Use unix sockets for dummy.conf

bin/v-add-web-php

@@ -131,7 +131,7 @@ update-rc.d php$version-fpm defaults > /dev/null 2>&1
 v_tpl=${version//./}
 rm -f /etc/php/$version/fpm/pool.d/*
 cp -f $HESTIA_INSTALL_DIR/php-fpm/dummy.conf /etc/php/$version/fpm/pool.d/
-sed -i "s/9999/99$v_tpl/g" /etc/php/$version/fpm/pool.d/dummy.conf
+sed -i "s/%backend_version%/$version/g" /etc/php/$version/fpm/pool.d/dummy.conf
 cp -f $HESTIA_INSTALL_DIR/php-fpm/php-fpm.conf /etc/php/$version/fpm/
 sed -i "s/fpm_v/$version/g" /etc/php/$version/fpm/php-fpm.conf
 

install/deb/php-fpm/dummy.conf

@@ -1,8 +1,10 @@
 ; origin-src: deb/php-fpm/dummy.conf
 
-[www]
-listen = 127.0.0.1:9999
-listen.allowed_clients = 127.0.0.1
+[wwww]
+listen = /run/php/php%backend_version%-fpm.dummy.sock
+listen.owner = hestiamail
+listen.group = www-data
+listen.mode = 0660
 
 ;"hestiamail" user created to prevent users from abusing this config
 user = hestiamail

install/upgrade/versions/1.8.9.sh

@@ -36,8 +36,15 @@ fi
 
 # Fix security issue wit FPM pools
 if [ -z "$(grep ^hestiamail: /etc/passwd)" ]; then
+	echo "[ * ] Limit permissions www.conf and dummy.conf"
 	/usr/sbin/useradd "hestiamail" -c "$email" --no-create-home
 
 	sed -i "s/user = www-data/user = hestiamail/g" /etc/php/*/fpm/pool.d/www.conf
-	sed -i "s/user = www-data/user = hestiamail/g" /etc/php/*/fpm/pool.d/dummy.conf
+
+	php_versions=$($BIN/v-list-sys-php plain)
+	# Substitute php-fpm service name formats
+	for version in $php_versions; do
+		cp -f $HESTIA_INSTALL_DIR/php-fpm/dummy.conf /etc/php/$version/fpm/pool.d/
+		sed -i "s/%backend_version%/$version/g" /etc/php/$version/fpm/pool.d/dummy.conf
+	done
 fi