ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2021-03-31T19:48:39Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6098PowerDNS of Debian Buster not working with Ispconfig >=3.2.22021-03-31T19:48:39ZThomas BaslerPowerDNS of Debian Buster not working with Ispconfig >=3.2.2When running powerdns with the ispconfig >= 3.2.2 it throws several sql errors. The provided schema seems to be a little bit outdated. Had to apply the following patch:
```diff
diff --git a/install/sql/powerdns.sql b/install/sql/powerd...When running powerdns with the ispconfig >= 3.2.2 it throws several sql errors. The provided schema seems to be a little bit outdated. Had to apply the following patch:
```diff
diff --git a/install/sql/powerdns.sql b/install/sql/powerdns.sql
index c9bf8280..780cbbdc 100644
--- a/install/sql/powerdns.sql
+++ b/install/sql/powerdns.sql
@@ -20,6 +20,8 @@ CREATE TABLE IF NOT EXISTS `records` (
`ttl` int(11) default NULL,
`prio` int(11) default NULL,
`change_date` int(11) default NULL,
+ `disabled` tinyint(1) default 0,
+ `auth` tinyint(1) default 1,
`ispconfig_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `rec_name_index` (`name`),
@@ -32,3 +34,11 @@ CREATE TABLE IF NOT EXISTS `supermasters` (
`nameserver` varchar(255) NOT NULL,
`account` varchar(40) default NULL
) ENGINE=InnoDB;
+
+CREATE TABLE IF NOT EXISTS `domainmetadata` (
+ `id` int auto_increment,
+ `domain_id` int NOT NULL,
+ `kind` varchar(32),
+ `content` TEXT,
+ PRIMARY KEY (`id`)
+) Engine=InnoDB;
```3.2.4Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6099standard_index.html is not in DirectoryIndex list2021-03-25T21:14:18ZLonny Rollinsstandard_index.html is not in DirectoryIndex list## short description
Received a 403:Forbidden when new sites are added
## correct behaviour
standard_index.html should be shown
## environment
Server OS: Fresh install of debian
Server OS version: buster
ISPConfig version: 3.2.3
## pr...## short description
Received a 403:Forbidden when new sites are added
## correct behaviour
standard_index.html should be shown
## environment
Server OS: Fresh install of debian
Server OS version: buster
ISPConfig version: 3.2.3
## proposed fix
Append `standard_index.html` to DirectoryIndex in `/etc/apache2/mods-available/dir.conf`
```
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm standard_index.html
```
## log entries
```
AH01276: Cannot serve directory /var/www/clients/client1/web1/web/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
```3.2.4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6103Broken plugin because ISPConfig apps repo is removed2021-03-25T21:12:39ZThomBroken plugin because ISPConfig apps repo is removedNow logs a error every minute to the cron.logNow logs a error every minute to the cron.log3.2.4ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6106site-enable symlink always created2021-03-25T21:17:15ZLonny Rollinssite-enable symlink always created## short description
The if statement that decides when a link should be created in `make_acme_vhost()` is malformed so is always true
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.2.3
## proposed fix...## short description
The if statement that decides when a link should be created in `make_acme_vhost()` is malformed so is always true
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.2.3
## proposed fix
Currently, the last lines in `make_acme_vhost()` in `install/lib/installer_base.php` (line 2775 of commit c40198b1) are
```
if(!@is_link($vhost_conf_enabled_dir.'' . $use_symlink)) {
symlink($vhost_conf_dir.'/' . $use_name, $vhost_conf_enabled_dir.'/' . $use_symlink);
}
```
I believe they should be
```
if(!@is_link($vhost_conf_enabled_dir.'/' . $use_symlink)) {
symlink($vhost_conf_dir.'/' . $use_name, $vhost_conf_enabled_dir.'/' . $use_symlink);
}
```3.2.4Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6108One letter domains in DNS filtered out by regex2021-08-17T22:53:31ZSascha BörnerOne letter domains in DNS filtered out by regexCan't use one letter domains (yes, they exist!) in the DNS module with ISPConfig 3.2.3 due to regex wanting at least 2 chars. Patch attached.
[ispconfig-dns-patch.txt](/uploads/40109bcf208c1cba83171f32ddf16a24/ispconfig-dns-patch.txt)Can't use one letter domains (yes, they exist!) in the DNS module with ISPConfig 3.2.3 due to regex wanting at least 2 chars. Patch attached.
