Merge branch 'master' of github.com:serghey-rodin/vesta

func/main.sh

@@ -2,7 +2,7 @@
 # Internal variables
 HOMEDIR='/home'
 BACKUP='/backup'
-BACKUP_GZIP=5
+BACKUP_GZIP=9
 BACKUP_DISK_LIMIT=95
 BACKUP_LA_LIMIT=5
 RRD_STEP=300

install/ubuntu/16.04/dovecot/conf.d/10-ssl.conf

@@ -1,3 +1,5 @@
 ssl = yes
+ssl_protocols = !SSLv2 !SSLv3
+
 ssl_cert = </usr/local/vesta/ssl/certificate.crt
 ssl_key = </usr/local/vesta/ssl/certificate.key

install/ubuntu/16.04/dovecot/dovecot.conf

@@ -2,3 +2,23 @@ protocols = imap pop3
 listen = *, ::
 base_dir = /var/run/dovecot/
 !include conf.d/*.conf
+
+namespace {
+    type = private
+    separator = /
+    prefix =
+    inbox = yes
+
+    mailbox Sent {
+        auto = subscribe
+        special_use = \Sent
+    }
+    mailbox Drafts {
+        auto = subscribe
+        special_use = \Drafts
+    }
+    mailbox Trash {
+        auto = subscribe
+        special_use = \Trash
+    }
+}

install/ubuntu/16.04/exim/exim4.conf.template

@@ -8,6 +8,7 @@
 #SPAM_SCORE = 50
 #CLAMD =  yes
 
+disable_ipv6 = true
 domainlist local_domains = dsearch;/etc/exim4/domains/
 domainlist relay_to_domains = dsearch;/etc/exim4/domains/
 hostlist relay_from_hosts = 127.0.0.1

install/ubuntu/16.04/nginx/nginx.conf

@@ -1,7 +1,8 @@
 # Server globals
 user                    www-data;
-worker_processes        2;
-error_log               /var/log/nginx/error.log;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log crit;
 pid                     /var/run/nginx.pid;
 
 
@@ -9,6 +10,7 @@ pid                     /var/run/nginx.pid;
 events {
         worker_connections  1024;
         use                 epoll;
+        multi_accept        on;
 }
 
 
@@ -37,7 +39,7 @@ http {
                         '"$status" $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for"';
     log_format  bytes   '$body_bytes_sent';
-    #access_log          /var/log/nginx/access.log  main;
+    #access_log          /var/log/nginx/access.log main;
     access_log off;
 
 
@@ -51,9 +53,9 @@ http {
     gzip_comp_level     9;
     gzip_min_length     512;
     gzip_buffers        8 64k;
-    gzip_types          text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
     gzip_proxied        any;
-
+    gzip_disable        "MSIE [1-6]\.";
 
     # Proxy settings
     proxy_redirect      off;

install/ubuntu/16.04/pma/apache.conf

@@ -15,7 +15,7 @@ Alias /phpmyadmin /usr/share/phpmyadmin
 		php_admin_flag allow_url_fopen Off
 		php_value include_path .
 		php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
-		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
+		php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/
 	</IfModule>
 
 </Directory>

install/ubuntu/16.04/roundcube/main.inc.php

@@ -448,7 +448,7 @@ $rcmail_config['create_default_folders'] = true;
 $rcmail_config['protect_default_folders'] = true;
 
 // if in your system 0 quota means no limit set this option to true 
-$rcmail_config['quota_zero_as_unlimited'] = false;
+$rcmail_config['quota_zero_as_unlimited'] = true;
 
 // Make use of the built-in spell checker. It is based on GoogieSpell.
 // Since Google only accepts connections over https your PHP installatation
@@ -724,8 +724,8 @@ $rcmail_config['htmleditor'] = 0;
 // show pretty dates as standard
 $rcmail_config['prettydate'] = true;
 
-// save compose message every 300 seconds (5min)
-$rcmail_config['draft_autosave'] = 300;
+// save compose message every 30 seconds
+$rcmail_config['draft_autosave'] = 30;
 
 // default setting if preview pane is enabled
 $rcmail_config['preview_pane'] = false;

install/ubuntu/16.04/templates/dns/child-ns.tpl

@@ -9,3 +9,4 @@ ID='8' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time
 ID='9' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='11' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='12' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%'

install/ubuntu/16.04/templates/dns/default.tpl

@@ -13,3 +13,4 @@ ID='12' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%tim
 ID='13' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='14' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%'
 ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ?all"' SUSPENDED='no' TIME='%time%' DATE='%date%'
+ID='16' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%'

install/ubuntu/16.04/vsftpd/vsftpd.conf

@@ -17,10 +17,11 @@ tcp_wrappers=YES
 force_dot_files=YES
 ascii_upload_enable=YES
 ascii_download_enable=YES
-#allow_writable_chroot=YES
 allow_writeable_chroot=YES
 seccomp_sandbox=NO
 pasv_enable=YES
-pasv_max_port=12100
 pasv_min_port=12000
+pasv_max_port=12100
+max_per_ip=10
+max_clients=100
 use_localtime=YES

install/vst-install-ubuntu.sh

@@ -273,7 +273,7 @@ fi
 #                       Brief Info                         #
 #----------------------------------------------------------#
 
-# Printing nice ascii aslogo
+# Printing nice ASCII logo
 clear
 echo
 echo ' _|      _|  _|_|_|_|    _|_|_|  _|_|_|_|_|    _|_|'
@@ -508,7 +508,7 @@ if [ "$release" = '16.04' ] && [ -e '/etc/init.d/mysql' ]; then
 fi
 
