Merge staging in main (#2237)

* Slightly improve error messages api
* Add support for ARM on APT
* Update changelog + version package 
+ Adjust copyright year to 2021
* Update last copyright package
* Add check if /etc/hestiacp/hestia.conf exists
* Fix bug in rebuild web domains
* Fix issue with restart webserver during rebuild
* Improve v-add-lets-encrypt-domain
* Small change in changelog
* Fix bug in v-add-letsencrypt-host
* Manage sieve disabled on default
* Remove sieve reference from default config
Prevent webmail from working propperly
* Add support for cross compile hestia pacakge
* When backend port is missing use $ORIGINAL_PORT instead of $PORT
* Add BACKEND_PORT to hestia.conf
* Update translations
* Add error message when attempting cross compile non hestia package
hestia-nginx and hestia-php doesn't support compiling on amd64 machine for arm64
* Update Changelog
* Update changelog + readme
Adjust version to 1.5.0
* Update version hestia-nginx + hestia-php
* Fix bug in update script where ~rc was not removed 
Adjusted sed command to also match everything behind ~

CHANGELOG.md

@@ -1,20 +1,27 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-## [DEVELOPMENT] - Development version
+## [1.5.0] - Major Release (Feature / Quality Update)
 
-## Features
+### Breaking changes ###
+- **NOTE:** Changes have been made on how phpmyadmin/phppgadmin config are included in apache2 config. To restore to the old behaviour add `IncludeOptional conf.d/*.inc` below `IncludeOptional conf.d/*.conf` in /etc/apache2/apache2.conf and restart your server. 
+- **NOTE:** Hestia packages for arm64 has been added to atp.hestiacp.com please use the normal install instructions instead! For current ARM installs to enable auto update remove the `#` in /etc/apt/sources.list.d/hestia.list `# deb https://apt.hestiacp.com/ focal main` becomes `deb https://apt.hestiacp.com/ focal main` and then run `apt update && apt upgrade -y` 
+
+### Features
 
-- Add support for Dovecote Sieve #2163 (@2163)
+- Add support for Dovecote Sieve #2163 (@gejobj)
 - Improve HELO based system and use RDNS lookup instead our old system
+- Add support for PHP 8.1 #2233 
 - Set default php version for new installs to PHP 8.0 
+- Add support for ARM64 Processors
+- Disable access phpmyadmin/phppgadmin over ip address in Apache2 #2072
 
 ### Bugfixes
 
-- Disable /reset/ endpoint when POLICY_SYSTEM_PASSWORD_RESET = no
-- Add rate limit forgot password
+- Disable /reset/ endpoint when POLICY_SYSTEM_PASSWORD_RESET = no #2167
+- Add rate limit forgot password #2199
 - Prevent SOA count up after v-change-dns-records with no changes are made
-- Fix #1296 Logrotate does not rotate logs any more on Ubuntu 20.04 and Debian 11
+- Fix #1296 Log rotate does not rotate logs any more on Ubuntu 20.04 and Debian 11
 - Run shellcheck to improve code quality 
 - Improve ssh port detection for filemanager. Allowing users to create /etc/ssh/sshd.conf.d/custom.conf with custom port
 - Fix an bug in v-add-letsencrypt-host due to changes of Lets Encrypt causing issues with rate limiting
@@ -25,16 +32,19 @@ All notable changes to this project will be documented in this file.
 - Update permissions /var/log/roundcube on older installations #2173
 - Update translations
 - Fix Roundcube permissions
-- Add webp to list of media formats that can be cached by the browser 
+- Add .webp to list of media formats that can be cached by the browser 
 - Disable  /list/log/auth when in Demo mode
 - Fix #1139 By force rebuilding webmail config files
+- Fix a bug in rebuild mysql database @depca
+- Fix #1239 Bug in basic auth not working properly
+- Add validation for email address before install server for admin account
+- Fix bug in v-change-domain-owner #2210
+- Improve input validation Add / Edit User package and improve reading config files to prevent security issues.
+
 
 ### Dependencies
 
 - Update Roundcube to 1.5.0 https://roundcube.net/news/2021/10/18/roundcube-1.5.0-released
-
-### Security 
-
 - Update jQuery UI to the last version [CVE-2021-41182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182)
 
 ## [1.4.17] - Service release 

README.md

@@ -2,15 +2,18 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.4.17 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
+**Latest stable release:** Version 1.5.0 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md) | [![Build Status](https://drone.hestiacp.com/api/badges/hestiacp/hestiacp/status.svg?ref=refs/heads/main)](https://drone.hestiacp.com/hestiacp/hestiacp) <br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
 **Forums:** [forum.hestiacp.com](https://forum.hestiacp.com/)<br>
 **Discord:** [Join the discussion](https://discord.gg/nXRUZch)<br />
-<br><br>
-[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ST87LQH2CHGLA)
 <br>
+[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ST87LQH2CHGLA)<br /><br />
+Bitcoin : bc1q48jt5wg5jaj8g9zy7c3j03cv57j2m2u5anlutu<br>
+Ethereum : 0xfF3Dd2c889bd0Ff73d8085B84A314FC7c88e5D51<br>
+Binance: bnb1l4ywvw5ejfmsgjdcx8jn5lxj7zsun8ktfu7rh8<br>
+Smart Chain: 0xfF3Dd2c889bd0Ff73d8085B84A314FC7c88e5D51<br>
 
