Initial

2024-03-19 22:05:27 +03:00
commit 346a50856b
1572 changed files with 182163 additions and 0 deletions
--- a/src/deb/hestia/control
+++ b/src/deb/hestia/control
@@ -0,0 +1,14 @@
+Source: hestia
+Package: hestia
+Priority: optional
+Version: 1.9.0~alpha
+Section: admin
+Maintainer: HestiaCP <info@hestiacp.com>
+Homepage: https://www.hestiacp.com
+Architecture: amd64
+Depends: bash, awk, sed, acl, sysstat, setpriv | util-linux (>= 2.33), zstd, lsb-release, idn2, jq
+Description: hestia
+ hestia is an open source hosting control panel.
+ hestia has a clean and focused interface without the clutter.
+ hestia has the latest of very innovative technologies.
+ hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
--- a/src/deb/hestia/copyright
+++ b/src/deb/hestia/copyright
@@ -0,0 +1,30 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: hestia
+Source: https://www.hestiacp.com
+
+Files: *
+Copyright: 2018-2023, Hestia Control Panel <info@hestiacp.com>
+License: GPL-3.0+
+Remarks: Hestia Control Panel is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in /usr/share/common-licenses/GPL-3.
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
+# Please avoid to pick license terms that are more restrictive than the
+# packaged work, as it may make Debian's contributions unacceptable upstream.
--- a/src/deb/hestia/postinst
+++ b/src/deb/hestia/postinst
@@ -0,0 +1,126 @@
+#!/bin/bash
+
+if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+	exit
+fi
+
+###############################################################
+#                Initialize functions/variables               #
+###############################################################
+
+source /etc/hestiacp/hestia.conf
+
+# Load upgrade functions and variables
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/upgrade.sh
+source $HESTIA/func/upgrade.sh
+source_conf "$HESTIA/conf/hestia.conf"
+
+###############################################################
+#             Set new version numbers for packages            #
+###############################################################
+# Hestia Control Panel
+new_version=$(dpkg -l | awk '$2=="hestia" { print $3 }')
+
+###############################################################
+#               Begin standard upgrade routines               #
+###############################################################
+
+# Set default verbose output based on release branch
+is_debug_build
+
+# Detect operating system version
+detect_os
+
+# Initialize upgrade
+prepare_upgrade_config
+
+# Initialize backup directories
+upgrade_init_backup
+
+# Initialize logging
+upgrade_init_logging
+
+# Check if preinstall hook exists
+if [ -e "/etc/hestiacp/hooks/pre_install.sh" ]; then
+	/etc/hestiacp/hooks/pre_install.sh
+fi
+
+# Set up console display and welcome message
+upgrade_welcome_message_log >> $LOG
+upgrade_welcome_message
+
+# Back up existing configuration files and templates
+upgrade_start_backup | tee -a $LOG
+
+# Perform upgrade health check and refresh configuration before upgrading
+upgrade_health_check | tee -a $LOG
+upgrade_replace_default_config | tee -a $LOG
+upgrade_refresh_config | tee -a $LOG
+
+# Execute version-specific upgrade scripts
+upgrade_start_routine | tee -a $LOG
+
+# Run upgrades of dependencies
+source_conf "$HESTIA_BACKUP/upgrade.conf"
+
+# Update Web domain templates
+upgrade_rebuild_web_templates | tee -a $LOG
+
+# Update Mail domain templates
+upgrade_rebuild_mail_templates | tee -a $LOG
+
+# Update DNS zone templates
+upgrade_rebuild_dns_templates | tee -a $LOG
+
+# Upgrade File Manager and update configuration
+upgrade_filemanager | tee -a $LOG
+
+# Upgrade SnappyMail if applicable
+upgrade_snappymail | tee -a $LOG
+
+# Upgrade Roundcube if applicable
+upgrade_roundcube | tee -a $LOG
+
+# Upgrade PHP dependencies
+upgrade_dependencies | tee -a $LOG
+
+# Update Cloudflare IPs if applicable
+upgrade_cloudflare_ip | tee -a $LOG
+
+# Upgrade phpMyAdmin if applicable
+upgrade_phpmyadmin | tee -a $LOG
+
+# Upgrade phpPgAdmin if applicable
+upgrade_phppgadmin | tee -a $LOG
+
+# Upgrade blackblaze-cli-took if applicable
+upgrade_b2_tool | tee -a $LOG
+
+# update whitelabel logo's
+update_whitelabel_logo | tee -a $LOG
+
+# Set new version number in hestia.conf
+upgrade_set_version $new_version
+upgrade_set_branch $new_version
+
+# Perform upgrade clean-up tasks (rebuild domains and users, restart services, delete temporary files)
+upgrade_cleanup_message | tee -a $LOG
+upgrade_rebuild_users | tee -a $LOG
+upgrade_restart_services | tee -a $LOG
+
+# Add upgrade notification to admin user's panel and display completion message
+upgrade_complete_message_log >> $LOG
+upgrade_complete_message
+
+# If setting variables are set to true in hestia.conf, send notifications and email output.
