Merge branch 'feature-centos' into feature-osal

install/hst-install-centos.sh

@@ -0,0 +1,1782 @@
+#!/bin/bash
+
+# Hestia RHEL/CentOS installer v1.0
+
+#----------------------------------------------------------#
+#                  Variables&Functions                     #
+#----------------------------------------------------------#
+export PATH=$PATH:/sbin
+#export DEBIAN_FRONTEND=noninteractive
+RHOST='rhel.hestiacp.com'
+GPG='gpg.hestiacp.com'
+VERSION='rhel'
+HESTIA='/usr/local/hestia'
+LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log"
+memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
+hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)"
+arch=$(uname -i)
+spinner="/-\|"
+os='rhel'
+release=$(grep -o "[0-9]" /etc/redhat-release |head -n1)
+codename="${os}_$release"
+HESTIA_INSTALL_DIR="$HESTIA/install/rhel"
+VERBOSE='no'
+
+# Define software versions
+HESTIA_INSTALL_VER='1.2.0'
+pma_v='5.0.2'
+multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4")
+fpm_v="73"
+mariadb_v="10.3"
+
+# Defining software pack for all distros
+software=" nginx awstats bc bind bind-libs bind-utils clamav clamav-update
+    curl dovecot e2fsprogs exim expect fail2ban flex freetype ftp GeoIP httpd
+    ImageMagick iptables-services lsof mailx mariadb mariadb-server mc
+    mod_fcgid mod_ruid2 mod_ssl net-tools openssh-clients pcre php
+    php-bcmath php-cli php-common php-fpm php-gd php-imap php-mbstring
+    php-mcrypt phpMyAdmin php-mysql php-pdo phpPgAdmin php-pgsql php-soap
+    php-tidy php-xml php-xmlrpc postgresql postgresql-contrib
+    postgresql-server proftpd roundcubemail rrdtool rsyslog screen
+    spamassassin sqlite sudo tar telnet unzip hestia hestia-nginx
+    hestia-php vim-common vsftpd webalizer which zip wget tar "
+
+# Defining help function
+help() {
+    echo "Usage: $0 [OPTIONS]
+  -a, --apache            Install Apache        [yes|no]  default: yes
+  -n, --nginx             Install Nginx         [yes|no]  default: yes
+  -w, --phpfpm            Install PHP-FPM       [yes|no]  default: no
+  -o, --multiphp          Install Multi-PHP     [yes|no]  default: no
+  -v, --vsftpd            Install Vsftpd        [yes|no]  default: yes
+  -j, --proftpd           Install ProFTPD       [yes|no]  default: no
+  -k, --named             Install Bind          [yes|no]  default: yes
+  -m, --mysql             Install MariaDB       [yes|no]  default: yes
+  -g, --postgresql        Install PostgreSQL    [yes|no]  default: no
+  -x, --exim              Install Exim          [yes|no]  default: yes
+  -z, --dovecot           Install Dovecot       [yes|no]  default: yes
+  -c, --clamav            Install ClamAV        [yes|no]  default: yes
+  -t, --spamassassin      Install SpamAssassin  [yes|no]  default: yes
+  -i, --iptables          Install Iptables      [yes|no]  default: yes
+  -b, --fail2ban          Install Fail2ban      [yes|no]  default: yes
+  -q, --quota             Filesystem Quota      [yes|no]  default: no
+  -d, --api               Activate API          [yes|no]  default: yes
+  -r, --port              Change Backend Port             default: 8083
+  -l, --lang              Default language                default: en
+  -y, --interactive       Interactive install   [yes|no]  default: yes
+  -s, --hostname          Set hostname
+  -e, --email             Set admin email
+  -p, --password          Set admin password
+  -D, --with-rpms         Path to Hestia rpms
+  -f, --force             Force installation
+  -h, --help              Print this help
+
+  Example: bash $0 -e demo@hestiacp.com -p p4ssw0rd --apache no --phpfpm yes"
+    exit 1
+}
+
+# Defining file download function
+download_file() {
+    wget $1 -q --show-progress --progress=bar:force
+}
+
+# Defining password-gen function
+gen_pass() {
+    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+    LENGTH=16
+    while [ ${n:=1} -le $LENGTH ]; do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+    echo "$PASS"
+}
+
+# Defining return code check function
+check_result() {
+    if [ $1 -ne 0 ]; then
+        echo "Error: $2"
+        exit $1
+    fi
+}
+
+# Defining function to set default value
+set_default_value() {
+    eval variable=\$$1
+    if [ -z "$variable" ]; then
+        eval $1=$2
+    fi
+    if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then
+        eval $1=$2
+    fi
+}
+
+# Defining function to set default language value
+set_default_lang() {
+    if [ -z "$lang" ]; then
+        eval lang=$1
+    fi
+    lang_list="
+        ar cz el fa hu ja no pt se ua
+        bs da en fi id ka pl ro tr vi
+        cn de es fr it nl pt-BR ru tw
+        bg ko sr th ur"
+    if !(echo $lang_list |grep -w $lang > /dev/null 2>&1); then
+        eval lang=$1
+    fi
+}
+
+# Define the default backend port
+set_default_port() {
+    if [ -z "$port" ]; then
+        eval port=$1
+    fi
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+# Creating temporary file
+tmpfile=$(mktemp -p /tmp)
+
+# Translating argument to --gnu-long-options
+for arg; do
+    delim=""
+    case "$arg" in
+        --apache)               args="${args}-a " ;;
+        --nginx)                args="${args}-n " ;;
+        --phpfpm)               args="${args}-w " ;;
+        --vsftpd)               args="${args}-v " ;;
+        --proftpd)              args="${args}-j " ;;
+        --named)                args="${args}-k " ;;
+        --mysql)                args="${args}-m " ;;
+        --postgresql)           args="${args}-g " ;;
+        --exim)                 args="${args}-x " ;;
+        --dovecot)              args="${args}-z " ;;
+        --clamav)               args="${args}-c " ;;
+        --spamassassin)         args="${args}-t " ;;
+        --iptables)             args="${args}-i " ;;
+        --fail2ban)             args="${args}-b " ;;
+        --multiphp)             args="${args}-o " ;;
+        --quota)                args="${args}-q " ;;
+        --port)                 args="${args}-r " ;;
+        --lang)                 args="${args}-l " ;;
+        --interactive)          args="${args}-y " ;;
+        --api)                  args="${args}-d " ;;
+        --hostname)             args="${args}-s " ;;
+        --email)                args="${args}-e " ;;
+        --password)             args="${args}-p " ;;
+        --force)                args="${args}-f " ;;
+        --with-rpms)            args="${args}-D " ;;
+        --help)                 args="${args}-h " ;;
+        *)                      [[ "${arg:0:1}" == "-" ]] || delim="\""
+                                args="${args}${delim}${arg}${delim} ";;
+    esac
+done
+eval set -- "$args"
+
+# Parsing arguments
+while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do
+    case $Option in
+        a) apache=$OPTARG ;;            # Apache
+        n) nginx=$OPTARG ;;             # Nginx
+        w) phpfpm=$OPTARG ;;            # PHP-FPM
+        o) multiphp=$OPTARG ;;          # Multi-PHP
+        v) vsftpd=$OPTARG ;;            # Vsftpd
+        j) proftpd=$OPTARG ;;           # Proftpd
+        k) named=$OPTARG ;;             # Named
+        m) mysql=$OPTARG ;;             # MySQL
+        g) postgresql=$OPTARG ;;        # PostgreSQL
+        x) exim=$OPTARG ;;              # Exim
+        z) dovecot=$OPTARG ;;           # Dovecot
+        c) clamd=$OPTARG ;;             # ClamAV
+        t) spamd=$OPTARG ;;             # SpamAssassin
+        i) iptables=$OPTARG ;;          # Iptables
+        b) fail2ban=$OPTARG ;;          # Fail2ban
+        q) quota=$OPTARG ;;             # FS Quota
+        r) port=$OPTARG ;;              # Backend Port
+        l) lang=$OPTARG ;;              # Language
+        d) api=$OPTARG ;;               # Activate API
+        y) interactive=$OPTARG ;;       # Interactive install
+        s) servername=$OPTARG ;;        # Hostname
+        e) email=$OPTARG ;;             # Admin email
+        p) vpass=$OPTARG ;;             # Admin password
+        D) withrpms=$OPTARG ;;          # Hestia rpms path
+        f) force='yes' ;;               # Force install
+        h) help ;;                      # Help
+        *) help ;;                      # Print help (default)
+    esac
+done
+
+# Defining default software stack
+set_default_value 'nginx' 'yes'
+set_default_value 'apache' 'yes'
+set_default_value 'phpfpm' 'yes'
+set_default_value 'multiphp' 'no'
+set_default_value 'vsftpd' 'yes'
+set_default_value 'proftpd' 'no'
+set_default_value 'named' 'yes'
+set_default_value 'mysql' 'yes'
+set_default_value 'postgresql' 'no'
+set_default_value 'exim' 'yes'
+set_default_value 'dovecot' 'yes'
+if [ $memory -lt 1500000 ]; then
+    set_default_value 'clamd' 'no'
+    set_default_value 'spamd' 'no'
+else
+    set_default_value 'clamd' 'yes'
+    set_default_value 'spamd' 'yes'
+fi
+set_default_value 'iptables' 'yes'
+set_default_value 'fail2ban' 'yes'
+set_default_value 'quota' 'no'
+set_default_value 'interactive' 'yes'
+set_default_value 'api' 'yes'
+set_default_port '8083'
+set_default_lang 'en'
+
+# Checking software conflicts
+
+if [ "$multiphp" = 'yes' ]; then
+    phpfpm='yes'
+fi
+if [ "$proftpd" = 'yes' ]; then
+    vsftpd='no'
+fi
+if [ "$exim" = 'no' ]; then
+    clamd='no'
+    spamd='no'
+    dovecot='no'
+fi
+if [ "$iptables" = 'no' ]; then
+    fail2ban='no'
+fi
+
+# Checking root permissions
+if [ "x$(id -u)" != 'x0' ]; then
+    check_result 1 "Script can be run executed only by root"
+fi
+
+# Checking admin user account
+if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then
+    echo 'Please remove admin user account before proceeding.'
+    echo 'If you want to do it automatically run installer with -f option:'
+    echo -e "Example: bash $0 --force\n"
+    check_result 1 "User admin exists"
+fi
+
+# Check if a default webserver was set
+if [ $apache = 'no' ] && [ $nginx = 'no' ]; then
+    check_result 1 "No web server was selected"
+fi
+
+# Clear the screen once launch permissions have been verified
+clear
+
+# Welcome message
+echo "Welcome to the Hestia Control Panel installer!"
+echo 
+echo "Please wait a moment while we update your system's repositories and"
+echo "install any necessary dependencies required to proceed with the installation..."
+echo 
+
+# Creating backup directory
+mkdir -p $hst_backups
+
+# Checking ntpdate
+if [ "$release" -eq '7' ]; then
+    if [ ! -e '/usr/sbin/ntpdate' ]; then
+        echo "(*) Installing ntpdate..."
+        yum -y install ntpdate >> $LOG
+        check_result $? "Can't install ntpdate"
+    fi
+else
+    # 8 and up
+    if [ ! -e '/usr/sbin/chronyd' ]; then
+        echo "(*) Installing chrony..."
+        yum -y install chrony >> $LOG
+        check_result $? "Can't install chrony"
+    fi
+fi
+
+# Checking wget
+if [ ! -e '/usr/bin/wget' ]; then
+    echo "(*) Installing wget..."
+    yum -y install wget >> $LOG
+    check_result $? "Can't install wget"
+fi
+
+# Checking installed packages
+tmpfile=$(mktemp -p /tmp)
+rpm -qa > $tmpfile
+for pkg in exim mariadb-server MariaDB-server mysql-server httpd nginx hestia postfix; do
+    if [ ! -z "$(grep $pkg $tmpfile)" ]; then
+        conflicts="$pkg* $conflicts"
+    fi
+done
+rm -f $tmpfile
+if [ ! -z "$conflicts" ] && [ -z "$force" ]; then
+    echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
+    echo
+    echo 'WARNING: The following packages are already installed'
+    echo "$conflicts"
+    echo
+    echo 'It is highly recommended that you remove them before proceeding.'
+    echo
+    echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!'
+    echo
+    read -p 'Would you like to remove the conflicting packages? [y/n] ' answer
+    if [ "$answer" = 'y' ] || [ "$answer" = 'Y'  ]; then
+        yum remove $conflicts -y
+        check_result $? 'yum remove failed'
+        unset $answer
+    else
+        check_result 1 "Hestia Control Panel should be installed on a clean server."
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                       Brief Info                         #
+#----------------------------------------------------------#
+
+# Printing nice ASCII logo
+clear
+echo
+echo '  _   _           _   _        ____ ____  '
+echo ' | | | | ___  ___| |_(_) __ _ / ___|  _ \ '
+echo ' | |_| |/ _ \/ __| __| |/ _` | |   | |_) |'
+echo ' |  _  |  __/\__ \ |_| | (_| | |___|  __/ '
+echo ' |_| |_|\___||___/\__|_|\__,_|\____|_|    '
+echo
+echo '                      Hestia Control Panel'
+echo "                                    v${HESTIA_INSTALL_VER}"
+echo -e "\n"
+echo "===================================================================="
+echo -e "\n"
+echo 'The following server components will be installed on your system:'
+echo
+
+# Web stack
+if [ "$nginx" = 'yes' ]; then
+    echo '   - NGINX Web / Proxy Server'
+fi
+if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then
+    echo '   - Apache Web Server'
+fi
+if [ "$apache" = 'yes' ] && [ "$nginx"  = 'yes' ] ; then
+    echo '   - Apache Web Server (as backend)'
+fi
+if [ "$phpfpm"  = 'yes' ] && [ "$multiphp" = 'no' ]; then
+    echo '   - PHP-FPM Application Server'
+fi
+if [ "$multiphp"  = 'yes' ]; then
+    echo '   - Multi-PHP Environment'
+fi
+
+# DNS stack
+if [ "$named" = 'yes' ]; then
+    echo '   - Bind DNS Server'
+fi
+
+# Mail stack
+if [ "$exim" = 'yes' ]; then
+    echo -n '   - Exim Mail Server'
+    if [ "$clamd" = 'yes'  ] ||  [ "$spamd" = 'yes' ] ; then
+        echo -n ' + '
+        if [ "$clamd" = 'yes' ]; then
+            echo -n 'ClamAV '
+        fi
+        if [ "$spamd" = 'yes' ]; then
+            if [ "$clamd" = 'yes' ]; then
+                echo -n '+ '
+            fi
+            echo -n 'SpamAssassin'
+        fi
+    fi
+    echo
+    if [ "$dovecot" = 'yes' ]; then
+        echo '   - Dovecot POP3/IMAP Server'
+    fi
+fi
+
+# Database stack
+if [ "$mysql" = 'yes' ]; then
+        echo '   - MariaDB Database Server'
+fi
+if [ "$postgresql" = 'yes' ]; then
+    echo '   - PostgreSQL Database Server'
+fi
+
+# FTP stack
+if [ "$vsftpd" = 'yes' ]; then
+    echo '   - Vsftpd FTP Server'
+fi
+if [ "$proftpd" = 'yes' ]; then
+    echo '   - ProFTPD FTP Server'
+fi
+
+# Firewall stack
+if [ "$iptables" = 'yes' ]; then
+    echo -n '   - Firewall (Iptables)'
+fi
+if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
+    echo -n ' + Fail2Ban Access Monitor'
+fi
+echo -e "\n"
+echo "===================================================================="
+echo -e "\n"
+
+# Asking for confirmation to proceed
+if [ "$interactive" = 'yes' ]; then
+    read -p 'Would you like to continue with the installation? [Y/N]: ' answer
+    if [ "$answer" != 'y' ] && [ "$answer" != 'Y'  ]; then
+        echo 'Goodbye'
+        exit 1
+    fi
+
+    # Asking for contact email
+    if [ -z "$email" ]; then
+        read -p 'Please enter admin email address: ' email
+    fi
+
+    # Asking to set FQDN hostname
+    if [ -z "$servername" ]; then
+        read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
+    fi
+fi
+
+# Generating admin password if it wasn't set
+if [ -z "$vpass" ]; then
+    vpass=$(gen_pass)
+fi
+
+# Set hostname if it wasn't set
+if [ -z "$servername" ]; then
+    servername=$(hostname -f)
+fi
+
+# Set FQDN if it wasn't set
+mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)'
+mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}'
+if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
+    if [ ! -z "$servername" ]; then
+        servername="$servername.example.com"
+    else
+        servername="example.com"
+    fi
+    echo "127.0.0.1 $servername" >> /etc/hosts
+fi
+
+# Set email if it wasn't set
+if [ -z "$email" ]; then
+    email="admin@$servername"
+fi
+
+# Defining backup directory
+echo -e "Installation backup directory: $hst_backups"
+
+# Print Log File Path
+echo "Installation log file: $LOG"
+
+# Print new line
+echo
+
+
+#----------------------------------------------------------#
+#                      Checking swap                       #
+#----------------------------------------------------------#
+
+# Checking swap on small instances
+if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then
+    fallocate -l 1G /swapfile
+    chmod 600 /swapfile
+    mkswap /swapfile
+    swapon /swapfile
+    echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
+fi
+
+
+#----------------------------------------------------------#
+#                   Install repository                     #
+#----------------------------------------------------------#
+
+# Updating system
+echo "Adding required repositories to proceed with installation:"
+echo
+
+# Installing EPEL repository
+yum install epel-release -y
+check_result $? "Can't install EPEL repository"
+
+# Installing Remi repository
+yum -y install http://rpms.remirepo.net/enterprise/remi-release-$release.rpm
+check_result $? "Can't install REMI repository"
+sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/remi.repo
+
+# Installing Nginx repository
+nrepo="/etc/yum.repos.d/nginx.repo"
+echo "[nginx]" > $nrepo
+echo "name=nginx repo" >> $nrepo
+echo "baseurl=https://nginx.org/packages/centos/$release/\$basearch/" >> $nrepo
+echo "gpgcheck=0" >> $nrepo
+echo "enabled=1" >> $nrepo
+
+#----------------------------------------------------------#
+#                         Backup                           #
+#----------------------------------------------------------#
+
+# Creating backup directory tree
+mkdir -p $hst_backups
+cd $hst_backups
+mkdir nginx httpd php vsftpd proftpd bind exim4 dovecot clamd
+mkdir spamassassin mysql postgresql hestia
+
+# Backup nginx configuration
+systemctl stop nginx > /dev/null 2>&1
+cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1
+
+# Backup Apache configuration
+systemctl stop httpd > /dev/null 2>&1
+cp -r /etc/httpd/* $hst_backups/httpd > /dev/null 2>&1
+
+# Backup PHP-FPM configuration
+systemctl stop php-fpm >/dev/null 2>&1
+cp /etc/php.ini $hst_backups/php > /dev/null 2>&1
+cp -r /etc/php.d  $hst_backups/php > /dev/null 2>&1
+cp /etc/php-fpm.conf $hst_backups/php-fpm > /dev/null 2>&1
+mv -f /etc/php-fpm.d/* $hst_backups/php-fpm/ > /dev/null 2>&1
+
+# Backup Bind configuration
+yum remove bind-chroot > /dev/null 2>&1
+systemctl stop named > /dev/null 2>&1
+cp /etc/named.conf $hst_backups/named >/dev/null 2>&1
+
+# Backup Vsftpd configuration
+systemctl stop vsftpd > /dev/null 2>&1
+cp /etc/vsftpd/vsftpd.conf $hst_backups/vsftpd >/dev/null 2>&1
+
+# Backup ProFTPD configuration
+systemctl stop proftpd > /dev/null 2>&1
+cp /etc/proftpd.conf $hst_backups/proftpd >/dev/null 2>&1
+
+# Backup Exim configuration
+systemctl stop exim > /dev/null 2>&1
+cp -r /etc/exim/* $hst_backups/exim >/dev/null 2>&1
+
+# Backup ClamAV configuration
+systemctl stop clamd > /dev/null 2>&1
+cp /etc/clamd.conf $hst_backups/clamd >/dev/null 2>&1
+cp -r /etc/clamd.d $hst_backups/clamd >/dev/null 2>&1
+
+# Backup SpamAssassin configuration
+systemctl stop spamassassin > /dev/null 2>&1
+cp -r /etc/mail/spamassassin/* $hst_backups/spamassassin >/dev/null 2>&1
+
+# Backup Dovecot configuration
+systemctl stop dovecot > /dev/null 2>&1
+cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1
+cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1
+
+# Backup MySQL/MariaDB configuration and data
+systemctl stop mysql > /dev/null 2>&1
+systemctl stop mysqld > /dev/null 2>&1
+systemctl stop mariadb > /dev/null 2>&1
+mv /var/lib/mysql $hst_backups/mysql/mysql_datadir >/dev/null 2>&1
+cp /etc/my.cnf $hst_backups/mysql > /dev/null 2>&1
+cp /etc/my.cnf.d $hst_backups/mysql > /dev/null 2>&1
+mv /root/.my.cnf  $hst_backups/mysql > /dev/null 2>&1
+
+# Backup PostgreSQL configuration and data
+systemctl stop postgresql > /dev/null 2>&1
+mv /var/lib/pgsql/data $hst_backups/postgresql/  >/dev/null 2>&1
+
+# Backup Hestia
+systemctl stop hestia-nginx > /dev/null 2>&1
+systemctl stop hestia-php > /dev/null 2>&1
+cp -r $HESTIA* $hst_backups/hestia > /dev/null 2>&1
+yum -y remove hestia hestia-nginx hestia-php > /dev/null 2>&1
+rm -rf $HESTIA > /dev/null 2>&1
+
+
+#----------------------------------------------------------#
+#                     Package Includes                     #
+#----------------------------------------------------------#
+
+if [ "$phpfpm" = 'yes' ]; then
+    phpfpm_prefix="$fpm_v-php"  # phpfpm_prefix="$fpm_v" for Debian
+    fpm="php$phpfpm_prefix php$phpfpm_prefix-common php$phpfpm_prefix-bcmath php$phpfpm_prefix-cli
+         php$phpfpm_prefix-curl php$phpfpm_prefix-fpm php$phpfpm_prefix-gd php$phpfpm_prefix-intl
+         php$phpfpm_prefix-mysql php$phpfpm_prefix-soap php$phpfpm_prefix-xml php$phpfpm_prefix-zip
+         php$phpfpm_prefix-mbstring php$phpfpm_prefix-json php$phpfpm_prefix-bz2 php$phpfpm_prefix-pspell
+         php$phpfpm_prefix-imagick"
+    software="$software $fpm "
+fi
+
+
+#----------------------------------------------------------#
+#                     Package Excludes                     #
+#----------------------------------------------------------#
+
+# Excluding packages
+if [ "$nginx" = 'no'  ]; then
+    software=$(echo "$software" | sed -e "s/\bnginx\b/ /")
+fi
+if [ "$apache" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bhttpd\b/ /")
+    software=$(echo "$software" | sed -e "s/\bm\od_ssl\b/ /")
+    software=$(echo "$software" | sed -e "s/\bmod_fcgid\b/ /")
+    software=$(echo "$software" | sed -e "s/\bmod_ruid2\b/ /")
+fi
+if [ "$phpfpm" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bphp-fpm\b/ /")
+fi
+if [ "$vsftpd" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bvsftpd\b/ /")
+fi
+if [ "$proftpd" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bproftpd\b/ /")
+fi
+if [ "$named" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bbind\b/ /")
+fi
+if [ "$exim" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bexim\b/ /")
+    software=$(echo "$software" | sed -e "s/\bdovecot\b/ /")
+    software=$(echo "$software" | sed -e "s/\bclamd\b/ /")
+    software=$(echo "$software" | sed -e "s/\bclamav\b/ /")
+    software=$(echo "$software" | sed -e "s/\bclamav-update\b/ /")
+    software=$(echo "$software" | sed -e "s/\bspamassassin\b/ /")
+    software=$(echo "$software" | sed -e "s/\broundcube-core\b/ /")
+    software=$(echo "$software" | sed -e "s/\broundcube-mysql\b/ /")
+    software=$(echo "$software" | sed -e "s/\broundcube-plugins\b/ /")
+fi
+if [ "$clamd" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bclamd\b/ /")
+    software=$(echo "$software" | sed -e "s/\bclamav\b/ /")
+    software=$(echo "$software" | sed -e "s/\bclamav-update\b/ /")
+fi
+if [ "$spamd" = 'no' ]; then
+    software=$(echo "$software" | sed -e 's/\bspamassassin\b/ /')
+fi
+if [ "$dovecot" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bdovecot-imapd\b/ /")
+    software=$(echo "$software" | sed -e "s/\bdovecot-pop3d\b/ /")
+    software=$(echo "$software" | sed -e "s/\broundcube-core\b/ /")
+    software=$(echo "$software" | sed -e "s/\broundcube-mysql\b/ /")
+    software=$(echo "$software" | sed -e "s/\broundcube-plugins\b/ /")
+fi
+if [ "$mysql" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bmariadb-server\b/ /")
+    software=$(echo "$software" | sed -e "s/\bmariadb-client\b/ /")
+    software=$(echo "$software" | sed -e "s/\bmariadb-common\b/ /")
+    software=$(echo "$software" | sed -e "s/\bphp$phpfpm_prefix-mysql\b/ /")
+    if [ "$multiphp" = 'yes' ]; then
+        for v in "${multiphp_v[@]}"; do
+            software=$(echo "$software" | sed -e "s/\bphp$v-mysql\b/ /")
+            software=$(echo "$software" | sed -e "s/\bphp$v-bz2\b/ /")
+        done
+fi
+    software=$(echo "$software" | sed -e "s/\bphpmyadmin\b/ /")
+fi
+if [ "$postgresql" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bpostgresql-contrib\b/ /")
+    software=$(echo "$software" | sed -e "s/\bpostgresql-server\b/ /")
+    software=$(echo "$software" | sed -e "s/\bphp$phpfpm_prefix-pgsql\b/ /")
+    if [ "$multiphp" = 'yes' ]; then
+        for v in "${multiphp_v[@]}"; do
+            software=$(echo "$software" | sed -e "s/\bphp$v-pgsql\b/ /")
+        done
+fi
+    software=$(echo "$software" | sed -e "s/\bphppgadmin\b/ /")
+fi
+if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then
+    software=$(echo "$software" | sed -e "s/\bfail2ban\b/ /")
+fi
+if [ "$phpfpm" = 'yes' ]; then
+    software=$(echo "$software" | sed -e "s/\bphp$phpfpm_prefix-cgi\b/ /")
+fi
+if [ -d "$withrpms" ]; then
+    software=$(echo "$software" | sed -e "s/\bhestia-nginx\b/ /")
+    software=$(echo "$software" | sed -e "s/\bhestia-php\b/ /")
+    software=$(echo "$software" | sed -e "s/\bhestia\b/ /")
+fi
+
+#----------------------------------------------------------#
+#                     Install packages                     #
+#----------------------------------------------------------#
+
+if [ "$codename" = "rhel_7" ]; then
+    enabled_repos="*base *updates,nginx,epel,hestia,remi*"
+elif [ "$codename" = "rhel_8" ]; then
+    # Enable Remi PHP stream
+    dnf module disable -y php:*
+    dnf module enable -y php:remi-7.4
+
+    # Enable Perl 5.26
+    dnf module disable -y perl:*
+    dnf module enable -y perl:5.26
+    
+    dnf config-manager --set-enabled BaseOS
+    dnf config-manager --set-enabled epel
+    dnf config-manager --set-enabled epel-modular
+    dnf config-manager --set-enabled extras
+    dnf config-manager --set-enabled nginx
+    dnf config-manager --set-enabled remi
+    dnf config-manager --set-enabled remi-modular
+    dnf config-manager --set-enabled PowerTools
+
+    # Raven-extras repo for mod_ruid2
+    dnf install -y https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm
+    dnf config-manager --set-enabled raven-extras
+    
+
+    # No webalizer, phpPgAdmin on CentOS 8 yet
+    software=$(echo "$software" | sed -e "s/\bwebalizer\b/ /")
+    software=$(echo "$software" | sed -e "s/\bphpPgAdmin\b/ /")
+
+    enabled_repos="BaseOS AppStream \
+        epel epel-modular extras nginx PowerTools \
+        raven raven-extras remi remi-modular"
+fi
+
+# Installing rpm packages
+yum install -y $software
+if [ $? -ne 0 ]; then
+    echo yum -y --disablerepo=\* \
+        --enablerepo="$enabled_repos" \
+        install $software
+    yum -y --disablerepo=\* \
+        --enablerepo="$enabled_repos" \
+        install $software
+fi
+check_result $? "yum install failed"
+
+if [ -d "$withrpms" ]; then
+    yum install -y $withrpms/hestia-*.rpm
+else
+    # Check repository availability
+    wget --quiet "https://$GPG/rhel_signing.key" -O /dev/null
+    check_result $? "Unable to connect to the Hestia RHEL repository"
+
+    # Installing Hestia repository
+    vrepo='/etc/yum.repos.d/hestia.repo'
+    echo "[hestia]" > $vrepo
+    echo "name=Hestia - $REPO" >> $vrepo
+    echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo
+    echo "enabled=1" >> $vrepo
+    echo "gpgcheck=1" >> $vrepo
+    echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-HESTIA" >> $vrepo
+    wget c.hestiacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-HESTIA
+
+    yum install -y hestia hestia-nginx hestia-php
+fi
+
+
+
+#----------------------------------------------------------#
+#                     Configure system                     #
+#----------------------------------------------------------#
+
+echo "(*) Configuring system settings..."
+# Restarting rsyslog
+systemctl restart rsyslog > /dev/null 2>&1
+
+# Checking ipv6 on loopback interface
+check_lo_ipv6=$(/sbin/ip addr | grep 'inet6')
+check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local)
+if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then
+    ip addr add ::2/128 scope global dev lo
+    echo "# Hestia: Workraround for openssl validation func" >> /etc/rc.local
+    echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local
+    chmod a+x /etc/rc.local
+fi
+
+# Disabling SELinux
+if [ -e '/etc/sysconfig/selinux' ]; then
+    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
+    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
+    setenforce 0 2>/dev/null
+fi
+
+# Disabling iptables
+systemctl stop iptables
+systemctl stop firewalld >/dev/null 2>&1
+
+# Configuring NTP synchronization
+if [ "$codename" = "rhel_7" ]; then
+    echo '#!/bin/sh' > /etc/cron.daily/ntpdate
+    echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate
+    chmod 775 /etc/cron.daily/ntpdate
+    ntpdate -s pool.ntp.org
+elif [ "$codename" = "rhel_7" ]; then
+    systemctl enable --now chronyd
+fi
+
+# Disabling webalizer routine
+rm -f /etc/cron.daily/00webalizer
+
+# Adding backup user
+adduser backup 2>/dev/null
+ln -sf /home/backup /backup
+chmod a+x /backup
+
+# Fix for nonexistent Debian-style "nogroup" on RHEL-based systems
+groupadd -o -g $(id -g nobody) nogroup
+
+# Set directory color
+if [ -z "$(grep 'LS_COLORS="$LS_COLORS:di=00;33"' /etc/profile)" ]; then
+    echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
+fi
+
+# Register /sbin/nologin and /usr/sbin/nologin
+if [ -z "$(grep ^/sbin/nologin /etc/shells)" ]; then
+    echo "/sbin/nologin" >> /etc/shells
+fi
+
+if [ -z "$(grep ^/usr/sbin/nologin /etc/shells)" ]; then
+    echo "/usr/sbin/nologin" >> /etc/shells
+fi
+
+# Changing default systemd interval
+if [ "$release" -eq '7' ]; then
+    # Hi Lennart
+    echo "DefaultStartLimitInterval=1s" >> /etc/systemd/system.conf
+    echo "DefaultStartLimitBurst=60" >> /etc/systemd/system.conf
+    systemctl daemon-reexec
+fi
+
+
+#----------------------------------------------------------#
+#                     Configure Hestia                     #
+#----------------------------------------------------------#
+
+echo "(*) Configuring Hestia Control Panel..."
+# Installing sudo configuration
+mkdir -p /etc/sudoers.d
+cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
+chmod 440 /etc/sudoers.d/admin
+
+# Configuring system env
+echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
+echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh
+echo 'export PATH' >> /etc/profile.d/hestia.sh
+chmod 755 /etc/profile.d/hestia.sh
+source /etc/profile.d/hestia.sh
+
+# Configuring logrotate for hestia logs
+cp -f $HESTIA_INSTALL_DIR/logrotate/hestia /etc/logrotate.d/
+
+# Building directory tree and creating some blank files for Hestia
+mkdir -p $HESTIA/conf $HESTIA/log $HESTIA/ssl $HESTIA/data/ips \
+    $HESTIA/data/queue $HESTIA/data/users $HESTIA/data/firewall \
+    $HESTIA/data/sessions
+touch $HESTIA/data/queue/backup.pipe $HESTIA/data/queue/disk.pipe \
+    $HESTIA/data/queue/webstats.pipe $HESTIA/data/queue/restart.pipe \
+    $HESTIA/data/queue/traffic.pipe $HESTIA/log/system.log \
+    $HESTIA/log/nginx-error.log $HESTIA/log/auth.log
+chmod 750 $HESTIA/conf $HESTIA/data/users $HESTIA/data/ips $HESTIA/log
+chmod -R 750 $HESTIA/data/queue
+chmod 660 $HESTIA/log/*
+rm -f /var/log/hestia
+ln -s $HESTIA/log /var/log/hestia
+chmod 770 $HESTIA/data/sessions
+
+# Generating Hestia configuration
+rm -f $HESTIA/conf/hestia.conf > /dev/null 2>&1
+touch $HESTIA/conf/hestia.conf
+chmod 660 $HESTIA/conf/hestia.conf
+
+# Web stack
+if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then
+    echo "WEB_SYSTEM='httpd'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_RGROUPS='apache'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_PORT='80'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_SSL_PORT='443'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_SSL='mod_ssl'"  >> $HESTIA/conf/hestia.conf
+    echo "STATS_SYSTEM='awstats'" >> $HESTIA/conf/hestia.conf
+fi
+if [ "$apache" = 'yes' ] && [ "$nginx"  = 'yes' ] ; then
