Merge branch 'main' into release

.drone.yml

@@ -115,7 +115,13 @@ steps:
       - ./test/check_php.sh ./web/
 
 trigger:
-   event: [ pull_request, push ] 
+      event: [ pull_request, push ]
+      ref:
+      - refs/heads/staging/*
+      - refs/heads/beta
+      - refs/heads/release
+      - refs/heads/main
+      - refs/pull/*/head
 
 ---
 kind: pipeline
@@ -167,4 +173,4 @@ trigger:
 
 ---
 kind: signature
-hmac: 980aea20314dab4328b0016eb35fa3ef18fdd46e5d891c7ab3809f704891e72b
+hmac: a191a477aa337f2efff534022164906ff20ef2b6340ec808d128c09a06d7eaa3

CHANGELOG.md

@@ -1,6 +1,42 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.6.3] - Service release 
+
+### Features
+
+- Add additional support for bcrypt for mail passwords (#2752 @divinity76)
+
+### Enhancements 
+
+- Simplify md5crypt on reset form email (#2751 @divinity76)
+- Use secure RNG to generate passwords (#2726)
+- Add twig support filemanger (#2714, @anvme)
+
+### Bugfixes
+
+- Fixed an issue with restart Apache2 and Nginx after v-update-letsencrypt (#2748, #2563, #2744, #2677)
+- Prevent transversing path in Quick installer apps (#2742)
+- Avoid out of memory serving large logfiles (#2741, #2736,  @divinity76
+- Improve passwords loading in password_valid (#2739)
+- Use secure RNG to generate passwords (#2726)
+- Utilise entire alphabet for random string (#2735 @Shadowfied)
+- Don't use hosts_try_fastopen in Exim for Gmail / Google hostnames
+- Add check if Sieve is already installed (#2719  #manuelserol)
+- Allow PHP templates to be selected in Quick installer apps (#2713, #2711, #2690)
+- Small changes to translation strings (#2700 @V4M0N0S)
+- Rate limit in email address blank in UI (saved correct in limits) (#2710, #2707)
+- Fixed a bug in Settings sites where always websites got rebuild on save (#2705, #2710)
+- Fixed a bug in Weblog where the session got incorrectly reset as admin user (#2710)
+- Prevent v-add-web-php to be used for non fpm installs (#2753)
+- Update translations (#2750)
+- Chmod o+x .ssh folder when creating file manager ssh key (#2755)
+
+### Dependencies
+
+- Update hestia-php to 8.1.8 
+    - Update disable_functions list php.ini for hestia-php (#2746, #2741)
+
 ## [1.6.2] - Service release
 
 - Fixed an issue with rate limits in Exim4 and make it more bullet proof (#2703)

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.6.2 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
+**Latest stable release:** Version 1.6.3 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
@@ -24,7 +24,7 @@ Features and Services
 * Apache2 and NGINX with PHP-FPM
 * Multiple PHP versions (5.6 - 8.1, 8.0 as default)
 * DNS Server (Bind) with clustering capabilities
-* POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Sieve, Roundcube, Rainloop)
+* POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Sieve, Roundcube)
 * MariaDB and/or PostgreSQL databases
 * Let's Encrypt SSL support with wildcard certificates
 * Firewall with brute-force attack detection and IP lists (iptables, fail2ban, and ipset).
@@ -32,16 +32,13 @@ Features and Services
 Supported platforms and operating systems
 ========================================================
 
-AMD (x86_64 Intel/AMD)
-----------------------------
-* **Debian:** 11 or 10
-* **Ubuntu:** 22.04LTS, 20.04 LTS or 18.04 LTS
+* **NOTE:** Hestia Control Panel does not support 32 bit operating systems!
 
