Allow users to create own document error / skeleton and do not overwrite them with updating (#3622)

* Allow Skeleton not being synced

Allow users to create default templates for new clients

* Rename POLICY_SYNC_ERROR to POLICY_SYNC_ERROR_DOCUMENTS

* Fix error in regex

* Fix broken check

* Check if changes work

* Add missing grep

* Limit grep to 1

* fix shell check error

* fix issue when update runs more then once

* Set to true instead of yes

bin/v-update-web-templates

@@ -45,10 +45,13 @@ fi
 for webtpl_folder in $(ls $HESTIA_INSTALL_DIR/templates/web/* -d 2> /dev/null | egrep -v '/(nginx)$'); do
 	cp -rf "${webtpl_folder}" "${WEBTPL}/"
 done
+
 # Skeleton, Unassinged and Suspended
-for webtpl_folder in $(ls $HESTIA_COMMON_DIR/templates/web/* -d 2> /dev/null); do
-	cp -rf "${webtpl_folder}" "${WEBTPL}/"
-done
+if [ "$POLICY_SYNC_SKELETON" != "no" ]; then
+	for webtpl_folder in $(ls $HESTIA_COMMON_DIR/templates/web/* -d 2> /dev/null); do
+		cp -rf "${webtpl_folder}" "${WEBTPL}/"
+	done
+fi
 
 versions_list=$(ls -d /etc/php/*)
 for php_ver in $versions_list; do

func/rebuild.sh

@@ -248,7 +248,9 @@ rebuild_web_domain_conf() {
 
 	# Rebuilding domain directories
 	if [ -d "$HOMEDIR/$user/web/$domain/document_errors" ]; then
-		$BIN/v-delete-fs-directory "$user" "$HOMEDIR/$user/web/$domain/document_errors"
+		if [ "$POLICY_SYNC_ERROR_DOCUMENTS" != "no" ]; then
+			$BIN/v-delete-fs-directory "$user" "$HOMEDIR/$user/web/$domain/document_errors"
+		fi
 	fi
 
 	if [ ! -d $HOMEDIR/$user/web/$domain ]; then
@@ -256,7 +258,13 @@ rebuild_web_domain_conf() {
 	fi
 	chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain
 	$BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/public_html"
-	$BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/document_errors"
+	if [ ! -d "$HOMEDIR/$user/web/$domain/document_errors" ]; then
+		$BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/document_errors"
+		# Propagating html skeleton
+		if [ -d "$WEBTPL/skel/document_errors/" ]; then
+			user_exec cp -r "$WEBTPL/skel/document_errors/" "$HOMEDIR/$user/web/$domain/"
+		fi
+	fi
 	$BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/cgi-bin"
 	$BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/private"
 	$BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/stats"
@@ -277,11 +285,6 @@ rebuild_web_domain_conf() {
 	ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.error.log .
 	cd /
 
-	# Propagating html skeleton
-	if [ -d "$WEBTPL/skel/document_errors/" ]; then
-		user_exec cp -r "$WEBTPL/skel/document_errors/" "$HOMEDIR/$user/web/$domain/"
-	fi
-
 	# Set ownership
 	chown --no-dereference $user:$user \
 		$HOMEDIR/$user/web/$domain \

func/syshealth.sh

@@ -512,6 +512,16 @@ function syshealth_repair_system_config() {
 		$BIN/v-change-sys-config-value "HIDE_DOCS" "no"
 	fi
 
+	if [[ -z $(check_key_exists 'POLICY_SYNC_ERROR_DOCUMENTS') ]]; then
+		echo "[ ! ] Adding missing variable to hestia.conf: POLICY_SYNC_ERROR_DOCUMENTS ('yes')"
+		$BIN/v-change-sys-config-value "HIDE_DOCS" "no"
+	fi
+
+	if [[ -z $(check_key_exists 'POLICY_SYNC_SKELETON') ]]; then
+		echo "[ ! ] Adding missing variable to hestia.conf: POLICY_SYNC_SKELETON ('yes')"
+		$BIN/v-change-sys-config-value "HIDE_DOCS" "no"
+	fi
+
 	touch $HESTIA/conf/hestia.conf.new
 	while IFS='= ' read -r lhs rhs; do
 		if [[ ! $lhs =~ ^\ *# && -n $lhs ]]; then

install/upgrade/versions/1.8.0.sh

@@ -17,10 +17,10 @@
 ####### You can use \n within the string to create new lines.                   #######
 #######################################################################################
 
-upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'false'
+upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
 upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'false'
 upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'false'
-upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'false'
+upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
 upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'false'
 
 if [ "$IMAP_SYSTEM" = "dovecot" ]; then
@@ -37,15 +37,15 @@ fi
 
 if [ -f /etc/fail2ban/jail.local ]; then
 	# Add phpmyadmin rule
-	if ! -qw "^[phpmyadmin-auth]$" /etc/fail2ban/jail.local 2> /dev/null; then
+	if ! grep -qw "^[phpmyadmin-auth]$" /etc/fail2ban/jail.local 2> /dev/null; then
 		sed -i '/\[recidive\]/i [phpmyadmin-auth]\nenabled  = true\nfilter   = phpmyadmin-syslog\naction   = hestia[name=WEB]\nlogpath  = /var/log/auth.log\nmaxretry = 5\n' /etc/fail2ban/jail.local
 	fi
 fi
 
 if [ "$MAIL_SYSTEM" = "exim4" ]; then
 	echo "[ * ] Disable SMTPUTF8 for Exim for now"
-	if grep -qw "^smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template 2> /dev/null; then
-		sed -i "/^domainlist local_domains = dsearch;\/etc\/exim4\/domains\/i smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template
+	if ! grep -qw "^smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template 2> /dev/null; then
+		sed -i "/^domainlist local_domains = dsearch;\/etc\/exim4\/domains/i smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template
 	fi
 fi
 
@@ -56,30 +56,32 @@ echo '[ * ] Enable the "Enhanced and Optimized TLS" feature...'
 os_release="$(lsb_release -s -i | tr "[:upper:]" "[:lower:]")-$(lsb_release -s -r)"
 tls13_ciphers="TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
 
-if [ "$os_release" = "debian-10" ] || [ "$os_release" = "debian-11" ]; then
-	sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
-elif [ "$os_release" = "debian-12" ]; then
-	if ! grep -qw "^ssl_conf = ssl_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
-		sed -i '/providers = provider_sect$/a ssl_conf = ssl_sect' /etc/ssl/openssl.cnf
-	fi
-
-	if ! grep -qw "^[ssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then
-		sed -i '$a \\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
-	elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
+if ! grep -qw "^[hestia_openssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then
+	if [ "$os_release" = "debian-10" ] || [ "$os_release" = "debian-11" ]; then
 		sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
-	fi
-elif [ "$os_release" = "ubuntu-20.04" ]; then
-	if ! grep -qw "^openssl_conf = default_conf$" /etc/ssl/openssl.cnf 2> /dev/null; then
-		sed -i '/^oid_section		= new_oids$/a \\n# System default\nopenssl_conf = default_conf' /etc/ssl/openssl.cnf
-	fi
+	elif [ "$os_release" = "debian-12" ]; then
+		if ! grep -qw "^ssl_conf = ssl_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
+			sed -i '/providers = provider_sect$/a ssl_conf = ssl_sect' /etc/ssl/openssl.cnf
+		fi
 
-	if ! grep -qw "^[default_conf]$" /etc/ssl/openssl.cnf 2> /dev/null; then
-		sed -i '$a [default_conf]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
-	elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
+		if ! grep -qw "^[ssl_sect]$" /etc/ssl/openssl.cnf 2> /dev/null; then
+			sed -i '$a \\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
+		elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
+			sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
+		fi
+	elif [ "$os_release" = "ubuntu-20.04" ]; then
+		if ! grep -qw "^openssl_conf = default_conf$" /etc/ssl/openssl.cnf 2> /dev/null; then
+			sed -i '/^oid_section		= new_oids$/a \\n# System default\nopenssl_conf = default_conf' /etc/ssl/openssl.cnf
+		fi
+
+		if ! grep -qw "^[default_conf]$" /etc/ssl/openssl.cnf 2> /dev/null; then
+			sed -i '$a [default_conf]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
+		elif grep -qw "^system_default = system_default_sect$" /etc/ssl/openssl.cnf 2> /dev/null; then
+			sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
+		fi
+	elif [ "$os_release" = "ubuntu-22.04" ]; then
 		sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
 	fi
-elif [ "$os_release" = "ubuntu-22.04" ]; then
-	sed -i '/^system_default = system_default_sect$/a system_default = hestia_openssl_sect\n\n[hestia_openssl_sect]\nCiphersuites = '"$tls13_ciphers"'\nOptions = PrioritizeChaCha' /etc/ssl/openssl.cnf
 fi
 