[ispconfig-dns-patch.txt](/uploads/40109bcf208c1cba83171f32ddf16a24/ispconfig-dns-patch.txt)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6109rspamd .inc.ispc naming inconsistency2021-03-25T21:17:15ZJesse Norellrspamd .inc.ispc naming inconsistencyA few rspamd local.d/maps.d/ templates are included via names of *.inc.ispc, but actually created with only *.inc (so they won't match/be used).A few rspamd local.d/maps.d/ templates are included via names of *.inc.ispc, but actually created with only *.inc (so they won't match/be used).3.2.4Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6111rspamd spamfilter write loop for alias domain2021-03-31T22:56:28ZJesse Norellrspamd spamfilter write loop for alias domainThere is an issue in 3.2.3 where server.php is stuck in a loop repeatedly creating a spamfilter file for an alias domain, which never completes.
To reproduce:
1. create a normal mail domain domainA.com with a spamfilter policy set
2. c...There is an issue in 3.2.3 where server.php is stuck in a loop repeatedly creating a spamfilter file for an alias domain, which never completes.
To reproduce:
1. create a normal mail domain domainA.com with a spamfilter policy set
2. create an mail domain alias domainB.com to domainA.com, and do not set a spamfilter policy in domainB.com
The next run of server.sh will result in server.php looping. (Alternately, with the above scenario, edit the spamfilter policy of domainA.com so all entities with that filter are rewritten, and it will loop when it gets to domainB.com.)3.2.4Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6118disable 'enable receiving' does not work2021-03-25T21:17:16ZJesse Norelldisable 'enable receiving' does not workLooks like the 'Enable Receiving' mailbox setting does not work, mail is received for a mailbox whether that is enabled or not.
https://www.howtoforge.com/community/threads/send-error-when-receive-is-disabled.86508/#post-420101Looks like the 'Enable Receiving' mailbox setting does not work, mail is received for a mailbox whether that is enabled or not.
https://www.howtoforge.com/community/threads/send-error-when-receive-is-disabled.86508/#post-4201013.2.4Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6119umask in updater (bad /etc/rspamd/local.d/maps.d/ permission)2021-03-25T21:17:16ZJesse Norellumask in updater (bad /etc/rspamd/local.d/maps.d/ permission)The umask set when running updates seems to cause /etc/rspamd/local.d/maps.d/ to have too restrictive of permissions. At minimum that directory mode needs set, possibly look at other file/directory creations as well.
https://www.howtof...The umask set when running updates seems to cause /etc/rspamd/local.d/maps.d/ to have too restrictive of permissions. At minimum that directory mode needs set, possibly look at other file/directory creations as well.
https://www.howtoforge.com/community/threads/solved-rspamd-errors.86592/3.2.4Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6121acme.sh fails when self-signed certificates already exist for ISPConfig web i...2021-08-31T09:14:28ZDragan Savicacme.sh fails when self-signed certificates already exist for ISPConfig web interface## short description
Creating LE cert with acme.sh when running `ispconfig_update.sh` or `ispconfig_update.sh --force` fails with `Verify error.....Timeout during connect (likely firewall problem)` error message.
Issue happens only if s...## short description
Creating LE cert with acme.sh when running `ispconfig_update.sh` or `ispconfig_update.sh --force` fails with `Verify error.....Timeout during connect (likely firewall problem)` error message.
Issue happens only if server already has self-signed certs created for ISPConfig web interface. During acme.sh domain verification stage, apache fails to start because it can't load SSL cert files.
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.2.3
```
apachectl -v
Server version: Apache/2.4.38 (Debian)
Server built: 2020-08-25T20:08:29
```
## proposed fix
Workaround that worked for me was to replace the following `rename` functions with `copy` in `installer_base.lib.php` (from `ISPConfig-3.2.3.tar.gz`), but maybe it's not a valid solution.
```
...
$issued_successfully = false;
// Backup existing ispserver ssl files
if(file_exists($ssl_crt_file) || is_link($ssl_crt_file)) {
--- rename($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
+++ copy($ssl_crt_file, $ssl_crt_file . '-temporary.bak');
}
if(file_exists($ssl_key_file) || is_link($ssl_key_file)) {
--- rename($ssl_key_file, $ssl_key_file . '-temporary.bak');
+++ copy($ssl_key_file, $ssl_key_file . '-temporary.bak');
}
if(file_exists($ssl_pem_file) || is_link($ssl_pem_file)) {
--- rename($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
+++ copy($ssl_pem_file, $ssl_pem_file . '-temporary.bak');
}
// Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
if (is_executable($acme)) {
...
