Release 1.0.2

README.md

@@ -1,6 +1,8 @@
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Current release:** Version 1.0.1, released on June 25th, 2019.
+**Current stable release:** Version 1.0.1, released on June 25th, 2019.
+
+**Next planned release:** Version 1.0.2 - minor bug fixes & improvements, currently available for testing in the **prerelease** branch. Please see "Installing development builds" for more information.
 
 What is Hestia Control Panel?
 ----------------------------

bin/v-add-mail-domain

@@ -132,7 +132,7 @@ fi
 # Add webmail configuration to mail domain
 if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
     if [ ! -z "$IMAP_SYSTEM" ]; then
-        $BIN/v-add-webmail $user $domain ''
+        $BIN/v-add-sys-webmail $user $domain ''
     fi
 fi
     

bin/v-add-web-domain-ftp

@@ -84,7 +84,7 @@ fi
 /usr/sbin/useradd $ftp_user \
     -s $shell \
     -o -u $(id -u $user) \
-    -g $(id -u $user) \
+    -g $(id -g $user) \
     -G hestia-users \
     -M -d "$ftp_path_a"  > /dev/null 2>&1
 

bin/v-change-web-domain-hsts → bin/v-add-web-domain-ssl-hsts

@@ -1,9 +1,8 @@
 #!/bin/bash
-# info: add/remove HSTS support from a domain
-# options: USER DOMAIN STATUS
+# info: Adding hsts to a domain
+# options: USER DOMAIN
 #
-# This function will enable or disable HSTS (HTTP Strict Transport Security)
-# for a web domain.
+# The function enables HSTS for the requested domain.
 
 
 #----------------------------------------------------------#
@@ -13,14 +12,12 @@
 # Argument definition
 user=$1
 domain=$2
-domain_idn=$2
-status=$3
 
 # Includes
 source $HESTIA/func/main.sh
-source $HESTIA/func/domain.sh
 source $HESTIA/conf/hestia.conf
 
+
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
@@ -32,6 +29,7 @@ is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
 
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
@@ -52,24 +50,24 @@ else
     hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
 fi
 
-if [ "$status" = "on" ]; then
-    echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
-    echo "HTTP Strict Transport Security (HSTS) turned on for $domain."
-elif [ "$status" = "off" ]; then
-    rm -f $hstsconf
-    nginx -s reload
-    echo "HTTP Strict Transport Security (HSTS) turned off for $domain."
-else
-    echo "Error: Invalid mode specified."
-    echo "Usage: v-change-web-domain-hsts USER DOMAIN [ON / OFF]"
-fi
+echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
+echo "HTTP Strict Transport Security (HSTS) turned on for $domain."
+
 
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
 
 # Logging
-log_history "Enabled HTTP Strict Transport Security on $domain."
+log_history "Turned HTTP Strict Transport Security $status for $domain."
 log_event "$OK" "$ARGUMENTS"
 
+# Restart web server
+$BIN/v-restart-web
+check_result $? "Web restart failed" > /dev/null
+
+# Restart proxy
+$BIN/v-restart-proxy
+check_result $? "Proxy restart failed" > /dev/null
+
 exit

bin/v-change-sys-hostname

@@ -41,6 +41,7 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     # Debian/Ubuntu
+    hostnamectl set-hostname $domain
     echo "$domain" > /etc/hostname
 fi
 

bin/v-change-sys-service-config

@@ -101,13 +101,14 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
         fi
     fi
 
-    service $service restart >/dev/null 2>&1
+    $BIN/v-restart-service $service > /dev/null 2>&1
+
     if [ $? -ne 0 ]; then
         for config in $dst; do
             cat $config.vst.back > $config
             rm -f $config.vst.back
         done
-        check_result $E_RESTART "$service failed to start with new config"
+        check_result $E_RESTART "ERROR: $service failed to start with new configuration."
     fi
 fi
 

bin/v-change-sys-webmail

@@ -26,8 +26,8 @@ NEW_ALIAS=$1
 
 # Delete old webmail configuration
 for user in `ls /usr/local/hestia/data/users/`; do
-    for domain in $($BIN/v-list-web-domains $user plain |cut -f 1); do
-        $BIN/v-delete-webmail $user $domain
+    for domain in $($BIN/v-list-mail-domains $user plain |cut -f 1); do
+        $BIN/v-delete-sys-webmail $user $domain
     done
 done
 
@@ -35,14 +35,19 @@ done
 $BIN/v-change-sys-config-value 'WEBMAIL_ALIAS' $NEW_ALIAS
 
 for user in `ls /usr/local/hestia/data/users/`; do
-    for domain in $($BIN/v-list-web-domains $user plain |cut -f 1); do
-        $BIN/v-add-webmail $user $domain
+    for domain in $($BIN/v-list-mail-domains $user plain |cut -f 1); do
+        $BIN/v-add-sys-webmail $user $domain
     done
 done
 
 # Update global directory alias configuration
-sed -i "s|Alias \/$OLD_ALIAS|Alias \/$NEW_ALIAS|gI" /etc/apache2/conf.d/roundcube.conf
-sed -i "s|location \/$OLD_ALIAS|location \/$NEW_ALIAS|gI" /etc/nginx/conf.d/webmail.inc
+if [ "$WEB_SYSTEM" = 'apache2' ]; then
+    sed -i "s|Alias \/$OLD_ALIAS|Alias \/$NEW_ALIAS|gI" /etc/apache2/conf.d/roundcube.conf
+fi
+if [ -e /etc/nginx/conf.d/webmail.inc ]; then
+    sed -i "s|location \/$OLD_ALIAS|location \/$NEW_ALIAS|gI" /etc/nginx/conf.d/webmail.inc
+    sed -i "s|location ~ ^\/$OLD_ALIAS|location ~ ^\/$NEW_ALIAS|gI" /etc/nginx/conf.d/webmail.inc
+fi
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-delete-mail-domain

@@ -69,7 +69,7 @@ fi
 
 # Delete webmail configuration if it exists
 if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
-    $BIN/v-delete-webmail $user $domain 'yes'
+    $BIN/v-delete-sys-webmail $user $domain 'yes'
 fi
 
 #----------------------------------------------------------#

bin/v-delete-web-domain-ssl-hsts

@@ -0,0 +1,64 @@
+#!/bin/bash
+# info: remove ssl force from domain
+# options: USER DOMAIN [RESTART]
+#
+# The function removes force SSL configurations.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+is_object_valid 'web' 'DOMAIN' "$domain" "$SSL_FORCE"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Check for Apache/Nginx or Nginx/PHP-FPM configuration
+if [ -z $PROXY_SYSTEM ]; then
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.hsts.conf"
+else
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
+fi
+
+rm -f $hstsconf
+echo "HTTP Strict Transport Security (HSTS) turned off for $domain."
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Restart services if requested
+if [ ! -z "$restart" ]; then
+    $BIN/v-restart-web
+    check_result $? "Web restart failed" >/dev/null
+
+    $BIN/v-restart-proxy
+    check_result $? "Proxy restart failed" >/dev/null
+fi
+
+exit

bin/v-list-sys-hestia-updates

@@ -15,7 +15,7 @@ format=${1-shell}
 # Includes
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
-fields="\$NAME \$VERSION \$RELEASE \$ARCH \$UPDATED \$DESCR \$TIME \$DATE"
+fields="\$NAME \$VERSION \$ARCH \$UPDATED \$DESCR \$TIME \$DATE"
 
 # JSON list function
 json_list() {
@@ -27,7 +27,6 @@ json_list() {
         eval $str
         echo -n '    "'$NAME'": {
         "VERSION": "'$VERSION'",
-        "RELEASE": "'$RELEASE'",
         "ARCH": "'$ARCH'",
         "UPDATED": "'$UPDATED'",
         "DESCR": "'$DESCR'",
@@ -47,11 +46,11 @@ json_list() {
 # SHELL list function
 shell_list() {
     IFS=$'\n'
-    echo "PKG   VER   REL   ARCH   UPDT   DATE"
-    echo "---   ---   ---   ----   ----   ----"
+    echo "PKG   VER   ARCH   UPDT   DATE"
+    echo "---   ---   ----   ----   ----"
     for str in $(echo -e "$data"); do
         eval $str
-        echo "$NAME $VERSION $RELEASE $ARCH $UPDATED $DATE"
+        echo "$NAME $VERSION $ARCH $UPDATED $DATE"
     done
 }
 
@@ -66,71 +65,52 @@ nginx_v=$(apt-cache policy hestia-nginx | grep Candidate | cut -d ':' -f 2 | xar
 php_v=$(apt-cache policy hestia-php | grep Candidate | cut -d ':' -f 2 | xargs)
 
 # Checking installed hestia version
-if [ -d "/etc/sysconfig" ]; then
-    rpm_format="VERSION='%{VERSION}'"
-    rpm_format="$rpm_format RELEASE='%{RELEASE}'"
-    rpm_format="$rpm_format ARCH='%{ARCH}'"
-    rpm_format="$rpm_format UTIME='%{INSTALLTIME}'\n"
-    eval $(rpm --queryformat="$rpm_format" -q hestia)
-    DATE=$(date -d @$UTIME +%F)
-    TIME=$(date -d @$UTIME +%T)
-else
-    dpkg_data=$(dpkg-query -s hestia)
-    pkg_date=$(stat -c "%Y" /var/lib/dpkg/info/hestia.list)
-    ARCH=$(echo "$dpkg_data"|grep Architecture |cut -f 2 -d ' ')
-    VERSION=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 1 -d \-)
-    RELEASE=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 2 -d \-)
-    DATE=$(date -d @$pkg_date +"%F")
-    TIME=$(date -d @$pkg_date +"%T")
-fi
+dpkg_data=$(dpkg-query -s hestia)
+pkg_date=$(stat -c "%Y" /var/lib/dpkg/info/hestia.list)
+ARCH=$(echo "$dpkg_data"|grep Architecture |cut -f 2 -d ' ')
+VERSION=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 1 -d \-)
+DATE=$(date -d @$pkg_date +"%F")
+TIME=$(date -d @$pkg_date +"%T")
+
 UPDATED='yes'
-if [ ! -z "$hesta_v" ] && [ "$hestia_v" \> "$VERSION-$RELEASE" ]; then
+if [ ! -z "$hesta_v" ] && [ "$hestia_v" \> "$VERSION" ]; then
     UPDATED='no'
 fi
-data="NAME='hestia' VERSION='$VERSION' RELEASE='$RELEASE' ARCH='$ARCH'"
+
+data="NAME='hestia' VERSION='$VERSION' ARCH='$ARCH'"
 data="$data UPDATED='$UPDATED' DESCR='core package' TIME='$TIME' DATE='$DATE'"
 
 # Checking installed hestia-php version
-if [ -d "/etc/sysconfig" ]; then
-    eval $(rpm --queryformat="$rpm_format" -q hestia-php)
-    DATE=$(date -d @$UTIME +%F)
-    TIME=$(date -d @$UTIME +%T)
-else
-    dpkg_data=$(dpkg-query -s hestia-php)
-    pkg_date=$(stat -c "%Y" /var/lib/dpkg/info/hestia-php.list)
-    ARCH=$(echo "$dpkg_data"|grep Architecture | cut -f 2 -d ' ')
-    VERSION=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 1 -d \-)
-    RELEASE=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 2 -d \-)
-    DATE=$(date -d @$pkg_date +"%F")
-    TIME=$(date -d @$pkg_date +"%T")
-fi
+dpkg_data=$(dpkg-query -s hestia-php)
+pkg_date=$(stat -c "%Y" /var/lib/dpkg/info/hestia-php.list)
+ARCH=$(echo "$dpkg_data"|grep Architecture | cut -f 2 -d ' ')
+VERSION=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 1 -d \-)
+DATE=$(date -d @$pkg_date +"%F")
+TIME=$(date -d @$pkg_date +"%T")
+
 UPDATED='yes'
-if [ ! -z "$php_v" ] && [ "$php_v" \> "$VERSION-$RELEASE" ]; then
+if [ ! -z "$php_v" ] && [ "$php_v" \> "$VERSION" ]; then
     UPDATED='no'
 fi
-data="$data\nNAME='hestia-php' VERSION='$VERSION' RELEASE='$RELEASE'"
+
+data="$data\nNAME='hestia-php' VERSION='$VERSION'"
 data="$data ARCH='$ARCH' UPDATED='$UPDATED' DESCR='php interpreter'"
 data="$data TIME='$TIME' DATE='$DATE'"
 
