Preliminary change to allow enable IPv6 during installation (#2544)

* Remove duplicate code in installer

* Update Cloudflare IP range

* Preliminary to allow enable IPv6 installation

Co-authored-by: Clark Chen <9372896+clarkchentw@users.noreply.github.com>

install/deb/apache2/status-ipv6.conf

@@ -0,0 +1,9 @@
+Listen 127.0.0.1:8081
+Listen [::1]:8081
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+    Allow from 127.0.0.1
+    Allow from [::1]
+</Location>

install/deb/nginx/nginx-ipv6.conf

@@ -0,0 +1,162 @@
+# Server globals
+user                    www-data;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log;
+pid                     /var/run/nginx.pid;
+
+include /etc/nginx/modules-enabled/*.conf;
+
+# Worker config
+events {
+        worker_connections  1024;
+        use                 epoll;
+        multi_accept        on;
+}
+
+http {
+    # Main settings
+    sendfile                        on;
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+    client_header_timeout           180s;
+    client_body_timeout             180s;
+    client_header_buffer_size       2k;
+    client_body_buffer_size         256k;
+    client_max_body_size            256m;
+    large_client_header_buffers     4 8k;
+    send_timeout                    60s;
+    keepalive_timeout               30s;
+    keepalive_requests              100000;
+    reset_timedout_connection       on;
+    server_tokens                   off;
+    server_name_in_redirect         off;
+    server_names_hash_max_size      512;
+    server_names_hash_bucket_size   512;
+    charset                         utf-8;
+
+    # FastCGI settings
+    fastcgi_buffers                 4 256k;
+    fastcgi_buffer_size             256k;
+    fastcgi_busy_buffers_size       256k;
+    fastcgi_temp_file_write_size    256k;
+    fastcgi_connect_timeout         30s;
+    fastcgi_read_timeout            300s;
+    fastcgi_send_timeout            180s;
+    fastcgi_cache_lock              on;
+    fastcgi_cache_lock_timeout      5s;
+    fastcgi_cache_background_update on;
+    fastcgi_cache_revalidate        on;
+    
+    # Proxy settings
+    proxy_redirect                  off;
+    proxy_set_header                Host $host;
+    proxy_set_header                X-Real-IP $remote_addr;
+    proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass_header               Set-Cookie;
+    proxy_buffers                   32 4k;
+    proxy_connect_timeout           30s;
+    proxy_read_timeout              300s;
+    proxy_send_timeout              180s;
+
+    # Log format
+    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
+                        '"$status" $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format  bytes   '$body_bytes_sent';
+    log_not_found off;
+    access_log off;
+
+    # Mime settings
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Compression
+    gzip                on;
+    gzip_static         on;
+    gzip_vary           on;
+    gzip_comp_level     6;
+    gzip_min_length     1024;
+    gzip_buffers        16 8k;
+    gzip_http_version   1.1;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
+    gzip_proxied        any;
+    gzip_disable        "MSIE [1-6]\.";
+
+    # Cloudflare https://www.cloudflare.com/ips
+    set_real_ip_from 173.245.48.0/20;
+    set_real_ip_from 103.21.244.0/22;
+    set_real_ip_from 103.22.200.0/22;
+    set_real_ip_from 103.31.4.0/22;
+    set_real_ip_from 141.101.64.0/18;
+    set_real_ip_from 108.162.192.0/18;
+    set_real_ip_from 190.93.240.0/20;
+    set_real_ip_from 188.114.96.0/20;
+    set_real_ip_from 197.234.240.0/22;
+    set_real_ip_from 198.41.128.0/17;
+    set_real_ip_from 162.158.0.0/15;
+    set_real_ip_from 104.16.0.0/13;
+    set_real_ip_from 104.24.0.0/14;
+    set_real_ip_from 172.64.0.0/13;
+    set_real_ip_from 131.0.72.0/22;
+    set_real_ip_from 2400:cb00::/32;
+    set_real_ip_from 2606:4700::/32;
+    set_real_ip_from 2803:f800::/32;
+    set_real_ip_from 2405:b500::/32;
+    set_real_ip_from 2405:8100::/32;
+    set_real_ip_from 2a06:98c0::/29;
+    set_real_ip_from 2c0f:f248::/32;
+    real_ip_header     CF-Connecting-IP;
+
+    # SSL PCI compliance
+    ssl_session_cache   shared:SSL:20m;
+    ssl_session_timeout 60m;
+    ssl_buffer_size     1400;
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers         "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+    ssl_dhparam         /etc/ssl/dhparam.pem;
+    ssl_ecdh_curve      secp384r1;
+    ssl_session_tickets off;
+    resolver 1.0.0.1 [2606:4700:4700::1111] 1.0.0.1 [2606:4700:4700::1001] valid=300s ipv6=on;
+    resolver_timeout    5s;
+
+    # Error pages
+    error_page 403 /error/404.html;
+    error_page 404 /error/404.html;
+    error_page 410 /error/410.html;
+    error_page 500 501 502 503 504 505 /error/50x.html;
+
+    # Proxy cache
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
+    proxy_cache_key "$scheme$request_method$host$request_uri";
+    proxy_temp_path  /var/cache/nginx/temp;
+    proxy_ignore_headers Expires Cache-Control;
+    proxy_cache_use_stale error timeout invalid_header http_502;
+    proxy_cache_valid any 1d;
+
+    # FastCGI cache
+    fastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=30m;
+    fastcgi_cache_key "$scheme$request_method$host$request_uri";
+    fastcgi_cache_methods GET HEAD;
+    fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
+    fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+    add_header X-FastCGI-Cache $upstream_cache_status;
+
+    # Cache bypass
+    map $http_cookie $no_cache {
+        default 0;
+        ~SESS 1;
+        ~wordpress_logged_in 1;
+    }
+
+    # File cache (static assets)
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+    # Wildcard include
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/conf.d/domains/*.conf;
+}