+    echo "WEB_SYSTEM='httpd'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_RGROUPS='apache'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_PORT='8080'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_SSL_PORT='8443'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_SSL='mod_ssl'"  >> $HESTIA/conf/hestia.conf
+    echo "PROXY_SYSTEM='nginx'" >> $HESTIA/conf/hestia.conf
+    echo "PROXY_PORT='80'" >> $HESTIA/conf/hestia.conf
+    echo "PROXY_SSL_PORT='443'" >> $HESTIA/conf/hestia.conf
+    echo "STATS_SYSTEM='awstats'" >> $HESTIA/conf/hestia.conf
+fi
+if [ "$apache" = 'no' ] && [ "$nginx"  = 'yes' ]; then
+    echo "WEB_SYSTEM='nginx'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_PORT='80'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_SSL_PORT='443'" >> $HESTIA/conf/hestia.conf
+    echo "WEB_SSL='openssl'"  >> $HESTIA/conf/hestia.conf
+    echo "STATS_SYSTEM='awstats'" >> $HESTIA/conf/hestia.conf
+fi
+
+if [ "$phpfpm" = 'yes' ] || [ "$multiphp" = 'yes' ]; then
+        echo "WEB_BACKEND='php-fpm'" >> $HESTIA/conf/hestia.conf
+fi
+
+# Database stack
+if [ "$mysql" = 'yes' ]; then
+    installed_db_types='mysql'
+fi
+
+if [ "$pgsql" = 'yes' ]; then
+    installed_db_types="$installed_db_type,pgsql"
+fi
+
+if [ ! -z "$installed_db_types" ]; then
+    db=$(echo "$installed_db_types" |\
+        sed "s/,/\n/g"|\
+        sort -r -u |\
+        sed "/^$/d"|\
+        sed ':a;N;$!ba;s/\n/,/g')
+    echo "DB_SYSTEM='$db'" >> $HESTIA/conf/hestia.conf
+fi
+
+# FTP stack
+if [ "$vsftpd" = 'yes' ]; then
+    echo "FTP_SYSTEM='vsftpd'" >> $HESTIA/conf/hestia.conf
+fi
+if [ "$proftpd" = 'yes' ]; then
+    echo "FTP_SYSTEM='proftpd'" >> $HESTIA/conf/hestia.conf
+fi
+
+# DNS stack
+if [ "$named" = 'yes' ]; then
+    echo "DNS_SYSTEM='named'" >> $HESTIA/conf/hestia.conf
+fi
+
+# Mail stack
+if [ "$exim" = 'yes' ]; then
+    echo "MAIL_SYSTEM='exim'" >> $HESTIA/conf/hestia.conf
+    if [ "$clamd" = 'yes'  ]; then
+        echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $HESTIA/conf/hestia.conf
+    fi
+    if [ "$spamd" = 'yes' ]; then
+        echo "ANTISPAM_SYSTEM='spamassassin'" >> $HESTIA/conf/hestia.conf
+    fi
+    if [ "$dovecot" = 'yes' ]; then
+        echo "IMAP_SYSTEM='dovecot'" >> $HESTIA/conf/hestia.conf
+    fi
+fi
+
+# Cron daemon
+echo "CRON_SYSTEM='crond'" >> $HESTIA/conf/hestia.conf
+
+# Firewall stack
+if [ "$iptables" = 'yes' ]; then
+    echo "FIREWALL_SYSTEM='iptables'" >> $HESTIA/conf/hestia.conf
+fi
+if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
+    echo "FIREWALL_EXTENSION='fail2ban'" >> $HESTIA/conf/hestia.conf
+fi
+
+# Disk quota
+if [ "$quota" = 'yes' ]; then
+    echo "DISK_QUOTA='yes'" >> $HESTIA/conf/hestia.conf
+fi
+
+# Backups
+echo "BACKUP_SYSTEM='local'" >> $HESTIA/conf/hestia.conf
+
+# Language
+echo "LANGUAGE='$lang'" >> $HESTIA/conf/hestia.conf
+
+# Version & Release Branch
+echo "VERSION='${HESTIA_INSTALL_VER}'" >> $HESTIA/conf/hestia.conf
+echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf
+
+# Installing hosting packages
+cp -rf $HESTIA_INSTALL_DIR/packages $HESTIA/data/
+
+# Update nameservers in hosting package
+IFS='.' read -r -a domain_elements <<< "$servername"
+if [ ! -z "${domain_elements[-2]}" ] && [ ! -z "${domain_elements[-1]}" ]; then
+    serverdomain="${domain_elements[-2]}.${domain_elements[-1]}"
+    sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg
+fi
+
+# Installing templates
+cp -rf $HESTIA_INSTALL_DIR/templates $HESTIA/data/
+
+mkdir -p /var/www/html
+mkdir -p /var/www/document_errors
+
+# Install default success page
+cp -rf $HESTIA_INSTALL_DIR/templates/web/unassigned/index.html /var/www/html/
+cp -rf $HESTIA_INSTALL_DIR/templates/web/skel/document_errors/* /var/www/document_errors/
+
+# Installing firewall rules
+cp -rf $HESTIA_INSTALL_DIR/firewall $HESTIA/data/
+
+# Configuring server hostname
+$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1
+
+# Generating SSL certificate
+echo "(*) Generating default self-signed SSL certificate..."
+$HESTIA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
+     'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem
+
+# Parsing certificate file
+crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem |cut -f 1 -d:)
+key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
+key_end=$(grep -n  "END RSA" /tmp/hst.pem |cut -f 1 -d:)
+
+# Adding SSL certificate
+echo "(*) Adding SSL certificate to Hestia Control Panel..."
+cd $HESTIA/ssl
+sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
+sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
+chown root:mail $HESTIA/ssl/*
+chmod 660 $HESTIA/ssl/*
+rm /tmp/hst.pem
+
+# Adding nologin as a valid system shell
+if [ -z "$(grep nologin /etc/shells)" ]; then
+    echo "/usr/sbin/nologin" >> /etc/shells
+fi
+
+# Install dhparam.pem
+cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
+
+#----------------------------------------------------------#
+#                     Configure Nginx                      #
+#----------------------------------------------------------#
+
+if [ "$nginx" = 'yes' ]; then
+    echo "(*) Configuring NGINX..."
+    rm -f /etc/nginx/conf.d/*.conf
+    cp -f $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/
+    cp -f $HESTIA_INSTALL_DIR/nginx/status.conf /etc/nginx/conf.d/
+    cp -f $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/
+    cp -f $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/
+    cp -f $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/
+    mkdir -p /etc/nginx/conf.d/domains
+    mkdir -p /var/log/nginx/domains
+    mkdir -p /etc/systemd/system/nginx.service.d
+    cd /etc/systemd/system/nginx.service.d
+    echo "[Service]" > limits.conf
+    echo "LimitNOFILE=500000" >> limits.conf
+
+    # Update dns servers in nginx.conf
+    dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
+    for ip in $dns_resolver; do
+        if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            resolver="$ip $resolver"
+        fi
+    done
+    if [ ! -z "$resolver" ]; then
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+    fi
+
+    systemctl enable nginx
+    systemctl start nginx >> $LOG
+    check_result $? "nginx start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                    Configure Apache                      #
+#----------------------------------------------------------#
+
+if [ "$apache" = 'yes'  ]; then
+    echo "(*) Configuring Apache Web Server..."
+
+    mkdir -p /etc/httpd/conf.d/domains
+
+    # Copy configuration files
+    cp -f $HESTIA_INSTALL_DIR/httpd/httpd.conf /etc/httpd/conf/
+    cp -f $HESTIA_INSTALL_DIR/httpd/status.conf /etc/httpd/conf.d/
+    cp -f $HESTIA_INSTALL_DIR/httpd/hestia-event.conf /etc/httpd/conf.modules.d/
+    cp -f $HESTIA_INSTALL_DIR/logrotate/httpd /etc/logrotate.d/
+
+    # Disable modules
+    if [ -e "/etc/httpd/conf.modules.d/00-dav.conf" ]; then
+        cd /etc/httpd/conf.modules.d
+        sed -i "s/^/#/" 00-dav.conf
+    fi
+    if [ -e "/etc/httpd/conf.modules.d/00-lua.conf" ]; then
+        cd /etc/httpd/conf.modules.d
+        sed -i "s/^/#/" 00-lua.conf 00-proxy.conf
+    fi
+    if [ -e "/etc/httpd/conf.modules.d/00-proxy.conf" ]; then
+        cd /etc/httpd/conf.modules.d
+        sed -i "s/^/#/" 00-proxy.conf
+    fi
+
+    if [ "$phpfpm" = 'yes' ]; then
+        # Disable prefork and php, enable event
+        # apache_module_disable 'php5'
+        sed -i "/LoadModule php5_module/ s/^/#/" /etc/httpd/conf.modules.d/*.conf
+        # apache_module_disable 'php7'
+        sed -i "/LoadModule php7_module/ s/^/#/" /etc/httpd/conf.modules.d/*.conf
+        # apache_module_disable 'mpm_prefork'
+        sed -i "/LoadModule mpm_prefork_module/ s/^/#/" /etc/httpd/conf.modules.d/*.conf
+        # apache_module_enable 'mpm_event'
+        sed -i "/LoadModule mpm_event_module/ s/#*//" /etc/httpd/conf.modules.d/*.conf
+    else
+        # apache_module_enable 'ruid2'
+        sed -i "/LoadModule ruid2_module/ s/#*//" /etc/httpd/conf.modules.d/*.conf
+    fi
+
+    sed -i "/LoadModule proxy_http2_module/ s/^/#/" /etc/httpd/conf.modules.d/*.conf
+
+    echo "# Powered by hestia" > /etc/httpd/conf.d/welcome.conf
+
+    mkdir -p /var/log/httpd/domains
+    chmod a+x /var/log/httpd
+    chmod 640 /var/log/httpd/access.log /var/log/httpd/error.log
+    chmod 751 /var/log/httpd/domains
+    chmod -f 777 /var/lib/php/session
+
+    # Not needed. status.conf is fixed.
+    # sed -i '/Allow from all/d' /etc/apache2/mods-enabled/status.conf
+
+    systemctl enable httpd
+    systemctl start httpd >> $LOG
+    check_result $? "httpd start failed"
+else
+    systemctl disable httpd > /dev/null 2>&1
+    systemctl stop httpd > /dev/null 2>&1
+fi
+
+
+#----------------------------------------------------------#
+#                     Configure PHP-FPM                    #
+#----------------------------------------------------------#
+
+if [ "$multiphp" = 'yes' ] ; then
+    for v in "${multiphp_v[@]}"; do
+        cp -r /etc/php/$v/ /root/hst_install_backups/php$v/
+        rm -f /etc/php/$v/fpm/pool.d/*
+        echo "(*) Install PHP version $v..."
+        $HESTIA/bin/v-add-web-php "$v" > /dev/null 2>&1
+    done
+fi
+
+if [ "$phpfpm" = 'yes' ]; then
+    echo "(*) Configuring PHP-FPM..."
+    $HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1
+    cp -f $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
+    systemctl enable php$phpfpm_prefix-fpm > /dev/null 2>&1
+    systemctl start php$phpfpm_prefix-fpm >> $LOG
+    check_result $? "php-fpm start failed"
+    update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1
+fi
+
+
+#----------------------------------------------------------#
+#                     Configure PHP                        #
+#----------------------------------------------------------#
+
+echo "(*) Configuring PHP..."
+ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}')
+if [ -z "$ZONE" ]; then
+    ZONE='UTC'
+fi
+for pconf in $(find /etc/php* -name php.ini); do
+    sed -i "s|;date.timezone =|date.timezone = $ZONE|g" $pconf
+    sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf
+done
+
+# Cleanup php session files not changed in the last 7 days (60*24*7 minutes)
+echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup
+echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
+echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
+chmod 755 /etc/cron.daily/php-session-cleanup
+
+#----------------------------------------------------------#
+#                    Configure Vsftpd                      #
+#----------------------------------------------------------#
+
+if [ "$vsftpd" = 'yes' ]; then
+        echo "(*) Configuring Vsftpd server..."
+    cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
+    touch /var/log/vsftpd.log
+    chown root:adm /var/log/vsftpd.log
+    chmod 640 /var/log/vsftpd.log
+    touch /var/log/xferlog
+    chown root:adm /var/log/xferlog
+    chmod 640 /var/log/xferlog
+    systemctl enable vsftpd
+    systemctl start vsftpd
+    check_result $? "vsftpd start failed"
+
+fi
+
+
+#----------------------------------------------------------#
+#                    Configure ProFTPD                     #
+#----------------------------------------------------------#
+
+if [ "$proftpd" = 'yes' ]; then
+    echo "(*) Configuring ProFTPD server..."
+    echo "127.0.0.1 $servername" >> /etc/hosts
+    cp -f $HESTIA_INSTALL_DIR/proftpd/proftpd.conf /etc/proftpd/
+    systemctl enable proftpd > /dev/null 2>&1
+    systemctl start proftpd >> $LOG
+    check_result $? "proftpd start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                  Configure MySQL/MariaDB                 #
+#----------------------------------------------------------#
+
+if [ "$mysql" = 'yes' ]; then
+    echo "(*) Configuring MariaDB database server..."
+    mycnf="my-small.cnf"
+    if [ $memory -gt 1200000 ]; then
+        mycnf="my-medium.cnf"
+    fi
+    if [ $memory -gt 3900000 ]; then
+        mycnf="my-large.cnf"
+    fi
+
+    # Configuring MariaDB
+    cp -f $HESTIA_INSTALL_DIR/mysql/$mycnf /etc/my.cnf
+    rm -f /etc/my.cnf.d/*.cnf
+    mysql_install_db >> $LOG
+
+    systemctl enable mariadb > /dev/null 2>&1
+    systemctl start mariadb >> $LOG
+    check_result $? "mariadb start failed"
+
+    # Securing MySQL installation
+    mpass=$(gen_pass)
+    mysqladmin -u root password $mpass
+    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
+    chmod 600 /root/.my.cnf
+
+    # Clear MariaDB Test Users and Databases
+    mysql -e "DELETE FROM mysql.user WHERE User=''"
+    mysql -e "DROP DATABASE test" > /dev/null 2>&1
+    mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
+    mysql -e "DELETE FROM mysql.user WHERE user='';"
+    mysql -e "DELETE FROM mysql.user WHERE password='' AND authentication_string='';"
+fi
+
+
+#----------------------------------------------------------#
+#                    Configure phpMyAdmin                  #
+#----------------------------------------------------------#
+
+if [ "$mysql" = 'yes' ]; then
+    # Display upgrade information
+    echo "(*) Installing phpMyAdmin version v$pma_v..."
+
+    # Download latest phpmyadmin release
+    wget --quiet https://files.phpmyadmin.net/phpMyAdmin/$pma_v/phpMyAdmin-$pma_v-all-languages.tar.gz
+
+    # Unpack files
+    tar xzf phpMyAdmin-$pma_v-all-languages.tar.gz
+
+    # Delete file to prevent error
+    rm -fr /usr/share/phpMyAdmin/doc/html
+
+    # Overwrite old files
+    cp -rf phpMyAdmin-$pma_v-all-languages/* /usr/share/phpMyAdmin
+
+    # Set config and log directory
+    sed -i "s|define('CONFIG_DIR', ROOT_PATH);|define('CONFIG_DIR', '/etc/phpMyAdmin/');|" /usr/share/phpMyAdmin/libraries/vendor_config.php
+    sed -i "s|define('TEMP_DIR', ROOT_PATH . 'tmp/');|define('TEMP_DIR', '/var/lib/phpMyAdmin/temp/');|" /usr/share/phpMyAdmin/libraries/vendor_config.php
+
+    # Create temporary folder and change permission
+    mkdir -p /var/lib/phpMyAdmin/temp
+    chmod 777 /var/lib/phpMyAdmin/temp
+
+    # Configuring phpMyAdmin
+    if [ "$apache" = 'yes' ]; then
+        cp -f $HESTIA_INSTALL_DIR/pma/apache.conf /etc/phpMyAdmin/
+        rm -f /etc/httpd/conf.d/phpMyAdmin.conf
+        ln -s /etc/phpMyAdmin/apache.conf /etc/httpd/conf.d/phpMyAdmin.conf
+    fi
+    cp -f $HESTIA_INSTALL_DIR/pma/config.inc.php /etc/phpMyAdmin/
+
+    # Clear Up
+    rm -fr phpMyAdmin-$pma_v-all-languages
+    rm -f phpMyAdmin-$pma_v-all-languages.tar.gz
+fi
+
+
+#----------------------------------------------------------#
+#                   Configure PostgreSQL                   #
+#----------------------------------------------------------#
+
+if [ "$postgresql" = 'yes' ]; then
+    echo "(*) Configuring PostgreSQL database server..."
+    ppass=$(gen_pass)
+    cp -f $HESTIA_INSTALL_DIR/postgresql/pg_hba.conf /var/lib/pgsql/data/
+    systemctl restart postgresql
+    sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
+
+    # Configuring phpPgAdmin
+    if [ "$apache" = 'yes' ]; then
+        cp -f $HESTIA_INSTALL_DIR/pga/phpPgAdmin.conf /etc/httpd/conf.d/
+    fi
+    cp -f $HESTIA_INSTALL_DIR/pga/config.inc.php /etc/phpPgAdmin/
+fi
+
+
+#----------------------------------------------------------#
+#                      Configure Bind                      #
+#----------------------------------------------------------#
+
+if [ "$named" = 'yes' ]; then
+    echo "(*) Configuring Bind DNS server..."
+    cp -f $HESTIA_INSTALL_DIR/bind/named.conf /etc/
+    cp -f $HESTIA_INSTALL_DIR/bind/named.conf.options /etc/
+    chown root:named /etc/named.conf
+    chown root:named /etc/named.conf.options
+    chown named:named /var/named
+    chmod 640 /etc/named.conf
+    chmod 640 /etc/named.conf.options
+
+    systemctl enable named
+    systemctl restart named
+    check_result $? "named start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                      Configure Exim                      #
+#----------------------------------------------------------#
+
+if [ "$exim" = 'yes' ]; then
+    echo "(*) Configuring Exim mail server..."
+    gpasswd -a exim mail > /dev/null 2>&1
+    cp -f $HESTIA_INSTALL_DIR/exim/exim.conf.template /etc/exim/
+    cp -f $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim/
+    cp -f $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim/
+    touch /etc/exim/white-blocks.conf
+
+    if [ "$spamd" = 'yes' ]; then
+        sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf.template
+    fi
+    if [ "$clamd" = 'yes' ]; then
+        sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf.template
+    fi
+
+    chmod 640 /etc/exim/exim.conf.template
+    rm -rf /etc/exim/domains
+    mkdir -p /etc/exim/domains
+
+    rm -f /etc/alternatives/mta
+    ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta
+    systemctl disable sendmail 2>/dev/null
+    systemctl stop sendmail 2>/dev/null
+    systemctl disable postfix 2>/dev/null
+    systemctl stop postfix 2>/dev/null
+    systemctl enable exim
+    systemctl start exim
+    check_result $? "exim start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                     Configure Dovecot                    #
+#----------------------------------------------------------#
+
+if [ "$dovecot" = 'yes' ]; then
+    echo "(*) Configuring Dovecot POP/IMAP mail server..."
+    gpasswd -a dovecot mail > /dev/null 2>&1
+    cp -rf $HESTIA_INSTALL_DIR/dovecot /etc/
+    cp -f $HESTIA_INSTALL_DIR/logrotate/dovecot /etc/logrotate.d/
+    chown -R root:root /etc/dovecot*
+    if [ "$release" -eq 7 ]; then
+        sed -i "s#namespace inbox {#namespace inbox {\n  inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf
+    fi
+    systemctl enable dovecot
+    systemctl start dovecot
+    check_result $? "dovecot start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                     Configure ClamAV                     #
+#----------------------------------------------------------#
+
+if [ "$clamd" = 'yes' ]; then
+    useradd clamav -g clamupdate -s /sbin/nologin -d /var/lib/clamav 2>/dev/null
+    gpasswd -a clamupdate exim
+    gpasswd -a clamupdate mail
+    cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/
+    cp -f $HESTIA_INSTALL_DIR/clamav/freshclam.conf /etc/
+    mkdir -p /var/log/clamav /var/run/clamav
+    chown clamav:clamupdate /var/log/clamav /var/run/clamav
+    chown -R clamav:clamupdate /var/lib/clamav
+    chmod 0775 /var/lib/clamav /var/log/clamav
+
+    cp -f $HESTIA_INSTALL_DIR/clamav/clamd.service /usr/lib/systemd/system/
+    systemctl daemon-reload
+    systemctl enable clamd
+
+    echo -ne "(*) Installing ClamAV anti-virus definitions... "
+    /usr/bin/freshclam >> $LOG &
+    BACK_PID=$!
+    spin_i=1
+    while kill -0 $BACK_PID > /dev/null 2>&1 ; do
+        printf "\b${spinner:spin_i++%${#spinner}:1}"
+        sleep 0.5
+    done
+    echo
+    systemctl start clamd
+    check_result $? "clamav-daemon start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                  Configure SpamAssassin                  #
+#----------------------------------------------------------#
+
+if [ "$spamd" = 'yes' ]; then
+    echo "(*) Configuring SpamAssassin..."
+    systemctl enable spamassassin
+    systemctl start spamassassin
+    check_result $? "spamassassin start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                   Configure RoundCube                    #
+#----------------------------------------------------------#
+
+if [ "$dovecot" = 'yes' ] && [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
+    echo "(*) Configuring Roundcube webmail client..."
+    cp -f $HESTIA_INSTALL_DIR/roundcube/main.inc.php /etc/roundcubemail/config.inc.php
+    cp -f $HESTIA_INSTALL_DIR/roundcube/db.inc.php /etc/roundcubemail/db.inc.php
+    cp -f $HESTIA_INSTALL_DIR/roundcube/config.inc.php /etc/roundcubemail/plugins/password/
+    cp -f $HESTIA_INSTALL_DIR/roundcube/hestia.php /usr/share/roundcubemail/plugins/password/drivers/
+    touch /var/log/roundcubemail/errors
+    chmod 640 /etc/roundcubemail/config.inc.php
+    chown root:apache /etc/roundcubemail/config.inc.php
+    chmod 640 /etc/roundcubemail/db.inc.php
+    chown root:apache /etc/roundcubemail/db.inc.php
+    chmod 640 /var/log/roundcubemail/errors
+    chown apache:adm /var/log/roundcubemail/errors
+
+    r="$(gen_pass)"
+    rcDesKey="$(openssl rand -base64 30 | tr -d "/" | cut -c1-24)"
+    mysql -e "CREATE DATABASE roundcube"
+    mysql -e "GRANT ALL ON roundcube.*
+        TO roundcube@localhost IDENTIFIED BY '$r'"
+    sed -i "s/%password%/$r/g" /etc/roundcubemail/db.inc.php
+    sed -i "s/%des_key%/$rcDesKey/g" /etc/roundcubemail/config.inc.php
+    sed -i "s/localhost/$servername/g" /usr/share/roundcubemail/plugins/password/config.inc.php
+    mysql roundcube < /usr/share/roundcubemail/SQL/mysql
+
+    # Enable Roundcube plugins
+    cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_newmail_notifier.inc.php /etc/roundcubemail/plugins/newmail_notifier/config.inc.php
+    cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_zipdownload.inc.php /etc/roundcubemail/plugins/zipdownload/config.inc.php
+    
+    # Fixes for PHP 7.4 compatibility
+    sed -i 's/$identities, "\\n"/"\\n", $identities/g' /usr/share/roundcubemail/plugins/enigma/lib/enigma_ui.php
+    sed -i 's/(array_keys($post_search), \x27|\x27)/(\x27|\x27, array_keys($post_search))/g' /usr/share/roundcubemail/program/lib/Roundcube/rcube_contacts.php
+    sed -i 's/implode($name, \x27.\x27)/implode(\x27.\x27, $name)/g' /usr/share/roundcubemail/program/lib/Roundcube/rcube_db.php
+    sed -i 's/$fields, \x27,\x27/\x27,\x27, $fields/g' /usr/share/roundcubemail/program/steps/addressbook/search.inc
+    sed -i 's/implode($fields, \x27,\x27)/implode(\x27,\x27, $fields)/g' /usr/share/roundcubemail/program/steps/addressbook/search.inc
+    sed -i 's/implode($bstyle, \x27; \x27)/implode(\x27; \x27, $bstyle)/g' /usr/share/roundcubemail/program/steps/mail/sendmail.inc
+
+    # Configure webmail alias
+    echo "WEBMAIL_ALIAS='webmail'" >> $HESTIA/conf/hestia.conf
+
+    # Add robots.txt
+    echo "User-agent: *" > /var/lib/roundcubemail/robots.txt
+    echo "Disallow: /" >> /var/lib/roundcubemail/robots.txt
+
+    # Restart services
+    if [ "$apache" = 'yes' ]; then
+        systemctl restart httpd
+    fi
+    if [ "$nginx" = 'yes' ]; then
+        systemctl restart nginx
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                    Configure Fail2Ban                    #
+#----------------------------------------------------------#
+
+if [ "$fail2ban" = 'yes' ]; then
+    echo "(*) Configuring fail2ban access monitor..."
+    cp -rf $HESTIA_INSTALL_DIR/fail2ban /etc/
+    if [ "$dovecot" = 'no' ]; then
+        fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2)
+        fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
+        sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
+    fi
+    if [ "$exim" = 'no' ]; then
+        fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2)
+        fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
+        sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
+    fi
+    if [ "$vsftpd" = 'yes' ]; then
+        #Create vsftpd Log File
+        if [ ! -f "/var/log/vsftpd.log" ]; then
+            touch /var/log/vsftpd.log
+        fi
+        fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2)
+        fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
+        sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local
+    fi 
+
+
+
+
+
+
+
+
+
+    systemctl enable fail2ban
+    systemctl start fail2ban
+    check_result $? "fail2ban start failed"
+fi
+
+
+#----------------------------------------------------------#
+#                       Configure API                      #
+#----------------------------------------------------------#
+
+if [ "$api" = 'yes' ]; then
+    echo "API='yes'" >> $HESTIA/conf/hestia.conf
+else
+    rm -r $HESTIA/web/api
+    echo "API='no'" >> $HESTIA/conf/hestia.conf
+fi
+
+
+#----------------------------------------------------------#
+#                      Fix phpmyadmin                      #
+#----------------------------------------------------------#
+# Special thanks to Pavel Galkin (https://skurudo.ru)
+# https://github.com/skurudo/phpmyadmin-fixer
+
+if [ "$mysql" = 'yes' ]; then
+    source $HESTIA_INSTALL_DIR/phpmyadmin/pma.sh > /dev/null 2>&1
+fi
+
+
+#----------------------------------------------------------#
+#                   Configure Admin User                   #
+#----------------------------------------------------------#
+
+# Deleting old admin user
+if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
+    chattr -i /home/admin/conf > /dev/null 2>&1
+    userdel -f admin > /dev/null 2>&1
+    chattr -i /home/admin/conf > /dev/null 2>&1
+    mv -f /home/admin  $hst_backups/home/ > /dev/null 2>&1
+    rm -f /tmp/sess_* > /dev/null 2>&1
+fi
+if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
+    groupdel admin > /dev/null 2>&1
+fi
+
+# Enable sftp jail
+$HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1
+check_result $? "can't enable sftp jail"
+
+# Adding Hestia admin account
+$HESTIA/bin/v-add-user admin $vpass $email default System Administrator
+check_result $? "can't create admin user"
+$HESTIA/bin/v-change-user-shell admin nologin
+$HESTIA/bin/v-change-user-language admin $lang
+chown admin:admin $HESTIA/data/sessions
+chown admin:admin $HESTIA/php/var/log
+chown admin:admin $HESTIA/php/var/run
+
+# Roundcube permissions fix
+if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
+    if [ ! -d "/var/log/roundcube" ]; then
+        mkdir /var/log/roundcube
+    fi
+    chown admin:admin /var/log/roundcube
+fi
+
+# Configuring system IPs
+$HESTIA/bin/v-update-sys-ip > /dev/null 2>&1
+
+# Get main IP
+ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
+
+# Configuring firewall
+if [ "$iptables" = 'yes' ]; then
+    $HESTIA/bin/v-update-firewall
+fi
+
+# Get public IP
+pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
+
+if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
+    $HESTIA/bin/v-change-sys-ip-nat $ip $pub_ip > /dev/null 2>&1
+    ip=$pub_ip
+fi
+
+# Configuring libapache2-mod-remoteip
+if [ "$apache" = 'yes' ] && [ "$nginx"  = 'yes' ] ; then
+    cd /etc/httpd/conf.modules.d
+    echo "<IfModule mod_remoteip.c>" > remoteip.conf
+    echo "  RemoteIPHeader X-Real-IP" >> remoteip.conf
+    if [ "$local_ip" != "127.0.0.1" ] && [ "$pub_ip" != "127.0.0.1" ]; then
+        echo "  RemoteIPInternalProxy 127.0.0.1" >> remoteip.conf
+    fi
+    if [ ! -z "$local_ip" ] && [ "$local_ip" != "$pub_ip" ]; then
+        echo "  RemoteIPInternalProxy $local_ip" >> remoteip.conf
+    fi
+    if [ ! -z "$pub_ip" ]; then
+        echo "  RemoteIPInternalProxy $pub_ip" >> remoteip.conf
+    fi
+    echo "</IfModule>" >> remoteip.conf
+    #sed -i "s/LogFormat \"%h/LogFormat \"%a/g" /etc/apache2/apache2.conf
+    #a2enmod remoteip >> $LOG
+    systemctl restart httpd
+fi
+
+# Configuring MySQL/MariaDB host
+if [ "$mysql" = 'yes' ]; then
+    $HESTIA/bin/v-add-database-host mysql localhost root $mpass
+fi
+
+# Configuring PostgreSQL host
+if [ "$postgresql" = 'yes' ]; then
+    $HESTIA/bin/v-add-database-host pgsql localhost postgres $ppass
+fi
+
+# Adding default domain
+$HESTIA/bin/v-add-web-domain admin $servername
+check_result $? "can't create $servername domain"
+
+# Adding cron jobs
+export SCHEDULED_RESTART="yes"
+command="sudo $HESTIA/bin/v-update-sys-queue restart"
+$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
+systemctl restart crond
+
+command="sudo $HESTIA/bin/v-update-sys-queue daily"
+$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
+command="sudo $HESTIA/bin/v-update-sys-queue disk"
+$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
+command="sudo $HESTIA/bin/v-update-sys-queue traffic"
+$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
+command="sudo $HESTIA/bin/v-update-sys-queue webstats"
+$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
+command="sudo $HESTIA/bin/v-update-sys-queue backup"
+$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
+command="sudo $HESTIA/bin/v-backup-users"
+$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
+command="sudo $HESTIA/bin/v-update-user-stats"
+$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
+command="sudo $HESTIA/bin/v-update-sys-rrd"
+$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
+
+# Enable automatic updates
+$HESTIA/bin/v-add-cron-hestia-autoupdate
+
+# Building initital rrd images
+$HESTIA/bin/v-update-sys-rrd
+
+# Enabling file system quota
+if [ "$quota" = 'yes' ]; then
+    $HESTIA/bin/v-add-sys-quota
+fi
+
+# Set backend port
+$HESTIA/bin/v-change-sys-port $port
+
+# Set default theme
+$HESTIA/bin/v-change-sys-theme 'default'
+
+# Starting Hestia service
+systemctl enable hestia-php
+systemctl enable hestia-nginx
+systemctl start hestia-php && systemctl start hestia-nginx
+check_result $? "hestia start failed"
+
+
+#----------------------------------------------------------#
+#                  Configure FileManager                   #
+#----------------------------------------------------------#
+
+echo "(*) Configuring Filegator FileManager..."
+source $HESTIA_INSTALL_DIR/filemanager/install-fm.sh > /dev/null 2>&1
+
+
+#----------------------------------------------------------#
+#                   Hestia Access Info                     #
+#----------------------------------------------------------#
+
+# Comparing hostname and IP
+host_ip=$(host $servername| head -n 1 |awk '{print $NF}')
+if [ "$host_ip" = "$ip" ]; then
+    ip="$servername"
+fi
+
+echo -e "\n"
+echo "===================================================================="
+echo -e "\n"
+
+# Sending notification to admin email
+echo -e "Congratulations!
+
+You have successfully installed Hestia Control Panel on your server.
+
+Ready to get started? Log in using the following credentials:
+
+    Admin URL:  https://$ip:$port
+    Username:   admin
+    Password:   $vpass
+
+Thank you for choosing Hestia Control Panel to power your full stack web server,
+we hope that you enjoy using it as much as we do!
+
+Please feel free to contact us at any time if you have any questions,
+or if you encounter any bugs or problems:
+
+E-mail:  info@hestiacp.com
+Web:     https://www.hestiacp.com/
+Forum:   https://forum.hestiacp.com/
+GitHub:  https://www.github.com/hestiacp/hestiacp
+
+Note: Automatic updates are enabled by default. If you would like to disable them,
+please log in and navigate to Server > Updates to turn them off.
+
+Help support the Hestia Contol Panel project by donating via PayPal:
+https://www.hestiacp.com/donate
+--
+Sincerely yours,
+The Hestia Control Panel development team
+
+Made with love & pride by the open-source community around the world.
+" > $tmpfile
+
+send_mail="$HESTIA/web/inc/mail-wrapper.php"
+cat $tmpfile | $send_mail -s "Hestia Control Panel" $email
+
+# Congrats
+echo
+cat $tmpfile
+rm -f $tmpfile
+
+# Add welcome message to notification panel
+$HESTIA/bin/v-add-user-notification admin 'Welcome!' 'For more information on how to use Hestia Control Panel, click on the Help icon in the top right corner of the toolbar.<br><br>Please report any bugs or issues on GitHub at<br>https://github.com/hestiacp/hestiacp/issues<br><br>Have a great day!'
+
+echo "(!) IMPORTANT: You must logout or restart the server before continuing."
+echo ""
+if [ "$interactive" = 'yes' ]; then
+    echo -n " Do you want to reboot now? [Y/N] "
+    read reboot
+
+    if [ "$reboot" = "Y" ] || [ "$reboot" = "y" ]; then
+        reboot
+    fi
+fi
+
+# EOF

