bayrepo/hestiacp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Alexey Berezhok
2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/deb/hestia/control Normal file
View File

@@ -0,0 +1,14 @@
Source: hestia
Package: hestia
Priority: optional
Version: 1.9.0~alpha
Section: admin
Maintainer: HestiaCP <info@hestiacp.com>
Homepage: https://www.hestiacp.com
Architecture: amd64
Depends: bash, awk, sed, acl, sysstat, setpriv | util-linux (>= 2.33), zstd, lsb-release, idn2, jq
Description: hestia
hestia is an open source hosting control panel.
hestia has a clean and focused interface without the clutter.
hestia has the latest of very innovative technologies.
hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin

30
src/deb/hestia/copyright Normal file
View File

@@ -0,0 +1,30 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: hestia
Source: https://www.hestiacp.com
Files: *
Copyright: 2018-2023, Hestia Control Panel <info@hestiacp.com>
License: GPL-3.0+
Remarks: Hestia Control Panel is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
License: GPL-3.0+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in /usr/share/common-licenses/GPL-3.
# Please also look if there are files or directories which have a
# different copyright/license attached and list them here.
# Please avoid to pick license terms that are more restrictive than the
# packaged work, as it may make Debian's contributions unacceptable upstream.

126
src/deb/hestia/postinst Normal file
View File

@@ -0,0 +1,126 @@
#!/bin/bash
if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
exit
fi
###############################################################
# Initialize functions/variables #
###############################################################
source /etc/hestiacp/hestia.conf
# Load upgrade functions and variables
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/upgrade.sh
source $HESTIA/func/upgrade.sh
source_conf "$HESTIA/conf/hestia.conf"
###############################################################
# Set new version numbers for packages #
###############################################################
# Hestia Control Panel
new_version=$(dpkg -l | awk '$2=="hestia" { print $3 }')
###############################################################
# Begin standard upgrade routines #
###############################################################
# Set default verbose output based on release branch
is_debug_build
# Detect operating system version
detect_os
# Initialize upgrade
prepare_upgrade_config
# Initialize backup directories
upgrade_init_backup
# Initialize logging
upgrade_init_logging
# Check if preinstall hook exists
if [ -e "/etc/hestiacp/hooks/pre_install.sh" ]; then
/etc/hestiacp/hooks/pre_install.sh
fi
# Set up console display and welcome message
upgrade_welcome_message_log >> $LOG
upgrade_welcome_message
# Back up existing configuration files and templates
upgrade_start_backup | tee -a $LOG
# Perform upgrade health check and refresh configuration before upgrading
upgrade_health_check | tee -a $LOG
upgrade_replace_default_config | tee -a $LOG
upgrade_refresh_config | tee -a $LOG
# Execute version-specific upgrade scripts
upgrade_start_routine | tee -a $LOG
# Run upgrades of dependencies
source_conf "$HESTIA_BACKUP/upgrade.conf"
# Update Web domain templates
upgrade_rebuild_web_templates | tee -a $LOG
# Update Mail domain templates
upgrade_rebuild_mail_templates | tee -a $LOG
# Update DNS zone templates
upgrade_rebuild_dns_templates | tee -a $LOG
# Upgrade File Manager and update configuration
upgrade_filemanager | tee -a $LOG
# Upgrade SnappyMail if applicable
upgrade_snappymail | tee -a $LOG
# Upgrade Roundcube if applicable
upgrade_roundcube | tee -a $LOG
# Upgrade PHP dependencies
upgrade_dependencies | tee -a $LOG
# Update Cloudflare IPs if applicable
upgrade_cloudflare_ip | tee -a $LOG
# Upgrade phpMyAdmin if applicable
upgrade_phpmyadmin | tee -a $LOG
# Upgrade phpPgAdmin if applicable
upgrade_phppgadmin | tee -a $LOG
# Upgrade blackblaze-cli-took if applicable
upgrade_b2_tool | tee -a $LOG
# update whitelabel logo's
update_whitelabel_logo | tee -a $LOG
# Set new version number in hestia.conf
upgrade_set_version $new_version
upgrade_set_branch $new_version
# Perform upgrade clean-up tasks (rebuild domains and users, restart services, delete temporary files)
upgrade_cleanup_message | tee -a $LOG
upgrade_rebuild_users | tee -a $LOG
upgrade_restart_services | tee -a $LOG
# Add upgrade notification to admin user's panel and display completion message
upgrade_complete_message_log >> $LOG
upgrade_complete_message
# If setting variables are set to true in hestia.conf, send notifications and email output.
upgrade_send_notification_to_panel
upgrade_send_notification_to_email
upgrade_send_log_to_email
if [ -e "/etc/hestiacp/hooks/post_install.sh" ]; then
/etc/hestiacp/hooks/post_install.sh
fi
exit 0

19
src/deb/hestia/preinst Normal file
View File

@@ -0,0 +1,19 @@
#!/bin/bash
# Run triggers only on updates
if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
exit
fi
if [ ! -e "/etc/hestiacp/hestia.conf" ]; then
mkdir -p /etc/hestiacp
echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
fi
# Configure apt to retry downloading on error
if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
fi
# Validate version number and replace if different
HESTIA_V=$(dpkg -s hestia | grep -i version | awk '{ print $2 }')

14
src/deb/nginx/control Normal file
View File

@@ -0,0 +1,14 @@
Source: hestia-nginx
Package: hestia-nginx
Priority: optional
Version: 1.25.1-2
Section: admin
Maintainer: HestiaCP <info@hestiacp.com>
Homepage: https://www.hestiacp.com
Architecture: amd64
Depends: hestia
Description: hestia Nginx
hestia is an open source hosting control panel.
hestia has a clean and focused interface without the clutter.
hestia has the latest of very innovative technologies.
hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin.

30
src/deb/nginx/copyright Normal file
View File

@@ -0,0 +1,30 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: hestia
Source: https://www.hestiacp.com
Files: *
Copyright: 2018-2023, Hestia Control Panel <info@hestiacp.com>
License: GPL-3.0+
Remarks: Hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
License: GPL-3.0+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in /usr/share/common-licenses/GPL-3.
# Please also look if there are files or directories which have a
# different copyright/license attached and list them here.
# Please avoid to pick license terms that are more restrictive than the
# packaged work, as it may make Debian's contributions unacceptable upstream.

143
src/deb/nginx/hestia Normal file
View File

@@ -0,0 +1,143 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: hestia
# internal nginx
# internal php-fpm
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the hestia control panel
# Description: starts nginx and php-fpm using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NGINX_DAEMON=/usr/local/hestia/nginx/sbin/hestia-nginx
NGINX_NAME=hestia-nginx
NGINX_DESC=hestia-nginx
NGINX_PID=/run/hestia-nginx.pid
NGINX_CONF=/usr/local/hestia/nginx/conf/nginx.conf
PHP_DAEMON=/usr/local/hestia/php/sbin/hestia-php
PHP_NAME=hestia-php
PHP_DESC=hestia-php
PHP_PID=/run/hestia-php.pid
PHP_CONF=/usr/local/hestia/php/etc/php-fpm.conf
set -e
. /lib/lsb/init-functions
. /etc/profile.d/hestia.sh
adapt_nginx_config() {
# Detect "physical" NICs only (virtual NICs created by Docker, WireGuard etc. are excluded)
physical_nics="$(ip -d -j link show | jq -r '.[] | if .link_type == "loopback" // .linkinfo.info_kind then empty else .ifname end')"
if [ -z "$physical_nics" ]; then
physical_nics="$(ip -d -j link show | jq -r '.[] | if .link_type == "loopback" then empty else .ifname end')"
fi
for nic in $physical_nics; do
if [ -z "$ipv4_scope_global" ]; then
ipv4_scope_global="$(ip -4 -d -j addr show "$nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end')"
fi
if [ -z "$ipv6_scope_global" ]; then
ipv6_scope_global="$(ip -6 -d -j addr show "$nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end')"
fi
done
if [ -n "$ipv4_scope_global" ]; then
sed -i 's/#IPV4\([ \t]*listen[ \t]*[0-9]\{1,5\}.*\)/\1/' "$NGINX_CONF"
else
sed -i 's/^\([ \t]*listen[ \t]*[0-9]\{1,5\}.*\)/#IPV4\1/' "$NGINX_CONF"
fi
if [ -n "$ipv6_scope_global" ]; then
sed -i 's/#IPV6\([ \t]*listen[ \t]*\[\:\:\]\:[0-9]\{1,5\}.*\)/\1/' "$NGINX_CONF"
else
sed -i 's/^\([ \t]*listen[ \t]*\[\:\:\]\:[0-9]\{1,5\}.*\)/#IPV6\1/' "$NGINX_CONF"
fi
}
update_nginx_resolver() {
if grep -qw "1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8" "$NGINX_CONF"; then
for nameserver in $(grep -is '^nameserver' /etc/resolv.conf | cut -d' ' -f2 | tr '\r\n' ' ' | xargs); do
if echo "$nameserver" | grep -Pq "^(\d{1,3}\.){3}\d{1,3}$"; then
if [ -z "$resolver" ]; then
resolver="$nameserver"
else
resolver="$resolver $nameserver"
fi
fi
done
if [ -n "$resolver" ]; then
sed -i "s/1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8/$resolver/g" "$NGINX_CONF"
fi
fi
}
start_nginx() {
#adapt_nginx_config
update_nginx_resolver
start-stop-daemon --start --quiet --pidfile $NGINX_PID \
--retry 5 --exec $NGINX_DAEMON --oknodo
}
start_php() {
start-stop-daemon --start --quiet --pidfile $PHP_PID \
--retry 5 --exec $PHP_DAEMON --oknodo
}
stop_nginx() {
start-stop-daemon --stop --quiet --pidfile $NGINX_PID \
--retry 5 --oknodo --exec $NGINX_DAEMON
}
stop_php() {
start-stop-daemon --stop --quiet --pidfile $PHP_PID \
--retry 5 --oknodo --exec $PHP_DAEMON
}
case "$1" in
start)
log_daemon_msg "Starting $NGINX_DESC" "$NGINX_NAME"
start_nginx
log_end_msg $?
log_daemon_msg "Starting $PHP_DESC" "$PHP_NAME"
start_php
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping $NGINX_DESC" "$NGINX_NAME"
stop_nginx
log_end_msg $?
log_daemon_msg "Stopping $PHP_DESC" "$PHP_NAME"
stop_php
log_end_msg $?
;;
restart | force-reload | reload | configtest | testconfig)
log_daemon_msg "Restarting $NGINX_DESC" "$NGINX_NAME"
stop_nginx
stop_php
sleep 1
start_nginx
log_end_msg $?
log_daemon_msg "Restarting $PHP_DESC" "$PHP_NAME"
start_php
log_end_msg $?
;;
status)
status_of_proc -p $NGINX_PID "$NGINX_DAEMON" hestia-nginx
status_of_proc -p $PHP_PID "$PHP_DAEMON" hestia-php
;;
*)
echo "Usage: hestia {start|stop|restart|status}" >&2
exit 1
;;
esac
exit 0