install/deb/nginx/nginx.conf

@@ -84,27 +84,28 @@ http {
     gzip_disable        "MSIE [1-6]\.";
 
     # Cloudflare https://www.cloudflare.com/ips
+    set_real_ip_from 173.245.48.0/20;
     set_real_ip_from 103.21.244.0/22;
     set_real_ip_from 103.22.200.0/22;
     set_real_ip_from 103.31.4.0/22;
-    set_real_ip_from 104.16.0.0/13;
-    set_real_ip_from 104.24.0.0/14;
-    set_real_ip_from 108.162.192.0/18;
-    set_real_ip_from 131.0.72.0/22;
     set_real_ip_from 141.101.64.0/18;
-    set_real_ip_from 162.158.0.0/15;
-    set_real_ip_from 172.64.0.0/13;
-    set_real_ip_from 173.245.48.0/20;
-    set_real_ip_from 188.114.96.0/20;
+    set_real_ip_from 108.162.192.0/18;
     set_real_ip_from 190.93.240.0/20;
+    set_real_ip_from 188.114.96.0/20;
     set_real_ip_from 197.234.240.0/22;
     set_real_ip_from 198.41.128.0/17;
-    #set_real_ip_from  2400:cb00::/32;
-    #set_real_ip_from  2405:b500::/32;
-    #set_real_ip_from  2606:4700::/32;
-    #set_real_ip_from  2803:f800::/32;
-    #set_real_ip_from  2c0f:f248::/32;
-    #set_real_ip_from  2a06:98c0::/29;
+    set_real_ip_from 162.158.0.0/15;
+    set_real_ip_from 104.16.0.0/13;
+    set_real_ip_from 104.24.0.0/14;
+    set_real_ip_from 172.64.0.0/13;
+    set_real_ip_from 131.0.72.0/22;
+    # set_real_ip_from 2400:cb00::/32;
+    # set_real_ip_from 2606:4700::/32;
+    # set_real_ip_from 2803:f800::/32;
+    # set_real_ip_from 2405:b500::/32;
+    # set_real_ip_from 2405:8100::/32;
+    # set_real_ip_from 2a06:98c0::/29;
+    # set_real_ip_from 2c0f:f248::/32;
     real_ip_header     CF-Connecting-IP;
 