-ARM64 (arm64)
-----------------------------
 * **Debian:** 11 or 10
 * **Ubuntu:** 22.04LTS, 20.04 LTS or 18.04 LTS
 
+* **NOTE:** Hestia Control Panel in combination with OpenVZ 7 or lower might have issue Bind9 server not starting or issues with Firewall. If you use a Virtual Private Server we strongly advice you to use something based on KVM or LXC!
+
 Installing Hestia Control Panel
 ============================
 

bin/v-add-letsencrypt-domain

@@ -520,10 +520,10 @@ fi
 
 # Adding SSL
 if [ -z "$mail" ]; then
-    ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
+    ssl_home="$(get_object_value 'web' 'DOMAIN' "$domain" '$SSL_HOME')"
     ssl_enabled="$(get_object_value 'web' 'DOMAIN' "$domain" '$SSL')"
     if [ "$ssl_enabled" = "yes" ]; then 
-        $BIN/v-update-web-domain-ssl "$user" "$domain" "$ssl_dir" "$ssl_home" "updatessl" 
+        $BIN/v-update-web-domain-ssl "$user" "$domain" "$ssl_dir" "updatessl" 
     else
         $BIN/v-add-web-domain-ssl "$user" "$domain" "$ssl_dir" "$ssl_home" "updatessl" 
     fi
@@ -531,9 +531,9 @@ if [ -z "$mail" ]; then
  # TODO replace with v-update-mail-domain-ssl if ssl is enabled
     ssl_enabled="$(get_object_value 'mail' 'DOMAIN' "$root_domain" '$SSL')"
     if [ "$ssl_enabled" = "yes" ]; then 
-        $BIN/v-update-mail-domain-ssl "$user" "$root_domain" "$ssl_dir" "$ssl_home" "updatessl" 
+        $BIN/v-update-mail-domain-ssl "$user" "$root_domain" "$ssl_dir" "updatessl" 
     else
-        $BIN/v-add-mail-domain-ssl "$user" "$root_domain" "$ssl_dir" "$ssl_home" "updatessl" 
+        $BIN/v-add-mail-domain-ssl "$user" "$root_domain" "$ssl_dir" "updatessl" 
     fi
 fi
 

bin/v-add-mail-account

@@ -66,11 +66,16 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Generating hashed password
-if [ -n "$(doveadm pw -l | grep ARGON2ID)" ]; then
+
+if [ -n "$(doveadm pw -l | grep BLF-CRYPT)" ]; then
+    set +H # disable ! style history substitution
+    md5="$(doveadm pw -s BLF-CRYPT -p "$password")"
+elif [ -n "$(doveadm pw -l | grep ARGON2ID)" ]; then
+    # Fall back on Argon2id if bcrypt is not available
     set +H # disable ! style history substitution
-    md5="$(doveadm pw -s ARGON2ID -p $password)"
+    md5="$(doveadm pw -s ARGON2ID -p "$password")"
 else
-    # Fall back on MD5
+    # Fall back on MD5 if neither bcrypt nor argon2id is available
     salt=$(generate_password "$PW_MATRIX" "8")
     md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 fi

bin/v-add-web-php

@@ -27,6 +27,10 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 check_args '1' "$#" 'VERSION'
 
+if [ -z "$WEB_BACKEND" ]; then
+    echo "Multiple php versions are not supported for modphp"
+fi
+
 # Set file locations
 php_fpm="/etc/init.d/php$version-fpm"
 

bin/v-change-mail-account-password

@@ -56,10 +56,15 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Generating hashed password
-if [ -n "$(doveadm pw -l | grep ARGON2ID)" ]; then
+if [ -n "$(doveadm pw -l | grep BLF-CRYPT)" ]; then
     set +H # disable ! style history substitution
-    md5="$(doveadm pw -s ARGON2ID -p $password)"
+    md5="$(doveadm pw -s BLF-CRYPT -p "$password")"
+elif [ -n "$(doveadm pw -l | grep ARGON2ID)" ]; then
+    # Fall back on Argon2id if bcrypt is not available
+    set +H # disable ! style history substitution
+    md5="$(doveadm pw -s ARGON2ID -p "$password")"
 else
+    # Fall back on MD5 if neither bcrypt nor argon2id is available
     salt=$(generate_password "$PW_MATRIX" "8")
     md5="{MD5}$($BIN/v-generate-password-hash md5 $salt <<<$password)"
 fi

