hestiacp / hestiacp Goto Github PK
View Code? Open in Web Editor NEWHestia Control Panel | A lightweight and powerful control panel for the modern web.
Home Page: https://www.hestiacp.com
License: GNU General Public License v3.0
Hestia Control Panel | A lightweight and powerful control panel for the modern web.
Home Page: https://www.hestiacp.com
License: GNU General Public License v3.0
It is currently possible to sign the host's services (control panel, exim/dovecot, etc) with v-update-host-certificate through the command line. This functionality should be extended to the web UI/admin panel as well for easier access.
In 4 instances of spinning up ubuntu 18.04 LXC containers in proxmox, after the install hestiacp default options. I am not able to resolve names to IP (DNS) Although disabling iptables corrects the issue. I was able to replicate the issue 4 times not sure whats causing this. Ill try with debian 9 LXC tmrw. Im sure KVM VM will not be affected but I will try that as well.
This could be useful, a lot mail users choose not to empty their trash and spam, this could could help with the build up tremendously.
My server : (Ubuntu16.04, Hestia(25)+ apache2+Nginx+Dovecot+CSF)
Suddenly CSF ConfigFireWall LFD - sent me 30 over emails within a minute.
someone trying to use my POP3 service.
Possible trying to hack system files ?
For time being I disabled POP3 on dovecot.
Firewall Issue (Needs complete server restart to apply the changes)
Ubuntu 18.04 LTS
Type here (e.g. 0.9.8-27)
Apache, Nginx, PHP-FPM, Dovecot/Exim, MariaDB
Ubuntu 18.04.2
0.9.8 Release 26
Default Install
Enable SSL on a site and choose Lets Encrypt support option then click save
Ubuntu 18.04 LTS
master (current)
default (all?)
Simply run the downloaded hst-install.sh on Ubuntu 18.04 LTS after removing the preinstalled ufw firewall. Press y to install, enter admin email address, enter FQDN hostname, then it will attempt to install, followed by an error on line 800 of hst-install-ubuntu.sh (ntpdate: command not found), then several more errors (output pasted below in Other Notes).
#117 (possibly related)
Output:
root@cms:~# bash hst-install.sh
Please wait a few seconds, we update your repository before we start the installation process...
_ _ _ _ ____ ____
| | | | ___ ___| |_(_) __ _ / ___| _ \
| |_| |/ _ \/ __| __| |/ _` | | | |_) |
| _ | __/\__ \ |_| | (_| | |___| __/
|_| |_|\___||___/\__|_|\__,_|\____|_|
Hestia Control Panel
The following software will be installed on your system:
- Nginx Web Server
- Apache Web Server (as backend)
- Bind DNS Server
- Exim Mail Server
- Dovecot POP3/IMAP Server
- MariaDB Database Server
- Vsftpd FTP Server
- Iptables Firewall + Fail2Ban
Would you like to continue [y/n]: y
Please enter admin email address: **REDACTED**
Please enter FQDN hostname [cms.**REDACTED**]: cms.**REDACTED**
Installation backup directory: /root/hst_install_backups/220220191332
Installation Log File: /root/hst_install_backups/hst_install-220220191332.log
Upgrade System using apt-get...\
Install third party repository keys...
Install HestiaCP and all required packages, the process will take around 10-15 minutes.../
hst-install-ubuntu.sh: line 800: ntpdate: command not found
sed: can't read /etc/rssh.conf: No such file or directory
sed: can't read /etc/rssh.conf: No such file or directory
sed: can't read /etc/rssh.conf: No such file or directory
chmod: cannot access '/usr/bin/rssh': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/sudo/admin': No such file or directory
chmod: cannot access '/etc/sudoers.d/admin': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/logrotate/hestia': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/packages': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/templates': No such file or directory
cp: cannot stat '/usr/local/hestia/data/templates/web/skel/public_html/index.html': No such file or directory
sed: can't read /var/www/index.html: No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/firewall': No such file or directory
hst-install-ubuntu.sh: line 952: /usr/local/hestia/bin/v-generate-ssl-cert: No such file or directory
sed: -e expression #1, char 3: unexpected `,'
sed: -e expression #1, char 1: unknown command: `,'
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/nginx.conf': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/status.conf': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/phpmyadmin.inc': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/phppgadmin.inc': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/nginx/webmail.inc': No such file or directory
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/logrotate/nginx': No such file or directory
hst-install-ubuntu.sh: line 986: /etc/nginx/conf.d/hestia.conf: No such file or directory
Failed to start nginx.service: Unit nginx.service not found.