     # SSL PCI compliance

install/deb/nginx/status-ipv6.conf

@@ -0,0 +1,10 @@
+server {
+    listen       127.0.0.1:8084 default;
+    listen       [::1]:8084 default;
+    server_name  _;
+    server_name_in_redirect  off;
+    location / {
+        stub_status on;
+        access_log   off;
+   }
+}

install/deb/vsftpd/vsftpd-ipv6.conf

@@ -0,0 +1,41 @@
+anonymous_enable=NO
+local_enable=YES
+write_enable=YES
+local_umask=022
+anon_umask=022
+anon_upload_enable=NO
+dirmessage_enable=YES
+xferlog_enable=YES
+connect_from_port_20=YES
+xferlog_std_format=YES
+dual_log_enable=YES
+chroot_local_user=YES
+listen_ipv6=YES
+pam_service_name=vsftpd
+ftpd_banner=Welcome! Please note that all activity is logged.
+userlist_enable=NO
+tcp_wrappers=YES
+force_dot_files=YES
+ascii_upload_enable=YES
+ascii_download_enable=YES
+allow_writeable_chroot=YES
+seccomp_sandbox=NO
+pasv_enable=YES
+pasv_promiscuous=YES
+pasv_min_port=12000
+pasv_max_port=12100
+max_per_ip=10
+max_clients=100
+use_localtime=YES
+utf8_filesystem=YES
+ssl_enable=YES
+allow_anon_ssl=NO
+require_ssl_reuse=NO
+ssl_ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+ssl_sslv2=NO
+ssl_sslv3=NO
+ssl_tlsv1=NO
+force_local_data_ssl=NO
+force_local_logins_ssl=NO
+rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
+rsa_private_key_file=/usr/local/hestia/ssl/certificate.key

install/hst-install-debian.sh

@@ -82,6 +82,7 @@ help() {
   -r, --port              Change Backend Port             default: 8083
   -l, --lang              Default language                default: en
   -y, --interactive       Interactive install   [yes|no]  default: yes
+  -6, --ipv6              Enable IPv6 Support   [yes|no]  default: no
   -s, --hostname          Set hostname
   -e, --email             Set admin email
   -p, --password          Set admin password
@@ -221,6 +222,7 @@ for arg; do
         --port)                 args="${args}-r " ;;
         --lang)                 args="${args}-l " ;;
         --interactive)          args="${args}-y " ;;
+        --ipv6)                 args="${args}-6 " ;;
         --api)                  args="${args}-d " ;;
         --hostname)             args="${args}-s " ;;
         --email)                args="${args}-e " ;;
@@ -257,6 +259,7 @@ while getopts "a:w:v:j:k:m:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do
         l) lang=$OPTARG ;;              # Language
         d) api=$OPTARG ;;               # Activate API
         y) interactive=$OPTARG ;;       # Interactive install
+        6) ipv6=$OPTARG ;;              # IPv6
         s) servername=$OPTARG ;;        # Hostname
         e) email=$OPTARG ;;             # Admin email
         p) vpass=$OPTARG ;;             # Admin password
@@ -294,6 +297,7 @@ set_default_value 'iptables' 'yes'
 set_default_value 'fail2ban' 'yes'
 set_default_value 'quota' 'no'
 set_default_value 'interactive' 'yes'
+set_default_value 'ipv6' 'no'
 set_default_value 'api' 'yes'
 set_default_port '8083'
 set_default_lang 'en'
@@ -640,10 +644,16 @@ if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
         servername="example.com"
     fi
     echo "127.0.0.1 $servername" >> /etc/hosts
+    if [ "$ipv6" = 'yes' ]; then
+        echo "::1 $servername" >> /etc/hosts
+    fi
 fi
 
 if [[ -z $(grep -i "$servername" /etc/hosts) ]]; then
     echo "127.0.0.1 $servername" >> /etc/hosts
+    if [ "$ipv6" = 'yes' ]; then
+        echo "::1 $servername" >> /etc/hosts
+    fi
 fi
 