 **Welcome!**
 ---------------------------- 
@@ -21,20 +24,30 @@ Features and Services
 * Apache2 and NGINX with PHP-FPM
 * Multiple PHP versions (5.6 - 8.1, 8.0 as default)
 * DNS Server (Bind) with clustering capabilities
-* POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Roundcube, Rainloop)
+* POP/IMAP/SMTP mail services with Anti-Virus, Anti-Spam, and Webmail (ClamAV, SpamAssassin, Sieve, Roundcube, Rainloop)
 * MariaDB and/or PostgreSQL databases
 * Let's Encrypt SSL support with wildcard certificates
 * Firewall with brute-force attack detection and IP lists (iptables, fail2ban, and ipset).
 
 Supported platforms and operating systems
+========================================================
+
+AMD (x86_64 Intel/AMD)
 ----------------------------
-* **CPU Architecture:** AMD64 (x86_64 Intel/AMD)
 * **Debian:** 11, 10 or 9
 * **Ubuntu:** 20.04 LTS or 18.04 LTS
-* **NOTE:** Hestia Control Panel must be installed on top of a fresh operating system installation to ensure proper functionality.
+
+ARM64 (arm64)
+----------------------------
+* **Debian:** 11, 10
+* **Ubuntu:** 20.04 LTS
+* **NOTE:** ARM 64 bit processors only! ARM 32bit (armhf) is currently not supported!
 
 Installing Hestia Control Panel
 ============================
+
+* **NOTE:** Hestia Control Panel must be installed on top of a fresh operating system installation to ensure proper functionality.
+
 While we have taken every effort to make the installation process and the control panel interface as friendly as possible (even for new users), it is assumed that you will have some prior knowledge and understanding in the basics how to set up a Linux server before continuing.
 
 ## Step 1: Log in

bin/v-add-letsencrypt-domain

@@ -505,14 +505,19 @@ fi
 if [ -z "$mail" ]; then
     ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
     ssl_enabled="$(get_object_value 'web' 'DOMAIN' "$domain" '$SSL')"
-    ssl_force="$(get_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE')"
-    [[ "$ssl_enabled" = "yes" ]] && $BIN/v-delete-web-domain-ssl $user $domain > /dev/null 2>&1
-    $BIN/v-add-web-domain-ssl "$user" "$domain" "$ssl_dir" "$ssl_home" updatessl
-    [[ "$ssl_force" = "yes" ]] && $BIN/v-add-web-domain-ssl-force "$user" "$domain" > /dev/null 2>&1
-else
+    if [ "$ssl_enabled" = "yes" ]; then 
+        $BIN/v-update-web-domain-ssl "$user" "$domain" "$ssl_dir" "$ssl_home" "updatessl" 
+    else
+        $BIN/v-add-web-domain-ssl "$user" "$domain" "$ssl_dir" "$ssl_home" "updatessl" 
+    fi
+ else
+ # TODO replace with v-update-mail-domain-ssl if ssl is enabled
     ssl_enabled="$(get_object_value 'mail' 'DOMAIN' "$root_domain" '$SSL')"
-    [[ "$ssl_enabled" = "yes" ]] && $BIN/v-delete-mail-domain-ssl "$user" "$root_domain" > /dev/null 2>&1
-    $BIN/v-add-mail-domain-ssl "$user" "$root_domain" "$ssl_dir" updatessl
+    if [ "$ssl_enabled" = "yes" ]; then 
+        $BIN/v-update-mail-domain-ssl "$user" "$root_domain" "$ssl_dir" "$ssl_home" "updatessl" 
+    else
+        $BIN/v-add-mail-domain-ssl "$user" "$root_domain" "$ssl_dir" "$ssl_home" "updatessl" 
+    fi
 fi
 
 if [ "$?" -ne '0' ]; then

bin/v-add-web-domain-ssl-force

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: Adding force SSL for a domain
-# options: USER DOMAIN
+# options: USER DOMAIN [RESTART] [QUIET]
 # labels: hestia web
 #
 # example: v-add-web-domain-ssl-force admin acme.com
@@ -15,8 +15,9 @@
 # Argument definition
 user=$1
 domain=$2
-quiet=$3
-restart="$4"
+restart="$3"
+quiet="$4"
+
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf

bin/v-add-web-domain-ssl-hsts

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: Adding hsts to a domain
-# options: USER DOMAIN
+# options: USER DOMAIN [RESTART] [QUIET]
 # labels: hestia
 #
 # The function enables HSTS for the requested domain.
@@ -13,8 +13,8 @@
 # Argument definition
 user=$1
 domain=$2
-quiet=$3
-restart="$4"
+restart="$3"
+quiet="$4"
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf

bin/v-delete-mail-domain-ssl

@@ -14,6 +14,7 @@
 # Argument definition
 user=$1
 domain=$2
+restart=$3
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf

bin/v-delete-web-domain-ssl

@@ -65,10 +65,8 @@ if [ -n "$PROXY_SYSTEM" ] && [ -n "$PROXY" ]; then
 fi
 
 # Deleting old certificate
-tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
 rm -f $HOMEDIR/$user/conf/web/$domain/ssl/$domain.*
-mv $USER_DATA/ssl/$domain.* $tmpdir
-chown -R $user:$user $tmpdir
+rm -f $USER_DATA/ssl/$domain.*
 