Error: nginx start failed
It appears that ntpdate is not installed by default on Ubuntu 18.04 LTS, perhaps we need to include its installation in the bash file IF it is not already installed.
line 796-800 in hst-install-ubuntu.sh:
# Configuring NTP
echo '#!/bin/sh' > /etc/cron.daily/ntpdate
echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate
chmod 755 /etc/cron.daily/ntpdate
ntpdate -s pool.ntp.org
It appears that rssh isn't installed by default on Ubuntu 18.04 LTS, perhaps we need to include its installation in the bash file IF it is not already installed.
line 802-809 in hst-install-ubuntu.sh:
# Setup rssh
if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then
echo /usr/bin/rssh >> /etc/shells
fi
sed -i 's/#allowscp/allowscp/' /etc/rssh.conf
sed -i 's/#allowsftp/allowsftp/' /etc/rssh.conf
sed -i 's/#allowrsync/allowrsync/' /etc/rssh.conf
chmod 755 /usr/bin/rssh
Frontend URLs for phpMyAdmin and Roundcube have been reverted to the default (/phpmyadmin & /webmail) after update to the latest version.
All Supported
Current Stable
Functionality to check for the FQDN of the server within all websites, see if letsencrypt cert exists, if exists use letsencrypt cert for each hestiacp, exim, and dovecot where it will be updated along with the website.
Maybe just check in the admin's websites for the FQDN, but have an option on the Server Settings to choose a different user that hosts the FQDN along with an override for the letsencrypt cert if it doesn't exist.
something like
if (exists(FQDN.letsencrypt.cert)){
use FQDN.letsencrypt.cert for hestia, exim, & dovecot
} else {
use default cert for hestia, exim, & dovecot
}
see forum post that uses built in functionality of vestacp
https://forum.vestacp.com/viewtopic.php?f=10&t=17353&sid=5afd6ecfd9668cd77559db939311b5e3
Ubuntu 18.04 LTS
0.9.8-25 (latest available public version)
Defaults - Apache, Nginx, MariaDB, Iptables/Fail2ban, Dovecot/Exim
All DNS resolution for hosted domains fails even though named/bind9 is running.
echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named
This appears to be caused by AppArmor not allowing BIND to read the DNS databases located under /home/ because the install script isn't writing the necessary data correctly.
I've fixed this during installation in my fork with this commit: https://github.com/kristankenney/hestiacp/commit/e8694b010b2430739c920ac24db37468480717c3
For security purposes FTP is a dead protocol, could this be removed completely and just use ssh and scp when needed and also chroot the user to their own home folder
If possible, better to add more DNS templates mainly for EMail MX records..
https://raw.githubusercontent.com/vvcares/hestia/master/microsoftoutlook.tpl
https://raw.githubusercontent.com/vvcares/hestia/master/zoho.tpl
For example if DNS and mail are not chosen for install in the beginning. Then hide their web control panel counterparts, or if you wanted to use hestiacp just for DNS Only, then only show the DNS portion in web panel.
Can we have a template to force HTTPS 301 redirect
The way I manually do now is
# Redirect domain to www.domain
return 301 https://www.$server_name$request_uri;
# Redirect www to domain.com
return 301 https://$server_name$request_uri;
append 'ssl http2' to 'listen IP:443'
add_header Strict-Transport-Security "max-age=15768000" always;
# redirect non-www to www
return 301 $scheme://www.domain.com$request_uri;
# redirect www to non-www
if ($http_host ~* "^www.domain.tld"){ rewrite ^(.*)$ http://domain.tld$1 redirect; }
Is it possible to migrate from VestaCP or would I have to start with a clean server?
Ubuntu 18.04, LXC Proxmox Template
0.9.8-25
Apache2, Nginx and MultiPHP
Install using the default install script.
Installation went trough but gave out some error messages. hestia backend is working - but apparmor and iptables seems not to.
Installation log:
Install HestiaCP and all required packages, the process will take around 10-15 minutes.../
Upgrade phpMyAdmin to v4.8.4...
Job for apparmor.service failed because the control process exited with error code.
See "systemctl status apparmor.service" and "journalctl -xe" for details.
Update ClamAV definitions...-
/usr/local/hestia/bin/v-update-firewall: line 169: /etc/network/if-pre-up.d/iptables: No such file or directory
/usr/local/hestia/bin/v-update-firewall: line 170: /etc/network/if-pre-up.d/iptables: No such file or directory
/usr/local/hestia/bin/v-update-firewall: line 171: /etc/network/if-pre-up.d/iptables: No such file or directory
chmod: cannot access '/etc/network/if-pre-up.d/iptables': No such file or directory
Congratulations, you have just successfully installed Hestia Control Panel
Debain 8 and Ubuntu 16.04 (probaly also 14.04)
0.9.8-25
Apache2 + Nginx
service hestia start
/usr/local/hestia/php/bin/php -v
Error Message:
root@web03:/usr/local/hestia/php/bin# ./php -v
./php: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or dire
Seems to be a problem with older OS Versions, the deb packages are running properly on Ubuntu 18.04 and Debian 9.