 # Set email if it wasn't set
@@ -1291,6 +1301,10 @@ cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
 cp -f $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/
 cp -f $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/
 cp -f $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/
+if [ "$ipv6" = 'yes' ]; then
+    cp -f $HESTIA_INSTALL_DIR/nginx/nginx-ipv6.conf /etc/nginx/nginx.conf
+    cp -f $HESTIA_INSTALL_DIR/nginx/status-ipv6.conf /etc/nginx/conf.d/status.conf
+fi
 mkdir -p /etc/nginx/conf.d/domains
 mkdir -p /etc/nginx/modules-enabled
 mkdir -p /var/log/nginx/domains
@@ -1301,10 +1315,20 @@ for ip in $dns_resolver; do
     if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
         resolver="$ip $resolver"
     fi
+    if [ "$ipv6" = 'yes' ]; then
+        if [[ $ip =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$ ]]; then
+            resolver="[$ip] $resolver"
+        fi
+    fi
 done
 if [ -n "$resolver" ]; then
-    sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
-    sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+    if [ "$ipv6" = 'yes' ]; then
+        sed -i "s/1.0.0.1 \[2606:4700:4700::1111\] 1.0.0.1 \[2606:4700:4700::1001\]/$resolver/g" /etc/nginx/nginx.conf
+        sed -i "s/1.0.0.1 \[2606:4700:4700::1111\] 1.0.0.1 \[2606:4700:4700::1001\]/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+    else
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+    fi
 fi
 
 update-rc.d nginx defaults > /dev/null 2>&1
@@ -1328,6 +1352,10 @@ if [ "$apache" = 'yes' ]; then
     cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load
     cp -f $HESTIA_INSTALL_DIR/logrotate/apache2 /etc/logrotate.d/
 
+    if [ "$ipv6" = 'yes' ]; then
+        cp -f $HESTIA_INSTALL_DIR/apache2/status-ipv6.conf /etc/apache2/mods-available/hestia-status.conf
+    fi
+
     # Enable needed modules
     a2enmod rewrite > /dev/null 2>&1
     a2enmod suexec > /dev/null 2>&1
@@ -1422,6 +1450,9 @@ chmod 755 /etc/cron.daily/php-session-cleanup
 if [ "$vsftpd" = 'yes' ]; then
     echo "[ * ] Configuring Vsftpd server..."
     cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
+    if [ "$ipv6" = 'yes' ]; then
+        cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd-ipv6.conf /etc/vsftpd.conf
+    fi
     touch /var/log/vsftpd.log
     chown root:adm /var/log/vsftpd.log
     chmod 640 /var/log/vsftpd.log
@@ -1893,7 +1924,9 @@ $HESTIA/bin/v-update-sys-ip > /dev/null 2>&1
 
 # Get main IP
 ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
+ipv6=$(ip addr|grep 'inet6 '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
 local_ip=$ip
+local_ipv6=$ipv6
 
 # Configuring firewall
 if [ "$iptables" = 'yes' ]; then
@@ -1902,6 +1935,7 @@ fi
 
 # Get public IP
 pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
+pub_ipv6=$(curl --ipv6 -s https://ip.hestiacp.com/)
 
 if [ -n "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
     $HESTIA/bin/v-change-sys-ip-nat $ip $pub_ip > /dev/null 2>&1