install/rhel/bind/named.conf

@@ -0,0 +1,3 @@
+include "/etc/named.rfc1912.zones";
+include "/etc/named.root.key";
+include "/etc/named.conf.options";

install/rhel/bind/named.conf.options

@@ -0,0 +1,24 @@
+options {
+        directory "/var/named";
+         // If there is a firewall between you and nameservers you want
+        // to talk to, you may need to fix the firewall to allow multiple
+        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+         // If your ISP provided one or more IP addresses for stable
+        // nameservers, you probably want to use them as forwarders.
+        // Uncomment the following block, and insert the addresses replacing
+        // the all-0's placeholder.
+         // forwarders {
+        //      0.0.0.0;
+        // };
+         //========================================================================
+        // If BIND logs error messages about the root key being expired,
+        // you will need to update your keys.  See https://www.isc.org/bind-keys
+        //========================================================================
+        dnssec-validation auto;
+        auth-nxdomain no;
+        allow-recursion { 127.0.0.1; ::1; };
+        allow-transfer {"none";};
+        hostname none;
+        server-id none;
+        version none;
+};

install/rhel/clamav/clamd.conf

@@ -0,0 +1,60 @@
+#Automatically Generated by clamav-base postinst
+#To reconfigure clamd run #dpkg-reconfigure clamav-base
+#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
+LocalSocket /var/run/clamav/clamd.ctl
+FixStaleSocket true
+LocalSocketGroup clamav
+LocalSocketMode 666
+# TemporaryDirectory is not set to its default /tmp here to make overriding
+# the default with environment variables TMPDIR/TMP/TEMP possible
+User clamav
+# AllowSupplementaryGroups true
+ScanMail true
+ScanArchive true
+ArchiveBlockEncrypted false
+MaxDirectoryRecursion 15
+FollowDirectorySymlinks false
+FollowFileSymlinks false
+ReadTimeout 180
+MaxThreads 12
+MaxConnectionQueueLength 15
+LogSyslog false
+LogFacility LOG_LOCAL6
+LogClean false
+LogVerbose true
+PidFile /var/run/clamav/clamd.pid
+DatabaseDirectory /var/lib/clamav
+SelfCheck 3600
+Foreground false
+Debug false
+ScanPE true
+ScanOLE2 true
+ScanHTML true
+ExitOnOOM false
+LeaveTemporaryFiles false
+AlgorithmicDetection true
+ScanELF true
+IdleTimeout 30
+PhishingSignatures true
+PhishingScanURLs true
+PhishingAlwaysBlockSSLMismatch false
+PhishingAlwaysBlockCloak false
+DetectPUA false
+ScanPartialMessages false
+HeuristicScanPrecedence false
+StructuredDataDetection false
+CommandReadTimeout 5
+SendBufTimeout 200
+MaxQueue 100
+ExtendedDetectionInfo true
+OLE2BlockMacros false
+StreamMaxLength 25M
+LogFile /var/log/clamav/clamav.log
+LogTime true
+LogFileUnlock false
+LogFileMaxSize 0
+Bytecode true
+BytecodeSecurity TrustSigned
+BytecodeTimeout 60000
+OfficialDatabaseOnly false
+CrossFilesystems true

install/rhel/clamav/clamd.service

@@ -0,0 +1,12 @@
+[Unit]
+Description = clamd scanner (%i) daemon
+After = syslog.target nss-lookup.target network.target
+
+[Service]
+Type = simple
+ExecStart = /usr/sbin/clamd -c /etc/clamd.conf
+Restart = on-failure
+PrivateTmp = true
+
+[Install]
+WantedBy=multi-user.target