 # Checking installed hestia-nginx version
-if [ -d "/etc/sysconfig" ]; then
-    eval $(rpm --queryformat="$rpm_format" -q hestia-nginx)
-    DATE=$(date -d @$UTIME +%F)
-    TIME=$(date -d @$UTIME +%T)
-else
-    dpkg_data=$(dpkg-query -s hestia-nginx)
-    pkg_date=$(stat -c "%Y" /var/lib/dpkg/info/hestia-nginx.list)
-    ARCH=$(echo "$dpkg_data"|grep Architecture | cut -f 2 -d ' ')
-    VERSION=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 1 -d \-)
-    RELEASE=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 2 -d \-)
-    DATE=$(date -d @$pkg_date +"%F")
-    TIME=$(date -d @$pkg_date +"%T")
-fi
+dpkg_data=$(dpkg-query -s hestia-nginx)
+pkg_date=$(stat -c "%Y" /var/lib/dpkg/info/hestia-nginx.list)
+ARCH=$(echo "$dpkg_data"|grep Architecture | cut -f 2 -d ' ')
+VERSION=$(echo "$dpkg_data"|grep ^Version |cut -f 2 -d ' '|cut -f 1 -d \-)
+DATE=$(date -d @$pkg_date +"%F")
+TIME=$(date -d @$pkg_date +"%T")
+
 UPDATED='yes'
-if [ ! -z "$nginx_v" ] && [ "$nginx_v" \> "$VERSION-$RELEASE" ]; then
+if [ ! -z "$nginx_v" ] && [ "$nginx_v" \> "$VERSION" ]; then
     UPDATED='no'
 fi
-data="$data\nNAME='hestia-nginx' VERSION='$VERSION' RELEASE='$RELEASE'"
+
+data="$data\nNAME='hestia-nginx' VERSION='$VERSION'"
 data="$data ARCH='$ARCH' UPDATED='$UPDATED' DESCR='internal web server'"
 data="$data TIME='$TIME' DATE='$DATE'"
 

bin/v-list-sys-services

@@ -271,7 +271,7 @@ if [ ! -z "$FIREWALL_SYSTEM" ] && [ "$FIREWALL_SYSTEM" != 'remote' ]; then
         state="running"
     fi
     data="$data\nNAME='$FIREWALL_SYSTEM' SYSTEM='firewall'"
-    data="$data STATE='$state' CPU='0' MEM='0' RTIME='0'"
+    data="$data STATE='$state' CPU='0' MEM='0' RTIME='$rtime'"
 fi
 
 # Checking FIREWALL Fail2ban extention

bin/v-list-user-notifications

@@ -28,7 +28,7 @@ json_list() {
         NOTICE=$(echo "$NOTICE" |sed -e "s/%quote%/'/g")
         echo -n '    "'$NID'": {
         "TOPIC": "'$TOPIC'",
-        "NOTICE": "'$NOTICE'",
+        "NOTICE": "'${NOTICE//\"/\'}'",
         "TYPE": "'$TYPE'",
         "ACK": "'$ACK'",
         "TPL": "'$TPL'",

bin/v-rebuild-mail-domain

@@ -46,8 +46,8 @@ rebuild_mail_domain_conf
 # Rebuild webmail configuration
 if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
     if [ ! -z "$IMAP_SYSTEM" ]; then
-        $BIN/v-delete-webmail $user $domain ''
-        $BIN/v-add-webmail $user $domain ''
+        $BIN/v-delete-sys-webmail $user $domain ''
+        $BIN/v-add-sys-webmail $user $domain ''
     fi
 fi
 

bin/v-rebuild-mail-domains

@@ -50,8 +50,8 @@ for domain in $(search_objects 'mail' 'SUSPENDED' "*" 'DOMAIN'); do
     rebuild_mail_domain_conf
     if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
         if [ ! -z "$IMAP_SYSTEM" ]; then
-            $BIN/v-delete-webmail $user $domain ''
-            $BIN/v-add-webmail $user $domain ''
+            $BIN/v-delete-sys-webmail $user $domain ''
+            $BIN/v-add-sys-webmail $user $domain ''
         fi
     fi
 done

bin/v-restart-cron

@@ -50,13 +50,10 @@ if [ -z "$CRON_SYSTEM" ] || [ "$CRON_SYSTEM" = 'remote' ]; then
 fi
 
 # Restart system
-service $CRON_SYSTEM reload >/dev/null 2>&1
+$BIN/v-restart-service $CRON_SYSTEM >/dev/null 2>&1
 if [ $? -ne 0 ]; then
-    service $CRON_SYSTEM restart >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        send_email_report
-        check_result $E_RESTART "$CRON_SYSTEM restart failed"
-    fi
+    send_email_report
+    check_result $E_RESTART "$CRON_SYSTEM restart failed"
 fi
 
 # Update restart queue

bin/v-restart-dns

@@ -55,13 +55,10 @@ if [ -z "$DNS_SYSTEM" ] || [ "$DNS_SYSTEM" = 'remote' ] ; then
 fi
 
 # Restart system
-service $DNS_SYSTEM reload >/dev/null 2>&1
+$BIN/v-restart-service $DNS_SYSTEM > /dev/null 2>&1
 if [ $? -ne 0 ]; then
-    service $DNS_SYSTEM restart >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        send_email_report
-        check_result $E_RESTART "$DNS_SYSTEM restart failed"
-    fi
+    send_email_report
+    check_result $E_RESTART "$DNS_SYSTEM restart failed"
 fi
 
 # Update restart queue

bin/v-restart-ftp

@@ -50,7 +50,7 @@ if [ -z "$FTP_SYSTEM" ] || [ "$FTP_SYSTEM" = 'remote' ]; then
 fi
 
 # Restart system
-service $FTP_SYSTEM restart >/dev/null 2>&1
+$BIN/v-restart-service $FTP_SYSTEM > /dev/null 2>&1
 if [ $? -ne 0 ]; then
     send_email_report
     check_result $E_RESTART "$FTP_SYSTEM restart failed"

bin/v-restart-mail

@@ -2,7 +2,7 @@
 # info: restart mail service
 # options: NONE
 #
-# The function tells Exim service to reload configuration files.
+# The function tells exim or dovecot services to reload configuration files.
 
 
 #----------------------------------------------------------#
@@ -49,8 +49,17 @@ if [ -z "$MAIL_SYSTEM" ] || [ "$MAIL_SYSTEM" = 'remote' ]; then
     exit
 fi
 
-# Restart system
-service $MAIL_SYSTEM restart >/dev/null 2>&1
+# Restart IMAP system if present
+if [ ! -z "$IMAP_SYSTEM" ]; then
+    $BIN/v-restart-service $IMAP_SYSTEM > /dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        send_email_report
+        check_result $E_RESTART "$IMAP_SYSTEM restart failed"
+    fi
+fi
+
+# Restart mail system
+$BIN/v-restart-service $MAIL_SYSTEM > /dev/null 2>&1
 if [ $? -ne 0 ]; then
     send_email_report
     check_result $E_RESTART "$MAIL_SYSTEM restart failed"

bin/v-restart-proxy

@@ -50,47 +50,31 @@ if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
 fi
 
 if [ -f "$HESTIA/web/inc/nginx_proxy" ]; then
-
-  # if hestia is behind default nginx, restart in background with 15 sec delay
-  # background restart
-  if [ "$1" = 'background' ]; then
-      # Restart system
-      sleep 15
-      service $PROXY_SYSTEM restart >/dev/null 2>&1
-      #if [ $? -ne 0 ]; then
-      #    send_email_report
-      #    check_result $E_RESTART "$PROXY_SYSTEM restart failed"
-      #fi
-
-      # Update restart queue
-      if [ -e "$HESTIA/data/queue/restart.pipe" ]; then
-          sed -i "/$SCRIPT/d" $HESTIA/data/queue/restart.pipe
-      fi
-
-      exit;
-  fi
-
-  # try to reload to get changes faster
-  service $PROXY_SYSTEM reload
-  
-  # send to background process
-  nohup $BIN/v-restart-proxy 'background' &>/dev/null &
-
-else
-
-  # Default behaviour
-  # Restart system
-  service $PROXY_SYSTEM restart >/dev/null 2>&1
-  #if [ $? -ne 0 ]; then
-  #    send_email_report
-  #    check_result $E_RESTART "$PROXY_SYSTEM restart failed"
-  #fi
-
-  # Update restart queue
-  if [ -e "$HESTIA/data/queue/restart.pipe" ]; then
-      sed -i "/$SCRIPT/d" $HESTIA/data/queue/restart.pipe
-  fi
-
+    # if hestia is behind default nginx, restart in background with 15 sec delay
+    # background restart
+    if [ "$1" = 'background' ]; then
+        # Restart system
+        sleep 15
+        $BIN/v-restart-service $PROXY_SYSTEM > /dev/null 2>&1
+
+        # Update restart queue
+        if [ -e "$HESTIA/data/queue/restart.pipe" ]; then
+            sed -i "/$SCRIPT/d" $HESTIA/data/queue/restart.pipe
+        fi
+
+        exit;
+    fi
+    # Send to background process
+        nohup $BIN/v-restart-proxy 'background' &>/dev/null &
+    else
+    # Default behaviour
+    # Restart system
+    $BIN/v-restart-service $PROXY_SYSTEM > /dev/null 2>&1
+
+    # Update restart queue
+    if [ -e "$HESTIA/data/queue/restart.pipe" ]; then
+        sed -i "/$SCRIPT/d" $HESTIA/data/queue/restart.pipe
+    fi
 fi
 
 #----------------------------------------------------------#

bin/v-restart-service

@@ -11,6 +11,7 @@
 
 # Argument definition
 service=$1
+force=$2
 
 # Includes
 source $HESTIA/func/main.sh
@@ -23,27 +24,32 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
 
 check_args '1' "$#" 'SERVICE'
 
-
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ "$service" != "iptables" ]; then
-    service $service restart >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        check_result $E_RESTART "$service restart failed"
-    fi
-else
+# Run the restart rules for iptables firewall
+if [ "$service" = "iptables" ]; then
     $BIN/v-stop-firewall
     $BIN/v-update-firewall
-    if [ $? -ne 0 ]; then
-        check_result $E_RESTART "$service restart failed"
-    fi
 fi
 
+if [ "$service" = "hestia" ] || [ "$service" = "iptables" ] || [ "$service" = "mariadb" ] || [ "$service" = "mysql" ] || [ "$service" = "postgresql" ] || [ "$service" = "cron" ]; then
+    systemctl restart $service > /dev/null 2>&1
+elif [ -z "$force" ] || [ "$force" = "no" ]; then
+    systemctl reload $service > /dev/null 2>&1
+else
+    systemctl restart $service > /dev/null 2>&1
+fi
 
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
 
+# Check the result of the service restart and report whether it failed.
+if [ $? -ne 0 ]; then
+    check_result $E_RESTART "ERROR: Restart of $service failed."
+    log_history "Restart of $service failed."
+fi
+
 exit

bin/v-restart-system

@@ -28,6 +28,7 @@ check_args '1' "$#" 'RESTART'
 #----------------------------------------------------------#
 
 if [  "$restart" = 'yes' ]; then
+    log_history "A restart of the server was initiated."
     /sbin/reboot
 fi
 

bin/v-restart-web

@@ -49,34 +49,18 @@ if [ -z "$WEB_SYSTEM" ] || [ "$WEB_SYSTEM" = 'remote' ]; then
     exit
 fi
 
-# Reload web system
-service $WEB_SYSTEM reload >/dev/null 2>&1
-rc=$?
+$BIN/v-restart-service $WEB_SYSTEM > /dev/null 2>&1
 
-# Workaround for Ubuntu 12.04
-if [ "$WEB_SYSTEM" == 'apache2' ]; then
-    pid1='/var/run/apache2.pid'
-    pid2='/var/run/apache2/apache2.pid'
-    if [ ! -e "$pid1" ] && [ ! -e "$pid2" ]; then
-        rc=1
-    fi
-fi
-
-# Resart web system if reload didn't work
-if [ "$rc" -ne 0 ]; then
-    service $WEB_SYSTEM restart >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        send_email_report
-        check_result $E_RESTART "$WEB_SYSTEM restart failed"
-    fi
-fi
+if [ $? -ne 0 ]; then
+    send_email_report
+    check_result $E_RESTART "$WEB_SYSTEM restart failed"
+ fi
 
 # Update restart queue
 if [ -e "$HESTIA/data/queue/restart.pipe" ]; then
     sed -i "/$SCRIPT/d" $HESTIA/data/queue/restart.pipe
 fi
 