+upgrade_send_notification_to_panel
+upgrade_send_notification_to_email
+upgrade_send_log_to_email
+
+if [ -e "/etc/hestiacp/hooks/post_install.sh" ]; then
+	/etc/hestiacp/hooks/post_install.sh
+fi
+
+exit 0
--- a/src/deb/hestia/preinst
+++ b/src/deb/hestia/preinst
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Run triggers only on updates
+if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+	exit
+fi
+
+if [ ! -e "/etc/hestiacp/hestia.conf" ]; then
+	mkdir -p /etc/hestiacp
+	echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
+fi
+
+# Configure apt to retry downloading on error
+if [ ! -f /etc/apt/apt.conf.d/80-retries ]; then
+	echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries
+fi
+
+# Validate version number and replace if different
+HESTIA_V=$(dpkg -s hestia | grep -i version | awk '{ print $2 }')
--- a/src/deb/nginx/control
+++ b/src/deb/nginx/control
@@ -0,0 +1,14 @@
+Source: hestia-nginx
+Package: hestia-nginx
+Priority: optional
+Version: 1.25.1-2
+Section: admin
+Maintainer: HestiaCP <info@hestiacp.com>
+Homepage: https://www.hestiacp.com
+Architecture: amd64
+Depends: hestia
+Description: hestia Nginx
+ hestia is an open source hosting control panel.
+ hestia has a clean and focused interface without the clutter.
+ hestia has the latest of very innovative technologies.
+ hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin.
--- a/src/deb/nginx/copyright
+++ b/src/deb/nginx/copyright
@@ -0,0 +1,30 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: hestia
+Source: https://www.hestiacp.com
+
+Files: *
+Copyright: 2018-2023, Hestia Control Panel <info@hestiacp.com>
+License: GPL-3.0+
+Remarks: Hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in /usr/share/common-licenses/GPL-3.
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
+# Please avoid to pick license terms that are more restrictive than the
+# packaged work, as it may make Debian's contributions unacceptable upstream.
--- a/src/deb/nginx/hestia
+++ b/src/deb/nginx/hestia
@@ -0,0 +1,143 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:       hestia
+#                 internal nginx
+#                 internal php-fpm
+# Required-Start:    $local_fs $remote_fs $network $syslog
+# Required-Stop:     $local_fs $remote_fs $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts the hestia control panel
+# Description:       starts nginx and php-fpm using start-stop-daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+NGINX_DAEMON=/usr/local/hestia/nginx/sbin/hestia-nginx
+NGINX_NAME=hestia-nginx
+NGINX_DESC=hestia-nginx
+NGINX_PID=/run/hestia-nginx.pid
+NGINX_CONF=/usr/local/hestia/nginx/conf/nginx.conf
+
+PHP_DAEMON=/usr/local/hestia/php/sbin/hestia-php
+PHP_NAME=hestia-php
+PHP_DESC=hestia-php
+PHP_PID=/run/hestia-php.pid
+PHP_CONF=/usr/local/hestia/php/etc/php-fpm.conf
+
+set -e
+
+. /lib/lsb/init-functions
+
+. /etc/profile.d/hestia.sh
+
+adapt_nginx_config() {
