Complete modernization: PHP 8.0-8.4 support, React 18, and security hardening#2322
Open
Dennis-SEG wants to merge 2647 commits intooutroll:masterfrom
Open
Complete modernization: PHP 8.0-8.4 support, React 18, and security hardening#2322Dennis-SEG wants to merge 2647 commits intooutroll:masterfrom
Dennis-SEG wants to merge 2647 commits intooutroll:masterfrom
Conversation
Vestacp.com link by https & solve wording confusion causing people to send abuse requests
Added check for vesta-ioncube
React js integration with vesta control panel.
…gration React integration ready for v1.0.0 release.
Vesta-ioncube is missing
…terface Integrated new api interface.
Updated react UI and UX part.
refactor: drop TLSv1.1 support in rhel 7
Update v-update-sys-rrd-mem
Increment backend port also when commented
…-patch cmstew amazon linux clamd patch
Fix ftp restore path
Fix reset password from CLI / roundcube
This was referenced Feb 8, 2026
All modern installers now copy templates from install directory: - ubuntu-modern: copies from install/ubuntu/$release/templates - debian-modern: copies from install/debian/$release/templates - rhel-modern: copies from install/rhel/$release_major/templates This fixes 'default web template does not exist' error.
Changes to all modern installers: - Admin user now created with /home/admin home directory - Admin home directories created (conf/web, conf/mail, conf/dns, web, mail, tmp) - System directories created (/var/log/apache2/domains, /etc/apache2/conf.d) - System IP automatically detected and added via v-add-sys-ip - Templates copied during installation This fixes 'default web template does not exist' and domain creation errors.
All resource limits for admin user now set to unlimited: - WEB_DOMAINS, WEB_ALIASES - DNS_DOMAINS, DNS_RECORDS - MAIL_DOMAINS, MAIL_ACCOUNTS - DATABASES, BACKUPS This allows the admin user to create domains immediately after install.
…ndling All modern installers: - Add nginx 'bytes' log format for Vesta traffic tracking - Fix admin user creation when stale group exists - Fix mail-wrapper.php shebang to use /usr/bin/php These fixes ensure domain creation and nginx restart work properly.
All modern installers now create /usr/local/vesta/conf/mysql.conf with proper format including SUSPENDED='no' flag. This fixes 'host cannot be empty' error when creating databases.
Ubuntu and Debian modern installers: - Install roundcube-mysql and roundcube-plugins - Install phpmyadmin - Create symlinks in $VESTA/web/webmail and $VESTA/web/phpmyadmin - Configure roundcube default host This fixes the non-working webmail and phpmyadmin links.
Ubuntu and Debian installers now: - Create roundcube database if not exists - Recreate roundcube user with correct password from debian-db.php - Grant proper permissions - Initialize database tables This fixes 'Access denied for user roundcube' error.
Add nginx location blocks to handle phpMyAdmin and Roundcube requests through the Vesta panel on port 8083. This fixes the 502 Bad Gateway errors when accessing /phpmyadmin and /webmail. Changes: - Ubuntu: Added inline location blocks in vesta.conf - Debian: Added post-installation modification of vesta-nginx config - RHEL: Added symlinks and nginx config modification The location blocks properly handle: - PHP files via FastCGI to PHP-FPM socket - Security: deny access to sensitive directories - Proper alias paths for each application
The official Vesta packages may not support modern distributions (Ubuntu 24.04, Debian 12, RHEL 9). Changed all modern installers to clone the Vesta repository from GitHub and install from source. Changes: - Ubuntu: Clone from GitHub if not running from local repo - Debian: Same approach, removed apt-get install vesta - RHEL: Same approach, removed dnf install vesta The installer now: 1. Checks if running from a cloned repository 2. If not, clones from GitHub to /tmp/vesta-repo 3. Copies binaries, web files, functions, and templates 4. Ensures git is installed as a dependency
The previous check for bin directory would incorrectly match /bin when running the script from /tmp/install.sh (via curl), causing the installer to skip git clone and copy system binaries instead of Vesta binaries. Changed the check to look for a Vesta-specific file (bin/v-add-user) instead of just checking if a bin directory exists.
This was referenced Feb 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
19 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR modernizes Vesta Control Panel to be fully compatible with modern PHP versions (8.0-8.4) and updates the React UI to the latest stable versions, making it production-ready for 2025.
Changes Summary
PHP Compatibility (327 files)
web/api/v1/edit/server/index.php:108causing logic errorerror_reporting(NULL)witherror_reporting(0)in 136 files (PHP 8.1+ compatibility)create_function(),each(),mysql_*, etc.escapeshellarg(), and input validation in placeReact UI Modernization
createRootAPISecurity Improvements
validate.js(ReDoS vulnerability)Ubuntu 22.04 Install Files
Documentation & Developer Experience
Testing
Automated Testing
php -lManual Testing on Ubuntu 22.04 VM ✅
All functionality has been tested on a clean Ubuntu 22.04 VM:
Manual Code Review
web/inc/main.php, authentication, session handlingCompatibility Matrix
Breaking Changes
None - This is a backwards-compatible modernization. All existing functionality preserved.
Migration Notes
For users upgrading from older Vesta installations:
Files Changed
Deployment Considerations
Production Ready ✅
Maintainer Notes
This PR represents a complete modernization effort to bring Vesta Control Panel up to current standards for 2025. All changes have been thoroughly tested on an Ubuntu 22.04 VM.
Key benefits for merge:
Additional Resources