178
src/deb/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,178 @@
# Server globals
user admin;
worker_processes 1;
worker_rlimit_nofile 65535;
error_log /var/log/hestia/nginx-error.log;
pid /run/hestia-nginx.pid;
pcre_jit on;
# Worker config
events {
worker_connections 128;
use epoll;
multi_accept on;
}
http {
# Main settings
http2 on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 180s;
client_body_timeout 180s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 1024m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
keepalive_requests 10000;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
charset utf-8;
# FastCGI settings
fastcgi_buffers 512 4k;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_connect_timeout 30s;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Early-Data $rfc_early_data;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_buffers 256 4k;
proxy_buffer_size 32k;
proxy_busy_buffers_size 32k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_read_timeout 300s;
proxy_send_timeout 180s;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/hestia/nginx-access.log main;
# Mime settings
include mime.types;
default_type application/octet-stream;
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_buffers 128 4k;
gzip_http_version 1.1;
gzip_types text/css text/javascript text/js text/plain text/richtext text/shtml text/x-component text/x-java-source text/x-markdown text/x-script text/xml image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon font/otf font/ttf font/x-woff multipart/bag multipart/mixed application/eot application/font application/font-sfnt application/font-woff application/javascript application/javascript-binast application/json application/ld+json application/manifest+json application/opentype application/otf application/rss+xml application/ttf application/truetype application/vnd.api+json application/vnd.ms-fontobject application/wasm application/xhtml+xml application/xml application/xml+rss application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-protobuf application/x-ttf;
gzip_proxied any;
# SSL PCI compliance
ssl_buffer_size 1369;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256";
ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384;
ssl_conf_command Options PrioritizeChaCha;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_early_data on;
ssl_ecdh_curve auto;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_timeout 7d;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;
resolver_timeout 5s;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
# TLS 1.3 0-RTT anti-replay
map "$request_method:$is_args" $ar_idempotent {
default 0;
"~^GET:$|^(HEAD|OPTIONS|TRACE):\?*$" 1;
}
map $http_user_agent $ar_support_425 {
default 0;
"~Firefox/((58|59)|([6-9]\d)|([1-9]\d{2,}))\.\d+" 1;
}
map "$ssl_early_data:$ar_idempotent:$ar_support_425" $anti_replay {
1:0:0 307;
1:0:1 425;
}
map "$ssl_early_data:$ar_support_425" $rfc_early_data {
1:1 1;
}
# Vhost
server {
listen 8083 ssl;
server_name _;
root /usr/local/hestia/web;
# Fix error "The plain HTTP request was sent to HTTPS port"
error_page 497 https://$host:$server_port$request_uri;
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 410 /error/410.html;
error_page 500 501 502 503 504 505 /error/50x.html;
ssl_certificate /usr/local/hestia/ssl/certificate.crt;
ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host:$server_port$request_uri; }
if ($anti_replay = 425) { return 425; }
location / {
expires off;
index index.php;
}
location /error/ {
expires off;
internal;
}
location /rrd/ {
expires off;
internal;
}
location /backup/ {
root /;
internal;
}
location /fm/ {
alias /usr/local/hestia/web/fm/dist/;
index index.php;
location ~ /([^/]+\.php)$ {
try_files /$1 =404;
include fastcgi_params;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME /usr/local/hestia/web/fm/dist/index.php;
fastcgi_pass unix:/run/hestia-php.sock;
fastcgi_index index.php;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME /usr/local/hestia/web/$fastcgi_script_name;
fastcgi_pass unix:/run/hestia-php.sock;
fastcgi_intercept_errors on;
break;
}
}
}

51
src/deb/nginx/postinst Executable file
View File

@@ -0,0 +1,51 @@
#!/bin/bash
set -e
if [ "$1" != "configure" ]; then
exit 0
fi
# Touch and set permisions on default log files on installation
update-rc.d hestia defaults > /dev/null
invoke-rc.d hestia start || true
# Run triggers only on updates
if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
exit
fi
###############################################################
# Initialize functions/variables #
###############################################################
if [ -z "$HESTIA" ]; then
export HESTIA='/usr/local/hestia'
PATH=$PATH:/usr/local/hestia/bin
export PATH
fi
# Check if preinstall hook exists
if [ -e "/etc/hestiacp/hooks/nginx/pre_install.sh" ]; then
/etc/hestiacp/hooks/nginx/pre_install.sh
fi
# Load upgrade functions and variables
source /usr/local/hestia/func/main.sh
source /usr/local/hestia/func/upgrade.sh
source /usr/local/hestia/conf/hestia.conf
source /usr/local/hestia/install/upgrade/upgrade.conf
# Reset backend port
if [ ! -z "$BACKEND_PORT" ]; then
/usr/local/hestia/bin/v-change-sys-port $BACKEND_PORT
fi
if [ -e "/etc/hestiacp/hooks/nginx/post_install.sh" ]; then
/etc/hestiacp/hooks/nginx/post_install.sh
fi
# Restart hestia service
if [ -f "/etc/init.d/hestia" ]; then
systemctl restart hestia > /dev/null 2>&1
fi

5
src/deb/nginx/postrm Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
update-rc.d hestia remove > /dev/null 2>&1
exit 0

15
src/deb/php/control Normal file
View File

@@ -0,0 +1,15 @@
Source: hestia-php
Package: hestia-php
Priority: optional
Version: 8.2.8
Section: admin
Maintainer: HestaCP <info@hestiacp.com>
Homepage: https://www.hestiacp.com
Architecture: amd64
Depends: hestia, libzip4, unzip, libonig5 | libonig4 | libonig2
Conflct: libzip5
Description: hestia php-fpm
hestia is an open source hosting control panel.
hestia has a clean and focused interface without the clutter.
hestia has the latest of very innovative technologies.
hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin

30
src/deb/php/copyright Normal file
View File

@@ -0,0 +1,30 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: hestia
Source: https://www.hestiacp.com
Files: *
Copyright: 2018-2023, Hestia Control Panel <info@hestiacp.com>
License: GPL-3.0+
Remarks: Hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
License: GPL-3.0+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in /usr/share/common-licenses/GPL-3.
# Please also look if there are files or directories which have a
# different copyright/license attached and list them here.
# Please avoid to pick license terms that are more restrictive than the
# packaged work, as it may make Debian's contributions unacceptable upstream.

44
src/deb/php/php-fpm.conf Normal file
View File

@@ -0,0 +1,44 @@
[global]
pid = /run/hestia-php.pid
daemonize = yes
log_level = error
emergency_restart_threshold = 10
emergency_restart_interval = 60s
process_control_timeout = 10s
events.mechanism = epoll
[www]
listen = /run/hestia-php.sock
user = admin
group = admin
listen.owner = admin
listen.group = admin
listen.mode = 0660
pm = ondemand
pm.max_children = 4
pm.max_requests = 1000
pm.process_idle_timeout = 10s;
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
env[HESTIA] = $HESTIA
env[VESTA] = $HESTIA
env[LANG] = en_US.UTF-8
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[session.cookie_secure] = on
php_admin_value[memory_limit] = 256M
php_admin_value[post_max_size] = 256M
php_admin_value[upload_max_filesize] = 256M
php_admin_value[max_execution_time] = 300
php_admin_value[max_input_time] = 300
php_admin_value[session.save_path] = /usr/local/hestia/data/sessions
php_admin_value[open_basedir] = /usr/local/hestia/:/tmp/:/dev/:/home/:/etc/ssh/:/backup/:/var/tmp/

1977
src/deb/php/php.ini Normal file
View File

File diff suppressed because it is too large Load Diff

43
src/deb/php/postinst Normal file
View File

@@ -0,0 +1,43 @@
#!/bin/bash
set -e
if [ "$1" != "configure" ]; then
exit 0
fi
# Run triggers below only on updates
if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
exit
fi
# Check if preinstall hook exists
if [ -e "/etc/hestiacp/hooks/php/pre_install.sh" ]; then
/etc/hestiacp/hooks/php/pre_install.sh
fi
###############################################################
# Initialize functions/variables #
###############################################################
if [ -z "$HESTIA" ]; then
export HESTIA='/usr/local/hestia'
PATH=$PATH:/usr/local/hestia/bin
export PATH
fi
# Load upgrade functions and variables
source /usr/local/hestia/func/main.sh
source /usr/local/hestia/func/upgrade.sh
source /usr/local/hestia/conf/hestia.conf
source /usr/local/hestia/install/upgrade/upgrade.conf
# Restart hestia service
if [ -f "/etc/init.d/hestia" ]; then
systemctl restart hestia > /dev/null 2>&1
fi
# Check if preinstall hook exists
if [ -e "/etc/hestiacp/hooks/php/post_install.sh" ]; then
/etc/hestiacp/hooks/php/post_install.sh
fi