-
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#

bin/v-restart-web-backend

@@ -54,9 +54,9 @@ php_fpm=$(ls /etc/init.d/php*-fpm* 2>/dev/null |cut -f 4 -d /)
 for back in $php_fpm
 do
     if [ -z "$php_fpm" ]; then
-        service $WEB_BACKEND restart >/dev/null 2>&1
+        $BIN/v-restart-service $WEB_BACKEND > /dev/null 2>&1
     else
-        service $back restart >/dev/null 2>&1
+        $BIN/v-restart-service $back > /dev/null 2>&1
     fi
 done
 if [ $? -ne 0 ]; then

bin/v-start-service

@@ -28,11 +28,11 @@ check_args '1' "$#" 'SERVICE'
 #----------------------------------------------------------#
 
 if [ "$service" != 'iptables' ]; then
-    service $service start >/dev/null 2>&1
-    check_result $? "$service start failed" $E_RESTART
+    systemctl start $service > /dev/null 2>&1
+    check_result $? "ERROR: $service start failed" $E_RESTART
 else
     $BIN/v-update-firewall
-    check_result $? "$service start failed" $E_RESTART
+    check_result $? "ERROR: $service start failed" $E_RESTART
 fi
 
 

bin/v-stop-service

@@ -28,11 +28,11 @@ check_args '1' "$#" 'SERVICE'
 #----------------------------------------------------------#
 
 if [ "$service" != 'iptables' ]; then
-    service $service stop >/dev/null 2>&1
-    check_result $? "$service stop failed" $E_RESTART
+    systemctl stop $service >/dev/null 2>&1
+    check_result $? "ERROR: $service stop failed" $E_RESTART
 else
     $BIN/v-stop-firewall
-    check_result $? "$service stop failed" $E_RESTART
+    check_result $? "ERROR: $service stop failed" $E_RESTART
 fi
 
 

bin/v-suspend-mail-domain

@@ -48,7 +48,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
 fi
 
 # Removing webmail configuration
-$BIN/v-delete-webmail $user $domain 'yes'
+$BIN/v-delete-sys-webmail $user $domain 'yes'
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-unsuspend-mail-domain

@@ -57,7 +57,7 @@ decrease_user_value "$user" '$SUSPENDED_MAIL'
 
 # Enable webmail access
 if [ ! -z "$IMAP_SYSTEM" ]; then
-    $BIN/v-add-webmail $user $domain 'yes'
+    $BIN/v-add-sys-webmail $user $domain 'yes'
 fi
 # Logging
 log_event "$OK" "$ARGUMENTS"

bin/v-update-dns-templates

@@ -16,29 +16,13 @@ restart=$1
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
 
-# Detect OS
-case $(head -n1 /etc/issue | cut -f 1 -d ' ') in
-    Debian)     type="debian" ;;
-    Ubuntu)     type="ubuntu" ;;
-    *)          type="NoSupport" ;;
-esac
-
-# Detect version
-if [ "$type" = "ubuntu" ] || [ "$type" = "debian" ]; then
-    type="deb"
-else
-    echo "Error: can't detect supported os"
-    log_event "$E_NOTEXIST"
-    exit $E_NOTEXIST
-fi
-
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
 # Update templates
-cp -rf $HESTIA/install/$type/templates/dns $HESTIA/data/templates/
+cp -rf $HESTIA/install/deb/templates/dns $HESTIA/data/templates/
 
 
 #----------------------------------------------------------#

bin/v-update-host-certificate

@@ -69,6 +69,11 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     chown $exim_user:mail $HESTIA/ssl/certificate.key
 fi
 
+# Add UPDATE_HOSTNAME_SSL if not exist
+if [ -z "$UPDATE_HOSTNAME_SSL" ]; then
+    echo "UPDATE_HOSTNAME_SSL='yes'" >> $HESTIA/conf/hestia.conf
+fi
+
 # Restart services
 $BIN/v-restart-web
 $BIN/v-restart-proxy

bin/v-update-mail-templates

@@ -16,29 +16,13 @@ restart=$1
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
 
-# Detect OS
-case $(head -n1 /etc/issue | cut -f 1 -d ' ') in
-    Debian)     type="debian" ;;
-    Ubuntu)     type="ubuntu" ;;
-    *)          type="NoSupport" ;;
-esac
-
-# Detect version
-if [ "$type" = "ubuntu" ] || [ "$type" = "debian" ]; then
-    type="deb"
-else
-    echo "Error: can't detect supported os"
-    log_event "$E_NOTEXIST"
-    exit $E_NOTEXIST
-fi
-
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
 # Update templates
-cp -rf $HESTIA/install/$type/templates/mail $HESTIA/data/templates/
+cp -rf $HESTIA/install/deb/templates/mail $HESTIA/data/templates/
 
 # Rebuild mail domains if mail services are enabled
 if [ ! -z $MAIL_SYSTEM ]; then

bin/v-update-sys-hestia

@@ -28,31 +28,17 @@ source $HESTIA/conf/hestia.conf
 # Checking arg number
 check_args '1' "$#" 'PACKAGE'
 
-
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ -d "/etc/sysconfig" ]; then
-    # Clean yum chache
-    yum -q clean all
-
-    # Define yum cmd
-    yum="yum -q -y --noplugins --disablerepo=* --enablerepo=hestia"
-
-    # Update hestia package
-    $yum update $package > /dev/null 2>&1
-    check_result $? "$package update failed" $E_UPDATE
-else
-    # Update repo
-    apt-get update -o Dir::Etc::sourcelist="sources.list.d/hestia.list" \
-        -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" -qq
-
-    # Update hestia package
-    apt-get install $package -qq > /dev/null 2>&1
-    check_result $? "$package update failed" $E_UPDATE
-fi
+# Update repo
+apt-get update -o Dir::Etc::sourcelist="sources.list.d/hestia.list" \
+    -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" -qq
 
+# Update hestia package
+apt-get install $package -qq > /dev/null 2>&1
+check_result $? "$package update failed" $E_UPDATE
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-update-sys-hestia-git

@@ -53,6 +53,7 @@ download_file() {
 BUILD_DIR='/tmp/hestiacp-src/'
 DEB_DIR="$BUILD_DIR/debs/"
 INSTALL_DIR='/usr/local/hestia'
+ARCHIVE_DIR="${BUILD_DIR}/archive/"
 
 # Set command variables
 branch=$1
@@ -71,6 +72,7 @@ PHP_V='7.3.4'
 # Create build directories
 rm -rf $BUILD_DIR
 mkdir -p $DEB_DIR
+mkdir -p $ARCHIVE_DIR
 
 # Set package dependencies for compiling
 SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config'
@@ -126,13 +128,15 @@ HESTIA_B='true'
 GIT_REP='https://raw.githubusercontent.com/hestiacp/hestiacp/'$branch'/src/deb'
 
 # Generate Links for sourcecode
-HESTIA_ARCHIVE_LINK='https://github.com/hestiacp/hestiacp/archive/'$branch'.zip'
+HESTIA_ARCHIVE_LINK='https://github.com/hestiacp/hestiacp/archive/'$branch'.tar.gz'
 NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz'
 OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz'
 PCRE='https://ftp.pcre.org/pub/pcre/pcre-'$PCRE_V'.tar.gz'
 ZLIB='https://www.zlib.net/zlib-'$ZLIB_V'.tar.gz'
 PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz'
 
+# Forward slashes in branchname are replaced with dashes to match foldername in github archive.
+branch=$(echo "$branch" |sed 's/\//-/g');
 
 #################################################################################
 #
@@ -327,9 +331,7 @@ if [ "$HESTIA_B" = true ] ; then
     mkdir $BUILD_DIR/hestia_$HESTIA_V
 
     # Download and unpack source files
-    download_file $HESTIA_ARCHIVE_LINK
-    unzip -q $branch.zip
-    rm $branch.zip
+    download_file $HESTIA_ARCHIVE_LINK '-' 'fresh' | tar xz
 
     # Prepare Deb Package Folder Structure
     cd hestia_$HESTIA_V/
@@ -345,7 +347,7 @@ if [ "$HESTIA_B" = true ] ; then
     chmod +x postinst
 
     # Move needed directories
-    cd ../../hestiacp-$branch
+    cd $BUILD_DIR/hestiacp-$branch
     mv bin func install web ../hestia_$HESTIA_V/usr/local/hestia/
 
     # Set permission

bin/v-update-sys-ip

@@ -63,8 +63,8 @@ if [ ! -z "$new" ]; then
             mv $old.conf $new.conf
             sed -i "s/$old/$new/g" $new.conf
         fi
-        sed -i "s/$old/$new/g" $HESTIA/data/users/*/web.conf
         for user in $(ls $HESTIA/data/users/); do
+            sed -i "s/$old/$new/g" $HESTIA/data/users/$user/web.conf
             $BIN/v-rebuild-web-domains $user no
         done
         $BIN/v-restart-proxy
@@ -73,13 +73,14 @@ if [ ! -z "$new" ]; then
 
     # Updating DNS
     if [ ! -z "$DNS_SYSTEM" ]; then
-        sed -i "s/$old/$new/g" $HESTIA/data/users/*/dns.conf
-        sed -i "s/$old/$new/g" $HESTIA/data/users/*/dns/*.conf
-        for user in $(ls $HESTIA/data/users/); do
+        for user in `ls /usr/local/hestia/data/users/`; do
+            sed -i "s/$old/$new/g" $HESTIA/data/users/$user/dns.conf
+            sed -i "s/$old/$new/g" $HESTIA/data/users/$user/dns/*.conf
             $BIN/v-rebuild-dns-domains $user no
         done
         $BIN/v-restart-dns
     fi
+    
 
     # Updating FTP
     if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then

bin/v-update-web-templates

@@ -16,22 +16,6 @@ restart=$1
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
 
-# Detect OS
-case $(head -n1 /etc/issue | cut -f 1 -d ' ') in
-    Debian)     type="debian" ;;
-    Ubuntu)     type="ubuntu" ;;
-    *)          type="NoSupport" ;;
-esac
-
-# Detect version
-if [ "$type" = "ubuntu" ] || [ "$type" = "debian" ]; then
-    type="deb"
-else
-    echo "Error: can't detect supported os"
-    log_event "$E_NOTEXIST"
-    exit $E_NOTEXIST
-fi
-
 if [ -z "$WEB_SYSTEM" ]; then
     echo "Error: Missing Web System"
     log_event "$E_ARGS"
@@ -51,7 +35,7 @@ if [ -d "${HST_WEBTEMPLATES}" ]; then
     rm -rf "${HST_WEBTEMPLATES}/unassigned" 2>/dev/null
 fi
 
-for webtpl_folder in $(ls $HESTIA/install/$type/templates/web/* -d 2>/dev/null | egrep -v '/(nginx)$' ); do
+for webtpl_folder in $(ls $HESTIA/install/deb/templates/web/* -d 2>/dev/null | egrep -v '/(nginx)$' ); do
     cp -rf "${webtpl_folder}" "${HST_WEBTEMPLATES}/"
 done
 
@@ -65,7 +49,7 @@ if [ "$php_versions" -gt 1 ]; then
             continue
         fi
         v_tpl=$(echo "$v" | sed -e 's/[.]//')
-        cp -f "$HESTIA/install/$type/multiphp/${WEB_SYSTEM}/PHP-${v_tpl}".* "${HST_WEBTEMPLATES}/${WEB_SYSTEM}/"
+        cp -f "$HESTIA/install/deb/multiphp/${WEB_SYSTEM}/PHP-${v_tpl}".* "${HST_WEBTEMPLATES}/${WEB_SYSTEM}/"
     done
     chmod a+x "${HST_WEBTEMPLATES}/${WEB_SYSTEM}/"*.sh 2> /dev/null
 
@@ -78,7 +62,7 @@ if [ "$php_versions" -gt 1 ]; then
 fi
 
 if [ "$PROXY_SYSTEM" = 'nginx' ] || [ "$php_versions" -le 1 ]; then
-    cp -rf "${HESTIA}/install/${type}/templates/web/nginx" "${HST_WEBTEMPLATES}/"
+    cp -rf "${HESTIA}/install/deb/templates/web/nginx" "${HST_WEBTEMPLATES}/"
 fi
 
 # Rebuilding web domains

func/domain.sh

@@ -694,12 +694,17 @@ add_webmail_config() {
     ssl_pem="$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem"
     ssl_ca="$HOMEDIR/$user/conf/mail/$domain/ssl/$domain.ca"
 
