From b68ef2b4ff358609b695a999a028b9326fa145d8 Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 24 Aug 2018 18:55:53 -0500 Subject: [PATCH 01/11] ondemand maybe causing 500 issue due to process timeout with nginx using sock file --- rootfs/sysprepz/apache2-templates/php56fpm.sh | 9 +++++---- rootfs/sysprepz/apache2-templates/php70fpm.sh | 9 +++++---- rootfs/sysprepz/apache2-templates/php71fpm.sh | 9 +++++---- rootfs/sysprepz/apache2-templates/php72fpm.sh | 9 +++++---- 4 files changed, 20 insertions(+), 16 deletions(-) diff --git a/rootfs/sysprepz/apache2-templates/php56fpm.sh b/rootfs/sysprepz/apache2-templates/php56fpm.sh index 9bb358b..8d4b3ae 100755 --- a/rootfs/sysprepz/apache2-templates/php56fpm.sh +++ b/rootfs/sysprepz/apache2-templates/php56fpm.sh @@ -17,10 +17,11 @@ listen.owner = $user listen.group = www-data listen.mode = 0660 -pm = ondemand -pm.max_children = 5 -pm.process_idle_timeout = 10s -pm.max_requests = 2000 +pm = dynamic +pm.start_servers = 1 +pm.max_children = 6 +pm.min_spare_servers = 1 +pm.max_spare_servers = 6 " fpm_conf_file="$home_dir/$user/web/$domain/cgi-bin/php$php_version-fpm.conf" diff --git a/rootfs/sysprepz/apache2-templates/php70fpm.sh b/rootfs/sysprepz/apache2-templates/php70fpm.sh index df836b7..2fa6d6e 100755 --- a/rootfs/sysprepz/apache2-templates/php70fpm.sh +++ b/rootfs/sysprepz/apache2-templates/php70fpm.sh @@ -17,10 +17,11 @@ listen.owner = $user listen.group = www-data listen.mode = 0660 -pm = ondemand -pm.max_children = 5 -pm.process_idle_timeout = 10s -pm.max_requests = 2000 +pm = dynamic +pm.start_servers = 1 +pm.max_children = 6 +pm.min_spare_servers = 1 +pm.max_spare_servers = 6 " fpm_conf_file="$home_dir/$user/web/$domain/cgi-bin/php-fpm.conf" diff --git a/rootfs/sysprepz/apache2-templates/php71fpm.sh b/rootfs/sysprepz/apache2-templates/php71fpm.sh index 9bf0f6c..fef3394 100755 --- a/rootfs/sysprepz/apache2-templates/php71fpm.sh +++ b/rootfs/sysprepz/apache2-templates/php71fpm.sh @@ -17,10 +17,11 @@ listen.owner = $user listen.group = www-data listen.mode = 0660 -pm = ondemand -pm.max_children = 5 -pm.process_idle_timeout = 10s -pm.max_requests = 2000 +pm = dynamic +pm.start_servers = 1 +pm.max_children = 6 +pm.min_spare_servers = 1 +pm.max_spare_servers = 6 " fpm_conf_file="$home_dir/$user/web/$domain/cgi-bin/php-fpm.conf" diff --git a/rootfs/sysprepz/apache2-templates/php72fpm.sh b/rootfs/sysprepz/apache2-templates/php72fpm.sh index 2901a51..d3bab39 100755 --- a/rootfs/sysprepz/apache2-templates/php72fpm.sh +++ b/rootfs/sysprepz/apache2-templates/php72fpm.sh @@ -17,10 +17,11 @@ listen.owner = $user listen.group = www-data listen.mode = 0660 -pm = ondemand -pm.max_children = 5 -pm.process_idle_timeout = 10s -pm.max_requests = 2000 +pm = dynamic +pm.start_servers = 1 +pm.max_children = 6 +pm.min_spare_servers = 1 +pm.max_spare_servers = 6 " fpm_conf_file="$home_dir/$user/web/$domain/cgi-bin/php-fpm.conf" From 24559bb995bc27178fa7d4422f15fc82959f2e0a Mon Sep 17 00:00:00 2001 From: noogen Date: Mon, 10 Sep 2018 18:49:33 -0500 Subject: [PATCH 02/11] remove deprecated ssl on directive --- rootfs/sysprepz/nginx-templates/custom.stpl | 4 ++-- rootfs/sysprepz/nginx-templates/php-fpm.stpl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rootfs/sysprepz/nginx-templates/custom.stpl b/rootfs/sysprepz/nginx-templates/custom.stpl index 5b0e673..319995c 100644 --- a/rootfs/sysprepz/nginx-templates/custom.stpl +++ b/rootfs/sysprepz/nginx-templates/custom.stpl @@ -1,7 +1,7 @@ server { - listen %proxy_ssl_port%; + listen %proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/rootfs/sysprepz/nginx-templates/php-fpm.stpl b/rootfs/sysprepz/nginx-templates/php-fpm.stpl index 4075289..d297afa 100644 --- a/rootfs/sysprepz/nginx-templates/php-fpm.stpl +++ b/rootfs/sysprepz/nginx-templates/php-fpm.stpl @@ -1,7 +1,7 @@ server { - listen %proxy_ssl_port%; + listen %proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; From 510e527fe7bd4a0557b4ed6f60ae6bfd8782fe1e Mon Sep 17 00:00:00 2001 From: noogen Date: Mon, 24 Sep 2018 15:09:57 -0500 Subject: [PATCH 03/11] update doc for #50 --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index b35d887..202c350 100644 --- a/README.md +++ b/README.md @@ -58,9 +58,6 @@ FTP was not installed on purpose because it's not secure. Use SFTP instead on t - [ ] java, dotnet - [ ] openvpn -### known issues -- [ ] MariaDB password is not saved across backup and restore. After you restore, go to VESTA DB admin UI and update the password. - ### your todo - [ ] I recommend the following: From fcecce40edc220a8d57b2ec1304bca291e9a89b3 Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 03:42:25 -0500 Subject: [PATCH 04/11] finally figured out what wrong with php-fpm template --- rootfs/etc/nginx/location_optmz_php.conf | 19 ++++---- rootfs/sysprepz/nginx-templates/php-fpm.stpl | 48 +++++++++----------- rootfs/sysprepz/nginx-templates/php-fpm.tpl | 48 +++++++++----------- 3 files changed, 52 insertions(+), 63 deletions(-) diff --git a/rootfs/etc/nginx/location_optmz_php.conf b/rootfs/etc/nginx/location_optmz_php.conf index 308204b..148021e 100644 --- a/rootfs/etc/nginx/location_optmz_php.conf +++ b/rootfs/etc/nginx/location_optmz_php.conf @@ -1,6 +1,8 @@ -# block access to sensitive files or a file scan - location ~* \.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op]|cgi)$ { +# block access to sensitive file extensions + location ~* \.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op]|cgi|env|yml|example)$ { deny all; + log_not_found off; + access_log off; } # allow but don't log fav icon or robots txt @@ -10,19 +12,18 @@ access_log off; } -# deny access to svn or git files - location ~ /\.(svn|git|ht|hg|bzr)/* { +# Disable .htaccess and other hidden files + location ~ /\.(?!well-known).* { deny all; + access_log off; + log_not_found off; } # deny access to specific folder location ~ /(private|cgi-bin)/* { deny all; - } - -# deny public access to specfic file - location ~* "/\.(htaccess|htpasswd)$" { - deny all; + log_not_found off; + access_log off; } location /nginx_status { diff --git a/rootfs/sysprepz/nginx-templates/php-fpm.stpl b/rootfs/sysprepz/nginx-templates/php-fpm.stpl index d297afa..62aab74 100644 --- a/rootfs/sysprepz/nginx-templates/php-fpm.stpl +++ b/rootfs/sysprepz/nginx-templates/php-fpm.stpl @@ -20,40 +20,34 @@ server { # allow for forcing ssl if necessary include %docroot%/sngin*.conf; - try_files $uri $uri/ /index.php?$query_string; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } + try_files $uri $uri/ /index.php$is_args$args; + } - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } + location ~ \.php$ { + try_files $uri /index.php =404; - if ($http_cookie ~ (comment_author_.*|wordpress_logged_in.*|wp-postpass_.*)) { - set $no_cache 1; - } + if ($http_cookie ~ (comment_author_.*|wordpress_logged_in.*|wp-postpass_.*)) { + set $no_cache 1; + } - include /etc/nginx/fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass app:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; - fastcgi_index index.php; - fastcgi_pass unix:/var/run/vesta-php-fpm-%domain_idn%.