Frontend URLs for phpMyAdmin and Roundcube have been reverted to the default (/phpmyadmin & /webmail) after update to the latest version.

Operating System (OS/VERSION):

Debian 9, Ubuntu 18.04

Installed Software (what you got with the installer):

Apache, Nginx, PHP-FPM, MySQL

Steps to Reproduce:

bash hst-install.sh

Other Notes:

Came up after change to write in log file, it shows now the following line:
Extracting templates from packages: 100%

I need to setup an openvpn server listening in port 443 (tcp) to circumevent firewall restrictions. Which templates need to be edited for nginx/apache to listen on localhost:443 instead of publicip:443?

Im getting a new error during install

cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/templates/web/unassigned/*': No such file or directory

Operating System (OS/VERSION):

Ubuntu 18.04.2

HestiaCP Version:

0.9.8 Release 26

Installed Software (what you got with the installer):

Default Install

Steps to Reproduce:

Enable SSL on a site and choose Lets Encrypt support option then click save

I know this can be done via the command line but it would be nice to have it on the web interface as well, similar to the way LE is implemented with sites.

Is it possible to migrate from VestaCP or would I have to start with a clean server?

If possible, better to add more DNS templates mainly for EMail MX records..

https://raw.githubusercontent.com/vvcares/hestia/master/microsoftoutlook.tpl
https://raw.githubusercontent.com/vvcares/hestia/master/zoho.tpl

01c1b54#commitcomment-32225303

I feel this is really a security flaw.
The normal USER should not able to change the WEB/PROXY templates.

Operating System (OS/VERSION):

Debain 8 and Ubuntu 16.04 (probaly also 14.04)

HestiaCP Version:

0.9.8-25

Installed Software (what you got with the installer):

Apache2 + Nginx

Steps to Reproduce:

service hestia start
/usr/local/hestia/php/bin/php -v

Other Notes:

Error Message:
root@web03:/usr/local/hestia/php/bin# ./php -v
./php: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or dire

Seems to be a problem with older OS Versions, the deb packages are running properly on Ubuntu 18.04 and Debian 9.

I get the following error with ubuntu LXC under proxmox im able to bypass it with the -f

root@web01:~# bash hst-install.sh
Please wait a few seconds, we update your repository before we start the installation process...
Install missing apt-add-repository...
!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!

Noticed a empty netplan configuration directory.
You may have a network configuration file using systemd-networkd,
we strongly suggest to migrate to a fully netplan configuration.

You can leave this like it is, but you will be not able to use
additional ips properly

If you want to force installation run this script with -f option:
Example: bash hst-install-ubuntu.sh --force

!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!

Error: Noticed unused netplan configuration.
root@web01:~#

The problem

Vesta CP provides by default a backup system, this backup system creates a tar for each user every day (by default 10 copies are saved), But this way of making backups has some disadvantages when you have a lot of users:

Server overload. Earch time the backup is run, a complete copy of user files are saved.
Disk space consumption. Each backup copy contains a full backup of the user files. So its very easy to run out of disk space.

The solution

An incremental backup is one in which successive copies of the data contain only the portion that has changed since the preceding backup copy was made. This way you can store lot of backups points, without making a full backup each time.

Borg Backup does an excellent job making incremental backups. And provide very interesting features such as compression, encryption and good performance. You can get more info at https://www.borgbackup.org/

https://github.com/ramirojoaquin/vestacp-borg-incremental-backups

Actually we can backup full installations local or vis sftp/scp.

Additional remote backup providers may be easily integrated using rClone.
--> https://rclone.org/

Operating System (OS/VERSION):

Ubuntu 18.04.2

HestiaCP Version:

Latest

Installed Software (what you got with the installer):

nginx php-fpm

Steps to Reproduce:

delete an email in roundcube

Related Issues/Forum Threads:

Other Notes:

It grays the message out but does not move the email to the Trash. When I send an email it goes into the sent folder which is correct. Maybe a misconfiguration somewhere

Remove or disable the firewall rule that opens up mysql port 3306. Users may add it later if they need it.