+    override_alias="";
+    if [ "$WEBMAIL_ALIAS" != "mail" ]; then
+        override_alias="mail.$domain"
+    fi
+
     cat $MAILTPL/$1/$2 | \
         sed -e "s|%ip%|$local_ip|g" \
             -e "s|%domain%|$WEBMAIL_ALIAS.$domain|g" \
             -e "s|%domain_idn%|$domain_idn|g" \
             -e "s|%root_domain%|$domain|g" \
-            -e "s|%alias%|mail.$domain|g" \
+            -e "s|%alias%|$override_alias|g" \
             -e "s|%alias_idn%|${aliases_idn//,/ }|g" \
             -e "s|%alias_string%|$alias_string|g" \
             -e "s|%email%|info@$domain|g" \

install/deb/dovecot/conf.d/10-ssl.conf

@@ -1,5 +1,13 @@
 ssl = yes
 ssl_protocols = !SSLv3 !TLSv1
+ssl_prefer_server_ciphers = yes
+ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
 
 ssl_cert = </usr/local/hestia/ssl/certificate.crt
 ssl_key = </usr/local/hestia/ssl/certificate.key
+
+# From and up to version 2.2
+ssl_dh_parameters_length = 4096
+
+# From version 2.3
+#ssl_dh = </etc/ssl/dhparam.pem

install/deb/nginx/webmail.inc

@@ -1,7 +1,8 @@
 location /webmail {
     alias /var/lib/roundcube/;
 
-    location ~ /(config|temp|logs) {
+    location ~ /(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING) {
+        deny all;
         return 404;
     }
 

install/deb/ssl/dhparam.pem

@@ -1,13 +1,13 @@
 -----BEGIN DH PARAMETERS-----
-MIICCAKCAgEA+tQGpIebOZgTRfzeJO8V08AKJxjIEPl+ks2s0kVcYEYn7XhoqV9p
-vMxYxSz+3gavaKD42tbxbru01MZhi6PAhvWZn1pUgdUFTDPv6Suq/zQuNvxEx/p4
-/TvfQ+6IqWcPFjGZb6lmnR4v592joEmTaps6Uqv2PDqCgZoeLDqVSsqWRotFbFWa
-mHCFU/5RsSyUAPhuH9lk0UOnK+rkQulppZsAKNLMUBSoNGg+OjYbvcRq8WMQIx8H
-Or8i9lZa12UFfr3ui5I7Y29aARh4M8WTtWKAxoDp6N8ENT3hXqgEm4cIVmHOgFDZ
-SvWvsV/6ghDpYIOgiatKauQPd2wXkZ/95yeO2JxyYS9rGK4a10QICsB/Jj5j/1i8
-yimrllUs5UW8BjmkRTYQPFtvZzrYUoSohSazz7r5Q7/K/Nh40Tb+SgGvQqMxTolL
-nTR2kP8DDpTIar/E2B1fDM+yk07hMmKlTOP+nFmJtcq61rM79kQfpsG4mxIX2sxR
-el6qP5ng8NQG648aL9OnaUgisLpz1ll6cL7rXHExxEiFgb667F+uKVYJ31d0KyBE
-6zrb7iIr5l1q+/vIxIu3QvOfH43+lAV/XHaNP1YvrCkTmkihBAeHt74x5uZRalg3
-3qci/XOL0h6i5YW3s7Yem1tqy04P2XYVfmfr4KzzNjOFAQwADKm7G3sCAQI=
------END DH PARAMETERS-----
+MIICCAKCAgEA7N3ZOcXgACR0Rat9G/7h8krD7ysVvmEmvAdg8o5l7eKVdtp/QSNK
+anF0JyInJMBEgq05GY7YwvFovglJL73T/eEjTK3qPU6eHzxNGKfR0pM6rnAb+EXL
+dSNJm3Xz9wH4IKn6OJ3nD9aLmBVI5FlIMV1R4QKX3sIWUxRqRSQIzjNQTnY1e/Pk
+BT/ZrUUF7fPPVbg0nPD8Y48ISr7pB6M14Kr66cggGIqUVdBdkPYyt4RpFWR1n3Tv
+rz1j0U+UoVnan2FgGsSiSFT9I/CiIxgC/SrdwxZLUgbAiKsnw9H7nGW92C4cRqY0
+2eKMVNEBk32GSPQXaA+Q5TILyzxuwDbXMxHMxnUVKQGFEcXjWXXyiv7tLAeu68Do
+j5iNFOHbDp17SftnxYHi2vTsYk+9K6Pzc+NmUgibM52Rs92PPYd++HcgMeGrYcqi
+temHP2jPtAymixch0wdqBMgeGTb29w51LR0BAU6D6BeR25pkZvPUag3bb6SU1Oli
+E15DDWh3UnmfTw2M9W1uxlzQAlXOLL6/ZWuvwyqhCY6X7tIONtSgdYGjtiTFaPJp
+ZBdOOrblodLxSu0ObR59SFjv8Pz3sTw4xiRFTG3lFtuIVHdBUbtJHR+2p4fHy/JG
+Ccs+Z1KrmJfEzSMzKwfvZYJ526demNulglFBbcQV06ehqjc6MCG3HnMCAQI=
+-----END DH PARAMETERS-----

install/deb/templates/mail/nginx/default.stpl

@@ -1,13 +1,16 @@
 server {
     listen      %ip%:%proxy_ssl_port% ssl http2;
     server_name %domain% %alias%;
-    ssl_certificate     %ssl_pem%;
-    ssl_certificate_key %ssl_key%;
     root        /var/lib/roundcube;
     index       index.php index.html index.htm;
     access_log /var/log/nginx/domains/%domain%.log combined;
     error_log  /var/log/nginx/domains/%domain%.error.log error;
 
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
     location ~ /\.(?!well-known\/) {
         deny all;
         return 404;

install/deb/templates/mail/nginx/web_system.stpl

@@ -1,13 +1,16 @@
 server {
     listen      %ip%:%web_ssl_port% ssl http2;
     server_name %domain% %alias%;
-    ssl_certificate     %ssl_pem%;
-    ssl_certificate_key %ssl_key%;
     root        /var/lib/roundcube;
     index       index.php index.html index.htm;
     access_log /var/log/nginx/domains/%domain%.log combined;
     error_log  /var/log/nginx/domains/%domain%.error.log error;
 
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    
     location ~ /\.(?!well-known\/) {
         deny all;
         return 404;

install/deb/templates/web/webalizer/webalizer.tpl

@@ -1,110 +0,0 @@
-HostName         %domain_idn%
-LogFile          /var/log/%web_system%/domains/%domain%.log
-OutputDir        %home%/%user%/web/%domain%/stats
-HistoryName      %home%/%user%/web/%domain%/stats/%domain%.hist
-Incremental      yes
-IncrementalName  %home%/%user%/web/%domain%/stats/%domain%.current
-PageType         htm*
-PageType         cgi
-PageType         php
-PageType         shtml
-DNSCache         /var/lib/webalizer/dns_cache.db
-DNSChildren      10
-Quiet            yes
-FoldSeqErr       yes
-IndexAlias       index.php
-HideURL          *.gif
-HideURL          *.GIF
-HideURL          *.jpg
-HideURL          *.JPG
-HideURL          *.png
-HideURL          *.PNG
-HideURL          *.ra
-SearchEngine     abcsearch.          terms=
-SearchEngine     alexa.              q=
-SearchEngine     alltheweb.          q=
-SearchEngine     alltheweb.          query=
-SearchEngine     alot.               q=
-SearchEngine     altavista.          q=
-SearchEngine     aolsearch.          query=
-SearchEngine     aport.ru            r=
-SearchEngine     ask.                q=
-SearchEngine     atlas.cz            q=
-SearchEngine     bbc.                q=
-SearchEngine     bing.               q=
-SearchEngine     blingo.             q=
-SearchEngine     blogs.yandex.ru     text=
-SearchEngine     btopenworld         query=
-SearchEngine     buscador.ya.com     q=
-SearchEngine     busca.              q=
-SearchEngine     business.           query=
-SearchEngine     centrum.cz          q=
-SearchEngine     chiff.              q=
-SearchEngine     clusty.             query=
-SearchEngine     comcast.            q=
-SearchEngine     crawler.            q=
-SearchEngine     cuil.               q=
-SearchEngine     dmoz.               search=
-SearchEngine     dogpile.com         q=
-SearchEngine     dpxml               qkw=
-SearchEngine     eureka.             searchword=
-SearchEngine     euroseek.           string=
-SearchEngine     exalead.            q=
-SearchEngine     excite              search=
-SearchEngine     ezilon.             q=
-SearchEngine     fastbrowsersearch.  q=
-SearchEngine     feedster.com        q=
-SearchEngine     fireball.de         q=
-SearchEngine     fireball.           keyword=
-SearchEngine     freeserve.          q=
-SearchEngine     gigablast.          q=
-SearchEngine     gogo.ru             q=
-SearchEngine     go.mail.ru          q=
-SearchEngine     google.             q=
-SearchEngine     hakia.              q=
-SearchEngine     hotbot.             query=
-SearchEngine     infoseek.           qt=
-SearchEngine     iwon                searchfor=
-SearchEngine     ixquick.com         query=
-SearchEngine     joeant.             keywords=
-SearchEngine     jyxo.cz             s=
-SearchEngine     looksmart.          key=
-SearchEngine     lycos.              query=
-SearchEngine     mamma.              q=
-SearchEngine     metacrawler         q=
-SearchEngine     msn.                MT=
-SearchEngine     msxml               qkw=
-SearchEngine     mysearch.           searchfor=
-SearchEngine     mywebsearch.        searchfor=
-SearchEngine     netscape.           q=
-SearchEngine     nigma.ru            q=
-SearchEngine     northernlight.      qr=
-SearchEngine     ntlworld.           q=
-SearchEngine     orange.             q=
-SearchEngine     overture.           Keywords=
-SearchEngine     punto.ru            text=
-SearchEngine     rambler.            keyword=
-SearchEngine     search.aol.         q=
-SearchEngine     search.babylon.     q=
-SearchEngine     search.centrum.     phrase=
-SearchEngine     search.conduit.     q=
-SearchEngine     search.earthlink    q=
-SearchEngine     search.icq.         q=
-SearchEngine     search.live.com     q=
-SearchEngine     search.rambler.ru   words=
-SearchEngine     search.winamp.      q=
-SearchEngine     searchy.            q=
-SearchEngine     seznam.cz           w=
-SearchEngine     snap.               query=
-SearchEngine     teoma.              q=
-SearchEngine     teradex.com         q=
-SearchEngine     ukplus              key=
-SearchEngine     verizon.            q=
-SearchEngine     virginmedia.        q=
-SearchEngine     voila.              rdata=
-SearchEngine     webcrawler          searchText=
-SearchEngine     web.search.naver.   query=
-SearchEngine     wisenut             q=
-SearchEngine     yahoo.              p=
-SearchEngine     yandex.             text=
-SearchEngine     yodao.              q=

install/deb/vsftpd/vsftpd.conf

@@ -32,7 +32,7 @@ ssl_enable=YES
 allow_anon_ssl=NO
 require_ssl_reuse=NO
 ssl_ciphers=HIGH
-ssl_tlsv1=YES
+ssl_tlsv1=NO
 ssl_sslv2=NO
 ssl_sslv3=NO
 force_local_data_ssl=NO

install/hst-install-debian.sh

@@ -412,9 +412,9 @@ echo ' |  _  |  __/\__ \ |_| | (_| | |___|  __/ '
 echo ' |_| |_|\___||___/\__|_|\__,_|\____|_|    '
 echo
 echo '                      Hestia Control Panel'
-echo '                                    v1.0.1'
+echo '                                    v1.0.2'
 echo -e "\n"
-echo "=============================================================================="
+echo "===================================================================="
 echo -e "\n"
 echo 'The following server components will be installed on your system:'
 echo
@@ -480,13 +480,13 @@ fi
 
 # Firewall stack
 if [ "$iptables" = 'yes' ]; then
-    echo -n '   - Iptables Firewall'
+    echo -n '   - Firewall (Iptables)'
 fi
 if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
     echo -n ' + Fail2Ban Access Monitor'
 fi
 echo -e "\n"
-echo "=============================================================================="
+echo "===================================================================="
 echo -e "\n"
 
 # Asking for confirmation to proceed
@@ -563,24 +563,6 @@ fi
 #                   Install repository                     #
 #----------------------------------------------------------#
 
