                198.41.128.0/17;
-	# set_real_ip_from 2400:cb00::/32;
-	# set_real_ip_from 2405:8100::/32;
-	# set_real_ip_from 2405:b500::/32;
-	# set_real_ip_from 2606:4700::/32;
-	# set_real_ip_from 2803:f800::/32;
-	# set_real_ip_from 2a06:98c0::/29;
-	# set_real_ip_from 2c0f:f248::/32;
-	real_ip_header                  CF-Connecting-IP;
-	# SSL PCI compliance
-	ssl_session_cache               shared:SSL:20m;
-	ssl_session_timeout             60m;
-	ssl_buffer_size                 1400;
-	ssl_protocols                   TLSv1.2 TLSv1.3;
-	ssl_prefer_server_ciphers       on;
-	ssl_ciphers                     "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
-	ssl_dhparam                     /etc/ssl/dhparam.pem;
-	ssl_ecdh_curve                  secp384r1;
-	ssl_session_tickets             off;
-	resolver                        1.0.0.1 1.1.1.1 valid=300s ipv6=off;
-	resolver_timeout                5s;
-	# Error pages
-	error_page                      403 /error/404.html;
-	error_page                      404 /error/404.html;
-	error_page                      410 /error/410.html;
-	error_page                      500 501 502 503 504 505 /error/50x.html;
-	# Proxy cache
-	proxy_cache_path                /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m
-	  max_size=1024m;
-	proxy_cache_key                 "$scheme$request_method$host$request_uri";
-	proxy_temp_path                 /var/cache/nginx/temp;
-	proxy_ignore_headers            Expires Cache-Control;
-	proxy_cache_use_stale           error timeout invalid_header http_502;
-	proxy_cache_valid               any 1d;
-	# FastCGI cache
-	fastcgi_cache_path              /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m
-	  max_size=1024m inactive=30m;
-	fastcgi_cache_key               "$scheme$request_method$host$request_uri";
-	fastcgi_cache_methods           GET HEAD;
-	fastcgi_cache_use_stale         updating error timeout invalid_header http_500 http_503;
-	fastcgi_ignore_headers          Cache-Control Expires Set-Cookie;
-	add_header                      X-FastCGI-Cache $upstream_cache_status;
-
-	# Cache bypass
-	map $http_cookie $no_cache {
-		default              0;
-		~SESS                1;
-		~wordpress_logged_in 1;
-	}
-
-	# File cache (static assets)
-	open_file_cache                 max=10000 inactive=30s;
-	open_file_cache_valid           60s;
-	open_file_cache_min_uses        2;
-	open_file_cache_errors          off;
-	# Wildcard include
-	include                         /etc/nginx/conf.d/*.conf;
-	include                         /etc/nginx/conf.d/domains/*.conf;
-}

install/deb/nginx/status-ipv6.conf

@@ -0,0 +1,10 @@
+server {
+    listen       127.0.0.1:8084 default;
+    listen       [::1]:8084 default;
+    server_name  _;
+    server_name_in_redirect  off;
+    location / {
+        stub_status on;
+        access_log   off;
+   }
+}

install/deb/vsftpd/vsftpd-ipv6.conf

@@ -0,0 +1,41 @@
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+local_umask=022
+anon_umask=022
+anon_upload_enable=NO
+dirmessage_enable=YES
+xferlog_enable=YES
+connect_from_port_20=YES
+xferlog_std_format=YES
+dual_log_enable=YES
+chroot_local_user=YES
+listen_ipv6=YES
+pam_service_name=vsftpd
+ftpd_banner=Welcome! Please note that all activity is logged.
+userlist_enable=NO
+tcp_wrappers=YES
+force_dot_files=YES
+ascii_upload_enable=YES
+ascii_download_enable=YES
+allow_writeable_chroot=YES
+seccomp_sandbox=NO
+pasv_enable=YES
+pasv_promiscuous=YES
+pasv_min_port=12000
+pasv_max_port=12100
+max_per_ip=10
+max_clients=100
+use_localtime=YES
+utf8_filesystem=YES
+ssl_enable=YES
+allow_anon_ssl=NO
+require_ssl_reuse=NO
+ssl_ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+ssl_sslv2=NO
+ssl_sslv3=NO
+ssl_tlsv1=NO
+force_local_data_ssl=NO
+force_local_logins_ssl=NO
+rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
+rsa_private_key_file=/usr/local/hestia/ssl/certificate.key

install/hst-install-debian.sh

@@ -1,2149 +0,0 @@
-#!/bin/bash
-
-# ======================================================== #
-#
-# Hestia Control Panel Installer for Debian
-# https://www.hestiacp.com/
-#
-# Currently Supported Versions:
-# Debian 10, 11
-#
-# ======================================================== #
-
-#----------------------------------------------------------#
-#                  Variables&Functions                     #
-#----------------------------------------------------------#
-export PATH=$PATH:/sbin
-export DEBIAN_FRONTEND=noninteractive
-RHOST='apt.hestiacp.com'
-GPG='gpg.hestiacp.com'
-VERSION='debian'
-HESTIA='/usr/local/hestia'
-LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log"
-memory=$(grep 'MemTotal' /proc/meminfo | tr ' ' '\n' | grep [0-9])
-hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)"
-spinner="/-\|"
-os='debian'
-architecture="$(arch)"
-release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
-codename="$(cat /etc/os-release | grep VERSION= | cut -f 2 -d \( | cut -f 1 -d \))"
-HESTIA_INSTALL_DIR="$HESTIA/install/deb"
-HESTIA_COMMON_DIR="$HESTIA/install/common"
-VERBOSE='no'
-
-# Define software versions
-HESTIA_INSTALL_VER='1.7.0~alpha'
-# Dependencies
-multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2")
-fpm_v="8.0"
-mariadb_v="10.6"
-
-software="nginx apache2 apache2-utils apache2-suexec-custom
-  apache2-suexec-pristine libapache2-mod-fcgid libapache2-mod-php$fpm_v
-  php$fpm_v php$fpm_v-common php$fpm_v-cgi php$fpm_v-mysql php$fpm_v-curl
-  php$fpm_v-pgsql php$fpm_v-imagick php$fpm_v-imap php$fpm_v-ldap
-  php$fpm_v-apcu php$fpm_v-zip php$fpm_v-bz2 php$fpm_v-cli
-  php$fpm_v-gd php$fpm_v-intl php$fpm_v-mbstring
-  php$fpm_v-opcache php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml
-  awstats vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy
-  clamav-daemon spamassassin dovecot-imapd dovecot-pop3d dovecot-sieve dovecot-managesieved
-  net-tools mariadb-client mariadb-common mariadb-server mysql-client mysql-common mysql-server postgresql
-  postgresql-contrib phppgadmin mc flex whois git idn2 unzip zip sudo bc ftp lsof
-  rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban
-  dnsutils bsdmainutils cron hestia=${HESTIA_INSTALL_VER} hestia-nginx
-  hestia-php expect libmail-dkim-perl unrar-free vim-common acl sysstat
-  rsyslog openssh-server util-linux ipset libapache2-mpm-itk zstd
-  lsb-release jq"
-
-installer_dependencies="apt-transport-https curl dirmngr gnupg wget ca-certificates"
-
-# Defining help function
-help() {
-	echo "Usage: $0 [OPTIONS]
-  -a, --apache            Install Apache        [yes|no]  default: yes
-  -w, --phpfpm            Install PHP-FPM       [yes|no]  default: yes
-  -o, --multiphp          Install Multi-PHP     [yes|no]  default: no
-  -v, --vsftpd            Install Vsftpd        [yes|no]  default: yes
-  -j, --proftpd           Install ProFTPD       [yes|no]  default: no
-  -k, --named             Install Bind          [yes|no]  default: yes
-  -m, --mysql             Install MariaDB       [yes|no]  default: yes
-  -M, --mysql-classic     Install MySQL         [yes|no]  default: no
-  -g, --postgresql        Install PostgreSQL    [yes|no]  default: no
-  -x, --exim              Install Exim          [yes|no]  default: yes
-  -z, --dovecot           Install Dovecot       [yes|no]  default: yes
-  -Z, --sieve             Install Sieve         [yes|no]  default: no
-  -c, --clamav            Install ClamAV        [yes|no]  default: yes
-  -t, --spamassassin      Install SpamAssassin  [yes|no]  default: yes
-  -i, --iptables          Install Iptables      [yes|no]  default: yes
-  -b, --fail2ban          Install Fail2ban      [yes|no]  default: yes
-  -q, --quota             Filesystem Quota      [yes|no]  default: no
-  -d, --api               Activate API          [yes|no]  default: yes
-  -r, --port              Change Backend Port             default: 8083
-  -l, --lang              Default language                default: en
-  -y, --interactive       Interactive install   [yes|no]  default: yes
-  -s, --hostname          Set hostname
-  -e, --email             Set admin email
-  -p, --password          Set admin password
-  -D, --with-debs         Path to Hestia debs
-  -f, --force             Force installation
-  -h, --help              Print this help
-
-  Example: bash $0 -e demo@hestiacp.com -p p4ssw0rd --multiphp yes"
-	exit 1
-}
-
-# Defining file download function
-download_file() {
-	wget $1 -q --show-progress --progress=bar:force
-}
-
-# Defining password-gen function
-gen_pass() {
-	matrix=$1
-	length=$2
-	if [ -z "$matrix" ]; then
-		matrix="A-Za-z0-9"
-	fi
-	if [ -z "$length" ]; then
-		length=16
-	fi
-	head /dev/urandom | tr -dc $matrix | head -c$length
-}
-
-# Defining return code check function
-check_result() {
-	if [ $1 -ne 0 ]; then
-		echo "Error: $2"
-		exit $1
-	fi
-}
-
-# Defining function to set default value
-set_default_value() {
-	eval variable=\$$1
-	if [ -z "$variable" ]; then
-		eval $1=$2
-	fi
-	if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then
-		eval $1=$2
-	fi
-}
-
-# Defining function to set default language value
-set_default_lang() {
-	if [ -z "$lang" ]; then
-		eval lang=$1
-	fi
-	lang_list="ar az bg bn bs ckb cs da de el en es fa fi fr hr hu id it ja ka ko nl no pl pt pt-br ro ru sk sr sv th tr uk ur vi zh-cn zh-tw"
-	if ! (echo $lang_list | grep -w $lang > /dev/null 2>&1); then
-		eval lang=$1
-	fi
-}
-
-# Define the default backend port
-set_default_port() {
-	if [ -z "$port" ]; then
-		eval port=$1
-	fi
-}
-
-# Write configuration KEY/VALUE pair to $HESTIA/conf/hestia.conf
-write_config_value() {
-	local key="$1"
-	local value="$2"
-	echo "$key='$value'" >> $HESTIA/conf/hestia.conf
-}
-
-# Sort configuration file values
-# Write final copy to $HESTIA/conf/hestia.conf for active usage
-# Duplicate file to $HESTIA/conf/defaults/hestia.conf to restore known good installation values
-sort_config_file() {
-	sort $HESTIA/conf/hestia.conf -o /tmp/updconf
-	mv $HESTIA/conf/hestia.conf $HESTIA/conf/hestia.conf.bak
-	mv /tmp/updconf $HESTIA/conf/hestia.conf
-	rm -f $HESTIA/conf/hestia.conf.bak
-	if [ ! -d "$HESTIA/conf/defaults/" ]; then
-		mkdir -p "$HESTIA/conf/defaults/"
-	fi
-	cp $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
-}
-
-# Validate hostname according to RFC1178
-validate_hostname() {
-	# remove extra .
-	servername=$(echo "$servername" | sed -e "s/[.]*$//g")
-	servername=$(echo "$servername" | sed -e "s/^[.]*//")
-	if [[ $(echo "$servername" | grep -o "\." | wc -l) -gt 1 ]] && [[ ! $servername =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-		# Hostname valid
-		return 1
-	else
-		# Hostname invalid
-		return 0
-	fi
-}
-
-validate_email() {
-	if [[ ! "$email" =~ ^[A-Za-z0-9._%+-]+@[[:alnum:].-]+\.[A-Za-z]{2,63}$ ]]; then
-		# Email invalid
-		return 0
-	else
-		# Email valid
-		return 1
-	fi
-}
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-# Creating temporary file
-tmpfile=$(mktemp -p /tmp)
-
-# Translating argument to --gnu-long-options
-for arg; do
-	delim=""
-	case "$arg" in
-		--apache) args="${args}-a " ;;
-		--phpfpm) args="${args}-w " ;;
-		--vsftpd) args="${args}-v " ;;
-		--proftpd) args="${args}-j " ;;
-		--named) args="${args}-k " ;;
-		--mysql) args="${args}-m " ;;
-		--mysql-classic) args="${args}-M " ;;
-		--postgresql) args="${args}-g " ;;
-		--exim) args="${args}-x " ;;
-		--dovecot) args="${args}-z " ;;
-		--sieve) args="${args}-Z " ;;
-		--clamav) args="${args}-c " ;;
-		--spamassassin) args="${args}-t " ;;
-		--iptables) args="${args}-i " ;;
-		--fail2ban) args="${args}-b " ;;
-		--multiphp) args="${args}-o " ;;
-		--quota) args="${args}-q " ;;
-		--port) args="${args}-r " ;;
-		--lang) args="${args}-l " ;;
-		--interactive) args="${args}-y " ;;
-		--api) args="${args}-d " ;;
-		--hostname) args="${args}-s " ;;
-		--email) args="${args}-e " ;;
-		--password) args="${args}-p " ;;
-		--force) args="${args}-f " ;;
-		--with-debs) args="${args}-D " ;;
-		--help) args="${args}-h " ;;
-		*)
-			[[ "${arg:0:1}" == "-" ]] || delim="\""
-			args="${args}${delim}${arg}${delim} "
-			;;
-	esac
-done
-eval set -- "$args"
-
-# Parsing arguments
-while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do
-	case $Option in
-		a) apache=$OPTARG ;;       # Apache
-		w) phpfpm=$OPTARG ;;       # PHP-FPM
-		o) multiphp=$OPTARG ;;     # Multi-PHP
-		v) vsftpd=$OPTARG ;;       # Vsftpd
-		j) proftpd=$OPTARG ;;      # Proftpd
-		k) named=$OPTARG ;;        # Named
-		m) mysql=$OPTARG ;;        # MariaDB
-		M) mysqlclassic=$OPTARG ;; # MySQL
-		g) postgresql=$OPTARG ;;   # PostgreSQL
-		x) exim=$OPTARG ;;         # Exim
-		z) dovecot=$OPTARG ;;      # Dovecot
-		Z) sieve=$OPTARG ;;        # Sieve
-		c) clamd=$OPTARG ;;        # ClamAV
-		t) spamd=$OPTARG ;;        # SpamAssassin
-		i) iptables=$OPTARG ;;     # Iptables
-		b) fail2ban=$OPTARG ;;     # Fail2ban
-		q) quota=$OPTARG ;;        # FS Quota
-		r) port=$OPTARG ;;         # Backend Port
-		l) lang=$OPTARG ;;         # Language
-		d) api=$OPTARG ;;          # Activate API
-		y) interactive=$OPTARG ;;  # Interactive install
-		s) servername=$OPTARG ;;   # Hostname
-		e) email=$OPTARG ;;        # Admin email
-		p) vpass=$OPTARG ;;        # Admin password
-		D) withdebs=$OPTARG ;;     # Hestia debs path
-		f) force='yes' ;;          # Force install
-		h) help ;;                 # Help
-		*) help ;;                 # Print help (default)
-	esac
-done
-
-# Defining default software stack
-set_default_value 'nginx' 'yes'
-set_default_value 'apache' 'yes'
-set_default_value 'phpfpm' 'yes'
-set_default_value 'multiphp' 'no'
-set_default_value 'vsftpd' 'yes'
-set_default_value 'proftpd' 'no'
-set_default_value 'named' 'yes'
-set_default_value 'mysql' 'yes'
-set_default_value 'mysqlclassic' 'no'
-set_default_value 'postgresql' 'no'
-set_default_value 'exim' 'yes'
-set_default_value 'dovecot' 'yes'
-set_default_value 'sieve' 'no'
-if [ $memory -lt 1500000 ]; then
-	set_default_value 'clamd' 'no'
-	set_default_value 'spamd' 'no'
-elif [ $memory -lt 3000000 ]; then
-	set_default_value 'clamd' 'no'
-	set_default_value 'spamd' 'yes'
-else
-	set_default_value 'clamd' 'yes'
-	set_default_value 'spamd' 'yes'
-fi
-set_default_value 'iptables' 'yes'
-set_default_value 'fail2ban' 'yes'
-set_default_value 'quota' 'no'
-set_default_value 'interactive' 'yes'
-set_default_value 'api' 'yes'
-set_default_port '8083'
-set_default_lang 'en'
-
-# Checking software conflicts
-if [ "$proftpd" = 'yes' ]; then
-	vsftpd='no'
-fi
-if [ "$exim" = 'no' ]; then
-	clamd='no'
-	spamd='no'
-	dovecot='no'
-fi
-if [ "$dovecot" = "no" ]; then
-	sieve='no'
-fi
-if [ "$iptables" = 'no' ]; then
-	fail2ban='no'
-fi
-if [ "$apache" = "no" ]; then
-	phpfpm='yes'
-fi
-if [ "$mysql" = 'yes' ] && [ "$mysqlclassic" = 'yes' ]; then
-	mysql='no'
-fi
-
-# Checking root permissions
-if [ "x$(id -u)" != 'x0' ]; then
-	check_result 1 "Script can be run executed only by root"
-fi
-
-if [ -d "/usr/local/hestia" ]; then
-	check_result 1 "Hestia install detected. Unable to continue"
-fi
-
-# Checking admin user account
-if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then
-	echo 'Please remove admin user account before proceeding.'
-	echo 'If you want to do it automatically run installer with -f option:'
-	echo -e "Example: bash $0 --force\n"
-	check_result 1 "User admin exists"
-fi
-
-# Clear the screen once launch permissions have been verified
-clear
-
-# Configure apt to retry downloading on error
-if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
-	echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
-fi
-
-# Welcome message
-echo "Welcome to the Hestia Control Panel installer!"
-echo
-echo "Please wait, the installer is now checking for missing dependencies..."
-echo
-
-# Update apt repository
-apt-get -qq update
-
-# Creating backup directory
-mkdir -p "$hst_backups"
-
-# Pre-install packages
-echo "[ * ] Installing dependencies..."
-apt-get -y install $installer_dependencies >> $LOG
-check_result $? "Package installation failed, check log file for more details."
-
-# Check if apparmor is installed
-if [ $(dpkg-query -W -f='${Status}' apparmor 2> /dev/null | grep -c "ok installed") -eq 0 ]; then
-	apparmor='no'
-else
-	apparmor='yes'
-fi
-
-# Checking repository availability
-wget --quiet "https://$GPG/deb_signing.key" -O /dev/null
-check_result $? "Unable to connect to the Hestia APT repository"
-
-# Check installed packages
-tmpfile=$(mktemp -p /tmp)
-dpkg --get-selections > $tmpfile
-conflicts_pkg="exim4 mariadb-server apache2 nginx hestia postfix"
-
-# Drop postfix from the list if exim should not be installed
-if [ "$exim" = 'no' ]; then
-	conflicts_pkg=$(echo $conflicts_pkg | sed 's/postfix//g' | xargs)
-fi
-
-for pkg in $conflicts_pkg; do
-	if [ -n "$(grep $pkg $tmpfile)" ]; then
-		conflicts="$pkg* $conflicts"
-	fi
-done
-rm -f $tmpfile
-if [ -n "$conflicts" ] && [ -z "$force" ]; then
-	echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-	echo
-	echo 'WARNING: The following packages are already installed'
-	echo "$conflicts"
-	echo
-	echo 'It is highly recommended that you remove them before proceeding.'
-	echo
-	echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-	echo
-	read -p 'Would you like to remove the conflicting packages? [y/n] ' answer
-	if [ "$answer" = 'y' ] || [ "$answer" = 'Y' ]; then
-		apt-get -qq purge $conflicts -y
-		check_result $? 'apt-get remove failed'
-		unset $answer
-	else
-		check_result 1 "Hestia Control Panel should be installed on a clean server."
-	fi
-fi
-
-# Check network configuration
-if [ -d /etc/netplan ] && [ -z "$force" ]; then
-	if [ -z "$(ls -A /etc/netplan)" ]; then
-		echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-		echo
-		echo 'WARNING: Your network configuration may not be set up correctly.'
-		echo 'Details: The netplan configuration directory is empty.'
-		echo ''
-		echo 'You may have a network configuration file that was created using'
-		echo 'systemd-networkd.'
-		echo ''
-		echo 'It is strongly recommended to migrate to netplan, which is now the'
-		echo 'default network configuration system in newer releases of Ubuntu.'
-		echo ''
-		echo 'While you can leave your configuration as-is, please note that you'
-		echo 'will not be able to use additional IPs properly.'
-		echo ''
-		echo 'If you wish to continue and force the installation,'
-		echo 'run this script with -f option:'
-		echo "Example: bash $0 --force"
-		echo
-		echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-		echo
-		check_result 1 "Unable to detect netplan configuration."