When a new mysql user is created, only add the user for localhost as default. Do not create additional user for host = "%". Users may add this later if they need it.

For example if DNS and mail are not chosen for install in the beginning. Then hide their web control panel counterparts, or if you wanted to use hestiacp just for DNS Only, then only show the DNS portion in web panel.

Brief issue description:

Firewall Issue (Needs complete server restart to apply the changes)

Operating system distribution and release:

Ubuntu 18.04 LTS

HestiaCP Version:

Type here (e.g. 0.9.8-27)

What software is installed?

Apache, Nginx, PHP-FPM, Dovecot/Exim, MariaDB

Maybe giving the user the opportunity to install sslh during installation of hestiacp? Additionally every nginx (or apache) template has to be edited to listen on 127.0.0.1 instead of %ip%.

sslh is essential if one needs to setup openvpn, a webserver and/or ssh to listen on tcp port 443.

There is a spelling differed..
v-add-letsencrypt-domain
Line#193 - Let's Encrypt vvalidation status

http://www.openwebanalytics.com/ seems like a much more modern free opensource option to awstats and webalizer

Operating System (OS/VERSION):

Ubuntu 18.04 LTS

HestiaCP Version:

0.9.8-25 (latest available public version)

Installed Software (what you got with the installer):

Defaults - Apache, Nginx, MariaDB, Iptables/Fail2ban, Dovecot/Exim

Steps to Reproduce:

1. Install HestiaCP
2. Configure custom name servers to point to your HestiaCP installation

Behavior:

All DNS resolution for hosted domains fails even though named/bind9 is running.

Fix for existing installations:

echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named

Other Notes:

This appears to be caused by AppArmor not allowing BIND to read the DNS databases located under /home/ because the install script isn't writing the necessary data correctly.

I've fixed this during installation in my fork with this commit: https://github.com/kristankenney/hestiacp/commit/e8694b010b2430739c920ac24db37468480717c3

I noticed when trying to install hestiacp, if i have postfix or ufw installled. Hestia wants you to remove the packages before continuing, It would be nice to have a switch to remove unnecessary packages before install. If the switch is not used then ask in order to continue these packages must be removed Would you like to remove them Y/n Maybe something to that nature

This could be useful, a lot mail users choose not to empty their trash and spam, this could could help with the build up tremendously.

I tried to read the DKIM key for my mail domains.

/usr/local/hestia/bin/v-list-mail-domain-dkim-dns user domain.tld
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 18: /func/main.sh: No such file or directory
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 59: check_args: command not found
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 60: is_object_valid: command not found
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 61: is_object_valid: command not found
RECORD            TTL         TYPE      VALUE
------            ---         ----      -----
_domainkey        3600   IN   TXT      "t=y; o=~;"
mail._domainkey   3600   IN   TXT      "k=rsa; p=DKIM-SUPPORT-IS-NOT-ACTIVATED"

Reactivating it in the WI gives no error message, but no DKIM key is generated. Trying to add a domain with v-add-mail-domain-dkim fails with

/usr/local/hestia/bin/v-add-mail-domain-dkim user domain2.tld
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 19: /func/main.sh: No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 20: /func/domain.sh: No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 21: /conf/hestia.conf: No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 31: format_domain: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 32: format_domain_idn: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 40: check_args: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 41: is_format_valid: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 42: is_system_enabled: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 43: is_object_valid: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 44: is_object_unsuspended: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 45: is_object_valid: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 46: is_object_unsuspended: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 47: is_object_value_empty: command not found
chmod: cannot access '/mail/domain2.tld.*': No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 85: update_object_value: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 86: increase_user_value: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 89: log_history: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 90: log_event: command not found

Adding new mail domains creates a private dkim key, but no public one.

Hi,

Is there a way to install MYSQL instead of MariaDB and install a certain version? I have an old backup of a site and the script is not compatible with mysql/mariadb newest version so I would like to install old version and then upgrade the script to latest version which would be compatible with MariaDB newest version and then upgrade MariaDB again.