750
src/hst_autocompile.sh Executable file
View File

@@ -0,0 +1,750 @@
#!/bin/bash
# set -e
# Autocompile Script for HestiaCP package Files.
# For building from local source folder use "~localsrc" keyword as hesia branch name,
# and the script will not try to download the arhive from github, since '~' char is
# not accepted in branch name.
# Compile but dont install -> ./hst_autocompile.sh --hestia --noinstall --keepbuild '~localsrc'
# Compile and install -> ./hst_autocompile.sh --hestia --install '~localsrc'
# Clear previous screen output
clear
# Define download function
download_file() {
local url=$1
local destination=$2
local force=$3
[ "$HESTIA_DEBUG" ] && echo >&2 DEBUG: Downloading file "$url" to "$destination"
# Default destination is the current working directory
local dstopt=""
if [ ! -z "$(echo "$url" | grep -E "\.(gz|gzip|bz2|zip|xz)$")" ]; then
# When an archive file is downloaded it will be first saved localy
dstopt="--directory-prefix=$ARCHIVE_DIR"
local is_archive="true"
local filename="${url##*/}"
if [ -z "$filename" ]; then
echo >&2 "[!] No filename was found in url, exiting ($url)"
exit 1
fi
if [ ! -z "$force" ] && [ -f "$ARCHIVE_DIR/$filename" ]; then
rm -f $ARCHIVE_DIR/$filename
fi
elif [ ! -z "$destination" ]; then
# Plain files will be written to specified location
dstopt="-O $destination"
fi
# check for corrupted archive
if [ -f "$ARCHIVE_DIR/$filename" ] && [ "$is_archive" = "true" ]; then
tar -tzf "$ARCHIVE_DIR/$filename" > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo >&2 "[!] Archive $ARCHIVE_DIR/$filename is corrupted, redownloading"
rm -f $ARCHIVE_DIR/$filename
fi
fi
if [ ! -f "$ARCHIVE_DIR/$filename" ]; then
[ "$HESTIA_DEBUG" ] && echo >&2 DEBUG: wget $url -q $dstopt --show-progress --progress=bar:force --limit-rate=3m
wget $url -q $dstopt --show-progress --progress=bar:force --limit-rate=3m
if [ $? -ne 0 ]; then
echo >&2 "[!] Archive $ARCHIVE_DIR/$filename is corrupted and exit script"
rm -f $ARCHIVE_DIR/$filename
exit 1
fi
fi
if [ ! -z "$destination" ] && [ "$is_archive" = "true" ]; then
if [ "$destination" = "-" ]; then
cat "$ARCHIVE_DIR/$filename"
elif [ -d "$(dirname $destination)" ]; then
cp "$ARCHIVE_DIR/$filename" "$destination"
fi
fi
}
get_branch_file() {
local filename=$1
local destination=$2
[ "$HESTIA_DEBUG" ] && echo >&2 DEBUG: Get branch file "$filename" to "$destination"
if [ "$use_src_folder" == 'true' ]; then
if [ -z "$destination" ]; then
[ "$HESTIA_DEBUG" ] && echo >&2 DEBUG: cp -f "$SRC_DIR/$filename" ./
cp -f "$SRC_DIR/$filename" ./
else
[ "$HESTIA_DEBUG" ] && echo >&2 DEBUG: cp -f "$SRC_DIR/$filename" "$destination"
cp -f "$SRC_DIR/$filename" "$destination"
fi
else
download_file "https://raw.githubusercontent.com/$REPO/$branch/$filename" "$destination" $3
fi
}
usage() {
echo "Usage:"
echo " $0 (--all|--hestia|--nginx|--php) [options] [branch] [Y]"
echo ""
echo " --all Build all hestia packages."
echo " --hestia Build only the Control Panel package."
echo " --nginx Build only the backend nginx engine package."
echo " --php Build only the backend php engine package"
echo " Options:"
echo " --install Install generated packages"
echo " --keepbuild Don't delete downloaded source and build folders"
echo " --cross Compile hestia package for both AMD64 and ARM64"
echo " --debug Debug mode"
echo ""
echo "For automated builds and installations, you may specify the branch"
echo "after one of the above flags. To install the packages, specify 'Y'"
echo "following the branch name."
echo ""
echo "Example: bash hst_autocompile.sh --hestia develop Y"
echo "This would install a Hestia Control Panel package compiled with the"
echo "develop branch code."
}
# Set compiling directory
REPO='hestiacp/hestiacp'
BUILD_DIR='/tmp/hestiacp-src'
INSTALL_DIR='/usr/local/hestia'
SRC_DIR="$(cd "$(dirname "$0")/.." && pwd)"
ARCHIVE_DIR="$SRC_DIR/src/archive/"
architecture="$(arch)"
if [ $architecture == 'aarch64' ]; then
BUILD_ARCH='arm64'
else
BUILD_ARCH='amd64'
fi
RPM_DIR="$BUILD_DIR/rpm/"
DEB_DIR="$BUILD_DIR/deb"
if [ -f '/etc/redhat-release' ]; then
BUILD_RPM=true
BUILD_DEB=false
BUILD_ARCH=$(uname -i)
OSTYPE='rhel'
type=$(grep "^ID=" /etc/os-release | cut -f 2 -d '"')
DISTRO=$type
# TODO: remove this condition after testing
if [[ "$type" =~ ^(rhel|almalinux|eurolinux|ol|rocky|centos)$ ]]; then
release=$(rpm --eval='%rhel')
fi
else
BUILD_RPM=false
BUILD_DEB=true
OSTYPE='debian'
fi
# Set packages to compile
for i in $*; do
case "$i" in
--all)
NGINX_B='true'
PHP_B='true'
HESTIA_B='true'
;;
--nginx)
NGINX_B='true'
;;
--php)
PHP_B='true'
;;
--hestia)
HESTIA_B='true'
;;
--debug)
HESTIA_DEBUG='true'
;;
--install | Y)
install='true'
;;
--noinstall | N)
install='false'
;;
--keepbuild)
KEEPBUILD='true'
;;
--cross)
CROSS='true'
;;
--help | -h)
usage
exit 1
;;
--dontinstalldeps)
dontinstalldeps='true'
;;
*)
branch="$i"
;;
esac
done
if [[ $# -eq 0 ]]; then
usage
exit 1
fi
# Clear previous screen output
clear
# Set command variables
if [ -z $branch ]; then
echo -n "Please enter the name of the branch to build from (e.g. main): "
read branch
fi
if [ $(echo "$branch" | grep '^~localsrc') ]; then
branch=$(echo "$branch" | sed 's/^~//')
use_src_folder='true'
else
use_src_folder='false'
fi
if [ -z $install ]; then
echo -n 'Would you like to install the compiled packages? [y/N] '
read install
fi
# Set Version for compiling
if [ -e "/etc/redhat-release" ]; then
if [ -f "$SRC_DIR/src/rpm/hestia/hestia.spec" ] && [ "$use_src_folder" == 'true' ]; then
BUILD_VER=$(cat $SRC_DIR/src/rpm/hestia/hestia.spec | grep "Version:" | awk '{ print $2 }')
NGINX_V=$(cat $SRC_DIR/src/rpm/nginx/hestia-nginx.spec | grep "Version:" | awk '{ print $2 }')
PHP_V=$(cat $SRC_DIR/src/rpm/php/hestia-php.spec | grep "Version:" | awk '{ print $2 }')
else
BUILD_VER=$(curl -s https://raw.githubusercontent.com/$REPO/$branch/src/rpm/hestia/hestia.spec | grep "Version:" | awk '{ print $2 }')
NGINX_V=$(curl -s https://raw.githubusercontent.com/$REPO/$branch/src/rpm/nginx/hestia-nginx.spec | grep "Version:" | awk '{ print $2 }')
PHP_V=$(curl -s https://raw.githubusercontent.com/$REPO/$branch/src/rpm/php/hestia-php.spec | grep "Version:" | awk '{ print $2 }')
fi
else
if [ -f "$SRC_DIR/src/deb/hestia/control" ] && [ "$use_src_folder" == 'true' ]; then
BUILD_VER=$(cat $SRC_DIR/src/deb/hestia/control | grep "Version:" | cut -d' ' -f2)
NGINX_V=$(cat $SRC_DIR/src/deb/nginx/control | grep "Version:" | cut -d' ' -f2)
PHP_V=$(cat $SRC_DIR/src/deb/php/control | grep "Version:" | cut -d' ' -f2)
else
BUILD_VER=$(curl -s https://raw.githubusercontent.com/$REPO/$branch/src/deb/hestia/control | grep "Version:" | cut -d' ' -f2)
NGINX_V=$(curl -s https://raw.githubusercontent.com/$REPO/$branch/src/deb/nginx/control | grep "Version:" | cut -d' ' -f2)
PHP_V=$(curl -s https://raw.githubusercontent.com/$REPO/$branch/src/deb/php/control | grep "Version:" | cut -d' ' -f2)
fi
fi
if [ -z "$BUILD_VER" ]; then
echo "Error: Branch invalid, could not detect version"
exit 1
fi
echo "Build version $BUILD_VER, with Nginx version $NGINX_V and PHP version $PHP_V"
if [ -e "/etc/redhat-release" ]; then
HESTIA_V="${BUILD_VER}"
else
HESTIA_V="${BUILD_VER}_${BUILD_ARCH}"
fi
OPENSSL_V='3.1.1'
PCRE_V='10.42'
ZLIB_V='1.2.13'
# Create build directories
if [ "$KEEPBUILD" != 'true' ]; then
rm -rf $BUILD_DIR
fi
mkdir -p $BUILD_DIR
mkdir -p $DEB_DIR
mkdir -p $RPM_DIR
mkdir -p $ARCHIVE_DIR
# Define a timestamp function
timestamp() {
date +%s
}
if [ "$dontinstalldeps" != 'true' ]; then
# Install needed software
if [ "$OSTYPE" = 'rhel' ]; then
# Set package dependencies for compiling
SOFTWARE='wget tar git mock'