-	fi
-fi
-
-# Validate whether installation script matches release version before continuing with install
-if [ -z "$withdebs" ] || [ ! -d "$withdebs" ]; then
-	release_branch_ver=$(curl -s https://raw.githubusercontent.com/hestiacp/hestiacp/release/src/deb/hestia/control | grep "Version:" | awk '{print $2}')
-	if [ "$HESTIA_INSTALL_VER" != "$release_branch_ver" ]; then
-		echo
-		echo -e "\e[91mInstallation aborted\e[0m"
-		echo "===================================================================="
-		echo -e "\e[33mERROR: Install script version does not match package version!\e[0m"
-		echo -e "\e[33mPlease download the installer from the release branch in order to continue:\e[0m"
-		echo ""
-		echo -e "\e[33mhttps://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh\e[0m"
-		echo ""
-		echo -e "\e[33mTo test pre-release versions, build the .deb packages and re-run the installer:\e[0m"
-		echo -e "  \e[33m./hst_autocompile.sh \e[1m--hestia branchname no\e[21m\e[0m"
-		echo -e "  \e[33m./hst-install.sh .. \e[1m--with-debs /tmp/hestiacp-src/debs\e[21m\e[0m"
-		echo ""
-		check_result 1 "Installation aborted"
-	fi
-fi
-
-case $architecture in
-	x86_64)
-		ARCH="amd64"
-		;;
-	aarch64)
-		ARCH="arm64"
-		;;
-	*)
-		echo
-		echo -e "\e[91mInstallation aborted\e[0m"
-		echo "===================================================================="
-		echo -e "\e[33mERROR: $architecture is currently not supported!\e[0m"
-		echo -e "\e[33mPlease verify the achitecture used is currenlty supported\e[0m"
-		echo ""
-		echo -e "\e[33mhttps://github.com/hestiacp/hestiacp/blob/main/README.md\e[0m"
-		echo ""
-		check_result 1 "Installation aborted"
-		;;
-esac
-
-#----------------------------------------------------------#
-#                       Brief Info                         #
-#----------------------------------------------------------#
-
-install_welcome_message() {
-	DISPLAY_VER=$(echo $HESTIA_INSTALL_VER | sed "s|~alpha||g" | sed "s|~beta||g")
-	echo
-	echo '                _   _           _   _        ____ ____                  '
-	echo '               | | | | ___  ___| |_(_) __ _ / ___|  _ \                 '
-	echo '               | |_| |/ _ \/ __| __| |/ _` | |   | |_) |                '
-	echo '               |  _  |  __/\__ \ |_| | (_| | |___|  __/                 '
-	echo '               |_| |_|\___||___/\__|_|\__,_|\____|_|                    '
-	echo "                                                                        "
-	echo "                          Hestia Control Panel                          "
-	if [[ "$HESTIA_INSTALL_VER" =~ "beta" ]]; then
-		echo "                              BETA RELEASE                          "
-	fi
-	if [[ "$HESTIA_INSTALL_VER" =~ "alpha" ]]; then
-		echo "                          DEVELOPMENT SNAPSHOT                      "
-		echo "                    NOT INTENDED FOR PRODUCTION USE                 "
-		echo "                          USE AT YOUR OWN RISK                      "
-	fi
-	echo "                                  ${DISPLAY_VER}                        "
-	echo "                            www.hestiacp.com                            "
-	echo
-	echo "========================================================================"
-	echo
-	echo "Thank you for downloading Hestia Control Panel! In a few moments,"
-	echo "we will begin installing the following components on your server:"
-	echo
-}
-
-# Printing nice ASCII logo
-clear
-install_welcome_message
-
-# Web stack
-
-echo '   - NGINX Web / Proxy Server'
-if [ "$apache" = 'yes' ]; then
-	echo '   - Apache Web Server (as backend)'
-fi
-if [ "$phpfpm" = 'yes' ] && [ "$multiphp" = 'no' ]; then
-	echo '   - PHP-FPM Application Server'
-fi
-if [ "$multiphp" = 'yes' ]; then
-	phpfpm='yes'
-	echo '   - Multi-PHP Environment'
-fi
-
-# DNS stack
-if [ "$named" = 'yes' ]; then
-	echo '   - Bind DNS Server'
-fi
-
-# Mail stack
-if [ "$exim" = 'yes' ]; then
-	echo -n '   - Exim Mail Server'
-	if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ]; then
-		echo -n ' + '
-		if [ "$clamd" = 'yes' ]; then
-			echo -n 'ClamAV '
-		fi
-		if [ "$spamd" = 'yes' ]; then
-			if [ "$clamd" = 'yes' ]; then
-				echo -n '+ '
-			fi
-			echo -n 'SpamAssassin'
-		fi
-	fi
-	echo
-	if [ "$dovecot" = 'yes' ]; then
-		echo -n '   - Dovecot POP3/IMAP Server '
-		if [ "$sieve" = 'yes' ]; then
-			echo -n '+ Sieve'
-		fi
-	fi
-fi
-
-echo
-# Database stack
-if [ "$mysql" = 'yes' ]; then
-	echo '   - MariaDB Database Server'
-fi
-if [ "$mysqlclassic" = 'yes' ]; then
-	echo '   - MySQL8 Database Server'
-fi
-if [ "$postgresql" = 'yes' ]; then
-	echo '   - PostgreSQL Database Server'
-fi
-
-# FTP stack
-if [ "$vsftpd" = 'yes' ]; then
-	echo '   - Vsftpd FTP Server'
-fi
-if [ "$proftpd" = 'yes' ]; then
-	echo '   - ProFTPD FTP Server'
-fi
-
-# Firewall stack
-if [ "$iptables" = 'yes' ]; then
-	echo -n '   - Firewall (iptables)'
-fi
-if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
-	echo -n ' + Fail2Ban Access Monitor'
-fi
-echo -e "\n"
-echo "========================================================================"
-echo -e "\n"
-
-# Asking for confirmation to proceed
-if [ "$interactive" = 'yes' ]; then
-	read -p 'Would you like to continue with the installation? [Y/N]: ' answer
-	if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then
-		echo 'Goodbye'
-		exit 1
-	fi
-fi
-
-# Validate Email / Hostname even when interactive = no
-# Asking for contact email
-if [ -z "$email" ]; then
-	while validate_email; do
-		echo -e "\nPlease use a valid emailadress (ex. info@domain.tld)."
-		read -p 'Please enter admin email address: ' email
-	done
-else
-	if validate_email; then
-		echo "Please use a valid emailadress (ex. info@domain.tld)."
-		exit 1
-	fi
-fi
-
-# Asking to set FQDN hostname
-if [ -z "$servername" ]; then
-	# Ask and validate FQDN hostname.
-	read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
-
-	# Set hostname if it wasn't set
-	if [ -z "$servername" ]; then
-		servername=$(hostname -f)
-	fi
-
-	# Validate Hostname, go to loop if the validation fails.
-	while validate_hostname; do
-		echo -e "\nPlease use a valid hostname according to RFC1178 (ex. hostname.domain.tld)."
-		read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
-	done
-else
-	# Validate FQDN hostname if it is preset
-	if validate_hostname; then
-		echo "Please use a valid hostname according to RFC1178 (ex. hostname.domain.tld)."
-		exit 1
-	fi
-fi
-
-# Generating admin password if it wasn't set
-displaypass="The password you chose during installation."
-if [ -z "$vpass" ]; then
-	vpass=$(gen_pass)
-	displaypass=$vpass
-fi
-
-# Set FQDN if it wasn't set
-mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)'
-mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}'
-if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
-	if [[ -n "$servername" ]]; then
-		servername="$servername.example.com"
-	else
-		servername="example.com"
-	fi
-	echo "127.0.0.1 $servername" >> /etc/hosts
-fi
-
-if [[ -z $(grep -i "$servername" /etc/hosts) ]]; then
-	echo "127.0.0.1 $servername" >> /etc/hosts
-fi
-
-# Set email if it wasn't set
-if [[ -z "$email" ]]; then
-	email="admin@$servername"
-fi
-
-# Defining backup directory
-echo -e "Installation backup directory: $hst_backups"
-
-# Print Log File Path
-echo "Installation log file: $LOG"
-
-# Print new line
-echo
-
-#----------------------------------------------------------#
-#                      Checking swap                       #
-#----------------------------------------------------------#
-
-# Checking swap on small instances
-if [ -z "$(swapon -s)" ] && [ "$memory" -lt 1000000 ]; then
-	fallocate -l 1G /swapfile
-	chmod 600 /swapfile
-	mkswap /swapfile
-	swapon /swapfile
-	echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
-fi
-
-#----------------------------------------------------------#
-#                   Install repository                     #
-#----------------------------------------------------------#
-
-# Define apt conf location
-apt=/etc/apt/sources.list.d
-
-#create new folder if not all-ready exists
-mkdir -p /root/.gnupg/ && chmod 700 /root/.gnupg/
-
-# Updating system
-echo "Adding required repositories to proceed with installation:"
-echo
-
-# Installing Nginx repo
-
-echo "[ * ] NGINX"
-echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list
-curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1
-
-# Installing sury PHP repo
-echo "[ * ] PHP"
-echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/sury-keyring.gpg] https://packages.sury.org/php/ $codename main" > $apt/php.list
-curl -s https://packages.sury.org/php/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/sury-keyring.gpg > /dev/null 2>&1
-
-# Installing sury Apache2 repo
-if [ "$apache" = 'yes' ]; then
-	echo "[ * ] Apache2"
-	echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/apache2-keyring.gpg] https://packages.sury.org/apache2/ $codename main" > $apt/apache2.list
-	curl -s https://packages.sury.org/apache2/apt.gpg | gpg --dearmor | tee /usr/share/keyrings/apache2-keyring.gpg > /dev/null 2>&1
-fi
-
-# Installing MariaDB repo
-if [ "$mysql" = 'yes' ]; then
-	echo "[ * ] MariaDB"
-	echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://dlm.mariadb.com/repo/mariadb-server/$mariadb_v/repo/$VERSION $codename main" > $apt/mariadb.list
-	curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1
-fi
-
-# Installing Mysql8 repo
-if [ "$mysqlclassic" = 'yes' ]; then
-	echo "[ * ] Mysql 8"
-	echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list
-	echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
-	echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list
-	echo "#deb [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list
-	echo "deb-src [arch=$ARCH signed-by=/usr/share/keyrings/mysql-keyring.gpg] http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list
-
-	GNUPGHOME="$(mktemp -d)"
-	export GNUPGHOME
-	for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80); do
-		gpg --no-default-keyring --keyring /usr/share/keyrings/mysql-keyring.gpg --keyserver "${keyserver}" --recv-keys "467B942D3A79BD29" > /dev/null 2>&1 && break
-	done
-fi
-
-# Installing HestiaCP repo
-echo "[ * ] Hestia Control Panel"
-echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/hestia-keyring.gpg] https://$RHOST/ $codename main" > $apt/hestia.list
-gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
-
-# Installing PostgreSQL repo
-if [ "$postgresql" = 'yes' ]; then
-	echo "[ * ] PostgreSQL"
-	echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
-	curl -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /usr/share/keyrings/postgresql-keyring.gpg > /dev/null 2>&1
-fi
-
-# Echo for a new line
-echo
-
-# Updating system
-echo -ne "Updating currently installed packages, please wait... "
-apt-get -qq update
-apt-get -y upgrade >> $LOG &
-BACK_PID=$!
-
-# Check if package installation is done, print a spinner
-spin_i=1
-while kill -0 $BACK_PID > /dev/null 2>&1; do
-	printf "\b${spinner:spin_i++%${#spinner}:1}"
-	sleep 0.5
-done
-
-# Do a blank echo to get the \n back
-echo
-
-# Check Installation result
-wait $BACK_PID
-check_result $? 'apt-get upgrade failed'
-
-#----------------------------------------------------------#
-#                         Backup                           #
-#----------------------------------------------------------#
-
-# Creating backup directory tree
-mkdir -p $hst_backups
-cd $hst_backups
-mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd
-mkdir spamassassin mysql postgresql hestia
-
-# Backup nginx configuration
-systemctl stop nginx > /dev/null 2>&1
-cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1
-
-# Backup Apache configuration
-systemctl stop apache2 > /dev/null 2>&1
-cp -r /etc/apache2/* $hst_backups/apache2 > /dev/null 2>&1
-rm -f /etc/apache2/conf.d/* > /dev/null 2>&1
-
-# Backup PHP-FPM configuration
-systemctl stop php*-fpm > /dev/null 2>&1
-cp -r /etc/php/* $hst_backups/php/ > /dev/null 2>&1
-
-# Backup Bind configuration
-systemctl stop bind9 > /dev/null 2>&1
-cp -r /etc/bind/* $hst_backups/bind > /dev/null 2>&1
-
-# Backup Vsftpd configuration
-systemctl stop vsftpd > /dev/null 2>&1
-cp /etc/vsftpd.conf $hst_backups/vsftpd > /dev/null 2>&1
-
-# Backup ProFTPD configuration
-systemctl stop proftpd > /dev/null 2>&1
-cp /etc/proftpd/* $hst_backups/proftpd > /dev/null 2>&1
-
-# Backup Exim configuration
-systemctl stop exim4 > /dev/null 2>&1
-cp -r /etc/exim4/* $hst_backups/exim4 > /dev/null 2>&1
-
-# Backup ClamAV configuration
-systemctl stop clamav-daemon > /dev/null 2>&1
-cp -r /etc/clamav/* $hst_backups/clamav > /dev/null 2>&1
-
-# Backup SpamAssassin configuration
-systemctl stop spamassassin > /dev/null 2>&1
-cp -r /etc/spamassassin/* $hst_backups/spamassassin > /dev/null 2>&1
-
-# Backup Dovecot configuration
-systemctl stop dovecot > /dev/null 2>&1
-cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1
-cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1
-
-# Backup MySQL/MariaDB configuration and data
-systemctl stop mysql > /dev/null 2>&1
-killall -9 mysqld > /dev/null 2>&1
-mv /var/lib/mysql $hst_backups/mysql/mysql_datadir > /dev/null 2>&1
-cp -r /etc/mysql/* $hst_backups/mysql > /dev/null 2>&1
-mv -f /root/.my.cnf $hst_backups/mysql > /dev/null 2>&1
-
-# Backup Hestia
-systemctl stop hestia > /dev/null 2>&1
-cp -r $HESTIA/* $hst_backups/hestia > /dev/null 2>&1
-apt-get -y purge hestia hestia-nginx hestia-php > /dev/null 2>&1
-rm -rf $HESTIA > /dev/null 2>&1
-
-#----------------------------------------------------------#
-#                     Package Includes                     #
-#----------------------------------------------------------#
-
-if [ "$phpfpm" = 'yes' ]; then
-	fpm="php$fpm_v php$fpm_v-common php$fpm_v-bcmath php$fpm_v-cli
-         php$fpm_v-curl php$fpm_v-fpm php$fpm_v-gd php$fpm_v-intl
-         php$fpm_v-mysql php$fpm_v-soap php$fpm_v-xml php$fpm_v-zip
-         php$fpm_v-mbstring php$fpm_v-bz2 php$fpm_v-pspell
-         php$fpm_v-imagick"
-	software="$software $fpm"
-fi
-
-#----------------------------------------------------------#
-#                     Package Excludes                     #
-#----------------------------------------------------------#
-
-# Excluding packages
-software=$(echo "$software" | sed -e "s/apache2.2-common//")
-
-if [ "$apache" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/apache2 //")
-	software=$(echo "$software" | sed -e "s/apache2-bin//")
-	software=$(echo "$software" | sed -e "s/apache2-utils//")
-	software=$(echo "$software" | sed -e "s/apache2-suexec-custom//")
-	software=$(echo "$software" | sed -e "s/apache2.2-common//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//")
-fi
-if [ "$vsftpd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/vsftpd//")
-fi
-if [ "$proftpd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/proftpd-basic//")
-	software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//")
-fi
-if [ "$named" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/bind9//")
-fi
-if [ "$exim" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/exim4 //")
-	software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//")
-	software=$(echo "$software" | sed -e "s/dovecot-imapd//")
-	software=$(echo "$software" | sed -e "s/dovecot-pop3d//")
-	software=$(echo "$software" | sed -e "s/clamav-daemon//")
-	software=$(echo "$software" | sed -e "s/spamassassin//")
-	software=$(echo "$software" | sed -e "s/dovecot-sieve//")
-	software=$(echo "$software" | sed -e "s/dovecot-managesieved//")
-fi
-if [ "$clamd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/clamav-daemon//")
-fi
-if [ "$spamd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/spamassassin//")
-fi
-if [ "$dovecot" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/dovecot-imapd//")
-	software=$(echo "$software" | sed -e "s/dovecot-pop3d//")
-fi
-if [ "$sieve" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/dovecot-sieve//")
-	software=$(echo "$software" | sed -e "s/dovecot-managesieved//")
-fi
-if [ "$mysql" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/mariadb-server//")
-	software=$(echo "$software" | sed -e "s/mariadb-client//")
-	software=$(echo "$software" | sed -e "s/mariadb-common//")
-fi
-if [ "$mysqlclassic" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/mysql-server//")
-	software=$(echo "$software" | sed -e "s/mysql-client//")
-	software=$(echo "$software" | sed -e "s/mysql-common//")
-fi
-if [ "$mysql" = 'no' ] && [ "$mysqlclassic" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/php$fpm_v-mysql//")
-fi
-if [ "$postgresql" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/postgresql-contrib//")
-	software=$(echo "$software" | sed -e "s/postgresql//")
-	software=$(echo "$software" | sed -e "s/php$fpm_v-pgsql//")
-	software=$(echo "$software" | sed -e "s/phppgadmin//")
-fi
-if [ "$fail2ban" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/fail2ban//")
-fi
-if [ "$iptables" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/ipset//")
-	software=$(echo "$software" | sed -e "s/fail2ban//")
-fi
-if [ "$phpfpm" = 'yes' ]; then
-	software=$(echo "$software" | sed -e "s/php$fpm_v-cgi//")
-	software=$(echo "$software" | sed -e "s/libapache2-mpm-itk//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//")
-
-fi
-if [ -d "$withdebs" ]; then
-	software=$(echo "$software" | sed -e "s/hestia-nginx//")
-	software=$(echo "$software" | sed -e "s/hestia-php//")
-	software=$(echo "$software" | sed -e "s/hestia=${HESTIA_INSTALL_VER}//")
-fi
-
-#----------------------------------------------------------#
-#                     Install packages                     #
-#----------------------------------------------------------#
-
-# Disabling daemon autostart on apt-get install
-echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d
-chmod a+x /usr/sbin/policy-rc.d
-
-# Installing apt packages
-echo "The installer is now downloading and installing all required packages."
-echo -ne "NOTE: This process may take 10 to 15 minutes to complete, please wait... "
-echo
-apt-get -y install $software > $LOG
-BACK_PID=$!
-
-# Check if package installation is done, print a spinner
-spin_i=1
-while kill -0 $BACK_PID > /dev/null 2>&1; do
-	printf "\b${spinner:spin_i++%${#spinner}:1}"
-	sleep 0.5
-done
-
-# Do a blank echo to get the \n back
-echo
-
-# Check Installation result
-wait $BACK_PID
-check_result $? "apt-get install failed"
-
-echo
-echo "========================================================================"
-echo
-
-# Install Hestia packages from local folder
-if [ -n "$withdebs" ] && [ -d "$withdebs" ]; then
-	echo "[ * ] Installing local package files..."
-	echo "    - hestia core package"
-	dpkg -i $withdebs/hestia_*.deb > /dev/null 2>&1
-
-	if [ -z $(ls $withdebs/hestia-php_*.deb 2> /dev/null) ]; then
-		echo "    - hestia-php backend package (from apt)"
-		apt-get -y install hestia-php > /dev/null 2>&1
-	else
-		echo "    - hestia-php backend package"
-		dpkg -i $withdebs/hestia-php_*.deb > /dev/null 2>&1
-	fi
-
-	if [ -z $(ls $withdebs/hestia-nginx_*.deb 2> /dev/null) ]; then
-		echo "    - hestia-nginx backend package (from apt)"
-		apt-get -y install hestia-nginx > /dev/null 2>&1
-	else
-		echo "    - hestia-nginx backend package"
-		dpkg -i $withdebs/hestia-nginx_*.deb > /dev/null 2>&1
-	fi
-fi
-
-# Restoring autostart policy
-rm -f /usr/sbin/policy-rc.d
-
-#----------------------------------------------------------#
-#                     Configure system                     #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring system settings..."
-
-# Enable SFTP subsystem for SSH
-sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
-if [ -n "$sftp_subsys_enabled" ]; then
-	sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
-fi
-
-# Reduce SSH login grace time
-sed -i "s/[#]LoginGraceTime [[:digit:]]m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
-
-# Disable SSH suffix broadcast
-if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
-	sed -i '/^[#]Banner .*/a DebianBanner no' /etc/ssh/sshd_config
-	if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
-		# If first attempt fails just add it
-		echo '' >> /etc/ssh/sshd_config
-		echo 'DebianBanner no' >> /etc/ssh/sshd_config
-	fi
-fi
-
-# Restart SSH daemon
-systemctl restart ssh
-
-# Disable AWStats cron
-rm -f /etc/cron.d/awstats
-
-# Set directory color
-if [ -z "$(grep 'LS_COLORS="$LS_COLORS:di=00;33"' /etc/profile)" ]; then
-	echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
-fi
-
-# Register /sbin/nologin and /usr/sbin/nologin
-if [ -z "$(grep ^/sbin/nologin /etc/shells)" ]; then
-	echo "/sbin/nologin" >> /etc/shells
-fi
-
-if [ -z "$(grep ^/usr/sbin/nologin /etc/shells)" ]; then
-	echo "/usr/sbin/nologin" >> /etc/shells
-fi
-
-# Configuring NTP
-sed -i 's/#NTP=/NTP=pool.ntp.org/' /etc/systemd/timesyncd.conf
-systemctl enable systemd-timesyncd
-systemctl start systemd-timesyncd
-
-# Restrict access to /proc fs
-# - Prevent unpriv users from seeing each other running processes
-mount -o remount,defaults,hidepid=2 /proc > /dev/null 2>&1
-if [ $? -ne 0 ]; then
-	echo "Info: Cannot remount /proc (LXC containers require additional perm added to host apparmor profile)"
-else
-	echo "@reboot root sleep 5 && mount -o remount,defaults,hidepid=2 /proc" > /etc/cron.d/hestia-proc
-fi
-
-#----------------------------------------------------------#
-#                     Configure Hestia                     #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring Hestia Control Panel..."