 # Deleting force ssl
 $BIN/v-delete-web-domain-ssl-force "$user" "$domain" 'no' 'yes'

bin/v-delete-web-domain-ssl-force

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: remove ssl force from domain
-# options: USER DOMAIN [RESTART]
+# options: USER DOMAIN [RESTART] [QUIET]
 # labels: hestia web
 #
 # example: v-delete-web-domain-ssl-force admin domain.tld
@@ -15,8 +15,8 @@
 # Argument definition
 user=$1
 domain=$2
-restart=$3
-quiet=$4
+restart="$3"
+quiet="$4"
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf

bin/v-delete-web-domain-ssl-hsts

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: remove ssl force from domain
-# options: USER DOMAIN [RESTART]
+# options: USER DOMAIN [RESTART] [QUIET]
 # labels: hestia
 #
 # example: v-delete-web-domain-ssl-hsts user domain.tld

bin/v-rebuild-web-domains

@@ -112,7 +112,7 @@ fi
 for domain in $($BIN/v-list-web-domains $user plain |cut -f 1); do
     if [ -n "$WEB_BACKEND" ]; then
         template=$(get_object_value 'web' 'DOMAIN' "$domain" '$BACKEND');
-        if [ -n "$template" ]; then 
+        if [ -z "$template" ]; then 
             template="default"
             update_object_value 'web' 'DOMAIN' "$domain" '$BACKEND' 'default'  
         fi

bin/v-update-mail-domain-ssl

@@ -0,0 +1,105 @@
+#!/bin/bash
+# info: updating ssl certificate for domain
+# options: USER DOMAIN SSL_DIR [RESTART]
+# labels: web
+#
+# example: v-update-mail-domain-ssl admin domain.com /home/admin/tmp
+#
+# The function updates the SSL certificate for a domain. Parameter ssl_dir is a path
+# to directory where 2 or 3 ssl files can be found. Certificate file 
+# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
+# authority domain.tld.ca file is optional.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+ssl_dir=$3
+restart=$4
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/domain.sh
+source $HESTIA/func/domain.sh
+# shellcheck source=/usr/local/hestia/func/ip.sh
+source $HESTIA/func/ip.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+
+# Additional argument formatting
+format_domain
+format_domain_idn
+# TODO: $domain_idn not used in this script - maybe $domain should be converted to $doman_idn ?
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'USER DOMAIN SSL_DIR [RESTART]'
+is_format_valid 'user' 'domain' 'ssl_dir'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'mail' 'DOMAIN' "$domain"
+is_object_unsuspended 'mail' 'DOMAIN' "$domain"
+is_object_value_exist 'mail' 'DOMAIN' "$domain" '$SSL'
+is_web_domain_cert_valid
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Deleting old certificate
+rm -f $HOMEDIR/$user/conf/web/$domain/ssl/mail.$domain.*
+rm -f $USER_DATA/ssl/mail.$domain.*
+
+# Add certificate to Hestia user configuration data directory
+if [ -f "$ssl_dir/$domain.crt" ]; then
+    cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/mail.$domain.crt
+    cp -f $ssl_dir/$domain.key $USER_DATA/ssl/mail.$domain.key
+    cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/mail.$domain.pem
+    if [ -e "$ssl_dir/$domain.ca" ]; then
+        cp -f $ssl_dir/$domain.ca $USER_DATA/ssl/mail.$domain.ca
+        echo >> $USER_DATA/ssl/mail.$domain.pem
+        cat $USER_DATA/ssl/mail.$domain.ca >> $USER_DATA/ssl/mail.$domain.pem
+    fi
+fi
+
+chmod 660 $USER_DATA/ssl/mail.$domain.*
+
+# Add certificate to user home directory
+cp -f $USER_DATA/ssl/mail.$domain.crt $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.crt
+cp -f $USER_DATA/ssl/mail.$domain.key $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.key
+cp -f $USER_DATA/ssl/mail.$domain.pem $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.pem
+if [ -e "$USER_DATA/ssl/mail.$domain.ca" ]; then
+    cp -f $USER_DATA/ssl/mail.$domain.ca $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.ca
+fi
+
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Restarting web server
+$BIN/v-restart-web "$restart"
+check_result $? "Web restart failed" >/dev/null
+
+$BIN/v-restart-proxy "$restart"
+check_result $? "Proxy restart failed" >/dev/null
+
+# Logging
+$BIN/v-log-action "$user" "Info" "Mail" "SSL certificate updated (Domain: $domain)."
+log_event "$OK" "$EVENT"
+
+exit

bin/v-update-web-domain-ssl

@@ -60,6 +60,10 @@ is_web_domain_cert_valid
 #                       Action                             #
 #----------------------------------------------------------#
 