bin/v-change-mail-account-rate-limit

@@ -24,6 +24,8 @@ source /etc/hestiacp/hestia.conf
 source $HESTIA/func/main.sh
 # shellcheck source=/usr/local/hestia/func/domain.sh
 source $HESTIA/func/domain.sh
+# shellcheck source=/usr/local/hestia/func/syshealth.sh
+source $HESTIA/func/syshealth.sh
 # load config file
 source_conf "$HESTIA/conf/hestia.conf"
 
@@ -82,6 +84,8 @@ if [[ "$rate" = "system" ]]; then
     rate=''
 fi
 
+syshealth_repair_mail_account_config
+
 # Update quota
 update_object_value "mail/$domain" 'ACCOUNT' "$account" '$RATE_LIMIT' "$rate"
 

bin/v-check-mail-account-hash

@@ -35,8 +35,16 @@ is_password_valid
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ "$type" = "ARGONID2" ]; then
-    match=$(doveadm pw -s ARGON2ID -p $password -t $hash | grep "verified");
+if [ "$type" = "BCRYPT" ]; then
+    match=$(doveadm pw -s BLF-CRYPT -p "$password" -t $hash | grep "verified");
+    if [ -n "$match" ]; then
+        exit 0;
+    else
+        echo $match;
+        exit 2;
+    fi
+elif [ "$type" = "ARGONID2" ]; then
+    match=$(doveadm pw -s ARGON2ID -p "$password" -t $hash | grep "verified");
     if [ -n "$match" ]; then
         exit 0;
     else
@@ -44,10 +52,11 @@ if [ "$type" = "ARGONID2" ]; then
         exit 2;
     fi
 else
-    echo "Not supported"
+    echo "unsupported hash type.";
     exit 2;
 fi
 
+
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#

bin/v-delete-web-php

@@ -28,6 +28,10 @@ source_conf "$HESTIA/conf/hestia.conf"
 
 check_args '1' "$#" 'VERSION'
 
+if [ -z "$WEB_BACKEND" ]; then
+    echo "Multiple php versions are not supported for modphp"
+fi
+
 # Set file locations
 php_fpm="/etc/init.d/php$version-fpm"
 

bin/v-restart-proxy

@@ -84,7 +84,7 @@ if [ -f "$HESTIA/web/inc/nginx_proxy" ]; then
     # Preform an check if Nginx is valid as reload doesn't throw an error / exit
     if [ "$DEBUG_MODE" = "true" ]; then 
         echo "[ $date | $PROXY_SYSTEM ]"  >> /var/log/hestia/debug.log 2>&1
-        service $PROXY_SYSTEM configtest > /var/log/hestia/debug.log 2>&1
+        service $PROXY_SYSTEM configtest >> /var/log/hestia/debug.log 2>&1
     else
         service $PROXY_SYSTEM configtest > /dev/null 2>&1
     fi

func/main.sh

@@ -414,8 +414,10 @@ is_object_value_exist() {
 # Check if password is transmitted via file
 is_password_valid() {
     if [[ "$password" =~ ^/tmp/ ]]; then
-        if [ -f "$password" ]; then
-            password="$(head -n1 $password)"
+        if ! [[ "$password" == *../* ]]; then
+            if [ -f "$password" ]; then
+                password="$(head -n1 $password)"
+            fi
         fi
     fi
 }
@@ -423,8 +425,10 @@ is_password_valid() {
 # Check if hash is transmitted via file
 is_hash_valid() {
     if [[ "$hash" =~ ^/tmp/ ]]; then
-        if [ -f "$hash" ]; then
-            hash="$(head -n1 $hash)"
+        if ! [[ "$hash" == *../* ]]; then
+            if [ -f "$hash" ]; then
+                hash="$(head -n1 $hash)"
+            fi
         fi
     fi
 }