-# Installing sudo configuration
-mkdir -p /etc/sudoers.d
-cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
-chmod 440 /etc/sudoers.d/admin
-
-# Add Hestia global config
-if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
-	mkdir -p /etc/hestiacp
-	echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
-fi
-
-# Configuring system env
-echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
-echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh
-echo 'export PATH' >> /etc/profile.d/hestia.sh
-chmod 755 /etc/profile.d/hestia.sh
-source /etc/profile.d/hestia.sh
-
-# Configuring logrotate for Hestia logs
-cp -f $HESTIA_INSTALL_DIR/logrotate/hestia /etc/logrotate.d/hestia
-
-# Create log path and symbolic link
-rm -f /var/log/hestia
-mkdir -p /var/log/hestia
-ln -s /var/log/hestia $HESTIA/log
-
-# Building directory tree and creating some blank files for Hestia
-mkdir -p $HESTIA/conf $HESTIA/ssl $HESTIA/data/ips \
-	$HESTIA/data/queue $HESTIA/data/users $HESTIA/data/firewall \
-	$HESTIA/data/sessions
-touch $HESTIA/data/queue/backup.pipe $HESTIA/data/queue/disk.pipe \
-	$HESTIA/data/queue/webstats.pipe $HESTIA/data/queue/restart.pipe \
-	$HESTIA/data/queue/traffic.pipe $HESTIA/data/queue/daily.pipe $HESTIA/log/system.log \
-	$HESTIA/log/nginx-error.log $HESTIA/log/auth.log $HESTIA/log/backup.log
-chmod 750 $HESTIA/conf $HESTIA/data/users $HESTIA/data/ips $HESTIA/log
-chmod -R 750 $HESTIA/data/queue
-chmod 660 /var/log/hestia/*
-chmod 770 $HESTIA/data/sessions
-
-# Generating Hestia configuration
-rm -f $HESTIA/conf/hestia.conf > /dev/null 2>&1
-touch $HESTIA/conf/hestia.conf
-chmod 660 $HESTIA/conf/hestia.conf
-
-# Write default port value to hestia.conf
-# If a custom port is specified it will be set at the end of the installation process.
-write_config_value "BACKEND_PORT" "8083"
-
-# Web stack
-if [ "$apache" = 'yes' ]; then
-	write_config_value "WEB_SYSTEM" "apache2"
-	write_config_value "WEB_RGROUPS" "www-data"
-	write_config_value "WEB_PORT" "8080"
-	write_config_value "WEB_SSL_PORT" "8443"
-	write_config_value "WEB_SSL" "mod_ssl"
-	write_config_value "PROXY_SYSTEM" "nginx"
-	write_config_value "PROXY_PORT" "80"
-	write_config_value "PROXY_SSL_PORT" "443"
-	write_config_value "STATS_SYSTEM" "awstats"
-fi
-if [ "$apache" = 'no' ]; then
-	write_config_value "WEB_SYSTEM" "nginx"
-	write_config_value "WEB_PORT" "80"
-	write_config_value "WEB_SSL_PORT" "443"
-	write_config_value "WEB_SSL" "openssl"
-	write_config_value "STATS_SYSTEM" "awstats"
-
-fi
-
-if [ "$phpfpm" = 'yes' ]; then
-	write_config_value "WEB_BACKEND" "php-fpm"
-fi
-
-# Database stack
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	installed_db_types='mysql'
-fi
-
-if [ "$postgresql" = 'yes' ]; then
-	installed_db_types="$installed_db_types,pgsql"
-fi
-
-if [ -n "$installed_db_types" ]; then
-	db=$(echo "$installed_db_types" \
-		| sed "s/,/\n/g" \
-		| sort -r -u \
-		| sed "/^$/d" \
-		| sed ':a;N;$!ba;s/\n/,/g')
-	write_config_value "DB_SYSTEM" "$db"
-fi
-
-# FTP stack
-if [ "$vsftpd" = 'yes' ]; then
-	write_config_value "FTP_SYSTEM" "vsftpd"
-fi
-if [ "$proftpd" = 'yes' ]; then
-	write_config_value "FTP_SYSTEM" "proftpd"
-fi
-
-# DNS stack
-if [ "$named" = 'yes' ]; then
-	write_config_value "DNS_SYSTEM" "bind9"
-fi
-
-# Mail stack
-if [ "$exim" = 'yes' ]; then
-	write_config_value "MAIL_SYSTEM" "exim4"
-	if [ "$clamd" = 'yes' ]; then
-		write_config_value "ANTIVIRUS_SYSTEM" "clamav-daemon"
-	fi
-	if [ "$spamd" = 'yes' ]; then
-		write_config_value "ANTISPAM_SYSTEM" "spamassassin"
-	fi
-	if [ "$dovecot" = 'yes' ]; then
-		write_config_value "IMAP_SYSTEM" "dovecot"
-	fi
-	if [ "$sieve" = 'yes' ]; then
-		write_config_value "SIEVE_SYSTEM" "yes"
-	fi
-fi
-
-# Cron daemon
-write_config_value "CRON_SYSTEM" "cron"
-
-# Firewall stack
-if [ "$iptables" = 'yes' ]; then
-	write_config_value "FIREWALL_SYSTEM" "iptables"
-fi
-if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
-	write_config_value "FIREWALL_EXTENSION" "fail2ban"
-fi
-
-# Disk quota
-if [ "$quota" = 'yes' ]; then
-	write_config_value "DISK_QUOTA" "yes"
-else
-	write_config_value "DISK_QUOTA" "no"
-fi
-
-# Backups
-write_config_value "BACKUP_SYSTEM" "local"
-write_config_value "BACKUP_GZIP" "4"
-write_config_value "BACKUP_MODE" "zstd"
-
-# Language
-write_config_value "LANGUAGE" "$lang"
-
-# Login in screen
-write_config_value "LOGIN_STYLE" "default"
-
-# Theme
-write_config_value "THEME" "dark"
-
-# Inactive session timeout
-write_config_value "INACTIVE_SESSION_TIMEOUT" "60"
-
-# Version & Release Branch
-write_config_value "VERSION" "${HESTIA_INSTALL_VER}"
-write_config_value "RELEASE_BRANCH" "release"
-
-# Email notifications after upgrade
-write_config_value "UPGRADE_SEND_EMAIL" "true"
-write_config_value "UPGRADE_SEND_EMAIL_LOG" "false"
-
-# Installing hosting packages
-cp -rf $HESTIA_COMMON_DIR/packages $HESTIA/data/
-
-# Update nameservers in hosting package
-IFS='.' read -r -a domain_elements <<< "$servername"
-if [ -n "${domain_elements[-2]}" ] && [ -n "${domain_elements[-1]}" ]; then
-	serverdomain="${domain_elements[-2]}.${domain_elements[-1]}"
-	sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg
-fi
-
-# Installing templates
-cp -rf $HESTIA_INSTALL_DIR/templates $HESTIA/data/
-cp -rf $HESTIA_COMMON_DIR/templates/web/ $HESTIA/data/templates
-cp -rf $HESTIA_COMMON_DIR/templates/dns/ $HESTIA/data/templates
-
-mkdir -p /var/www/html
-mkdir -p /var/www/document_errors
-
-# Install default success page
-cp -rf $HESTIA_COMMON_DIR/templates/web/unassigned/index.html /var/www/html/
-cp -rf $HESTIA_COMMON_DIR/templates/web/skel/document_errors/* /var/www/document_errors/
-
-# Installing firewall rules
-cp -rf $HESTIA_COMMON_DIR/firewall $HESTIA/data/
-
-# Installing apis
-cp -rf $HESTIA_COMMON_DIR/api $HESTIA/data/
-
-# Configuring server hostname
-$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1
-
-# Generating SSL certificate
-echo "[ * ] Generating default self-signed SSL certificate..."
-$HESTIA/bin/v-generate-ssl-cert $(hostname) '' 'US' 'California' \
-	'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
-
-# Parsing certificate file
-crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem | cut -f 1 -d:)
-key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem | cut -f 1 -d:)
-key_end=$(grep -n "END RSA" /tmp/hst.pem | cut -f 1 -d:)
-
-# Adding SSL certificate
-echo "[ * ] Adding SSL certificate to Hestia Control Panel..."
-cd $HESTIA/ssl
-sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
-sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
-chown root:mail $HESTIA/ssl/*
-chmod 660 $HESTIA/ssl/*
-rm /tmp/hst.pem
-
-# Install dhparam.pem
-cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
-
-# Deleting old admin user
-if [ -n "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	userdel -f admin > /dev/null 2>&1
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	mv -f /home/admin $hst_backups/home/ > /dev/null 2>&1
-	rm -f /tmp/sess_* > /dev/null 2>&1
-fi
-if [ -n "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
-	groupdel admin > /dev/null 2>&1
-fi
-
-# Enable sftp jail
-echo "[ * ] Enable SFTP jail..."
-$HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1
-check_result $? "can't enable sftp jail"
-
-# Adding Hestia admin account
-$HESTIA/bin/v-add-user admin $vpass $email "system" "System Administrator"
-check_result $? "can't create admin user"
-$HESTIA/bin/v-change-user-shell admin nologin
-$HESTIA/bin/v-change-user-role admin admin
-$HESTIA/bin/v-change-user-language admin $lang
-$HESTIA/bin/v-change-sys-config-value 'POLICY_SYSTEM_PROTECTED_ADMIN' 'yes'
-
-locale-gen "en_US.utf8" > /dev/null 2>&1
-#----------------------------------------------------------#
-#                     Configure Nginx                      #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring NGINX..."
-rm -f /etc/nginx/conf.d/*.conf
-cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/
-cp -f $HESTIA_INSTALL_DIR/nginx/status.conf /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/
-mkdir -p /etc/nginx/conf.d/domains
-mkdir -p /etc/nginx/modules-enabled
-mkdir -p /var/log/nginx/domains
-
-# Update dns servers in nginx.conf
-dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
-for ip in $dns_resolver; do
-	if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-		resolver="$ip $resolver"
-	fi
-done
-if [ -n "$resolver" ]; then
-	sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
-	sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
-fi
-
-update-rc.d nginx defaults > /dev/null 2>&1
-systemctl start nginx >> $LOG
-check_result $? "nginx start failed"
-
-#----------------------------------------------------------#
-#                    Configure Apache                      #
-#----------------------------------------------------------#
-
-if [ "$apache" = 'yes' ]; then
-	echo "[ * ] Configuring Apache Web Server..."
-
-	mkdir -p /etc/apache2/conf.d
-	mkdir -p /etc/apache2/conf.d/domains
-
-	# Copy configuration files
-	cp -f $HESTIA_INSTALL_DIR/apache2/apache2.conf /etc/apache2/
-	cp -f $HESTIA_INSTALL_DIR/apache2/status.conf /etc/apache2/mods-available/hestia-status.conf
-	cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load
-	cp -f $HESTIA_INSTALL_DIR/logrotate/apache2 /etc/logrotate.d/
-
-	# Enable needed modules
-	a2enmod rewrite > /dev/null 2>&1
-	a2enmod suexec > /dev/null 2>&1
-	a2enmod ssl > /dev/null 2>&1
-	a2enmod actions > /dev/null 2>&1
-	a2dismod --quiet status > /dev/null 2>&1
-	a2enmod --quiet hestia-status > /dev/null 2>&1
-
-	if [ "$phpfpm" = 'yes' ]; then
-		# Disable prefork and php, enable event
-		a2dismod php$fpm_v > /dev/null 2>&1
-		a2dismod mpm_prefork > /dev/null 2>&1
-		a2enmod mpm_event > /dev/null 2>&1
-		cp -f $HESTIA_INSTALL_DIR/apache2/hestia-event.conf /etc/apache2/conf.d/
-	else
-		a2enmod mpm_itk > /dev/null 2>&1
-	fi
-
-	echo "# Powered by hestia" > /etc/apache2/sites-available/default
-	echo "# Powered by hestia" > /etc/apache2/sites-available/default-ssl
-	echo "# Powered by hestia" > /etc/apache2/ports.conf
-	echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data
-	touch /var/log/apache2/access.log /var/log/apache2/error.log
-	mkdir -p /var/log/apache2/domains
-	chmod a+x /var/log/apache2
-	chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log
-	chmod 751 /var/log/apache2/domains
-
-	# Prevent remote access to server-status page
-	sed -i '/Allow from all/d' /etc/apache2/mods-available/hestia-status.conf
-
-	update-rc.d apache2 defaults > /dev/null 2>&1
-	systemctl start apache2 >> $LOG
-	check_result $? "apache2 start failed"
-else
-	update-rc.d apache2 disable > /dev/null 2>&1
-	systemctl stop apache2 > /dev/null 2>&1
-fi
-
-#----------------------------------------------------------#
-#                     Configure PHP-FPM                    #
-#----------------------------------------------------------#
-
-if [ "$phpfpm" = "yes" ]; then
-	if [ "$multiphp" = 'yes' ]; then
-		for v in "${multiphp_v[@]}"; do
-			echo "[ * ] Install PHP $v..."
-			$HESTIA/bin/v-add-web-php "$v" > /dev/null 2>&1
-		done
-	else
-		echo "[ * ] Install  PHP $fpm_v..."
-		$HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1
-	fi
-
-	echo "[ * ] Configuring PHP $fpm_v..."
-	# Create www.conf for webmail and php(*)admin
-	cp -f $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
-	update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1
-	systemctl start php$fpm_v-fpm >> $LOG
-	check_result $? "php-fpm start failed"
-	# Set default php version to $fpm_v
-	update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1
-fi
-
-#----------------------------------------------------------#
-#                     Configure PHP                        #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring PHP..."
-ZONE=$(timedatectl > /dev/null 2>&1 | grep Timezone | awk '{print $2}')
-if [ -z "$ZONE" ]; then
-	ZONE='UTC'
-fi
-for pconf in $(find /etc/php* -name php.ini); do
-	sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf
-	sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf
-done
-
-# Cleanup php session files not changed in the last 7 days (60*24*7 minutes)
-echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup
-echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
-echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
-chmod 755 /etc/cron.daily/php-session-cleanup
-
-#----------------------------------------------------------#
-#                    Configure Vsftpd                      #
-#----------------------------------------------------------#
-
-if [ "$vsftpd" = 'yes' ]; then
-	echo "[ * ] Configuring Vsftpd server..."
-	cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
-	touch /var/log/vsftpd.log
-	chown root:adm /var/log/vsftpd.log
-	chmod 640 /var/log/vsftpd.log
-	touch /var/log/xferlog
-	chown root:adm /var/log/xferlog
-	chmod 640 /var/log/xferlog
-	update-rc.d vsftpd defaults
-	systemctl start vsftpd
-	check_result $? "vsftpd start failed"
-
-fi
-
-#----------------------------------------------------------#
-#                    Configure ProFTPD                     #
-#----------------------------------------------------------#
-
-if [ "$proftpd" = 'yes' ]; then
-	echo "[ * ] Configuring ProFTPD server..."
-	echo "127.0.0.1 $servername" >> /etc/hosts
-	cp -f $HESTIA_INSTALL_DIR/proftpd/proftpd.conf /etc/proftpd/
-	cp -f $HESTIA_INSTALL_DIR/proftpd/tls.conf /etc/proftpd/
-
-	if [ "$release" -eq 11 ]; then
-		sed -i 's|IdentLookups                  off|#IdentLookups                  off|g' /etc/proftpd/proftpd.conf
-	fi
-
-	update-rc.d proftpd defaults > /dev/null 2>&1
-	systemctl start proftpd >> $LOG
-	check_result $? "proftpd start failed"
-
-	if [ "$release" -eq 11 ]; then
-		unit_files="$(systemctl list-unit-files | grep proftpd)"
-		if [[ "$unit_files" =~ "disabled" ]]; then
-			systemctl enable proftpd
-		fi
-	fi
-fi
-
-#----------------------------------------------------------#
-#               Configure MariaDB / MySQL                  #
-#----------------------------------------------------------#
-
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	[ "$mysql" = 'yes' ] && mysql_type="MariaDB" || mysql_type="MySQL"
-	echo "[ * ] Configuring $mysql_type database server..."
-	mycnf="my-small.cnf"
-	if [ $memory -gt 1200000 ]; then
-		mycnf="my-medium.cnf"
-	fi
-	if [ $memory -gt 3900000 ]; then
-		mycnf="my-large.cnf"
-	fi
-
-	if [ "$mysql_type" = 'MariaDB' ]; then
-		# Run mysql_install_db
-		mysql_install_db >> $LOG
-	fi
-
-	# Remove symbolic link
-	rm -f /etc/mysql/my.cnf
-	# Configuring MariaDB
-	cp -f $HESTIA_INSTALL_DIR/mysql/$mycnf /etc/mysql/my.cnf
-
-	# Switch MariaDB inclusions to the MySQL
-	if [ "$mysql_type" = 'MySQL' ]; then
-		sed -i '/query_cache_size/d' /etc/mysql/my.cnf
-		sed -i 's|mariadb.conf.d|mysql.conf.d|g' /etc/mysql/my.cnf
-	fi
-
-	update-rc.d mysql defaults > /dev/null 2>&1
-	systemctl start mysql >> $LOG
-	check_result $? "${mysql_type,,} start failed"
-
-	# Securing MariaDB/MySQL installation
-	mpass=$(gen_pass)
-	echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
-	chmod 600 /root/.my.cnf
-
-	# Alter root password
-	mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$mpass'; FLUSH PRIVILEGES;"
-	if [ "$mysql_type" = 'MariaDB' ]; then
-		# Allow mysql access via socket for startup
-		mysql -e "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';"
-		# Disable anonymous users
-		mysql -e "DELETE FROM mysql.global_priv WHERE User='';"
-	else
-		mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '$mpass';"
-		mysql -e "DELETE FROM mysql.user WHERE User='';"
-		mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
-	fi
-	# Drop test database
-	mysql -e "DROP DATABASE IF EXISTS test"
-	mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
-	# Flush privileges
-	mysql -e "FLUSH PRIVILEGES;"
-fi
-
-#----------------------------------------------------------#
-#                    Configure phpMyAdmin                  #
-#----------------------------------------------------------#
-
-# Source upgrade.conf with phpmyadmin versions
-# shellcheck source=/usr/local/hestia/install/upgrade/upgrade.conf
-source $HESTIA/install/upgrade/upgrade.conf
-
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	# Display upgrade information
-	echo "[ * ] Installing phpMyAdmin version v$pma_v..."
-
-	# Download latest phpmyadmin release
-	wget --quiet --retry-connrefused https://files.phpmyadmin.net/phpMyAdmin/$pma_v/phpMyAdmin-$pma_v-all-languages.tar.gz
-
-	# Unpack files
-	tar xzf phpMyAdmin-$pma_v-all-languages.tar.gz
-
-	# Create folders
-	mkdir -p /usr/share/phpmyadmin
-	mkdir -p /etc/phpmyadmin
-	mkdir -p /etc/phpmyadmin/conf.d/
-	mkdir /usr/share/phpmyadmin/tmp
-
-	# Configuring Apache2 for PHPMYADMIN
-	if [ "$apache" = 'yes' ]; then
-		touch /etc/apache2/conf.d/phpmyadmin.inc
-	fi
-
-	# Overwrite old files
-	cp -rf phpMyAdmin-$pma_v-all-languages/* /usr/share/phpmyadmin
-
-	# Create copy of config file
-	cp -f $HESTIA_INSTALL_DIR/phpmyadmin/config.inc.php /etc/phpmyadmin/
-	mkdir -p /var/lib/phpmyadmin/tmp
-	chmod 770 /var/lib/phpmyadmin/tmp
-	chown root:www-data /usr/share/phpmyadmin/tmp
-
-	# Set config and log directory
-	sed -i "s|'configFile' => ROOT_PATH . 'config.inc.php',|'configFile' => '/etc/phpmyadmin/config.inc.php',|g" /usr/share/phpmyadmin/libraries/vendor_config.php
-
-	# Create temporary folder and change permission
-	chmod 770 /usr/share/phpmyadmin/tmp
-	chown root:www-data /usr/share/phpmyadmin/tmp
-
-	# Generate blow fish
-	blowfish=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
-	sed -i "s|%blowfish_secret%|$blowfish|" /etc/phpmyadmin/config.inc.php
-
-	# Clean Up
-	rm -fr phpMyAdmin-$pma_v-all-languages
-	rm -f phpMyAdmin-$pma_v-all-languages.tar.gz
-
-	write_config_value "DB_PMA_ALIAS" "phpmyadmin"
-	$HESTIA/bin/v-change-sys-db-alias 'pma' "phpmyadmin"
-
-	# Special thanks to Pavel Galkin (https://skurudo.ru)
-	# https://github.com/skurudo/phpmyadmin-fixer
-	# shellcheck source=/usr/local/hestia/install/deb/phpmyadmin/pma.sh
-	source $HESTIA_INSTALL_DIR/phpmyadmin/pma.sh > /dev/null 2>&1
-
-	# limit access to /etc/phpmyadmin/
-	chown -R root:www-data /etc/phpmyadmin/
-	chmod -R 640 /etc/phpmyadmin/*
-	chmod 750 /etc/phpmyadmin/conf.d/
-fi
-
-#----------------------------------------------------------#
-#                   Configure PostgreSQL                   #
-#----------------------------------------------------------#
-
-if [ "$postgresql" = 'yes' ]; then
-	echo "[ * ] Configuring PostgreSQL database server..."
-	ppass=$(gen_pass)
-	cp -f $HESTIA_INSTALL_DIR/postgresql/pg_hba.conf /etc/postgresql/*/main/
-	systemctl restart postgresql
-	sudo -iu postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
-
-	# Configuring phpPgAdmin
-	if [ "$apache" = 'yes' ]; then
-		cp -f $HESTIA_INSTALL_DIR/pga/phppgadmin.conf /etc/apache2/conf.d/phppgadmin.inc
-	fi
-	cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/
-
-	write_config_value "DB_PGA_ALIAS" "phppgadmin"
-	$HESTIA/bin/v-change-sys-db-alias 'pga' "phppgadmin"
-fi
-
-#----------------------------------------------------------#
-#                      Configure Bind                      #
-#----------------------------------------------------------#
-
-if [ "$named" = 'yes' ]; then
-	echo "[ * ] Configuring Bind DNS server..."
-	cp -f $HESTIA_INSTALL_DIR/bind/named.conf /etc/bind/
-	cp -f $HESTIA_INSTALL_DIR/bind/named.conf.options /etc/bind/
-	chown root:bind /etc/bind/named.conf
-	chown root:bind /etc/bind/named.conf.options
-	chown bind:bind /var/cache/bind
-	chmod 640 /etc/bind/named.conf
-	chmod 640 /etc/bind/named.conf.options
-	aa-complain /usr/sbin/named 2> /dev/null
-	if [ "$apparmor" = 'yes' ]; then
-		echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
-		systemctl status apparmor > /dev/null 2>&1
-		if [ $? -ne 0 ]; then
-			systemctl restart apparmor
-		fi
-	fi
-	update-rc.d bind9 defaults > /dev/null 2>&1
-	systemctl start bind9
-	check_result $? "bind9 start failed"
-
-	# Workaround for OpenVZ/Virtuozzo
-	if [ -e "/proc/vz/veinfo" ] && [ -e "/etc/rc.local" ]; then
-		sed -i "s/^exit 0/service bind9 restart\nexit 0/" /etc/rc.local
-	fi
-fi
-
-#----------------------------------------------------------#
-#                      Configure Exim                      #
-#----------------------------------------------------------#
-
-if [ "$exim" = 'yes' ]; then
-	echo "[ * ] Configuring Exim mail server..."