Is ther a way to do so? Maybe by uninstalling MariaDB and then change the repo to my desired version? and run installer?

running installer on debian stretch tries to add mariadb repo (ams DO) and gpg-key which fails:

Upgrade System using apt-get...
W: GPG-Fehler: http://ams2.mirrors.digitalocean.com/mariadb/repo/10.3/debian stretch InRelease: Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY F1656F24C74CD1D8
W: The repository 'http://ams2.mirrors.digitalocean.com/mariadb/repo/10.3/debian stretch InRelease' is not signed.

cause for this is the missing 'dirmngr' package:

# apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
Executing: /tmp/apt-key-gpghome.91Xcxd0wMP/gpg.1.sh --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
gpg: failed to start the dirmngr '/usr/bin/dirmngr': Datei oder Verzeichnis nicht gefunden
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.91Xcxd0wMP/S.dirmngr' failed: Datei oder Verzeichnis nicht gefunden
gpg: keyserver receive failed: Kein Dirmngr

installing the missing package via 'apt install dirmngr' fixes that problem and the installer runs through.

Operating System (OS/VERSION):

Ubuntu 18.04

HestiaCP Version:

Alpha Test

Installed Software (what you got with the installer):

Nginx, PHP-FPM 7.3

Steps to Reproduce:

When you add an SSL for a website, it is saved but not displayed from the panel. This issue exists for non LetsEncrypt SSLs.

Any plans to support CentOS 7?

Operating System (OS/VERSION):

Ubuntu 18.04 LTS

HestiaCP Version:

master (current)

Installed Software (what you got with the installer):

default (all?)

Steps to Reproduce:

Simply run the downloaded hst-install.sh on Ubuntu 18.04 LTS after removing the preinstalled ufw firewall. Press y to install, enter admin email address, enter FQDN hostname, then it will attempt to install, followed by an error on line 800 of hst-install-ubuntu.sh (ntpdate: command not found), then several more errors (output pasted below in Other Notes).

Related Issues/Forum Threads:

#117 (possibly related)

Other Notes:

Output:

root@cms:~# bash hst-install.sh
Please wait a few seconds, we update your repository before we start the installation process...


  _   _           _   _        ____ ____  
 | | | | ___  ___| |_(_) __ _ / ___|  _ \ 
 | |_| |/ _ \/ __| __| |/ _` | |   | |_) |
 |  _  |  __/\__ \ |_| | (_| | |___|  __/ 
 |_| |_|\___||___/\__|_|\__,_|\____|_|    

                      Hestia Control Panel



The following software will be installed on your system:
   - Nginx Web Server
   - Apache Web Server (as backend)
   - Bind DNS Server
   - Exim Mail Server
   - Dovecot POP3/IMAP Server
   - MariaDB Database Server
   - Vsftpd FTP Server
   - Iptables Firewall + Fail2Ban


Would you like to continue [y/n]: y
Please enter admin email address: **REDACTED**
Please enter FQDN hostname [cms.**REDACTED**]: cms.**REDACTED**

Installation backup directory: /root/hst_install_backups/220220191332
Installation Log File: /root/hst_install_backups/hst_install-220220191332.log

Upgrade System using apt-get...\
Install third party repository keys... 
Install HestiaCP and all required packages, the process will take around 10-15 minutes.../
hst-install-ubuntu.sh: line 800: ntpdate: command not found
sed: can't read /etc/rssh.conf: No such file or directory
sed: can't read /etc/rssh.conf: No such file or directory
sed: can't read /etc/rssh.conf: No such file or directory
chmod: cannot access '/usr/bin/rssh': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/sudo/admin': No such file or directory
chmod: cannot access '/etc/sudoers.d/admin': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/logrotate/hestia': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/packages': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/templates': No such file or directory
cp: cannot stat '/usr/local/hestia/data/templates/web/skel/public_html/index.html': No such file or directory
sed: can't read /var/www/index.html: No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/firewall': No such file or directory
hst-install-ubuntu.sh: line 952: /usr/local/hestia/bin/v-generate-ssl-cert: No such file or directory
sed: -e expression #1, char 3: unexpected `,'
sed: -e expression #1, char 1: unknown command: `,'
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/nginx.conf': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/status.conf': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/phpmyadmin.inc': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/phppgadmin.inc': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/webmail.inc': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/logrotate/nginx': No such file or directory
hst-install-ubuntu.sh: line 986: /etc/nginx/conf.d/hestia.conf: No such file or directory
Failed to start nginx.service: Unit nginx.service not found.
Error: nginx start failed