 # Update server configuration files
@@ -150,7 +152,8 @@ if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
 			echo -e "[ ! ] Manual action required, please view:\n[ - ] $HESTIA_BACKUP/message.log"
 			add_upgrade_message "Manual Action Required [IMPORTANT]\n\nTo enable the \"Enhanced and Optimized TLS\" feature, we must update the NGINX configuration file (/etc/nginx/nginx.conf).\n\nBut for unknown reason or you edited it, may not be fully apply all the changes in this upgrade.\n\nPlease follow the default configuration file to sync it:\n$HESTIA_INSTALL_DIR/nginx/nginx.conf\n\nBacked up configuration file:\n$HESTIA_BACKUP/conf/nginx/nginx.conf\n\nLearn more:\nhttps://github.com/hestiacp/hestiacp/pull/3555"
 			"$BIN"/v-add-user-notification admin "IMPORTANT: Manual Action Required" 'To enable the <b>Enhanced and Optimized TLS</b> feature, we must update the NGINX configuration file (/etc/nginx/nginx.conf).<br><br>But for unknown reason or you edited it, may not be fully apply all the changes in this upgrade.<br><br>Please follow the default configuration file to sync it:<br>'"$HESTIA_INSTALL_DIR"'/nginx/nginx.conf<br><br>Backed up configuration file:<br>'"$HESTIA_BACKUP"'/conf/nginx/nginx.conf<br><br>Visit PR <a href="https://github.com/hestiacp/hestiacp/pull/3555" target="_blank">#3555</a> on GitHub to learn more.'
-			sed -i "s/""$(grep "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='1'/" "$HESTIA"/data/users/admin/notifications.conf
+
+			sed -i "s/""$(grep -m 1 "IMPORTANT: Manual Action Required" "$HESTIA"/data/users/admin/notifications.conf | awk '{print $1}')""/NID='1'/" "$HESTIA"/data/users/admin/notifications.conf
 
 			cp -f /etc/nginx/nginx.conf /etc/nginx/nginx.conf-staging
 

web/edit/server/index.php

@@ -1565,6 +1565,41 @@ if (!empty($_POST["save"])) {
 		}
 	}
 
+	if (empty($_SESSION["error_msg"])) {
+		if ($_POST["v_policy_sync_error_documents"] != $_SESSION["POLICY_SYNC_ERROR_DOCUMENTS"]) {
+			exec(
+				HESTIA_CMD .
+					"v-change-sys-config-value POLICY_SYNC_ERROR_DOCUMENTS " .
+					quoteshellarg($_POST["v_policy_sync_error_documents"]),
+				$output,
+				$return_var,
+			);
+			check_return_code($return_var, $output);
+			unset($output);
+			if (empty($_SESSION["error_msg"])) {
+				$v_policy_system_hide_services = $_POST["v_policy_sync_error_documents"];
+			}
+			$v_security_adv = "yes";
+		}
+	}
+	if (empty($_SESSION["error_msg"])) {
+		if ($_POST["v_policy_sync_skeleton"] != $_SESSION["POLICY_SYNC_SKELETON"]) {
+			exec(
+				HESTIA_CMD .
+					"v-change-sys-config-value POLICY_SYNC_SKELETON " .
+					quoteshellarg($_POST["v_policy_sync_skeleton"]),
+				$output,
+				$return_var,
+			);
+			check_return_code($return_var, $output);
+			unset($output);
+			if (empty($_SESSION["error_msg"])) {
+				$v_policy_system_hide_services = $_POST["v_policy_sync_skeleton"];
+			}
+			$v_security_adv = "yes";
+		}
+	}
+
 	// Change login style
 	if (empty($_SESSION["error_msg"])) {
 		if ($_POST["v_login_style"] != $_SESSION["LOGIN_STYLE"]) {

web/templates/pages/edit_server.php

@@ -1250,6 +1250,40 @@
 								</option>
 							</select>
 						</div>
+						<div class="u-mb10">
+							<label for="v_policy_sync_error_documents" class="form-label">
+								<?= _("Sync Error document templates on user rebuild") ?>
+							</label>
+							<select
+								class="form-select"
+								name="v_policy_sync_error_documents"
+								id="v_policy_sync_error_documents"
+							>
+								<option value="yes">
+									<?= _("Yes") ?>
+								</option>
+								<option value="no" <?= $_SESSION["POLICY_SYNC_ERROR_DOCUMENTS"] == "no" ? "selected" : "" ?>>
+									<?= _("No") ?>
+								</option>
+							</select>
+						</div>
+						<div class="u-mb10">
+							<label for="v_policy_sync_skeleton" class="form-label">
+								<?= _("Sync Skeleton templates") ?>
+							</label>
+							<select
+								class="form-select"
+								name="v_policy_sync_skeleton"
+								id="v_policy_sync_skeleton"
+							>
+								<option value="yes">
+									<?= _("Yes") ?>
+								</option>
+								<option value="no" <?= $_SESSION["POLICY_SYNC_SKELETON"] == "no" ? "selected" : "" ?>>
+									<?= _("No") ?>
+								</option>
+							</select>
+						</div>
 						<div class="u-mb10">
 							<label for="v_policy_user_view_logs" class="form-label">
 								<?= _("Allow users to view action and login history logs") ?>