-	gpasswd -a Debian-exim mail > /dev/null 2>&1
-	exim_version=$(exim4 --version | head -1 | awk '{print $3}' | cut -f -2 -d .)
-	if [ "$exim_version" = "4.94" ]; then
-		cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.94.template /etc/exim4/exim4.conf.template
-	else
-		cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim4/
-	fi
-	cp -f $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/
-	touch /etc/exim4/white-blocks.conf
-
-	if [ "$spamd" = 'yes' ]; then
-		sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
-	fi
-	if [ "$clamd" = 'yes' ]; then
-		sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
-	fi
-
-	chmod 640 /etc/exim4/exim4.conf.template
-	rm -rf /etc/exim4/domains
-	mkdir -p /etc/exim4/domains
-
-	rm -f /etc/alternatives/mta
-	ln -s /usr/sbin/exim4 /etc/alternatives/mta
-	update-rc.d -f sendmail remove > /dev/null 2>&1
-	systemctl stop sendmail > /dev/null 2>&1
-	update-rc.d -f postfix remove > /dev/null 2>&1
-	systemctl stop postfix > /dev/null 2>&1
-	update-rc.d exim4 defaults
-	systemctl start exim4
-	check_result $? "exim4 start failed"
-fi
-
-#----------------------------------------------------------#
-#                     Configure Dovecot                    #
-#----------------------------------------------------------#
-
-if [ "$dovecot" = 'yes' ]; then
-	echo "[ * ] Configuring Dovecot POP/IMAP mail server..."
-	gpasswd -a dovecot mail > /dev/null 2>&1
-	cp -rf $HESTIA_COMMON_DIR/dovecot /etc/
-	cp -f $HESTIA_INSTALL_DIR/logrotate/dovecot /etc/logrotate.d/
-	chown -R root:root /etc/dovecot*
-	rm -f /etc/dovecot/conf.d/15-mailboxes.conf
-
-	#Alter config for 2.2
-	version=$(dovecot --version | cut -f -2 -d .)
-	if [ "$version" = "2.2" ]; then
-		echo "[ * ] Downgrade dovecot config to sync with 2.2 settings"
-		sed -i 's|#ssl_dh_parameters_length = 4096|ssl_dh_parameters_length = 4096|g' /etc/dovecot/conf.d/10-ssl.conf
-		sed -i 's|ssl_dh = </etc/ssl/dhparam.pem|#ssl_dh = </etc/ssl/dhparam.pem|g' /etc/dovecot/conf.d/10-ssl.conf
-		sed -i 's|ssl_min_protocol = TLSv1.2|ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1|g' /etc/dovecot/conf.d/10-ssl.conf
-	fi
-
-	update-rc.d dovecot defaults
-	systemctl start dovecot
-	check_result $? "dovecot start failed"
-fi
-
-#----------------------------------------------------------#
-#                     Configure ClamAV                     #
-#----------------------------------------------------------#
-
-if [ "$clamd" = 'yes' ]; then
-	gpasswd -a clamav mail > /dev/null 2>&1
-	gpasswd -a clamav Debian-exim > /dev/null 2>&1
-	cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/clamav/
-	update-rc.d clamav-daemon defaults
-	if [ ! -d "/run/clamav" ]; then
-		mkdir /run/clamav
-	fi
-	chown -R clamav:clamav /run/clamav
-	if [ -e "/lib/systemd/system/clamav-daemon.service" ]; then
-		exec_pre1='ExecStartPre=-/bin/mkdir -p /run/clamav'
-		exec_pre2='ExecStartPre=-/bin/chown -R clamav:clamav /run/clamav'
-		sed -i "s|\[Service\]/|[Service]\n$exec_pre1\n$exec_pre2|g" \
-			/lib/systemd/system/clamav-daemon.service
-		systemctl daemon-reload
-	fi
-	echo -ne "[ * ] Installing ClamAV anti-virus definitions... "
-	/usr/bin/freshclam >> $LOG &
-	BACK_PID=$!
-	spin_i=1
-	while kill -0 $BACK_PID > /dev/null 2>&1; do
-		printf "\b${spinner:spin_i++%${#spinner}:1}"
-		sleep 0.5
-	done
-	echo
-	systemctl start clamav-daemon
-	check_result $? "clamav-daemon start failed"
-fi
-
-#----------------------------------------------------------#
-#                  Configure SpamAssassin                  #
-#----------------------------------------------------------#
-
-if [ "$spamd" = 'yes' ]; then
-	echo "[ * ] Configuring SpamAssassin..."
-	update-rc.d spamassassin defaults > /dev/null 2>&1
-	sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
-	systemctl start spamassassin >> $LOG
-	check_result $? "spamassassin start failed"
-	unit_files="$(systemctl list-unit-files | grep spamassassin)"
-	if [[ "$unit_files" =~ "disabled" ]]; then
-		systemctl enable spamassassin > /dev/null 2>&1
-	fi
-	sed -i "s/#CRON=1/CRON=1/" /etc/default/spamassassin
-fi
-
-#----------------------------------------------------------#
-#                    Configure Fail2Ban                    #
-#----------------------------------------------------------#
-
-if [ "$fail2ban" = 'yes' ]; then
-	echo "[ * ] Configuring fail2ban access monitor..."
-	cp -rf $HESTIA_INSTALL_DIR/fail2ban /etc/
-	if [ "$dovecot" = 'no' ]; then
-		fline=$(cat /etc/fail2ban/jail.local | grep -n dovecot-iptables -A 2)
-		fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -)
-		sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
-	fi
-	if [ "$exim" = 'no' ]; then
-		fline=$(cat /etc/fail2ban/jail.local | grep -n exim-iptables -A 2)
-		fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -)
-		sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
-	fi
-	if [ "$vsftpd" = 'yes' ]; then
-		#Create vsftpd Log File
-		if [ ! -f "/var/log/vsftpd.log" ]; then
-			touch /var/log/vsftpd.log
-		fi
-		fline=$(cat /etc/fail2ban/jail.local | grep -n vsftpd-iptables -A 2)
-		fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -)
-		sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local
-	fi
-	if [ ! -e /var/log/auth.log ]; then
-		# Debian workaround: auth logging was moved to systemd
-		touch /var/log/auth.log
-		chmod 640 /var/log/auth.log
-		chown root:adm /var/log/auth.log
-	fi
-	if [ -f /etc/fail2ban/jail.d/defaults-debian.conf ]; then
-		rm -f /etc/fail2ban/jail.d/defaults-debian.conf
-	fi
-	update-rc.d fail2ban defaults
-	systemctl start fail2ban
-	check_result $? "fail2ban start failed"
-fi
-
-# Configuring MariaDB/MySQL host
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	$HESTIA/bin/v-add-database-host mysql localhost root $mpass
-fi
-
-# Configuring PostgreSQL host
-if [ "$postgresql" = 'yes' ]; then
-	$HESTIA/bin/v-add-database-host pgsql localhost postgres $ppass
-fi
-
-#----------------------------------------------------------#
-#                       Install Roundcube                  #
-#----------------------------------------------------------#
-# Min requirements Dovecot + Exim + Mysql
-if ([ "$mysql" == 'yes' ] || [ "$mysqlclassic" == 'yes' ]) && [ "$dovecot" == "yes" ]; then
-	echo "[ * ] Install Roundcube..."
-	$HESTIA/bin/v-add-sys-roundcube
-	write_config_value "WEBMAIL_ALIAS" "webmail"
-else
-	write_config_value "WEBMAIL_ALIAS" ""
-	write_config_value "WEBMAIL_SYSTEM" ""
-fi
-
-#----------------------------------------------------------#
-#                     Install Sieve                        #
-#----------------------------------------------------------#
-# Min requirements Dovecot + Exim + Mysql + Roundcube
-if [ "$sieve" = 'yes' ]; then
-	# Folder paths
-	RC_INSTALL_DIR="/var/lib/roundcube"
-	RC_CONFIG_DIR="/etc/roundcube"
-
-	echo "[ * ] Install Sieve..."
-
-	# dovecot.conf install
-	sed -i "s/namespace/service stats \{\n  unix_listener stats-writer \{\n    group = mail\n    mode = 0660\n    user = dovecot\n  \}\n\}\n\nnamespace/g" /etc/dovecot/dovecot.conf
-
-	# dovecot conf files
-	#  10-master.conf
-	sed -i -E -z "s/  }\n  user = dovecot\n}/  \}\n  unix_listener auth-master \{\n    group = mail\n    mode = 0660\n    user = dovecot\n  \}\n  user = dovecot\n\}/g" /etc/dovecot/conf.d/10-master.conf
-	#  15-lda.conf
-	sed -i "s/\#mail_plugins = \\\$mail_plugins/mail_plugins = \$mail_plugins quota sieve\n  auth_socket_path = \/var\/run\/dovecot\/auth-master/g" /etc/dovecot/conf.d/15-lda.conf
-	#  20-imap.conf
-	sed -i "s/mail_plugins = quota imap_quota/mail_plugins = quota imap_quota imap_sieve/g" /etc/dovecot/conf.d/20-imap.conf
-
-	# replace dovecot-sieve config files
-	cp -f $HESTIA_COMMON_DIR/dovecot/sieve/* /etc/dovecot/conf.d
-
-	echo -e "require [\"fileinto\"];\n# rule:[SPAM]\nif header :contains \"X-Spam-Flag\" \"YES\" {\n    fileinto \"INBOX.Spam\";\n}\n" > /etc/dovecot/sieve/default
-
-	# exim4 install
-	sed -i "s/\stransport = local_delivery/ transport = dovecot_virtual_delivery/" /etc/exim4/exim4.conf.template
-	sed -i "s/address_pipe:/dovecot_virtual_delivery:\n  driver = pipe\n  command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \$local_part@\$domain -f \$sender_address -a \$original_local_part@\$original_domain\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n  log_output = true\n  log_defer_output = true\n  user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n group = mail\n  return_output\n\naddress_pipe:/g" /etc/exim4/exim4.conf.template
-
-	# Permission changes
-	chown -R dovecot:mail /var/log/dovecot.log
-	chmod 660 /var/log/dovecot.log
-
-	if [ -d "/var/lib/roundcube" ]; then
-		# Modify Roundcube config
-		mkdir -p $RC_CONFIG_DIR/plugins/managesieve
-		cp -f $HESTIA_COMMON_DIR/roundcube/plugins/config_managesieve.inc.php $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
-		ln -s $RC_CONFIG_DIR/plugins/managesieve/config.inc.php $RC_INSTALL_DIR/plugins/managesieve/config.inc.php
-		chown -R root:www-data $RC_CONFIG_DIR/
-		chmod 751 -R $RC_CONFIG_DIR
-		chmod 644 $RC_CONFIG_DIR/*.php
-		chmod 644 $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
-		sed -i "s/'archive'/'archive', 'managesieve'/g" $RC_CONFIG_DIR/config.inc.php
-	fi
-	# Restart Dovecot and exim4
-	systemctl restart dovecot > /dev/null 2>&1
-	systemctl restart exim4 > /dev/null 2>&1
-fi
-
-#----------------------------------------------------------#
-#                  Configure File Manager                  #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring File Manager..."
-$HESTIA/bin/v-add-sys-filemanager quiet
-
-#----------------------------------------------------------#
-#                  Configure PHPMailer                     #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring PHP dependencies..."
-$HESTIA/bin/v-add-sys-dependencies quiet
-
-#----------------------------------------------------------#
-#                       Configure API                      #
-#----------------------------------------------------------#
-
-if [ "$api" = "yes" ]; then
-	# keep legacy api enabled until transition is complete
-	write_config_value "API" "yes"
-	write_config_value "API_SYSTEM" "1"
-	write_config_value "API_ALLOWED_IP" ""
-else
-	write_config_value "API" "no"
-	write_config_value "API_SYSTEM" "0"
-	write_config_value "API_ALLOWED_IP" ""
-	$HESTIA/bin/v-change-sys-api disable
-fi
-
-#----------------------------------------------------------#
-#                   Configure IP                           #
-#----------------------------------------------------------#
-
-# Configuring system IPs
-echo "[ * ] Configuring System IP..."
-$HESTIA/bin/v-update-sys-ip > /dev/null 2>&1
-
-# Get main IP
-ip=$(ip addr | grep 'inet ' | grep global | head -n1 | awk '{print $2}' | cut -f1 -d/)
-local_ip=$ip
-
-# Configuring firewall
-if [ "$iptables" = 'yes' ]; then
-	$HESTIA/bin/v-update-firewall
-fi
-
-# Get public IP
-pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
-
-if [ -n "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
-	$HESTIA/bin/v-change-sys-ip-nat $ip $pub_ip > /dev/null 2>&1
-	ip=$pub_ip
-fi
-
-# Configuring libapache2-mod-remoteip
-if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ]; then
-	cd /etc/apache2/mods-available
-	echo "<IfModule mod_remoteip.c>" > remoteip.conf
-	echo "  RemoteIPHeader X-Real-IP" >> remoteip.conf
-	if [ "$local_ip" != "127.0.0.1" ] && [ "$pub_ip" != "127.0.0.1" ]; then
-		echo "  RemoteIPInternalProxy 127.0.0.1" >> remoteip.conf
-	fi
-	if [ -n "$local_ip" ] && [ "$local_ip" != "$pub_ip" ]; then
-		echo "  RemoteIPInternalProxy $local_ip" >> remoteip.conf
-	fi
-	if [ -n "$pub_ip" ]; then
-		echo "  RemoteIPInternalProxy $pub_ip" >> remoteip.conf
-	fi
-	echo "</IfModule>" >> remoteip.conf
-	sed -i "s/LogFormat \"%h/LogFormat \"%a/g" /etc/apache2/apache2.conf
-	a2enmod remoteip >> $LOG
-	systemctl restart apache2
-fi
-
-# Adding default domain
-$HESTIA/bin/v-add-web-domain admin $servername $ip
-check_result $? "can't create $servername domain"
-
-# Adding cron jobs
-export SCHEDULED_RESTART="yes"
-command="sudo $HESTIA/bin/v-update-sys-queue restart"
-$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
-systemctl restart cron
-
-command="sudo $HESTIA/bin/v-update-sys-queue daily"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue disk"
-$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue traffic"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue webstats"
-$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue backup"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-backup-users"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-user-stats"
-$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-rrd"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-letsencrypt-ssl"
-min=$(gen_pass '012345' '2')
-hour=$(gen_pass '1234567' '1')
-$HESTIA/bin/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command"
-
-# Enable automatic updates
-$HESTIA/bin/v-add-cron-hestia-autoupdate apt
-
-# Building initital rrd images
-$HESTIA/bin/v-update-sys-rrd
-
-# Enabling file system quota
-if [ "$quota" = 'yes' ]; then
-	$HESTIA/bin/v-add-sys-quota
-fi
-
-# Set backend port
-$HESTIA/bin/v-change-sys-port $port > /dev/null 2>&1
-
-# Create default configuration files
-$HESTIA/bin/v-update-sys-defaults
-
-# Update remaining packages since repositories have changed
-echo -ne "[ * ] Installing remaining software updates..."
-apt-get -qq update
-apt-get -y upgrade >> $LOG &
-BACK_PID=$!
-echo
-
-# Starting Hestia service
-update-rc.d hestia defaults
-systemctl start hestia
-check_result $? "hestia start failed"
-chown admin:admin $HESTIA/data/sessions
-
-# Create backup folder and set correct permission
-mkdir -p /backup/
-chmod 755 /backup/
-
-# create cronjob to generate ssl
-echo "@reboot root sleep 10 && rm /etc/cron.d/hestia-ssl && PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:' && /usr/local/hestia/bin/v-add-letsencrypt-host" > /etc/cron.d/hestia-ssl
-
-#----------------------------------------------------------#
-#              Set hestia.conf default values              #
-#----------------------------------------------------------#
-
-echo "[ * ] Updating configuration files..."
-write_config_value "PHPMYADMIN_KEY" ""
-write_config_value "POLICY_USER_VIEW_SUSPENDED" "no"
-write_config_value "POLICY_USER_VIEW_LOGS" "yes"
-write_config_value "POLICY_USER_EDIT_WEB_TEMPLATES" "true"
-write_config_value "POLICY_USER_EDIT_DNS_TEMPLATES" "yes"
-write_config_value "POLICY_USER_EDIT_DETAILS" "yes"
-write_config_value "POLICY_USER_DELETE_LOGS" "yes"
-write_config_value "POLICY_USER_CHANGE_THEME" "yes"
-write_config_value "POLICY_SYSTEM_PROTECTED_ADMIN" "no"
-write_config_value "POLICY_SYSTEM_PASSWORD_RESET" "yes"
-write_config_value "POLICY_SYSTEM_HIDE_SERVICES" "yes"
-write_config_value "POLICY_SYSTEM_ENABLE_BACON" "no"
-write_config_value "PLUGIN_APP_INSTALLER" "true"
-write_config_value "DEBUG_MODE" "no"
-write_config_value "ENFORCE_SUBDOMAIN_OWNERSHIP" "yes"
-write_config_value "USE_SERVER_SMTP" "false"
-write_config_value "SERVER_SMTP_PORT" ""
-write_config_value "SERVER_SMTP_HOST" ""
-write_config_value "SERVER_SMTP_SECURITY" ""
-write_config_value "SERVER_SMTP_USER" ""
-write_config_value "SERVER_SMTP_PASSWD" ""
-write_config_value "SERVER_SMTP_ADDR" ""
-write_config_value "POLICY_CSRF_STRICTNESS" "1"
-
-# Add /usr/local/hestia/bin/ to path variable
-echo 'if [ "${PATH#*/usr/local/hestia/bin*}" = "$PATH" ]; then
-    . /etc/profile.d/hestia.sh
-fi' >> /root/.bashrc
-
-#----------------------------------------------------------#
-#                   Hestia Access Info                     #
-#----------------------------------------------------------#
-
-# Comparing hostname and IP
-host_ip=$(host $servername | head -n 1 | awk '{print $NF}')
-if [ "$host_ip" = "$ip" ]; then
-	ip="$servername"
-fi
-
-echo -e "\n"
-echo "===================================================================="
-echo -e "\n"
-
-# Sending notification to admin email
-echo -e "Congratulations!
-
-You have successfully installed Hestia Control Panel on your server.
-
-Ready to get started? Log in using the following credentials:
-
-    Admin URL:  https://$ip:$port
-    Username:   admin
-    Password:   $displaypass
-
-Thank you for choosing Hestia Control Panel to power your full stack web server,
-we hope that you enjoy using it as much as we do!
-
-Please feel free to contact us at any time if you have any questions,
-or if you encounter any bugs or problems:
-
-Documentation:  https://docs.hestiacp.com/
-Forum:          https://forum.hestiacp.com/
-Discord:        https://discord.gg/nXRUZch
-GitHub:         https://www.github.com/hestiacp/hestiacp
-
-Note: Automatic updates are enabled by default. If you would like to disable them,
-please log in and navigate to Server > Updates to turn them off.
-
-Help support the Hestia Control Panel project by donating via PayPal:
-https://www.hestiacp.com/donate
-
---
-Sincerely yours,
-The Hestia Control Panel development team
-
-Made with love & pride by the open-source community around the world.
-" > $tmpfile
-
-send_mail="$HESTIA/web/inc/mail-wrapper.php"
-cat $tmpfile | $send_mail -s "Hestia Control Panel" $email
-
-# Congrats
-echo
-cat $tmpfile
-rm -f $tmpfile
-
-# Add welcome message to notification panel
-$HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '<br>You are now ready to begin <a href="/add/user/">adding user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, view the <a href="https://docs.hestiacp.com/" target="_new">documentation</a> or visit our <a href="https://forum.hestiacp.com/" target="_new">user forum</a>.<br><br>Please report any bugs or issues via <a href="https://github.com/hestiacp/hestiacp/issues" target="_new"><i class="fab fa-github"></i> GitHub</a>.<br><br><b>Have a wonderful day!</b><br><br><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team'
-
-# Clean-up
-# Sort final configuration file
-sort_config_file
-
-if [ "$interactive" = 'yes' ]; then
-	echo "[ ! ] IMPORTANT: The system will now reboot to complete the installation process."
-	read -n 1 -s -r -p "Press any key to continue"
-	reboot
-else
-	echo "[ ! ] IMPORTANT: You must restart the system before continuing!"