```
Second workaround that worked was to delete all files from `/usr/local/ispconfig/interface/ssl/`, comment out all SSL lines in `apps.vhost`, `ispconfig.conf` and `ispconfig.vhost`, and after that run `ispconfig_update.sh --force` again.
## references
https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6015#note_91609
## log entries
Apache logs during `acme.sh` domain verification stage.
```
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost:
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty
Mar 22 17:28:51 gagi-ispc.nc-cloud.com apachectl[8232]: Action 'stop' failed.
```3.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6123dovecot: earlier 99-ispconfig-custom-config.conf inclusion2021-03-25T21:17:16ZJesse Norelldovecot: earlier 99-ispconfig-custom-config.conf inclusionThe recent inclusion of 99-ispconfig-custom-config.conf (dovecot_custom.conf.master template) needs to happen earlier to allow global settings to be affected. Eg. I have "mail_plugins = $mail_plugins acl" on line 59, which produces erro...The recent inclusion of 99-ispconfig-custom-config.conf (dovecot_custom.conf.master template) needs to happen earlier to allow global settings to be affected. Eg. I have "mail_plugins = $mail_plugins acl" on line 59, which produces error:
```
dovecot: config: Warning: /etc/dovecot/conf.d/99-ispconfig-custom-config.conf line 59: Global setting mail_plugins won't change the setting inside an earlier filter at /etc/dovecot/dovecot.conf line 70 (if this is intentional, avoid this warning by moving the global setting before /etc/dovecot/dovecot.conf line 70)
```
See https://www.howtoforge.com/community/threads/new-handling-for-custom-postfix-and-dovecot-config-questions-remarks.86654/3.2.4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6124jailkit cron: set group on home dir2021-03-25T21:17:16ZJesse Norelljailkit cron: set group on home dirWhen creating a jailkit cron job (without shell user present) the web user's home directory inside the jail does not have the group set, causing jk_chrootsh to error/abort.
https://www.howtoforge.com/community/threads/jailkit-chroot-cro...When creating a jailkit cron job (without shell user present) the web user's home directory inside the jail does not have the group set, causing jk_chrootsh to error/abort.
https://www.howtoforge.com/community/threads/jailkit-chroot-cron-not-working.86663/3.2.4Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6127nginx ispconfig.vhost/apps.vhost http2 parameter incorrect behavior after update2021-03-30T07:54:55ZMichal Sotolarnginx ispconfig.vhost/apps.vhost http2 parameter incorrect behavior after update## short description
After 21db72aa ispconfig.vhost (and apps.vhost) listen directives have http2 parameter even without SSL enabled: ERR_INVALID_RESPONSE in browser after update ISPConfig.
Reproducible using nginx proxy redirect featur...## short description
After 21db72aa ispconfig.vhost (and apps.vhost) listen directives have http2 parameter even without SSL enabled: ERR_INVALID_RESPONSE in browser after update ISPConfig.
Reproducible using nginx proxy redirect feature to access interface and apps (no need to enable SSL internally).
## correct behaviour
The parameter can be added only with SSL enabled (optional in nginx_apps.vhost.master and nginx_ispconfig.vhost.master).
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.2.3
If it might be related to the problem
```
nginx version: nginx/1.14.2
```
## log entries
```
2021/03/26 11:39:16 [error] 16210#16210: *60614 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: ***, server: ***, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8080/", host: "***"
```3.2.4ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6128rspamd not populating2021-06-07T15:05:13ZSteffan Noordrspamd not populatingHello,
In the ispconfig version 3.2.3 (multi setup, mailserver centos 7)
the whitelist settings are saved to the server.
But it is only working after manualty doing a rspamd reload
looks like a bug to me?Hello,
In the ispconfig version 3.2.3 (multi setup, mailserver centos 7)
the whitelist settings are saved to the server.
But it is only working after manualty doing a rspamd reload
looks like a bug to me?3.2.5Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6134Acme.sh switching to ZeroSSL by default -> should be set to Let's Encrypt2021-06-22T17:03:09ZThomAcme.sh switching to ZeroSSL by default -> should be set to Let's Encrypt<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
The acme.sh script will use ZeroSSL as default CA for new certificates starting August 1 2021.
See https://community.letsencrypt.org/t/the-acme-sh-will-change-default-ca-to-zerossl-on-august-1st-2021/144052
We should stick to Let's Encrypt, so we need to set this as hard default for acme.sh
## Proposed fix
Set the default CA for acme.sh to Let's Encrypt on install and also for existing users. While doing this, maybe we could set acme.sh to be auto updating aswell?