install/hst-install-ubuntu.sh

@@ -80,6 +80,7 @@ help() {
   -r, --port              Change Backend Port             default: 8083
   -l, --lang              Default language                default: en
   -y, --interactive       Interactive install   [yes|no]  default: yes
+  -6, --ipv6              Enable IPv6 Support   [yes|no]  default: no
   -s, --hostname          Set hostname
   -e, --email             Set admin email
   -p, --password          Set admin password
@@ -218,6 +219,7 @@ for arg; do
         --port)                 args="${args}-r " ;;
         --lang)                 args="${args}-l " ;;
         --interactive)          args="${args}-y " ;;
+        --ipv6)                 args="${args}-6 " ;;
         --api)                  args="${args}-d " ;;
         --hostname)             args="${args}-s " ;;
         --email)                args="${args}-e " ;;
@@ -254,6 +256,7 @@ while getopts "a:w:v:j:k:m:g:d:x:z:Z:c:t:i:b:r:o:q:l:y:s:e:p:D:fh" Option; do
         l) lang=$OPTARG ;;              # Language
         d) api=$OPTARG ;;               # Activate API
         y) interactive=$OPTARG ;;       # Interactive install
+        6) ipv6=$OPTARG ;;              # IPv6
         s) servername=$OPTARG ;;        # Hostname
         e) email=$OPTARG ;;             # Admin email
         p) vpass=$OPTARG ;;             # Admin password
@@ -291,6 +294,7 @@ set_default_value 'iptables' 'yes'
 set_default_value 'fail2ban' 'yes'
 set_default_value 'quota' 'no'
 set_default_value 'interactive' 'yes'
+set_default_value 'ipv6' 'no'
 set_default_value 'api' 'yes'
 set_default_port '8083'
 set_default_lang 'en'
@@ -629,10 +633,16 @@ if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
         servername="example.com"
     fi
     echo "127.0.0.1 $servername" >> /etc/hosts
+    if [ "$ipv6" = 'yes' ]; then
+        echo "::1 $servername" >> /etc/hosts
+    fi
 fi
 
 if [[ -z $(grep -i "$servername" /etc/hosts) ]]; then
     echo "127.0.0.1 $servername" >> /etc/hosts
+    if [ "$ipv6" = 'yes' ]; then
+        echo "::1 $servername" >> /etc/hosts
+    fi
 fi
 
 # Set email if it wasn't set
@@ -1052,6 +1062,19 @@ if [ ! -e "/sbin/iptables" ]; then
             ln -s "$autoiptables" /sbin/iptables
         fi
     fi
+
+    if [ "$ipv6" = 'yes' ]; then
+        if which ip6tables; then
+            ln -s "$(which ip6tables)" /sbin/ip6tables
+        elif [ -e "/usr/sbin/ip6tables" ]; then
+            ln -s /usr/sbin/ip6tables /sbin/ip6tables
+        elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b ip6tables; then
+            autoip6tables=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b ip6tables | cut -d '' -f 2)
+            if [ -x "$autoip6tables" ]; then
+                ln -s "$autoip6tables" /sbin/ip6tables
+            fi
+        fi
+    fi
 fi
 
 if [ ! -e "/sbin/iptables-save" ]; then
@@ -1065,6 +1088,18 @@ if [ ! -e "/sbin/iptables-save" ]; then
             ln -s "$autoiptables_save" /sbin/iptables-save
         fi
     fi
+    if [ "$ipv6" = 'yes' ]; then
+        if which ip6tables-save; then
+            ln -s "$(which ip6tables-save)" /sbin/ip6tables-save
+        elif [ -e "/usr/sbin/ip6tables-save" ]; then
+            ln -s /usr/sbin/ip6tables-save /sbin/ip6tables-save
+        elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b ip6tables-save; then
+            autoip6tables_save=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-save | cut -d '' -f 2)
+            if [ -x "$autoip6tables_save" ]; then
+                ln -s "$autoip6tables_save" /sbin/ip6tables-save
+            fi
+        fi
+    fi
 fi
 
 if [ ! -e "/sbin/iptables-restore" ]; then
@@ -1078,6 +1113,18 @@ if [ ! -e "/sbin/iptables-restore" ]; then
             ln -s "$autoiptables_restore" /sbin/iptables-restore
         fi
     fi
+    if [ "$ipv6" = 'yes' ]; then
+        if which ip6tables-restore; then
+            ln -s "$(which ip6tables-restore)" /sbin/ip6tables-restore
+        elif [ -e "/usr/sbin/ip6tables-restore" ]; then
+            ln -s /usr/sbin/ip6tables-restore /sbin/ip6tables-restore
+        elif whereis -B /bin /sbin /usr/bin /usr/sbin -f -b ip6tables-restore; then
+            autoip6tables_restore=$(whereis -B /bin /sbin /usr/bin /usr/sbin -f -b iptables-restore | cut -d '' -f 2)
+            if [ -x "$autoip6tables_restore" ]; then
+                ln -s "$autoip6tables_restore" /sbin/ip6tables-restore
+            fi
+        fi
+    fi
 fi
 