I need to setup an openvpn server listening in port 443 (tcp) to circumevent firewall restrictions. Which templates need to be edited for nginx/apache to listen on localhost:443 instead of publicip:443?
Ability to change the branding (logo, text) for hestiaCP Web panel and roundcube webmail using the web interface.
Actually we can backup full installations local or vis sftp/scp.
Additional remote backup providers may be easily integrated using rClone.
--> https://rclone.org/
Integration of 2FA (2 Factor Authentication) would be nice to have for
The problem
Vesta CP provides by default a backup system, this backup system creates a tar for each user every day (by default 10 copies are saved), But this way of making backups has some disadvantages when you have a lot of users:
Server overload. Earch time the backup is run, a complete copy of user files are saved.
Disk space consumption. Each backup copy contains a full backup of the user files. So its very easy to run out of disk space.
The solution
An incremental backup is one in which successive copies of the data contain only the portion that has changed since the preceding backup copy was made. This way you can store lot of backups points, without making a full backup each time.
Borg Backup does an excellent job making incremental backups. And provide very interesting features such as compression, encryption and good performance. You can get more info at https://www.borgbackup.org/
https://github.com/ramirojoaquin/vestacp-borg-incremental-backups
Did a fresh install on Debian 9. Everything works right now but every action f.e. v-restore-user leads to an email with following contents:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified
Additionally no system accounts for the created webusers are created.
Ubuntu 18.04.2
0.9.8 Release 26
Dwfault
Install Hestiacp Default install
I noticed php-fpm in not installed by default, is this by design or an overlook. I noticed vestacp does install php-fpm by default.
When you add a web domain via web interface it by default creates a mail subhost for that domain. It would be nice to have a checkbox to enable letsencrypt for that sub domain for imap and exim. This will eliminate the Cert Verify notice on mail clients when they use as thunderbird, outook etc
Ubuntu 18.04.2
Latest
nginx php-fpm
delete an email in roundcube
It grays the message out but does not move the email to the Trash. When I send an email it goes into the sent folder which is correct. Maybe a misconfiguration somewhere
01c1b54#commitcomment-32225303
I feel this is really a security flaw.
The normal USER should not able to change the WEB/PROXY templates.
Type here, e.g. Debian 9
Type here, e.g. 1.01234
Type here, e.g. Apache, Nginx, PHP-FPM, MySQL
Even if you give install switch --email [email protected]
it still asks for email when install starts
Hi,
The issue : ROUNDCUBE configs modifications..
Is it possible to replace your installation files, with dynamic variables as %HOSTNAME%, %Hestiaport% etc..?
for Eg:
I know this can be done via the command line but it would be nice to have it on the web interface as well, similar to the way LE is implemented with sites.
Maybe giving the user the opportunity to install sslh during installation of hestiacp? Additionally every nginx (or apache) template has to be edited to listen on 127.0.0.1 instead of %ip%.
sslh is essential if one needs to setup openvpn, a webserver and/or ssh to listen on tcp port 443.
As ref # https://vestacp.com/docs/#template-description
Why not HestiaCP set the default templates as secured instead of end user changing that..?
WEB TEMPLATE >> basedir - to fight against phpshells using openbasedir directive
PROXY TEMPLATE>> hosting - disable_symlinks directive to protect from symlink attacks
This may make the HestiaCP moving ahead with secured env by default..
Im getting a new error during install
cp: cannot stat '/usr/local/hestia/install/ubuntu/18.04/templates/web/unassigned/*': No such file or directory
Ubuntu 18.04
Latest
Nginx, PHP-FPM
NA
NA
What's the purpose of configuration file ports.conf? It seems that it has many ports, some of them irrelevant. I wasn't able to find an actual usage of this file.
I get the following error with ubuntu LXC under proxmox im able to bypass it with the -f
root@web01:~# bash hst-install.sh
Please wait a few seconds, we update your repository before we start the installation process...
Install missing apt-add-repository...
!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!
Noticed a empty netplan configuration directory.
You may have a network configuration file using systemd-networkd,
we strongly suggest to migrate to a fully netplan configuration.
You can leave this like it is, but you will be not able to use
additional ips properly
If you want to force installation run this script with -f option:
Example: bash hst-install-ubuntu.sh --force
!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!