install/rhel/clamav/freshclam.conf

@@ -0,0 +1,210 @@
+##
+## Example config file for freshclam
+## Please read the freshclam.conf(5) manual before editing this file.
+##
+
+
+# Comment or remove the line below.
+#Example
+
+# Path to the database directory.
+# WARNING: It must match clamd.conf's directive!
+# Default: hardcoded (depends on installation options)
+#DatabaseDirectory /var/lib/clamav
+
+# Path to the log file (make sure it has proper permissions)
+# Default: disabled
+#UpdateLogFile /var/log/freshclam.log
+
+# Maximum size of the log file.
+# Value of 0 disables the limit.
+# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
+# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
+# in bytes just don't use modifiers. If LogFileMaxSize is enabled,
+# log rotation (the LogRotate option) will always be enabled.
+# Default: 1M
+#LogFileMaxSize 2M
+
+# Log time with each message.
+# Default: no
+#LogTime yes
+
+# Enable verbose logging.
+# Default: no
+#LogVerbose yes
+
+# Use system logger (can work together with UpdateLogFile).
+# Default: no
+#LogSyslog yes
+
+# Specify the type of syslog messages - please refer to 'man syslog'
+# for facility names.
+# Default: LOG_LOCAL6
+#LogFacility LOG_MAIL
+
+# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
+# Default: no
+#LogRotate yes
+
+# This option allows you to save the process identifier of the daemon
+# Default: disabled
+#PidFile /var/run/freshclam.pid
+
+# By default when started freshclam drops privileges and switches to the
+# "clamav" user. This directive allows you to change the database owner.
+# Default: clamav (may depend on installation options)
+#DatabaseOwner clamupdate
+
+# Use DNS to verify virus database version. Freshclam uses DNS TXT records
+# to verify database and software versions. With this directive you can change
+# the database verification domain.
+# WARNING: Do not touch it unless you're configuring freshclam to use your
+# own database verification domain.
+# Default: current.cvd.clamav.net
+#DNSDatabaseInfo current.cvd.clamav.net
+
+# database.clamav.net is now the primary domain name to be used world-wide.
+# Now that CloudFlare is being used as our Content Delivery Network (CDN),
+# this one domain name works world-wide to direct freshclam to the closest
+# geographic endpoint.
+# If the old db.XY.clamav.net domains are set, freshclam will automatically
+# use database.clamav.net instead.
+DatabaseMirror database.clamav.net
+
+# How many attempts to make before giving up.
+# Default: 3 (per mirror)
+#MaxAttempts 5
+
+# With this option you can control scripted updates. It's highly recommended
+# to keep it enabled.
+# Default: yes
+#ScriptedUpdates yes
+
+# By default freshclam will keep the local databases (.cld) uncompressed to
+# make their handling faster. With this option you can enable the compression;
+# the change will take effect with the next database update.
+# Default: no
+#CompressLocalDatabase no
+
+# With this option you can provide custom sources for database files.
+# This option can be used multiple times. Support for:
+#   http(s)://, ftp(s)://, or file://
+# Default: no custom URLs
+#DatabaseCustomURL http://myserver.example.com/mysigs.ndb
+#DatabaseCustomURL https://myserver.example.com/mysigs.ndb
+#DatabaseCustomURL https://myserver.example.com:4567/whitelist.wdb
+#DatabaseCustomURL ftp://myserver.example.com/example.ldb
+#DatabaseCustomURL ftps://myserver.example.com:4567/example.ndb
+#DatabaseCustomURL file:///mnt/nfs/local.hdb
+
+# This option allows you to easily point freshclam to private mirrors.
+# If PrivateMirror is set, freshclam does not attempt to use DNS
+# to determine whether its databases are out-of-date, instead it will
+# use the If-Modified-Since request or directly check the headers of the
+# remote database files. For each database, freshclam first attempts
+# to download the CLD file. If that fails, it tries to download the
+# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
+# and ScriptedUpdates. It can be used multiple times to provide
+# fall-back mirrors.
+# Default: disabled
+#PrivateMirror mirror1.example.com
+#PrivateMirror mirror2.example.com
+
+# Number of database checks per day.
+# Default: 12 (every two hours)
+#Checks 24
+
+# Proxy settings
+# The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind
+# of proxy is used.
+#   http://     HTTP Proxy. Default when no scheme or proxy type is specified.
+#   https://    HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS and NSS)
+#   socks4://   SOCKS4 Proxy.
+#   socks4a://  SOCKS4a Proxy. Proxy resolves URL hostname.
+#   socks5://   SOCKS5 Proxy.
+#   socks5h://  SOCKS5 Proxy. Proxy resolves URL hostname.
+# Default: disabled
+#HTTPProxyServer https://proxy.example.com
+#HTTPProxyPort 1234
+#HTTPProxyUsername myusername
+#HTTPProxyPassword mypass
+
+# If your servers are behind a firewall/proxy which applies User-Agent
+# filtering you can use this option to force the use of a different
+# User-Agent header.
+# Default: clamav/version_number
+#HTTPUserAgent SomeUserAgentIdString
+
+# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
+# multi-homed systems.
+# Default: Use OS'es default outgoing IP address.
+#LocalIPAddress aaa.bbb.ccc.ddd
+
+# Send the RELOAD command to clamd.
+# Default: no
+#NotifyClamd /path/to/clamd.conf
+
+# Run command after successful database update.
+# Default: disabled
+#OnUpdateExecute command
+
+# Run command when database update process fails.
+# Default: disabled
+#OnErrorExecute command
+
+# Run command when freshclam reports outdated version.
+# In the command string %v will be replaced by the new version number.
+# Default: disabled
+#OnOutdatedExecute command
+
+# Don't fork into background.
+# Default: no
+#Foreground yes
+
+# Enable debug messages in libclamav.
+# Default: no
+#Debug yes
+
+# Timeout in seconds when connecting to database server.
+# Default: 30
+#ConnectTimeout 60
+
+# Timeout in seconds when reading from database server.
+# Default: 0
+#ReceiveTimeout 1800
+
+# With this option enabled, freshclam will attempt to load new
+# databases into memory to make sure they are properly handled
+# by libclamav before replacing the old ones.
+# Default: yes
+#TestDatabases yes
+
+# This option enables support for Google Safe Browsing. When activated for
+# the first time, freshclam will download a new database file
+# (safebrowsing.cvd) which will be automatically loaded by clamd and
+# clamscan during the next reload, provided that the heuristic phishing
+# detection is turned on. This database includes information about websites
+# that may be phishing sites or possible sources of malware. When using this
+# option, it's mandatory to run freshclam at least every 30 minutes.
+# Freshclam uses the ClamAV's mirror infrastructure to distribute the
+# database and its updates but all the contents are provided under Google's
+# terms of use.
+# See https://transparencyreport.google.com/safe-browsing/overview
+# and https://www.clamav.net/documents/safebrowsing for more information.
+# Default: no
+#SafeBrowsing yes
+
+# This option enables downloading of bytecode.cvd, which includes additional
+# detection mechanisms and improvements to the ClamAV engine.
+# Default: yes
+#Bytecode no
+
+# Include an optional signature databases (opt-in).
+# This option can be used multiple times.
+#ExtraDatabase dbname1
+#ExtraDatabase dbname2
+
+# Exclude a standard signature database (opt-out).
+# This option can be used multiple times.
+#ExcludeDatabase dbname1
+#ExcludeDatabase dbname2

install/rhel/dovecot/conf.d/10-auth.conf

@@ -0,0 +1,5 @@
+disable_plaintext_auth = no
+auth_username_format = %u
+auth_verbose = yes
+auth_mechanisms = plain login
+!include auth-passwdfile.conf.ext

install/rhel/dovecot/conf.d/10-logging.conf

@@ -0,0 +1 @@
+log_path = /var/log/dovecot.log

install/rhel/dovecot/conf.d/10-mail.conf

@@ -0,0 +1,8 @@
+mail_privileged_group = mail
+mail_access_groups = mail
+mail_location = maildir:%h/mail/%d/%n
+pop3_uidl_format = %08Xu%08Xv
+
+mailbox_list_index = yes
+mailbox_idle_check_interval = 30 secs
+maildir_copy_with_hardlinks = yes

install/rhel/dovecot/conf.d/10-master.conf

@@ -0,0 +1,29 @@
+service imap-login {
+  inet_listener imap {
+  }
+  inet_listener imaps {
+  }
+}
+
+service pop3-login {
+  inet_listener pop3 {
+  }
+  inet_listener pop3s {
+  }
+}
+
+
+service imap {
+}
+
+service pop3 {
+}
+
+service auth {
+  unix_listener auth-client {
+    group = mail
+    mode = 0660
+    user = dovecot
+  }
+  user = dovecot
+}

install/rhel/dovecot/conf.d/10-ssl.conf

@@ -0,0 +1,13 @@
+ssl = yes
+ssl_protocols = !SSLv3 !TLSv1
+ssl_prefer_server_ciphers = yes
+ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+
+ssl_cert = </usr/local/hestia/ssl/certificate.crt
+ssl_key = </usr/local/hestia/ssl/certificate.key
+
+# From and up to version 2.2
+ssl_dh_parameters_length = 4096
+
+# From version 2.3
+#ssl_dh = </etc/ssl/dhparam.pem

install/rhel/dovecot/conf.d/20-imap.conf

@@ -0,0 +1,59 @@
+##
+## IMAP specific settings
+##
+
+protocol imap {
+  # Maximum IMAP command line length. Some clients generate very long command
+  # lines with huge mailboxes, so you may need to raise this if you get
+  # "Too long argument" or "IMAP command line too large" errors often.
+  #imap_max_line_length = 64k
+
+  # Maximum number of IMAP connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+  mail_plugins = quota imap_quota
+
+  # IMAP logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #imap_logout_format = bytes=%i/%o
+
+  # Override the IMAP CAPABILITY response. If the value begins with '+',
+  # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+  #imap_capability = 
+
+  # How long to wait between "OK Still here" notifications when client is
+  # IDLEing.
+  #imap_idle_notify_interval = 2 mins
+
+  # ID field names and values to send to clients. Using * as the value makes
+  # Dovecot use the default value. The following fields have default values
+  # currently: name, version, os, os-version, support-url, support-email.
+  #imap_id_send = 
+
+  # ID fields sent by client to log. * means everything.
+  #imap_id_log =
+
+  # Workarounds for various client bugs:
+  #   delay-newmail:
+  #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
+  #     and CHECK commands. Some clients ignore them otherwise, for example OSX
+  #     Mail (<v2.1). Outlook Express breaks more badly though, without this it
+  #     may show user "Message no longer in server" errors. Note that OE6 still
+  #     breaks even with this workaround if synchronization is set to
+  #     "Headers Only".
+  #   tb-extra-mailbox-sep:
+  #     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+  #     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+  #     ignore the extra '/' instead of treating it as invalid mailbox name.
+  #   tb-lsub-flags:
+  #     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+  #     This makes Thunderbird realize they aren't selectable and show them
+  #     greyed out, instead of only later giving "not selectable" popup error.
+  #
+  # The list is space-separated.
+  #imap_client_workarounds = 
+}

install/rhel/dovecot/conf.d/20-pop3.conf

@@ -0,0 +1,92 @@
+##
+## POP3 specific settings
+##
+
+protocol pop3 {
+  # Don't try to set mails non-recent or seen with POP3 sessions. This is
+  # mostly intended to reduce disk I/O. With maildir it doesn't move files
+  # from new/ to cur/, with mbox it doesn't write Status-header.
+  #pop3_no_flag_updates = no
+
+  # Support LAST command which exists in old POP3 specs, but has been removed
+  # from new ones. Some clients still wish to use this though. Enabling this
+  # makes RSET command clear all \Seen flags from messages.
+  #pop3_enable_last = no
+
+  # If mail has X-UIDL header, use it as the mail's UIDL.
+  #pop3_reuse_xuidl = no
+
+  # Keep the mailbox locked for the entire POP3 session.
+  #pop3_lock_session = no
+
+  # POP3 requires message sizes to be listed as if they had CR+LF linefeeds.
+  # Many POP3 servers violate this by returning the sizes with LF linefeeds,
+  # because it's faster to get. When this setting is enabled, Dovecot still
+  # tries to do the right thing first, but if that requires opening the
+  # message, it fallbacks to the easier (but incorrect) size.
+  #pop3_fast_size_lookups = no
+
+  # POP3 UIDL (unique mail identifier) format to use. You can use following
+  # variables, along with the variable modifiers described in
+  # doc/wiki/Variables.txt (e.g. %Uf for the filename in uppercase)
+  #
+  #  %v - Mailbox's IMAP UIDVALIDITY
+  #  %u - Mail's IMAP UID
+  #  %m - MD5 sum of the mailbox headers in hex (mbox only)
+  #  %f - filename (maildir only)
+  #  %g - Mail's GUID
+  #
+  # If you want UIDL compatibility with other POP3 servers, use:
+  #  UW's ipop3d         : %08Xv%08Xu
+  #  Courier             : %f or %v-%u (both might be used simultaneosly)
+  #  Cyrus (<= 2.1.3)    : %u
+  #  Cyrus (>= 2.1.4)    : %v.%u
+  #  Dovecot v0.99.x     : %v.%u
+  #  tpop3d              : %Mf
+  #
+  # Note that Outlook 2003 seems to have problems with %v.%u format which was
+  # Dovecot's default, so if you're building a new server it would be a good
+  # idea to change this. %08Xu%08Xv should be pretty fail-safe.
+  #
+  #pop3_uidl_format = %08Xu%08Xv
+
+  # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
+  # won't change those UIDLs. Currently this works only with Maildir.
+  #pop3_save_uidl = no
+
+  # What to do about duplicate UIDLs if they exist?
+  #   allow: Show duplicates to clients.
+  #   rename: Append a temporary -2, -3, etc. counter after the UIDL.
+  #pop3_uidl_duplicates = allow
+
+  # POP3 logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #  %t - number of TOP commands
+  #  %p - number of bytes sent to client as a result of TOP command
+  #  %r - number of RETR commands
+  #  %b - number of bytes sent to client as a result of RETR command
+  #  %d - number of deleted messages
+  #  %m - number of messages (before deletion)
+  #  %s - mailbox size in bytes (before deletion)
+  #  %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly
+  #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
+
+  # Maximum number of POP3 connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+
+  # Space separated list of plugins to load (default is global mail_plugins).
+  #mail_plugins = $mail_plugins
+  mail_plugins = quota
+
+  # Workarounds for various client bugs:
+  #   outlook-no-nuls:
+  #     Outlook and Outlook Express hang if mails contain NUL characters.
+  #     This setting replaces them with 0x80 character.
+  #   oe-ns-eoh:
+  #     Outlook Express and Netscape Mail breaks if end of headers-line is
+  #     missing. This option simply sends it if it's missing.
+  # The list is space-separated.
+  #pop3_client_workarounds = 
+}

install/rhel/dovecot/conf.d/90-quota.conf

@@ -0,0 +1,84 @@
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+# Quota limits are set using "quota_rule" parameters. To get per-user quota
+# limits, you can set/override them by returning "quota_rule" extra field
+# from userdb. It's also possible to give mailbox-specific limits, for example
+# to give additional 100 MB when saving to Trash:
+
+plugin {
+  #quota_rule = *:storage=1G
+  #quota_rule2 = Trash:storage=+100M
+
+  # LDA/LMTP allows saving the last mail to bring user from under quota to
+  # over quota, if the quota doesn't grow too high. Default is to allow as
+  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
+  #quota_grace = 10%%
+
+  # Quota plugin can also limit the maximum accepted mail size.
+  #quota_max_mail_size = 100M
+}
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is excecuted, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+  #quota_warning = storage=95%% quota-warning 95 %u
+  #quota_warning2 = storage=80%% quota-warning 80 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+#service quota-warning {
+#  executable = script /usr/local/bin/quota-warning.sh
+#  user = dovecot
+#  unix_listener quota-warning {
+#    user = vmail
+#  }
+#}
+
+##
+## Quota backends
+##
+
+# Multiple backends are supported:
+#   dirsize: Find and sum all the files found from mail directory.
+#            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
+#   dict: Keep quota stored in dictionary (eg. SQL)
+#   maildir: Maildir++ quota
+#   fs: Read-only support for filesystem quota
+
+plugin {
+  #quota = dirsize:User quota
+  quota = maildir:User quota
+  #quota = dict:User quota::proxy::quota
+  #quota = fs:User quota
+}
+
+# Multiple quota roots are also possible, for example this gives each user
+# their own 100MB quota and one shared 1GB quota within the domain:
+plugin {
+  #quota = dict:user::proxy::quota
+  #quota2 = dict:domain:%d:proxy::quota_domain
+  #quota_rule = *:storage=102400
+  #quota2_rule = *:storage=1048576
+}
+

install/rhel/dovecot/conf.d/auth-passwdfile.conf.ext

@@ -0,0 +1,9 @@
+passdb {
+  driver = passwd-file
+  args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
+}
+
+userdb {
+  driver = passwd-file
+  args = username_format=%n /etc/exim4/domains/%d/passwd
+}

install/rhel/dovecot/dovecot.conf

@@ -0,0 +1,58 @@
+protocols = imap pop3
+listen = *, ::
+base_dir = /var/run/dovecot/
+login_greeting = Mail Delivery Agent
+!include conf.d/*.conf
+!include_try conf.d/domains/*.conf
+
+namespace {
+    type = private
+    separator = /
+    inbox = yes
+    list = yes
+
+    mailbox Archive {
+        auto = subscribe
+        special_use = \Archive
+    }
+
+    mailbox Drafts {
+        auto = subscribe
+        special_use = \Drafts
+    }
+
+    mailbox Trash {
+        auto = subscribe
+        special_use = \Trash
+    }
+
+    mailbox "Deleted Messages" {
+        auto = no
+        special_use = \Trash
+    }
+
+    mailbox Spam {
+        auto = subscribe
+        special_use = \Junk
+    }
+
+    mailbox Junk {
+        auto = no
+        special_use = \Junk
+    }
+
+    mailbox Sent {
+        auto = subscribe
+        special_use = \Sent
+    }
+
+    mailbox "Sent Mail" {
+        auto = no
+        special_use = \Sent
+    }
+    
+    mailbox "Sent Messages" {
+        auto = no
+        special_use = \Sent
+    }
+}

install/rhel/exim/dnsbl.conf

@@ -0,0 +1,2 @@
+bl.spamcop.net
+zen.spamhaus.org

install/rhel/exim/exim.conf.template

@@ -0,0 +1,426 @@
+######################################################################
+#                                                                    #
+#          Exim configuration file for Hestia Control Panel          #
+#                                                                    #
+######################################################################
+
+#SPAMASSASSIN = yes
+#SPAM_SCORE = 50
+#CLAMD = yes
+
+smtp_banner = $smtp_active_hostname
+add_environment = <; PATH=/bin:/usr/bin
+keep_environment =
+disable_ipv6 = true
+
+domainlist local_domains = dsearch;/etc/exim4/domains/
+domainlist relay_to_domains = dsearch;/etc/exim4/domains/
+hostlist relay_from_hosts = 127.0.0.1
+hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf
+hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf
+no_local_from_check
+untrusted_set_sender = *
+acl_smtp_connect = acl_check_spammers
+acl_smtp_mail = acl_check_mail
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+acl_smtp_mime = acl_check_mime
+
+.ifdef SPAMASSASSIN
+spamd_address = 127.0.0.1 783
+.endif
+
+.ifdef CLAMD
+av_scanner = clamd: /var/run/clamav/clamd.ctl
+.endif
+
+log_selector = +tls_sni
+
+tls_advertise_hosts = *
+
+# We test that $tls_in_sni is a valid domain, by an arbitrary email address foo@domain.tld .
+# Then, we extract the domain with a function that would fail if the email address is invalid.
+# If the certificate exists, we will use it, otherwise the default certificate in /etc/ssl will be used.
+tls_certificate = \
+        ${if and {\
+                     { eq {${domain:foo@$tls_in_sni}} {$tls_in_sni}}\
+                     { exists{/usr/local/hestia/ssl/mail/$tls_in_sni.crt} }\
+                 }\
+                 {/usr/local/hestia/ssl/mail/$tls_in_sni.crt}\
+                 {/usr/local/hestia/ssl/certificate.crt}\
+         }
+
+tls_privatekey = \
+        ${if and {\
+                     { eq {${domain:foo@$tls_in_sni}} {$tls_in_sni}}\
+                     { exists{/usr/local/hestia/ssl/mail/$tls_in_sni.key} }\
+                 }\
+                 {/usr/local/hestia/ssl/mail/$tls_in_sni.key}\
+                 {/usr/local/hestia/ssl/certificate.key}\
+         }
+
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
+never_users = root
+host_lookup = *
+rfc1413_hosts = *
+rfc1413_query_timeout = 5s
+ignore_bounce_errors_after = 2d
+timeout_frozen_after = 7d
+
+DKIM_DOMAIN = ${lc:${domain:$h_from:}}
+DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem
+DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}
+
+OUTGOING_IP = /etc/exim4/domains/$sender_address_domain/ip
+
+
+######################################################################
+#                       ACL CONFIGURATION                            #
+#         Specifies access control lists for incoming SMTP mail      #
+######################################################################
+
+acl_not_smtp = acl_not_smtp
+
+begin acl
+
+# Limit per user for PHP scripts
+acl_not_smtp:
+  deny    message       = Website of user $authenticated_id is sending too many emails - rate overlimit = $sender_rate / $sender_rate_period
+  ratelimit             = 200 / 1h / $authenticated_id
+
+  warn    ratelimit     = 100 / 1h / strict / $authenticated_id
+  log_message           = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period
+
+  accept
+
+acl_check_spammers:
+  accept  hosts         = +whitelist
+
+  drop    message       = Your host in blacklist on this server.
+          log_message   = Host in blacklist
+          hosts         = +spammers
+
+  accept
+
+
+acl_check_mail:
+  deny    condition     = ${if eq{$sender_helo_name}{}}
+          message       = HELO required before MAIL
+
+  drop    message       = Helo name contains an IP address (HELO was $sender_helo_name) and not is valid
+          condition     = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
+          condition     = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}}
+          delay         = 45s
+
+  drop    condition     = ${if isip{$sender_helo_name}}
+          message       = Access denied - Invalid HELO name (See RFC2821 4.1.3)
+
+  drop    condition     = ${if eq{[$interface_address]}{$sender_helo_name}}
+          message       = $interface_address is _my_ address
+
+  accept
+
+
+acl_check_rcpt:
+  accept  hosts         = :
+
+# Limit per email account for SMTP auhenticated users
+  deny    message       = Email account $authenticated_id is sending too many emails - rate overlimit = $sender_rate / $sender_rate_period
+  ratelimit             = 200 / 1h / $authenticated_id
+
+  warn    ratelimit     = 100 / 1h / strict / $authenticated_id
+  log_message           = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period
+
+  deny    message       = Restricted characters in address
+          domains       = +local_domains
+          local_parts   = ^[.] : ^.*[@%!/|]
+
+  deny    message       = Restricted characters in address
+          domains       = !+local_domains
+          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  require verify        = sender
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+
+  accept  authenticated = *
+          control       = submission/domain=
+
+  deny    message       = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
+          hosts         = !+whitelist
+          dnslists      = ${readfile {/etc/exim4/dnsbl.conf}{:}}
+
+  require message       = relay not permitted
+          domains       = +local_domains : +relay_to_domains
+
+  deny    message       = smtp auth required
+         sender_domains = +local_domains
+         !authenticated = *
+
+  require verify        = recipient
+
+.ifdef CLAMD
+  warn    set acl_m0    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}}
+          set acl_m0    = yes
+.endif
+
+.ifdef SPAMASSASSIN
+  warn    set acl_m1    = no
+
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
+          set acl_m1    = yes
+.endif
+
+  accept
+
+
+acl_check_data:
+.ifdef CLAMD
+  deny   message        = Message contains a virus ($malware_name) and has been rejected
+         malware        = */defer_ok
+         condition      = ${if eq{$acl_m0}{yes}{yes}{no}}
+.endif
+
+.ifdef SPAMASSASSIN
+  warn   !authenticated = *
+         hosts          = !+relay_from_hosts
+         condition      = ${if < {$message_size}{1024K}}
+         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
+         spam           = debian-spamd:true/defer_ok
+         add_header     = X-Spam-Score: $spam_score_int
+         add_header     = X-Spam-Bar: $spam_bar
+         add_header     = X-Spam-Report: $spam_report
+         set acl_m2     = $spam_score_int
+
+  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
+         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
+         add_header     = X-Spam-Status: Yes
+         message        = SpamAssassin detected spam (from $sender_address to $recipients).
+.endif
+
+  accept
+
+
+acl_check_mime:
+  deny   message        = Blacklisted file extension detected
+         condition      = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}}
+
+  accept
+
+
+
+######################################################################
+#                   AUTHENTICATION CONFIGURATION                     #
+######################################################################
+begin authenticators
+
+dovecot_plain:
+  driver = dovecot
+  public_name = PLAIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+dovecot_login:
+  driver = dovecot
+  public_name = LOGIN
+  server_socket = /var/run/dovecot/auth-client
+  server_set_id = $auth1
+
+
+
+######################################################################
+#                      ROUTERS CONFIGURATION                         #
+#               Specifies how addresses are handled                  #
+######################################################################
+begin routers
+
+#smarthost:
+#  driver = manualroute
+#  domains = ! +local_domains
+#  transport = remote_smtp
+#  route_list = * smartrelay.hestiacp.com
+#  no_more
+#  no_verify
+
+dnslookup:
+  driver = dnslookup
+  domains = !+local_domains
+  transport = remote_smtp
+  no_more
+
+userforward:
+  driver = redirect
+  check_local_user
+  file = $home/.forward
+  allow_filter
+  no_verify
+  no_expn
+  check_ancestor
+  file_transport = address_file
+  pipe_transport = address_pipe
+  reply_transport = address_reply
+
+procmail:
+  driver = accept
+  check_local_user
+  require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail
+  transport = procmail
+  no_verify
+
+autoreplay:
+  driver = accept
+  require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg
+  condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}}
+  retry_use_local_part
+  transport = userautoreply
+  unseen
+
+aliases:
+  driver = redirect
+  headers_add = X-redirected: yes
+  data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}}
+  require_files = /etc/exim4/domains/$domain/aliases
+  redirect_router = dnslookup
+  pipe_transport = address_pipe
+  unseen
+
+localuser_fwd_only:
+  driver = accept
+  transport = devnull
+  condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}}
+
+localuser_spam:
+  driver = accept
+  transport = local_spam_delivery
+  condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}}
+
+localuser:
+  driver = accept
+  transport = local_delivery
+  condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}}
+
+catchall:
+  driver = redirect
+  headers_add = X-redirected: yes
+  require_files = /etc/exim4/domains/$domain/aliases
+  data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}}
+  file_transport = local_delivery
+  redirect_router = dnslookup
+
+terminate_alias:
+  driver = accept
+  transport = devnull
+  condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}}
+
+
+
+######################################################################
+#                      TRANSPORTS CONFIGURATION                      #
+######################################################################
+begin transports
+
+remote_smtp:
+  driver = smtp
+  helo_data = ${primary_hostname}
+  dkim_domain = DKIM_DOMAIN
+  dkim_selector = mail
+  dkim_private_key = DKIM_PRIVATE_KEY
+  dkim_canon = relaxed
+  dkim_strict = 0
+  interface = ${if exists{OUTGOING_IP}{${readfile{OUTGOING_IP}}}}
+
+procmail:
+  driver = pipe
+  command = "/usr/bin/procmail -d $local_part"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+  user = $local_part
+  initgroups
+  return_output
+
+local_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M
+  quota_warn_threshold = 75%
+
+local_spam_delivery:
+  driver = appendfile
+  maildir_format
+  maildir_use_size_file
+  user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}
+  group = mail
+  create_directory
+  directory_mode = 770
+  mode = 660
+  use_lockfile = no
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam"
+  quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M
+  quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part"
+  quota_warn_threshold = 75%
+
+address_pipe:
+  driver = pipe
+  return_output
+
+address_file:
+  driver = appendfile
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
+address_reply:
+  driver = autoreply
+
+userautoreply:
+  driver = autoreply
+  file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg
+  from = "${local_part}@${domain}"
+  headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit
+  subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}"
+  to = "${sender_address}"
+
+devnull:
+  driver = appendfile
+  file = /dev/null
+
+
+
+######################################################################
+#                      RETRY CONFIGURATION                           #
+######################################################################
+begin retry
+
+# Address or Domain    Error       Retries
+# -----------------    -----       -------
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+
+######################################################################
+#                      REWRITE CONFIGURATION                         #
+######################################################################
+begin rewrite
+
+
+
+######################################################################