-fi
-# EOF

install/hst-install-ubuntu.sh

@@ -1,2217 +0,0 @@
-#!/bin/bash
-
-# ======================================================== #
-#
-# Hestia Control Panel Installer for Ubuntu
-# https://www.hestiacp.com/
-#
-# Currently Supported Versions:
-# Ubuntu 18.04 LTS, 20.04, 22.04 LTS
-#
-# ======================================================== #
-
-#----------------------------------------------------------#
-#                  Variables&Functions                     #
-#----------------------------------------------------------#
-export PATH=$PATH:/sbin
-export DEBIAN_FRONTEND=noninteractive
-RHOST='apt.hestiacp.com'
-GPG='gpg.hestiacp.com'
-VERSION='ubuntu'
-HESTIA='/usr/local/hestia'
-LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log"
-memory=$(grep 'MemTotal' /proc/meminfo | tr ' ' '\n' | grep [0-9])
-hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)"
-spinner="/-\|"
-os='ubuntu'
-release="$(lsb_release -s -r)"
-codename="$(lsb_release -s -c)"
-architecture="$(arch)"
-HESTIA_INSTALL_DIR="$HESTIA/install/deb"
-HESTIA_COMMON_DIR="$HESTIA/install/common"
-VERBOSE='no'
-
-# Define software versions
-HESTIA_INSTALL_VER='1.7.0~alpha'
-# Dependencies
-multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2")
-fpm_v="8.0"
-mariadb_v="10.6"
-
-# Defining software pack for all distros
-software="apache2 apache2.2-common apache2-suexec-custom apache2-utils
-    apparmor-utils awstats bc bind9 bsdmainutils bsdutils clamav-daemon
-    cron curl dnsutils dovecot-imapd dovecot-pop3d dovecot-sieve dovecot-managesieved
-    e2fslibs e2fsprogs exim4 exim4-daemon-heavy expect fail2ban flex ftp git idn2
-    imagemagick libapache2-mod-fcgid libapache2-mod-php$fpm_v libapache2-mod-rpaf
-    lsof mc mariadb-client mariadb-common mariadb-server mysql-client mysql-common mysql-server nginx
-    php$fpm_v php$fpm_v-cgi php$fpm_v-common php$fpm_v-curl
-    php$fpm_v-mysql php$fpm_v-imap php$fpm_v-ldap php$fpm_v-apcu phppgadmin
-    php$fpm_v-pgsql php$fpm_v-zip php$fpm_v-bz2 php$fpm_v-cli php$fpm_v-gd
-    php$fpm_v-imagick php$fpm_v-intl php$fpm_v-mbstring
-    php$fpm_v-opcache php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml
-    postgresql postgresql-contrib proftpd-basic quota rrdtool spamassassin sudo hestia=${HESTIA_INSTALL_VER}
-    hestia-nginx hestia-php vim-common vsftpd whois unzip zip acl sysstat setpriv rsyslog
-    ipset libonig5 libzip5 openssh-server lsb-release zstd jq"
-
-installer_dependencies="apt-transport-https curl dirmngr gnupg wget software-properties-common ca-certificates"
-
-# Defining help function
-help() {
-	echo "Usage: $0 [OPTIONS]
-  -a, --apache            Install Apache        [yes|no]  default: yes
-  -w, --phpfpm            Install PHP-FPM       [yes|no]  default: yes
-  -o, --multiphp          Install Multi-PHP     [yes|no]  default: no
-  -v, --vsftpd            Install Vsftpd        [yes|no]  default: yes
-  -j, --proftpd           Install ProFTPD       [yes|no]  default: no
-  -k, --named             Install Bind          [yes|no]  default: yes
-  -m, --mysql             Install MariaDB       [yes|no]  default: yes
-  -M, --mysql-classic     Install MySQL         [yes|no]  default: no
-  -g, --postgresql        Install PostgreSQL    [yes|no]  default: no
-  -x, --exim              Install Exim          [yes|no]  default: yes
-  -z, --dovecot           Install Dovecot       [yes|no]  default: yes
-  -Z, --sieve             Install Sieve         [yes|no]  default: no
-  -c, --clamav            Install ClamAV        [yes|no]  default: yes
-  -t, --spamassassin      Install SpamAssassin  [yes|no]  default: yes
-  -i, --iptables          Install Iptables      [yes|no]  default: yes
-  -b, --fail2ban          Install Fail2ban      [yes|no]  default: yes
-  -q, --quota             Filesystem Quota      [yes|no]  default: no
-  -d, --api               Activate API          [yes|no]  default: yes
-  -r, --port              Change Backend Port             default: 8083
-  -l, --lang              Default language                default: en
-  -y, --interactive       Interactive install   [yes|no]  default: yes
-  -s, --hostname          Set hostname
-  -e, --email             Set admin email
-  -p, --password          Set admin password
-  -D, --with-debs         Path to Hestia debs
-  -f, --force             Force installation
-  -h, --help              Print this help
-
-  Example: bash $0 -e demo@hestiacp.com -p p4ssw0rd --multiphp yes"
-	exit 1
-}
-
-# Defining file download function
-download_file() {
-	wget $1 -q --show-progress --progress=bar:force
-}
-
-# Defining password-gen function
-gen_pass() {
-	matrix=$1
-	length=$2
-	if [ -z "$matrix" ]; then
-		matrix="A-Za-z0-9"
-	fi
-	if [ -z "$length" ]; then
-		length=16
-	fi
-	head /dev/urandom | tr -dc $matrix | head -c$length
-}
-
-# Defining return code check function
-check_result() {
-	if [ $1 -ne 0 ]; then
-		echo "Error: $2"
-		exit $1
-	fi
-}
-
-# Defining function to set default value
-set_default_value() {
-	eval variable=\$$1
-	if [ -z "$variable" ]; then
-		eval $1=$2
-	fi
-	if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then
-		eval $1=$2
-	fi
-}
-
-# Defining function to set default language value
-set_default_lang() {
-	if [ -z "$lang" ]; then
-		eval lang=$1
-	fi
-	lang_list="ar az bg bn bs ckb cs da de el en es fa fi fr hr hu id it ja ka ko nl no pl pt pt-br ro ru sk sr sv th tr uk ur vi zh-cn zh-tw"
-	if ! (echo $lang_list | grep -w $lang > /dev/null 2>&1); then
-		eval lang=$1
-	fi
-}
-
-# Define the default backend port
-set_default_port() {
-	if [ -z "$port" ]; then
-		eval port=$1
-	fi
-}
-
-# Write configuration KEY/VALUE pair to $HESTIA/conf/hestia.conf
-write_config_value() {
-	local key="$1"
-	local value="$2"
-	echo "$key='$value'" >> $HESTIA/conf/hestia.conf
-}
-
-# Sort configuration file values
-# Write final copy to $HESTIA/conf/hestia.conf for active usage
-# Duplicate file to $HESTIA/conf/defaults/hestia.conf to restore known good installation values
-sort_config_file() {
-	sort $HESTIA/conf/hestia.conf -o /tmp/updconf
-	mv $HESTIA/conf/hestia.conf $HESTIA/conf/hestia.conf.bak
-	mv /tmp/updconf $HESTIA/conf/hestia.conf
-	rm -f $HESTIA/conf/hestia.conf.bak
-	if [ ! -d "$HESTIA/conf/defaults/" ]; then
-		mkdir -p "$HESTIA/conf/defaults/"
-	fi
-	cp $HESTIA/conf/hestia.conf $HESTIA/conf/defaults/hestia.conf
-}
-
-# Validate hostname according to RFC1178
-validate_hostname() {
-	# remove extra .
-	servername=$(echo "$servername" | sed -e "s/[.]*$//g")
-	servername=$(echo "$servername" | sed -e "s/^[.]*//")
-	if [[ $(echo "$servername" | grep -o "\." | wc -l) -gt 1 ]] && [[ ! $servername =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-		# Hostname valid
-		return 1
-	else
-		# Hostname invalid
-		return 0
-	fi
-}
-
-validate_email() {
-	if [[ ! "$email" =~ ^[A-Za-z0-9._%+-]+@[[:alnum:].-]+\.[A-Za-z]{2,63}$ ]]; then
-		# Email invalid
-		return 0
-	else
-		# Email valid
-		return 1
-	fi
-}
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-# Creating temporary file
-tmpfile=$(mktemp -p /tmp)
-
-# Translating argument to --gnu-long-options
-for arg; do
-	delim=""
-	case "$arg" in
-		--apache) args="${args}-a " ;;
-		--phpfpm) args="${args}-w " ;;
-		--vsftpd) args="${args}-v " ;;
-		--proftpd) args="${args}-j " ;;
-		--named) args="${args}-k " ;;
-		--mysql) args="${args}-m " ;;
-		--mysql-classic) args="${args}-M " ;;
-		--postgresql) args="${args}-g " ;;
-		--exim) args="${args}-x " ;;
-		--dovecot) args="${args}-z " ;;
-		--sieve) args="${args}-Z " ;;
-		--clamav) args="${args}-c " ;;
-		--spamassassin) args="${args}-t " ;;
-		--iptables) args="${args}-i " ;;
-		--fail2ban) args="${args}-b " ;;
-		--multiphp) args="${args}-o " ;;
-		--quota) args="${args}-q " ;;
-		--port) args="${args}-r " ;;
-		--lang) args="${args}-l " ;;
-		--interactive) args="${args}-y " ;;
-		--api) args="${args}-d " ;;
-		--hostname) args="${args}-s " ;;
-		--email) args="${args}-e " ;;
-		--password) args="${args}-p " ;;
-		--force) args="${args}-f " ;;
-		--with-debs) args="${args}-D " ;;
-		--help) args="${args}-h " ;;
-		*)
-			[[ "${arg:0:1}" == "-" ]] || delim="\""
-			args="${args}${delim}${arg}${delim} "
-			;;
-	esac
-done
-eval set -- "$args"
-
-# Parsing arguments
-while getopts "a:w:v:j:k:m:M:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do
-	case $Option in
-		a) apache=$OPTARG ;;       # Apache
-		w) phpfpm=$OPTARG ;;       # PHP-FPM
-		o) multiphp=$OPTARG ;;     # Multi-PHP
-		v) vsftpd=$OPTARG ;;       # Vsftpd
-		j) proftpd=$OPTARG ;;      # Proftpd
-		k) named=$OPTARG ;;        # Named
-		m) mysql=$OPTARG ;;        # MariaDB
-		M) mysqlclassic=$OPTARG ;; # MySQL
-		g) postgresql=$OPTARG ;;   # PostgreSQL
-		x) exim=$OPTARG ;;         # Exim
-		z) dovecot=$OPTARG ;;      # Dovecot
-		Z) sieve=$OPTARG ;;        # Sieve
-		c) clamd=$OPTARG ;;        # ClamAV
-		t) spamd=$OPTARG ;;        # SpamAssassin
-		i) iptables=$OPTARG ;;     # Iptables
-		b) fail2ban=$OPTARG ;;     # Fail2ban
-		q) quota=$OPTARG ;;        # FS Quota
-		r) port=$OPTARG ;;         # Backend Port
-		l) lang=$OPTARG ;;         # Language
-		d) api=$OPTARG ;;          # Activate API
-		y) interactive=$OPTARG ;;  # Interactive install
-		s) servername=$OPTARG ;;   # Hostname
-		e) email=$OPTARG ;;        # Admin email
-		p) vpass=$OPTARG ;;        # Admin password
-		D) withdebs=$OPTARG ;;     # Hestia debs path
-		f) force='yes' ;;          # Force install
-		h) help ;;                 # Help
-		*) help ;;                 # Print help (default)
-	esac
-done
-
-# Defining default software stack
-set_default_value 'nginx' 'yes'
-set_default_value 'apache' 'yes'
-set_default_value 'phpfpm' 'yes'
-set_default_value 'multiphp' 'no'
-set_default_value 'vsftpd' 'yes'
-set_default_value 'proftpd' 'no'
-set_default_value 'named' 'yes'
-set_default_value 'mysql' 'yes'
-set_default_value 'mysqlclassic' 'no'
-set_default_value 'postgresql' 'no'
-set_default_value 'exim' 'yes'
-set_default_value 'dovecot' 'yes'
-set_default_value 'sieve' 'no'
-if [ $memory -lt 1500000 ]; then
-	set_default_value 'clamd' 'no'
-	set_default_value 'spamd' 'no'
-elif [ $memory -lt 3000000 ]; then
-	set_default_value 'clamd' 'no'
-	set_default_value 'spamd' 'yes'
-else
-	set_default_value 'clamd' 'yes'
-	set_default_value 'spamd' 'yes'
-fi
-set_default_value 'iptables' 'yes'
-set_default_value 'fail2ban' 'yes'
-set_default_value 'quota' 'no'
-set_default_value 'interactive' 'yes'
-set_default_value 'api' 'yes'
-set_default_port '8083'
-set_default_lang 'en'
-
-# Checking software conflicts
-if [ "$proftpd" = 'yes' ]; then
-	vsftpd='no'
-fi
-if [ "$exim" = 'no' ]; then
-	clamd='no'
-	spamd='no'
-	dovecot='no'
-	sieve='no'
-fi
-if [ "$dovecot" = 'no' ]; then
-	sieve='no'
-fi
-if [ "$iptables" = 'no' ]; then
-	fail2ban='no'
-fi
-if [ "$apache" = "no" ]; then
-	phpfpm='yes'
-fi
-if [ "$mysql" = 'yes' ] && [ "$mysqlclassic" = 'yes' ]; then
-	mysql='no'
-fi
-
-# Checking root permissions
-if [ "x$(id -u)" != 'x0' ]; then
-	check_result 1 "Script can be run executed only by root"
-fi
-
-if [ -d "/usr/local/hestia" ]; then
-	check_result 1 "Hestia install detected. Unable to continue"
-fi
-
-# Checking admin user account
-if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then
-	echo 'Please remove admin user account before proceeding.'
-	echo 'If you want to do it automatically run installer with -f option:'
-	echo -e "Example: bash $0 --force\n"
-	check_result 1 "User admin exists"
-fi
-
-# Clear the screen once launch permissions have been verified
-clear
-
-# Configure apt to retry downloading on error
-if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
-	echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
-fi
-
-# Welcome message
-echo "Welcome to the Hestia Control Panel installer!"
-echo
-echo "Please wait, the installer is now checking for missing dependencies..."
-echo
-
-# Update apt repository
-apt-get -qq update
-
-# Creating backup directory
-mkdir -p "$hst_backups"
-
-# Pre-install packages
-echo "[ * ] Installing dependencies..."
-apt-get -y install $installer_dependencies >> $LOG
-check_result $? "Package installation failed, check log file for more details."
-
-# Check repository availability
-wget --quiet "https://$GPG/deb_signing.key" -O /dev/null
-check_result $? "Unable to connect to the Hestia APT repository"
-
-# Check installed packages
-tmpfile=$(mktemp -p /tmp)
-dpkg --get-selections > $tmpfile
-conflicts_pkg="exim4 mariadb-server apache2 nginx hestia postfix ufw"
-
-# Drop postfix from the list if exim should not be installed
-if [ "$exim" = 'no' ]; then
-	conflicts_pkg=$(echo $conflicts_pkg | sed 's/postfix//g' | xargs)
-fi
-
-for pkg in $conflicts_pkg; do
-	if [ -n "$(grep $pkg $tmpfile)" ]; then
-		conflicts="$pkg* $conflicts"
-	fi
-done
-rm -f $tmpfile
-if [ -n "$conflicts" ] && [ -z "$force" ]; then
-	echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-	echo
-	echo 'WARNING: The following packages are already installed'
-	echo "$conflicts"
-	echo
-	echo 'It is highly recommended that you remove them before proceeding.'
-	echo
-	echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-	echo
-	read -p 'Would you like to remove the conflicting packages? [y/n] ' answer
-	if [ "$answer" = 'y' ] || [ "$answer" = 'Y' ]; then
-		apt-get -qq purge $conflicts -y
-		check_result $? 'apt-get remove failed'
-		unset $answer
-	else
-		check_result 1 "Hestia Control Panel should be installed on a clean server."
-	fi
-fi
-
-# Check network configuration
-if [ -d /etc/netplan ] && [ -z "$force" ]; then
-	if [ -z "$(ls -A /etc/netplan)" ]; then
-		echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-		echo
-		echo 'WARNING: Your network configuration may not be set up correctly.'
-		echo 'Details: The netplan configuration directory is empty.'
-		echo ''
-		echo 'You may have a network configuration file that was created using'
-		echo 'systemd-networkd.'
-		echo ''
-		echo 'It is strongly recommended to migrate to netplan, which is now the'
-		echo 'default network configuration system in newer releases of Ubuntu.'
-		echo ''
-		echo 'While you can leave your configuration as-is, please note that you'
-		echo 'will not be able to use additional IPs properly.'
-		echo ''
-		echo 'If you wish to continue and force the installation,'
-		echo 'run this script with -f option:'
-		echo "Example: bash $0 --force"
-		echo
-		echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
-		echo
-		check_result 1 "Unable to detect netplan configuration."
-	fi
-fi
-
-# Validate whether installation script matches release version before continuing with install
-if [ -z "$withdebs" ] || [ ! -d "$withdebs" ]; then
-	release_branch_ver=$(curl -s https://raw.githubusercontent.com/hestiacp/hestiacp/release/src/deb/hestia/control | grep "Version:" | awk '{print $2}')
-	if [ "$HESTIA_INSTALL_VER" != "$release_branch_ver" ]; then
-		echo
-		echo -e "\e[91mInstallation aborted\e[0m"
-		echo "===================================================================="
-		echo -e "\e[33mERROR: Install script version does not match package version!\e[0m"
-		echo -e "\e[33mPlease download the installer from the release branch in order to continue:\e[0m"
-		echo ""
-		echo -e "\e[33mhttps://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install.sh\e[0m"
-		echo ""
-		echo -e "\e[33mTo test pre-release versions, build the .deb packages and re-run the installer:\e[0m"
-		echo -e "  \e[33m./hst_autocompile.sh \e[1m--hestia branchname no\e[21m\e[0m"
-		echo -e "  \e[33m./hst-install.sh .. \e[1m--with-debs /tmp/hestiacp-src/debs\e[21m\e[0m"
-		echo ""
-		check_result 1 "Installation aborted"
-	fi
-fi
-
-case $architecture in
-	x86_64)
-		ARCH="amd64"
-		;;
-	aarch64)
-		ARCH="arm64"
-		;;
-	*)
-		echo
-		echo -e "\e[91mInstallation aborted\e[0m"
-		echo "===================================================================="
-		echo -e "\e[33mERROR: $architecture is currently not supported!\e[0m"
-		echo -e "\e[33mPlease verify the achitecture used is currenlty supported\e[0m"
-		echo ""
-		echo -e "\e[33mhttps://github.com/hestiacp/hestiacp/blob/main/README.md\e[0m"
-		echo ""
-		check_result 1 "Installation aborted"
-		;;
-esac
-#----------------------------------------------------------#
-#                       Brief Info                         #
-#----------------------------------------------------------#
-
-install_welcome_message() {
-	DISPLAY_VER=$(echo $HESTIA_INSTALL_VER | sed "s|~alpha||g" | sed "s|~beta||g")
-	echo
-	echo '                _   _           _   _        ____ ____                  '
-	echo '               | | | | ___  ___| |_(_) __ _ / ___|  _ \                 '
-	echo '               | |_| |/ _ \/ __| __| |/ _` | |   | |_) |                '
-	echo '               |  _  |  __/\__ \ |_| | (_| | |___|  __/                 '
-	echo '               |_| |_|\___||___/\__|_|\__,_|\____|_|                    '
-	echo "                                                                        "
-	echo "                          Hestia Control Panel                          "
-	if [[ "$HESTIA_INSTALL_VER" =~ "beta" ]]; then
-		echo "                              BETA RELEASE                          "
-	fi
-	if [[ "$HESTIA_INSTALL_VER" =~ "alpha" ]]; then
-		echo "                          DEVELOPMENT SNAPSHOT                      "
-		echo "                    NOT INTENDED FOR PRODUCTION USE                 "
-		echo "                          USE AT YOUR OWN RISK                      "
-	fi
-	echo "                                  ${DISPLAY_VER}                        "
-	echo "                            www.hestiacp.com                            "
-	echo
-	echo "========================================================================"
-	echo
-	echo "Thank you for downloading Hestia Control Panel! In a few moments,"
-	echo "we will begin installing the following components on your server:"
-	echo
-}
-
-# Printing nice ASCII logo
-clear
-install_welcome_message
-
-# Web stack
-echo '   - NGINX Web / Proxy Server'
-if [ "$apache" = 'yes' ]; then
-	echo '   - Apache Web Server (as backend)'
-fi
-if [ "$phpfpm" = 'yes' ] && [ "$multiphp" = 'no' ]; then
-	echo '   - PHP-FPM Application Server'
-fi
-if [ "$multiphp" = 'yes' ]; then
-	phpfpm='yes'
-	echo '   - Multi-PHP Environment'
-fi
-
-# DNS stack
-if [ "$named" = 'yes' ]; then
-	echo '   - Bind DNS Server'
-fi
-
-# Mail stack
-if [ "$exim" = 'yes' ]; then
-	echo -n '   - Exim Mail Server'
-	if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ]; then
-		echo -n ' + '
-		if [ "$clamd" = 'yes' ]; then
-			echo -n 'ClamAV '
-		fi
-		if [ "$spamd" = 'yes' ]; then
-			if [ "$clamd" = 'yes' ]; then
-				echo -n '+ '
-			fi
-			echo -n 'SpamAssassin'
-		fi
-	fi
-	echo
-	if [ "$dovecot" = 'yes' ]; then
-		echo -n '   - Dovecot POP3/IMAP Server'
-		if [ "$sieve" = 'yes' ]; then
-			echo -n '+ Sieve'
-		fi
-	fi
-fi
-
-echo
-# Database stack
-if [ "$mysql" = 'yes' ]; then
-	echo '   - MariaDB Database Server'
-fi
-if [ "$mysqlclassic" = 'yes' ]; then
-	echo '   - MySQL8 Database Server'
-fi
-if [ "$postgresql" = 'yes' ]; then
-	echo '   - PostgreSQL Database Server'
-fi
-
-# FTP stack
-if [ "$vsftpd" = 'yes' ]; then
-	echo '   - Vsftpd FTP Server'
-fi
-if [ "$proftpd" = 'yes' ]; then
-	echo '   - ProFTPD FTP Server'
-fi
-
-# Firewall stack
-if [ "$iptables" = 'yes' ]; then
-	echo -n '   - Firewall (iptables)'
-fi
-if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
-	echo -n ' + Fail2Ban Access Monitor'
-fi
-echo -e "\n"
-echo "========================================================================"
-echo -e "\n"
-
-# Asking for confirmation to proceed
-if [ "$interactive" = 'yes' ]; then
-	read -p 'Would you like to continue with the installation? [Y/N]: ' answer
-	if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then
-		echo 'Goodbye'
-		exit 1
-	fi
-fi
-
-# Validate Email / Hostname even when interactive = no
-# Asking for contact email
-if [ -z "$email" ]; then
-	while validate_email; do
-		echo -e "\nPlease use a valid emailadress (ex. info@domain.tld)."
-		read -p 'Please enter admin email address: ' email
-	done
-else
-	if validate_email; then
-		echo "Please use a valid emailadress (ex. info@domain.tld)."
-		exit 1
-	fi
-fi
-
-# Asking to set FQDN hostname
-if [ -z "$servername" ]; then
-	# Ask and validate FQDN hostname.
-	read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
-
-	# Set hostname if it wasn't set
-	if [ -z "$servername" ]; then
-		servername=$(hostname -f)
-	fi
-
-	# Validate Hostname, go to loop if the validation fails.
-	while validate_hostname; do
-		echo -e "\nPlease use a valid hostname according to RFC1178 (ex. hostname.domain.tld)."