+	# Detect "physical" NICs only (virtual NICs created by Docker, WireGuard etc. are excluded)
+	physical_nics="$(ip -d -j link show | jq -r '.[] | if .link_type == "loopback" // .linkinfo.info_kind then empty else .ifname end')"
+	if [ -z "$physical_nics" ]; then
+		physical_nics="$(ip -d -j link show | jq -r '.[] | if .link_type == "loopback" then empty else .ifname end')"
+	fi
+	for nic in $physical_nics; do
+		if [ -z "$ipv4_scope_global" ]; then
+			ipv4_scope_global="$(ip -4 -d -j addr show "$nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end')"
+		fi
+		if [ -z "$ipv6_scope_global" ]; then
+			ipv6_scope_global="$(ip -6 -d -j addr show "$nic" | jq -r '.[] | select(length > 0) | .addr_info[] | if .scope == "global" then .local else empty end')"
+		fi
+	done
+
+	if [ -n "$ipv4_scope_global" ]; then
+		sed -i 's/#IPV4\([ \t]*listen[ \t]*[0-9]\{1,5\}.*\)/\1/' "$NGINX_CONF"
+	else
+		sed -i 's/^\([ \t]*listen[ \t]*[0-9]\{1,5\}.*\)/#IPV4\1/' "$NGINX_CONF"
+	fi
+	if [ -n "$ipv6_scope_global" ]; then
+		sed -i 's/#IPV6\([ \t]*listen[ \t]*\[\:\:\]\:[0-9]\{1,5\}.*\)/\1/' "$NGINX_CONF"
+	else
+		sed -i 's/^\([ \t]*listen[ \t]*\[\:\:\]\:[0-9]\{1,5\}.*\)/#IPV6\1/' "$NGINX_CONF"
+	fi
+}
+
+update_nginx_resolver() {
+	if grep -qw "1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8" "$NGINX_CONF"; then
+		for nameserver in $(grep -is '^nameserver' /etc/resolv.conf | cut -d' ' -f2 | tr '\r\n' ' ' | xargs); do
+			if echo "$nameserver" | grep -Pq "^(\d{1,3}\.){3}\d{1,3}$"; then
+				if [ -z "$resolver" ]; then
+					resolver="$nameserver"
+				else
+					resolver="$resolver $nameserver"
+				fi
+			fi
+		done
+
+		if [ -n "$resolver" ]; then
+			sed -i "s/1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8/$resolver/g" "$NGINX_CONF"
+		fi
+	fi
+}
+
+start_nginx() {
+	#adapt_nginx_config
+	update_nginx_resolver
+	start-stop-daemon --start --quiet --pidfile $NGINX_PID \
+		--retry 5 --exec $NGINX_DAEMON --oknodo
+}
+
+start_php() {
+	start-stop-daemon --start --quiet --pidfile $PHP_PID \
+		--retry 5 --exec $PHP_DAEMON --oknodo
+}
+
+stop_nginx() {
+	start-stop-daemon --stop --quiet --pidfile $NGINX_PID \
+		--retry 5 --oknodo --exec $NGINX_DAEMON
+}
+
+stop_php() {
+	start-stop-daemon --stop --quiet --pidfile $PHP_PID \
+		--retry 5 --oknodo --exec $PHP_DAEMON
+}
+
+case "$1" in
+	start)
+		log_daemon_msg "Starting $NGINX_DESC" "$NGINX_NAME"
+		start_nginx
+		log_end_msg $?
+		log_daemon_msg "Starting $PHP_DESC" "$PHP_NAME"
+		start_php
+		log_end_msg $?
+		;;
+
+	stop)
+		log_daemon_msg "Stopping $NGINX_DESC" "$NGINX_NAME"
+		stop_nginx
+		log_end_msg $?
+		log_daemon_msg "Stopping $PHP_DESC" "$PHP_NAME"
+		stop_php
+		log_end_msg $?
+		;;
+
+	restart | force-reload | reload | configtest | testconfig)
+		log_daemon_msg "Restarting $NGINX_DESC" "$NGINX_NAME"
+		stop_nginx
+		stop_php
+		sleep 1
+		start_nginx
+		log_end_msg $?
+		log_daemon_msg "Restarting $PHP_DESC" "$PHP_NAME"
+		start_php
+		log_end_msg $?