echo "Updating system DNF repositories..."
dnf install -y -q dnf-plugins-core epel-release
if [ "$release" -eq 8 ]; then
dnf config-manager --set-enabled powertools > /dev/null 2>&1
else
dnf config-manager --set-enabled crb > /dev/null 2>&1
fi
dnf upgrade -y -q
echo "Installing dependencies for compilation..."
dnf install -y -q $SOFTWARE
mock -r almalinux+rhel-${release}-$BUILD_ARCH --clean
else
# Set package dependencies for compiling
SOFTWARE='wget tar git curl build-essential libxml2-dev libz-dev libzip-dev libgmp-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config libsqlite3-dev libonig-dev rpm lsb-release'
echo "Updating system APT repositories..."
apt-get -qq update > /dev/null 2>&1
echo "Installing dependencies for compilation..."
apt-get -qq install -y $SOFTWARE > /dev/null 2>&1
# Fix for Debian PHP Envroiment
if [ $BUILD_ARCH == "amd64" ]; then
if [ ! -L /usr/local/include/curl ]; then
ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl
fi
fi
fi
fi
# Get system cpu cores
NUM_CPUS=$(grep "^cpu cores" /proc/cpuinfo | uniq | awk '{print $4}')
if [ "$HESTIA_DEBUG" ]; then
if [ "$OSTYPE" = 'rhel' ]; then
echo "OS type : RHEL / Rocky Linux / AlmaLinux / EuroLinux"
else
echo "OS type : Debian / Ubuntu"
fi
echo "Branch : $branch"
echo "Install : $install"
echo "Build RPM : $BUILD_RPM"
echo "Build DEB : $BUILD_DEB"
echo "Hestia version : $BUILD_VER"
echo "Nginx version : $NGINX_V"
echo "PHP version : $PHP_V"
echo "Architecture : $BUILD_ARCH"
echo "Debug mode : $HESTIA_DEBUG"
echo "Source directory : $SRC_DIR"
fi
# Generate Links for sourcecode
HESTIA_ARCHIVE_LINK='https://github.com/hestiacp/hestiacp/archive/'$branch'.tar.gz'
if [[ $NGINX_V =~ - ]]; then
NGINX='https://nginx.org/download/nginx-'$(echo $NGINX_V | cut -d"-" -f1)'.tar.gz'
else
NGINX='https://nginx.org/download/nginx-'$(echo $NGINX_V | cut -d"~" -f1)'.tar.gz'
fi
OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz'
PCRE='https://github.com/PCRE2Project/pcre2/releases/download/pcre2-'$PCRE_V'/pcre2-'$PCRE_V'.tar.gz'
ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz'
if [[ $PHP_V =~ - ]]; then
PHP='http://de2.php.net/distributions/php-'$(echo $PHP_V | cut -d"-" -f1)'.tar.gz'
else
PHP='http://de2.php.net/distributions/php-'$(echo $PHP_V | cut -d"~" -f1)'.tar.gz'
fi
# Forward slashes in branchname are replaced with dashes to match foldername in github archive.
branch_dash=$(echo "$branch" | sed 's/\//-/g')
#################################################################################
#
# Building hestia-nginx
#
#################################################################################
if [ "$NGINX_B" = true ]; then
echo "Building hestia-nginx package..."
if [ "$CROSS" = "true" ]; then
echo "Cross compile not supported for hestia-nginx or hestia-php"
exit 1
fi
if [ "$BUILD_DEB" = true ]; then
# Change to build directory
cd $BUILD_DIR
BUILD_DIR_HESTIANGINX=$BUILD_DIR/hestia-nginx_$NGINX_V
if [[ $NGINX_V =~ - ]]; then
BUILD_DIR_NGINX=$BUILD_DIR/nginx-$(echo $NGINX_V | cut -d"-" -f1)
else
BUILD_DIR_NGINX=$BUILD_DIR/nginx-$(echo $NGINX_V | cut -d"~" -f1)
fi
if [ "$KEEPBUILD" != 'true' ] || [ ! -d "$BUILD_DIR_HESTIANGINX" ]; then
# Check if target directory exist
if [ -d "$BUILD_DIR_HESTIANGINX" ]; then
#mv $BUILD_DIR/hestia-nginx_$NGINX_V $BUILD_DIR/hestia-nginx_$NGINX_V-$(timestamp)
rm -r "$BUILD_DIR_HESTIANGINX"
fi
# Create directory
mkdir -p $BUILD_DIR_HESTIANGINX
# Download and unpack source files
download_file $NGINX '-' | tar xz
download_file $OPENSSL '-' | tar xz
download_file $PCRE '-' | tar xz
download_file $ZLIB '-' | tar xz
# Change to nginx directory
cd $BUILD_DIR_NGINX
# configure nginx
./configure --prefix=/usr/local/hestia/nginx \
--with-http_v2_module \
--with-http_ssl_module \
--with-openssl=../openssl-$OPENSSL_V \
--with-openssl-opt=enable-ec_nistp_64_gcc_128 \
--with-openssl-opt=no-nextprotoneg \
--with-openssl-opt=no-weak-ssl-ciphers \
--with-openssl-opt=no-ssl3 \
--with-pcre=../pcre2-$PCRE_V \
--with-pcre-jit \
--with-zlib=../zlib-$ZLIB_V
fi
# Change to nginx directory
cd $BUILD_DIR_NGINX
# Check install directory and remove if exists
if [ -d "$BUILD_DIR$INSTALL_DIR" ]; then
rm -r "$BUILD_DIR$INSTALL_DIR"
fi
# Copy local hestia source files
if [ "$use_src_folder" == 'true' ] && [ -d $SRC_DIR ]; then
cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
fi
# Create the files and install them
make -j $NUM_CPUS && make DESTDIR=$BUILD_DIR install
# Clear up unused files
if [ "$KEEPBUILD" != 'true' ]; then
rm -r $BUILD_DIR_NGINX $BUILD_DIR/openssl-$OPENSSL_V $BUILD_DIR/pcre2-$PCRE_V $BUILD_DIR/zlib-$ZLIB_V
fi
cd $BUILD_DIR_HESTIANGINX
# Move nginx directory
mkdir -p $BUILD_DIR_HESTIANGINX/usr/local/hestia
rm -rf $BUILD_DIR_HESTIANGINX/usr/local/hestia/nginx
mv $BUILD_DIR/usr/local/hestia/nginx $BUILD_DIR_HESTIANGINX/usr/local/hestia/
# Remove original nginx.conf (will use custom)
rm -f $BUILD_DIR_HESTIANGINX/usr/local/hestia/nginx/conf/nginx.conf
# copy binary
mv $BUILD_DIR_HESTIANGINX/usr/local/hestia/nginx/sbin/nginx $BUILD_DIR_HESTIANGINX/usr/local/hestia/nginx/sbin/hestia-nginx
# change permission and build the package
cd $BUILD_DIR
chown -R root:root $BUILD_DIR_HESTIANGINX
# Get Debian package files
mkdir -p $BUILD_DIR_HESTIANGINX/DEBIAN
get_branch_file 'src/deb/nginx/control' "$BUILD_DIR_HESTIANGINX/DEBIAN/control"
if [ "$BUILD_ARCH" != "amd64" ]; then
sed -i "s/amd64/${BUILD_ARCH}/g" "$BUILD_DIR_HESTIANGINX/DEBIAN/control"
fi
get_branch_file 'src/deb/nginx/copyright' "$BUILD_DIR_HESTIANGINX/DEBIAN/copyright"
get_branch_file 'src/deb/nginx/postinst' "$BUILD_DIR_HESTIANGINX/DEBIAN/postinst"
get_branch_file 'src/deb/nginx/postrm' "$BUILD_DIR_HESTIANGINX/DEBIAN/portrm"
chmod +x "$BUILD_DIR_HESTIANGINX/DEBIAN/postinst"
chmod +x "$BUILD_DIR_HESTIANGINX/DEBIAN/portrm"
# Init file
mkdir -p $BUILD_DIR_HESTIANGINX/etc/init.d
get_branch_file 'src/deb/nginx/hestia' "$BUILD_DIR_HESTIANGINX/etc/init.d/hestia"
chmod +x "$BUILD_DIR_HESTIANGINX/etc/init.d/hestia"
# Custom config
get_branch_file 'src/deb/nginx/nginx.conf' "${BUILD_DIR_HESTIANGINX}/usr/local/hestia/nginx/conf/nginx.conf"
# Build the package
echo Building Nginx DEB
dpkg-deb -Zxz --build $BUILD_DIR_HESTIANGINX $DEB_DIR
rm -r $BUILD_DIR/usr
if [ "$KEEPBUILD" != 'true' ]; then
# Clean up the source folder
rm -r hestia- nginx_$NGINX_V
rm -rf $BUILD_DIR/rpmbuild
if [ "$use_src_folder" == 'true' ] && [ -d $BUILD_DIR/hestiacp-$branch_dash ]; then
rm -r $BUILD_DIR/hestiacp-$branch_dash
fi
fi
fi
if [ "$BUILD_RPM" = true ]; then
# Get RHEL package files
get_branch_file 'src/rpm/nginx/nginx.conf' "$BUILD_DIR/nginx.conf"
get_branch_file 'src/rpm/nginx/hestia-nginx.spec' "$BUILD_DIR/hestia-nginx.spec"
get_branch_file 'src/rpm/nginx/hestia-nginx.service' "$BUILD_DIR/hestia-nginx.service"
# Download source files
download_file $NGINX $BUILD_DIR
# Build the package
echo Building Nginx RPM
mock -r almalinux+rhel-${release}-$BUILD_ARCH --sources $BUILD_DIR --spec $BUILD_DIR/hestia-nginx.spec --resultdir $RPM_DIR
rm -f $BUILD_DIR/*
fi
fi
#################################################################################
#
# Building hestia-php
#
#################################################################################
if [ "$PHP_B" = true ]; then
if [ "$CROSS" = "true" ]; then
echo "Cross compile not supported for hestia-nginx or hestia-php"
exit 1
fi
echo "Building hestia-php package..."
if [ "$BUILD_DEB" = true ]; then
BUILD_DIR_HESTIAPHP=$BUILD_DIR/hestia-php_$PHP_V
BUILD_DIR_PHP=$BUILD_DIR/php-$(echo $PHP_V | cut -d"~" -f1)
if [[ $PHP_V =~ - ]]; then
BUILD_DIR_PHP=$BUILD_DIR/php-$(echo $PHP_V | cut -d"-" -f1)
else