-		read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
-	done
-else
-	# Validate FQDN hostname if it is preset
-	if validate_hostname; then
-		echo "Please use a valid hostname according to RFC1178 (ex. hostname.domain.tld)."
-		exit 1
-	fi
-fi
-
-# Generating admin password if it wasn't set
-displaypass="The password you chose during installation."
-if [ -z "$vpass" ]; then
-	vpass=$(gen_pass)
-	displaypass=$vpass
-fi
-
-# Set FQDN if it wasn't set
-mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)'
-mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}'
-if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
-	if [[ -n "$servername" ]]; then
-		servername="$servername.example.com"
-	else
-		servername="example.com"
-	fi
-	echo "127.0.0.1 $servername" >> /etc/hosts
-fi
-
-if [[ -z $(grep -i "$servername" /etc/hosts) ]]; then
-	echo "127.0.0.1 $servername" >> /etc/hosts
-fi
-
-# Set email if it wasn't set
-if [[ -z "$email" ]]; then
-	email="admin@$servername"
-fi
-
-# Defining backup directory
-echo -e "Installation backup directory: $hst_backups"
-
-# Print Log File Path
-echo "Installation log file: $LOG"
-
-# Print new line
-echo
-
-#----------------------------------------------------------#
-#                      Checking swap                       #
-#----------------------------------------------------------#
-
-# Checking swap on small instances
-if [ -z "$(swapon -s)" ] && [ "$memory" -lt 1000000 ]; then
-	fallocate -l 1G /swapfile
-	chmod 600 /swapfile
-	mkswap /swapfile
-	swapon /swapfile
-	echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
-fi
-
-#----------------------------------------------------------#
-#                   Install repository                     #
-#----------------------------------------------------------#
-
-# Define apt conf location
-apt=/etc/apt/sources.list.d
-
-# Create new folder if not all-ready exists
-mkdir -p /root/.gnupg/ && chmod 700 /root/.gnupg/
-
-# Updating system
-echo "Adding required repositories to proceed with installation:"
-echo
-
-# Installing Nginx repo
-
-echo "[ * ] NGINX"
-echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list
-curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1
-
-#add-apt-repository  does not support it yet see #https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1862764
-# Installing sury PHP repo
-echo "[ * ] PHP"
-LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php > /dev/null 2>&1
-
-# Installing sury Apache2 repo
-if [ "$apache" = 'yes' ]; then
-	echo "[ * ] Apache2"
-	echo "deb http://ppa.launchpad.net/ondrej/apache2/ubuntu $codename main" > $apt/apache2.list
-fi
-
-# Installing MariaDB repo
-if [ "$mysql" = 'yes' ]; then
-	echo "[ * ] MariaDB"
-	if [ "$release" != '22.04' ]; then
-		echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://dlm.mariadb.com/repo/mariadb-server/$mariadb_v/repo/$VERSION $codename main" > $apt/mariadb.list
-	else
-		echo "#deb [arch=$ARCH signed-by=/usr/share/keyrings/mariadb-keyring.gpg] https://dlm.mariadb.com/repo/mariadb-server/$mariadb_v/repo/$VERSION $codename main" > $apt/mariadb.list
-	fi
-	curl -s https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor | tee /usr/share/keyrings/mariadb-keyring.gpg > /dev/null 2>&1
-fi
-
-# Installing HestiaCP repo
-echo "[ * ] Hestia Control Panel"
-echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/hestia-keyring.gpg] https://$RHOST/ $codename main" > $apt/hestia.list
-gpg --no-default-keyring --keyring /usr/share/keyrings/hestia-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
-
-# Installing PostgreSQL repo
-if [ "$postgresql" = 'yes' ]; then
-	echo "[ * ] PostgreSQL"
-	echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" > $apt/postgresql.list
-	curl -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /usr/share/keyrings/postgresql-keyring.gpg > /dev/null 2>&1
-fi
-
-# Echo for a new line
-echo
-
-# Updating system
-echo -ne "Updating currently installed packages, please wait... "
-apt-get -qq update
-apt-get -y upgrade >> $LOG &
-BACK_PID=$!
-
-# Check if package installation is done, print a spinner
-spin_i=1
-while kill -0 $BACK_PID > /dev/null 2>&1; do
-	printf "\b${spinner:spin_i++%${#spinner}:1}"
-	sleep 0.5
-done
-
-# Do a blank echo to get the \n back
-echo
-
-# Check Installation result
-wait $BACK_PID
-check_result $? 'apt-get upgrade failed'
-
-#----------------------------------------------------------#
-#                         Backup                           #
-#----------------------------------------------------------#
-
-# Creating backup directory tree
-mkdir -p $hst_backups
-cd $hst_backups
-mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd
-mkdir spamassassin mysql postgresql hestia
-
-# Backup nginx configuration
-systemctl stop nginx > /dev/null 2>&1
-cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1
-
-# Backup Apache configuration
-systemctl stop apache2 > /dev/null 2>&1
-cp -r /etc/apache2/* $hst_backups/apache2 > /dev/null 2>&1
-rm -f /etc/apache2/conf.d/* > /dev/null 2>&1
-
-# Backup PHP-FPM configuration
-systemctl stop php*-fpm > /dev/null 2>&1
-cp -r /etc/php/* $hst_backups/php/ > /dev/null 2>&1
-
-# Backup Bind configuration
-systemctl stop bind9 > /dev/null 2>&1
-cp -r /etc/bind/* $hst_backups/bind > /dev/null 2>&1
-
-# Backup Vsftpd configuration
-systemctl stop vsftpd > /dev/null 2>&1
-cp /etc/vsftpd.conf $hst_backups/vsftpd > /dev/null 2>&1
-
-# Backup ProFTPD configuration
-systemctl stop proftpd > /dev/null 2>&1
-cp /etc/proftpd/* $hst_backups/proftpd > /dev/null 2>&1
-
-# Backup Exim configuration
-systemctl stop exim4 > /dev/null 2>&1
-cp -r /etc/exim4/* $hst_backups/exim4 > /dev/null 2>&1
-
-# Backup ClamAV configuration
-systemctl stop clamav-daemon > /dev/null 2>&1
-cp -r /etc/clamav/* $hst_backups/clamav > /dev/null 2>&1
-
-# Backup SpamAssassin configuration
-systemctl stop spamassassin > /dev/null 2>&1
-cp -r /etc/spamassassin/* $hst_backups/spamassassin > /dev/null 2>&1
-
-# Backup Dovecot configuration
-systemctl stop dovecot > /dev/null 2>&1
-cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1
-cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1
-
-# Backup MySQL/MariaDB configuration and data
-systemctl stop mysql > /dev/null 2>&1
-killall -9 mysqld > /dev/null 2>&1
-mv /var/lib/mysql $hst_backups/mysql/mysql_datadir > /dev/null 2>&1
-cp -r /etc/mysql/* $hst_backups/mysql > /dev/null 2>&1
-mv -f /root/.my.cnf $hst_backups/mysql > /dev/null 2>&1
-
-# Backup Hestia
-systemctl stop hestia > /dev/null 2>&1
-cp -r $HESTIA/* $hst_backups/hestia > /dev/null 2>&1
-apt-get -y purge hestia hestia-nginx hestia-php > /dev/null 2>&1
-rm -rf $HESTIA > /dev/null 2>&1
-
-#----------------------------------------------------------#
-#                     Package Includes                     #
-#----------------------------------------------------------#
-
-if [ "$phpfpm" = 'yes' ]; then
-	fpm="php$fpm_v php$fpm_v-common php$fpm_v-bcmath php$fpm_v-cli
-         php$fpm_v-curl php$fpm_v-fpm php$fpm_v-gd php$fpm_v-intl
-         php$fpm_v-mysql php$fpm_v-soap php$fpm_v-xml php$fpm_v-zip
-         php$fpm_v-mbstring php$fpm_v-bz2 php$fpm_v-pspell
-         php$fpm_v-imagick"
-	software="$software $fpm"
-fi
-
-#----------------------------------------------------------#
-#                     Package Excludes                     #
-#----------------------------------------------------------#
-
-# Excluding packages
-software=$(echo "$software" | sed -e "s/apache2.2-common//")
-
-if [ "$apache" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/apache2 //")
-	software=$(echo "$software" | sed -e "s/apache2-bin//")
-	software=$(echo "$software" | sed -e "s/apache2-utils//")
-	software=$(echo "$software" | sed -e "s/apache2-suexec-custom//")
-	software=$(echo "$software" | sed -e "s/apache2.2-common//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-rpaf//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-fcgid//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//")
-fi
-if [ "$vsftpd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/vsftpd//")
-fi
-if [ "$proftpd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/proftpd-basic//")
-	software=$(echo "$software" | sed -e "s/proftpd-mod-vroot//")
-fi
-if [ "$named" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/bind9//")
-fi
-if [ "$exim" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/exim4 //")
-	software=$(echo "$software" | sed -e "s/exim4-daemon-heavy//")
-	software=$(echo "$software" | sed -e "s/dovecot-imapd//")
-	software=$(echo "$software" | sed -e "s/dovecot-pop3d//")
-	software=$(echo "$software" | sed -e "s/clamav-daemon//")
-	software=$(echo "$software" | sed -e "s/spamassassin//")
-	software=$(echo "$software" | sed -e "s/dovecot-sieve//")
-	software=$(echo "$software" | sed -e "s/dovecot-managesieved//")
-fi
-if [ "$clamd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/clamav-daemon//")
-fi
-if [ "$spamd" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/spamassassin//")
-fi
-if [ "$dovecot" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/dovecot-imapd//")
-	software=$(echo "$software" | sed -e "s/dovecot-pop3d//")
-fi
-if [ "$sieve" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/dovecot-sieve//")
-	software=$(echo "$software" | sed -e "s/dovecot-managesieved//")
-fi
-if [ "$mysql" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/mariadb-server//")
-	software=$(echo "$software" | sed -e "s/mariadb-client//")
-	software=$(echo "$software" | sed -e "s/mariadb-common//")
-fi
-if [ "$mysqlclassic" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/mysql-server//")
-	software=$(echo "$software" | sed -e "s/mysql-client//")
-	software=$(echo "$software" | sed -e "s/mysql-common//")
-fi
-if [ "$mysql" = 'no' ] && [ "$mysqlclassic" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/php$fpm_v-mysql//")
-	if [ "$multiphp" = 'yes' ]; then
-		for v in "${multiphp_v[@]}"; do
-			software=$(echo "$software" | sed -e "s/php$v-mysql//")
-			software=$(echo "$software" | sed -e "s/php$v-bz2//")
-		done
-	fi
-fi
-if [ "$postgresql" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/postgresql-contrib//")
-	software=$(echo "$software" | sed -e "s/postgresql//")
-	software=$(echo "$software" | sed -e "s/php$fpm_v-pgsql//")
-	if [ "$multiphp" = 'yes' ]; then
-		for v in "${multiphp_v[@]}"; do
-			software=$(echo "$software" | sed -e "s/php$v-pgsql//")
-		done
-	fi
-	software=$(echo "$software" | sed -e "s/phppgadmin//")
-fi
-if [ "$fail2ban" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/fail2ban//")
-fi
-if [ "$iptables" = 'no' ]; then
-	software=$(echo "$software" | sed -e "s/ipset//")
-	software=$(echo "$software" | sed -e "s/fail2ban//")
-fi
-if [ "$phpfpm" = 'yes' ]; then
-	software=$(echo "$software" | sed -e "s/php$fpm_v-cgi//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-ruid2//")
-	software=$(echo "$software" | sed -e "s/libapache2-mod-php$fpm_v//")
-fi
-if [ -d "$withdebs" ]; then
-	software=$(echo "$software" | sed -e "s/hestia-nginx//")
-	software=$(echo "$software" | sed -e "s/hestia-php//")
-	software=$(echo "$software" | sed -e "s/hestia=${HESTIA_INSTALL_VER}//")
-fi
-if [ "$release" = '18.04' ]; then
-	software=$(echo "$software" | sed -e "s/libonig5/libonig4/")
-	software=$(echo "$software" | sed -e "s/libzip5/libzip4/")
-fi
-if [ "$release" = '20.04' ]; then
-	software=$(echo "$software" | sed -e "s/setpriv/util-linux/")
-fi
-if [ "$release" = '22.04' ]; then
-	software=$(echo "$software" | sed -e "s/setpriv/util-linux/")
-	software=$(echo "$software" | sed -e "s/libzip5/libzip4/")
-fi
-
-#----------------------------------------------------------#
-#                 Disable Apparmor on LXC                  #
-#----------------------------------------------------------#
-
-if grep --quiet lxc /proc/1/environ; then
-	if [ -f /etc/init.d/apparmor ]; then
-		systemctl stop apparmor > /dev/null 2>&1
-		systemctl disable apparmor > /dev/null 2>&1
-	fi
-fi
-
-#----------------------------------------------------------#
-#                     Install packages                     #
-#----------------------------------------------------------#
-
-# Disabling daemon autostart on apt-get install
-echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d
-chmod a+x /usr/sbin/policy-rc.d
-
-# Installing apt packages
-echo "The installer is now downloading and installing all required packages."
-echo -ne "NOTE: This process may take 10 to 15 minutes to complete, please wait... "
-echo
-apt-get -y install $software > $LOG
-BACK_PID=$!
-
-# Check if package installation is done, print a spinner
-spin_i=1
-while kill -0 $BACK_PID > /dev/null 2>&1; do
-	printf "\b${spinner:spin_i++%${#spinner}:1}"
-	sleep 0.5
-done
-
-# Do a blank echo to get the \n back
-echo
-
-# Check Installation result
-wait $BACK_PID
-check_result $? "apt-get install failed"
-
-echo
-echo "========================================================================"
-echo
-
-# Install Hestia packages from local folder
-if [ -n "$withdebs" ] && [ -d "$withdebs" ]; then
-	echo "[ * ] Installing local package files..."
-	echo "    - hestia core package"
-	dpkg -i $withdebs/hestia_*.deb > /dev/null 2>&1
-
-	if [ -z $(ls $withdebs/hestia-php_*.deb 2> /dev/null) ]; then
-		echo "    - hestia-php backend package (from apt)"
-		apt-get -y install hestia-php > /dev/null 2>&1
-	else
-		echo "    - hestia-php backend package"
-		dpkg -i $withdebs/hestia-php_*.deb > /dev/null 2>&1
-	fi
-
-	if [ -z $(ls $withdebs/hestia-nginx_*.deb 2> /dev/null) ]; then
-		echo "    - hestia-nginx backend package (from apt)"
-		apt-get -y install hestia-nginx > /dev/null 2>&1
-	else
-		echo "    - hestia-nginx backend package"
-		dpkg -i $withdebs/hestia-nginx_*.deb > /dev/null 2>&1
-	fi
-fi
-
-# Restoring autostart policy
-rm -f /usr/sbin/policy-rc.d
-
-#----------------------------------------------------------#
-#                     Configure system                     #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring system settings..."
-
-# Enable SFTP subsystem for SSH
-sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
-if [ -n "$sftp_subsys_enabled" ]; then
-	sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
-fi
-
-# Reduce SSH login grace time
-sed -i "s/[#]LoginGraceTime [[:digit:]]m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
-
-# Disable SSH suffix broadcast
-if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
-	sed -i '/^[#]Banner .*/a DebianBanner no' /etc/ssh/sshd_config
-	if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
-		# If first attempt fails just add it
-		echo '' >> /etc/ssh/sshd_config
-		echo 'DebianBanner no' >> /etc/ssh/sshd_config
-	fi
-fi
-
-# Restart SSH daemon
-systemctl restart ssh
-
-# Disable AWStats cron
-rm -f /etc/cron.d/awstats
-
-# Set directory color
-if [ -z "$(grep 'LS_COLORS="$LS_COLORS:di=00;33"' /etc/profile)" ]; then
-	echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
-fi
-
-# Registering /usr/sbin/nologin
-if [ -z "$(grep nologin /etc/shells)" ]; then
-	echo "/usr/sbin/nologin" >> /etc/shells
-fi
-
-# Configuring NTP
-sed -i 's/#NTP=/NTP=pool.ntp.org/' /etc/systemd/timesyncd.conf
-systemctl enable systemd-timesyncd
-systemctl start systemd-timesyncd
-
-# Check iptables paths and add symlinks when necessary
-if [ ! -e "/sbin/iptables" ]; then
-	if which iptables > /dev/null; then
-		ln -s "$(which iptables)" /sbin/iptables
-	elif [ -e "/usr/sbin/iptables" ]; then
-		ln -s /usr/sbin/iptables /sbin/iptables
-	elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables; then
-		autoiptables=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables | cut -d '' -f 2)
-		if [ -x "$autoiptables" ]; then
-			ln -s "$autoiptables" /sbin/iptables
-		fi
-	fi
-fi
-
-if [ ! -e "/sbin/iptables-save" ]; then
-	if which iptables-save > /dev/null; then
-		ln -s "$(which iptables-save)" /sbin/iptables-save
-	elif [ -e "/usr/sbin/iptables-save" ]; then
-		ln -s /usr/sbin/iptables-save /sbin/iptables-save
-	elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save; then
-		autoiptables_save=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save | cut -d '' -f 2)
-		if [ -x "$autoiptables_save" ]; then
-			ln -s "$autoiptables_save" /sbin/iptables-save
-		fi
-	fi
-fi
-
-if [ ! -e "/sbin/iptables-restore" ]; then
-	if which iptables-restore > /dev/null; then
-		ln -s "$(which iptables-restore)" /sbin/iptables-restore
-	elif [ -e "/usr/sbin/iptables-restore" ]; then
-		ln -s /usr/sbin/iptables-restore /sbin/iptables-restore
-	elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore; then
-		autoiptables_restore=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore | cut -d '' -f 2)
-		if [ -x "$autoiptables_restore" ]; then
-			ln -s "$autoiptables_restore" /sbin/iptables-restore
-		fi
-	fi
-fi
-
-# Restrict access to /proc fs
-# - Prevent unpriv users from seeing each other running processes
-mount -o remount,defaults,hidepid=2 /proc > /dev/null 2>&1
-if [ $? -ne 0 ]; then
-	echo "Info: Cannot remount /proc (LXC containers require additional perm added to host apparmor profile)"
-else
-	echo "@reboot root sleep 5 && mount -o remount,defaults,hidepid=2 /proc" > /etc/cron.d/hestia-proc
-fi
-
-#----------------------------------------------------------#
-#                     Configure Hestia                     #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring Hestia Control Panel..."
-# Installing sudo configuration
-mkdir -p /etc/sudoers.d
-cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
-chmod 440 /etc/sudoers.d/admin
-
-# Add Hestia global config
-if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
-	mkdir -p /etc/hestiacp
-	echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
-fi
-
-# Configuring system env
-echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
-echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh
-echo 'export PATH' >> /etc/profile.d/hestia.sh
-chmod 755 /etc/profile.d/hestia.sh
-source /etc/profile.d/hestia.sh
-
-# Configuring logrotate for Hestia logs
-cp -f $HESTIA_INSTALL_DIR/logrotate/hestia /etc/logrotate.d/hestia
-
-# Create log path and symbolic link
-rm -f /var/log/hestia
-mkdir -p /var/log/hestia
-ln -s /var/log/hestia $HESTIA/log
-
-# Building directory tree and creating some blank files for Hestia
-mkdir -p $HESTIA/conf $HESTIA/ssl $HESTIA/data/ips \
-	$HESTIA/data/queue $HESTIA/data/users $HESTIA/data/firewall \
-	$HESTIA/data/sessions
-touch $HESTIA/data/queue/backup.pipe $HESTIA/data/queue/disk.pipe \
-	$HESTIA/data/queue/webstats.pipe $HESTIA/data/queue/restart.pipe \
-	$HESTIA/data/queue/traffic.pipe $HESTIA/data/queue/daily.pipe $HESTIA/log/system.log \
-	$HESTIA/log/nginx-error.log $HESTIA/log/auth.log $HESTIA/log/backup.log
-chmod 750 $HESTIA/conf $HESTIA/data/users $HESTIA/data/ips $HESTIA/log
-chmod -R 750 $HESTIA/data/queue
-chmod 660 /var/log/hestia/*
-chmod 770 $HESTIA/data/sessions
-
-# Generating Hestia configuration
-rm -f $HESTIA/conf/hestia.conf > /dev/null 2>&1
-touch $HESTIA/conf/hestia.conf
-chmod 660 $HESTIA/conf/hestia.conf
-
-# Write default port value to hestia.conf
-# If a custom port is specified it will be set at the end of the installation process.