+# Deleting old certificate
+rm -f $HOMEDIR/$user/conf/web/$domain/ssl/$domain.*
+rm -f $USER_DATA/ssl/$domain.*
+
 # Adding certificate to user data directory
 cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.crt
 cp -f $ssl_dir/$domain.key $USER_DATA/ssl/$domain.key

func/rebuild.sh

@@ -301,12 +301,12 @@ rebuild_web_domain_conf() {
     # Refresh HTTPS redirection if previously enabled
     if [ "$SSL_FORCE" = 'yes' ]; then
         $BIN/v-delete-web-domain-ssl-force $user $domain no yes
-        $BIN/v-add-web-domain-ssl-force $user $domain yes yes
+        $BIN/v-add-web-domain-ssl-force $user $domain no yes
     fi
 
     if [ "$SSL_HSTS" = 'yes' ]; then
         $BIN/v-delete-web-domain-ssl-hsts $user $domain no yes
-        $BIN/v-add-web-domain-ssl-hsts $user $domain yes yes
+        $BIN/v-add-web-domain-ssl-hsts $user $domain no yes
     fi
     if [ "$FASTCGI_CACHE" = 'yes' ]; then
         $BIN/v-delete-fastcgi-cache $user $domain

func/syshealth.sh

@@ -241,7 +241,7 @@ function syshealth_repair_system_config() {
     if [[ -z $(check_key_exists 'BACKEND_PORT') ]]; then 
         ORIGINAL_PORT=$(cat $HESTIA/nginx/conf/nginx.conf | grep "listen" | sed 's/[^0-9]*//g')
         echo "[ ! ] Adding missing variable to hestia.conf: BACKEND_PORT ('$ORIGINAL_PORT')"
-        $HESTIA/bin/v-change-sys-config-value 'BACKEND_PORT' $PORT
+        $HESTIA/bin/v-change-sys-config-value 'BACKEND_PORT' $ORIGINAL_PORT
     fi
 
     # Upgrade: Send email notification

func/upgrade.sh

@@ -493,10 +493,11 @@ upgrade_refresh_config() {
 upgrade_start_routine() {   
     # Parse version numbers for comparison
     function check_version { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
-
+    
     # Remove pre-release designation from version number for upgrade scripts
-    VERSION=$(echo $VERSION | sed "s|~alpha||g" | sed "s|~beta||g")
+    VERSION=$(echo "$VERSION" | sed "s/~\([a-zA-Z0-9].*\)//g");
 
+    
     # Get list of all available version steps and create array
     upgrade_steps=$(ls $HESTIA/install/upgrade/versions/*.sh)
     for script in $upgrade_steps; do
@@ -750,6 +751,12 @@ upgrade_restart_services() {
             fi
             $BIN/v-restart-mail 'yes'
         fi
+        if [ -n "$IMAP_SYSTEM" ]; then
+            if [ "$DEBUG_MODE" = "true" ]; then
+                echo "      - $IMAP_SYSTEM"
+            fi
+            $BIN/v-restart-service "$IMAP_SYSTEM"
+        fi
         if [ -n "$WEB_SYSTEM" ]; then
             if [ "$DEBUG_MODE" = "true" ]; then
                 echo "      - $WEB_SYSTEM"

install/deb/dovecot/conf.d/10-master.conf

@@ -25,10 +25,5 @@ service auth {
     mode = 0660
     user = dovecot
   }
-  unix_listener auth-master {
-    group = mail
-    mode = 0660
-    user = dovecot
-  }
   user = dovecot
 }

install/deb/dovecot/conf.d/20-imap.conf

@@ -14,7 +14,7 @@ protocol imap {
 
   # Space separated list of plugins to load (default is global mail_plugins).
   #mail_plugins = $mail_plugins
-  mail_plugins = quota imap_quota imap_sieve
+  mail_plugins = quota imap_quota
 
   # IMAP logout format string:
   #  %i - total number of bytes read from client

install/deb/roundcube/main.inc.php

@@ -97,7 +97,7 @@ $config['des_key'] = '%des_key%';
 $config['max_recipients'] = 100;
 
 // List of active plugins (in plugins/ directory)
-$config['plugins'] = array('password', 'newmail_notifier', 'zipdownload', 'archive', 'managesieve');
+$config['plugins'] = array('password', 'newmail_notifier', 'zipdownload', 'archive');
 
 $config['default_user'] = '%u';
 

install/hst-install-debian.sh

@@ -19,11 +19,11 @@ os='debian'
 architecture="$(uname -m)"
 release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
 codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
-HESTIA_INSTALL_DIR="$HESTIA/install/deb"
+HESTIA_INSTALL_DIR="$HESTIA/install/deb "
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.5.0~beta'
+HESTIA_INSTALL_VER='1.5.0'
 pma_v='5.1.1'
 rc_v="1.5.0"
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1")
@@ -145,6 +145,7 @@ set_default_lang() {
 set_default_port() {
     if [ -z "$port" ]; then
         eval port=$1
+        echo "BACKEND_PORT='$port'" >> $HESTIA/conf/hestia.conf
     fi
 }
 