-# Updating system
-echo -ne "Updating currently installed packages, please wait... "
-apt-get -y upgrade >> $LOG &
-BACK_PID=$!
-
-# Check if package installation is done, print a spinner
-spin_i=1
-while kill -0 $BACK_PID > /dev/null 2>&1 ; do
-    printf "\b${spinner:spin_i++%${#spinner}:1}"
-    sleep 0.5
-done
-
-# Do a blank echo to get the \n back
-echo
-
-# Check Installation result
-check_result $? 'apt-get upgrade failed'
-
 # Define apt conf location
 apt=/etc/apt/sources.list.d
 
@@ -638,6 +620,25 @@ wget --quiet https://gpg.hestiacp.com/deb_signing.key -O /tmp/deb_signing.key
 APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/deb_signing.key > /dev/null 2>&1
 echo
 
+# Updating system
+echo -ne "Updating currently installed packages, please wait... "
+apt-get -y upgrade >> $LOG &
+BACK_PID=$!
+
+# Check if package installation is done, print a spinner
+spin_i=1
+while kill -0 $BACK_PID > /dev/null 2>&1 ; do
+    printf "\b${spinner:spin_i++%${#spinner}:1}"
+    sleep 0.5
+done
+
+# Do a blank echo to get the \n back
+echo
+
+# Check Installation result
+check_result $? 'apt-get upgrade failed'
+
+
 #----------------------------------------------------------#
 #                         Backup                           #
 #----------------------------------------------------------#
@@ -1094,12 +1095,19 @@ echo "BACKUP_SYSTEM='local'" >> $HESTIA/conf/hestia.conf
 echo "LANGUAGE='$lang'" >> $HESTIA/conf/hestia.conf
 
 # Version & Release Branch
-echo "VERSION='1.0.1'" >> $HESTIA/conf/hestia.conf
+echo "VERSION='1.0.2'" >> $HESTIA/conf/hestia.conf
 echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf
 
 # Installing hosting packages
 cp -rf $hestiacp/packages $HESTIA/data/
 
+# Update nameservers in hosting package
+IFS='.' read -r -a domain_elements <<< "$servername"
+if [ ! -z "${domain_elements[-2]}" ] && [ ! -z "${domain_elements[-1]}" ]; then
+    serverdomain="${domain_elements[-2]}.${domain_elements[-1]}"
+    sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg
+fi
+
 # Installing templates
 cp -rf $hestiacp/templates $HESTIA/data/
 
@@ -1127,7 +1135,7 @@ key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
 key_end=$(grep -n  "END RSA" /tmp/hst.pem |cut -f 1 -d:)
 
 # Adding SSL certificate
-echo "Add ssl certificate to Hestia"
+echo "(*) Adding SSL certificate to Hestia Control Panel..."
 cd $HESTIA/ssl
 sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
 sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
@@ -1135,6 +1143,8 @@ chown root:mail $HESTIA/ssl/*
 chmod 660 $HESTIA/ssl/*
 rm /tmp/hst.pem
 
+# Install dhparam.pem
+cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
 
 #----------------------------------------------------------#
 #                     Configure Nginx                      #
@@ -1172,9 +1182,6 @@ if [ "$nginx" = 'yes' ]; then
         check_result $? "php$fpm_v-fpm start failed"
     fi
 
-    # Install dhparam.
-    cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
-
     # Update dns servers in nginx.conf
     dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
     for ip in $dns_resolver; do
@@ -1184,6 +1191,7 @@ if [ "$nginx" = 'yes' ]; then
     done
     if [ ! -z "$resolver" ]; then
         sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
     fi
 
     update-rc.d nginx defaults > /dev/null 2>&1
@@ -1767,9 +1775,6 @@ fi
 $HESTIA/bin/v-add-web-domain admin $servername
 check_result $? "can't create $servername domain"
 
-# Enable automatic updates
-$HESTIA/bin/v-add-cron-hestia-autoupdate
-
 # Adding cron jobs
 command="sudo $HESTIA/bin/v-update-sys-queue disk"
 $HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
@@ -1785,6 +1790,9 @@ command="sudo $HESTIA/bin/v-update-user-stats"
 $HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
 command="sudo $HESTIA/bin/v-update-sys-rrd"
 $HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
+
+# Enable automatic updates
+$HESTIA/bin/v-add-cron-hestia-autoupdate
 service cron restart
 
 # Building initital rrd images
@@ -1816,7 +1824,7 @@ if [ "$host_ip" = "$ip" ]; then
 fi
 
 echo -e "\n"
-echo "=============================================================================="
+echo "===================================================================="
 echo -e "\n"
 
 # Sending notification to admin email

install/hst-install-ubuntu.sh

@@ -390,9 +390,9 @@ echo ' |  _  |  __/\__ \ |_| | (_| | |___|  __/ '
 echo ' |_| |_|\___||___/\__|_|\__,_|\____|_|    '
 echo
 echo '                      Hestia Control Panel'
-echo '                                    v1.0.1'
+echo '                                    v1.0.2'
 echo -e "\n"
-echo "=============================================================================="
+echo "===================================================================="
 echo -e "\n"
 echo 'The following server components will be installed on your system:'
 echo
@@ -458,13 +458,13 @@ fi
 
 # Firewall stack
 if [ "$iptables" = 'yes' ]; then
-    echo -n '   - Iptables Firewall'
+    echo -n '   - Firewall (Iptables)'
 fi
 if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
     echo -n ' + Fail2Ban Access Monitor'
 fi
 echo -e "\n"
-echo "=============================================================================="
+echo "===================================================================="
 echo -e "\n"
 
 # Asking for confirmation to proceed
@@ -541,24 +541,6 @@ fi
 #                   Install repository                     #
 #----------------------------------------------------------#
 
-# Updating system
-echo -ne "Updating currently installed packages, please wait... "
-apt-get -y upgrade >> $LOG &
-BACK_PID=$!
-
-# Check if package installation is done, print a spinner
-spin_i=1
-while kill -0 $BACK_PID > /dev/null 2>&1 ; do
-    printf "\b${spinner:spin_i++%${#spinner}:1}"
-    sleep 0.5
-done
-
-# Do a blank echo to get the \n back
-echo
-
-# Check Installation result
-check_result $? 'apt-get upgrade failed'
-
 # Define apt conf location
 apt=/etc/apt/sources.list.d
 
@@ -598,6 +580,25 @@ wget --quiet https://gpg.hestiacp.com/deb_signing.key -O /tmp/deb_signing.key
 APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add /tmp/deb_signing.key > /dev/null 2>&1
 echo
 
+# Updating system
+echo -ne "Updating currently installed packages, please wait... "
+apt-get -y upgrade >> $LOG &
+BACK_PID=$!
+
+# Check if package installation is done, print a spinner
+spin_i=1
+while kill -0 $BACK_PID > /dev/null 2>&1 ; do
+    printf "\b${spinner:spin_i++%${#spinner}:1}"
+    sleep 0.5
+done
+
+# Do a blank echo to get the \n back
+echo
+
+# Check Installation result
+check_result $? 'apt-get upgrade failed'
+
+
 #----------------------------------------------------------#
 #                         Backup                           #
 #----------------------------------------------------------#
@@ -609,56 +610,56 @@ mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd
 mkdir spamassassin mysql postgresql hestia
 
 # Backup nginx configuration
-service nginx stop > /dev/null 2>&1
+systemctl stop nginx > /dev/null 2>&1
 cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1
 
 # Backup Apache configuration
-service apache2 stop > /dev/null 2>&1
+systemctl stop apache2 > /dev/null 2>&1
 cp -r /etc/apache2/* $hst_backups/apache2 > /dev/null 2>&1
 rm -f /etc/apache2/conf.d/* > /dev/null 2>&1
 
 # Backup PHP-FPM configuration
-service php*-fpm stop > /dev/null 2>&1
+systemctl stop php*-fpm > /dev/null 2>&1
 cp -r /etc/php/* $hst_backups/php/ > /dev/null 2>&1
 
 # Backup Bind configuration
-service bind9 stop > /dev/null 2>&1
+systemctl stop bind9 > /dev/null 2>&1
 cp -r /etc/bind/* $hst_backups/bind > /dev/null 2>&1
 
 # Backup Vsftpd configuration
-service vsftpd stop > /dev/null 2>&1
+systemctl stop vsftpd > /dev/null 2>&1
 cp /etc/vsftpd.conf $hst_backups/vsftpd > /dev/null 2>&1
 
 # Backup ProFTPD configuration
-service proftpd stop > /dev/null 2>&1
+systemctl stop proftpd > /dev/null 2>&1
 cp /etc/proftpd.conf $hst_backups/proftpd > /dev/null 2>&1
 
 # Backup Exim configuration
-service exim4 stop > /dev/null 2>&1
+systemctl stop exim4 > /dev/null 2>&1
 cp -r /etc/exim4/* $hst_backups/exim4 > /dev/null 2>&1
 
 # Backup ClamAV configuration
-service clamav-daemon stop > /dev/null 2>&1
+systemctl stop clamav-daemon > /dev/null 2>&1
 cp -r /etc/clamav/* $hst_backups/clamav > /dev/null 2>&1
 
 # Backup SpamAssassin configuration
-service spamassassin stop > /dev/null 2>&1
+systemctl stop spamassassin > /dev/null 2>&1
 cp -r /etc/spamassassin/* $hst_backups/spamassassin > /dev/null 2>&1
 
 # Backup Dovecot configuration
-service dovecot stop > /dev/null 2>&1
+systemctl stop dovecot > /dev/null 2>&1
 cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1
 cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1
 
 # Backup MySQL/MariaDB configuration and data
-service mysql stop > /dev/null 2>&1
+systemctl stop mysql > /dev/null 2>&1
 killall -9 mysqld > /dev/null 2>&1
 mv /var/lib/mysql $hst_backups/mysql/mysql_datadir > /dev/null 2>&1
 cp -r /etc/mysql/* $hst_backups/mysql > /dev/null 2>&1
 mv -f /root/.my.cnf $hst_backups/mysql > /dev/null 2>&1
 
 # Backup Hestia
-service hestia stop > /dev/null 2>&1
+systemctl stop hestia > /dev/null 2>&1
 cp -r $HESTIA/* $hst_backups/hestia > /dev/null 2>&1
 apt-get -y purge hestia hestia-nginx hestia-php > /dev/null 2>&1
 rm -rf $HESTIA > /dev/null 2>&1
@@ -904,7 +905,7 @@ if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
 fi
 
 # Restart SSH daemon
-service ssh restart
+systemctl restart ssh
 
 # Disable AWStats cron
 rm -f /etc/cron.d/awstats
@@ -1022,7 +1023,6 @@ fi
 # Mail stack
 if [ "$exim" = 'yes' ]; then
     echo "MAIL_SYSTEM='exim4'" >> $HESTIA/conf/hestia.conf
-    echo "WEBMAIL_ALIAS='webmail'" >> $HESTIA/conf/hestia.conf
     if [ "$clamd" = 'yes'  ]; then
         echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $HESTIA/conf/hestia.conf
     fi
@@ -1057,12 +1057,19 @@ echo "BACKUP_SYSTEM='local'" >> $HESTIA/conf/hestia.conf
 echo "LANGUAGE='$lang'" >> $HESTIA/conf/hestia.conf
 
 # Version & Release Branch
-echo "VERSION='1.0.1'" >> $HESTIA/conf/hestia.conf
+echo "VERSION='1.0.2'" >> $HESTIA/conf/hestia.conf
 echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf
 
 # Installing hosting packages
 cp -rf $hestiacp/packages $HESTIA/data/
 
+# Update nameservers in hosting package
+IFS='.' read -r -a domain_elements <<< "$servername"
+if [ ! -z "${domain_elements[-2]}" ] && [ ! -z "${domain_elements[-1]}" ]; then
+    serverdomain="${domain_elements[-2]}.${domain_elements[-1]}"
+    sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg
+fi
+
 # Installing templates
 cp -rf $hestiacp/templates $HESTIA/data/
 
@@ -1090,6 +1097,7 @@ key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
 key_end=$(grep -n  "END RSA" /tmp/hst.pem |cut -f 1 -d:)
 
 # Adding SSL certificate
+echo "(*) Adding SSL certificate to Hestia Control Panel..."
 cd $HESTIA/ssl
 sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
 sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
@@ -1102,6 +1110,8 @@ if [ -z "$(grep nologin /etc/shells)" ]; then
     echo "/usr/sbin/nologin" >> /etc/shells
 fi
 