install/rhel/fail2ban/action.d/hestia.conf

@@ -0,0 +1,9 @@
+# Fail2Ban configuration file for hestia
+
+[Definition]
+
+actionstart = /usr/local/hestia/bin/v-add-firewall-chain <name>
+actionstop = /usr/local/hestia/bin/v-delete-firewall-chain <name>
+actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-<name>[ \t]'
+actionban = /usr/local/hestia/bin/v-add-firewall-ban <ip> <name>
+actionunban = /usr/local/hestia/bin/v-delete-firewall-ban <ip> <name>

install/rhel/fail2ban/filter.d/hestia.conf

@@ -0,0 +1,10 @@
+# Fail2Ban filter for unsuccessful hestia authentication attempts
+#
+
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex =  .* <HOST> failed to login
+ignoreregex =
+

install/rhel/fail2ban/jail.local

@@ -0,0 +1,55 @@
+[ssh-iptables]
+enabled  = true
+filter   = sshd
+action   = hestia[name=SSH]
+logpath  = /var/log/auth.log
+maxretry = 5
+
+[vsftpd-iptables]
+enabled  = false
+filter   = vsftpd
+action   = hestia[name=FTP]
+logpath  = /var/log/vsftpd.log
+maxretry = 5
+
+[exim-iptables]
+enabled  = true
+filter   = exim
+action   = hestia[name=MAIL]
+logpath  = /var/log/exim4/mainlog
+
+[dovecot-iptables]
+enabled  = true
+filter   = dovecot
+action   = hestia[name=MAIL]
+logpath  = /var/log/dovecot.log
+
+[mysqld-iptables]
+enabled  = false
+filter   = mysqld-auth
+action   = hestia[name=DB]
+logpath  = /var/log/mysql.log
+maxretry = 5
+
+[hestia-iptables]
+enabled  = true
+filter   = hestia
+action   = hestia[name=HESTIA]
+logpath  = /var/log/hestia/auth.log
+maxretry = 5
+
+[roundcube-auth]
+enabled  = false
+filter   = roundcube-auth
+action   = hestia[name=WEB]
+logpath  = /var/log/roundcube/errors
+maxretry = 5
+
+[recidive]
+enabled  = true
+filter   = recidive
+action   = hestia[name=HESTIA]
+logpath  = /var/log/fail2ban.log
+maxretry = 5
+findtime = 86400
+bantime  = 864000

install/rhel/firewall/rules.conf

@@ -0,0 +1,10 @@
+RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16'
+RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='HESTIA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='21:47:04' DATE='2018-11-07'
+RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24'
+RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16'

install/rhel/httpd/hestia-event.conf

@@ -0,0 +1,5 @@
+<IfModule mpm_event_module>
+    <FilesMatch \.php$>
+        SetHandler "proxy:fcgi://127.0.0.1:9000"
+    </FilesMatch>
+</IfModule>

install/rhel/httpd/hestia.conf

@@ -0,0 +1,58 @@
+ServerRoot "/etc/httpd"
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+
+<Directory />
+    AllowOverride All
+</Directory>
+
+DocumentRoot "/var/www/html"
+<Directory "/var/www">
+    AllowOverride All
+    Require all granted
+</Directory>
+
+<Directory "/var/www/html">
+    Options Indexes FollowSymLinks
+    AllowOverride All
+    Require all granted
+</Directory>
+
+DirectoryIndex index.php index.html
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+ErrorLog "logs/error_log"
+LogLevel warn
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%b" bytes
+CustomLog "logs/access_log" combined
+
+TypesConfig /etc/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
+#AddHandler cgi-script .cgi
+
+AddDefaultCharset UTF-8
+
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
+
+EnableSendfile on
+
+<IfModule remoteip_module>
+    RemoteIPHeader X-Real-IP
+    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%a %l %u %t \"%r\" %>s %b" common
+</IfModule>
+
+IncludeOptional conf.d/*.conf

install/rhel/httpd/httpd.conf

@@ -0,0 +1,59 @@
+ServerRoot "/etc/httpd"
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+
+<Directory />
+    AllowOverride none
+</Directory>
+
+DocumentRoot "/var/www/html"
+<Directory "/var/www">
+    AllowOverride None
+    Require all granted
+</Directory>
+
+<Directory "/var/www/html">
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+DirectoryIndex index.php index.html
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+ErrorLog "logs/error_log"
+LogLevel warn
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%b" bytes
+CustomLog "logs/access_log" combined
+
+TypesConfig /etc/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
+#AddHandler cgi-script .cgi
+
+AddDefaultCharset UTF-8
+
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
+
+EnableSendfile on
+
+<IfModule remoteip_module>
+    RemoteIPHeader X-Real-IP
+    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%a %l %u %t \"%r\" %>s %b" common
+</IfModule>
+
+IncludeOptional conf.d/*.conf
+IncludeOptional conf.d/domains/*.conf

install/rhel/httpd/status.conf

@@ -0,0 +1,8 @@
+Listen 127.0.0.1:8081
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1
+#    Allow from all
+</Location>

install/rhel/httpd/unassigned.conf

@@ -0,0 +1,18 @@
+<VirtualHost directIP:directPORT>
+    ServerName directIP
+    DocumentRoot /var/www/html/
+    Alias /error/ /var/www/document_errors/
+
+</VirtualHost>
+
+<VirtualHost directIP:directSSLPORT>
+    ServerName directIP
+    DocumentRoot /var/www/html/
+    Alias /error/ /var/www/document_errors/
+
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile         /usr/local/hestia/ssl/certificate.crt
+    SSLCertificateKeyFile      /usr/local/hestia/ssl/certificate.key
+    
+</VirtualHost>

install/rhel/logrotate/dovecot

@@ -0,0 +1,12 @@
+/var/log/dovecot*.log {
+    rotate 4  
+    weekly
+    missingok
+    notifempty
+    compress
+    delaycompress
+    sharedscripts
+    postrotate
+    doveadm log reopen
+    endscript
+}

install/rhel/logrotate/hestia

@@ -0,0 +1,7 @@
+/usr/local/hestia/log/*.log {
+    rotate 12
+    monthly
+    missingok
+    notifempty
+    create 0600 root root
+}

install/rhel/logrotate/httpd

@@ -0,0 +1,10 @@
+/var/log/httpd/*log /var/log/httpd/domains/*log {
+    missingok
+    notifempty
+    compress
+    sharedscripts
+    postrotate
+        /sbin/service httpd reload > /dev/null 2>/dev/null || true
+        [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
+    endscript
+}

install/rhel/logrotate/nginx

@@ -0,0 +1,13 @@
+/var/log/nginx/*log /var/log/nginx/domains/*log {
+    rotate 4
+    weekly
+    missingok
+    notifempty
+    compress
+    delaycompress
+    create 640
+    sharedscripts
+    postrotate
+        [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
+        endscript
+}

install/rhel/multiphp/httpd/PHP-56.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php5.6-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ ! -f "$pool_file_56" ]; then
+    echo "$pool_conf" > $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-56.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-56.tpl

@@ -0,0 +1,33 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+        
+    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
+    
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes +ExecCGI
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php5.6-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-70.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.0-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ ! -f "$pool_file_70" ]; then
+    echo "$pool_conf" > $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-70.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.0-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-70.tpl

@@ -0,0 +1,33 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+        
+    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
+    
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes +ExecCGI
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.0-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-71.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.1-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ ! -f "$pool_file_71" ]; then
+    echo "$pool_conf" > $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-71.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.1-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-71.tpl

@@ -0,0 +1,33 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+        
+    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
+    
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes +ExecCGI
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.1-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-72.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.2-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ ! -f "$pool_file_72" ]; then
+    echo "$pool_conf" > $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-72.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.2-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-72.tpl

@@ -0,0 +1,33 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+        
+    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
+    
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes +ExecCGI
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.2-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-73.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.3-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ ! -f "$pool_file_73" ]; then
+    echo "$pool_conf" > $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-73.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.3-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-73.tpl

@@ -0,0 +1,33 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+        
+    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
+    
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes +ExecCGI
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.3-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-74.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.4-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ ! -f "$pool_file_74" ]; then
+    echo "$pool_conf" > $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/httpd/PHP-74.stpl

@@ -0,0 +1,36 @@
+<VirtualHost %ip%:%web_ssl_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %sdocroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        SSLRequireSSL
+        Options +Includes -Indexes +ExecCGI
+	</Directory>
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile %ssl_crt%
+    SSLCertificateKeyFile %ssl_key%
+    %ssl_ca_str%SSLCertificateChainFile %ssl_ca%
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/httpd/PHP-74.tpl

@@ -0,0 +1,33 @@
+<VirtualHost %ip%:%web_port%>
+
+    ServerName %domain_idn%
+    %alias_string%
+    ServerAdmin %email%
+    DocumentRoot %docroot%
+    ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
+    Alias /vstats/ %home%/%user%/web/%domain%/stats/
+    Alias /error/ %home%/%user%/web/%domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
+    CustomLog /var/log/%web_system%/domains/%domain%.log combined
+    ErrorLog /var/log/%web_system%/domains/%domain%.error.log
+        
+    IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
+    
+    <Directory %home%/%user%/web/%domain%/stats>
+        AllowOverride All
+    </Directory>
+    <Directory %sdocroot%>
+        AllowOverride All
+        Options +Includes -Indexes +ExecCGI
+    </Directory>
+
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/run/php/php7.4-fpm-%domain%.sock|fcgi://localhost"
+    </FilesMatch>
+    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
+
+    IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
+
+</VirtualHost>
+

install/rhel/multiphp/nginx/PHP-56.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php5.6-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ ! -f "$pool_file_56" ]; then
+    echo "$pool_conf" > $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/nginx/PHP-56.stpl

@@ -0,0 +1,53 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php5.6-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/rhel/multiphp/nginx/PHP-56.tpl

@@ -0,0 +1,48 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+        
+    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php5.6-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/rhel/multiphp/nginx/PHP-70.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.0-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ ! -f "$pool_file_70" ]; then
+    echo "$pool_conf" > $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/nginx/PHP-70.stpl

@@ -0,0 +1,53 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.0-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/rhel/multiphp/nginx/PHP-70.tpl

@@ -0,0 +1,48 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+        
+    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.0-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/rhel/multiphp/nginx/PHP-71.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.1-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ ! -f "$pool_file_71" ]; then
+    echo "$pool_conf" > $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/nginx/PHP-71.stpl

@@ -0,0 +1,53 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.1-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/rhel/multiphp/nginx/PHP-71.tpl

@@ -0,0 +1,48 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+        
+    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.1-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/rhel/multiphp/nginx/PHP-72.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.2-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ ! -f "$pool_file_72" ]; then
+    echo "$pool_conf" > $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ -f "$pool_file_74" ]; then
+    rm $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/nginx/PHP-72.stpl

@@ -0,0 +1,53 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.2-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/rhel/multiphp/nginx/PHP-72.tpl

@@ -0,0 +1,48 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+        
+    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.2-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/rhel/multiphp/nginx/PHP-73.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.3-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ ! -f "$pool_file_73" ]; then
+    echo "$pool_conf" > $pool_file_73
+    service php7.3-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/nginx/PHP-73.stpl

@@ -0,0 +1,53 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.3-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/rhel/multiphp/nginx/PHP-73.tpl

@@ -0,0 +1,48 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+        
+    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.3-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/rhel/multiphp/nginx/PHP-74.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Adding php pool conf
+user="$1"
+domain="$2"
+ip="$3"
+home_dir="$4"
+docroot="$5"
+
+pool_conf="[$2]
+
+listen = /run/php/php7.4-fpm-$2.sock
+listen.owner = $1
+listen.group = apache
+listen.mode = 0660
+
+user = $1
+group = $1
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/$1/tmp
+php_admin_value[session.save_path] = /home/$1/tmp
+php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail
+php_admin_value[upload_max_filesize] = 80M
+php_admin_value[max_execution_time] = 20
+php_admin_value[post_max_size] = 80M
+php_admin_value[memory_limit] = 256M
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f info@$2
+php_admin_flag[mysql.allow_persistent] = off
+php_admin_flag[safe_mode] = off
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/$1/tmp
+env[TMPDIR] = /home/$1/tmp
+env[TEMP] = /home/$1/tmp
+"
+
+pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf"
+pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf"
+pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf"
+pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf"
+pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf"
+pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf"
+
+if [ -f "$pool_file_56" ]; then
+    rm $pool_file_56
+    service php5.6-fpm restart
+fi
+
+if [ -f "$pool_file_70" ]; then
+    rm $pool_file_70
+    service php7.0-fpm restart
+fi
+
+if [ -f "$pool_file_71" ]; then
+    rm $pool_file_71
+    service php7.1-fpm restart
+fi
+
+if [ -f "$pool_file_72" ]; then
+    rm $pool_file_72
+    service php7.2-fpm restart
+fi
+
+if [ -f "$pool_file_73" ]; then
+    rm $pool_file_73
+    service php7.3-fpm restart
+fi
+
+if [ ! -f "$pool_file_74" ]; then
+    echo "$pool_conf" > $pool_file_74
+    service php7.4-fpm restart
+fi
+
+exit 0

install/rhel/multiphp/nginx/PHP-74.stpl

@@ -0,0 +1,53 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        %sdocroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate      %ssl_pem%;
+    ssl_certificate_key  %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.4-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
+}

install/rhel/multiphp/nginx/PHP-74.tpl

@@ -0,0 +1,48 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        %docroot%;
+    index       index.php index.html index.htm;
+    access_log  /var/log/nginx/domains/%domain%.log combined;
+    access_log  /var/log/nginx/domains/%domain%.bytes bytes;
+    error_log   /var/log/nginx/domains/%domain%.error.log error;
+        
+    include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
+
+    location / {
+
+        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
+            expires     max;
+            fastcgi_hide_header "Set-Cookie";
+        }
+
+        location ~ [^/]\.php(/|$) {
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if (!-f $document_root$fastcgi_script_name) {
+                return  404;
+            }
+
+            fastcgi_pass    unix:/run/php/php7.4-fpm-%domain%.sock;
+            fastcgi_index   index.php;
+            include         /etc/nginx/fastcgi_params;
+        }
+    }
+
+    location /error/ {
+        alias   %home%/%user%/web/%domain%/document_errors/;
+    }
+
+    location ~* "/\.(htaccess|htpasswd)$" {
+        deny    all;
+        return  404;
+    }
+
+    location /vstats/ {
+        alias   %home%/%user%/web/%domain%/stats/;
+        include %home%/%user%/web/%domain%/stats/auth.conf*;
+    }
+
+    include     /etc/nginx/conf.d/phpmyadmin.inc*;
+    include     /etc/nginx/conf.d/phppgadmin.inc*;
+    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+}

install/rhel/mysql/my-large.cnf

@@ -0,0 +1,39 @@
+[client]
+port=3306
+
+[mysqld_safe]
+
+[mysqld]
+user=mysql
+port=3306
+tmpdir=/tmp
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+log-error=/var/log/mariadb/mariadb.log
+pid-file=/run/mariadb/mariadb.pid
+
+
+symbolic-links=0
+local-infile=0
+
+skip-external-locking
+key_buffer_size = 256M
+max_allowed_packet = 32M
+table_open_cache = 256
+sort_buffer_size = 1M
+read_buffer_size = 1M
+read_rnd_buffer_size = 4M
+myisam_sort_buffer_size = 64M
+thread_cache_size = 8
+query_cache_size= 16M
+
+#innodb_use_native_aio = 0
+innodb_file_per_table
+
+max_connections=200
+max_user_connections=50
+wait_timeout=10
+interactive_timeout=50
+long_query_time=5
+
+!includedir /etc/my.cnf.d/

install/rhel/mysql/my-medium.cnf

@@ -0,0 +1,37 @@
+[client]
+port=3306
+
+[mysqld_safe]
+
+[mysqld]
+user=mysql
+port=3306
+tmpdir=/tmp
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+log-error=/var/log/mariadb/mariadb.log
+pid-file=/run/mariadb/mariadb.pid
+
+symbolic-links=0
+local-infile=0
+  
+skip-external-locking
+key_buffer_size = 16M
+max_allowed_packet = 16M
+table_open_cache = 64
+sort_buffer_size = 512K
+net_buffer_length = 8K
+read_buffer_size = 256K
+read_rnd_buffer_size = 512K
+myisam_sort_buffer_size = 8M
+
+#innodb_use_native_aio = 0
+innodb_file_per_table
+
+max_connections=70
+max_user_connections=30
+wait_timeout=10
+interactive_timeout=50
+long_query_time=5
+
+!includedir /etc/my.cnf.d/

install/rhel/mysql/my-small.cnf

@@ -0,0 +1,38 @@
+[client]
+port=3306
+
+[mysqld_safe]
+
+[mysqld]
+user=mysql
+port=3306
+tmpdir=/tmp
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+log-error=/var/log/mariadb/mariadb.log
+pid-file=/run/mariadb/mariadb.pid
+
+
+symbolic-links=0
+local-infile=0
+
+skip-external-locking
+key_buffer_size = 16K
+max_allowed_packet = 1M
+table_open_cache = 10
+sort_buffer_size = 64K
+read_buffer_size = 256K
+read_rnd_buffer_size = 256K
+net_buffer_length = 2K
+thread_stack = 240K
+
+#innodb_use_native_aio = 0
+innodb_file_per_table
+
+max_connections=30
+max_user_connections=20
+wait_timeout=10
+interactive_timeout=50
+long_query_time=5
+
+!includedir /etc/my.cnf.d/

install/rhel/nginx/nginx.conf

@@ -0,0 +1,148 @@
+# Server globals
+user                    apache;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log;
+pid                     /var/run/nginx.pid;
+
+# Worker config
+events {
+        worker_connections  1024;
+        use                 epoll;
+        multi_accept        on;
+}
+
+http {
+    # Main settings
+    sendfile                        on;
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+    client_header_timeout           180s;
+    client_body_timeout             180s;
+    client_header_buffer_size       2k;
+    client_body_buffer_size         256k;
+    client_max_body_size            256m;
+    large_client_header_buffers     4 8k;
+    send_timeout                    60s;
+    keepalive_timeout               30s;
+    keepalive_requests              100000;
+    reset_timedout_connection       on;
+    server_tokens                   off;
+    server_name_in_redirect         off;
+    server_names_hash_max_size      512;
+    server_names_hash_bucket_size   512;
+    charset                         utf-8;
+
+    # FastCGI settings
+    fastcgi_buffers                 4 256k;
+    fastcgi_buffer_size             256k;
+    fastcgi_busy_buffers_size       256k;
+    fastcgi_temp_file_write_size    256k;
+    fastcgi_connect_timeout         30s;
+    fastcgi_read_timeout            300s;
+    fastcgi_send_timeout            180s;
+    fastcgi_cache_lock              on;
+    fastcgi_cache_lock_timeout      5s;
+    
+    # Proxy settings
+    proxy_redirect                  off;
+    proxy_set_header                Host $host;
+    proxy_set_header                X-Real-IP $remote_addr;
+    proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass_header               Set-Cookie;
+    proxy_buffers                   32 4k;
+    proxy_connect_timeout           30s;
+    proxy_read_timeout              300s;
+    proxy_send_timeout              180s;
+
+    # Log format
+    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
+                        '"$status" $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format  bytes   '$body_bytes_sent';
+    log_not_found off;
+    access_log off;
+
+    # Mime settings
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Compression
+    gzip                on;
+    gzip_static         on;
+    gzip_vary           on;
+    gzip_comp_level     6;
+    gzip_min_length     1024;
+    gzip_buffers        16 8k;
+    gzip_http_version   1.1;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
+    gzip_proxied        any;
+    gzip_disable        "MSIE [1-6]\.";
+
+    # Cloudflare https://www.cloudflare.com/ips
+    set_real_ip_from 103.21.244.0/22;
+    set_real_ip_from 103.22.200.0/22;
+    set_real_ip_from 103.31.4.0/22;
+    set_real_ip_from 104.16.0.0/12;
+    set_real_ip_from 108.162.192.0/18;
+    set_real_ip_from 131.0.72.0/22;
+    set_real_ip_from 141.101.64.0/18;
+    set_real_ip_from 162.158.0.0/15;
+    set_real_ip_from 172.64.0.0/13;
+    set_real_ip_from 173.245.48.0/20;
+    set_real_ip_from 188.114.96.0/20;
+    set_real_ip_from 190.93.240.0/20;
+    set_real_ip_from 197.234.240.0/22;
+    set_real_ip_from 198.41.128.0/17;
+    #set_real_ip_from  2400:cb00::/32;
+    #set_real_ip_from  2405:b500::/32;
+    #set_real_ip_from  2606:4700::/32;
+    #set_real_ip_from  2803:f800::/32;
+    #set_real_ip_from  2c0f:f248::/32;
+    #set_real_ip_from  2a06:98c0::/29;
+    real_ip_header     CF-Connecting-IP;
+
+    # SSL PCI compliance
+    ssl_session_cache   shared:SSL:20m;
+    ssl_session_timeout 60m;
+    ssl_buffer_size     1400;
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+    ssl_dhparam         /etc/ssl/dhparam.pem;
+    ssl_ecdh_curve      secp384r1;
+    ssl_session_tickets off;
+    resolver 1.0.0.1 1.1.1.1 valid=300s ipv6=off;
+    resolver_timeout    5s;
+
+    # Error pages
+    error_page 403 /error/404.html;
+    error_page 404 /error/404.html;
+    error_page 410 /error/410.html;
+    error_page 500 501 502 503 504 505 /error/50x.html;
+
+    # Cache settings
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
+    proxy_cache_key "$host$request_uri $cookie_user";
+    proxy_temp_path  /var/cache/nginx/temp;
+    proxy_ignore_headers Expires Cache-Control;
+    proxy_cache_use_stale error timeout invalid_header http_502;
+    proxy_cache_valid any 1d;
+
+    # Cache bypass
+    map $http_cookie $no_cache {
+        default 0;
+        ~SESS 1;
+        ~wordpress_logged_in 1;
+    }
+
+    # File cache (static assets)
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+    # Wildcard include
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/conf.d/domains/*.conf;
+}

install/rhel/nginx/phpmyadmin.inc

@@ -0,0 +1,18 @@
+location /phpmyadmin {
+    alias /usr/share/phpmyadmin/;
+
+    location ~ /(libraries|setup) {
+        return 404;
+    }
+
+    location ~ ^/phpmyadmin/(.*\.php)$ {
+        alias /usr/share/phpmyadmin/$1;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+    location /phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
+        root /usr/share/phpmyadmin/;
+    }
+}

install/rhel/nginx/phppgadmin.inc

@@ -0,0 +1,11 @@
+location /phppgadmin {
+    alias /usr/share/phppgadmin/;
+
+    location ~ ^/phppgadmin/(.*\.php)$ {
+        alias /usr/share/phppgadmin/$1;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+}

install/rhel/nginx/status.conf

@@ -0,0 +1,9 @@
+server {
+    listen       127.0.0.1:8084 default;
+    server_name  _;
+    server_name_in_redirect  off;
+    location / {
+        stub_status on;
+        access_log   off;
+   }
+}