It appears that ntpdate is not installed by default on Ubuntu 18.04 LTS, perhaps we need to include its installation in the bash file IF it is not already installed.
line 796-800 in hst-install-ubuntu.sh:

# Configuring NTP
echo '#!/bin/sh' > /etc/cron.daily/ntpdate
echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate
chmod 755 /etc/cron.daily/ntpdate
ntpdate -s pool.ntp.org

It appears that rssh isn't installed by default on Ubuntu 18.04 LTS, perhaps we need to include its installation in the bash file IF it is not already installed.
line 802-809 in hst-install-ubuntu.sh:

# Setup rssh
if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then
    echo /usr/bin/rssh >> /etc/shells
fi
sed -i 's/#allowscp/allowscp/' /etc/rssh.conf
sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf
sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf
chmod 755 /usr/bin/rssh

In 4 instances of spinning up ubuntu 18.04 LXC containers in proxmox, after the install hestiacp default options. I am not able to resolve names to IP (DNS) Although disabling iptables corrects the issue. I was able to replicate the issue 4 times not sure whats causing this. Ill try with debian 9 LXC tmrw. Im sure KVM VM will not be affected but I will try that as well.

Integration of 2FA (2 Factor Authentication) would be nice to have for

• Web Authentication
• SSH Connections (possibly via PAM Modules like libpam-google-authenticator)

is this limitation still relevant with the latest version of mariaDB? if so we can remove this limitation when adding a database

Hi,
The issue : ROUNDCUBE configs modifications..

1. If we use custom hestia port, the same have to update inside roundcube configs.
2. For Roundcube password change plugin, need to manually hardcode the hostname & port number again.

Is it possible to replace your installation files, with dynamic variables as %HOSTNAME%, %Hestiaport% etc..?
for Eg:

When you add a web domain via web interface it by default creates a mail subhost for that domain. It would be nice to have a checkbox to enable letsencrypt for that sub domain for imap and exim. This will eliminate the Cert Verify notice on mail clients when they use as thunderbird, outook etc

Operating System (OS/VERSION):

All Supported

HestiaCP Version:

Current Stable

Feature Request:

Functionality to check for the FQDN of the server within all websites, see if letsencrypt cert exists, if exists use letsencrypt cert for each hestiacp, exim, and dovecot where it will be updated along with the website.

Maybe just check in the admin's websites for the FQDN, but have an option on the Server Settings to choose a different user that hosts the FQDN along with an override for the letsencrypt cert if it doesn't exist.

something like

if (exists(FQDN.letsencrypt.cert)){
use FQDN.letsencrypt.cert for hestia, exim, & dovecot
} else {
use default cert for hestia, exim, & dovecot
}

see forum post that uses built in functionality of vestacp

Related Issues/Forum Threads:

https://forum.vestacp.com/viewtopic.php?f=10&t=17353&sid=5afd6ecfd9668cd77559db939311b5e3

1 click word press install when setting up a new site in the web interface

Downloads latest wordpress set permissions and create database

Ability to change the branding (logo, text) for hestiaCP Web panel and roundcube webmail using the web interface.

Hi,

How to enable ssl for the hostname?

It is currently possible to sign the host's services (control panel, exim/dovecot, etc) with v-update-host-certificate through the command line. This functionality should be extended to the web UI/admin panel as well for easier access.

For security purposes FTP is a dead protocol, could this be removed completely and just use ssh and scp when needed and also chroot the user to their own home folder

Operating System (OS/VERSION):

Ubuntu 18.04.2

HestiaCP Version:

0.9.8 Release 26

Installed Software (what you got with the installer):

Dwfault

Steps to Reproduce:

Install Hestiacp Default install

Related Issues/Forum Threads:

Other Notes:

I noticed php-fpm in not installed by default, is this by design or an overlook. I noticed vestacp does install php-fpm by default.

