hestiacp icon indicating copy to clipboard operation
hestiacp copied to clipboard
verified publisher icon hestiacp

[Bug] restic restore builds nginx conf improperly

Open uj opened this issue 11 months ago • 1 comments

Describe the bug

When you run v-restore-user-restic or v-restore-user-full-restic, it breaks the nginx domain conf in the following way:

The correct location line in nginx, which is the default on new domains is: location ~* ^.+\.(css|htm|html|js|mjs|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {

After doing a restic restore, the line is built like this: location ~* ^.+\.(css htm html js mjs json xml apng avif bmp cur gif ico jfif jpg jpeg pjp pjpeg png svg tif tiff webp aac caf flac m4a midi mp3 ogg opus wav 3gp av1 avi m4v mkv mov mpg mpeg mp4 mp4v webm otf ttf woff woff2 doc docx odf odp ods odt pdf ppt pptx rtf txt xls xlsx 7z bz2 gz rar tar tgz zip apk appx bin dmg exe img iso jar msi webmanifest)$ {

Notice that it is missing all of the pipe separator characters.

Tell us how to replicate the bug

Create a new user, then create a new domain. Do a restic snapshot, and then restore that snapshot. Attempt to restart nginx and notice that it complains about a broken config.

Which components are affected by this bug?

(Backend) Web Server (Nginx, Apache2)

Hestia Control Panel Version

1.9.3

Operating system

Debian 12

Log capture

uj avatar May 17 '25 21:05 uj

I found the issue. IFS = ',' is being applied to everything, not just to the domain list. Therefore, the PROXY_EXT list which is also separated by commas, (but is NOT meant to be split up), is being split up and the commas are being removed in that list, causing the pipe separators which are inserted in nginx.conf to be skipped.

Here is the fix:

File: /usr/local/hestia/bin/v-restore-web-domain-restic

Change:

domains=""
parse_object_kv_list $(cat $tmpdir/backup.conf)

IFS=','
read -a domains_array <<< "$web"
read -a domains <<< "$WEB"

for domain in ${domains[@]}; do
	if [[ "${IFS}${domains_array[*]}${IFS}" =~ "${IFS}${domain}${IFS}" || "$web" = '*' ]]; then
		# Cleanup previous domain keys
		unset -v DOMAIN IP IP6 ALIAS TPL SSL SSL_HOME LETSENCRYPT FTP_USER FTP_MD5 BACKEND PROXY PROXY_EXT STATS STATS_USER STATS_CRYPT U_DISK CUSTOM_DOCROOT CUSTOM_PHPROOT
		
		# Checking domain existence
		check_config=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)

to:

domains=""
parse_object_kv_list $(cat $tmpdir/backup.conf)

IFS=','
read -a domains_array <<< "$web"
read -a domains <<< "$WEB"

for domain in ${domains[@]}; do
	IFS=','
	if [[ "${IFS}${domains_array[*]}${IFS}" =~ "${IFS}${domain}${IFS}" || "$web" = '*' ]]; then
		# Cleanup previous domain keys
		unset -v DOMAIN IP IP6 ALIAS TPL SSL SSL_HOME LETSENCRYPT FTP_USER FTP_MD5 BACKEND PROXY PROXY_EXT STATS STATS_USER STATS_CRYPT U_DISK CUSTOM_DOCROOT CUSTOM_PHPROOT
		
		IFS=' '
		
		# Checking domain existence
		check_config=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)

This seems to fix the issue.

Notice that there is another related code change already made here in the code, from the bug report https://github.com/hestiacp/hestiacp/issues/4987

uj avatar May 18 '25 17:05 uj