@@ -455,17 +456,6 @@ x86_64)
     ;;
  aarch64)
     ARCH="arm64"
-    if [ -z "$withdebs" ] || [ ! -d "$withdebs" ]; then
-        echo
-        echo -e "\e[91mInstallation aborted\e[0m"
-        echo "===================================================================="
-        echo -e "\e[33mERROR: HestiaCP on ARM is currently not supported with install from ATP!\e[0m"
-        echo -e "\e[33mPlease compile your own packages for HestiaCP. \e[0m"
-        echo -e "\e[33mPlease follow the instructions at: \e[0m"
-        echo -e "  \e[33mhttps://docs.hestiacp.com/development/panel.html#compiling\e[21m\e[0m"
-        echo ""
-        check_result 1 "Installation aborted"    
-    fi
     ;;
 *)
 echo
@@ -719,15 +709,7 @@ fi
 
 # Installing HestiaCP repo
 echo "[ * ] Hestia Control Panel"
-if [ "$ARCH" = "amd64" ]; then
-    echo "deb https://$RHOST/ $codename main" > $apt/hestia.list
-else
-    echo "# deb https://$RHOST/ $codename main" > $apt/hestia.list
-    echo -e "\e[91m[ ! ] HestiaCP on ARM is currently in Development.\e[0m"
-    echo -e "\e[91m      This will mean that we don't provide any packages and you are responisble\e[0m"
-    echo -e "\e[91m      for building the packages your self. To build your own packeges see\e[0m"
-    echo -e "\e[91m      https://docs.hestiacp.com/development/panel.html#compiling\e[0m"
-fi
+echo "deb https://$RHOST/ $codename main" > $apt/hestia.list
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
 
 # Installing PostgreSQL repo

install/hst-install-ubuntu.sh

@@ -23,7 +23,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.5.0~beta'
+HESTIA_INSTALL_VER='1.5.0'
 pma_v='5.1.1'
 rc_v="1.5.0"
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1")
@@ -126,6 +126,7 @@ set_default_lang() {
 set_default_port() {
     if [ -z "$port" ]; then
         eval port=$1
+        echo "BACKEND_PORT='$port'" >> $HESTIA/conf/hestia.conf
     fi
 }
 
@@ -429,17 +430,6 @@ case $architecture in
         ;;
     aarch64)
         ARCH="arm64"
-        if [ -z "$withdebs" ] || [ ! -d "$withdebs" ]; then
-            echo
-            echo -e "\e[91mInstallation aborted\e[0m"
-            echo "===================================================================="
-            echo -e "\e[33mERROR: HestiaCP on ARM is currently not supported with install from ATP!\e[0m"
-            echo -e "\e[33mPlease compile your own packages for HestiaCP. \e[0m"
-            echo -e "\e[33mPlease follow the instructions at: \e[0m"
-            echo -e "  \e[33mhttps://docs.hestiacp.com/development/panel.html#compiling\e[21m\e[0m"
-            echo ""
-            check_result 1 "Installation aborted"    
-        fi
         ;;
     *)
     echo
@@ -689,15 +679,7 @@ fi
 
 # Installing HestiaCP repo
 echo "[ * ] Hestia Control Panel"
-if [ "$ARCH" = "amd64" ]; then
-    echo "deb https://$RHOST/ $codename main" > $apt/hestia.list
-else
-    echo "# deb https://$RHOST/ $codename main" > $apt/hestia.list
-    echo -e "\e[91m[ ! ] HestiaCP on ARM is currently in Development.\e[0m"
-    echo -e "\e[91m      This will mean that we don't provide any packages and you are responisble\e[0m"
-    echo -e "\e[91m      for building the packages your self. To build your own packeges see\e[0m"
-    echo -e "\e[91m      https://docs.hestiacp.com/development/panel.html#compiling\e[0m"
-fi
+echo "deb https://$RHOST/ $codename main" > $apt/hestia.list
 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys A189E93654F0B0E5 > /dev/null 2>&1
 
 # Installing PostgreSQL repo

install/upgrade/versions/1.5.0.sh

@@ -15,13 +15,14 @@
 ####### You can use \n within the string to create new lines.                   #######
 #######################################################################################
 
+echo "[ * ] Apply changes for 1.5.0"
+
 upgrade_config_set_value 'UPGRADE_UPDATE_WEB_TEMPLATES' 'true'
 upgrade_config_set_value 'UPGRADE_UPDATE_DNS_TEMPLATES' 'true'
 upgrade_config_set_value 'UPGRADE_UPDATE_MAIL_TEMPLATES' 'true'
 upgrade_config_set_value 'UPGRADE_REBUILD_USERS' 'true'
 upgrade_config_set_value 'UPGRADE_UPDATE_FILEMANAGER_CONFIG' 'true'
 