install/rhel/nginx/unassigned.inc

@@ -0,0 +1,50 @@
+server {
+    listen directIP:80 default;
+    server_name _;
+    location / {
+        access_log /dev/null;
+        error_log /dev/null;
+        root /var/www/html;
+
+        location /phpmyadmin/ {
+            alias /var/www/document_errors/;
+            return 404;
+        }
+
+        location /phppgadmin/ {
+            alias /var/www/document_errors/;
+            return 404;
+        }
+
+        location /webmail {
+            alias /var/www/document_errors/;
+            return 404;
+        }
+        
+        location /webmail/ {
+            alias /var/www/document_errors/;
+            return 404;
+        }
+
+        location /error/ {
+            alias /var/www/document_errors/;
+        }
+    }
+}
+
+server {
+    listen directIP:443 ssl http2 default;
+    server_name _;
+    ssl_certificate      /usr/local/hestia/ssl/certificate.crt;
+    ssl_certificate_key  /usr/local/hestia/ssl/certificate.key;
+
+    return 301 http://$host$request_uri;
+
+    location / {
+        root /var/www/document_errors/;
+    }
+
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+}

install/rhel/nginx/webmail.inc

@@ -0,0 +1,15 @@
+location /webmail {
+    alias /var/lib/roundcube/;
+
+    location ~ /(config|temp|logs) {
+        return 404;
+    }
+
+    location ~ ^/webmail/(.*\.php)$ {
+        alias /var/lib/roundcube/$1;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
+    }
+}

install/rhel/packages/default.pkg

@@ -0,0 +1,18 @@
+WEB_TEMPLATE='default'
+PROXY_TEMPLATE='default'
+DNS_TEMPLATE='default'
+WEB_DOMAINS='unlimited'
+WEB_ALIASES='unlimited'
+DNS_DOMAINS='unlimited'
+DNS_RECORDS='unlimited'
+MAIL_DOMAINS='unlimited'
+MAIL_ACCOUNTS='unlimited'
+DATABASES='unlimited'
+CRON_JOBS='unlimited'
+DISK_QUOTA='unlimited'
+BANDWIDTH='unlimited'
+NS='ns1.domain.tld,ns2.domain.tld'
+SHELL='nologin'
+BACKUPS='1'
+TIME='18:00:00'
+DATE='2019-01-15'

install/rhel/pga/config.inc.php

@@ -0,0 +1,159 @@
+<?php
+
+    /**
+     * Central phpPgAdmin configuration.  As a user you may modify the
+     * settings here for your particular configuration.
+     *
+     * $Id: config.inc.php-dist,v 1.55 2008/02/18 21:10:31 xzilla Exp $
+     */
+
+    // An example server.  Create as many of these as you wish,
+    // indexed from zero upwards.
+
+    // Display name for the server on the login screen
+    $conf['servers'][0]['desc'] = 'PostgreSQL';
+
+    // Hostname or IP address for server.  Use '' for UNIX domain socket.
+    // use 'localhost' for TCP/IP connection on this computer
+    $conf['servers'][0]['host'] = 'localhost';
+
+    // Database port on server (5432 is the PostgreSQL default)
+    $conf['servers'][0]['port'] = 5432;
+
+    // Database SSL mode
+    // Possible options: disable, allow, prefer, require
+    // To require SSL on older servers use option: legacy
+    // To ignore the SSL mode, use option: unspecified
+    $conf['servers'][0]['sslmode'] = 'allow';
+
+    // Change the default database only if you cannot connect to template1.
+    // For a PostgreSQL 8.1+ server, you can set this to 'postgres'.
+    $conf['servers'][0]['defaultdb'] = 'template1';
+
+    // Specify the path to the database dump utilities for this server.
+    // You can set these to '' if no dumper is available.
+    $conf['servers'][0]['pg_dump_path'] = '/usr/bin/pg_dump';
+    $conf['servers'][0]['pg_dumpall_path'] = '/usr/bin/pg_dumpall';
+
+    // Slony (www.slony.info) support?
+    $conf['servers'][0]['slony_support'] = false;
+    // Specify the path to the Slony SQL scripts (where slony1_base.sql is located, etc.)
+    // No trailing slash.
+    $conf['servers'][0]['slony_sql'] = '/usr/share/pgsql';
+
+    // Example for a second server (PostgreSQL for Windows)
+    //$conf['servers'][1]['desc'] = 'Test Server';
+    //$conf['servers'][1]['host'] = '127.0.0.1';
+    //$conf['servers'][1]['port'] = 5432;
+    //$conf['servers'][1]['sslmode'] = 'allow';
+    //$conf['servers'][1]['defaultdb'] = 'template1';
+    //$conf['servers'][1]['pg_dump_path'] = 'C:\\Program Files\\PostgreSQL\\8.0\\bin\\pg_dump.exe';
+    //$conf['servers'][1]['pg_dumpall_path'] = 'C:\\Program Files\\PostgreSQL\\8.0\\bin\\pg_dumpall.exe';
+    //$conf['servers'][1]['slony_support'] = false;
+    //$conf['servers'][1]['slony_sql'] = 'C:\\Program Files\\PostgreSQL\\8.0\\share';
+
+
+    // Example of groups definition.
+    // Groups allow administrators to logicaly group servers together under group nodes in the left browser tree
+    //
+    // The group '0' description
+    //$conf['srv_groups'][0]['desc'] = 'group one';
+    //
+    // Add here servers indexes belonging to the group '0' seperated by comma
+    //$conf['srv_groups'][0]['servers'] = '0,1,2'; 
+    //
+    // A server can belong to multi groups
+    //$conf['srv_groups'][1]['desc'] = 'group two';
+    //$conf['srv_groups'][1]['servers'] = '3,1';
+
+
+    // Default language. E.g.: 'english', 'polish', etc.  See lang/ directory
+    // for all possibilities. If you specify 'auto' (the default) it will use 
+    // your browser preference.
+    $conf['default_lang'] = 'auto';
+
+    // AutoComplete uses AJAX interaction to list foreign key values 
+    // on insert fields. It currently only works on single column 
+    // foreign keys. You can choose one of the following values:
+    // 'default on' enables AutoComplete and turns it on by default.
+    // 'default off' enables AutoComplete but turns it off by default.
+    // 'disable' disables AutoComplete.
+    $conf['autocomplete'] = 'default on';
+
+    // If extra login security is true, then logins via phpPgAdmin with no
+    // password or certain usernames (pgsql, postgres, root, administrator)
+    // will be denied. Only set this false once you have read the FAQ and
+    // understand how to change PostgreSQL's pg_hba.conf to enable
+    // passworded local connections.
+    $conf['extra_login_security'] = true;
+
+    // Only show owned databases?
+    // Note: This will simply hide other databases in the list - this does
+    // not in any way prevent your users from seeing other database by
+    // other means. (e.g. Run 'SELECT * FROM pg_database' in the SQL area.)
+    $conf['owned_only'] = false;
+
+    // Display comments on objects?  Comments are a good way of documenting
+    // a database, but they do take up space in the interface.
+    $conf['show_comments'] = true;
+
+    // Display "advanced" objects? Setting this to true will show 
+    // aggregates, types, operators, operator classes, conversions, 
+    // languages and casts in phpPgAdmin. These objects are rarely 
+    // administered and can clutter the interface.
+    $conf['show_advanced'] = false;
+
+    // Display "system" objects?
+    $conf['show_system'] = false;
+
+    // Display reports feature?  For this feature to work, you must
+    // install the reports database as explained in the INSTALL file.
+    $conf['show_reports'] = true;
+
+    // Database and table for reports
+    $conf['reports_db'] = 'phppgadmin';
+    $conf['reports_schema'] = 'public';
+    $conf['reports_table'] = 'ppa_reports';
+
+    // Only show owned reports?
+    // Note: This does not prevent people from accessing other reports by
+    // other means.
+    $conf['owned_reports_only'] = false;
+
+    // Minimum length users can set their password to.
+    $conf['min_password_length'] = 1;
+
+    // Width of the left frame in pixels (object browser)
+    $conf['left_width'] = 200;
+
+    // Which look & feel theme to use
+    $conf['theme'] = 'default';
+
+    // Show OIDs when browsing tables?
+    $conf['show_oids'] = false;
+
+    // Max rows to show on a page when browsing record sets
+    $conf['max_rows'] = 30;
+
+    // Max chars of each field to display by default in browse mode
+    $conf['max_chars'] = 50;
+
+    // Send XHTML strict headers?
+    $conf['use_xhtml_strict'] = false;
+
+    // Base URL for PostgreSQL documentation.
+    // '%s', if present, will be replaced with the PostgreSQL version
+    // (e.g. 8.4 )
+    $conf['help_base'] = 'http://www.postgresql.org/docs/%s/interactive/';
+
+    // Configuration for ajax scripts
+    // Time in seconds. If set to 0, refreshing data using ajax will be disabled (locks and activity pages)
+    $conf['ajax_refresh'] = 3;
+
+    /*****************************************
+     * Don't modify anything below this line *
+     *****************************************/
+
+    $conf['version'] = 19;
+
+?>

install/rhel/pga/phppgadmin.conf

@@ -0,0 +1,31 @@
+Alias /phppgadmin /usr/share/phppgadmin
+
+<Directory /usr/share/phppgadmin>
+
+DirectoryIndex index.php
+AllowOverride None
+
+order deny,allow
+deny from all
+allow from 127.0.0.0/255.0.0.0 ::1/128
+allow from all
+
+<IfModule mod_php5.c>
+  php_flag magic_quotes_gpc Off
+  php_flag track_vars On
+  php_value include_path .
+</IfModule>
+<IfModule !mod_php5.c>
+  <IfModule mod_actions.c>
+    <IfModule mod_cgi.c>
+      AddType application/x-httpd-php .php
+      Action application/x-httpd-php /cgi-bin/php
+    </IfModule>
+    <IfModule mod_cgid.c>
+      AddType application/x-httpd-php .php
+      Action application/x-httpd-php /cgi-bin/php
+    </IfModule>
+  </IfModule>
+</IfModule>
+
+</Directory>

install/rhel/php-fpm/dummy.conf

@@ -0,0 +1,13 @@
+; origin-src: deb/php-fpm/dummy.conf
+
+[www]
+listen = 127.0.0.1:9999
+listen.allowed_clients = 127.0.0.1
+
+user = apache
+group = apache
+
+pm = ondemand
+pm.max_children = 4
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s

install/rhel/php-fpm/multiphp.tpl

@@ -0,0 +1,26 @@
+; origin-src: deb/php-fpm/multiphp.tpl
+
+[%domain%]
+listen = /run/php/php%backend_version%-fpm-%domain%.sock
+listen.owner = %user%
+listen.group = apache
+listen.mode = 0660
+
+user = %user%
+group = %user%
+
+pm = ondemand
+pm.max_children = 8
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s
+pm.status_path = /status
+
+php_admin_value[upload_tmp_dir] = /home/%user%/tmp
+php_admin_value[session.save_path] = /home/%user%/tmp
+php_admin_value[open_basedir] = /home/%user%/web/%domain%/public_html:/home/%user%/web/%domain%/public_shtml:/home/%user%/tmp:/var/www/html:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/lib/roundcube:/tmp:/bin:/usr/bin:/usr/local/bin:/usr/share:/opt
+php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f admin@%domain%
+
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /home/%user%/tmp
+env[TMPDIR] = /home/%user%/tmp
+env[TEMP] = /home/%user%/tmp

install/rhel/php-fpm/www.conf

@@ -0,0 +1,13 @@
+; origin-src: deb/php-fpm/www.conf
+
+[www]
+listen = 127.0.0.1:9000
+listen.allowed_clients = 127.0.0.1
+
+user = apache
+group = apache
+
+pm = ondemand
+pm.max_children = 4
+pm.max_requests = 4000
+pm.process_idle_timeout = 10s

install/rhel/phpmyadmin/create_tables.sql

@@ -0,0 +1,385 @@
+-- --------------------------------------------------------
+-- SQL Commands to set up the pmadb as described in the documentation.
+--
+-- This file is meant for use with MySQL 5 and above!
+--
+-- This script expects the user pma to already be existing. If we would put a
+-- line here to create him too many users might just use this script and end
+-- up with having the same password for the controluser.
+--
+-- This user "pma" must be defined in config.inc.php (controluser/controlpass)
+--
+-- Please don't forget to set up the tablenames in config.inc.php
+--
+
+-- --------------------------------------------------------
+
+--
+-- Database : `phpmyadmin`
+--
+CREATE DATABASE IF NOT EXISTS `phpmyadmin`
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+USE phpmyadmin;
+
+-- --------------------------------------------------------
+
+--
+-- Privileges
+--
+-- (activate this statement if necessary)
+-- GRANT SELECT, INSERT, DELETE, UPDATE, ALTER ON `phpmyadmin`.* TO
+--    'pma'@localhost;
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__usergroups`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__usergroups` (
+  `usergroup` varchar(64) NOT NULL,
+  `tab` varchar(64) NOT NULL,
+  `allowed` enum('Y','N') NOT NULL DEFAULT 'N',
+  PRIMARY KEY (`usergroup`,`tab`,`allowed`)
+)
+  COMMENT='User groups with configured menu items'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__designer_coords`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__designer_coords` (
+  `db_name` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `table_name` varchar(64) COLLATE utf8_bin NOT NULL DEFAULT '',
+  `x` int(11) DEFAULT NULL,
+  `y` int(11) DEFAULT NULL,
+  `v` tinyint(4) DEFAULT NULL,
+  `h` tinyint(4) DEFAULT NULL,
+  PRIMARY KEY (`db_name`,`table_name`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Table coordinates for Designer';
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__bookmark`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__bookmark` (
+  `id` int(11) NOT NULL auto_increment,
+  `dbase` varchar(255) NOT NULL default '',
+  `user` varchar(255) NOT NULL default '',
+  `label` varchar(255) COLLATE utf8_general_ci NOT NULL default '',
+  `query` text NOT NULL,
+  PRIMARY KEY  (`id`)
+)
+  COMMENT='Bookmarks'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__column_info`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__column_info` (
+  `id` int(5) unsigned NOT NULL auto_increment,
+  `db_name` varchar(64) NOT NULL default '',
+  `table_name` varchar(64) NOT NULL default '',
+  `column_name` varchar(64) NOT NULL default '',
+  `comment` varchar(255) COLLATE utf8_general_ci NOT NULL default '',
+  `mimetype` varchar(255) COLLATE utf8_general_ci NOT NULL default '',
+  `transformation` varchar(255) NOT NULL default '',
+  `transformation_options` varchar(255) NOT NULL default '',
+  `input_transformation` varchar(255) NOT NULL default '',
+  `input_transformation_options` varchar(255) NOT NULL default '',
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `db_name` (`db_name`,`table_name`,`column_name`)
+)
+  COMMENT='Column information for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__history`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__history` (
+  `id` bigint(20) unsigned NOT NULL auto_increment,
+  `username` varchar(64) NOT NULL default '',
+  `db` varchar(64) NOT NULL default '',
+  `table` varchar(64) NOT NULL default '',
+  `timevalue` timestamp NOT NULL default CURRENT_TIMESTAMP,
+  `sqlquery` text NOT NULL,
+  PRIMARY KEY  (`id`),
+  KEY `username` (`username`,`db`,`table`,`timevalue`)
+)
+  COMMENT='SQL history for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__pdf_pages`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__pdf_pages` (
+  `db_name` varchar(64) NOT NULL default '',
+  `page_nr` int(10) unsigned NOT NULL auto_increment,
+  `page_descr` varchar(50) COLLATE utf8_general_ci NOT NULL default '',
+  PRIMARY KEY  (`page_nr`),
+  KEY `db_name` (`db_name`)
+)
+  COMMENT='PDF relation pages for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__recent`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__recent` (
+  `username` varchar(64) NOT NULL,
+  `tables` text NOT NULL,
+  PRIMARY KEY (`username`)
+)
+  COMMENT='Recently accessed tables'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__favorite`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__favorite` (
+  `username` varchar(64) NOT NULL,
+  `tables` text NOT NULL,
+  PRIMARY KEY (`username`)
+)
+  COMMENT='Favorite tables'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__table_uiprefs`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__table_uiprefs` (
+  `username` varchar(64) NOT NULL,
+  `db_name` varchar(64) NOT NULL,
+  `table_name` varchar(64) NOT NULL,
+  `prefs` text NOT NULL,
+  `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY (`username`,`db_name`,`table_name`)
+)
+  COMMENT='Tables'' UI preferences'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__relation`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__relation` (
+  `master_db` varchar(64) NOT NULL default '',
+  `master_table` varchar(64) NOT NULL default '',
+  `master_field` varchar(64) NOT NULL default '',
+  `foreign_db` varchar(64) NOT NULL default '',
+  `foreign_table` varchar(64) NOT NULL default '',
+  `foreign_field` varchar(64) NOT NULL default '',
+  PRIMARY KEY  (`master_db`,`master_table`,`master_field`),
+  KEY `foreign_field` (`foreign_db`,`foreign_table`)
+)
+  COMMENT='Relation table'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__table_coords`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__table_coords` (
+  `db_name` varchar(64) NOT NULL default '',
+  `table_name` varchar(64) NOT NULL default '',
+  `pdf_page_number` int(11) NOT NULL default '0',
+  `x` float unsigned NOT NULL default '0',
+  `y` float unsigned NOT NULL default '0',
+  PRIMARY KEY  (`db_name`,`table_name`,`pdf_page_number`)
+)
+  COMMENT='Table coordinates for phpMyAdmin PDF output'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__table_info`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__table_info` (
+  `db_name` varchar(64) NOT NULL default '',
+  `table_name` varchar(64) NOT NULL default '',
+  `display_field` varchar(64) NOT NULL default '',
+  PRIMARY KEY  (`db_name`,`table_name`)
+)
+  COMMENT='Table information for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__tracking`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__tracking` (
+  `db_name` varchar(64) NOT NULL,
+  `table_name` varchar(64) NOT NULL,
+  `version` int(10) unsigned NOT NULL,
+  `date_created` datetime NOT NULL,
+  `date_updated` datetime NOT NULL,
+  `schema_snapshot` text NOT NULL,
+  `schema_sql` text,
+  `data_sql` longtext,
+  `tracking` set('UPDATE','REPLACE','INSERT','DELETE','TRUNCATE','CREATE DATABASE','ALTER DATABASE','DROP DATABASE','CREATE TABLE','ALTER TABLE','RENAME TABLE','DROP TABLE','CREATE INDEX','DROP INDEX','CREATE VIEW','ALTER VIEW','DROP VIEW') default NULL,
+  `tracking_active` int(1) unsigned NOT NULL default '1',
+  PRIMARY KEY  (`db_name`,`table_name`,`version`)
+)
+  COMMENT='Database changes tracking for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__userconfig`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__userconfig` (
+  `username` varchar(64) NOT NULL,
+  `timevalue` timestamp NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  `config_data` text NOT NULL,
+  PRIMARY KEY  (`username`)
+)
+  COMMENT='User preferences storage for phpMyAdmin'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__users`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__users` (
+  `username` varchar(64) NOT NULL,
+  `usergroup` varchar(64) NOT NULL,
+  PRIMARY KEY (`username`,`usergroup`)
+)
+  COMMENT='Users and their assignments to user groups'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__usergroups`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__usergroups` (
+  `usergroup` varchar(64) NOT NULL,
+  `tab` varchar(64) NOT NULL,
+  `allowed` enum('Y','N') NOT NULL DEFAULT 'N',
+  PRIMARY KEY (`usergroup`,`tab`,`allowed`)
+)
+  COMMENT='User groups with configured menu items'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__navigationhiding`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__navigationhiding` (
+  `username` varchar(64) NOT NULL,
+  `item_name` varchar(64) NOT NULL,
+  `item_type` varchar(64) NOT NULL,
+  `db_name` varchar(64) NOT NULL,
+  `table_name` varchar(64) NOT NULL,
+  PRIMARY KEY (`username`,`item_name`,`item_type`,`db_name`,`table_name`)
+)
+  COMMENT='Hidden items of navigation tree'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__savedsearches`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__savedsearches` (
+  `id` int(5) unsigned NOT NULL auto_increment,
+  `username` varchar(64) NOT NULL default '',
+  `db_name` varchar(64) NOT NULL default '',
+  `search_name` varchar(64) NOT NULL default '',
+  `search_data` text NOT NULL,
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `u_savedsearches_username_dbname` (`username`,`db_name`,`search_name`)
+)
+  COMMENT='Saved searches'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__central_columns`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__central_columns` (
+  `db_name` varchar(64) NOT NULL,
+  `col_name` varchar(64) NOT NULL,
+  `col_type` varchar(64) NOT NULL,
+  `col_length` text,
+  `col_collation` varchar(64) NOT NULL,
+  `col_isNull` boolean NOT NULL,
+  `col_extra` varchar(255) default '',
+  `col_default` text,
+  PRIMARY KEY (`db_name`,`col_name`)
+)
+  COMMENT='Central list of columns'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__designer_settings`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__designer_settings` (
+  `username` varchar(64) NOT NULL,
+  `settings_data` text NOT NULL,
+  PRIMARY KEY (`username`)
+)
+  COMMENT='Settings related to Designer'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `pma__export_templates`
+--
+
+CREATE TABLE IF NOT EXISTS `pma__export_templates` (
+  `id` int(5) unsigned NOT NULL AUTO_INCREMENT,
+  `username` varchar(64) NOT NULL,
+  `export_type` varchar(10) NOT NULL,
+  `template_name` varchar(64) NOT NULL,
+  `template_data` text NOT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `u_user_type_template` (`username`,`export_type`,`template_name`)
+)
+  COMMENT='Saved export templates'
+  DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;

install/rhel/phpmyadmin/pma.sh

@@ -0,0 +1,146 @@
+#!/bin/bash
+# 
+# phpmyadmin-fixer
+#
+# Fixes for phpmyadmin (configuration storage and some extended features)
+#
+# Original Version by Pavel Galkin (https://skurudo.ru)
+# https://github.com/skurudo/phpmyadmin-fixer
+#
+# Changed some lines to fit to Hestia Configuration.
+#
+
+PASS=$(gen_pass)
+
+#ubuntu phpmyadmin path
+pmapath1="/etc/phpmyadmin/config.inc.php"
+pmapath2="/usr/share/phpmyadmin/config.sample.inc.php"
+
+#delete old and paste new value 
+sed -i '/pmadb/d' $pmapath1
+sed -i '/controluser/d' $pmapath1
+sed -i '/bookmarktable/d' $pmapath1
+sed -i '/relation/d' $pmapath1
+sed -i '/userconfig/d' $pmapath1
+sed -i '/table_info/d' $pmapath1
+sed -i '/column_info/d' $pmapath1
+sed -i '/history/d' $pmapath1
+sed -i '/recent/d' $pmapath1
+sed -i '/table_uiprefs/d' $pmapath1
+sed -i '/tracking/d' $pmapath1
+sed -i '/table_coords/d' $pmapath1
+sed -i '/pdf_pages/d' $pmapath1
+sed -i '/designer_coords/d' $pmapath1
+sed -i '/controlpass/d' $pmapath1
+sed -i '/\$i = 1; /d' $pmapath1
+echo "\$i = 1;" >> $pmapath1
+sed -i '/savedsearches/d' $pmapath1
+sed -i '/navigationhiding/d' $pmapath1
+sed -i '/users/d' $pmapath1
+sed -i '/controlpass/d' $pmapath1
+sed -i '/favorite/d' $pmapath1
+sed -i '/usergroups/d' $pmapath1
+sed -i '/central_columns/d' $pmapath1
+sed -i '/designer_settings/d' $pmapath1
+sed -i '/export_templates/d' $pmapath1
+echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1
+echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1
+
+sed -i '/pmadb/d' $pmapath2
+sed -i '/controluser/d' $pmapath2
+sed -i '/bookmarktable/d' $pmapath2
+sed -i '/relation/d' $pmapath2
+sed -i '/userconfig/d' $pmapath2
+sed -i '/table_info/d' $pmapath2
+sed -i '/column_info/d' $pmapath2
+sed -i '/history/d' $pmapath2
+sed -i '/recent/d' $pmapath2
+sed -i '/table_uiprefs/d' $pmapath2
+sed -i '/tracking/d' $pmapath2
+sed -i '/table_coords/d' $pmapath2
+sed -i '/pdf_pages/d' $pmapath2
+sed -i '/designer_coords/d' $pmapath2
+sed -i '/controlpass/d' $pmapath2
+sed -i '/savedsearches/d' $pmapath2
+sed -i '/navigationhiding/d' $pmapath2
+sed -i '/users/d' $pmapath2
+sed -i '/controlpass/d' $pmapath2
+sed -i '/favorite/d' $pmapath2
+sed -i '/usergroups/d' $pmapath2
+sed -i '/central_columns/d' $pmapath2
+sed -i '/designer_settings/d' $pmapath2
+sed -i '/export_templates/d' $pmapath2
+echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2
+echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2
+
+#SOME WORK with DATABASE (table / user)
+PMADB=phpmyadmin
+PMAUSER=pma
+
+#DROP USER and TABLE
+mysql -uroot <<MYSQL_PMA1
+DROP USER '$PMAUSER'@'localhost';
+DROP DATABASE $PMADB;
+FLUSH PRIVILEGES;
+MYSQL_PMA1
+
+#CREATE PMA USER
+mysql -uroot <<MYSQL_PMA2
+CREATE USER '$PMAUSER'@'localhost' IDENTIFIED BY '$PASS';
+CREATE DATABASE $PMADB;
+MYSQL_PMA2
+
+#GRANT PMA USE SOME RIGHTS
+mysql -uroot <<MYSQL_PMA3
+USE $PMADB;
+GRANT USAGE ON $PMADB.* TO '$PMAUSER'@'localhost' IDENTIFIED BY '$PASS';
+GRANT ALL PRIVILEGES ON $PMADB.* TO '$PMAUSER'@'localhost';
+FLUSH PRIVILEGES;
+MYSQL_PMA3
+
+#MYSQL DB and TABLES ADDITION
+mysql -uroot < $HESTIA_INSTALL_DIR/phpmyadmin/create_tables.sql