Error: Noticed unused netplan configuration.
root@web01:~#
http://www.openwebanalytics.com/ seems like a much more modern free opensource option to awstats and webalizer
I tried to read the DKIM key for my mail domains.
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns user domain.tld
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 18: /func/main.sh: No such file or directory
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 59: check_args: command not found
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 60: is_object_valid: command not found
/usr/local/hestia/bin/v-list-mail-domain-dkim-dns: line 61: is_object_valid: command not found
RECORD TTL TYPE VALUE
------ --- ---- -----
_domainkey 3600 IN TXT "t=y; o=~;"
mail._domainkey 3600 IN TXT "k=rsa; p=DKIM-SUPPORT-IS-NOT-ACTIVATED"
Reactivating it in the WI gives no error message, but no DKIM key is generated. Trying to add a domain with v-add-mail-domain-dkim
fails with
/usr/local/hestia/bin/v-add-mail-domain-dkim user domain2.tld
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 19: /func/main.sh: No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 20: /func/domain.sh: No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 21: /conf/hestia.conf: No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 31: format_domain: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 32: format_domain_idn: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 40: check_args: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 41: is_format_valid: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 42: is_system_enabled: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 43: is_object_valid: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 44: is_object_unsuspended: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 45: is_object_valid: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 46: is_object_unsuspended: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 47: is_object_value_empty: command not found
chmod: cannot access '/mail/domain2.tld.*': No such file or directory
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 85: update_object_value: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 86: increase_user_value: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 89: log_history: command not found
/usr/local/hestia/bin/v-add-mail-domain-dkim: line 90: log_event: command not found
Adding new mail domains creates a private dkim key, but no public one.
Ubuntu 18.04
Alpha Test
Nginx, PHP-FPM 7.3
When you add an SSL for a website, it is saved but not displayed from the panel. This issue exists for non LetsEncrypt SSLs.
Maybe remove Debian 8 and Ubuntu 14.04 16.04 support this should eliminate extra coding efforts
1 click word press install when setting up a new site in the web interface
Downloads latest wordpress set permissions and create database
Debian 9, Ubuntu 18.04
Apache, Nginx, PHP-FPM, MySQL
bash hst-install.sh
Came up after change to write in log file, it shows now the following line:
Extracting templates from packages: 100%
Hi,
Is there a way to install MYSQL instead of MariaDB and install a certain version? I have an old backup of a site and the script is not compatible with mysql/mariadb newest version so I would like to install old version and then upgrade the script to latest version which would be compatible with MariaDB newest version and then upgrade MariaDB again.
Is ther a way to do so? Maybe by uninstalling MariaDB and then change the repo to my desired version? and run installer?
Any plans to support CentOS 7?
Remove or disable the firewall rule that opens up mysql port 3306. Users may add it later if they need it.
When a new mysql user is created, only add the user for localhost as default. Do not create additional user for host = "%". Users may add this later if they need it.
There is a spelling differed..
v-add-letsencrypt-domain
Line#193 - Let's Encrypt vvalidation status
As discussed at serghey-rodin/vesta #1559, I would love to see an integration of sogo to vesta/hestiacp.
At the moment, I am completely new to vesta&hestia and can't really figure out what to choose.
It seems like vesta team isn't active at the moment (see forums, github, or even the chat), does someone know, if it's no longer continued or sth?
Thanks!
I noticed when trying to install hestiacp, if i have postfix or ufw installled. Hestia wants you to remove the packages before continuing, It would be nice to have a switch to remove unnecessary packages before install. If the switch is not used then ask in order to continue these packages must be removed Would you like to remove them Y/n Maybe something to that nature
is this limitation still relevant with the latest version of mariaDB? if so we can remove this limitation when adding a database
running installer on debian stretch tries to add mariadb repo (ams DO) and gpg-key which fails:
Upgrade System using apt-get...
W: GPG-Fehler: http://ams2.mirrors.digitalocean.com/mariadb/repo/10.3/debian stretch InRelease: Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY F1656F24C74CD1D8
W: The repository 'http://ams2.mirrors.digitalocean.com/mariadb/repo/10.3/debian stretch InRelease' is not signed.
cause for this is the missing 'dirmngr' package:
# apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
Executing: /tmp/apt-key-gpghome.91Xcxd0wMP/gpg.1.sh --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
gpg: failed to start the dirmngr '/usr/bin/dirmngr': Datei oder Verzeichnis nicht gefunden
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.91Xcxd0wMP/S.dirmngr' failed: Datei oder Verzeichnis nicht gefunden
gpg: keyserver receive failed: Kein Dirmngr
installing the missing package via 'apt install dirmngr' fixes that problem and the installer runs through.
Hi,
How to enable ssl for the hostname?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.