BUILD_DIR_PHP=$BUILD_DIR/php-$(echo $PHP_V | cut -d"~" -f1)
fi
if [ "$KEEPBUILD" != 'true' ] || [ ! -d "$BUILD_DIR_HESTIAPHP" ]; then
# Check if target directory exist
if [ -d $BUILD_DIR_HESTIAPHP ]; then
rm -r $BUILD_DIR_HESTIAPHP
fi
# Create directory
mkdir -p $BUILD_DIR_HESTIAPHP
# Download and unpack source files
cd $BUILD_DIR
download_file $PHP '-' | tar xz
# Change to untarred php directory
cd $BUILD_DIR_PHP
# Configure PHP
./configure --prefix=/usr/local/hestia/php \
--with-libdir=lib/$(arch)-linux-gnu \
--enable-fpm --with-fpm-user=admin --with-fpm-group=admin \
--with-openssl \
--with-mysqli \
--with-gettext \
--with-curl \
--with-zip \
--with-gmp \
--enable-mbstring
fi
cd $BUILD_DIR_PHP
# Create the files and install them
make -j $NUM_CPUS && make INSTALL_ROOT=$BUILD_DIR install
# Copy local hestia source files
if [ "$use_src_folder" == 'true' ] && [ -d $SRC_DIR ]; then
[ "$HESTIA_DEBUG" ] && echo DEBUG: cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
fi
# Move php directory
[ "$HESTIA_DEBUG" ] && echo DEBUG: mkdir -p $BUILD_DIR_HESTIAPHP/usr/local/hestia
mkdir -p $BUILD_DIR_HESTIAPHP/usr/local/hestia
[ "$HESTIA_DEBUG" ] && echo DEBUG: rm -r $BUILD_DIR_HESTIAPHP/usr/local/hestia/php
if [ -d $BUILD_DIR_HESTIAPHP/usr/local/hestia/php ]; then
rm -r $BUILD_DIR_HESTIAPHP/usr/local/hestia/php
fi
[ "$HESTIA_DEBUG" ] && echo DEBUG: mv ${BUILD_DIR}/usr/local/hestia/php ${BUILD_DIR_HESTIAPHP}/usr/local/hestia/
mv ${BUILD_DIR}/usr/local/hestia/php ${BUILD_DIR_HESTIAPHP}/usr/local/hestia/
# copy binary
[ "$HESTIA_DEBUG" ] && echo DEBUG: cp $BUILD_DIR_HESTIAPHP/usr/local/hestia/php/sbin/php-fpm $BUILD_DIR_HESTIAPHP/usr/local/hestia/php/sbin/hestia-php
cp $BUILD_DIR_HESTIAPHP/usr/local/hestia/php/sbin/php-fpm $BUILD_DIR_HESTIAPHP/usr/local/hestia/php/sbin/hestia-php
# Change permissions and build the package
chown -R root:root $BUILD_DIR_HESTIAPHP
# Get Debian package files
[ "$HESTIA_DEBUG" ] && echo DEBUG: mkdir -p $BUILD_DIR_HESTIAPHP/DEBIAN
mkdir -p $BUILD_DIR_HESTIAPHP/DEBIAN
get_branch_file 'src/deb/php/control' "$BUILD_DIR_HESTIAPHP/DEBIAN/control"
if [ "$BUILD_ARCH" != "amd64" ]; then
sed -i "s/amd64/${BUILD_ARCH}/g" "$BUILD_DIR_HESTIAPHP/DEBIAN/control"
fi
os=$(lsb_release -is)
release=$(lsb_release -rs)
if [[ "$os" = "Ubuntu" ]] && [[ "$release" = "20.04" ]]; then
sed -i "/Conflicts: libzip5/d" "$BUILD_DIR_HESTIAPHP/DEBIAN/control"
sed -i "s/libzip4/libzip5/g" "$BUILD_DIR_HESTIAPHP/DEBIAN/control"
fi
get_branch_file 'src/deb/php/copyright' "$BUILD_DIR_HESTIAPHP/DEBIAN/copyright"
get_branch_file 'src/deb/php/postinst' "$BUILD_DIR_HESTIAPHP/DEBIAN/postinst"
chmod +x $BUILD_DIR_HESTIAPHP/DEBIAN/postinst
# Get custom config
get_branch_file 'src/deb/php/php-fpm.conf' "${BUILD_DIR_HESTIAPHP}/usr/local/hestia/php/etc/php-fpm.conf"
get_branch_file 'src/deb/php/php.ini' "${BUILD_DIR_HESTIAPHP}/usr/local/hestia/php/lib/php.ini"
# Build the package
echo Building PHP DEB
[ "$HESTIA_DEBUG" ] && echo DEBUG: dpkg-deb -Zxz --build $BUILD_DIR_HESTIAPHP $DEB_DIR
dpkg-deb -Zxz --build $BUILD_DIR_HESTIAPHP $DEB_DIR
rm -r $BUILD_DIR/usr
# clear up the source folder
if [ "$KEEPBUILD" != 'true' ]; then
rm -r $BUILD_DIR/php-$(echo $PHP_V | cut -d"~" -f1)
rm -r $BUILD_DIR_HESTIAPHP
if [ "$use_src_folder" == 'true' ] && [ -d $BUILD_DIR/hestiacp-$branch_dash ]; then
rm -r $BUILD_DIR/hestiacp-$branch_dash
fi
fi
fi
if [ "$BUILD_RPM" = true ]; then
# Get RHEL package files
get_branch_file 'src/rpm/php/php-fpm.conf' "$BUILD_DIR/php-fpm.conf"
get_branch_file 'src/rpm/php/php.ini' "$BUILD_DIR/php.ini"
get_branch_file 'src/rpm/php/hestia-php.spec' "$BUILD_DIR/hestia-php.spec"
get_branch_file 'src/rpm/php/hestia-php.service' "$BUILD_DIR/hestia-php.service"
# Download source files
download_file $PHP "$BUILD_DIR/"
# Build RPM package
echo Building PHP RPM
mock -r almalinux+rhel-${release}-$BUILD_ARCH --sources $BUILD_DIR --spec $BUILD_DIR/hestia-php.spec --resultdir $RPM_DIR
rm -f $BUILD_DIR/*
fi
fi
#################################################################################
#
# Building hestia
#
#################################################################################
arch="$BUILD_ARCH"
if [ "$HESTIA_B" = true ]; then
if [ "$CROSS" = "true" ]; then
arch="amd64 arm64"
fi
for BUILD_ARCH in $arch; do
echo "Building Hestia Control Panel package..."
if [ "$BUILD_DEB" = true ]; then
BUILD_DIR_HESTIA=$BUILD_DIR/hestia_$HESTIA_V
# Change to build directory
cd $BUILD_DIR
if [ "$KEEPBUILD" != 'true' ] || [ ! -d "$BUILD_DIR_HESTIA" ]; then
# Check if target directory exist
if [ -d $BUILD_DIR_HESTIA ]; then
rm -r $BUILD_DIR_HESTIA
fi
# Create directory
mkdir -p $BUILD_DIR_HESTIA
fi
cd $BUILD_DIR
rm -rf $BUILD_DIR/hestiacp-$branch_dash
# Download and unpack source files
if [ "$use_src_folder" == 'true' ]; then
[ "$HESTIA_DEBUG" ] && echo DEBUG: cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
cp -rf "$SRC_DIR/" $BUILD_DIR/hestiacp-$branch_dash
elif [ -d $SRC_DIR ]; then
download_file $HESTIA_ARCHIVE_LINK '-' 'fresh' | tar xz
fi
mkdir -p $BUILD_DIR_HESTIA/usr/local/hestia
# Move needed directories
cd $BUILD_DIR/hestiacp-$branch_dash
cp -rf bin func install web $BUILD_DIR_HESTIA/usr/local/hestia/
# Set permissions
find $BUILD_DIR_HESTIA/usr/local/hestia/ -type f -exec chmod -x {} \;
# Allow send email via /usr/local/hestia/web/inc/mail-wrapper.php via cli
chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/web/inc/mail-wrapper.php
# Allow the executable to be executed
chmod +x $BUILD_DIR_HESTIA/usr/local/hestia/bin/*
find $BUILD_DIR_HESTIA/usr/local/hestia/install/ \( -name '*.sh' \) -exec chmod +x {} \;
chmod -x $BUILD_DIR_HESTIA/usr/local/hestia/install/*.sh
chown -R root:root $BUILD_DIR_HESTIA
# Get Debian package files
mkdir -p $BUILD_DIR_HESTIA/DEBIAN
get_branch_file 'src/deb/hestia/control' "$BUILD_DIR_HESTIA/DEBIAN/control"
if [ "$BUILD_ARCH" != "amd64" ]; then
sed -i "s/amd64/${BUILD_ARCH}/g" "$BUILD_DIR_HESTIA/DEBIAN/control"
fi
get_branch_file 'src/deb/hestia/copyright' "$BUILD_DIR_HESTIA/DEBIAN/copyright"
get_branch_file 'src/deb/hestia/preinst' "$BUILD_DIR_HESTIA/DEBIAN/preinst"
get_branch_file 'src/deb/hestia/postinst' "$BUILD_DIR_HESTIA/DEBIAN/postinst"
chmod +x $BUILD_DIR_HESTIA/DEBIAN/postinst
chmod +x $BUILD_DIR_HESTIA/DEBIAN/preinst
echo Building Hestia DEB
dpkg-deb -Zxz --build $BUILD_DIR_HESTIA $DEB_DIR
# clear up the source folder
if [ "$KEEPBUILD" != 'true' ]; then
rm -r $BUILD_DIR_HESTIA
rm -rf hestiacp-$branch_dash
fi
cd $BUILD_DIR/hestiacp-$branch_dash
fi
if [ "$BUILD_RPM" = true ]; then
# Get RHEL package files
get_branch_file 'src/rpm/hestia/hestia.spec' "$BUILD_DIR/hestia.spec"
get_branch_file 'src/rpm/hestia/hestia.service' "$BUILD_DIR/hestia.service"
# Generate source tar.gz
tar -czf $BUILD_DIR/hestia-$BUILD_VER.tar.gz -C $SRC_DIR/.. hestiacp
# Build RPM package
echo Building Hestia RPM
mock -r almalinux+rhel-${release}-$BUILD_ARCH --sources $BUILD_DIR --spec $BUILD_DIR/hestia.spec --resultdir $RPM_DIR
rm -f $BUILD_DIR/*
fi
done
fi
#################################################################################
#
# Install Packages
#
#################################################################################
if [ "$install" = 'yes' ] || [ "$install" = 'y' ] || [ "$install" = 'true' ]; then
# Install all available packages
echo "Installing packages..."
if [ "$OSTYPE" = 'rhel' ]; then
rpms=""
for i in $(ls $RPM_DIR/*.rpm | grep -v '\.src\.rpm'); do
rpms+="$RPM_DIR/$i "
done
dnf -y localinstall $rpms
if [ $? -ne 0 ]; then
exit 1
fi
else
for i in $DEB_DIR/*.deb; do
dpkg -i $i
if [ $? -ne 0 ]; then
exit 1
fi
done
fi
unset $answer
fi