-write_config_value "BACKEND_PORT" "8083"
-
-# Web stack
-if [ "$apache" = 'yes' ]; then
-	write_config_value "WEB_SYSTEM" "apache2"
-	write_config_value "WEB_RGROUPS" "www-data"
-	write_config_value "WEB_PORT" "8080"
-	write_config_value "WEB_SSL_PORT" "8443"
-	write_config_value "WEB_SSL" "mod_ssl"
-	write_config_value "PROXY_SYSTEM" "nginx"
-	write_config_value "PROXY_PORT" "80"
-	write_config_value "PROXY_SSL_PORT" "443"
-	write_config_value "STATS_SYSTEM" "awstats"
-fi
-
-if [ "$apache" = 'no' ]; then
-	write_config_value "WEB_SYSTEM" "nginx"
-	write_config_value "WEB_PORT" "80"
-	write_config_value "WEB_SSL_PORT" "443"
-	write_config_value "WEB_SSL" "openssl"
-	write_config_value "STATS_SYSTEM" "awstats"
-fi
-
-if [ "$phpfpm" = 'yes' ] || [ "$multiphp" = 'yes' ]; then
-	write_config_value "WEB_BACKEND" "php-fpm"
-fi
-
-# Database stack
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	installed_db_types='mysql'
-fi
-
-if [ "$postgresql" = 'yes' ]; then
-	installed_db_types="$installed_db_types,pgsql"
-fi
-
-if [ -n "$installed_db_types" ]; then
-	db=$(echo "$installed_db_types" \
-		| sed "s/,/\n/g" \
-		| sort -r -u \
-		| sed "/^$/d" \
-		| sed ':a;N;$!ba;s/\n/,/g')
-	write_config_value "DB_SYSTEM" "$db"
-fi
-
-# FTP stack
-if [ "$vsftpd" = 'yes' ]; then
-	write_config_value "FTP_SYSTEM" "vsftpd"
-fi
-if [ "$proftpd" = 'yes' ]; then
-	write_config_value "FTP_SYSTEM" "proftpd"
-fi
-
-# DNS stack
-if [ "$named" = 'yes' ]; then
-	write_config_value "DNS_SYSTEM" "bind9"
-fi
-
-# Mail stack
-if [ "$exim" = 'yes' ]; then
-	write_config_value "MAIL_SYSTEM" "exim4"
-	if [ "$clamd" = 'yes' ]; then
-		write_config_value "ANTIVIRUS_SYSTEM" "clamav-daemon"
-	fi
-	if [ "$spamd" = 'yes' ]; then
-		write_config_value "ANTISPAM_SYSTEM" "spamassassin"
-	fi
-	if [ "$dovecot" = 'yes' ]; then
-		write_config_value "IMAP_SYSTEM" "dovecot"
-	fi
-	if [ "$sieve" = 'yes' ]; then
-		write_config_value "SIEVE_SYSTEM" "yes"
-	fi
-fi
-
-# Cron daemon
-write_config_value "CRON_SYSTEM" "cron"
-
-# Firewall stack
-if [ "$iptables" = 'yes' ]; then
-	write_config_value "FIREWALL_SYSTEM" "iptables"
-fi
-if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
-	write_config_value "FIREWALL_EXTENSION" "fail2ban"
-fi
-
-# Disk quota
-if [ "$quota" = 'yes' ]; then
-	write_config_value "DISK_QUOTA" "yes"
-else
-	write_config_value "DISK_QUOTA" "no"
-fi
-
-# Backups
-write_config_value "BACKUP_SYSTEM" "local"
-write_config_value "BACKUP_GZIP" "4"
-write_config_value "BACKUP_MODE" "zstd"
-
-# Language
-write_config_value "LANGUAGE" "$lang"
-
-# Login in screen
-write_config_value "LOGIN_STYLE" "default"
-
-# Theme
-write_config_value "THEME" "dark"
-
-# Inactive session timeout
-write_config_value "INACTIVE_SESSION_TIMEOUT" "60"
-
-# Version & Release Branch
-write_config_value "VERSION" "${HESTIA_INSTALL_VER}"
-write_config_value "RELEASE_BRANCH" "release"
-
-# Email notifications after upgrade
-write_config_value "UPGRADE_SEND_EMAIL" "true"
-write_config_value "UPGRADE_SEND_EMAIL_LOG" "false"
-
-# Installing hosting packages
-cp -rf $HESTIA_COMMON_DIR/packages $HESTIA/data/
-
-# Update nameservers in hosting package
-IFS='.' read -r -a domain_elements <<< "$servername"
-if [ -n "${domain_elements[-2]}" ] && [ -n "${domain_elements[-1]}" ]; then
-	serverdomain="${domain_elements[-2]}.${domain_elements[-1]}"
-	sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg
-fi
-
-# Installing templates
-cp -rf $HESTIA_INSTALL_DIR/templates $HESTIA/data/
-cp -rf $HESTIA_COMMON_DIR/templates/web/ $HESTIA/data/templates
-cp -rf $HESTIA_COMMON_DIR/templates/dns/ $HESTIA/data/templates
-
-mkdir -p /var/www/html
-mkdir -p /var/www/document_errors
-
-# Install default success page
-cp -rf $HESTIA_COMMON_DIR/templates/web/unassigned/index.html /var/www/html/
-cp -rf $HESTIA_COMMON_DIR/templates/web/skel/document_errors/* /var/www/document_errors/
-
-# Installing firewall rules
-cp -rf $HESTIA_COMMON_DIR/firewall $HESTIA/data/
-
-# Installing apis
-cp -rf $HESTIA_COMMON_DIR/api $HESTIA/data/
-
-# Configuring server hostname
-$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1
-
-# Generating SSL certificate
-echo "[ * ] Generating default self-signed SSL certificate..."
-if [ "$release" = "18.04" ]; then
-	$HESTIA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
-		'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
-else
-	$HESTIA/bin/v-generate-ssl-cert $(hostname) '' 'US' 'California' \
-		'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
-fi
-# Parsing certificate file
-crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem | cut -f 1 -d:)
-if [ "$release" = "22.04" ]; then
-	key_start=$(grep -n "BEGIN PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:)
-	key_end=$(grep -n "END PRIVATE KEY" /tmp/hst.pem | cut -f 1 -d:)
-else
-	key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem | cut -f 1 -d:)
-	key_end=$(grep -n "END RSA" /tmp/hst.pem | cut -f 1 -d:)
-fi
-
-# Adding SSL certificate
-echo "[ * ] Adding SSL certificate to Hestia Control Panel..."
-cd $HESTIA/ssl
-sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
-sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
-chown root:mail $HESTIA/ssl/*
-chmod 660 $HESTIA/ssl/*
-rm /tmp/hst.pem
-
-# Install dhparam.pem
-cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
-
-# Deleting old admin user
-if [ -n "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	userdel -f admin > /dev/null 2>&1
-	chattr -i /home/admin/conf > /dev/null 2>&1
-	mv -f /home/admin $hst_backups/home/ > /dev/null 2>&1
-	rm -f /tmp/sess_* > /dev/null 2>&1
-fi
-if [ -n "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
-	groupdel admin > /dev/null 2>&1
-fi
-# Remove sudo "default" sudo permission admin user group should not exists any way
-sed -i "s/%admin ALL=(ALL) ALL/#%admin ALL=(ALL) ALL/g" /etc/sudoers
-
-# Enable sftp jail
-echo "[ * ] Enable SFTP jail..."
-$HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1
-check_result $? "can't enable sftp jail"
-
-# Adding Hestia admin account
-echo "[ * ] Create admin account..."
-$HESTIA/bin/v-add-user admin $vpass $email "system" "System Administrator"
-check_result $? "can't create admin user"
-$HESTIA/bin/v-change-user-shell admin nologin
-$HESTIA/bin/v-change-user-role admin admin
-$HESTIA/bin/v-change-user-language admin $lang
-$HESTIA/bin/v-change-sys-config-value 'POLICY_SYSTEM_PROTECTED_ADMIN' 'yes'
-
-locale-gen "en_US.utf8" > /dev/null 2>&1
-
-#----------------------------------------------------------#
-#                     Configure Nginx                      #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring NGINX..."
-rm -f /etc/nginx/conf.d/*.conf
-cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/
-cp -f $HESTIA_INSTALL_DIR/nginx/status.conf /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/
-cp -f $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/
-mkdir -p /etc/nginx/conf.d/domains
-mkdir -p /etc/nginx/modules-enabled
-mkdir -p /var/log/nginx/domains
-
-# Update dns servers in nginx.conf
-dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
-for ip in $dns_resolver; do
-	if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-		resolver="$ip $resolver"
-	fi
-done
-if [ -n "$resolver" ]; then
-	sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
-	sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
-fi
-
-update-rc.d nginx defaults > /dev/null 2>&1
-systemctl start nginx >> $LOG
-check_result $? "nginx start failed"
-
-#----------------------------------------------------------#
-#                    Configure Apache                      #
-#----------------------------------------------------------#
-
-if [ "$apache" = 'yes' ]; then
-	echo "[ * ] Configuring Apache Web Server..."
-
-	mkdir -p /etc/apache2/conf.d
-	mkdir -p /etc/apache2/conf.d/domains
-
-	# Copy configuration files
-	cp -f $HESTIA_INSTALL_DIR/apache2/apache2.conf /etc/apache2/
-	cp -f $HESTIA_INSTALL_DIR/apache2/status.conf /etc/apache2/mods-available/hestia-status.conf
-	cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load
-	cp -f $HESTIA_INSTALL_DIR/logrotate/apache2 /etc/logrotate.d/
-
-	# Enable needed modules
-	a2enmod rewrite > /dev/null 2>&1
-	a2enmod suexec > /dev/null 2>&1
-	a2enmod ssl > /dev/null 2>&1
-	a2enmod actions > /dev/null 2>&1
-	a2dismod --quiet status > /dev/null 2>&1
-	a2enmod --quiet hestia-status > /dev/null 2>&1
-
-	# Enable mod_ruid/mpm_itk or mpm_event
-	if [ "$phpfpm" = 'yes' ]; then
-		# Disable prefork and php, enable event
-		a2dismod php$fpm_v > /dev/null 2>&1
-		a2dismod mpm_prefork > /dev/null 2>&1
-		a2enmod mpm_event > /dev/null 2>&1
-		cp -f $HESTIA_INSTALL_DIR/apache2/hestia-event.conf /etc/apache2/conf.d/
-	else
-		a2enmod ruid2 > /dev/null 2>&1
-	fi
-
-	echo "# Powered by hestia" > /etc/apache2/sites-available/default
-	echo "# Powered by hestia" > /etc/apache2/sites-available/default-ssl
-	echo "# Powered by hestia" > /etc/apache2/ports.conf
-	echo -e "/home\npublic_html/cgi-bin" > /etc/apache2/suexec/www-data
-	touch /var/log/apache2/access.log /var/log/apache2/error.log
-	mkdir -p /var/log/apache2/domains
-	chmod a+x /var/log/apache2
-	chmod 640 /var/log/apache2/access.log /var/log/apache2/error.log
-	chmod 751 /var/log/apache2/domains
-
-	# Prevent remote access to server-status page
-	sed -i '/Allow from all/d' /etc/apache2/mods-available/hestia-status.conf
-
-	update-rc.d apache2 defaults > /dev/null 2>&1
-	systemctl start apache2 >> $LOG
-	check_result $? "apache2 start failed"
-else
-	update-rc.d apache2 disable > /dev/null 2>&1
-	systemctl stop apache2 > /dev/null 2>&1
-fi
-
-#----------------------------------------------------------#
-#                     Configure PHP-FPM                    #
-#----------------------------------------------------------#
-
-if [ "$phpfpm" = "yes" ]; then
-	if [ "$multiphp" = 'yes' ]; then
-		for v in "${multiphp_v[@]}"; do
-			echo "[ * ] Install PHP $v..."
-			$HESTIA/bin/v-add-web-php "$v" > /dev/null 2>&1
-		done
-	else
-		echo "[ * ] Install  PHP $fpm_v..."
-		$HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1
-	fi
-
-	echo "[ * ] Configuring PHP-FPM $fpm_v..."
-	# Create www.conf for webmail and php(*)admin
-	cp -f $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
-	update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1
-	systemctl start php$fpm_v-fpm >> $LOG
-	check_result $? "php-fpm start failed"
-	# Set default php version to $fpm_v
-	update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1
-fi
-
-#----------------------------------------------------------#
-#                     Configure PHP                        #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring PHP..."
-ZONE=$(timedatectl > /dev/null 2>&1 | grep Timezone | awk '{print $2}')
-if [ -z "$ZONE" ]; then
-	ZONE='UTC'
-fi
-for pconf in $(find /etc/php* -name php.ini); do
-	sed -i "s%;date.timezone =%date.timezone = $ZONE%g" $pconf
-	sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf
-done
-
-# Cleanup php session files not changed in the last 7 days (60*24*7 minutes)
-echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup
-echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
-echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
-chmod 755 /etc/cron.daily/php-session-cleanup
-
-#----------------------------------------------------------#
-#                    Configure Vsftpd                      #
-#----------------------------------------------------------#
-
-if [ "$vsftpd" = 'yes' ]; then
-	echo "[ * ] Configuring Vsftpd server..."
-	cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
-	touch /var/log/vsftpd.log
-	chown root:adm /var/log/vsftpd.log
-	chmod 640 /var/log/vsftpd.log
-	touch /var/log/xferlog
-	chown root:adm /var/log/xferlog
-	chmod 640 /var/log/xferlog
-	update-rc.d vsftpd defaults
-	systemctl start vsftpd >> $LOG
-	check_result $? "vsftpd start failed"
-fi
-
-#----------------------------------------------------------#
-#                    Configure ProFTPD                     #
-#----------------------------------------------------------#
-
-if [ "$proftpd" = 'yes' ]; then
-	echo "[ * ] Configuring ProFTPD server..."
-	echo "127.0.0.1 $servername" >> /etc/hosts
-	cp -f $HESTIA_INSTALL_DIR/proftpd/proftpd.conf /etc/proftpd/
-	cp -f $HESTIA_INSTALL_DIR/proftpd/tls.conf /etc/proftpd/
-	if [ "$release" = '22.04' ]; then
-		sed -i 's|IdentLookups                  off|#IdentLookups                  off|g' /etc/proftpd/proftpd.conf
-	fi
-	update-rc.d proftpd defaults > /dev/null 2>&1
-	systemctl start proftpd >> $LOG
-	check_result $? "proftpd start failed"
-	if [ "$release" = '22.04' ]; then
-		unit_files="$(systemctl list-unit-files | grep proftpd)"
-		if [[ "$unit_files" =~ "disabled" ]]; then
-			systemctl enable proftpd
-		fi
-	fi
-fi
-
-#----------------------------------------------------------#
-#               Configure MariaDB / MySQL                  #
-#----------------------------------------------------------#
-
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	[ "$mysql" = 'yes' ] && mysql_type="MariaDB" || mysql_type="MySQL"
-	echo "[ * ] Configuring $mysql_type database server..."
-	mycnf="my-small.cnf"
-	if [ $memory -gt 1200000 ]; then
-		mycnf="my-medium.cnf"
-	fi
-	if [ $memory -gt 3900000 ]; then
-		mycnf="my-large.cnf"
-	fi
-
-	if [ "$mysql_type" = 'MariaDB' ]; then
-		# Run mysql_install_db
-		mysql_install_db >> $LOG
-	fi
-
-	# Remove symbolic link
-	rm -f /etc/mysql/my.cnf
-	# Configuring MariaDB
-	cp -f $HESTIA_INSTALL_DIR/mysql/$mycnf /etc/mysql/my.cnf
-
-	# Switch MariaDB inclusions to the MySQL
-	if [ "$mysql_type" = 'MySQL' ]; then
-		sed -i '/query_cache_size/d' /etc/mysql/my.cnf
-		sed -i 's|mariadb.conf.d|mysql.conf.d|g' /etc/mysql/my.cnf
-	fi
-
-	update-rc.d mysql defaults > /dev/null 2>&1
-	systemctl start mysql >> $LOG
-	check_result $? "${mysql_type,,} start failed"
-
-	# Securing MariaDB/MySQL installation
-	mpass=$(gen_pass)
-	echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
-	chmod 600 /root/.my.cnf
-
-	# Alter root password
-	mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$mpass'; FLUSH PRIVILEGES;"
-	if [ "$mysql_type" = 'MariaDB' ]; then
-		# Allow mysql access via socket for startup
-		mysql -e "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';"
-		# Disable anonymous users
-		mysql -e "DELETE FROM mysql.global_priv WHERE User='';"
-	else
-		mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '$mpass';"
-		mysql -e "DELETE FROM mysql.user WHERE User='';"
-		mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
-	fi
-	# Drop test database
-	mysql -e "DROP DATABASE IF EXISTS test"
-	mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
-	# Flush privileges
-	mysql -e "FLUSH PRIVILEGES;"
-fi
-
-#----------------------------------------------------------#
-#                    Configure phpMyAdmin                  #
-#----------------------------------------------------------#
-
-# Source upgrade.conf with phpmyadmin versions
-# shellcheck source=/usr/local/hestia/install/upgrade/upgrade.conf
-source $HESTIA/install/upgrade/upgrade.conf
-
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	# Display upgrade information
-	echo "[ * ] Installing phpMyAdmin version v$pma_v..."
-
-	# Download latest phpmyadmin release
-	wget --retry-connrefused --quiet https://files.phpmyadmin.net/phpMyAdmin/$pma_v/phpMyAdmin-$pma_v-all-languages.tar.gz
-
-	# Unpack files
-	tar xzf phpMyAdmin-$pma_v-all-languages.tar.gz
-
-	# Create folders
-	mkdir -p /usr/share/phpmyadmin
-	mkdir -p /etc/phpmyadmin
-	mkdir -p /etc/phpmyadmin/conf.d/
-	mkdir /usr/share/phpmyadmin/tmp
-
-	# Configuring Apache2 for PHPMYADMIN
-	if [ "$apache" = 'yes' ]; then
-		touch /etc/apache2/conf.d/phpmyadmin.inc
-	fi
-
-	# Overwrite old files
-	cp -rf phpMyAdmin-$pma_v-all-languages/* /usr/share/phpmyadmin
-
-	# Create copy of config file
-	cp -f $HESTIA_INSTALL_DIR/phpmyadmin/config.inc.php /etc/phpmyadmin/
-	mkdir -p /var/lib/phpmyadmin/tmp
-	chmod 770 /var/lib/phpmyadmin/tmp
-	chown root:www-data /usr/share/phpmyadmin/tmp
-
-	# Set config and log directory
-	sed -i "s|'configFile' => ROOT_PATH . 'config.inc.php',|'configFile' => '/etc/phpmyadmin/config.inc.php',|g" /usr/share/phpmyadmin/libraries/vendor_config.php
-
-	# Create temporary folder and change permission
-	chmod 770 /usr/share/phpmyadmin/tmp
-	chown root:www-data /usr/share/phpmyadmin/tmp
-	# Generate blow fish
-	blowfish=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
-	sed -i "s|%blowfish_secret%|$blowfish|" /etc/phpmyadmin/config.inc.php
-
-	# Clean Up
-	rm -fr phpMyAdmin-$pma_v-all-languages
-	rm -f phpMyAdmin-$pma_v-all-languages.tar.gz
-
-	write_config_value "DB_PMA_ALIAS" "phpmyadmin"
-	$HESTIA/bin/v-change-sys-db-alias 'pma' "phpmyadmin"
-
-	# Special thanks to Pavel Galkin (https://skurudo.ru)
-	# https://github.com/skurudo/phpmyadmin-fixer
-	# shellcheck source=/usr/local/hestia/install/deb/phpmyadmin/pma.sh
-	source $HESTIA_INSTALL_DIR/phpmyadmin/pma.sh > /dev/null 2>&1
-
-	# limit access to /etc/phpmyadmin/
-	chown -R root:www-data /etc/phpmyadmin/
-	chmod -R 640 /etc/phpmyadmin/*
-	chmod 750 /etc/phpmyadmin/conf.d/
-fi
-
-#----------------------------------------------------------#
-#                   Configure PostgreSQL                   #
-#----------------------------------------------------------#
-
-if [ "$postgresql" = 'yes' ]; then
-	echo "[ * ] Configuring PostgreSQL database server..."
-	ppass=$(gen_pass)
-	cp -f $HESTIA_INSTALL_DIR/postgresql/pg_hba.conf /etc/postgresql/*/main/
-	systemctl restart postgresql
-	sudo -iu postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" > /dev/null 2>&1
-
-	# Configuring phpPgAdmin
-	if [ "$apache" = 'yes' ]; then
-		cp -f $HESTIA_INSTALL_DIR/pga/phppgadmin.conf /etc/apache2/conf.d/phppgadmin.inc
-	fi
-	cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phppgadmin/
-
-	write_config_value "DB_PGA_ALIAS" "phppgadmin"
-	$HESTIA/bin/v-change-sys-db-alias 'pga' "phppgadmin"
-fi
-
-#----------------------------------------------------------#
-#                      Configure Bind                      #
-#----------------------------------------------------------#
-
-if [ "$named" = 'yes' ]; then
-	echo "[ * ] Configuring Bind DNS server..."
-	cp -f $HESTIA_INSTALL_DIR/bind/named.conf /etc/bind/
-	cp -f $HESTIA_INSTALL_DIR/bind/named.conf.options /etc/bind/
-	chown root:bind /etc/bind/named.conf
-	chown root:bind /etc/bind/named.conf.options
-	chown bind:bind /var/cache/bind
-	chmod 640 /etc/bind/named.conf
-	chmod 640 /etc/bind/named.conf.options
-	aa-complain /usr/sbin/named > /dev/null 2>&1
-	echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
-	if ! grep --quiet lxc /proc/1/environ; then
-		systemctl status apparmor > /dev/null 2>&1
-		if [ $? -ne 0 ]; then
-			systemctl restart apparmor >> $LOG
-		fi
-	fi
-	if [ "$release" != '18.04' ]; then
-		update-rc.d named defaults
-		systemctl start named
-	else
-		update-rc.d bind9 defaults
-		systemctl start bind9
-	fi
-	check_result $? "bind9 start failed"
-
-	# Workaround for OpenVZ/Virtuozzo
-	if [ -e "/proc/vz/veinfo" ] && [ -e "/etc/rc.local" ]; then
-		sed -i "s/^exit 0/service bind9 restart\nexit 0/" /etc/rc.local
-	fi
-fi
-
-#----------------------------------------------------------#
-#                      Configure Exim                      #
-#----------------------------------------------------------#
-
-if [ "$exim" = 'yes' ]; then
-	echo "[ * ] Configuring Exim mail server..."
-	gpasswd -a Debian-exim mail > /dev/null 2>&1
-	if [ "$release" = "22.04" ]; then
-		# Jammyy uses Exim 4.95 instead but config works with Exim4.94
-		cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.4.94.template /etc/exim4/exim4.conf.template
-	else
-		cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim4/
-	fi
-	cp -f $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/
-	touch /etc/exim4/white-blocks.conf
-
-	if [ "$spamd" = 'yes' ]; then
-		sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template
-	fi
-	if [ "$clamd" = 'yes' ]; then
-		sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template
-	fi
-
-	chmod 640 /etc/exim4/exim4.conf.template
-	rm -rf /etc/exim4/domains
-	mkdir -p /etc/exim4/domains
-
-	rm -f /etc/alternatives/mta
-	ln -s /usr/sbin/exim4 /etc/alternatives/mta
-	update-rc.d -f sendmail remove > /dev/null 2>&1
-	systemctl stop sendmail > /dev/null 2>&1
-	update-rc.d -f postfix remove > /dev/null 2>&1
-	systemctl stop postfix > /dev/null 2>&1
-
-	update-rc.d exim4 defaults
-	systemctl start exim4 >> $LOG
-	check_result $? "exim4 start failed"
-fi
-
-#----------------------------------------------------------#
-#                     Configure Dovecot                    #
-#----------------------------------------------------------#
-
-if [ "$dovecot" = 'yes' ]; then
-	echo "[ * ] Configuring Dovecot POP/IMAP mail server..."