install/rhel/pma/apache.conf

@@ -0,0 +1,42 @@
+# phpMyAdmin default Apache configuration
+
+Alias /phpmyadmin /usr/share/phpMyAdmin
+
+<Directory /usr/share/phpMyAdmin>
+	Options FollowSymLinks
+	DirectoryIndex index.php
+
+	<IfModule mod_php5.c>
+		AddType application/x-httpd-php .php
+
+		php_flag magic_quotes_gpc Off
+		php_flag track_vars On
+		php_flag register_globals Off
+		php_admin_flag allow_url_fopen Off
+		php_value include_path .
+		php_admin_value upload_tmp_dir /var/lib/phpMyAdmin/temp
+		php_admin_value open_basedir /usr/share/phpMyAdmin/:/etc/phpMyAdmin/:/var/lib/phpMyAdmin/:/usr/share/php/php-gettext:/usr/share/javascript/
+	</IfModule>
+
+</Directory>
+
+# Authorize for setup
+<Directory /usr/share/phpMyAdmin/setup>
+    <IfModule mod_authn_file.c>
+    AuthType Basic
+    AuthName "phpMyAdmin Setup"
+    AuthUserFile /etc/phpMyAdmin/htpasswd.setup
+    </IfModule>
+    Require valid-user
+</Directory>
+
+# Disallow web access to directories that don't need it
+<Directory /usr/share/phpMyAdmin/libraries>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+<Directory /usr/share/phpMyAdmin/setup/lib>
+    Order Deny,Allow
+    Deny from All
+</Directory>
+

install/rhel/pma/config.inc.php

@@ -0,0 +1,146 @@
+<?php
+/**
+ * Debian local configuration file
+ *
+ * This file overrides the settings made by phpMyAdmin interactive setup
+ * utility.
+ *
+ * For example configuration see
+ *   /usr/share/doc/phpmyadmin/examples/config.sample.inc.php
+ * or
+ *   /usr/share/doc/phpmyadmin/examples/config.manyhosts.inc.php
+ *
+ * NOTE: do not add security sensitive data to this file (like passwords)
+ * unless you really know what you're doing. If you do, any user that can
+ * run PHP or CGI on your webserver will be able to read them. If you still
+ * want to do this, make sure to properly secure the access to this file
+ * (also on the filesystem level).
+ */
+
+function check_file_access($path)
+{
+    if (is_readable($path)) {
+        return true;
+    } else {
+        error_log(
+            'phpmyadmin: Failed to load ' . $path
+            . ' Check group apache has read access and open_basedir restrictions.'
+        );
+        return false;
+    }
+}
+
+// Load secret generated on postinst
+if (check_file_access('/var/lib/phpmyadmin/blowfish_secret.inc.php')) {
+    require('/var/lib/phpmyadmin/blowfish_secret.inc.php');
+}
+
+// Load autoconf local config
+if (check_file_access('/var/lib/phpmyadmin/config.inc.php')) {
+    require('/var/lib/phpmyadmin/config.inc.php');
+}
+
+/**
+ * Server(s) configuration
+ */
+$i = 0;
+// The $cfg['Servers'] array starts with $cfg['Servers'][1].  Do not use $cfg['Servers'][0].
+// You can disable a server config entry by setting host to ''.
+$i++;
+
+/**
+ * Read configuration from dbconfig-common
+ * You can regenerate it using: dpkg-reconfigure -plow phpmyadmin
+ */
+if (check_file_access('/etc/phpmyadmin/config-db.php')) {
+    require('/etc/phpmyadmin/config-db.php');
+}
+
+/* Configure according to dbconfig-common if enabled */
+if (!empty($dbname)) {
+    /* Authentication type */
+    $cfg['Servers'][$i]['auth_type'] = 'cookie';
+    /* Server parameters */
+    if (empty($dbserver)) $dbserver = 'localhost';
+    $cfg['Servers'][$i]['host'] = $dbserver;
+
+    if (!empty($dbport) || $dbserver != 'localhost') {
+        $cfg['Servers'][$i]['connect_type'] = 'tcp';
+        $cfg['Servers'][$i]['port'] = $dbport;
+    }
+    //$cfg['Servers'][$i]['compress'] = false;
+    /* Select mysqli if your server has it */
+    $cfg['Servers'][$i]['extension'] = 'mysqli';
+    /* Optional: User for advanced features */
+    $cfg['Servers'][$i]['controluser'] = $dbuser;
+    $cfg['Servers'][$i]['controlpass'] = $dbpass;
+    /* Optional: Advanced phpMyAdmin features */
+    $cfg['Servers'][$i]['pmadb'] = $dbname;
+    $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
+    $cfg['Servers'][$i]['relation'] = 'pma_relation';
+    $cfg['Servers'][$i]['table_info'] = 'pma_table_info';
+    $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
+    $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
+    $cfg['Servers'][$i]['column_info'] = 'pma_column_info';
+    $cfg['Servers'][$i]['history'] = 'pma_history';
+    $cfg['Servers'][$i]['table_uiprefs'] = 'pma_table_uiprefs';
+    $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';
+    $cfg['Servers'][$i]['tracking'] = 'pma_tracking';
+    $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';
+    $cfg['Servers'][$i]['recent'] = 'pma_recent';
+
+    /* Uncomment the following to enable logging in to passwordless accounts,
+     * after taking note of the associated security risks. */
+    // $cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
+
+    /* Advance to next server for rest of config */
+    $i++;
+}
+
+/* Authentication type */
+//$cfg['Servers'][$i]['auth_type'] = 'cookie';
+/* Server parameters */
+//$cfg['Servers'][$i]['host'] = 'localhost';
+//$cfg['Servers'][$i]['connect_type'] = 'tcp';
+//$cfg['Servers'][$i]['compress'] = false;
+/* Select mysqli if your server has it */
+//$cfg['Servers'][$i]['extension'] = 'mysql';
+/* Optional: User for advanced features */
+// $cfg['Servers'][$i]['controluser'] = 'pma';
+// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
+
+/* Storage database and tables */
+// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
+// $cfg['Servers'][$i]['relation'] = 'pma_relation';
+// $cfg['Servers'][$i]['table_info'] = 'pma_table_info';
+// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
+// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
+// $cfg['Servers'][$i]['column_info'] = 'pma_column_info';
+// $cfg['Servers'][$i]['history'] = 'pma_history';
+// $cfg['Servers'][$i]['table_uiprefs'] = 'pma_table_uiprefs';
+// $cfg['Servers'][$i]['tracking'] = 'pma_tracking';
+// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';
+// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';
+// $cfg['Servers'][$i]['recent'] = 'pma_recent';
+/* Uncomment the following to enable logging in to passwordless accounts,
+ * after taking note of the associated security risks. */
+// $cfg['Servers'][$i]['AllowNoPassword'] = TRUE;
+
+/*
+ * End of servers configuration
+ */
+
+/*
+ * Directories for saving/loading files from server
+ */
+$cfg['UploadDir'] = '';
+$cfg['SaveDir'] = '';
+
+/* Support additional configurations */
+foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
+{
+    include($filename);
+}
+
+

install/rhel/postgresql/pg_hba.conf

@@ -0,0 +1,11 @@
+# "local" is for Unix domain socket connections only
+local   all         all                               ident
+
+# IPv4 local connections:
+host    all         all         127.0.0.1/32          md5
+
+# IPv6 local connections:
+host    all         all         ::1/128               md5
+
+# Others
+host    all         all         0.0.0.0/0             md5

install/rhel/proftpd/proftpd.conf

@@ -0,0 +1,32 @@
+ServerName                      "FTP"
+ServerIdent                     on "FTP Server ready."
+ServerAdmin                     root@localhost
+DefaultServer                   on
+DefaultRoot                  ~ !adm
+
+<IfModule mod_vroot.c>
+    VRootEngine                 on
+    VRootAlias                  /etc/security/pam_env.conf etc/security/pam_env.conf
+</IfModule>
+
+AuthPAMConfig                   proftpd
+AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
+UseReverseDNS                   off
+User                            proftpd
+Group                           nogroup
+MaxInstances                    20
+UseSendfile                     off
+LogFormat                       default "%h %l %u %t \"%r\" %s %b"
+LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
+ListOptions                     -a
+RequireValidShell               off
+PassivePorts                    12000 12100
+
+<Global>
+  Umask                         002
+  IdentLookups                  off
+  AllowOverwrite                yes
+  <Limit ALL SITE_CHMOD>
+    AllowAll
+  </Limit>
+</Global>

install/rhel/roundcube/apache.conf

@@ -0,0 +1,40 @@
+Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
+Alias /roundcube /var/lib/roundcube
+Alias /webmail /var/lib/roundcube
+
+# Access to tinymce files
+<Directory "/usr/share/tinymce/www/">
+      Options Indexes MultiViews FollowSymLinks
+      AllowOverride None
+      Order allow,deny
+      allow from all
+</Directory>
+
+<Directory /var/lib/roundcube/>
+  Options +FollowSymLinks
+  # This is needed to parse /var/lib/roundcube/.htaccess. See its
+  # content before setting AllowOverride to None.
+  AllowOverride All
+  order allow,deny
+  allow from all
+</Directory>
+
+# Protecting basic directories:
+<Directory /var/lib/roundcube/config>
+        Options -FollowSymLinks
+        AllowOverride None
+</Directory>
+
+<Directory /var/lib/roundcube/temp>
+        Options -FollowSymLinks
+        AllowOverride None
+	Order allow,deny
+	Deny from all
+</Directory>
+
+<Directory /var/lib/roundcube/logs>
+        Options -FollowSymLinks
+        AllowOverride None
+	Order allow,deny
+	Deny from all
+</Directory>

install/rhel/roundcube/config.inc.php

@@ -0,0 +1,32 @@
+<?php
+
+// Password Plugin options
+// -----------------------
+// A driver to use for password change. Default: "sql".
+// See README file for list of supported driver names.
+$rcmail_config['password_driver'] = 'hestia';
+
+// Require the new password to be a certain length.
+// set to blank to allow passwords of any length
+$rcmail_config['password_minimum_length'] = 8;
+
+// Require the new password to contain a letter and punctuation character
+// Change to false to remove this check.
+$rcmail_config['password_require_nonalpha'] = false;
+
+// Enables logging of password changes into logs/password
+$rcmail_config['password_log'] = false;
+
+// Comma-separated list of login exceptions for which password change
+// will be not available (no Password tab in Settings)
+$rcmail_config['password_login_exceptions'] = null;
+
+// By default domains in variables are using unicode.
+// Enable this option to use punycoded names
+$rcmail_config['password_idn_ascii'] = false;
+
+// Hestia Driver options
+// -----------------------
+// Control Panel host
+$rcmail_config['password_hestia_host'] = 'localhost';
+$rcmail_config['password_hestia_port'] = '8083';

install/rhel/roundcube/db.inc.php

@@ -0,0 +1,66 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | Configuration file for database access                                |
+ |                                                                       |
+ | This file is part of the RoundCube Webmail client                     |
+ | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
+ | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+
+*/
+
+$rcmail_config = array();
+
+// PEAR database DSN for read/write operations
+// format is db_provider://user:password@host/database 
+
+$rcmail_config['db_dsnw'] = 'mysql://roundcube:%password%@localhost/roundcube';
+// postgres example: 'pgsql://roundcube:pass@localhost/roundcubemail';
+
+// PEAR database DSN for read only operations (if empty write database will be used)
+// useful for database replication
+$rcmail_config['db_dsnr'] = '';
+
+// database backend to use (only db or mdb2 are supported)
+//$rcmail_config['db_backend'] = 'mdb2';
+
+// maximum length of a query in bytes
+$rcmail_config['db_max_length'] = 512000;  // 500K
+
+// use persistent db-connections
+// beware this will not "always" work as expected
+// see: http://www.php.net/manual/en/features.persistent-connections.php
+$rcmail_config['db_persistent'] = FALSE;
+
+
+// you can define specific table names used to store webmail data
+$rcmail_config['db_table_users'] = 'users';
+
+$rcmail_config['db_table_identities'] = 'identities';
+
+$rcmail_config['db_table_contacts'] = 'contacts';
+
+$rcmail_config['db_table_session'] = 'session';
+
+$rcmail_config['db_table_cache'] = 'cache';
+
+$rcmail_config['db_table_messages'] = 'messages';
+
+
+// you can define specific sequence names used in PostgreSQL
+$rcmail_config['db_sequence_users'] = 'user_ids';
+
+$rcmail_config['db_sequence_identities'] = 'identity_ids';
+
+$rcmail_config['db_sequence_contacts'] = 'contact_ids';
+
+$rcmail_config['db_sequence_cache'] = 'cache_ids';
+
+$rcmail_config['db_sequence_messages'] = 'message_ids';
+
+
+// end db config file
+?>

install/rhel/roundcube/hestia.php

@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * Hestia Control Panel Password Driver
+ *
+ * @version 1.0
+ * @author HestiaCP <info@hestiacp.com>
+ */
+class rcube_hestia_password {
+    function save($curpass, $passwd)
+    {
+        $rcmail = rcmail::get_instance();
+        $hestia_host = $rcmail->config->get('password_hestia_host');
+
+        if (empty($hestia_host))
+        {
+            $hestia_host = 'localhost';
+        }
+
+        $hestia_port = $rcmail->config->get('password_hestia_port');
+        if (empty($hestia_port))
+        {
+            $hestia_port = '8083';
+        }
+
+        $postvars = array(
+          'email' => $_SESSION['username'],
+          'password' => $curpass,
+          'new' => $passwd
+        );
+
+        $postdata = http_build_query($postvars);
+
+        $send  = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL;
+        $send .= 'Host: ' . $hestia_host . PHP_EOL;
+        $send .= 'User-Agent: PHP Script' . PHP_EOL;
+        $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL;
+        $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL;
+        $send .= 'Connection: close' . PHP_EOL;
+        $send .= PHP_EOL;
+        $send .= $postdata . PHP_EOL . PHP_EOL;
+
+        //$fp = fsockopen('ssl://' . $hestia_host, $hestia_port);
+        $errno = "";
+        $errstr = "";
+        $context = stream_context_create();
+
+        $result = stream_context_set_option($context, 'ssl', 'verify_peer', false);
+        $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false);
+        $result = stream_context_set_option($context, 'ssl', 'verify_host', false);
+        $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
+
+        $fp = stream_socket_client('ssl://' . $hestia_host . ':'.$hestia_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context);
+        fputs($fp, $send);
+        $result = fread($fp, 2048);
+        fclose($fp);
+
+        $fp = fopen("/tmp/roundcube.log", 'w');
+        fwrite($fp, "test ok");
+        fwrite($fp, "\n");
+        fclose($fp);
+
+
+        if(strpos($result, 'ok') && !strpos($result, 'error'))
+        {
+            return PASSWORD_SUCCESS;
+        }
+        else {
+            return PASSWORD_ERROR;
+        }
+
+    }
+}