29
src/hst_bootstrap_install.sh Executable file
View File

@@ -0,0 +1,29 @@
#!/bin/bash
# Clean installation bootstrap for development purposes only
# Usage: ./hst_bootstrap_install.sh [fork] [branch] [os]
# Example: ./hst_bootstrap_install.sh hestiacp main ubuntu
# Define variables
fork=$1
branch=$2
os=$3
# Download specified installer and compiler
if [ -f "/etc/redhat-release" ]; then
wget https://raw.githubusercontent.com/$fork/hestiacp/$branch/install/hst-install-rhel.sh
else
wget https://raw.githubusercontent.com/$fork/hestiacp/$branch/install/hst-install-$os.sh
fi
wget https://raw.githubusercontent.com/$fork/hestiacp/$branch/src/hst_autocompile.sh
# Execute compiler and build hestia core package
chmod +x hst_autocompile.sh
./hst_autocompile.sh --hestia $branch no
# Execute Hestia Control Panel installer with default dummy options for testing
if [ -f "/etc/redhat-release" ]; then
bash hst-install-rhel.sh -f -y no -e admin@test.local -p P@ssw0rd -s hestia-$branch-rhel.test.local --with-rpms /tmp/hestiacp-src/rpms
else
bash hst-install-$os.sh -f -y no -e admin@test.local -p P@ssw0rd -s hestia-$branch-$os.test.local --with-debs /tmp/hestiacp-src/debs
fi

8
src/hst_generate_clidocs.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
for file in /usr/local/hestia/bin/*; do
echo "$file" >> ~/hestia_cli_help.txt
[ -f "$file" ] && [ -x "$file" ] && "$file" >> ~/hestia_cli_help.txt
done
sed -i 's\/usr/local/hestia/bin/\\' ~/hestia_cli_help.txt

96
src/lxd_build_all.sh Executable file
View File

@@ -0,0 +1,96 @@
#!/bin/bash
#
# Script for preparing lxd environment and building Hestia packages for all supported distros
# - Run with sudo, not directly as root!
#
# Arguments:
# ./lxd_build_all --cleanup
# - Stop and delete all containers
#
# ./lxd_build_all --background
# - Execute the build script on all containers simultaneously
#
# Configs:
# Use focal and jammy instead of "20.04 an 22.04"
oslist=('debian=10,11' 'ubuntu=18.04,focal,jammy')
branch='main'
function setup_container() {
if [ "$osname" = 'ubuntu' ]; then
lxc init $osname:$osver "${containername}"
else
lxc init images:$osname/$osver "${containername}"
fi
mkdir -p "${__DIR__}/build/${containername}"
chown $user: "${__DIR__}/build/${containername}"
lxc config set ${containername} raw.idmap "both $user_id $user_gid"
lxc config device add ${containername} debdir disk path=/opt/hestiacp source=${__DIR__}/build/${containername}
}
cmd=$1
__DIR__="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" #"
# user=$(logname)
user=$SUDO_USER
user_id=$(id -u $user)
user_gid=$(id -g $user)
if [ -z "$user" ] || [ -z "$user_id" ] || [ -z "$user_gid" ] || [ "$user" = 'root' ]; then
echo "Script must be run with sudo, not directly as root" && exit 1
fi
if ! which lxd > /dev/null 2>&1; then
# Use snapd instead
apt -y install snapd
snap install lxd
lxd init --auto
echo "root:$user_id:1" | sudo tee -a /etc/subuid
echo "root:$user_gid:1" | sudo tee -a /etc/subgid
fi
for osdef in "${oslist[@]}"; do
osname=${osdef%%=*}
osversions=$(echo ${osdef##*=} | tr "," "\n")
for osver in $osversions; do
containername="hst-${osname}-${osver/\./}"
container_ip=""
echo "Container $containername"
if [ "$cmd" = '--cleanup' ]; then
# Stop and delete container
lxc stop $containername
lxc rm $containername
continue
fi
if ! lxc info $containername > /dev/null 2>&1; then
setup_container
fi
lxc start $containername > /dev/null 2>&1
# Wait for container to start
while [ -z "$container_ip" ]; do
sleep 1
container_ip=$(lxc list --format csv -c 4,n | grep ",$containername$" | cut -d "," -f 1)
done
echo $container_ip
cp -f "${__DIR__}/lxd_compile.sh" "${__DIR__}/build/${containername}/lxd_compile.sh"
if [ "$cmd" = '--background' ]; then
# Run build script in background
lxc exec $containername -- /opt/hestiacp/lxd_compile.sh $branch > /dev/null 2>&1 &
else
lxc exec $containername -- /opt/hestiacp/lxd_compile.sh $branch
fi
done
done

41
src/lxd_compile.sh Normal file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
branch=${1-main}
if [ -f "/etc/redhat-release" ]; then
dnf -y install curl wget
else
apt -y install curl wget
fi
curl https://raw.githubusercontent.com/hestiacp/hestiacp/$branch/src/hst_autocompile.sh > /tmp/hst_autocompile.sh
chmod +x /tmp/hst_autocompile.sh
mkdir -p /opt/hestiacp
# Building Hestia
if bash /tmp/hst_autocompile.sh --hestia --noinstall --keepbuild $branch; then
if [ -f "/etc/redhat-release" ]; then
cp /tmp/hestiacp-src/rpm/*.rpm /opt/hestiacp/
else
cp /tmp/hestiacp-src/deb/*.deb /opt/hestiacp/
fi
fi
# Building PHP
if bash /tmp/hst_autocompile.sh --php --noinstall --keepbuild $branch; then
if [ -f "/etc/redhat-release" ]; then
cp /tmp/hestiacp-src/rpm/*.rpm /opt/hestiacp/
else
cp /tmp/hestiacp-src/deb/*.deb /opt/hestiacp/
fi
fi
# Building NGINX
if bash /tmp/hst_autocompile.sh --nginx --noinstall --keepbuild $branch; then
if [ -f "/etc/redhat-release" ]; then
cp /tmp/hestiacp-src/rpm/*.rpm /opt/hestiacp/
else
cp /tmp/hestiacp-src/deb/*.deb /opt/hestiacp/
fi
fi

15
src/rpm/hestia/hestia.service Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=Hestia web console
Documentation=https://www.hestiacp.com
Wants=network-online.target
After=network-online.target
Requires=hestia-php.service
Requires=hestia-nginx.service
[Service]
Type=oneshot
ExecStart=/bin/true
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