+		;;
+
+	status)
+		status_of_proc -p $NGINX_PID "$NGINX_DAEMON" hestia-nginx
+		status_of_proc -p $PHP_PID "$PHP_DAEMON" hestia-php
+		;;
+
+	*)
+		echo "Usage: hestia {start|stop|restart|status}" >&2
+		exit 1
+		;;
+esac
+
+exit 0
--- a/src/deb/nginx/nginx.conf
+++ b/src/deb/nginx/nginx.conf
@@ -0,0 +1,178 @@
+# Server globals
+user                 admin;
+worker_processes     1;
+worker_rlimit_nofile 65535;
+error_log            /var/log/hestia/nginx-error.log;
+pid                  /run/hestia-nginx.pid;
+pcre_jit             on;
+
+# Worker config
+events {
+	worker_connections 128;
+	use                epoll;
+	multi_accept       on;
+}
+
+http {
+	# Main settings
+	http2                         on;
+	sendfile                      on;
+	tcp_nopush                    on;
+	tcp_nodelay                   on;
+	client_header_timeout         180s;
+	client_body_timeout           180s;
+	client_header_buffer_size     2k;
+	client_body_buffer_size       256k;
+	client_max_body_size          1024m;
+	large_client_header_buffers   4 8k;
+	send_timeout                  60s;
+	keepalive_timeout             30s;
+	keepalive_requests            10000;
+	reset_timedout_connection     on;
+	server_tokens                 off;
+	server_name_in_redirect       off;
+	server_names_hash_max_size    512;
+	server_names_hash_bucket_size 512;
+	charset                       utf-8;
+	# FastCGI settings
+	fastcgi_buffers               512 4k;
+	fastcgi_buffer_size           256k;
+	fastcgi_busy_buffers_size     256k;
+	fastcgi_temp_file_write_size  256k;
+	fastcgi_connect_timeout       30s;
+	fastcgi_read_timeout          600s;
+	fastcgi_send_timeout          600s;
+	# Proxy settings
+	proxy_redirect                off;
+	proxy_set_header              Host $host;
+	proxy_set_header              Early-Data $rfc_early_data;
+	proxy_set_header              X-Real-IP $remote_addr;
+	proxy_set_header              X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_pass_header             Set-Cookie;
+	proxy_buffers                 256 4k;
+	proxy_buffer_size             32k;
+	proxy_busy_buffers_size       32k;
+	proxy_temp_file_write_size    256k;
+	proxy_connect_timeout         30s;
+	proxy_read_timeout            300s;
+	proxy_send_timeout            180s;
+	# Log format
+	log_format                    main '$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+	access_log                    /var/log/hestia/nginx-access.log main;
+	# Mime settings
+	include                       mime.types;
+	default_type                  application/octet-stream;
+	# Compression
+	gzip                          on;
+	gzip_vary                     on;
+	gzip_comp_level               6;
+	gzip_min_length               1024;
+	gzip_buffers                  128 4k;
+	gzip_http_version             1.1;
+	gzip_types                    text/css text/javascript text/js text/plain text/richtext text/shtml text/x-component text/x-java-source text/x-markdown text/x-script text/xml image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon font/otf font/ttf font/x-woff multipart/bag multipart/mixed application/eot application/font application/font-sfnt application/font-woff application/javascript application/javascript-binast application/json application/ld+json application/manifest+json application/opentype application/otf application/rss+xml application/ttf application/truetype application/vnd.api+json application/vnd.ms-fontobject application/wasm application/xhtml+xml application/xml application/xml+rss application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-protobuf application/x-ttf;
+	gzip_proxied                  any;
+	# SSL PCI compliance
+	ssl_buffer_size               1369;
+	ssl_ciphers                   "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256";
+	ssl_conf_command              Ciphersuites TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384;
+	ssl_conf_command              Options PrioritizeChaCha;
+	ssl_dhparam                   /etc/ssl/dhparam.pem;
+	ssl_early_data                on;
+	ssl_ecdh_curve                auto;
+	ssl_prefer_server_ciphers     on;
+	ssl_protocols                 TLSv1.2 TLSv1.3;
+	ssl_session_cache             shared:SSL:10m;
+	ssl_session_tickets           on;
+	ssl_session_timeout           7d;
+	ssl_stapling                  on;
+	ssl_stapling_verify           on;
+	resolver                      1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;