 
-# Backup vesta
+# Backup Vesta
 service vesta stop > /dev/null 2>&1
 cp -r $VESTA/* $vst_backups/vesta > /dev/null 2>&1
 apt-get -y remove vesta vesta-nginx vesta-php > /dev/null 2>&1
@@ -607,7 +607,7 @@ chmod a+x /usr/sbin/policy-rc.d
 apt-get -y install $software
 check_result $? "apt-get install failed"
 
-# Restore  policy
+# Restore policy
 rm -f /usr/sbin/policy-rc.d
 
 
@@ -625,8 +625,8 @@ rm -f /etc/cron.d/awstats
 # Set directory color
 echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
 
-# Register /sbin/nologin
-echo "/sbin/nologin" >> /etc/shells
+# Register /usr/sbin/nologin
+echo "/usr/sbin/nologin" >> /etc/shells
 
 # NTP Synchronization
 echo '#!/bin/sh' > /etc/cron.daily/ntpdate
@@ -662,10 +662,10 @@ echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile
 echo 'export PATH' >> /root/.bash_profile
 source /root/.bash_profile
 
-# Configuring logrotate for vesta logs
+# Configuring logrotate for Vesta logs
 wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta
 
-# Buidling directory tree and creating some blank files for vesta
+# Buidling directory tree and creating some blank files for Vesta
 mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \
     $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \
     $VESTA/data/sessions
@@ -681,12 +681,12 @@ ln -s $VESTA/log /var/log/vesta
 chown admin:admin $VESTA/data/sessions
 chmod 770 $VESTA/data/sessions
 
-# Generating vesta configuration
+# Generating Vesta configuration
 rm -f $VESTA/conf/vesta.conf 2>/dev/null
 touch $VESTA/conf/vesta.conf
 chmod 660 $VESTA/conf/vesta.conf
 
-# WEB stack
+# Web stack
 if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then
     echo "WEB_SYSTEM='apache2'" >> $VESTA/conf/vesta.conf
     echo "WEB_RGROUPS='www-data'" >> $VESTA/conf/vesta.conf
@@ -892,7 +892,7 @@ done
 
 
 #----------------------------------------------------------#
-#                    Configure VSFTPD                      #
+#                    Configure Vsftpd                      #
 #----------------------------------------------------------#
 
 if [ "$vsftpd" = 'yes' ]; then
@@ -929,14 +929,14 @@ if [ "$mysql" = 'yes' ]; then
         mycnf="my-large.cnf"
     fi
 
-    # MySQL configuration
+    # Configuring MySQL/MariaDB
     wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf
     mysql_install_db
     update-rc.d mysql defaults
     service mysql start
     check_result $? "mysql start failed"
 
-    # Securing MySQL installation
+    # Securing MySQL/MariaDB installation
     mysqladmin -u root password $vpass
     echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf
     chmod 600 /root/.my.cnf
@@ -1074,7 +1074,7 @@ fi
 
 
 #----------------------------------------------------------#
-#                   Configure RoundCube                    #
+#                   Configure Roundcube                    #
 #----------------------------------------------------------#
 
 if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
@@ -1146,16 +1146,16 @@ if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
     groupdel admin > /dev/null 2>&1
 fi
 
-# Adding vesta account
+# Adding Vesta admin account
 $VESTA/bin/v-add-user admin $vpass $email default System Administrator
 check_result $? "can't create admin user"
 $VESTA/bin/v-change-user-shell admin bash
 $VESTA/bin/v-change-user-language admin $lang
 
-# Configuring system ips
+# Configuring system IPs
 $VESTA/bin/v-update-sys-ip
 
-# Get main ip
+# Get main IP
 ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)
 
 # Firewall configuration
@@ -1163,20 +1163,20 @@ if [ "$iptables" = 'yes' ]; then
     $VESTA/bin/v-update-firewall
 fi
 
-# Get public ip
+# Get public IP
 pub_ip=$(curl -s vestacp.com/what-is-my-ip/)
 if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
     $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip
     ip=$pub_ip
 fi
 
-# Configuring mysql host
+# Configuring MySQL host
 if [ "$mysql" = 'yes' ]; then
     $VESTA/bin/v-add-database-host mysql localhost root $vpass
     $VESTA/bin/v-add-database admin default default $(gen_pass) mysql
 fi
 
-# Configuring pgsql host
+# Configuring PostgreSQL host
 if [ "$postgresql" = 'yes' ]; then
     $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass
     $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql
@@ -1203,7 +1203,7 @@ command="sudo $VESTA/bin/v-update-sys-rrd"
 $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
 service cron restart
 
-# Building inititall rrd images
+# Building initital rrd images
 $VESTA/bin/v-update-sys-rrd
 
 # Enabling file system quota
@@ -1211,7 +1211,7 @@ if [ "$quota" = 'yes' ]; then
     $VESTA/bin/v-add-sys-quota
 fi
 
-# Starting vesta service
+# Starting Vesta service
 update-rc.d vesta defaults
 service vesta start
 check_result $? "vesta start failed"
@@ -1231,7 +1231,7 @@ $VESTA/bin/v-add-cron-vesta-autoupdate
 # Sending install notification to vestacp.com
 wget vestacp.com/notify/?$codename -O /dev/null -q
 
-# Comparing hostname and ip
+# Comparing hostname and IP
 host_ip=$(host $servername| head -n 1 | awk '{print $NF}')
 if [ "$host_ip" = "$ip" ]; then
     ip="$servername"