-	gpasswd -a dovecot mail > /dev/null 2>&1
-	cp -rf $HESTIA_COMMON_DIR/dovecot /etc/
-	cp -f $HESTIA_INSTALL_DIR/logrotate/dovecot /etc/logrotate.d/
-	rm -f /etc/dovecot/conf.d/15-mailboxes.conf
-
-	chown -R root:root /etc/dovecot*
-
-	#Alter config for 2.2
-	version=$(dovecot --version | cut -f -2 -d .)
-	if [ "$version" = "2.2" ]; then
-		echo "[ * ] Downgrade dovecot config to sync with 2.2 settings"
-		sed -i 's|#ssl_dh_parameters_length = 4096|ssl_dh_parameters_length = 4096|g' /etc/dovecot/conf.d/10-ssl.conf
-		sed -i 's|ssl_dh = </etc/ssl/dhparam.pem|#ssl_dh = </etc/ssl/dhparam.pem|g' /etc/dovecot/conf.d/10-ssl.conf
-		sed -i 's|ssl_min_protocol = TLSv1.2|ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1|g' /etc/dovecot/conf.d/10-ssl.conf
-	fi
-
-	update-rc.d dovecot defaults
-	systemctl start dovecot >> $LOG
-	check_result $? "dovecot start failed"
-fi
-
-#----------------------------------------------------------#
-#                     Configure ClamAV                     #
-#----------------------------------------------------------#
-
-if [ "$clamd" = 'yes' ]; then
-	gpasswd -a clamav mail > /dev/null 2>&1
-	gpasswd -a clamav Debian-exim > /dev/null 2>&1
-	cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/clamav/
-	update-rc.d clamav-daemon defaults
-	echo -ne "[ * ] Installing ClamAV anti-virus definitions... "
-	/usr/bin/freshclam >> $LOG &
-	BACK_PID=$!
-	spin_i=1
-	while kill -0 $BACK_PID > /dev/null 2>&1; do
-		printf "\b${spinner:spin_i++%${#spinner}:1}"
-		sleep 0.5
-	done
-	echo
-	systemctl start clamav-daemon >> $LOG
-	check_result $? "clamav-daemon start failed"
-fi
-
-#----------------------------------------------------------#
-#                  Configure SpamAssassin                  #
-#----------------------------------------------------------#
-
-if [ "$spamd" = 'yes' ]; then
-	echo "[ * ] Configuring SpamAssassin..."
-	update-rc.d spamassassin defaults > /dev/null 2>&1
-	sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
-	systemctl start spamassassin >> $LOG
-	check_result $? "spamassassin start failed"
-	unit_files="$(systemctl list-unit-files | grep spamassassin)"
-	if [[ "$unit_files" =~ "disabled" ]]; then
-		systemctl enable spamassassin > /dev/null 2>&1
-	fi
-
-	sed -i "s/#CRON=1/CRON=1/" /etc/default/spamassassin
-fi
-
-#----------------------------------------------------------#
-#                    Configure Fail2Ban                    #
-#----------------------------------------------------------#
-
-if [ "$fail2ban" = 'yes' ]; then
-	echo "[ * ] Configuring fail2ban access monitor..."
-	cp -rf $HESTIA_INSTALL_DIR/fail2ban /etc/
-	if [ "$dovecot" = 'no' ]; then
-		fline=$(cat /etc/fail2ban/jail.local | grep -n dovecot-iptables -A 2)
-		fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -)
-		sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
-	fi
-	if [ "$exim" = 'no' ]; then
-		fline=$(cat /etc/fail2ban/jail.local | grep -n exim-iptables -A 2)
-		fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -)
-		sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
-	fi
-	if [ "$vsftpd" = 'yes' ]; then
-		#Create vsftpd Log File
-		if [ ! -f "/var/log/vsftpd.log" ]; then
-			touch /var/log/vsftpd.log
-		fi
-		fline=$(cat /etc/fail2ban/jail.local | grep -n vsftpd-iptables -A 2)
-		fline=$(echo "$fline" | grep enabled | tail -n1 | cut -f 1 -d -)
-		sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local
-	fi
-	if [ -f /etc/fail2ban/jail.d/defaults-debian.conf ]; then
-		rm -f /etc/fail2ban/jail.d/defaults-debian.conf
-	fi
-
-	update-rc.d fail2ban defaults
-	# Ubuntu 22.04 doesn't start F2B by default on boot
-	update-rc.d fail2ban enable
-
-	systemctl start fail2ban >> $LOG
-	check_result $? "fail2ban start failed"
-fi
-
-# Configuring MariaDB/MySQL host
-if [ "$mysql" = 'yes' ] || [ "$mysqlclassic" = 'yes' ]; then
-	$HESTIA/bin/v-add-database-host mysql localhost root $mpass
-fi
-
-# Configuring PostgreSQL host
-if [ "$postgresql" = 'yes' ]; then
-	$HESTIA/bin/v-add-database-host pgsql localhost postgres $ppass
-fi
-
-#----------------------------------------------------------#
-#                       Install Roundcube                  #
-#----------------------------------------------------------#
-# Min requirements Dovecot + Exim + Mysql
-if ([ "$mysql" == 'yes' ] || [ "$mysqlclassic" == 'yes' ]) && [ "$dovecot" == "yes" ]; then
-	echo "[ * ] Install Roundcube..."
-	$HESTIA/bin/v-add-sys-roundcube
-	write_config_value "WEBMAIL_ALIAS" "webmail"
-else
-	write_config_value "WEBMAIL_ALIAS" ""
-	write_config_value "WEBMAIL_SYSTEM" ""
-fi
-
-#----------------------------------------------------------#
-#                     Install Sieve                        #
-#----------------------------------------------------------#
-
-# Min requirements Dovecot + Exim + Mysql + Roundcube
-if [ "$sieve" = 'yes' ]; then
-	# Folder paths
-	RC_INSTALL_DIR="/var/lib/roundcube"
-	RC_CONFIG_DIR="/etc/roundcube"
-
-	echo "[ * ] Install Sieve..."
-
-	# dovecot.conf install
-	sed -i "s/namespace/service stats \{\n  unix_listener stats-writer \{\n    group = mail\n    mode = 0660\n    user = dovecot\n  \}\n\}\n\nnamespace/g" /etc/dovecot/dovecot.conf
-
-	# dovecot conf files
-	#  10-master.conf
-	sed -i -E -z "s/  }\n  user = dovecot\n}/  \}\n  unix_listener auth-master \{\n    group = mail\n    mode = 0660\n    user = dovecot\n  \}\n  user = dovecot\n\}/g" /etc/dovecot/conf.d/10-master.conf
-	#  15-lda.conf
-	sed -i "s/\#mail_plugins = \\\$mail_plugins/mail_plugins = \$mail_plugins quota sieve\n  auth_socket_path = \/var\/run\/dovecot\/auth-master/g" /etc/dovecot/conf.d/15-lda.conf
-	#  20-imap.conf
-	sed -i "s/mail_plugins = quota imap_quota/mail_plugins = quota imap_quota imap_sieve/g" /etc/dovecot/conf.d/20-imap.conf
-
-	# replace dovecot-sieve config files
-	cp -f $HESTIA_COMMON_DIR/dovecot/sieve/* /etc/dovecot/conf.d
-
-	# Dovecot default file install
-	echo -e "require [\"fileinto\"];\n# rule:[SPAM]\nif header :contains \"X-Spam-Flag\" \"YES\" {\n    fileinto \"INBOX.Spam\";\n}\n" > /etc/dovecot/sieve/default
-
-	# exim4 install
-	sed -i "s/\stransport = local_delivery/ transport = dovecot_virtual_delivery/" /etc/exim4/exim4.conf.template
-	sed -i "s/address_pipe:/dovecot_virtual_delivery:\n  driver = pipe\n  command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \$local_part@\$domain -f \$sender_address -a \$original_local_part@\$original_domain\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n  log_output = true\n  log_defer_output = true\n  user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n  group = mail\n  return_output\n\naddress_pipe:/g" /etc/exim4/exim4.conf.template
-
-	# Permission changes
-	chown -R dovecot:mail /var/log/dovecot.log
-	chmod 660 /var/log/dovecot.log
-
-	if [ -d "/var/lib/roundcube" ]; then
-		# Modify Roundcube config
-		mkdir -p $RC_CONFIG_DIR/plugins/managesieve
-		cp -f $HESTIA_COMMON_DIR/roundcube/plugins/config_managesieve.inc.php $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
-		ln -s $RC_CONFIG_DIR/plugins/managesieve/config.inc.php $RC_INSTALL_DIR/plugins/managesieve/config.inc.php
-		chown -R root:www-data $RC_CONFIG_DIR/
-		chmod 751 -R $RC_CONFIG_DIR
-		chmod 644 $RC_CONFIG_DIR/*.php
-		chmod 644 $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
-		sed -i "s/'archive'/'archive', 'managesieve'/g" $RC_CONFIG_DIR/config.inc.php
-	fi
-
-	sed -i "s/'archive'/'archive', 'managesieve'/g" $RC_CONFIG_DIR/config.inc.php
-
-	# Restart Dovecot and exim4
-	systemctl restart dovecot > /dev/null 2>&1
-	systemctl restart exim4 > /dev/null 2>&1
-fi
-
-#----------------------------------------------------------#
-#                       Configure API                      #
-#----------------------------------------------------------#
-
-if [ "$api" = "yes" ]; then
-	# keep legacy api enabled until transition is complete
-	write_config_value "API" "yes"
-	write_config_value "API_SYSTEM" "1"
-	write_config_value "API_ALLOWED_IP" ""
-else
-	write_config_value "API" "no"
-	write_config_value "API_SYSTEM" "0"
-	write_config_value "API_ALLOWED_IP" ""
-	$HESTIA/bin/v-change-sys-api disable
-fi
-
-#----------------------------------------------------------#
-#                  Configure File Manager                  #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring File Manager..."
-$HESTIA/bin/v-add-sys-filemanager quiet
-
-#----------------------------------------------------------#
-#                  Configure PHPMailer                     #
-#----------------------------------------------------------#
-
-echo "[ * ] Configuring PHP dependencies..."
-$HESTIA/bin/v-add-sys-dependencies quiet
-
-#----------------------------------------------------------#
-#                   Configure IP                           #
-#----------------------------------------------------------#
-
-# Configuring system IPs
-$HESTIA/bin/v-update-sys-ip > /dev/null 2>&1
-
-# Get main IP
-ip=$(ip addr | grep 'inet ' | grep global | head -n1 | awk '{print $2}' | cut -f1 -d/)
-local_ip=$ip
-
-# Configuring firewall
-if [ "$iptables" = 'yes' ]; then
-	$HESTIA/bin/v-update-firewall
-fi
-
-# Get public IP
-echo "[ * ] Configuring System IP..."
-pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
-if [ -n "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
-	if [ -e /etc/rc.local ]; then
-		sed -i '/exit 0/d' /etc/rc.local
-	else
-		touch /etc/rc.local
-	fi
-
-	check_rclocal=$(cat /etc/rc.local | grep "#!")
-	if [ -z "$check_rclocal" ]; then
-		echo "#!/bin/sh" >> /etc/rc.local
-	fi
-
-	echo "$HESTIA/bin/v-update-sys-ip" >> /etc/rc.local
-	echo "exit 0" >> /etc/rc.local
-	chmod +x /etc/rc.local
-	systemctl enable rc-local > /dev/null 2>&1
-	$HESTIA/bin/v-change-sys-ip-nat $ip $pub_ip > /dev/null 2>&1
-	ip=$pub_ip
-fi
-
-# Configuring libapache2-mod-remoteip
-if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ]; then
-	cd /etc/apache2/mods-available
-	echo "<IfModule mod_remoteip.c>" > remoteip.conf
-	echo "  RemoteIPHeader X-Real-IP" >> remoteip.conf
-	if [ "$local_ip" != "127.0.0.1" ] && [ "$pub_ip" != "127.0.0.1" ]; then
-		echo "  RemoteIPInternalProxy 127.0.0.1" >> remoteip.conf
-	fi
-	if [ -n "$local_ip" ] && [ "$local_ip" != "$pub_ip" ]; then
-		echo "  RemoteIPInternalProxy $local_ip" >> remoteip.conf
-	fi
-	if [ -n "$pub_ip" ]; then
-		echo "  RemoteIPInternalProxy $pub_ip" >> remoteip.conf
-	fi
-	echo "</IfModule>" >> remoteip.conf
-	sed -i "s/LogFormat \"%h/LogFormat \"%a/g" /etc/apache2/apache2.conf
-	a2enmod remoteip >> $LOG
-	systemctl restart apache2
-fi
-
-# Adding default domain
-$HESTIA/bin/v-add-web-domain admin $servername $ip
-check_result $? "can't create $servername domain"
-
-# Adding cron jobs
-export SCHEDULED_RESTART="yes"
-command="sudo $HESTIA/bin/v-update-sys-queue restart"
-$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
-systemctl restart cron
-
-command="sudo $HESTIA/bin/v-update-sys-queue daily"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue disk"
-$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue traffic"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue webstats"
-$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-queue backup"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-backup-users"
-$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-user-stats"
-$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-sys-rrd"
-$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-command="sudo $HESTIA/bin/v-update-letsencrypt-ssl"
-min=$(gen_pass '012345' '2')
-hour=$(gen_pass '1234567' '1')
-$HESTIA/bin/v-add-cron-job 'admin' "$min" "$hour" '*' '*' '*' "$command"
-
-# Enable automatic updates
-$HESTIA/bin/v-add-cron-hestia-autoupdate apt
-
-# Building initital rrd images
-$HESTIA/bin/v-update-sys-rrd
-
-# Enabling file system quota
-if [ "$quota" = 'yes' ]; then
-	$HESTIA/bin/v-add-sys-quota
-fi
-
-# Set backend port
-$HESTIA/bin/v-change-sys-port $port > /dev/null 2>&1
-
-# Create default configuration files
-$HESTIA/bin/v-update-sys-defaults
-
-# Update remaining packages since repositories have changed
-echo -ne "[ * ] Installing remaining software updates..."
-apt-get -qq update
-apt-get -y upgrade >> $LOG &
-BACK_PID=$!
-echo
-
-# Starting Hestia service
-update-rc.d hestia defaults
-systemctl start hestia
-check_result $? "hestia start failed"
-chown admin:admin $HESTIA/data/sessions
-
-# Create backup folder and set correct permission
-mkdir -p /backup/
-chmod 755 /backup/
-
-# create cronjob to generate ssl
-echo "@reboot root sleep 10 && rm /etc/cron.d/hestia-ssl && PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:' && /usr/local/hestia/bin/v-add-letsencrypt-host" > /etc/cron.d/hestia-ssl
-
-#----------------------------------------------------------#
-#              Set hestia.conf default values              #
-#----------------------------------------------------------#
-
-echo "[ * ] Updating configuration files..."
-write_config_value "PHPMYADMIN_KEY" ""
-write_config_value "POLICY_USER_VIEW_SUSPENDED" "no"
-write_config_value "POLICY_USER_VIEW_LOGS" "yes"
-write_config_value "POLICY_USER_EDIT_WEB_TEMPLATES" "true"
-write_config_value "POLICY_USER_EDIT_DNS_TEMPLATES" "yes"
-write_config_value "POLICY_USER_EDIT_DETAILS" "yes"
-write_config_value "POLICY_USER_DELETE_LOGS" "yes"
-write_config_value "POLICY_USER_CHANGE_THEME" "yes"
-write_config_value "POLICY_SYSTEM_PROTECTED_ADMIN" "no"
-write_config_value "POLICY_SYSTEM_PASSWORD_RESET" "yes"
-write_config_value "POLICY_SYSTEM_HIDE_SERVICES" "no"
-write_config_value "POLICY_SYSTEM_ENABLE_BACON" "no"
-write_config_value "PLUGIN_APP_INSTALLER" "true"
-write_config_value "DEBUG_MODE" "no"
-write_config_value "ENFORCE_SUBDOMAIN_OWNERSHIP" "yes"
-write_config_value "USE_SERVER_SMTP" "false"
-write_config_value "SERVER_SMTP_PORT" ""
-write_config_value "SERVER_SMTP_HOST" ""
-write_config_value "SERVER_SMTP_SECURITY" ""
-write_config_value "SERVER_SMTP_USER" ""
-write_config_value "SERVER_SMTP_PASSWD" ""
-write_config_value "SERVER_SMTP_ADDR" ""
-write_config_value "POLICY_CSRF_STRICTNESS" "1"
-
-# Add /usr/local/hestia/bin/ to path variable
-echo 'if [ "${PATH#*/usr/local/hestia/bin*}" = "$PATH" ]; then
-    . /etc/profile.d/hestia.sh
-fi' >> /root/.bashrc
-
-#----------------------------------------------------------#
-#                   Hestia Access Info                     #
-#----------------------------------------------------------#
-
-# Comparing hostname and IP
-host_ip=$(host $servername | head -n 1 | awk '{print $NF}')
-if [ "$host_ip" = "$ip" ]; then
-	ip="$servername"
-fi
-
-echo -e "\n"
-echo "===================================================================="
-echo -e "\n"
-
-# Sending notification to admin email
-echo -e "Congratulations!
-
-You have successfully installed Hestia Control Panel on your server.
-
-Ready to get started? Log in using the following credentials:
-
-    Admin URL:  https://$ip:$port
-    Username:   admin
-    Password:   $displaypass
-
-Thank you for choosing Hestia Control Panel to power your full stack web server,
-we hope that you enjoy using it as much as we do!
-
-Please feel free to contact us at any time if you have any questions,
-or if you encounter any bugs or problems:
-
-Documentation:  https://docs.hestiacp.com/
-Forum:          https://forum.hestiacp.com/
-Discord:        https://discord.gg/nXRUZch
-GitHub:         https://www.github.com/hestiacp/hestiacp
-
-Note: Automatic updates are enabled by default. If you would like to disable them,
-please log in and navigate to Server > Updates to turn them off.
-
-Help support the Hestia Control Panel project by donating via PayPal:
-https://www.hestiacp.com/donate
-
---
-Sincerely yours,
-The Hestia Control Panel development team
-
-Made with love & pride by the open-source community around the world.
-" > $tmpfile
-
-send_mail="$HESTIA/web/inc/mail-wrapper.php"
-cat $tmpfile | $send_mail -s "Hestia Control Panel" $email
-
-# Congrats
-echo
-cat $tmpfile
-rm -f $tmpfile
-
-# Add welcome message to notification panel
-$HESTIA/bin/v-add-user-notification admin 'Welcome to Hestia Control Panel!' '<br>You are now ready to begin <a href="/add/user/">adding user accounts</a> and <a href="/add/web/">domains</a>. For help and assistance, view the <a href="https://docs.hestiacp.com/" target="_new">documentation</a> or visit our <a href="https://forum.hestiacp.com/" target="_new">user forum</a>.<br><br>Please report any bugs or issues via <a href="https://github.com/hestiacp/hestiacp/issues" target="_new"><i class="fab fa-github"></i> GitHub</a>.<br><br><b>Have a wonderful day!</b><br><br><i class="fas fa-heart icon-red"></i> The Hestia Control Panel development team'
-
-# Clean-up
-# Sort final configuration file
-sort_config_file
-
-if [ "$interactive" = 'yes' ]; then
-	echo "[ ! ] IMPORTANT: The system will now reboot to complete the installation process."
-	read -n 1 -s -r -p "Press any key to continue"
-	reboot
-else
-	echo "[ ! ] IMPORTANT: You must restart the system before continuing!"
-fi
-# EOF

install/upgrade/manual/add_ipv6.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+source /etc/profile.d/hestia.sh
+source /usr/local/hestia/func/main.sh
+
+#Download firewallv6 templates
+if [ ! -e "$HESTIA/data/firewallv6" ]; then
+    mkdir -p $HESTIA/data/firewallv6
+    chmod 770 $HESTIA/data/firewallv6
+
+    cp $HESTIA/install/rhel/6/firewallv6/* \
+        $HESTIA/data/firewallv6/
+    chmod 660 $HESTIA/data/firewallv6/*
+
+fi
+
+#download new templates
+if [ -z $0 ]; then
+	$BIN/v-update-web-templates
+	$BIN/v-update-dns-templates
+fi
+#testing
+#rm -rf /usr/local/hestia/data/templates/*
+# cp -rf /usr/local/hestia/install/rhel/7/templates/* /usr/local/hestia/data/templates/es/
+
+#set IPv4 version
+iplist=$(ls --sort=time $HESTIA/data/ips/)
+for ip in $iplist; do
+	echo "VERSION='4'" >> $HESTIA/data/ips/$ip
+done
+
+#Add IP6 field
+ipv6=$(ip addr show | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep -ve "^fe80" | tail -1)
+ipv6use=""
+if [ ! -z "$ipv6" ] && [ "::1" != "$ipv6" ]; then
+    netmask="ip addr show | grep '$ipv6' | awk -F '/' '{print \$2}' | awk '{print \$1}'"
+    netmask=$(eval $netmask)
+    $HESTIA/bin/v-add-sys-ipv6 $ipv6 $netmask
+    $BIN/v-update-firewall-ipv6
+    ipv6use=$ipv6
+fi
+
+#set IPv6
+userlist=$(ls --sort=time $HESTIA/data/users/)
+for user in $userlist; do
+    USER_DATA="$HESTIA/data/users/$user"
+
+    #UPDATE WEB
+    conf="$USER_DATA/web.conf"
+    while read line ; do
+        eval $line
+        update_object_value 'web' 'DOMAIN' "$DOMAIN" '$IP6' "$ipv6use"
+    done < $conf
+
+    #UPDATE DNS
+    conf="$USER_DATA/dns.conf"
+    while read line ; do
+        eval $line
+        if [ "$(echo $line | grep 'IP6=')" == "" ]; then
+	          sed -i "s/DOMAIN='$DOMAIN' IP='$IP'/DOMAIN='$DOMAIN' IP='$IP' IP6='$ipv6use'/g" "$conf"
+        else
+            update_object_value 'dns' 'DOMAIN' "$DOMAIN" '$IP6' "$ipv6use"
+        fi
+    done < $conf
+    $BIN/v-rebuild-user $user
+done
+
+$BIN/v-update-sys-ip-counters
+
+$BIN/v-add-user-notification admin "IPv6 support" "Your hestia installation supports IPv6!"