+# Install dhparam.pem
+cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
 
 #----------------------------------------------------------#
 #                     Configure Nginx                      #
@@ -1135,13 +1145,10 @@ if [ "$nginx" = 'yes' ]; then
         ln -s $HESTIA/data/templates/web/nginx/PHP-$fpm_tpl.sh $HESTIA/data/templates/web/nginx/default.sh
         ln -s $HESTIA/data/templates/web/nginx/PHP-$fpm_tpl.tpl $HESTIA/data/templates/web/nginx/default.tpl
         ln -s $HESTIA/data/templates/web/nginx/PHP-$fpm_tpl.stpl $HESTIA/data/templates/web/nginx/default.stpl
-        service php$fpm_v-fpm start >> $LOG
+        systemctl start php$fpm_v-fpm >> $LOG
         check_result $? "php$fpm_v-fpm start failed"
     fi
 
-    # Install dhparam.
-    cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl
-
     # Update dns servers in nginx.conf
     dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
     for ip in $dns_resolver; do
@@ -1151,10 +1158,11 @@ if [ "$nginx" = 'yes' ]; then
     done
     if [ ! -z "$resolver" ]; then
         sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
     fi
 
     update-rc.d nginx defaults > /dev/null 2>&1
-    service nginx start >> $LOG
+    systemctl start nginx >> $LOG
     check_result $? "nginx start failed"
 fi
 
@@ -1199,11 +1207,11 @@ if [ "$apache" = 'yes' ]; then
     fi
 
     update-rc.d apache2 defaults > /dev/null 2>&1
-    service apache2 start >> $LOG
+    systemctl start apache2 >> $LOG
     check_result $? "apache2 start failed"
 else
     update-rc.d apache2 disable > /dev/null 2>&1
-    service apache2 stop > /dev/null 2>&1
+    systemctl stop apache2 > /dev/null 2>&1
 fi
 
 
@@ -1215,7 +1223,7 @@ if [ "$phpfpm" = 'yes' ]; then
     echo "(*) Configuring PHP-FPM..."
     cp -f $hestiacp/php-fpm/www.conf /etc/php/$fpm_v/fpm/pool.d/www.conf
     update-rc.d php$fpm_v-fpm defaults > /dev/null 2>&1
-    service php$fpm_v-fpm start >> $LOG
+    systemctl start php$fpm_v-fpm >> $LOG
     check_result $? "php-fpm start failed"
 fi
 
@@ -1255,7 +1263,7 @@ if [ "$vsftpd" = 'yes' ]; then
     chown root:adm /var/log/xferlog
     chmod 640 /var/log/xferlog
     update-rc.d vsftpd defaults
-    service vsftpd start
+    systemctl start vsftpd >> $LOG
     check_result $? "vsftpd start failed"
 
 fi
@@ -1270,7 +1278,7 @@ if [ "$proftpd" = 'yes' ]; then
     echo "127.0.0.1 $servername" >> /etc/hosts
     cp -f $hestiacp/proftpd/proftpd.conf /etc/proftpd/
     update-rc.d proftpd defaults > /dev/null 2>&1
-    service proftpd start >> $LOG
+    systemctl start proftpd >> $LOG
     check_result $? "proftpd start failed"
 fi
 
@@ -1294,7 +1302,7 @@ if [ "$mysql" = 'yes' ]; then
     mysql_install_db >> $LOG
 
     update-rc.d mysql defaults > /dev/null 2>&1
-    service mysql start >> $LOG
+    systemctl start mysql >> $LOG
     check_result $? "mariadb start failed"
 
     # Securing MariaDB installation
@@ -1362,7 +1370,7 @@ if [ "$postgresql" = 'yes' ]; then
     echo "(*) Configuring PostgreSQL database server..."
     ppass=$(gen_pass)
     cp -f $hestiacp/postgresql/pg_hba.conf /etc/postgresql/*/main/
-    service postgresql restart
+    systemctl restart postgresql
     sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'"
 
     # Configuring phpPgAdmin
@@ -1389,13 +1397,13 @@ if [ "$named" = 'yes' ]; then
     aa-complain /usr/sbin/named > /dev/null 2>&1
     echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
     if ! grep --quiet lxc /proc/1/environ; then
-        service apparmor status > /dev/null 2>&1
+        systemctl status apparmor > /dev/null 2>&1
         if [ $? -ne 0 ]; then
-            service apparmor restart
+            systemctl restart apparmor >> $LOG
         fi
     fi
     update-rc.d bind9 defaults
-    service bind9 start
+    systemctl start bind9
     check_result $? "bind9 start failed"
 
     # Workaround for OpenVZ/Virtuozzo
@@ -1431,12 +1439,12 @@ if [ "$exim" = 'yes' ]; then
     rm -f /etc/alternatives/mta
     ln -s /usr/sbin/exim4 /etc/alternatives/mta
     update-rc.d -f sendmail remove > /dev/null 2>&1
-    service sendmail stop > /dev/null 2>&1
+    systemctl stop sendmail > /dev/null 2>&1
     update-rc.d -f postfix remove > /dev/null 2>&1
-    service postfix stop > /dev/null 2>&1
+    systemctl stop postfix > /dev/null 2>&1
 
     update-rc.d exim4 defaults
-    service exim4 start
+    systemctl start exim4 >> $LOG
     check_result $? "exim4 start failed"
 fi
 
@@ -1455,7 +1463,7 @@ if [ "$dovecot" = 'yes' ]; then
     fi
     chown -R root:root /etc/dovecot*
     update-rc.d dovecot defaults
-    service dovecot start
+    systemctl start dovecot >> $LOG
     check_result $? "dovecot start failed"
 fi
 
@@ -1478,7 +1486,7 @@ if [ "$clamd" = 'yes' ]; then
         sleep 0.5
     done
     echo
-    service clamav-daemon start
+    systemctl start clamav-daemon >> $LOG
     check_result $? "clamav-daemon start failed"
 fi
 
@@ -1491,7 +1499,7 @@ if [ "$spamd" = 'yes' ]; then
     echo "(*) Configuring SpamAssassin..."
     update-rc.d spamassassin defaults > /dev/null 2>&1
     sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
-    service spamassassin start >> $LOG
+    systemctl start spamassassin >> $LOG
     check_result $? "spamassassin start failed"
     unit_files="$(systemctl list-unit-files |grep spamassassin)"
     if [[ "$unit_files" =~ "disabled" ]]; then
@@ -1540,10 +1548,10 @@ if [ "$dovecot" = 'yes' ] && [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
 
     # Restart services
     if [ "$apache" = 'yes' ]; then
-        service apache2 restart
+        systemctl restart apache2 >> $LOG
     fi
     if [ "$nginx" = 'yes' ]; then
-        service nginx restart
+        systemctl restart nginx >> $LOG
     fi
 fi
 
@@ -1575,7 +1583,7 @@ if [ "$fail2ban" = 'yes' ]; then
         sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local
     fi
     update-rc.d fail2ban defaults
-    service fail2ban start
+    systemctl start fail2ban >> $LOG
     check_result $? "fail2ban start failed"
 fi
 
@@ -1662,9 +1670,6 @@ fi
 $HESTIA/bin/v-add-web-domain admin $servername
 check_result $? "can't create $servername domain"
 
-# Enable automatic updates
-$HESTIA/bin/v-add-cron-hestia-autoupdate
-
 # Adding cron jobs
 command="sudo $HESTIA/bin/v-update-sys-queue disk"
 $HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
@@ -1680,7 +1685,10 @@ command="sudo $HESTIA/bin/v-update-user-stats"
 $HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
 command="sudo $HESTIA/bin/v-update-sys-rrd"
 $HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
-service cron restart
+
+# Enable automatic updates
+$HESTIA/bin/v-add-cron-hestia-autoupdate
+systemctl restart cron
 
 # Building initital rrd images
 $HESTIA/bin/v-update-sys-rrd
@@ -1695,7 +1703,7 @@ $HESTIA/bin/v-change-sys-port $port
 
 # Starting Hestia service
 update-rc.d hestia defaults
-service hestia start
+systemctl start hestia
 check_result $? "hestia start failed"
 chown admin:admin $HESTIA/data/sessions
 
@@ -1711,7 +1719,7 @@ if [ "$host_ip" = "$ip" ]; then
 fi
 
 echo -e "\n"
-echo "=============================================================================="
+echo "===================================================================="
 echo -e "\n"
 
 # Sending notification to admin email

install/upgrade/restart.sh

@@ -15,7 +15,6 @@ for user in `ls /usr/local/hestia/data/users/`; do
 done
 
 echo "(*) Restarting services..."
-sleep 3
 if [ ! -z $MAIL_SYSTEM ]; then
     $BIN/v-restart-mail $restart
 fi
@@ -31,7 +30,6 @@ if [ ! -z $DNS_SYSTEM ]; then
 fi
 for v in `ls /etc/php/`; do
 	if [ -e /etc/php/$v/fpm ]; then
-		sleep 5
 		$BIN/v-restart-service php$v-fpm $restart
 	fi
 done

install/upgrade/version.sh

@@ -17,7 +17,7 @@ if [ $VERSION = "$version" ]; then
     source /usr/local/hestia/install/upgrade/versions/$version.sh
     VERSION="$version"
 fi
-if [ $VERSION = "0.9.8-27" ] || [ $VERSION = "0.9.8-28" ]; then
+if  [ $VERSION = "0.9.8-25" ] || [ $VERSION = "0.9.8-26" ] || [ $VERSION = "0.9.8-27" ] || [ $VERSION = "0.9.8-28" ]; then
     source /usr/local/hestia/install/upgrade/versions/0.9.8-29.sh
     VERSION="0.9.8-29"
 fi
@@ -26,6 +26,10 @@ if [ $VERSION = "0.9.8-29" ]; then
     VERSION="1.00.0-190618"
 fi
 if [ $VERSION = "0.10.00" ] || [ $VERSION = "1.00.0-190618" ] || [ $VERSION = "1.00.0-190621" ]; then
+    source /usr/local/hestia/install/upgrade/versions/1.0.1.sh
+    VERSION="1.0.1"
+fi
+if [ $VERSION = "1.0.1" ]; then
     source /usr/local/hestia/install/upgrade/versions/$version.sh
     VERSION="$version"
-fi
+fi

install/upgrade/versions/1.0.2.sh

@@ -0,0 +1,83 @@
+#!/bin/sh
+
+# Hestia Control Panel upgrade script for target version 1.0.2
+
+#######################################################################################
+#######                      Place additional commands below.                   #######
+#######################################################################################
+
+# Replace dhparam 1024 with dhparam 4096
+echo "(*) Increasing Diffie-Hellman Parameter strength to 4096-bit..."
+if [ -e /etc/ssl/dhparam.pem ]; then
+    mv /etc/ssl/dhparam.pem $HESTIA_BACKUP/conf/
+fi
+cp -f $HESTIA/install/deb/ssl/dhparam.pem /etc/ssl/
+chmod 600 /etc/ssl/dhparam.pem
+
+# Enhance Vsftpd security
+if [ "$FTP_SYSTEM" = "vsftpd" ]; then
+    echo "(*) Hardening Vsftpd SSL configuration..."
+    cp -f /etc/vsftpd.conf $HESTIA_BACKUP/conf/
+    sed -i "s|ssl_tlsv1=YES|ssl_tlsv1=NO|g" /etc/vsftpd.conf
+fi
+
+# Enhance Dovecot security
+if [ "$IMAP_SYSTEM" = "dovecot" ]; then
+    echo "(*) Hardening Dovecot SSL configuration..."
+    mv /etc/dovecot/conf.d/10-ssl.conf $HESTIA_BACKUP/conf/
+    cp -f $HESTIA/install/deb/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/
+fi
+
+# Update DNS resolvers in hestia-nginx's configuration
+echo "(*) Updating DNS resolvers for Hestia Internal Web Server..."
+dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
+for ip in $dns_resolver; do
+    if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+        resolver="$ip $resolver"
+    fi
+done
+if [ ! -z "$resolver" ]; then
+    sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+fi
+
+# Remove Webalizer and set AWStats as default
+WEBALIZER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep webalizer)
+if [ ! -z "$WEBALIZER_CHECK" ]; then
+    echo "(*) Removing Webalizer and setting AWStats as default web statistics backend..."
+    apt purge webalizer -y > /dev/null 2>&1
+    if [ -d "$HESTIA/data/templates/web/webalizer" ]; then
+        rm -rf $HESTIA/data/templates/web/webalizer
+    fi
+    if [ -d "/var/www/webalizer" ]; then
+        rm -rf /var/www/webalizer
+    fi
+    $HESTIA/bin/v-change-sys-config-value 'STATS_SYSTEM' 'awstats'
+fi
+
+# Remove old hestia.conf files from Apache & NGINX if they exist
+if [ -f "/etc/apache2/conf.d/hestia.conf" ]; then
+    echo "(*) Removing old Apache configuration file from previous version of Hestia Control Panel..."
+    rm -f /etc/apache2/conf.d/hestia.conf
+fi
+if [ -f "/etc/nginx/conf.d/hestia.conf" ]; then
+    echo "(*) Removing old NGINX configuration file from previous version of Hestia Control Panel..."
+    rm -f /etc/nginx/conf.d/hestia.conf
+fi
+
+# Update webmail templates to enable OCSP/SSL stapling
+if [ ! -z "$IMAP_SYSTEM" ]; then
+    echo "(*) Enabling OCSP stapling support for webmail services..."
+    $BIN/v-update-mail-templates > /dev/null 2>&1
+fi 
+
+# Enhance webmail security
+cp -f /etc/nginx/conf.d/webmail.inc $HESTIA_BACKUP/conf/
+echo "(*) Hardening security of Roundcube webmail..."
+sed -i "s/config|temp|logs/README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING/g" /etc/nginx/conf.d/webmail.inc
+
+# Reduce SSH login grace time
+if [ -e /etc/ssh/sshd_config ]; then
+    echo "(*) Hardening SSH daemon configuration..."
+    sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+    sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
+fi