 # Restrict access to /proc fs
@@ -1315,11 +1362,6 @@ chown root:mail $HESTIA/ssl/*
 chmod 660 $HESTIA/ssl/*
 rm /tmp/hst.pem
 
-# Adding nologin as a valid system shell
-if [ -z "$(grep nologin /etc/shells)" ]; then
-    echo "/usr/sbin/nologin" >> /etc/shells
-fi
-
 # Install dhparam.pem
 cp -f $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
 
@@ -1363,6 +1405,10 @@ cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
 cp -f $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/
 cp -f $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/
 cp -f $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/
+if [ "$ipv6" = 'yes' ]; then
+    cp -f $HESTIA_INSTALL_DIR/nginx/nginx-ipv6.conf /etc/nginx/nginx.conf
+    cp -f $HESTIA_INSTALL_DIR/nginx/status-ipv6.conf /etc/nginx/conf.d/status.conf
+fi
 mkdir -p /etc/nginx/conf.d/domains
 mkdir -p /etc/nginx/modules-enabled
 mkdir -p /var/log/nginx/domains
@@ -1373,10 +1419,20 @@ for ip in $dns_resolver; do
     if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
         resolver="$ip $resolver"
     fi
+    if [ "$ipv6" = 'yes' ]; then
+        if [[ $ip =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$ ]]; then
+            resolver="[$ip] $resolver"
+        fi
+    fi
 done
 if [ -n "$resolver" ]; then
-    sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
-    sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+    if [ "$ipv6" = 'yes' ]; then
+        sed -i "s/1.0.0.1 \[2606:4700:4700::1111\] 1.0.0.1 \[2606:4700:4700::1001\]/$resolver/g" /etc/nginx/nginx.conf
+        sed -i "s/1.0.0.1 \[2606:4700:4700::1111\] 1.0.0.1 \[2606:4700:4700::1001\]/$resolver/g" /usr/local/hestia/nginx/
+    else
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
+        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
+    fi
 fi
 
 update-rc.d nginx defaults > /dev/null 2>&1
@@ -1399,6 +1455,10 @@ if [ "$apache" = 'yes' ]; then
     cp -f /etc/apache2/mods-available/status.load /etc/apache2/mods-available/hestia-status.load
     cp -f $HESTIA_INSTALL_DIR/logrotate/apache2 /etc/logrotate.d/
 
+    if [ "$ipv6" = 'yes' ]; then
+        cp -f $HESTIA_INSTALL_DIR/apache2/status-ipv6.conf /etc/apache2/mods-available/hestia-status.conf
+    fi
+
     # Enable needed modules
     a2enmod rewrite > /dev/null 2>&1
     a2enmod suexec > /dev/null 2>&1
@@ -1494,6 +1554,9 @@ chmod 755 /etc/cron.daily/php-session-cleanup
 if [ "$vsftpd" = 'yes' ]; then
     echo "[ * ] Configuring Vsftpd server..."
     cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
+    if [ "$ipv6" = 'yes' ]; then
+        cp -f $HESTIA_INSTALL_DIR/vsftpd/vsftpd-ipv6.conf /etc/vsftpd.conf
+    fi
     touch /var/log/vsftpd.log
     chown root:adm /var/log/vsftpd.log
     chmod 640 /var/log/vsftpd.log
@@ -1953,7 +2016,9 @@ $HESTIA/bin/v-update-sys-ip > /dev/null 2>&1
 
 # Get main IP
 ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
+ipv6=$(ip addr|grep 'inet6 '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
 local_ip=$ip
+local_ipv6=$ipv6
 
 # Configuring firewall
 if [ "$iptables" = 'yes' ]; then
@@ -1963,6 +2028,8 @@ fi
 # Get public IP
 echo "[ * ] Configuring System IP..."
 pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
+pub_ipv6=$(curl --ipv6 -s https://ip.hestiacp.com/)
+
 if [ -n "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
     if [ -e /etc/rc.local ]; then
         sed -i '/exit 0/d' /etc/rc.local