-
 if [ -n "$DB_PMA_ALIAS" ]; then
    if [ -e "/etc/apache2/conf.d/phpmyadmin.conf" ]; then
       rm /etc/apache2/conf.d/phpmyadmin.conf

src/deb/hestia/control

@@ -1,7 +1,7 @@
 Source: hestia
 Package: hestia
 Priority: optional
-Version: 1.5.0~beta
+Version: 1.5.0
 Section: admin
 Maintainer: HestiaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

src/deb/hestia/copyright

@@ -3,7 +3,7 @@ Upstream-Name: hestia
 Source: https://www.hestiacp.com
 
 Files: *
-Copyright: 2018-2020, Hestia Control Panel <info@hestiacp.com>
+Copyright: 2018-2021, Hestia Control Panel <info@hestiacp.com>
 License: GPL-3.0+
 Remarks: Hestia Control Panel is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
 

src/deb/hestia/preinst

@@ -1,22 +1,19 @@
 #!/bin/bash
-source /etc/hestiacp/hestia.conf
-# shellcheck source=/usr/local/hestia/func/main.sh
-source $HESTIA/func/main.sh
-source_conf "$HESTIA/conf/hestia.conf"
 
 # Run triggers only on updates
 if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
     exit
 fi
 
+if [ ! -e "/etc/hestiacp/hestia.conf" ]; then
+    mkdir -p /etc/hestiacp
+    echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
+fi
+
 # Configure apt to retry downloading on error
 if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
     echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
 fi
 
 # Validate version number and replace if different
-HESTIA_V=$(dpkg -s hestia | grep -i version | awk '{ print $2 }')
-
-if [ ! "$HESTIA_V" = "$VERSION" ]; then
-    sed -i "s/VERSION=.*/VERSION='$HESTIA_V'/g" /usr/local/hestia/conf/hestia.conf
-fi
+HESTIA_V=$(dpkg -s hestia | grep -i version | awk '{ print $2 }')

src/deb/nginx/control

@@ -1,7 +1,7 @@
 Source: hestia-nginx
 Package: hestia-nginx
 Priority: optional
-Version: 1.21.3
+Version: 1.21.4
 Section: admin
 Maintainer: HestiaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

src/deb/nginx/copyright

@@ -3,7 +3,7 @@ Upstream-Name: hestia
 Source: https://www.hestiacp.com
 
 Files: *
-Copyright: 2018 HestiaCP <info@hestiacp.com>
+Copyright: 2018-2021, Hestia Control Panel <info@hestiacp.com>
 License: GPL-3.0+
 Remarks: Hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
 

src/deb/php/control

@@ -1,7 +1,7 @@
 Source: hestia-php
 Package: hestia-php
 Priority: optional
-Version: 7.4.25
+Version: 7.4.26
 Section: admin
 Maintainer: HestaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com

src/deb/php/copyright

@@ -3,7 +3,7 @@ Upstream-Name: hestia
 Source: https://www.hestiacp.com
 
 Files: *
-Copyright: 2018 HestiaCP <info@hestiacp.com>
+Copyright: 2018-2021, Hestia Control Panel <info@hestiacp.com>
 License: GPL-3.0+
 Remarks: Hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
 

src/hst_autocompile.sh

@@ -89,6 +89,7 @@ usage() {
     echo "  Options:"
     echo "    --install       Install generated packages"
     echo "    --keepbuild     Don't delete downloaded source and build folders"
+    echo "    --cross         Compile hestia package for both AMD64 and ARM64"
     echo "    --debug         Debug mode"
     echo ""
     echo "For automated builds and installations, you may specify the branch"
@@ -153,6 +154,9 @@ for i in $*; do
         --keepbuild)
           KEEPBUILD='true'
           ;;
+        --cross)
+          CROSS='true'
+          ;;
         --help|-h)
           usage
           exit 1
@@ -303,6 +307,10 @@ branch_dash=$(echo "$branch" |sed 's/\//-/g');
 
 if [ "$NGINX_B" = true ] ; then
     echo "Building hestia-nginx package..."
+    if [ "$CROSS" = "true" ]; then 
+      echo "Cross compile not supported for hestia-nginx or hestia-php"
+      exit 1;
+    fi
     # Change to build directory
     cd $BUILD_DIR
 
@@ -442,6 +450,11 @@ fi
 #################################################################################
 
 if [ "$PHP_B" = true ] ; then
+    if [ "$CROSS" = "true" ]; then 
+      echo "Cross compile not supported for hestia-nginx or hestia-php"
+      exit 1;
+    fi
+    
     echo "Building hestia-php package..."
 
     BUILD_DIR_HESTIAPHP=$BUILD_DIR/hestia-php_$PHP_V
@@ -581,87 +594,96 @@ fi
 #
 #################################################################################
 
-if [ "$HESTIA_B" = true ]; then
-    echo "Building Hestia Control Panel package..."
-    
-    BUILD_DIR_HESTIA=$BUILD_DIR/hestia_$HESTIA_V
-
-    # Change to build directory
-    cd $BUILD_DIR
-
-    if [ "$KEEPBUILD" != 'true' ] || [ ! -d "$BUILD_DIR_HESTIA" ]; then
-        # Check if target directory exist
-        if [ -d $BUILD_DIR_HESTIA ]; then
-            rm -r $BUILD_DIR_HESTIA
-        fi
-
-        # Create directory
-        mkdir -p $BUILD_DIR_HESTIA
-    fi
-
-    cd $BUILD_DIR
-    rm -rf $BUILD_DIR/hestiacp-$branch_dash
-    # Download and unpack source files
-    if [ "$use_src_folder" == 'true' ]; then
-        [ "$HESTIA_DEBUG" ] && echo DEBUG: cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
-        cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
-    elif [ -d $SRC_DIR ]; then
-        download_file $HESTIA_ARCHIVE_LINK '-' 'fresh' | tar xz
-    fi
-
-    mkdir -p $BUILD_DIR_HESTIA/usr/local/hestia
+arch="$BUILD_ARCH"
 