177
src/rpm/hestia/hestia.spec Normal file
View File

@@ -0,0 +1,177 @@
%define debug_package %{nil}
%global _hardened_build 1
Name: hestia
Version: 1.8.0~alpha
Release: 1%{dist}
Summary: Hestia Control Panel
Group: System Environment/Base
License: GPLv3
URL: https://www.hestiacp.com
Source0: https://github.com/hestiacp/hestiacp/archive/refs/tags/%{version}.tar.gz#/hestia-%{version}.tar.gz
Source1: hestia.service
Source2: hestia.tmpfiles
Vendor: hestiacp.com
BuildArch: noarch
BuildRequires: redhat-rpm-config
BuildRequires: systemd
Requires: bash
Requires: gawk
Requires: sed
Requires: acl
Requires: sysstat
Requires: util-linux
Requires: zstd
Requires: jq
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Provides: hestia = %{version}-%{release}
Conflicts: redhat-release < 8
Conflicts: vesta
%description
This package contains the Hestia Control Panel.
%prep
%autosetup -p1 -n hestiacp
%build
%install
mkdir -p %{buildroot}%{_unitdir} %{buildroot}%{_tmpfilesdir} %{buildroot}/usr/local/hestia
cp -R %{_builddir}/hestiacp/* %{buildroot}/usr/local/hestia/
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/hestia.service
install -D %SOURCE2 %{buildroot}%{_tmpfilesdir}/%{name}.conf
# Cleanup not required files so package will be smaller
rm -rf %{buildroot}/usr/local/hestia/src/deb %{buildroot}/usr/local/hestia/src/archive %{buildroot}/usr/local/hestia/test %{buildroot}/usr/local/hestia/docs
%clean
%pre
# Run triggers only on updates
if [ -e "/usr/local/hestia/data/users/admin" ]; then
# Validate version number and replace if different
HESTIA_V=$(rpm --queryformat="%{VERSION}" -q hestia)
if [ ! "$HESTIA_V" = "%{version}" ]; then
sed -i "s/VERSION=.*/VERSION='$HESTIA_V'/g" /usr/local/hestia/conf/hestia.conf
fi
fi
%post
%tmpfiles_create_package %{name} %SOURCE2
%systemd_post hestia.service
if [ ! -e /etc/profile.d/hestia.sh ]; then
HESTIA='/usr/local/hestia'
echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh
echo 'export PATH' >> /etc/profile.d/hestia.sh
chmod 755 /etc/profile.d/hestia.sh
source /etc/profile.d/hestia.sh
fi
if [ -e "/usr/local/hestia/data/users/admin" ]; then
###############################################################
# Initialize functions/variables #
###############################################################
# Load upgrade functions and refresh variables/configuration
source /usr/local/hestia/func/upgrade.sh
upgrade_refresh_config
###############################################################
# Set new version numbers for packages #
###############################################################
# Hestia Control Panel
new_version=$(rpm --queryformat="%{VERSION}" -q hestia)
# phpMyAdmin
pma_v='5.0.2'
###############################################################
# Begin standard upgrade routines #
###############################################################
# Initialize backup directories
upgrade_init_backup
# Set up console display and welcome message
upgrade_welcome_message
# Execute version-specific upgrade scripts
upgrade_start_routine
# Update Web domain templates
upgrade_rebuild_web_templates | tee -a $LOG
# Update Mail domain templates
upgrade_rebuild_mail_templates | tee -a $LOG
# Update DNS zone templates
upgrade_rebuild_dns_templates | tee -a $LOG
# Upgrade File Manager and update configuration
upgrade_filemanager | tee -a $LOG
# Upgrade SnappyMail if applicable
upgrade_snappymail | tee -a $LOG
# Upgrade Roundcube if applicable
upgrade_roundcube | tee -a $LOG
# Upgrade PHPMailer if applicable
upgrade_phpmailer | tee -a $LOG
# Update Cloudflare IPs if applicable
upgrade_cloudflare_ip | tee -a $LOG
# Upgrade phpMyAdmin if applicable
upgrade_phpmyadmin | tee -a $LOG
# Upgrade phpPgAdmin if applicable
upgrade_phppgadmin | tee -a $LOG
# Upgrade blackblaze-cli-took if applicable
upgrade_b2_tool | tee -a $LOG
# update whitelabel logo's
update_whitelabel_logo | tee -a $LOG
# Set new version number in hestia.conf
upgrade_set_version
# Perform account and domain rebuild to ensure configuration files are correct
upgrade_rebuild_users
# Restart necessary services for changes to take full effect
upgrade_restart_services
# Add upgrade notification to admin user's panel and display completion message
upgrade_complete_message
fi
%preun
%systemd_preun hestia.service
%postun
%systemd_postun_with_restart hestia.service
%files
%defattr(-,root,root)
%attr(755,root,root) /usr/local/hestia
%{_unitdir}/hestia.service
%{_tmpfilesdir}/%{name}.conf
%changelog
* Sun May 14 2023 Istiak Ferdous <hello@istiak.com> - 1.8.0-1
- HestiaCP RHEL 9 support
* Thu Jun 25 2020 Ernesto Nicolás Carrea <equistango@gmail.com> - 1.2.0
- HestiaCP CentOS 8 support

1
src/rpm/hestia/hestia.tmpfiles Normal file
View File

@@ -0,0 +1 @@
d /run/hestia 710 root wheel

19
src/rpm/nginx/hestia-nginx.service Normal file
View File

@@ -0,0 +1,19 @@
[Unit]
Description=Hestia nginx - administration web server
Documentation=https://www.hestiacp.com
PartOf=hestia.service
After=hestia-php.service
[Service]
Type=forking
PIDFile=/run/hestia/nginx.pid
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/local/hestia/nginx/sbin/hestia-nginx -t -c /usr/local/hestia/nginx/conf/nginx.conf
ExecStart=/usr/local/hestia/nginx/sbin/hestia-nginx -c /usr/local/hestia/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
[Install]
WantedBy=hestia.service

136
src/rpm/nginx/hestia-nginx.spec Normal file
View File

@@ -0,0 +1,136 @@
%global _hardened_build 1
%define WITH_CC_OPT $(echo %{optflags} $(pcre2-config --cflags)) -fPIC
%define WITH_LD_OPT -Wl,-z,relro -Wl,-z,now -pie
%global _prefix /usr/local/hestia/nginx
Name: hestia-nginx
Version: 1.25.1
Release: 1%{dist}
Summary: Hestia internal nginx web server
Group: System Environment/Base
URL: https://www.hestiacp.com
Source0: https://nginx.org/download/nginx-%{version}.tar.gz
Source1: hestia-nginx.service
Source2: nginx.conf
License: BSD
Vendor: hestiacp.com
BuildRequires: make
BuildRequires: gcc
BuildRequires: pcre2-devel
BuildRequires: zlib-devel
BuildRequires: gd-devel
BuildRequires: libxslt-devel
BuildRequires: redhat-rpm-config
BuildRequires: systemd
BuildRequires: openssl-devel
Requires: bash
Requires: gawk
Requires: sed
Requires: acl
Requires: sysstat
Requires: util-linux
Requires: zstd
Requires: jq
Requires: hestia-php
Requires: hestia
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%description
This package contains internal nginx webserver for Hestia Control Panel web interface.
%prep
%autosetup -p1 -n nginx-%{version}
%build
./configure \
--prefix=%_prefix \
--conf-path=%{_prefix}/conf/nginx.conf \
--error-log-path=%{_localstatedir}/log/hestia/nginx-error.log \
--http-log-path=%{_localstatedir}/log/hestia/access.log \
--pid-path=%{_rundir}/hestia/nginx.pid \
--lock-path=%{_rundir}/hestia/nginx.lock \
--http-client-body-temp-path=%{_localstatedir}/cache/hestia-nginx/client_temp \
--http-proxy-temp-path=%{_localstatedir}/cache/hestia-nginx/proxy_temp \
--http-fastcgi-temp-path=%{_localstatedir}/cache/hestia-nginx/fastcgi_temp \
--http-scgi-temp-path=%{_localstatedir}/cache/hestia-nginx/scgi_temp \
--user=admin \
--group=admin \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-cc-opt="%{WITH_CC_OPT}" \
--with-ld-opt="%{WITH_LD_OPT}"
%make_build
%install
%__make DESTDIR=%{buildroot} INSTALLDIRS=vendor install
mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/hestia-nginx.service
rm -f %{buildroot}/usr/local/hestia/nginx/conf/nginx.conf
cp %{SOURCE2} %{buildroot}/usr/local/hestia/nginx/conf/nginx.conf
mv %{buildroot}/usr/local/hestia/nginx/sbin/nginx %{buildroot}/usr/local/hestia/nginx/sbin/hestia-nginx
%clean
%pre
%post
%systemd_post hestia-nginx.service
%preun
%systemd_preun hestia-nginx.service
%postun
%systemd_postun_with_restart hestia-nginx.service
%files
%defattr(-,root,root)
%attr(755,root,root) /usr/local/hestia/nginx
%config(noreplace) /usr/local/hestia/nginx/conf/nginx.conf
%{_unitdir}/hestia-nginx.service
%changelog
* Fri Jun 16 2023 myrevery <github@myrevery.com> - 1.25.1-1
- Upgrade to NGINX 1.25.1 mainline version
- Implement TLS 1.3 0-RTT anti-replay
* Sun May 14 2023 Istiak Ferdous <hello@istiak.com> - 1.24.0-1
- 1.24.0-1
* Wed Jun 24 2020 Ernesto Nicolás Carrea <equistango@gmail.com> - 1.17.8
- HestiaCP CentOS 8 support
* Tue Jul 30 2013 Serghey Rodin <builder@vestacp.com> - 0.9.8-1
- upgraded to nginx-1.4.2
* Sat Apr 06 2013 Serghey Rodin <builder@vestacp.com> - 0.9.7-2
- new init script
* Wed Jun 27 2012 Serghey Rodin <builder@vestacp.com> - 0.9.7-1
- initial build