install/deb/exim/exim4.conf.4.94.template

@@ -376,6 +376,7 @@ remote_smtp:
   dkim_private_key = DKIM_PRIVATE_KEY
   dkim_canon = relaxed
   dkim_strict = 0
+  hosts_try_fastopen = !*.l.google.com
   interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}
 
 procmail:

install/deb/exim/exim4.conf.template

@@ -378,6 +378,7 @@ remote_smtp:
   dkim_private_key = DKIM_PRIVATE_KEY
   dkim_canon = relaxed
   dkim_strict = 0
+  hosts_try_fastopen = !*.l.google.com
   interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}
 
 procmail:

install/deb/filemanager/filegator/configuration.php

@@ -6,7 +6,7 @@ $dist_config['public_path'] = '/fm/';
 $dist_config['frontend_config']['app_name'] = 'File Manager - Hestia Control Panel';
 $dist_config['frontend_config']['logo'] = '../images/logo.svg';
 $dist_config['frontend_config']['editable'] = ['.txt', '.css', '.js', '.ts', '.html', '.php', '.py',
-        '.yml', '.xml', '.md', '.log', '.csv', '.conf', '.config', '.ini', '.scss', '.sh', '.env', '.example', '.htaccess'];
+        '.yml', '.xml', '.md', '.log', '.csv', '.conf', '.config', '.ini', '.scss', '.sh', '.env', '.example', '.htaccess', '.twig'];
 $dist_config['frontend_config']['guest_redirection'] = '/login/' ;
 $dist_config['frontend_config']['upload_max_size'] = 1024 * 1024 * 1024;
 
@@ -25,6 +25,9 @@ $dist_config['services']['Filegator\Services\Storage\Filesystem']['config']['ada
     # Create filemanager sftp key if missing and trash it after 30 min
     if (! file_exists('/home/'.basename($v_user).'/.ssh/hst-filemanager-key')) {
         exec("sudo /usr/local/hestia/bin/v-add-user-sftp-key " . escapeshellarg(basename($v_user)) . " 30", $output, $return_var);
+        // filemanager also requires .ssh chmod o+x ... hopefully we can improve it to g+x or u+x someday
+        // current minimum for filemanager: chmod 0701 .ssh
+        shell_exec("sudo chmod o+x " . escapeshellarg('/home/' . basename($v_user) . '/.ssh'));
     }
 
     if (!isset($_SESSION['SFTP_PORT'])) {

install/deb/templates/dns/child-ns.tpl

@@ -6,10 +6,7 @@ ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time
 ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='12' RECORD='webmail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='13' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% -all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=quarantine; pct=100"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='9' RECORD='webmail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='10' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% -all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=quarantine; pct=100"' SUSPENDED='no' TIME='%time%' DATE='%date%'

install/deb/templates/dns/default.tpl

@@ -10,10 +10,7 @@ ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%'
 ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='16' RECORD='webmail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='17' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='18' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% -all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
-ID='19' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=quarantine; pct=100"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='13' RECORD='webmail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% -all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=quarantine; pct=100"' SUSPENDED='no' TIME='%time%' DATE='%date%'

install/deb/templates/mail/nginx/default_disabled.stpl

@@ -21,5 +21,5 @@ server {
 
     proxy_hide_header Upgrade;
     
-    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.ssl.conf_*;
 }

install/deb/templates/mail/nginx/default_disabled.tpl

@@ -16,6 +16,6 @@ include %home%/%user%/conf/mail/%root_domain%/nginx.forcessl.conf*;
         proxy_pass  http://%ip%:%web_port%;
     }
     
-include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.ssl.conf_*;
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
 