-    # Move needed directories
-    cd $BUILD_DIR/hestiacp-$branch_dash
-    cp -rf bin func install web $BUILD_DIR_HESTIA/usr/local/hestia/
-
-    # Set permissions
-    find $BUILD_DIR_HESTIA/usr/local/hestia/ -type f -exec chmod -x {} \;
-    
-    # Allow send email via /usr/local/hestia/web/inc/mail-wrapper.php via cli
-    chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/web/inc/mail-wrapper.php
-    # Allow the executable to be executed
-    chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/bin/*
-    find $BUILD_DIR_HESTIA/usr/local/hestia/install/ \( -name '*.sh' \) -exec chmod +x {} \;
-    chmod -x $BUILD_DIR_HESTIA/usr/local/hestia/install/* 
-    chown -R root:root $BUILD_DIR_HESTIA
-
-    if [ "$BUILD_DEB" = true ]; then
-        # Get Debian package files
-        mkdir -p $BUILD_DIR_HESTIA/DEBIAN
-        get_branch_file 'src/deb/hestia/control' "$BUILD_DIR_HESTIA/DEBIAN/control"
-        if [ "$BUILD_ARCH" != "amd64" ]; then
-            sed -i "s/amd64/${BUILD_ARCH}/g" "$BUILD_DIR_HESTIA/DEBIAN/control"
-        fi
-        get_branch_file 'src/deb/hestia/copyright' "$BUILD_DIR_HESTIA/DEBIAN/copyright"
-        get_branch_file 'src/deb/hestia/postinst' "$BUILD_DIR_HESTIA/DEBIAN/postinst"
-        chmod +x $BUILD_DIR_HESTIA/DEBIAN/postinst
-
-        echo Building Hestia DEB
-        dpkg-deb --build $BUILD_DIR_HESTIA $DEB_DIR
-    fi
-
-    if [ "$BUILD_RPM" = true ]; then
-        # Get RHEL package files
-        get_branch_file 'src/rpm/hestia/hestia.spec' "${BUILD_DIR_HESTIA}/hestia.spec"
-        sed -i "s/%HESTIA-VERSION%/${HESTIA_V}/g" "${BUILD_DIR_HESTIA}/hestia.spec"
-        get_branch_file 'src/rpm/hestia/hestia.service' "${BUILD_DIR_HESTIA}/hestia.service"
-
-        # Build RPM package
-        mkdir -p $BUILD_DIR/rpmbuild
-        echo Building Hestia RPM
-        rpmbuild -bb --define "sourcedir $BUILD_DIR_HESTIA" --buildroot=$BUILD_DIR/rpmbuild/ ${BUILD_DIR_HESTIA}/hestia.spec > ${BUILD_DIR_HESTIA}.rpm.log
-        cp ~/rpmbuild/RPMS/x86_64/hestia-*.rpm $RPM_DIR
-        rm ~/rpmbuild/RPMS/x86_64/hestia-*.rpm
-        rm -rf $BUILD_DIR/rpmbuild
-    fi
-
-    # clear up the source folder
-    if [ "$KEEPBUILD" != 'true' ]; then
-        rm -r $BUILD_DIR_HESTIA
-        rm -rf hestiacp-$branch_dash
-    fi
-    cd $BUILD_DIR/hestiacp-$branch_dash
+if [ "$HESTIA_B" = true ]; then
+  if [ "$CROSS" = "true" ]; then 
+    arch="amd64 arm64"
+  fi
+  for BUILD_ARCH in $arch; do 
+      echo "Building Hestia Control Panel package..."
+      
+      BUILD_DIR_HESTIA=$BUILD_DIR/hestia_$HESTIA_V
+  
+      # Change to build directory
+      cd $BUILD_DIR
+  
+      if [ "$KEEPBUILD" != 'true' ] || [ ! -d "$BUILD_DIR_HESTIA" ]; then
+          # Check if target directory exist
+          if [ -d $BUILD_DIR_HESTIA ]; then
+              rm -r $BUILD_DIR_HESTIA
+          fi
+  
+          # Create directory
+          mkdir -p $BUILD_DIR_HESTIA
+      fi
+  
+      cd $BUILD_DIR
+      rm -rf $BUILD_DIR/hestiacp-$branch_dash
+      # Download and unpack source files
+      if [ "$use_src_folder" == 'true' ]; then
+          [ "$HESTIA_DEBUG" ] && echo DEBUG: cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
+          cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
+      elif [ -d $SRC_DIR ]; then
+          download_file $HESTIA_ARCHIVE_LINK '-' 'fresh' | tar xz
+      fi
+  
+      mkdir -p $BUILD_DIR_HESTIA/usr/local/hestia
+  
+      # Move needed directories
+      cd $BUILD_DIR/hestiacp-$branch_dash
+      cp -rf bin func install web $BUILD_DIR_HESTIA/usr/local/hestia/
+  
+      # Set permissions
+      find $BUILD_DIR_HESTIA/usr/local/hestia/ -type f -exec chmod -x {} \;
+      
+      # Allow send email via /usr/local/hestia/web/inc/mail-wrapper.php via cli
+      chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/web/inc/mail-wrapper.php
+      # Allow the executable to be executed
+      chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/bin/*
+      find $BUILD_DIR_HESTIA/usr/local/hestia/install/ \( -name '*.sh' \) -exec chmod +x {} \;
+      chmod -x $BUILD_DIR_HESTIA/usr/local/hestia/install/* 
+      chown -R root:root $BUILD_DIR_HESTIA
+  
+      if [ "$BUILD_DEB" = true ]; then
+          # Get Debian package files
+          mkdir -p $BUILD_DIR_HESTIA/DEBIAN
+          get_branch_file 'src/deb/hestia/control' "$BUILD_DIR_HESTIA/DEBIAN/control"
+          if [ "$BUILD_ARCH" != "amd64" ]; then
+              sed -i "s/amd64/${BUILD_ARCH}/g" "$BUILD_DIR_HESTIA/DEBIAN/control"
+          fi
+          get_branch_file 'src/deb/hestia/copyright' "$BUILD_DIR_HESTIA/DEBIAN/copyright"
+          get_branch_file 'src/deb/hestia/preinst' "$BUILD_DIR_HESTIA/DEBIAN/preinst"
+          get_branch_file 'src/deb/hestia/postinst' "$BUILD_DIR_HESTIA/DEBIAN/postinst"
+          chmod +x $BUILD_DIR_HESTIA/DEBIAN/postinst
+          chmod +x $BUILD_DIR_HESTIA/DEBIAN/preinst
+  
+          echo Building Hestia DEB
+          dpkg-deb --build $BUILD_DIR_HESTIA $DEB_DIR
+      fi
+  
+      if [ "$BUILD_RPM" = true ]; then
+          # Get RHEL package files
+          get_branch_file 'src/rpm/hestia/hestia.spec' "${BUILD_DIR_HESTIA}/hestia.spec"
+          sed -i "s/%HESTIA-VERSION%/${HESTIA_V}/g" "${BUILD_DIR_HESTIA}/hestia.spec"
+          get_branch_file 'src/rpm/hestia/hestia.service' "${BUILD_DIR_HESTIA}/hestia.service"
+  
+          # Build RPM package
+          mkdir -p $BUILD_DIR/rpmbuild
+          echo Building Hestia RPM
+          rpmbuild -bb --define "sourcedir $BUILD_DIR_HESTIA" --buildroot=$BUILD_DIR/rpmbuild/ ${BUILD_DIR_HESTIA}/hestia.spec > ${BUILD_DIR_HESTIA}.rpm.log
+          cp ~/rpmbuild/RPMS/x86_64/hestia-*.rpm $RPM_DIR
+          rm ~/rpmbuild/RPMS/x86_64/hestia-*.rpm
+          rm -rf $BUILD_DIR/rpmbuild
+      fi
+  
+      # clear up the source folder
+      if [ "$KEEPBUILD" != 'true' ]; then
+          rm -r $BUILD_DIR_HESTIA
+          rm -rf hestiacp-$branch_dash
+      fi
+      cd $BUILD_DIR/hestiacp-$branch_dash
+  done
 fi
 