180
src/rpm/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,180 @@
# Server globals
user admin;
worker_processes 1;
worker_rlimit_nofile 65535;
error_log /var/log/hestia/nginx-error.log;
pid /run/hestia/nginx.pid;
#pcre_jit on;
# Worker config
events {
worker_connections 128;
use epoll;
multi_accept on;
}
http {
# Main settings
http2 on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 180s;
client_body_timeout 180s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 1024m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
keepalive_requests 10000;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
charset utf-8;
# FastCGI settings
fastcgi_buffers 512 4k;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_connect_timeout 30s;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Early-Data $rfc_early_data;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_buffers 256 4k;
proxy_buffer_size 32k;
proxy_busy_buffers_size 32k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_read_timeout 300s;
proxy_send_timeout 180s;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/hestia/nginx-access.log main;
# Mime settings
include mime.types;
default_type application/octet-stream;
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_buffers 128 4k;
gzip_http_version 1.1;
gzip_types text/css text/javascript text/js text/plain text/richtext text/shtml text/x-component text/x-java-source text/x-markdown text/x-script text/xml image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon font/otf font/ttf font/x-woff multipart/bag multipart/mixed application/eot application/font application/font-sfnt application/font-woff application/javascript application/javascript-binast application/json application/ld+json application/manifest+json application/opentype application/otf application/rss+xml application/ttf application/truetype application/vnd.api+json application/vnd.ms-fontobject application/wasm application/xhtml+xml application/xml application/xml+rss application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-protobuf application/x-ttf;
gzip_proxied any;
# SSL PCI compliance
ssl_buffer_size 1369;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256";
ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384;
ssl_conf_command Options PrioritizeChaCha;
ssl_dhparam /etc/pki/tls/dhparam.pem;
ssl_early_data on;
ssl_ecdh_curve auto;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_timeout 7d;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;
resolver_timeout 5s;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
# TLS 1.3 0-RTT anti-replay
map "$request_method:$is_args" $ar_idempotent {
default 0;
"~^GET:$|^(HEAD|OPTIONS|TRACE):\?*$" 1;
}
map $http_user_agent $ar_support_425 {
default 0;
"~Firefox/((58|59)|([6-9]\d)|([1-9]\d{2,}))\.\d+" 1;
}
map "$ssl_early_data:$ar_idempotent:$ar_support_425" $anti_replay {
1:0:0 307;
1:0:1 425;
}
map "$ssl_early_data:$ar_support_425" $rfc_early_data {
1:1 1;
}
# Vhost
server {
listen 8083 ssl;
server_name _;
root /usr/local/hestia/web;
# Fix error "The plain HTTP request was sent to HTTPS port"
error_page 497 https://$host:$server_port$request_uri;
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 410 /error/410.html;
error_page 500 501 502 503 504 505 /error/50x.html;
ssl_certificate /usr/local/hestia/ssl/certificate.crt;
ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host:$server_port$request_uri; }
if ($anti_replay = 425) { return 425; }
location / {
expires off;
index index.php;
}
location /error/ {
expires off;
internal;
}
location /rrd/ {
expires off;
internal;
}
location /backup/ {
root /;
internal;
}
location /fm/ {
alias /usr/local/hestia/web/fm/dist/;
index index.php;
location ~ /([^/]+\.php)$ {
try_files /$1 =404;
include fastcgi_params;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME /usr/local/hestia/web/fm/dist/index.php;
fastcgi_pass unix:/run/hestia-php.sock;
fastcgi_index index.php;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME /usr/local/hestia/web/$fastcgi_script_name;
fastcgi_pass unix:/run/hestia/php.sock;
fastcgi_intercept_errors on;
break;
}
}
}

16
src/rpm/php/hestia-php.service Normal file
View File

@@ -0,0 +1,16 @@
[Unit]
Description=Hestia PHP daemon
Documentation=https://www.hestiacp.com
PartOf=hestia.service
[Service]
Type=forking
PIDFile=/run/hestia/php.pid
ExecStart=/usr/local/hestia/php/sbin/hestia-php --fpm-config /usr/local/hestia/php/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID
ExecStop=/bin/kill -TERM $MAINPID
ExecStartPre=/bin/bash -c "/bin/systemctl set-environment HOSTNAME=$(/usr/bin/hostname)"
Environment="HESTIA=/usr/local/hestia"
[Install]
WantedBy=hestia.service

117
src/rpm/php/hestia-php.spec Normal file
View File

@@ -0,0 +1,117 @@
%global _hardened_build 1
%global _prefix /usr/local/hestia/php
Name: hestia-php
Version: 8.2.8
Release: 1%{dist}
Summary: Hestia internal PHP
Group: System Environment/Base
URL: https://www.hestiacp.com
Source0: https://www.php.net/distributions/php-%{version}.tar.xz
Source1: hestia-php.service
Source2: php-fpm.conf
Source3: php.ini
License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
Vendor: hestiacp.com
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: make
BuildRequires: libtool
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bison
BuildRequires: gnupg2
BuildRequires: bzip2-devel
BuildRequires: openssl-devel
BuildRequires: re2c
BuildRequires: gmp-devel
BuildRequires: oniguruma-devel
BuildRequires: libzip-devel
BuildRequires: pkgconfig(libcurl) >= 7.61.0
BuildRequires: pkgconfig(libxml-2.0) >= 2.9.7
BuildRequires: pkgconfig(sqlite3) >= 3.26.0
BuildRequires: systemd
%description
This package contains internal PHP for Hestia Control Panel web interface.
%prep
%autosetup -p1 -n php-%{version}
# https://bugs.php.net/63362 - Not needed but installed headers.
# Drop some Windows specific headers to avoid installation,
# before build to ensure they are really not needed.
rm -f TSRM/tsrm_win32.h \
TSRM/tsrm_config.w32.h \
Zend/zend_config.w32.h \
ext/mysqlnd/config-win.h \
ext/standard/winver.h \
main/win32_internal_function_disabled.h \
main/win95nt.h
%build
%if 0%{?rhel} > 8
# This package fails to build with LTO due to undefined symbols. LTO
# was disabled in OpenSuSE as well, but with no real explanation why
# beyond the undefined symbols. It really should be investigated further.
# Disable LTO
%define _lto_cflags %{nil}
%endif
%configure --sysconfdir=%{_prefix}%{_sysconfdir} \
--with-libdir=%{_libdir} \
--enable-fpm --with-fpm-user=admin --with-fpm-group=admin \
--with-openssl \
--with-mysqli \
--with-gettext \
--with-curl \
--with-zip \
--with-gmp \
--enable-mbstring
%make_build
%install
mkdir -p %{buildroot}%{_unitdir} %{buildroot}/usr/local/hestia/php/{etc,lib}
mkdir -p %{buildroot}%{_unitdir} %{buildroot}/usr/local/hestia/php/var/{log,run}
%make_install INSTALL_ROOT=$RPM_BUILD_ROOT
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}/hestia-php.service
cp %{SOURCE2} %{buildroot}/usr/local/hestia/php/etc/
cp %{SOURCE3} %{buildroot}/usr/local/hestia/php/lib/
%clean
%pre
%post
%systemd_post hestia-php.service
%preun
%systemd_preun hestia-php.service
%postun
%systemd_postun_with_restart hestia-php.service
%files
%defattr(-,root,root)
%attr(755,root,root) /usr/local/hestia/php
%attr(775,admin,admin) /usr/local/hestia/php/var/log
%attr(775,admin,admin) /usr/local/hestia/php/var/run
%config(noreplace) /usr/local/hestia/php/etc/php-fpm.conf
%config(noreplace) /usr/local/hestia/php/lib/php.ini
%{_unitdir}/hestia-php.service
%changelog
* Sat Jul 22 2023 Raven <raven@sysadmins.ws> - 8.2.8-1
- update PHP version to 8.2.8
* Sat Jun 3 2023 Raven <raven@sysadmins.ws> - 8.2.7-1
- update PHP version to 8.2.7
- spec file cleanup
* Sun May 14 2023 Istiak Ferdous <hello@istiak.com> - 8.2.6-1
- HestiaCP RHEL 9 support
* Thu Jun 25 2020 Ernesto Nicolás Carrea <equistango@gmail.com> - 7.4.6
- HestiaCP CentOS 8 support

43
src/rpm/php/php-fpm.conf Normal file
View File

@@ -0,0 +1,43 @@
[global]
pid = /run/hestia/php.pid
daemonize = yes
log_level = error
emergency_restart_threshold = 10
emergency_restart_interval = 60s
process_control_timeout = 10s
events.mechanism = epoll
[www]
listen = /run/hestia/php.sock
user = admin
group = admin
listen.owner = admin
listen.group = admin
listen.mode = 0660
pm = ondemand
pm.max_children = 4
pm.max_requests = 1000
pm.process_idle_timeout = 10s;
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
env[HESTIA] = $HESTIA
env[VESTA] = $HESTIA
env[LANG] = en_US.UTF-8
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[session.cookie_secure] = on
php_admin_value[memory_limit] = 256M
php_admin_value[post_max_size] = 256M
php_admin_value[upload_max_filesize] = 256M
php_admin_value[max_execution_time] = 300
php_admin_value[max_input_time] = 300
php_admin_value[session.save_path] = /usr/local/hestia/data/sessions

1977
src/rpm/php/php.ini Normal file
View File

File diff suppressed because it is too large Load Diff

38
src/script_template.sh Executable file
View File

@@ -0,0 +1,38 @@
#!/bin/bash
# info: command function
# options: REQUIRED_ARGUMENT [OPTIONAL_ARGUMENT]
#
# example: v-new-command user dosomething
#
# Add detailed comments about what the function does and how
# to use it here.
#----------------------------------------------------------#
# Variables & Functions #
#----------------------------------------------------------#
# Argument definition
# Includes - Call any necessary libraries from $HESTIA/func/
# Remember to add shellcheck headers!
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
# Insert any necessary verification steps here
# Perform verification if read-only mode is enabled
# check_hestia_demo_mode
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Insert action steps here
#----------------------------------------------------------#
# Hestia #
#----------------------------------------------------------#
# Insert logging or last stage service restarts here