install/upgrade/versions/1.00.0-190618.sh

@@ -17,19 +17,19 @@ fi
 # Update Apache and Nginx configuration to support new file structure
 if [ -f /etc/apache2/apache.conf ]; then
     echo "(*) Updating Apache configuration..."
-    mv  /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
+    mv /etc/apache2/apache.conf $HESTIA_BACKUP/conf/
     cp -f $HESTIA/install/deb/apache2/apache.conf /etc/apache2/apache.conf
 fi
 if [ -f /etc/nginx/nginx.conf ]; then
     echo "(*) Updating NGINX configuration..."
-    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
+    mv /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
     cp -f $HESTIA/install/deb/nginx/nginx.conf /etc/nginx/nginx.conf
 fi
 
 # Generate dhparam
 if [ ! -e /etc/ssl/dhparam.pem ]; then
     echo "(*) Enabling HTTPS Strict Transport Security (HSTS) support..."
-    mv  /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
+    mv /etc/nginx/nginx.conf $HESTIA_BACKUP/conf/
     cp -f $hestiacp/nginx/nginx.conf /etc/nginx/
 
     # Copy dhparam
@@ -50,9 +50,9 @@ fi
 if [ -d $HESTIA/data/templates/ ]; then
     echo "(*) Replacing default Web, DNS, and Mail templates..."
     cp -rf $HESTIA/data/templates $HESTIA_BACKUP/templates/
-    $HESTIA/bin/v-update-web-templates >/dev/null 2>&1
-    $HESTIA/bin/v-update-dns-templates >/dev/null 2>&1
-	$HESTIA/bin/v-update-mail-templates >/dev/null 2>&1
+    $HESTIA/bin/v-update-web-templates > /dev/null 2>&1
+    $HESTIA/bin/v-update-dns-templates > /dev/null 2>&1
+    $HESTIA/bin/v-update-mail-templates > /dev/null 2>&1
 fi
 
 # Remove old Office 365 template as there is a newer version with an updated name
@@ -213,11 +213,11 @@ fi
 # Fix Dovecot configuration
 echo "(*) Updating Dovecot IMAP/POP server configuration..."
 if [ -f /etc/dovecot/conf.d/15-mailboxes.conf ]; then
-    mv  /etc/dovecot/conf.d/15-mailboxes.conf $HESTIA_BACKUP/conf/
+    mv /etc/dovecot/conf.d/15-mailboxes.conf $HESTIA_BACKUP/conf/
 fi
 if [ -f /etc/dovecot/dovecot.conf ]; then
     # Update Dovecot configuration and restart Dovecot service
-    mv  /etc/dovecot/dovecot.conf $HESTIA_BACKUP/conf/
+    mv /etc/dovecot/dovecot.conf $HESTIA_BACKUP/conf/
     cp -f $HESTIA/install/deb/dovecot/dovecot.conf /etc/dovecot/dovecot.conf
     systemctl restart dovecot
     sleep 0.5
@@ -226,7 +226,7 @@ fi
 # Fix Exim configuration
 if [ -f /etc/exim4/exim4.conf.template ]; then
     echo "(*) Updating Exim SMTP server configuration..."
-    mv  /etc/exim4/exim4.conf.template $HESTIA_BACKUP/conf/
+    mv /etc/exim4/exim4.conf.template $HESTIA_BACKUP/conf/
     cp -f $HESTIA/install/deb/exim/exim4.conf.template /etc/exim4/exim4.conf.template
     # Reconfigure spam filter and virus scanning
     if [ ! -z "$ANTISPAM_SYSTEM" ]; then
@@ -246,14 +246,6 @@ if [ -z "$IMAP_SYSTEM" ]; then
     fi
 fi
 
-# Remove Webalizer and set AWStats as default
-WEBALIAZER_CHECK=$(cat $HESTIA/conf/hestia.conf | grep webalizer)
-if [ ! -z "$WEBALIZER_CHECK" ]; then
-    echo "(*) Removing Webalizer and setting AWStats as default web statistics backend..."
-    apt purge webalizer -y > /dev/null 2>&1
-    sed -i "s/STATS_SYSTEM='webalizer,awstats'/STATS_SYSTEM='awstats'/g" $HESTIA/conf/hestia.conf
-fi
-
 # Run sftp jail once
 $HESTIA/bin/v-add-sys-sftp-jail
 

src/deb/hestia/control

@@ -1,7 +1,7 @@
 Source: hestia
 Package: hestia
 Priority: optional
-Version: 1.0.1
+Version: 1.0.2
 Section: admin
 Maintainer: HestiaCP <[email protected]>
 Homepage: https://www.hestiacp.com

src/deb/nginx/control

@@ -1,7 +1,7 @@
 Source: hestia-nginx
 Package: hestia-nginx
 Priority: optional
-Version: 1.16.0
+Version: 1.17.1
 Section: admin
 Maintainer: HestiaCP <[email protected]>
 Homepage: https://www.hestiacp.com

src/deb/nginx/nginx.conf

@@ -82,8 +82,16 @@ http {
     ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+    ssl_dhparam         /etc/ssl/dhparam.pem;
+    ssl_ecdh_curve      secp384r1;
+    ssl_session_tickets off;
+    resolver 1.0.0.1 1.1.1.1 valid=300s ipv6=off;
+    resolver_timeout    5s;
+    ssl_stapling on;
+    ssl_stapling_verify on;
     add_header          X-Frame-Options SAMEORIGIN;
     add_header          X-Content-Type-Options nosniff;
+    add_header          X-XSS-Protection "1; mode=block";
 
     # Vhost
     server {

src/hst_autocompile.sh

@@ -86,11 +86,11 @@ fi
 
 BUILD_ARCH='amd64'
 HESTIA_V="${BUILD_VER}_${BUILD_ARCH}"
-NGINX_V='1.17.0'
+NGINX_V=$(curl -s https://raw.githubusercontent.com/hestiacp/hestiacp/$branch/src/deb/nginx/control |grep "Version:" |cut -d' ' -f2)
 OPENSSL_V='1.1.1b'
 PCRE_V='8.43'
 ZLIB_V='1.2.11'
-PHP_V='7.3.6'
+PHP_V=$(curl -s https://raw.githubusercontent.com/hestiacp/hestiacp/$branch/src/deb/php/control |grep "Version:" |cut -d' ' -f2)
 
 # Create build directories
 rm -rf $BUILD_DIR
@@ -182,6 +182,8 @@ PCRE='https://ftp.pcre.org/pub/pcre/pcre-'$PCRE_V'.tar.gz'
 ZLIB='https://www.zlib.net/zlib-'$ZLIB_V'.tar.gz'
 PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz'
 
+# Forward slashes in branchname are replaced with dashes to match foldername in github archive.
+branch=$(echo "$branch" |sed 's/\//-/g');
 
 #################################################################################
 #

web/bulk/db/index.php

@@ -17,6 +17,8 @@ $action = $_POST['action'];
 
 if ($_SESSION['user'] == 'admin') {
     switch ($action) {
+        case 'rebuild': $cmd='v-rebuild-web-domain';
+            break;
         case 'delete': $cmd='v-delete-database';
             break;
         case 'suspend': $cmd='v-suspend-database';

web/bulk/dns/index.php

@@ -19,6 +19,8 @@ $action = $_POST['action'];
 if ($_SESSION['user'] == 'admin') {
     if (empty($record)) {
         switch ($action) {
+            case 'rebuild': $cmd='v-rebuild-dns-domain';
+                break;
             case 'delete': $cmd='v-delete-dns-domain';
                 break;
             case 'suspend': $cmd='v-suspend-dns-domain';

web/bulk/mail/index.php

@@ -19,6 +19,8 @@ $action = $_POST['action'];
 if ($_SESSION['user'] == 'admin') {
     if (empty($account)) {
         switch ($action) {
+            case 'rebuild': $cmd='v-rebuild-mail-domain';
+                break;
             case 'delete': $cmd='v-delete-mail-domain';
                 break;
             case 'suspend': $cmd='v-suspend-mail-domain';

web/bulk/web/index.php

@@ -19,6 +19,8 @@ if ($_SESSION['user'] == 'admin') {
     switch ($action) {
         case 'delete': $cmd='v-delete-web-domain';
             break;
+        case 'rebuild': $cmd='v-rebuild-web-domain';
+            break;
         case 'suspend': $cmd='v-suspend-web-domain';
             break;
         case 'unsuspend': $cmd='v-unsuspend-web-domain';

web/css/styles.min.css

@@ -1008,11 +1008,12 @@ a {
 }
 
 .notification-container {
-  background-color: rgba(0,0,0,0.90);
+  background-color: rgba(255,255,255,0.95);
   box-shadow: 0 3px 30px 0 rgba(0, 0, 0, 0.5);
   list-style-type: none;
   margin: 0 27px;
-  overflow: hidden;
+  max-height: 90%;
+  overflow-y: auto;
   padding-left: 0;
   position: fixed;
   top: 34px;
@@ -1020,7 +1021,7 @@ a {
   z-index: 300;
   font-size: 0.8rem;
   padding: 0;
-  color: #e9e9e9;
+  color: #6f6f6f;
   border-bottom-left-radius: 6px;
   border-bottom-right-radius: 6px;
   border: 1px solid #fff;
@@ -1028,11 +1029,11 @@ a {
 }
 
 .notification-container .unseen {
-  color: #e7e7e7;
+  color: #6f6f6f;
 }
 
 .notification-container li {
-  border-bottom: 1px solid #4b4b4b;
+  border-bottom: 1px solid #e9e4e4;
   padding: 20px;
 }
 
@@ -1102,6 +1103,11 @@ a {
   width: 21px;
 }
 
+.notification-container .time {
+  float: right;
+  margin-top: 1rem;
+  font-size: 0.7rem;
+}
 
 
 .l-stat {
@@ -1203,7 +1209,7 @@ a {
 }
 
 div.l-content > div.l-separator:nth-of-type(2) {
-  margin-top: 178px;
+  margin-top: 180px;
   width: 100%;
   position: fixed;
   z-index: 120;
@@ -3404,6 +3410,9 @@ form#vstobjects.suspended {
 .shortcuts .close:active {
   background-color: #55c9c0;
 }
+.shortcuts .close .fas {
+  font-size: 1.3rem;
+}
 .shortcuts ul {
   list-style-type: none;
   padding: 30px 20px;

web/edit/web/index.php

@@ -61,6 +61,7 @@ if (!empty($v_ssl)) {
     $v_ssl_pub_key = $ssl_str[$v_domain]['PUB_KEY'];
     $v_ssl_issuer = $ssl_str[$v_domain]['ISSUER'];
     $v_ssl_forcessl = $data[$v_domain]['SSL_FORCE'];
+    $v_ssl_hsts = $data[$v_domain]['SSL_HSTS'];
 }
 $v_letsencrypt = $data[$v_domain]['LETSENCRYPT'];
 if (empty($v_letsencrypt)) $v_letsencrypt = 'no';
@@ -372,6 +373,7 @@ if (!empty($_POST['save'])) {
         $v_ssl_ca = '';
         $v_ssl = 'no';
         $v_ssl_forcessl = 'no';
+        $v_ssl_hsts = 'no';
         $restart_web = 'yes';
         $restart_proxy = 'yes';
     }
@@ -463,6 +465,14 @@ if (!empty($_POST['save'])) {
         unset($output);
         $v_ssl_forcessl = 'yes';
     }
+
+    // Add SSL HSTS
+    if ((!empty($_POST['v_ssl_hsts'])) && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) {
+        exec (HESTIA_CMD."v-add-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain), $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_ssl_hsts = 'yes';
+    }
     