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors on; + fastcgi_intercept_errors on; - fastcgi_cache_use_stale error timeout invalid_header http_500; - fastcgi_cache_key $host$request_uri; - fastcgi_cache fpm_%domain%; + fastcgi_cache_use_stale error timeout invalid_header http_500; + fastcgi_cache_key $host$request_uri; + fastcgi_cache fpm_%domain%; - # small amount of cache goes a long way - fastcgi_cache_valid 200 1m; - fastcgi_cache_bypass $no_cache; - fastcgi_no_cache $no_cache; - } + # small amount of cache goes a long way + fastcgi_cache_valid 200 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; } - + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/rootfs/sysprepz/nginx-templates/php-fpm.tpl b/rootfs/sysprepz/nginx-templates/php-fpm.tpl index 35cc8f8..206718d 100644 --- a/rootfs/sysprepz/nginx-templates/php-fpm.tpl +++ b/rootfs/sysprepz/nginx-templates/php-fpm.tpl @@ -17,40 +17,34 @@ server { location / { # allow for forcing ssl if necessary - include %docroot%/ngin*.conf; + include %docroot%/sngin*.conf; - try_files $uri $uri/ /index.php?$query_string; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } + try_files $uri $uri/ /index.php$is_args$args; + } - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } + location ~ \.php$ { + try_files $uri /index.php =404; - if ($http_cookie ~ (comment_author_.*|wordpress_logged_in.*|wp-postpass_.*)) { - set $no_cache 1; - } + if ($http_cookie ~ (comment_author_.*|wordpress_logged_in.*|wp-postpass_.*)) { + set $no_cache 1; + } - include /etc/nginx/fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass app:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; - fastcgi_index index.php; - fastcgi_pass unix:/var/run/vesta-php-fpm-%domain_idn%.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors on; + fastcgi_intercept_errors on; - fastcgi_cache_use_stale error timeout invalid_header http_500; - fastcgi_cache_key $host$request_uri; - fastcgi_cache fpm_%domain%; + fastcgi_cache_use_stale error timeout invalid_header http_500; + fastcgi_cache_key $host$request_uri; + fastcgi_cache fpm_%domain%; - # small amount of cache goes a long way - fastcgi_cache_valid 200 1m; - fastcgi_cache_bypass $no_cache; - fastcgi_no_cache $no_cache; - } + # small amount of cache goes a long way + fastcgi_cache_valid 200 1m; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; } error_page 403 /error/404.html; From 6c54325b069aad8e462a0385a66632a9dd5c8486 Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 04:37:07 -0500 Subject: [PATCH 05/11] oppse copy and paste from another fix --- README.md | 2 +- docker-compose.yml | 10 ++++++++-- rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh | 9 +++++---- rootfs/sysprepz/nginx-templates/php-fpm.stpl | 2 +- rootfs/sysprepz/nginx-templates/php-fpm.tpl | 2 +- 5 files changed, 16 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 202c350..b47b9c3 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ What's included? * ssh/sftp, letsencrypt, memcached, redis, MariaDB 10.2, postgresql 9.6, nodejs 8.x, golang 1.10, openvpn, mongodb, couchdb, .net core 2.0 runtime * folder redirection for data persistence and automatic daily backup provided by VestaCP * DNS, named, dovecot/roundcube, spamassassin, clamav, etc... -- disabled by default -* vesta panel SSL (LE-issued) for mail and control panel - provide $VESTA_DOMAIN environment variable +* vesta panel SSL (LE-issued) for mail and control panel - provide $HOSTNAME environment variable Run this image: ``` diff --git a/docker-compose.yml b/docker-compose.yml index 6d4a0cd..d8537de 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ services: vesta: image: niiknow/vestacp container_name: vesta + hostname: yourcpanelhostname.com volumes: - "/opt/vestacp/backup:/backup" - "/opt/vestacp/vesta:/vesta" @@ -12,7 +13,7 @@ services: - "2222:22" - "80:80" - "443:443" - - "8083:8083" + - "9088:8083" privileged: true ulimits: nproc: 65535 @@ -23,4 +24,9 @@ services: net.core.somaxconn: '511' labels: - "Vesta Control Panel" - restart: unless-stopped + restart: always + +# note, set hostname for auto ssl on the panel +# also note, I set the port to 9088 above on purpose +# if you want, change it back to 8083 +# it help with security to change to a different port diff --git a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh index bd16463..5e5879f 100755 --- a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh +++ b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh @@ -4,11 +4,12 @@ source /etc/container_environment.sh VESTA_PATH='/usr/local/vesta' -domain="$VESTA_DOMAIN" +domain="$HOSTNAME" user='admin' -# only run if domain has a value -if [ -n "$domain" ]; then +# only run if hostname is valid, regex check if it has a period +# default docker installation is some random string +if [[ $domain == *[\.]* ]]; then # too often, user did not setup DNS host to IP correctly, so we should validate first # issue is easier fix by the user than getting blocked by Letsencrypt server @@ -92,5 +93,5 @@ if [ -n "$domain" ]; then echo "[i] Cert file successfullly swapped out. Please restart docker or vesta, apache2, nginx, and exim4." fi else - echo "[i] vesta-auto-ssl exit due to empty VESTA_DOMAIN variable" + echo "[i] vesta-auto-ssl exit due to invalid/default docker hostname: $HOSTNAME" fi \ No newline at end of file diff --git a/rootfs/sysprepz/nginx-templates/php-fpm.stpl b/rootfs/sysprepz/nginx-templates/php-fpm.stpl index 62aab74..2a28aff 100644 --- a/rootfs/sysprepz/nginx-templates/php-fpm.stpl +++ b/rootfs/sysprepz/nginx-templates/php-fpm.stpl @@ -31,7 +31,7 @@ server { } fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass app:9000; + fastcgi_pass unix:/var/run/vesta-php-fpm-%domain_idn%.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; diff --git a/rootfs/sysprepz/nginx-templates/php-fpm.tpl b/rootfs/sysprepz/nginx-templates/php-fpm.tpl index 206718d..6976c7a 100644 --- a/rootfs/sysprepz/nginx-templates/php-fpm.tpl +++ b/rootfs/sysprepz/nginx-templates/php-fpm.tpl @@ -30,7 +30,7 @@ server { } fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass app:9000; + fastcgi_pass unix:/var/run/vesta-php-fpm-%domain_idn%.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; From 1cf87d2196d599199843d86abc2ff3f4b0c831dc Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 04:56:36 -0500 Subject: [PATCH 06/11] house cleaning --- Dockerfile | 2 +- README.md | 6 ++++-- docker-compose.yml | 7 +++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 05b594f..9d52520 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="noogen " ENV DEBIAN_FRONTEND=noninteractive \ VESTA=/usr/local/vesta \ - GOLANG_VERSION=1.10.3 \ + GOLANG_VERSION=1.10.4 \ NGINX_BUILD_DIR=/usr/src/nginx \ NGINX_DEVEL_KIT_VERSION=0.3.0 NGINX_SET_MISC_MODULE_VERSION=0.31 \ NGINX_VERSION=1.14.0 \ diff --git a/README.md b/README.md index b47b9c3..8bac4d7 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ The ultimate control panel with docker (thanks lagun4ik for a great start) What's included? -* ubuntu 16.04 lts + Vesta 0.9.8-22 +* ubuntu 16.04 lts + Vesta 0.9.8-23 * nginx (proxy) -> apache2 -> php-fcgi - high performance and flexible implementation * added ability to also run php-fpm * ssh/sftp, letsencrypt, memcached, redis, MariaDB 10.2, postgresql 9.6, nodejs 8.x, golang 1.10, openvpn, mongodb, couchdb, .net core 2.0 runtime @@ -15,7 +15,7 @@ Run this image: mkdir -p /opt/vestacp/{vesta,home,backup} docker run -d --restart=always \ --p 2222:22 -p 80:80 -p 443:443 -p 3306:3306 -p 5432:5432 -p 8083:8083 \ +-p 2222:22 -p 80:80 -p 443:443 -p 9088:8083 \ -v /opt/vestacp/vesta:/vesta -v /opt/vestacp/home:/home -v /opt/vestacp/backup:/backup \ niiknow/vestacp ``` @@ -71,6 +71,8 @@ If you use this Docker for hosting and allow your user to login, I also recommen Enjoy!!! ## Release Notes +1.3.9 - update to 0.9.8-23, see security bulleton/notice in forum here: https://forum.vestacp.com/viewtopic.php?f=10&t=17795 The panel should have auto-updated, we're just updating the build for new user convenience. + 1.3.6 - update nginx to 1.14 stable release, update dotnet 1.3.5 - update to 0.9.8-22 - REMINDER: if your server has not autoupdate to 0.9.8-22, please do so or update to this release. There is a serious security issue in 0.9.8-20. diff --git a/docker-compose.yml b/docker-compose.yml index d8537de..b983c13 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,7 +26,10 @@ services: - "Vesta Control Panel" restart: always -# note, set hostname for auto ssl on the panel +# Note, set hostname for auto ssl on the panel, it also +# help with valid IP for SMTP email validation among +# other things. +# # also note, I set the port to 9088 above on purpose -# if you want, change it back to 8083 +# You can of course change it back to 8083 # it help with security to change to a different port From e7d8fce771abb42c7b10f7fb697a393f080e65d3 Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 05:19:42 -0500 Subject: [PATCH 07/11] update support message --- Dockerfile | 2 +- README.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9d52520..077d529 100644 --- a/Dockerfile +++ b/Dockerfile @@ -141,7 +141,7 @@ RUN \ # install nodejs, memcached, redis-server, openvpn, mongodb, dotnet-sdk, and couchdb && apt-get install -yf --no-install-recommends nodejs memcached php-memcached redis-server \ - openvpn mongodb-org php-mongodb couchdb dotnet-sdk-2.1.200 \ + openvpn mongodb-org php-mongodb couchdb dotnet-sdk-2.1.403 \ # setting upawscli, golang # awscli diff --git a/README.md b/README.md index 8bac4d7..bcb4b3f 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,8 @@ If you use this Docker for hosting and allow your user to login, I also recommen Enjoy!!! ## Release Notes +*^1.4.0 - in this update, we remove support for php5.6 and 7.0 as it no longer officially support/end of life (EOL) by the end of this year: http://php.net/supported-versions.php There is no excuse, you know this day was coming. ** this is just a preview of upcoming version message/notice** + 1.3.9 - update to 0.9.8-23, see security bulleton/notice in forum here: https://forum.vestacp.com/viewtopic.php?f=10&t=17795 The panel should have auto-updated, we're just updating the build for new user convenience. 1.3.6 - update nginx to 1.14 stable release, update dotnet From c524f9a04ab3f829d63f909584cb7e92c5eb6707 Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 07:45:20 -0500 Subject: [PATCH 08/11] fix auto ssl to support hostname --- rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh | 3 ++- rootfs/sysprepz/admin/bin/vesta-update.sh | 12 ++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh index 5e5879f..9911722 100755 --- a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh +++ b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh @@ -1,10 +1,11 @@ #!/bin/bash +domain="$HOSTNAME" + # get environment variables source /etc/container_environment.sh VESTA_PATH='/usr/local/vesta' -domain="$HOSTNAME" user='admin' # only run if hostname is valid, regex check if it has a period diff --git a/rootfs/sysprepz/admin/bin/vesta-update.sh b/rootfs/sysprepz/admin/bin/vesta-update.sh index 39dd826..fab2bc2 100755 --- a/rootfs/sysprepz/admin/bin/vesta-update.sh +++ b/rootfs/sysprepz/admin/bin/vesta-update.sh @@ -1,20 +1,20 @@ #!/bin/bash # this file is use to update between different # of vesta within this docker panel -rsync --update -raz --progress --exclude 'data' --exclude 'log' --exclude 'conf' --exclude 'nginx' /vesta-start/local/vesta /usr/local/vesta +rsync --update -ahp --progress --exclude 'data' --exclude 'log' --exclude 'conf' --exclude 'nginx' /vesta-start/local/vesta/ /usr/local/vesta/ -rsync --update -raz --progress /vesta-start/local/vesta/data/templates /usr/local/vesta/data/templates +rsync --update -ahp --progress /vesta-start/local/vesta/data/templates/ /usr/local/vesta/data/templates/ -rsync --update -raz --progress --exclude 'conf.d' /vesta-start/etc/nginx /etc/nginx +rsync --update -ahp --progress --exclude 'conf.d' /vesta-start/etc/nginx/ /etc/nginx/ # update php conf rm -rf /vesta/etc/php/* -rsync --update -raz --progress /vesta-start/etc/php/ /vesta/etc/php/ +rsync --update -avhp --progress /vesta-start/etc/php/ /vesta/etc/php/ if [ ! -d "/var/lib/postgresql/9.6/" ]; then echo "[i] add postgresql 9.6" - rsync --update -raz /vesta-start/var/lib/postgresql/9.6/* /vesta/var/lib/postgresql/9.6 - rsync --update -raz /vesta-start/etc/postgresql/9.6/* /vesta/etc/postgresql/9.6 + rsync --update -avhp /vesta-start/var/lib/postgresql/9.6/ /vesta/var/lib/postgresql/9.6/ + rsync --update -avhp /vesta-start/etc/postgresql/9.6/ /vesta/etc/postgresql/9.6/ fi # restart vesta after update From b9da386fa740eac9d4df44323504924d3b5a218c Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 08:01:00 -0500 Subject: [PATCH 09/11] switch to getting installation file directly from github, since vestacp has historically been hacked --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 077d529..6b37bac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -90,7 +90,7 @@ RUN \ cd /tmp \ # begin setup for vesta - && curl -SL https://vestacp.com/pub/vst-install-ubuntu.sh -o /tmp/vst-install-ubuntu.sh \ + && curl -SL https://raw.githubusercontent.com/serghey-rodin/vesta/master/install/vst-install-ubuntu.sh -o /tmp/vst-install-ubuntu.sh \ # put nginx on hold so it doesn't get updates with apt-get upgrade, also remove from vesta apt-get && apt-mark hold nginx postgresql-10 postgresql-client-10 postgresql-doc-10 postgresql-contrib \ From 429f31e4befe0626cddc955ce5eb1235f1543709 Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 08:28:31 -0500 Subject: [PATCH 10/11] dotting the i's --- README.md | 2 ++ rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bcb4b3f..76ba779 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ Enjoy!!! ## Release Notes *^1.4.0 - in this update, we remove support for php5.6 and 7.0 as it no longer officially support/end of life (EOL) by the end of this year: http://php.net/supported-versions.php There is no excuse, you know this day was coming. ** this is just a preview of upcoming version message/notice** +1.3.10 - finalizing stuff to get ready for 1.4.0 + 1.3.9 - update to 0.9.8-23, see security bulleton/notice in forum here: https://forum.vestacp.com/viewtopic.php?f=10&t=17795 The panel should have auto-updated, we're just updating the build for new user convenience. 1.3.6 - update nginx to 1.14 stable release, update dotnet diff --git a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh index 9911722..4e7ca9d 100755 --- a/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh +++ b/rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh @@ -94,5 +94,5 @@ if [[ $domain == *[\.]* ]]; then echo "[i] Cert file successfullly swapped out. Please restart docker or vesta, apache2, nginx, and exim4." fi else - echo "[i] vesta-auto-ssl exit due to invalid/default docker hostname: $HOSTNAME" + echo "[i] vesta-auto-ssl exit due to invalid/default docker hostname: $domain" fi \ No newline at end of file From 8528e24200edf919d902077c319303fef66601b2 Mon Sep 17 00:00:00 2001 From: noogen Date: Fri, 26 Oct 2018 08:31:24 -0500 Subject: [PATCH 11/11] fix build --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6b37bac..2fd0772 100644 --- a/Dockerfile +++ b/Dockerfile @@ -141,7 +141,7 @@ RUN \ # install nodejs, memcached, redis-server, openvpn, mongodb, dotnet-sdk, and couchdb && apt-get install -yf --no-install-recommends nodejs memcached php-memcached redis-server \ - openvpn mongodb-org php-mongodb couchdb dotnet-sdk-2.1.403 \ + openvpn mongodb-org php-mongodb couchdb dotnet-sdk-2.1 \ # setting upawscli, golang # awscli