 

web/api/index.php

@@ -42,14 +42,14 @@ function api($hst_hash, $hst_user, $hst_password, $hst_returncode, $hst_cmd, $hs
     $settings = json_decode(implode('', $output), true);
     unset($output);
     if( $settings['config']['API'] != 'yes' ){
-        echo 'Error: authentication failed';
+        echo 'Error: API has been disabled';
         exit;
     }
     if ( $settings['config']['API_ALLOWED_IP'] != 'allow-all' ){
         $ip_list = explode(',',$settings['config']['API_ALLOWED_IP']);
         $ip_list[] = '127.0.0.1';
         if ( !in_array(get_real_user_ip(), $ip_list)){
-           echo 'Error: authentication failed';
+           echo 'Error: IP is not allowed to connect with API';
            exit; 
         }
     }

web/edit/web/index.php

@@ -260,7 +260,7 @@ if (!empty($_POST['save'])) {
         if (($_SESSION['WEB_SYSTEM'] == 'nginx') && ($v_nginx_cache_check != $_POST['v_nginx_cache_check']) || ($v_nginx_cache_duration != $_POST['v_nginx_cache_duration'] && $_POST['v_nginx_cache'] = "yes") && (empty($_SESSION['error_msg']))) {
             if ($_POST['v_nginx_cache_check'] == 'on') {
                 if (empty($_POST['v_nginx_cache_duration'])) {
-                    echo $_POST['v_nginx_cache_duration'] = "2m";
+                    $_POST['v_nginx_cache_duration'] = "2m";
                 }
                 exec(HESTIA_CMD."v-add-fastcgi-cache ".$v_username." ".escapeshellarg($v_domain).' '. escapeshellarg($_POST['v_nginx_cache_duration']), $output, $return_var);
                 check_return_code($return_var, $output);