     // Delete Force SSL
     if (( $v_ssl_forcessl == 'yes' ) && (empty($_POST['v_ssl_forcessl'])) && (empty($_SESSION['error_msg']))) {
@@ -472,6 +482,14 @@ if (!empty($_POST['save'])) {
         $v_ssl_forcessl = 'no';
     }
 
+    // Delete SSL HSTS
+    if (( $v_ssl_hsts == 'yes' ) && (empty($_POST['v_ssl_hsts'])) && (empty($_SESSION['error_msg']))) {
+        exec (HESTIA_CMD."v-delete-web-domain-ssl-hsts ".$user." ".escapeshellarg($v_domain)." yes", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_ssl_hsts = 'no';
+    }
+
     // Delete web stats
     if ((!empty($v_stats)) && ($_POST['v_stats'] == 'none') && (empty($_SESSION['error_msg']))) {
         exec (HESTIA_CMD."v-delete-web-domain-stats ".$v_username." ".escapeshellarg($v_domain), $output, $return_var);

web/inc/i18n/en.php

@@ -193,7 +193,8 @@ $LANG['en'] = array(
     'template'  => 'Template',
     'SSL Support'  => 'Enable SSL for this domain',
     'SSL Home Directory'  => 'SSL Home Directory',
-    'Force SSL/HTTPS' => 'Enforce HTTP-to-HTTPS redirection',
+    'Force SSL/HTTPS' => 'Enable automatic HTTP-to-HTTPS redirection',
+    'Enable SSL HSTS' => 'Enable HTTP Strict Transport Security (HSTS) <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank"><i class="fas fa-question-circle"></i></a>',
     'Lets Encrypt Support'  => 'Use Lets Encrypt to obtain SSL certificate',
     'Lets Encrypt'  => 'Lets Encrypt',
     'Your certificate will be automatically issued in 5 minutes' => 'Your SSL certificate will be automatically issued within 5 minutes',
@@ -753,7 +754,6 @@ $LANG['en'] = array(
     'Use SSL / TLS' => 'Use SSL / TLS',
     'No encryption' => 'No encryption',
     'Do not use encryption' => 'Do not use encryption',
-
     'maximum characters length, including prefix' => 'maximum %s characters in length (including prefix)',
 
     'Email Credentials' => 'Email Credentials',

web/js/app.js

@@ -1023,7 +1023,7 @@ hover_menu = function() {
         nav_context.css({'margin-top': '101px'});
         nav_a.find('ul').css({'visibility': 'hidden'});
         nav_main.css({'padding-top': '27px'});
-        sep_2.css({'box-shadow':'0 2px 6px 0 rgba(200, 200, 200, 0.35)'});
+        sep_2.css({'box-shadow':'0 5px 6px 0 rgba(200, 200, 200, 0.35)'});
     }
 
     if(st == 0){

web/js/events.js

@@ -416,6 +416,8 @@ VE.notifications.get_list = function(){
             tpl.set(':TYPE', elm.TYPE);
             tpl.set(':TOPIC', elm.TOPIC);
             tpl.set(':NOTICE', elm.NOTICE);
+            tpl.set(':TIME', elm.TIME);
+            tpl.set(':DATE', elm.DATE);
             acc.push(tpl.finalize());
         });
 

web/js/templates.js

@@ -9,6 +9,7 @@ App.Templates.html = {
                     '<li class="~!:UNSEEN~!"><span class="unselectable mark-seen" id="notification-~!:ID~!">&nbsp;</span>\
                         <span class="title"><span class="unselectable icon ~!:TYPE~!">&nbsp;</span>~!:TOPIC~!</span>\
                         ~!:NOTICE~!\
+                        <span class="time">~!:TIME~! ~!:DATE~!</span>\
                     </li>'
         ],
         notification_empty: [

web/templates/admin/add_web.html

@@ -82,14 +82,14 @@
                         <?php if ((isset($_SESSION['DNS_SYSTEM'])) && (!empty($_SESSION['DNS_SYSTEM']))) {?>	
                             <?php if($panel[$user]['DNS_DOMAINS'] != "0") { ?><tr>
                                 <td class="vst-text input-label">
-                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v_dns" <?php if (empty($v_dns)&&$panel[$user]['DNS_DOMAINS'] != "0") echo "checked=yes"; ?>> <?php print __('DNS Support');?></label>
+                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v_dns" <?php if (empty($v_dns)&&$panel[$user]['DNS_DOMAINS'] != "0") ?>> <?php print __('DNS Support');?></label>
                                 </td>
                             </tr><?php } ?>
                         <?php } ?>
                         <?php if ((isset($_SESSION['IMAP_SYSTEM'])) && (!empty($_SESSION['IMAP_SYSTEM']))) {?>		
                             <?php if($panel[$user]['MAIL_DOMAINS'] != "0") { ?><tr>
                                 <td class="vst-text input-label">
-                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v_mail" <?php if (empty($v_mail)&&$panel[$user]['MAIL_DOMAINS'] != "0") echo "checked=yes"; ?>> <?php print __('Mail Support');?></label>
+                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v_mail" <?php if (empty($v_mail)&&$panel[$user]['MAIL_DOMAINS'] != "0") ?>> <?php print __('Mail Support');?></label>
                                 </td>
                             </tr><?php } ?>
                         <?php } ?>

web/templates/admin/edit_web.html

@@ -251,6 +251,11 @@
                                               <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_forcessl" <?php if($v_ssl_forcessl == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_forcessl(this)"> <?php print __('Force SSL/HTTPS');?></label>
                                           </td>
                                       </tr>
+                                      <tr>
+                                          <td class="input-label vst-text">
+                                              <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_hsts" <?php if($v_ssl_hsts == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_hsts(this)"> <?php print __('Enable SSL HSTS');?></label>
+                                          </td>
+                                      </tr>
                                       <tr>
                                         <td class="input-label vst-text">
                                             <label><input type="checkbox" size="20" class="vst-checkbox" name="v_letsencrypt" <?php if($v_letsencrypt == 'yes' || $v_letencrypt == 'on') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_letsencrypt(this)"> <?php print __('Lets Encrypt Support');?></label>

web/templates/admin/list_db.html

@@ -59,6 +59,7 @@
                 <div class="l-select">
                   <select name="action" id="">
                     <option value=""><?=__('apply to selected')?></option>
+                    <option value="rebuild"><?=__('rebuild')?></option>
                     <option value="suspend"><?=__('suspend')?></option>
                     <option value="unsuspend"><?=__('unsuspend')?></option>
                     <option value="delete"><?=__('delete')?></option>

web/templates/admin/list_dns.html

@@ -30,6 +30,7 @@
                 <div class="l-select">
                   <select name="action" id="">
                     <option value=""><?=__('apply to selected')?></option>
+                    <option value="rebuild"><?=__('rebuild')?></option>
                     <option value="suspend"><?php print __('suspend');?></option>
                     <option value="unsuspend"><?php print __('unsuspend');?></option>
                     <option value="delete"><?php print __('delete');?></option>

web/templates/admin/list_dns_rec.html

@@ -81,7 +81,7 @@ v_unit_id="<?=$key?>" v_section="dns_rec">
                       <i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
                       <input type="hidden" name="delete_url" value="/delete/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>&token=<?=$_SESSION['token']?>" />
                       <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>">
-                        <p class="confirmation"><?=__('DELETE_DOMAIN_CONFIRMATION',$key)?></p>
+                        <p class="confirmation"><?=__('DELETE_RECORD_CONFIRMATION',$key)?></p>
                       </div>
                     </a>
                   </div>

web/templates/admin/list_ip.html

@@ -71,7 +71,8 @@ sort-owner="<?=$data[$key]['OWNER']?>" sort-star="<? if($_SESSION['favourites'][
               <div class="clearfix l-unit__stat-col--left super-compact">
                 <input id="check<?php echo $i ?>" class="ch-toggle" type="checkbox" name="ip[]" value="<?=$key?>">
               </div>
-              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/ip/?ip=<?=$key?>&token=<?=$_SESSION['token']?>" title="<?=__('Editing IP Address')?>"><?=$key?></a></b></div>
+              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/ip/?ip=<?=$key?>&token=<?=$_SESSION['token']?>" title="<?=__('Editing IP Address')?>"><?=$key?> <?php if (!empty($data[$key]['NAT'])) echo ' → ' . $data[$key]['NAT'] . ''; ?></a></b>
+              </div>
               <!-- START QUICK ACTION TOOLBAR AREA -->
               <div class="clearfix l-unit__stat-col--left compact text-right">
                     <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect">

web/templates/admin/list_mail.html

@@ -29,6 +29,7 @@
                 <div class="l-select">
                   <select name="action" id="">
                     <option value=""><?=__('apply to selected')?></option>
+                    <option value="rebuild"><?=__('rebuild')?></option>
                     <option value="suspend"><?=__('suspend')?></option>
                     <option value="unsuspend"><?=__('unsuspend')?></option>
                     <option value="delete"><?=__('delete')?></option>

web/templates/admin/list_user.html

@@ -100,7 +100,7 @@ sort-bandwidth="<?=$data[$key]['U_BANDWIDTH']?>" sort-disk="<?=$data[$key]['U_DI
           <div class="clearfix l-unit__stat-col--left super-compact">
             <input id="check<?=$i?>" class="ch-toggle" type="checkbox" name="user[]" value="<?=$key?>">
           </div>
-              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/user/?user=<?=$key?>&token=<?=$_SESSION['token']?>" title="<?=__('login as')?>"><?=$data[$key]['FNAME']?> <?=$data[$key]['LNAME']?> <span style="font-weight: normal !important;">(<?=$key?>)</span></b></a>
+              <div class="clearfix l-unit__stat-col--left wide-3"><b><a href="/edit/user/?user=<?=$key?>&token=<?=$_SESSION['token']?>" title="<?=__('login as')?>"><?=$key?> <span style="font-weight: normal !important;">(<?=$data[$key]['FNAME']?> <?=$data[$key]['LNAME']?>)</span></b></a>
                 <br />
                 <span style="font-size: 0.8rem;"><b><?=__('Email')?>:</b> <?=$data[$key]['CONTACT']?></span>
               </div>

web/templates/admin/list_web.html

@@ -30,6 +30,7 @@
                 <div class="l-select">
                   <select name="action">
                     <option value=""><?=__('apply to selected')?></option>
+                    <option value="rebuild"><?=__('rebuild')?></option>
                     <option value="suspend"><?=__('suspend')?></option>
                     <option value="unsuspend"><?=__('unsuspend')?></option>
                     <option value="delete"><?=__('delete')?></option>

web/templates/footer.html

@@ -7,7 +7,9 @@
   <div class="shortcuts animated fadeIn" style="display:none">
     <div class="header">
       <div class="title"><?=__('Shortcuts')?></div>
-      <div class="close"></div>
+      <div class="close text-center">
+        <i class="fas fa-times"></i>
+      </div>
 
     </div>
     <ul>

web/templates/login.html

@@ -93,7 +93,6 @@
                             <td colspan=2>
                                 <div class="login-bottom">
                                     <div style="height:20px"><?php if (isset($ERROR)) echo $ERROR ?></div>
-                                    <a class="hestiacp" href="https://www.hestiacp.com">v<?php echo $_SESSION['VERSION']; ?></a>
                                 </div>
                             </td>
                         </tr>

web/templates/user/edit_web.html

@@ -251,6 +251,11 @@
                                               <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_forcessl" <?php if($v_ssl_forcessl == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_forcessl(this)"> <?php print __('Force SSL/HTTPS');?></label>
                                           </td>
                                       </tr>
+                                      <tr>
+                                          <td class="input-label vst-text">
+                                              <label><input type="checkbox" size="20" class="vst-checkbox" name="v_ssl_hsts" <?php if($v_ssl_hsts == 'yes') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_hsts(this)"> <?php print __('Enable SSL HSTS');?></label>
+                                          </td>
+                                      </tr>
                                       <tr>
                                         <td class="input-label vst-text">
                                             <label><input type="checkbox" size="20" class="vst-checkbox" name="v_letsencrypt" <?php if($v_letsencrypt == 'yes' || $v_letencrypt == 'on') echo "checked=yes" ?> onclick="App.Actions.WEB.toggle_letsencrypt(this)"> <?php print __('Lets Encrypt Support');?></label>