install/rhel/roundcube/main.inc.php

@@ -0,0 +1,850 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | Main configuration file                                               |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+
+*/
+
+$rcmail_config = array();
+
+// ----------------------------------
+// LOGGING/DEBUGGING
+// ----------------------------------
+
+// system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace
+$rcmail_config['debug_level'] = 1;
+
+// log driver:  'syslog' or 'file'.
+$rcmail_config['log_driver'] = 'file';
+
+// date format for log entries
+// (read http://php.net/manual/en/function.date.php for all format characters)  
+$rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
+
+// Syslog ident string to use, if using the 'syslog' log driver.
+$rcmail_config['syslog_id'] = 'roundcube';
+
+// Syslog facility to use, if using the 'syslog' log driver.
+// For possible values see installer or http://php.net/manual/en/function.openlog.php
+$rcmail_config['syslog_facility'] = LOG_USER;
+
+// Log sent messages to <log_dir>/sendmail or to syslog
+$rcmail_config['smtp_log'] = true;
+
+// Log successful logins to <log_dir>/userlogins or to syslog
+$rcmail_config['log_logins'] = false;
+
+// Log session authentication errors to <log_dir>/session or to syslog
+$rcmail_config['log_session'] = false;
+
+// Log SQL queries to <log_dir>/sql or to syslog
+$rcmail_config['sql_debug'] = false;
+
+// Log IMAP conversation to <log_dir>/imap or to syslog
+$rcmail_config['imap_debug'] = false;
+
+// Log LDAP conversation to <log_dir>/ldap or to syslog
+$rcmail_config['ldap_debug'] = false;
+
+// Log SMTP conversation to <log_dir>/smtp or to syslog
+$rcmail_config['smtp_debug'] = false;
+
+// ----------------------------------
+// IMAP
+// ----------------------------------
+
+// the mail host chosen to perform the log-in
+// leave blank to show a textbox at login, give a list of hosts
+// to display a pulldown menu or set one host as string.
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// Supported replacement variables:
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %s - domain name after the '@' from e-mail address provided at login screen
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['default_host'] = 'tls://localhost';
+
+// TCP port used for IMAP connections
+$rcmail_config['default_port'] = 993;
+
+// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
+// best server supported one)
+$rcmail_config['imap_auth_type'] = null;
+
+// If you know your imap's folder delimiter, you can specify it here.
+// Otherwise it will be determined automatically
+$rcmail_config['imap_delimiter'] = null;
+
+// If IMAP server doesn't support NAMESPACE extension, but you're
+// using shared folders or personal root folder is non-empty, you'll need to
+// set these options. All can be strings or arrays of strings.
+// Folders need to be ended with directory separator, e.g. "INBOX."
+// (special directory "~" is an exception to this rule)
+// These can be used also to overwrite server's namespaces
+$rcmail_config['imap_ns_personal'] = null;
+$rcmail_config['imap_ns_other']    = null;
+$rcmail_config['imap_ns_shared']   = null;
+
+// By default IMAP capabilities are readed after connection to IMAP server
+// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list
+// after login. Set to True if you've got this case.
+$rcmail_config['imap_force_caps'] = false;
+
+// By default list of subscribed folders is determined using LIST-EXTENDED
+// extension if available. Some servers (dovecot 1.x) returns wrong results
+// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225
+// Enable this option to force LSUB command usage instead.
+$rcmail_config['imap_force_lsub'] = false;
+
+// Some server configurations (e.g. Courier) doesn't list folders in all namespaces
+// Enable this option to force listing of folders in all namespaces
+$rcmail_config['imap_force_ns'] = false;
+
+// IMAP connection timeout, in seconds. Default: 0 (no limit)
+$rcmail_config['imap_timeout'] = 0;
+
+// Optional IMAP authentication identifier to be used as authorization proxy
+$rcmail_config['imap_auth_cid'] = null;
+
+// Optional IMAP authentication password to be used for imap_auth_cid
+$rcmail_config['imap_auth_pw'] = null;
+
+// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'.
+$rcmail_config['imap_cache'] = null;
+
+// Enables messages cache. Only 'db' cache is supported.
+$rcmail_config['messages_cache'] = false;
+
+
+// ----------------------------------
+// SMTP
+// ----------------------------------
+
+// SMTP server host (for sending mails).
+// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
+// If left blank, the PHP mail() function is used
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['smtp_server'] = 'tls://localhost';
+
+// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
+// deprecated SSL over SMTP (aka SMTPS))
+$rcmail_config['smtp_port'] = 587;
+
+// SMTP username (if required) if you use %u as the username Roundcube
+// will use the current username for login
+$rcmail_config['smtp_user'] = '%u';
+
+// SMTP password (if required) if you use %p as the password Roundcube
+// will use the current user's password for login
+$rcmail_config['smtp_pass'] = '%p';
+
+// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
+// best server supported one)
+$rcmail_config['smtp_auth_type'] = '';
+
+// Optional SMTP authentication identifier to be used as authorization proxy
+$rcmail_config['smtp_auth_cid'] = null;
+
+// Optional SMTP authentication password to be used for smtp_auth_cid
+$rcmail_config['smtp_auth_pw'] = null;
+
+// SMTP HELO host 
+// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages 
+// Leave this blank and you will get the server variable 'server_name' or 
+// localhost if that isn't defined. 
+$rcmail_config['smtp_helo_host'] = '';
+
+// SMTP connection timeout, in seconds. Default: 0 (no limit)
+$rcmail_config['smtp_timeout'] = 0;
+
+// ----------------------------------
+// SYSTEM
+// ----------------------------------
+include_once("/etc/roundcube/db.inc.php");
+
+
+// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA.
+// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING!
+$rcmail_config['enable_installer'] = false;
+
+// provide an URL where a user can get support for this Roundcube installation
+// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
+$rcmail_config['support_url'] = '';
+
+// replace Roundcube logo with this image
+// specify an URL relative to the document root of this Roundcube installation
+$rcmail_config['skin_logo'] = null;
+
+// automatically create a new Roundcube user when log-in the first time.
+// a new user will be created once the IMAP login succeeds.
+// set to false if only registered users can use this service
+$rcmail_config['auto_create_user'] = true;
+
+// use this folder to store log files (must be writeable for apache user)
+// This is used by the 'file' log driver.
+$rcmail_config['log_dir'] = '/var/log/roundcube/';
+
+// use this folder to store temp files (must be writeable for apache user)
+$rcmail_config['temp_dir'] = '/tmp';
+
+// lifetime of message cache
+// possible units: s, m, h, d, w
+$rcmail_config['message_cache_lifetime'] = '1d';
+
+// enforce connections over https
+// with this option enabled, all non-secure connections will be redirected.
+// set the port for the ssl connection as value of this option if it differs from the default 443
+$rcmail_config['force_https'] = false;
+
+// tell PHP that it should work as under secure connection
+// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
+// e.g. when you're running Roundcube behind a https proxy
+// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
+$rcmail_config['use_https'] = false;
+
+// Allow browser-autocompletion on login form.
+// 0 - disabled, 1 - username and host only, 2 - username, host, password
+$rcmail_config['login_autocomplete'] = 1;
+
+// Forces conversion of logins to lower case.
+// 0 - disabled, 1 - only domain part, 2 - domain and local part.
+// If users authentication is not case-sensitive this must be enabled.
+// After enabling it all user records need to be updated, e.g. with query:
+// UPDATE users SET username = LOWER(username);
+$rcmail_config['login_lc'] = 2;
+
+// Includes should be interpreted as PHP files
+$rcmail_config['skin_include_php'] = false;
+
+// display software version on login screen
+$rcmail_config['display_version'] = false;
+
+// Session lifetime in minutes
+// must be greater than 'keep_alive'/60
+$rcmail_config['session_lifetime'] = 10;
+
+// session domain: .example.org
+$rcmail_config['session_domain'] = '';
+
+// session name. Default: 'roundcube_sessid'
+$rcmail_config['session_name'] = null;
+
+// Backend to use for session storage. Can either be 'db' (default) or 'memcache'
+// If set to memcache, a list of servers need to be specified in 'memcache_hosts'
+// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed
+$rcmail_config['session_storage'] = 'db';
+
+// Use these hosts for accessing memcached
+// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file
+$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' );
+
+// check client IP in session athorization
+$rcmail_config['ip_check'] = false;
+
+// check referer of incoming requests
+$rcmail_config['referer_check'] = false;
+
+// X-Frame-Options HTTP header value sent to prevent from Clickjacking.
+// Possible values: sameorigin|deny. Set to false in order to disable sending them
+$rcmail_config['x_frame_options'] = 'sameorigin';
+
+// this key is used to encrypt the users imap password which is stored
+// in the session record (and the client cookie if remember password is enabled).
+// please provide a string of exactly 24 chars.
+$rcmail_config['des_key'] = '%des_key%';
+
+// Automatically add this domain to user names for login
+// Only for IMAP servers that require full e-mail addresses for login
+// Specify an array with 'host' => 'domain' values to support multiple hosts
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['username_domain'] = '';
+
+// This domain will be used to form e-mail addresses of new users
+// Specify an array with 'host' => 'domain' values to support multiple hosts
+// Supported replacement variables:
+// %h - user's IMAP hostname
+// %n - http hostname ($_SERVER['SERVER_NAME'])
+// %d - domain (http hostname without the first part)
+// %z - IMAP domain (IMAP hostname without the first part)
+// For example %n = mail.domain.tld, %d = domain.tld
+$rcmail_config['mail_domain'] = '';
+
+// Password charset.
+// Use it if your authentication backend doesn't support UTF-8.
+// Defaults to ISO-8859-1 for backward compatibility
+$rcmail_config['password_charset'] = 'ISO-8859-1';
+
+// How many seconds must pass between emails sent by a user
+$rcmail_config['sendmail_delay'] = 0;
+
+// Maximum number of recipients per message. Default: 0 (no limit)
+$rcmail_config['max_recipients'] = 100;
+
+// Maximum allowednumber of members of an address group. Default: 0 (no limit)
+// If 'max_recipients' is set this value should be less or equal
+$rcmail_config['max_group_members'] = 100;
+
+// add this user-agent to message headers when sending
+$rcmail_config['useragent'] = 'Roundcube Webmail';
+
+// use this name to compose page titles
+$rcmail_config['product_name'] = 'Roundcube Webmail';
+
+// try to load host-specific configuration
+// see http://trac.roundcube.net/wiki/Howto_Config for more details
+$rcmail_config['include_host_config'] = false;
+
+// path to a text file which will be added to each sent message
+// paths are relative to the Roundcube root folder
+$rcmail_config['generic_message_footer'] = '';
+
+// path to a text file which will be added to each sent HTML message
+// paths are relative to the Roundcube root folder
+$rcmail_config['generic_message_footer_html'] = '';
+
+// add a received header to outgoing mails containing the creators IP and hostname
+$rcmail_config['http_received_header'] = false;
+
+// Whether or not to encrypt the IP address and the host name
+// these could, in some circles, be considered as sensitive information;
+// however, for the administrator, these could be invaluable help
+// when tracking down issues.
+$rcmail_config['http_received_header_encrypt'] = false;
+
+// This string is used as a delimiter for message headers when sending
+// a message via mail() function. Leave empty for auto-detection
+$rcmail_config['mail_header_delimiter'] = NULL;
+
+// number of chars allowed for line when wrapping text.
+// text wrapping is done when composing/sending messages
+$rcmail_config['line_length'] = 72;
+
+// send plaintext messages as format=flowed
+$rcmail_config['send_format_flowed'] = true;
+
+// don't allow these settings to be overriden by the user
+$rcmail_config['dont_override'] = array();
+
+// Set identities access level:
+// 0 - many identities with possibility to edit all params
+// 1 - many identities with possibility to edit all params but not email address
+// 2 - one identity with possibility to edit all params
+// 3 - one identity with possibility to edit all params but not email address
+$rcmail_config['identities_level'] = 0;
+
+// Mimetypes supported by the browser.
+// attachments of these types will open in a preview window
+// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf'
+$rcmail_config['client_mimetypes'] = null;  # null == default
+
+// mime magic database
+$rcmail_config['mime_magic'] = null;
+
+// path to imagemagick identify binary
+$rcmail_config['im_identify_path'] = null;
+
+// path to imagemagick convert binary
+$rcmail_config['im_convert_path'] = null;
+
+// maximum size of uploaded contact photos in pixel
+$rcmail_config['contact_photo_size'] = 160;
+
+// Enable DNS checking for e-mail address validation
+$rcmail_config['email_dns_check'] = false;
+
+// ----------------------------------
+// PLUGINS
+// ----------------------------------
+
+// List of active plugins (in plugins/ directory)
+$rcmail_config['plugins'] = array('password');
+
+// ----------------------------------
+// USER INTERFACE
+// ----------------------------------
+
+// default messages sort column. Use empty value for default server's sorting, 
+// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc'
+$rcmail_config['message_sort_col'] = '';
+
+// default messages sort order
+$rcmail_config['message_sort_order'] = 'DESC';
+
+// These cols are shown in the message list. Available cols are:
+// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority'
+$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment');
+
+// the default locale setting (leave empty for auto-detection)
+// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
+$rcmail_config['language'] = null;
+
+// use this format for date display (date or strftime format)
+$rcmail_config['date_format'] = 'Y-m-d';
+
+// give this choice of date formats to the user to select from
+$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y');
+
+// use this format for time display (date or strftime format)
+$rcmail_config['time_format'] = 'H:i';
+
+// give this choice of time formats to the user to select from
+$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A');
+
+// use this format for short date display (derived from date_format and time_format)
+$rcmail_config['date_short'] = 'D H:i';
+
+// use this format for detailed date/time formatting (derived from date_format and time_format)
+$rcmail_config['date_long'] = 'Y-m-d H:i';
+
+// store draft message is this mailbox
+// leave blank if draft messages should not be stored
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['drafts_mbox'] = 'Drafts';
+
+// store spam messages in this mailbox
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['junk_mbox'] = 'Spam';
+
+// store sent message is this mailbox
+// leave blank if sent messages should not be stored
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['sent_mbox'] = 'Sent';
+
+// move messages to this folder when deleting them
+// leave blank if they should be deleted directly
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['trash_mbox'] = 'Trash';
+
+// display these folders separately in the mailbox list.
+// these folders will also be displayed with localized names
+// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
+$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash');
+$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash');
+
+// automatically create the above listed default folders on first login
+$rcmail_config['create_default_folders'] = true;
+
+// protect the default folders from renames, deletes, and subscription changes
+$rcmail_config['protect_default_folders'] = true;
+
+// if in your system 0 quota means no limit set this option to true 
+$rcmail_config['quota_zero_as_unlimited'] = true;
+
+// Make use of the built-in spell checker. It is based on GoogieSpell.
+// Since Google only accepts connections over https your PHP installatation
+// requires to be compiled with Open SSL support
+$rcmail_config['enable_spellcheck'] = true;
+
+// Enables spellchecker exceptions dictionary.
+// Setting it to 'shared' will make the dictionary shared by all users.
+$rcmail_config['spellcheck_dictionary'] = false;
+
+// Set the spell checking engine. 'googie' is the default. 'pspell' is also available,
+// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here.
+$rcmail_config['spellcheck_engine'] = 'googie';
+
+// For a locally installed Nox Spell Server, please specify the URI to call it.
+// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72
+// Leave empty to use the Google spell checking service, what means
+// that the message content will be sent to Google in order to check spelling
+$rcmail_config['spellcheck_uri'] = '';
+
+// These languages can be selected for spell checking.
+// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch');
+// Leave empty for default set of available language.
+$rcmail_config['spellcheck_languages'] = NULL;
+
+// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE)
+$rcmail_config['spellcheck_ignore_caps'] = false;
+
+// Makes that words with numbers will be ignored (e.g. g00gle)
+$rcmail_config['spellcheck_ignore_nums'] = false;
+
+// Makes that words with symbols will be ignored (e.g. g@@gle)
+$rcmail_config['spellcheck_ignore_syms'] = false;
+
+// Use this char/string to separate recipients when composing a new message
+$rcmail_config['recipients_separator'] = ',';
+
+// don't let users set pagesize to more than this value if set
+$rcmail_config['max_pagesize'] = 200;
+
+// Minimal value of user's 'keep_alive' setting (in seconds)
+// Must be less than 'session_lifetime'
+$rcmail_config['min_keep_alive'] = 60;
+
+// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option.
+// By default refresh time is set to 1 second. You can set this value to true
+// or any integer value indicating number of seconds.
+$rcmail_config['upload_progress'] = false;
+
+// Specifies for how many seconds the Undo button will be available
+// after object delete action. Currently used with supporting address book sources.
+// Setting it to 0, disables the feature.
+$rcmail_config['undo_timeout'] = 10;
+
+// ----------------------------------
+// ADDRESSBOOK SETTINGS
+// ----------------------------------
+
+// This indicates which type of address book to use. Possible choises:
+// 'sql' (default) and 'ldap'.
+// If set to 'ldap' then it will look at using the first writable LDAP
+// address book as the primary address book and it will not display the
+// SQL address book in the 'Address Book' view.
+$rcmail_config['address_book_type'] = 'sql';
+
+// In order to enable public ldap search, configure an array like the Verisign
+// example further below. if you would like to test, simply uncomment the example.
+// Array key must contain only safe characters, ie. a-zA-Z0-9_
+$rcmail_config['ldap_public'] = array();
+
+// If you are going to use LDAP for individual address books, you will need to 
+// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it.
+//
+// The recommended directory structure for LDAP is to store all the address book entries
+// under the users main entry, e.g.:
+//
+//  o=root
+//   ou=people
+//    uid=user@domain
+//  mail=contact@contactdomain
+//
+// So the base_dn would be uid=%fu,ou=people,o=root
+// The bind_dn would be the same as based_dn or some super user login.
+/* 
+ * example config for Verisign directory
+ *
+$rcmail_config['ldap_public']['Verisign'] = array(
+  'name'          => 'Verisign.com',
+  // Replacement variables supported in host names:
+  // %h - user's IMAP hostname
+  // %n - http hostname ($_SERVER['SERVER_NAME'])
+  // %d - domain (http hostname without the first part)
+  // %z - IMAP domain (IMAP hostname without the first part)
+  // For example %n = mail.domain.tld, %d = domain.tld
+  'hosts'         => array('directory.verisign.com'),
+  'port'          => 389,
+  'use_tls'	      => false,
+  'ldap_version'  => 3,       // using LDAPv3
+  'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
+  // %fu - The full username provided, assumes the username is an email
+  //       address, uses the username_domain value if not an email address.
+  // %u  - The username prior to the '@'.
+  // %d  - The domain name after the '@'.
+  // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
+  // %dn - DN found by ldap search when search_filter/search_base_dn are used
+  'base_dn'       => '',
+  'bind_dn'       => '',
+  'bind_pass'     => '',
+  // It's possible to bind for an individual address book
+  // The login name is used to search for the DN to bind with
+  'search_base_dn' => '',
+  'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
+  // DN and password to bind as before searching for bind DN, if anonymous search is not allowed
+  'search_bind_dn' => '',
+  'search_bind_pw' => '',
+  // Default for %dn variable if search doesn't return DN value
+  'search_dn_default' => '',
+  // Optional authentication identifier to be used as SASL authorization proxy
+  // bind_dn need to be empty
+  'auth_cid'       => '',
+  // SASL authentication method (for proxy auth), e.g. DIGEST-MD5
+  'auth_method'    => '',
+  // Indicates if the addressbook shall be hidden from the list.
+  // With this option enabled you can still search/view contacts.
+  'hidden'        => false,
+  // Indicates if the addressbook shall not list contacts but only allows searching.
+  'searchonly'    => false,
+  // Indicates if we can write to the LDAP directory or not.
+  // If writable is true then these fields need to be populated:
+  // LDAP_Object_Classes, required_fields, LDAP_rdn
+  'writable'       => false,
+  // To create a new contact these are the object classes to specify
+  // (or any other classes you wish to use).
+  'LDAP_Object_Classes' => array('top', 'inetOrgPerson'),
+  // The RDN field that is used for new entries, this field needs
+  // to be one of the search_fields, the base of base_dn is appended
+  // to the RDN to insert into the LDAP directory.
+  'LDAP_rdn'       => 'cn',
+  // The required fields needed to build a new contact as required by
+  // the object classes (can include additional fields not required by the object classes).
+  'required_fields' => array('cn', 'sn', 'mail'),
+  'search_fields'   => array('mail', 'cn'),  // fields to search in
+  // mapping of contact fields to directory attributes
+  //   for every attribute one can specify the number of values (limit) allowed.
+  //   default is 1, a wildcard * means unlimited
+  'fieldmap' => array(
+    // Roundcube  => LDAP:limit
+    'name'        => 'cn',
+    'surname'     => 'sn',
+    'firstname'   => 'givenName',
+    'title'       => 'title',
+    'email'       => 'mail:*',
+    'phone:home'  => 'homePhone',
+    'phone:work'  => 'telephoneNumber',
+    'phone:mobile' => 'mobile',
+    'phone:pager' => 'pager',
+    'street'      => 'street',
+    'zipcode'     => 'postalCode',
+    'region'      => 'st',
+    'locality'    => 'l',
+// if you uncomment country, you need to modify 'sub_fields' above
+//    'country'     => 'c',
+    'department'  => 'departmentNumber',
+    'notes'       => 'description',
+// these currently don't work:
+//    'phone:workfax' => 'facsimileTelephoneNumber',
+//    'photo'        => 'jpegPhoto',
+//    'organization' => 'o',
+//    'manager'      => 'manager',
+//    'assistant'    => 'secretary',
+  ),
+  // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country'
+  'sub_fields' => array(),
+  'sort'          => 'cn',    // The field to sort the listing by.
+  'scope'         => 'sub',   // search mode: sub|base|list
+  'filter'        => '(objectClass=inetOrgPerson)',      // used for basic listing (if not empty) and will be &'d with search queries. example: status=act
+  'fuzzy_search'  => true,    // server allows wildcard search
+  'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
+  'numsub_filter' => '(objectClass=organizationalUnit)',   // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting
+  'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
+  'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
+  'referrals'     => true|false,  // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups
+
+  // definition for contact groups (uncomment if no groups are supported)
+  // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above)
+  // if the groups base_dn is empty, the contact base_dn is used for the groups as well
+  // -> in this case, assure that groups and contacts are separated due to the concernig filters! 
+  'groups'        => array(
+    'base_dn'     => '',
+    'scope'       => 'sub',   // search mode: sub|base|list
+    'filter'      => '(objectClass=groupOfNames)',
+    'object_classes' => array("top", "groupOfNames"),
+    'member_attr'  => 'member',   // name of the member attribute, e.g. uniqueMember
+    'name_attr'    => 'cn',       // attribute to be used as group name
+  ),
+);
+*/
+
+// An ordered array of the ids of the addressbooks that should be searched
+// when populating address autocomplete fields server-side. ex: array('sql','Verisign');
+$rcmail_config['autocomplete_addressbooks'] = array('sql');
+
+// The minimum number of characters required to be typed in an autocomplete field
+// before address books will be searched. Most useful for LDAP directories that
+// may need to do lengthy results building given overly-broad searches
+$rcmail_config['autocomplete_min_length'] = 1;
+
+// Number of parallel autocomplete requests.
+// If there's more than one address book, n parallel (async) requests will be created,
+// where each request will search in one address book. By default (0), all address
+// books are searched in one request.
+$rcmail_config['autocomplete_threads'] = 0;
+
+// Max. numer of entries in autocomplete popup. Default: 15.
+$rcmail_config['autocomplete_max'] = 15;
+
+// show address fields in this order
+// available placeholders: {street}, {locality}, {zipcode}, {country}, {region}
+$rcmail_config['address_template'] = '{street}<br/>{locality} {zipcode}<br/>{country} {region}';
+
+// Matching mode for addressbook search (including autocompletion)
+// 0 - partial (*abc*), default
+// 1 - strict (abc)
+// 2 - prefix (abc*)
+// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode
+$rcmail_config['addressbook_search_mode'] = 0;
+
+// ----------------------------------
+// USER PREFERENCES
+// ----------------------------------
+
+// Use this charset as fallback for message decoding
+//$rcmail_config['default_charset'] = 'ISO-8859-1';
+$rcmail_config['default_charset'] = 'UTF-8';
+
+// skin name: folder from skins/
+$rcmail_config['skin'] = 'larry';
+
+// show up to X items in messages list view
+$rcmail_config['mail_pagesize'] = 200;
+
+// show up to X items in contacts list view
+$rcmail_config['addressbook_pagesize'] = 200;
+
+// sort contacts by this col (preferably either one of name, firstname, surname)
+$rcmail_config['addressbook_sort_col'] = 'surname';
+
+// the way how contact names are displayed in the list
+// 0: display name
+// 1: (prefix) firstname middlename surname (suffix)
+// 2: (prefix) surname firstname middlename (suffix)
+// 3: (prefix) surname, firstname middlename (suffix)
+$rcmail_config['addressbook_name_listing'] = 0;
+
+// use this timezone to display date/time
+// valid timezone identifers are listed here: php.net/manual/en/timezones.php
+// 'auto' will use the browser's timezone settings
+$rcmail_config['timezone'] = 'auto';
+
+// prefer displaying HTML messages
+$rcmail_config['prefer_html'] = true;
+
+// display remote inline images
+// 0 - Never, always ask
+// 1 - Ask if sender is not in address book
+// 2 - Always show inline images
+$rcmail_config['show_images'] = 0;
+
+// compose html formatted messages by default
+// 0 - never, 1 - always, 2 - on reply to HTML message only 
+$rcmail_config['htmleditor'] = 0;
+
+// show pretty dates as standard
+$rcmail_config['prettydate'] = true;
+
+// save compose message every 30 seconds
+$rcmail_config['draft_autosave'] = 30;
+
+// default setting if preview pane is enabled
+$rcmail_config['preview_pane'] = false;
+
+// Mark as read when viewed in preview pane (delay in seconds)
+// Set to -1 if messages in preview pane should not be marked as read
+$rcmail_config['preview_pane_mark_read'] = 0;
+
+// Clear Trash on logout
+$rcmail_config['logout_purge'] = false;
+
+// Compact INBOX on logout
+$rcmail_config['logout_expunge'] = true;
+
+// Display attached images below the message body 
+$rcmail_config['inline_images'] = true;
+
+// Encoding of long/non-ascii attachment names:
+// 0 - Full RFC 2231 compatible
+// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default)
+// 2 - Full 2047 compatible
+$rcmail_config['mime_param_folding'] = 1;
+
+// Set true if deleted messages should not be displayed
+// This will make the application run slower
+$rcmail_config['skip_deleted'] = false;
+
+// Set true to Mark deleted messages as read as well as deleted
+// False means that a message's read status is not affected by marking it as deleted
+$rcmail_config['read_when_deleted'] = true;
+
+// Set to true to never delete messages immediately
+// Use 'Purge' to remove messages marked as deleted
+$rcmail_config['flag_for_deletion'] = false;
+
+// Default interval for keep-alive/check-recent requests (in seconds)
+// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime'
+$rcmail_config['keep_alive'] = 60;
+
+// If true all folders will be checked for recent messages
+$rcmail_config['check_all_folders'] = true;
+
+// If true, after message delete/move, the next message will be displayed
+$rcmail_config['display_next'] = false;
+
+// 0 - Do not expand threads 
+// 1 - Expand all threads automatically 
+// 2 - Expand only threads with unread messages 
+$rcmail_config['autoexpand_threads'] = 0;
+
+// When replying place cursor above original message (top posting)
+$rcmail_config['top_posting'] = true;
+
+// When replying strip original signature from message
+$rcmail_config['strip_existing_sig'] = true;
+
+// Show signature:
+// 0 - Never
+// 1 - Always
+// 2 - New messages only
+// 3 - Forwards and Replies only
+$rcmail_config['show_sig'] = 1;
+
+// When replying or forwarding place sender's signature above existing message
+$rcmail_config['sig_above'] = false;
+
+// Use MIME encoding (quoted-printable) for 8bit characters in message body
+$rcmail_config['force_7bit'] = false;
+
+// Defaults of the search field configuration.
+// The array can contain a per-folder list of header fields which should be considered when searching
+// The entry with key '*' stands for all folders which do not have a specific list set.
+// Please note that folder names should to be in sync with $rcmail_config['default_folders']
+$rcmail_config['search_mods'] = null;  // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1));
+
+// Defaults of the addressbook search field configuration.
+$rcmail_config['addressbook_search_mods'] = null;  // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1);
+
+// 'Delete always'
+// This setting reflects if mail should be always deleted
+// when moving to Trash fails. This is necessary in some setups
+// when user is over quota and Trash is included in the quota.
+$rcmail_config['delete_always'] = true;
+
+// Directly delete messages in Junk instead of moving to Trash
+$rcmail_config['delete_junk'] = true;
+
+// Behavior if a received message requests a message delivery notification (read receipt)
+// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask)
+// 3 = send automatically if sender is in addressbook, otherwise ask the user
+// 4 = send automatically if sender is in addressbook, otherwise ignore
+$rcmail_config['mdn_requests'] = 0;
+
+// Return receipt checkbox default state
+$rcmail_config['mdn_default'] = 0;
+
+// Delivery Status Notification checkbox default state
+$rcmail_config['dsn_default'] = 0;
+
+// Place replies in the folder of the message being replied to
+$rcmail_config['reply_same_folder'] = false;
+
+// Sets default mode of Forward feature to "forward as attachment"
+$rcmail_config['forward_attachment'] = false;
+
+// Defines address book (internal index) to which new contacts will be added
+// By default it is the first writeable addressbook.
+// Note: Use '0' for built-in address book.
+$rcmail_config['default_addressbook'] = null;
+
+// Enables spell checking before sending a message.
+$rcmail_config['spellcheck_before_send'] = false;
+
+// Skip alternative email addresses in autocompletion (show one address per contact)
+$rcmail_config['autocomplete_single'] = false;
+
+// Default font for composed HTML message.
+// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New,
+// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana
+$rcmail_config['default_font'] = '';
+
+// end of config file

install/rhel/roundcube/plugins/config_newmail_notifier.inc.php

@@ -0,0 +1,15 @@
+<?php
+
+// Enables basic notification
+$config['newmail_notifier_basic'] = true;
+
+// Enables sound notification
+$config['newmail_notifier_sound'] = false;
+
+// Enables desktop notification
+$config['newmail_notifier_desktop'] = false;
+
+// Desktop notification close timeout in seconds
+$config['newmail_notifier_desktop_timeout'] = 5;
+
+?>

install/rhel/roundcube/plugins/config_zipdownload.inc.php

@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * ZipDownload configuration file
+ */
+
+// Zip attachments
+// Only show the link when there are more than this many attachments
+// -1 to prevent downloading of attachments as zip
+$config['zipdownload_attachments'] = 1;
+
+// Zip selection of mail messages
+// This option enables downloading of multiple messages as one zip archive.
+// The number or string value specifies maximum total size of all messages
+// in the archive (not the size of the archive itself).
+$config['zipdownload_selection'] = '100MB';
+
+// Charset to use for filenames inside the zip
+$config['zipdownload_charset'] = 'ISO-8859-1';
+
+?>

install/rhel/rpm_signing.key

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD
+G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x
+QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf
+fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2
+oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY
+2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g
+PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ
+CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb
+VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN
+QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh
+IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6
+Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3
+WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN
+BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz
+QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95
+k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC
+YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt
+i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS
+ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA
+CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR
++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8
+XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC
+CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN
+qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq
+ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ==
+=J2HJ
+-----END PGP PUBLIC KEY BLOCK-----

install/rhel/ssl/dhparam.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA7N3ZOcXgACR0Rat9G/7h8krD7ysVvmEmvAdg8o5l7eKVdtp/QSNK
+anF0JyInJMBEgq05GY7YwvFovglJL73T/eEjTK3qPU6eHzxNGKfR0pM6rnAb+EXL
+dSNJm3Xz9wH4IKn6OJ3nD9aLmBVI5FlIMV1R4QKX3sIWUxRqRSQIzjNQTnY1e/Pk
+BT/ZrUUF7fPPVbg0nPD8Y48ISr7pB6M14Kr66cggGIqUVdBdkPYyt4RpFWR1n3Tv
+rz1j0U+UoVnan2FgGsSiSFT9I/CiIxgC/SrdwxZLUgbAiKsnw9H7nGW92C4cRqY0
+2eKMVNEBk32GSPQXaA+Q5TILyzxuwDbXMxHMxnUVKQGFEcXjWXXyiv7tLAeu68Do
+j5iNFOHbDp17SftnxYHi2vTsYk+9K6Pzc+NmUgibM52Rs92PPYd++HcgMeGrYcqi
+temHP2jPtAymixch0wdqBMgeGTb29w51LR0BAU6D6BeR25pkZvPUag3bb6SU1Oli
+E15DDWh3UnmfTw2M9W1uxlzQAlXOLL6/ZWuvwyqhCY6X7tIONtSgdYGjtiTFaPJp
+ZBdOOrblodLxSu0ObR59SFjv8Pz3sTw4xiRFTG3lFtuIVHdBUbtJHR+2p4fHy/JG
+Ccs+Z1KrmJfEzSMzKwfvZYJ526demNulglFBbcQV06ehqjc6MCG3HnMCAQI=
+-----END DH PARAMETERS-----

install/rhel/sudo/admin

@@ -0,0 +1,10 @@
+# Created by hestia installer
+Defaults env_keep="VESTA"
+Defaults env_keep+="HESTIA"
+Defaults:admin !syslog
+Defaults:admin !requiretty
+Defaults:root !requiretty
+
+# sudo is limited to hestia scripts
+admin   ALL=NOPASSWD:/usr/local/vesta/bin/*
+admin   ALL=NOPASSWD:/usr/local/hestia/bin/*

install/rhel/templates/dns/child-ns.tpl

@@ -0,0 +1,15 @@
+ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='webmail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='13' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% -all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=quarantine; pct=100"' SUSPENDED='no' TIME='%time%' DATE='%date%'