As ref # https://vestacp.com/docs/#template-description
Why not HestiaCP set the default templates as secured instead of end user changing that..?

WEB TEMPLATE >> basedir - to fight against phpshells using openbasedir directive
PROXY TEMPLATE>> hosting - disable_symlinks directive to protect from symlink attacks

This may make the HestiaCP moving ahead with secured env by default..

Maybe remove Debian 8 and Ubuntu 14.04 16.04 support this should eliminate extra coding efforts

Can we have a template to force HTTPS 301 redirect

The way I manually do now is

in non ssl version . after server_name Line

	# Redirect domain to www.domain
	return         301 https://www.$server_name$request_uri;

	# Redirect www to domain.com
	return         301 https://$server_name$request_uri;

in (ssl) version

	append  'ssl http2' to 'listen      IP:443'
	add_header Strict-Transport-Security "max-age=15768000" always;
	
	#	redirect non-www to www
	return 301 $scheme://www.domain.com$request_uri;
	
	#	redirect www to non-www
    if ($http_host ~* "^www.domain.tld"){ rewrite ^(.*)$ http://domain.tld$1 redirect; }

Did a fresh install on Debian 9. Everything works right now but every action f.e. v-restore-user leads to an email with following contents:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

sudo: no tty present and no askpass program specified

Additionally no system accounts for the created webusers are created.

Operating System (OS/VERSION):

Ubuntu 18.04, LXC Proxmox Template

HestiaCP Version:

0.9.8-25

Installed Software (what you got with the installer):

Apache2, Nginx and MultiPHP

Steps to Reproduce:

Install using the default install script.

Other Notes:

Installation went trough but gave out some error messages. hestia backend is working - but apparmor and iptables seems not to.

Installation log:
Install HestiaCP and all required packages, the process will take around 10-15 minutes.../
Upgrade phpMyAdmin to v4.8.4...
Job for apparmor.service failed because the control process exited with error code.
See "systemctl status apparmor.service" and "journalctl -xe" for details.
Update ClamAV definitions...-
/usr/local/hestia/bin/v-update-firewall: line 169: /etc/network/if-pre-up.d/iptables: No such file or directory
/usr/local/hestia/bin/v-update-firewall: line 170: /etc/network/if-pre-up.d/iptables: No such file or directory
/usr/local/hestia/bin/v-update-firewall: line 171: /etc/network/if-pre-up.d/iptables: No such file or directory
chmod: cannot access '/etc/network/if-pre-up.d/iptables': No such file or directory

Congratulations, you have just successfully installed Hestia Control Panel

Operating System (OS/VERSION):

Type here, e.g. Debian 9

HestiaCP Version:

Type here, e.g. 1.01234

Installed Software (what you got with the installer):

Type here, e.g. Apache, Nginx, PHP-FPM, MySQL

Steps to Reproduce:

Even if you give install switch --email [email protected] it still asks for email when install starts

Operating System (OS/VERSION):

Ubuntu 18.04

HestiaCP Version:

Latest

Installed Software (what you got with the installer):

Nginx, PHP-FPM

Steps to Reproduce:

NA

Related Issues/Forum Threads:

NA

Other Notes:

What's the purpose of configuration file ports.conf? It seems that it has many ports, some of them irrelevant. I wasn't able to find an actual usage of this file.

As discussed at serghey-rodin/vesta #1559, I would love to see an integration of sogo to vesta/hestiacp.
At the moment, I am completely new to vesta&hestia and can't really figure out what to choose.
It seems like vesta team isn't active at the moment (see forums, github, or even the chat), does someone know, if it's no longer continued or sth?
Thanks!

My server : (Ubuntu16.04, Hestia(25)+ apache2+Nginx+Dovecot+CSF)
Suddenly CSF ConfigFireWall LFD - sent me 30 over emails within a minute.
someone trying to use my POP3 service.
Possible trying to hack system files ?

For time being I disabled POP3 on dovecot.