+	resolver_timeout              5s;
+	# Security headers
+	add_header                    X-Content-Type-Options nosniff;
+	add_header                    X-Frame-Options SAMEORIGIN;
+	add_header                    X-XSS-Protection "1; mode=block";
+
+	# TLS 1.3 0-RTT anti-replay
+	map "$request_method:$is_args" $ar_idempotent {
+		default 0;
+		"~^GET:$|^(HEAD|OPTIONS|TRACE):\?*$" 1;
+	}
+
+	map $http_user_agent $ar_support_425 {
+		default 0;
+		"~Firefox/((58|59)|([6-9]\d)|([1-9]\d{2,}))\.\d+" 1;
+	}
+
+	map "$ssl_early_data:$ar_idempotent:$ar_support_425" $anti_replay {
+		1:0:0 307;
+		1:0:1 425;
+	}
+
+	map "$ssl_early_data:$ar_support_425" $rfc_early_data {
+		1:1 1;
+	}
+
+	# Vhost
+	server {
+		listen              8083 ssl;
+		server_name         _;
+		root                /usr/local/hestia/web;
+		# Fix error "The plain HTTP request was sent to HTTPS port"
+		error_page          497 https://$host:$server_port$request_uri;
+		error_page          403 /error/404.html;
+		error_page          404 /error/404.html;
+		error_page          410 /error/410.html;
+		error_page          500 501 502 503 504 505 /error/50x.html;
+
+		ssl_certificate     /usr/local/hestia/ssl/certificate.crt;
+		ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
+
+		# TLS 1.3 0-RTT anti-replay
+		if ($anti_replay = 307) { return 307 https://$host:$server_port$request_uri; }
+		if ($anti_replay = 425) { return 425; }
+
+		location / {
+			expires off;
+			index index.php;
+		}
+
+		location /error/ {
+			expires off;
+			internal;
+		}
+
+		location /rrd/ {
+			expires off;
+			internal;
+		}
+
+		location /backup/ {
+			root /;
+			internal;
+		}
+
+		location /fm/ {
+			alias /usr/local/hestia/web/fm/dist/;
+			index index.php;
+
+			location ~ /([^/]+\.php)$ {
+				try_files     /$1 =404;
+				include       fastcgi_params;
+				fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
+				fastcgi_param SCRIPT_FILENAME /usr/local/hestia/web/fm/dist/index.php;
+				fastcgi_pass  unix:/run/hestia-php.sock;
+				fastcgi_index index.php;
+			}
+		}
+
+		location ~ \.php$ {
+			include                  fastcgi_params;
+			fastcgi_param            HTTP_EARLY_DATA $rfc_early_data if_not_empty;
+			fastcgi_param            SCRIPT_FILENAME /usr/local/hestia/web/$fastcgi_script_name;
+			fastcgi_pass             unix:/run/hestia-php.sock;
+			fastcgi_intercept_errors on;
+			break;
+		}
+	}
+}
--- a/src/deb/nginx/postinst
+++ b/src/deb/nginx/postinst
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+set -e
+
+if [ "$1" != "configure" ]; then
+	exit 0
+fi
+
+# Touch and set permisions on default log files on installation
+update-rc.d hestia defaults > /dev/null
+invoke-rc.d hestia start || true
+
+# Run triggers only on updates
+if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+	exit
+fi
+
+###############################################################
+#                Initialize functions/variables               #
+###############################################################
+
+if [ -z "$HESTIA" ]; then
+	export HESTIA='/usr/local/hestia'
+	PATH=$PATH:/usr/local/hestia/bin
+	export PATH
+fi
+
+# Check if preinstall hook exists
+if [ -e "/etc/hestiacp/hooks/nginx/pre_install.sh" ]; then
+	/etc/hestiacp/hooks/nginx/pre_install.sh
+fi
+
+# Load upgrade functions and variables
+source /usr/local/hestia/func/main.sh
+source /usr/local/hestia/func/upgrade.sh
+source /usr/local/hestia/conf/hestia.conf
+source /usr/local/hestia/install/upgrade/upgrade.conf
+
+# Reset backend port
+if [ ! -z "$BACKEND_PORT" ]; then
+	/usr/local/hestia/bin/v-change-sys-port $BACKEND_PORT
+fi
+
+if [ -e "/etc/hestiacp/hooks/nginx/post_install.sh" ]; then
+	/etc/hestiacp/hooks/nginx/post_install.sh
+fi
+
+# Restart hestia service
+if [ -f "/etc/init.d/hestia" ]; then
+	systemctl restart hestia > /dev/null 2>&1
+fi
--- a/src/deb/nginx/postrm
+++ b/src/deb/nginx/postrm
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+update-rc.d hestia remove > /dev/null 2>&1
+
+exit 0
--- a/src/deb/php/control
+++ b/src/deb/php/control
@@ -0,0 +1,15 @@
+Source: hestia-php
+Package: hestia-php
+Priority: optional
+Version: 8.2.8
+Section: admin
+Maintainer: HestaCP <info@hestiacp.com>
+Homepage: https://www.hestiacp.com
+Architecture: amd64
+Depends: hestia, libzip4, unzip, libonig5 | libonig4 | libonig2
+Conflct: libzip5
+Description: hestia php-fpm
+ hestia is an open source hosting control panel.