 }

install/hst-install-debian.sh

@@ -31,10 +31,8 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.6.2'
+HESTIA_INSTALL_VER='1.6.3'
 # Dependencies
-pma_v='5.2.0'
-rc_v="1.5.3"
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1")
 fpm_v="8.0"
 mariadb_v="10.6"
@@ -626,8 +624,10 @@ else
 fi
 
 # Generating admin password if it wasn't set
+displaypass="The password you chose during installation."
 if [ -z "$vpass" ]; then
-    vpass=$(gen_pass)
+    vpass=$(gen_pass);
+    displaypass=$vpass
 fi
 
 # Set FQDN if it wasn't set
@@ -1510,6 +1510,10 @@ fi
 #                    Configure phpMyAdmin                  #
 #----------------------------------------------------------#
 
+# Source upgrade.conf with phpmyadmin versions
+# shellcheck source=/usr/local/hestia/install/upgrade/upgrade.conf
+source $HESTIA/install/upgrade/upgrade.conf
+
 if [ "$mysql" = 'yes' ]; then
     # Display upgrade information
     echo "[ * ] Installing phpMyAdmin version v$pma_v..."
@@ -2059,7 +2063,7 @@ Ready to get started? Log in using the following credentials:
 
     Admin URL:  https://$ip:$port
     Username:   admin
-    Password:   $vpass
+    Password:   $displaypass
 
 Thank you for choosing Hestia Control Panel to power your full stack web server,
 we hope that you enjoy using it as much as we do!

install/hst-install-ubuntu.sh

@@ -31,10 +31,8 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.6.2'
+HESTIA_INSTALL_VER='1.6.3'
 # Dependencies
-pma_v='5.2.0'
-rc_v="1.5.3"
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1")
 fpm_v="8.0"
 mariadb_v="10.6"
@@ -615,9 +613,11 @@ fi
   fi
 
 # Generating admin password if it wasn't set
-if [ -z "$vpass" ]; then
-    vpass=$(gen_pass)
-fi
+  displaypass="The password you chose during installation."
+  if [ -z "$vpass" ]; then
+      vpass=$(gen_pass);
+      displaypass=$vpass
+  fi
 
 # Set FQDN if it wasn't set
 mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)'
@@ -1578,6 +1578,10 @@ fi
 #                    Configure phpMyAdmin                  #
 #----------------------------------------------------------#
 
+# Source upgrade.conf with phpmyadmin versions
+# shellcheck source=/usr/local/hestia/install/upgrade/upgrade.conf
+source $HESTIA/install/upgrade/upgrade.conf
+
 if [ "$mysql" = 'yes' ]; then
     # Display upgrade information
     echo "[ * ] Installing phpMyAdmin version v$pma_v..."
@@ -2138,7 +2142,7 @@ Ready to get started? Log in using the following credentials:
 
     Admin URL:  https://$ip:$port
     Username:   admin
-    Password:   $vpass
+    Password:   $displaypass
 
 Thank you for choosing Hestia Control Panel to power your full stack web server,
 we hope that you enjoy using it as much as we do!

install/rpm/packages/system.pkg

@@ -0,0 +1,19 @@
+WEB_TEMPLATE='default'
+PROXY_TEMPLATE='default'
+BACKEND_TEMPLATE='default'
+DNS_TEMPLATE='default'
+WEB_DOMAINS='1'
+WEB_ALIASES='1'
+DNS_DOMAINS='1'
+DNS_RECORDS='unlimited'
+MAIL_DOMAINS='1'
+MAIL_ACCOUNTS='1'
+DATABASES='0'
+CRON_JOBS='unlimited'
+DISK_QUOTA='unlimited'
+BANDWIDTH='unlimited'
+NS='ns1.domain.tld,ns2.domain.tld'
+SHELL='nologin'
+BACKUPS='1'
+TIME='00:00:00'
+DATE='2022-01-20'