To set the default, this should be run: \
`acme.sh --set-default-ca --server letsencrypt` \
To update acme.sh and enable auto updating: \
`acme.sh --upgrade --auto-upgrade`3.2.4Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6138SSHFP record populated twice with same data2021-04-09T12:33:40ZJacco van KollSSHFP record populated twice with same dataUsed software:
ISPConfig 3.2.4 (also had this issue with 3.2.3)
Ubuntu 20.04
Bind9 1:9.16.1-0ubuntu2.7
MariaDB 1:10.3.25-0ubuntu0.20.04.1
Trying to create an SSHFP record in the interface:
![image](/uploads/aef3ca6e64ae946a1d6fea77f05...Used software:
ISPConfig 3.2.4 (also had this issue with 3.2.3)
Ubuntu 20.04
Bind9 1:9.16.1-0ubuntu2.7
MariaDB 1:10.3.25-0ubuntu0.20.04.1
Trying to create an SSHFP record in the interface:
![image](/uploads/aef3ca6e64ae946a1d6fea77f05fbb2a/image.png)
Creates:
`vps.haringstad.com. 3600 SSHFP 4 2 1a94d00d302e06765e35c60b3f1ca8e5c42e965a5bd6b7d57457915f3637d0ed 4 2 1a94d00d302e06765e35c60b3f1ca8e5c42e965a5bd6b7d57457915f3637d0ed`
And makes the `pri.haringstad.com.err` appear.3.2.5ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6141Conf-custom for postfix and dovecot not working on CentOS (using fedora dist ...2021-04-25T15:29:01ZThomConf-custom for postfix and dovecot not working on CentOS (using fedora dist script)<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
Custom config is not used as the fedora dist script has it's own `configure_dovecot` and `configure_postfix` function
## Steps to reproduce
1. Create custom config for dovecot/postfix
2. Run a update and reconfigure services
3. Custom config is not used.
## Correct behaviour
<!-- What should happen instead? -->
Custom config should be used.
## Environment
Server OS + version: CentOS 7.9 \
ISPConfig version: 3.2.3+
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
## Proposed fix
Either remove the functions from fedora (if possible) or add the functions for custom config.
## References
https://www.howtoforge.com/community/threads/custom-config-not-working.86714/3.2.5ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6144Nginx subdomain does not work2021-08-13T18:59:25ZThomNginx subdomain does not work<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
When creating a subdomain on a nginx host, you get this error when visiting it: `direct access directory forbidden`
## Steps to reproduce
1. Create a subdomain on a nginx host
2. Visit the newly created subdomain
## Correct behaviour
<!-- What should happen instead? -->
The site should show up.
## Environment
ISPConfig version: 3.2.4
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
## Proposed fix
Change $1 to $2 in the nginx vhost template (See https://git.ispconfig.org/ispconfig/ispconfig3/-/commit/acfb1ace2b5ab9cd0e614e01651380d66bc68837#3082c2490148291aa258a409f8d866a767068e48 )
## References
https://www.howtoforge.com/community/threads/subdomain-doesnt-work-anymore.86746/3.2.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6145Disabling spamfilter for domain does not disable it for inherited mailboxes (...2021-08-17T22:58:36ZThomDisabling spamfilter for domain does not disable it for inherited mailboxes (rspamd)<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
When setting "- not enabled -" as spamfilter policy for a domain, all mailboxes with "- inherit domain setting" will keep their current configuration. So the spamfilter for them is still enabled.
The config files for those mailboxes are not updated when the policy is updated, because according to the database there would be no file for them.
## Steps to reproduce
1. Create a domain with a spamfilter enabled.
2. Create a mailbox for this domain that inherits the spamfilter setting
3. Disable the spamfilter for the domain
## Correct behaviour
<!-- What should happen instead? -->
The config file should be removed or set to allow everything?
## Environment
Server OS + version: Debian 10 \
ISPConfig version: 3.2.4
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
Rspamd daemon version 2.73.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6146move to junk misfires because it is case-insensitive2021-04-09T08:54:17ZJesse Norellmove to junk misfires because it is case-insensitiveThe move to junk sieve rule is case insensitive by default, so instead of only matching 'Yes' in X-Spam-Status, it also matches 'BAYES_' and will misfire.
https://www.howtoforge.com/community/threads/change-to-sieve_filter-master-templa...The move to junk sieve rule is case insensitive by default, so instead of only matching 'Yes' in X-Spam-Status, it also matches 'BAYES_' and will misfire.
https://www.howtoforge.com/community/threads/change-to-sieve_filter-master-template-causes-all-mail-moved-to-junk.86744/3.2.5Jesse NorellJesse Norell