+ hestia has a clean and focused interface without the clutter.
+ hestia has the latest of very innovative technologies.
+ hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
--- a/src/deb/php/copyright
+++ b/src/deb/php/copyright
@@ -0,0 +1,30 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: hestia
+Source: https://www.hestiacp.com
+
+Files: *
+Copyright: 2018-2023, Hestia Control Panel <info@hestiacp.com>
+License: GPL-3.0+
+Remarks: Hestia is a fork from VestaCP, special thanks to vestacp.com and Serghey Rodin
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in /usr/share/common-licenses/GPL-3.
+
+# Please also look if there are files or directories which have a
+# different copyright/license attached and list them here.
+# Please avoid to pick license terms that are more restrictive than the
+# packaged work, as it may make Debian's contributions unacceptable upstream.
--- a/src/deb/php/php-fpm.conf
+++ b/src/deb/php/php-fpm.conf
@@ -0,0 +1,44 @@
+[global]
+pid = /run/hestia-php.pid
+daemonize = yes
+log_level = error
+emergency_restart_threshold = 10
+emergency_restart_interval = 60s
+process_control_timeout = 10s
+events.mechanism = epoll
+
+[www]
+listen = /run/hestia-php.sock
+
+user = admin
+group = admin
+
+listen.owner = admin
+listen.group = admin
+listen.mode = 0660
+
+pm = ondemand
+pm.max_children = 4
+pm.max_requests = 1000
+pm.process_idle_timeout = 10s;
+
+env[HOSTNAME] = $HOSTNAME
+env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+env[HESTIA] = $HESTIA
+env[VESTA] = $HESTIA
+env[LANG] = en_US.UTF-8
+
+php_flag[display_errors] = off
+php_admin_flag[log_errors] = on
+php_admin_flag[session.cookie_httponly] = on
+php_admin_flag[session.cookie_secure] = on
+php_admin_value[memory_limit] = 256M
+php_admin_value[post_max_size] = 256M
+php_admin_value[upload_max_filesize] = 256M
+php_admin_value[max_execution_time] = 300
+php_admin_value[max_input_time] = 300
+php_admin_value[session.save_path] = /usr/local/hestia/data/sessions
+php_admin_value[open_basedir] = /usr/local/hestia/:/tmp/:/dev/:/home/:/etc/ssh/:/backup/:/var/tmp/
--- a/src/deb/php/php.ini
+++ b/src/deb/php/php.ini
--- a/src/deb/php/postinst
+++ b/src/deb/php/postinst
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -e
+
+if [ "$1" != "configure" ]; then
+	exit 0
+fi
+
+# Run triggers below only on updates
+if [ ! -e "/usr/local/hestia/data/users/admin" ]; then
+	exit
+fi
+
+# Check if preinstall hook exists
+if [ -e "/etc/hestiacp/hooks/php/pre_install.sh" ]; then
+	/etc/hestiacp/hooks/php/pre_install.sh
+fi
+
+###############################################################
+#                Initialize functions/variables               #
+###############################################################
+
+if [ -z "$HESTIA" ]; then
+	export HESTIA='/usr/local/hestia'
+	PATH=$PATH:/usr/local/hestia/bin
+	export PATH
+fi
+
+# Load upgrade functions and variables
+source /usr/local/hestia/func/main.sh
+source /usr/local/hestia/func/upgrade.sh
+source /usr/local/hestia/conf/hestia.conf
+source /usr/local/hestia/install/upgrade/upgrade.conf
+
+# Restart hestia service
+if [ -f "/etc/init.d/hestia" ]; then
+	systemctl restart hestia > /dev/null 2>&1
+fi
+
+# Check if preinstall hook exists
+if [ -e "/etc/hestiacp/hooks/php/post_install.sh" ]; then
+	/etc/hestiacp/hooks/php/post_install.sh
+fi