Fix DNSSEC version check (#3430)

* Fix DNSSEC version check

* Update CrafCMS templates

* Update CraftCMS for RHEL

* Update check

* Fix craftcms template

* Update v-list-sys-config

bin/v-change-dns-domain-dnssec

@@ -56,8 +56,8 @@ if [ "$DNS_CLUSTER_SYSTEM" != 'hestia-zone' ]; then
 fi
 
 version=$(named -v | awk 'NR==1{print $2}')
-if version_ge '9.18' $version; then
-	check_result "$E_DISABLED" "DNSSEC is not supported when bind / named < 9.18"
+if version_ge '9.16.18' $version; then
+	check_result "$E_DISABLED" "DNSSEC is not supported when bind / named version <= 9.16.18"
 fi
 
 #----------------------------------------------------------#

bin/v-list-sys-config

@@ -269,10 +269,10 @@ csv_list() {
 #----------------------------------------------------------#
 
 version=$(named -v | awk 'NR==1{print $2}')
-if version_ge '9.18' $version; then
-	SUPPORT_DNSSEC="yes"
-else
+if version_ge '9.16.18' $version; then
 	SUPPORT_DNSSEC="no"
+else
+	SUPPORT_DNSSEC="yes"
 fi
 
 # Listing data

install/deb/templates/web/nginx/php-fpm/craftcms.stpl

@@ -43,6 +43,15 @@ server {
             fastcgi_hide_header "Set-Cookie";
         }
 
+		# Craft-specific location handlers to ensure AdminCP requests route through index.php
+		# If you change your `cpTrigger`, change it here as well
+		location ^~ /admin {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+		location ^~ /cpresources {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             try_files $uri =404;

install/deb/templates/web/nginx/php-fpm/craftcms.tpl

@@ -38,6 +38,15 @@ server {
             fastcgi_hide_header "Set-Cookie";
         }
 
+		# Craft-specific location handlers to ensure AdminCP requests route through index.php
+		# If you change your `cpTrigger`, change it here as well
+		location ^~ /admin {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+		location ^~ /cpresources {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+
         location ~ [^/]\.php(/|$) {
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             try_files $uri =404;

install/rpm/templates/web/nginx/php-fpm/craftcms.stpl

@@ -1,53 +1,78 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
 server {
-    listen      %ip%:%web_ssl_port% ssl http2;
-    server_name %domain_idn% %alias_idn%;
-    root        %sdocroot%/web;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-
-    ssl_certificate      %ssl_pem%;
-    ssl_certificate_key  %ssl_key%;
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
-
-    location / {
-        try_files $uri $uri/ /index.php?$query_string;
-        location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js|webp)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
-
-        location ~ [^/]\.php(/|$) {
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
-        }
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~* "/\.(htaccess|htpasswd)$" {
-        deny    all;
-        return  404;
-    }
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+	listen      %ip%:%web_ssl_port% ssl http2;
+	server_name %domain_idn% %alias_idn%;
+	root        %sdocroot%/web;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	ssl_certificate      %ssl_pem%;
+	ssl_certificate_key  %ssl_key%;
+	ssl_stapling on;
+	ssl_stapling_verify on;
+
+	include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		allow all;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		# Craft-specific location handlers to ensure AdminCP requests route through index.php
+		# If you change your `cpTrigger`, change it here as well
+		location ^~ /admin {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+		location ^~ /cpresources {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			try_files $uri =404;
+			fastcgi_pass %backend_lsnr%;
+			fastcgi_index index.php;
+			include /etc/nginx/fastcgi_params;
+		}
+	}
+
+	location /error/ {
+		alias   %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	proxy_hide_header Upgrade;
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/rpm/templates/web/nginx/php-fpm/craftcms.tpl

@@ -1,48 +1,78 @@
+#=========================================================================#
+# Default Web Domain Template                                             #
+# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
+# https://hestiacp.com/docs/server-administration/web-templates.html      #
+#=========================================================================#
+
 server {
-    listen      %ip%:%web_port%;
-    server_name %domain_idn% %alias_idn%;
-    root        %docroot%/web;
-    index       index.php index.html index.htm;
-    access_log  /var/log/nginx/domains/%domain%.log combined;
-    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
-    error_log   /var/log/nginx/domains/%domain%.error.log error;
-
-    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
-
-    location / {
-        try_files $uri $uri/ /index.php?$query_string;
-        location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js|webp)$ {
-            expires     max;
-            fastcgi_hide_header "Set-Cookie";
-        }
-
-        location ~ [^/]\.php(/|$) {
-            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-            if (!-f $document_root$fastcgi_script_name) {
-                return  404;
-            }
-
-            fastcgi_pass    %backend_lsnr%;
-            fastcgi_index   index.php;
-            include         /etc/nginx/fastcgi_params;
-        }
-    }
-
-    location /error/ {
-        alias   %home%/%user%/web/%domain%/document_errors/;
-    }
-
-    location ~* "/\.(htaccess|htpasswd)$" {
-        deny    all;
-        return  404;
-    }
-
-    location /vstats/ {
-        alias   %home%/%user%/web/%domain%/stats/;
-        include %home%/%user%/web/%domain%/stats/auth.conf*;
-    }
-
-    include     /etc/nginx/conf.d/phpmyadmin.inc*;
-    include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+	listen      %ip%:%web_port%;
+	server_name %domain_idn% %alias_idn%;
+	root        %docroot%/web;
+	index       index.php index.html index.htm;
+	access_log  /var/log/nginx/domains/%domain%.log combined;
+	access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+	error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+	include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /robots.txt {
+		allow all;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ /\.(?!well-known\/) {
+		deny all;
+		return 404;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php?$args;
+		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
+			expires 30d;
+			fastcgi_hide_header "Set-Cookie";
+		}
+
+		# Craft-specific location handlers to ensure AdminCP requests route through index.php
+		# If you change your `cpTrigger`, change it here as well
+		location ^~ /admin {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+		location ^~ /cpresources {
+			try_files $uri $uri/ /index.php?$query_string;
+		}
+
+		location ~ [^/]\.php(/|$) {
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+			try_files $uri =404;
+			fastcgi_pass %backend_lsnr%;
+			fastcgi_index index.php;
+			include /etc/nginx/fastcgi_params;
+		}
+	}
+
+	location /error/ {
+		alias   %home%/%user%/web/%domain%/document_errors/;
+	}
+
+	location /vstats/ {
+		alias   %home%/%user%/web/%domain%/stats/;
+		include %home%/%user%/web/%domain%/stats/auth.conf*;
+	}
+
+	proxy_hide_header Upgrade;
+
+	include /etc/nginx/conf.d/phpmyadmin.inc*;
+	include /etc/nginx/conf.d/phppgadmin.inc*;
+	include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }