hestiacp 1.4 released - lots of new features and bug fixes

niceboy

A few days back promising opensource control panel hestiacp 1.4 released

More at..
https://hestiacp.com/

[1.4.1] - Bug fix

Fixed bug with 2FA enabled logins

[1.4.0] - Major Release (Feature / Quality Update)

NOTE: Ubuntu 16.04 (Xenial) is no longer supported as it has reached EOL (end-of-life) status.
NOTE: Apache in "standalone" mode is no longer actively supported and has been removed from installer options. Nginx (Proxy) + Apache2 will remain supported.
NOTE: Custom "quick installer apps" will not work anymore due to changes in how we handle quick installer apps. Minimal changes to the Quick installer apps are required! Please check https://github.com/hestiacp/hestia-quick-install for how to migrate!
NOTE: Manual upgrade scripts are available to update Roundcube, Rainloop and PHPmyadmin to the last version they can be found in /usr/local/hestia/install/upgrade/manual/

Features

Introduced support for NGINX FastCGI cache.
Introduced support for SMTP Relay / smarthosts (server-wide or per-domain).
Introduced the ability to choose which webmail client to use per-domain (Roundcube or Rainloop).
Added support for Rainloop (Run v-add-sys-rainloop to install it)
Added B2 Backup Support for Remote Backup Location - thanks @rez0n!
Added template support for osTicket - thanks @madito!
Packages for phpMyAdmin, Roundcube, and Rainloop will be pulled directly from their upstream source instead of APT for new installations.
Added DNS records view to mail domains which provides DKIM, SPF, and other entries to use with an external provider.
Added an upgrade script to provide in-place upgrades to php7.4 (or any other version).
Added Drupal and Nextcloud quick installer support (Removed placeholder Joomla)
Added a new optional theme "Vestia"
Added a switch to disable the API and also limit the api by default to 127.0.0.1 only. For current installs added the option "allow-all" on default
After first reboot of Hestia will try do 1 attempt to request / generate a valid Lets encrypt certificate
Introduced multiple new security policies via WebUI.
    Allow users to edit Web / Proxy / DNS / Backend templates
    Allow users to edit account details
    Allow suspended users to login with "read-only" access
    Allow users view / delete user history
    Enforce sub domain ownership
    Limit access to admin account when other users have the role "Administrator" assigned to them.
Disable user to login via WebUI / Limit access to WebUI to certain IP address per user.
Discourage websites to be created under "admin" account and redirect users to create new users.
Added support for redirecting to www / non www domains (or custom) #427 / #1638.
Allow users to see failed login attempts on there account.
Introduced support for ARM based systems. Currently the packages are not available via ATP!
Force reboot of system after install

Bugfixes

Fixed an issue where user name was duplicated when editing FTP users. (#1411)
Fixed an issue where the iptables service would appear to be in a stopped state when fail2ban is stopped. (#1374)
Fixed an issue where the default language value was incorrectly set under Server Settings > Configure.
Fixed an issue with the dark theme where available updates were incorrectly displayed.
Fixed an issue where local and FTP backup files were not deleted when running v-delete-user-backup. (#1421)
Fixed an issue where IP addresses could not be deleted. (#1423)
Fixed an issue where v-rebuild-user would incorrectly rebuild domain items in addition to user account configuration.
Fixed an issue which caused a web domain's custom document root value to be lost when restoring from backup.
Fixed an issue which caused a NSPOSIXErrorDomain:100 error when using Safari/iOS (thanks @stsimb).
Fixed an issue where exim ignored the configured mail quota limit.
Fixed an issue where invalid character validation was performed when editing mail auto replies.
Fixed an issue which caused Let's Encrypt to fail when using the Moodle template (thanks @ArturoBlanco).
Fixed an issue where the MySQL wait_timeout value was not saved due to wrong regexp attribute (thanks @guicapanema).
Fixed an issue where nginx web statistics authorization file was placed in the wrong directory.
Fixed several small issues that were reported when using PostgreSQL.
Improved reliability of mail domains and webmail clients.
Improved reliability of service restarts during upgrades.
Improved compatibility with Blesta / WHMCS plugins.
Improved API error handling routines - thanks @danielalexis!
Improved backup performance through the use of multi-threading when creating archives using the zstd compression type.
Improved error handling when creating firewall rules.
Improved handling of suspended users and domains to allow deletion without unsuspension.
Improved dependencies over package control to install lsb-release and zstd.
Improved SFTP connection handling to be case insensitive (thanks @lazzurs).
Improved domain validation to prevent creating subdomains when the top-level domain belongs to another account (thanks @KuJoe and @sickcodes).
Improved IDN domain handling to resolve issues with Let's Encrypt SSL and mail domain services.
Added private folder to openbasedir permissions for all main templates.
Disabled changing backup folder via Web UI because it used symbolic link instead of mount causing issues with restore mail / user files.
Fixed XSS vulnerability in v-add-sys-ip and user history log (thanks @numanturle).
Fixed remote code execution vulnerability which could occur when deleting SSH keys (thanks @numanturle).
Fixed vulnerability in v-update-sys-hestia (thanks @numanturle)
Disabled the Update via WebUI due to timeout issues. Please update via apt update && apt upgrade in command line instead.
Improve how Quick install of web apps are handled and allow users added apps to be maintained in list view.
Fixed an issue where the api was enabled after an update of HestiaCP
Fixed an issue when the default php version got deleted webmail didn't work any more. #1477
Limit access when "demo" mode is enabled.
Fixed an issue where limitations on aliases didn't work propperly
Fixed an issue where "Exit to control pannel" link got changed to "Logout" #1669
Allow packages to be deleted when in use. Current users are changed to "Default" package.
Fixed multiple bugs with in v-restore-users
Redesign statics page
Allow self signed certificates to be created with aliases.
Fixed issue where mail accounts where sorting incorrectly by size #1687
Improve results v-search-command #1703
Merge Codeiginiter / Drupal templates.
Prepare template for FastCGI support an improve security by allowing only .well-known for Let's encrypt requests
Update Cloudflare Ips in nginx.conf
Fixed an issue where emails where send to nobody when connection failed to database #1765
Fixed an issue where no notifications where send on failure and save local backup if remote backup failed.
Fixed an issue where domains containing 2 dots in the top level domain could accidentally got removed #1763
Fixed an issue where www could be created and after delete webmail doesn't work anymore #1746
Standardize headers for upgrade scripts
Improved how we handle custom themes
Refactored HMTL / PHP code WebUI
Updated ClamAV configuration
Fixed issue where file manger key got the wrong permissions
Update version Laveral @mariojgt

amadex1337

It's a very good free panel. But with updates you will get problems, even without custom modifications made by you. But anyways if you know how to fix mess after update, use it. Nice project and nice guys doing their best.

Falzo

@amadex1337 said:
It's a very good free panel. But with updates you will get problems, even without custom modifications made by you. But anyways if you know how to fix mess after update, use it. Nice project and nice guys doing their best.

admittingly true. we test a lot and postpone/delay the update again and again. still we seem to miss out on certain configurations where unexpected issues occur after the update

there are plans to make the update cycle shorter with less changes per update to break less things in the future ;-)

NanoG6

Simple and powerful cp. love it and currently using it with Oracle ARM 👍

surihost

@NanoG6 said:
Simple and powerful cp. love it and currently using it with Oracle ARM 👍

What is the install script for hestiacp with oracle arm ?

NanoG6

@Falzo said:

@NanoG6 said:
@Falzo is there any easy tutorial to install hestiacp on this ARM machine for 10 year old like me?

hmm, I haven't tried myself on any ARM infra yet. (and oracle did never properly send me to psd2 verification with my CC so I gave up on their cloud stuff early)

however as far as I know it is supported, but we have no prebuild packages, so you need to clone and compile yourself...
good starting point for how to do that is reading from here: https://forum.hestiacp.com/t/arm-systems-support/894/16

@surihost

surihost

@NanoG6 said:

@Falzo said:

@NanoG6 said:
@Falzo is there any easy tutorial to install hestiacp on this ARM machine for 10 year old like me?

hmm, I haven't tried myself on any ARM infra yet. (and oracle did never properly send me to psd2 verification with my CC so I gave up on their cloud stuff early)

however as far as I know it is supported, but we have no prebuild packages, so you need to clone and compile yourself...
good starting point for how to do that is reading from here: https://forum.hestiacp.com/t/arm-systems-support/894/16

@surihost

ok nice will try