ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-09-08T16:05:45Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3985ISPC support LizardFS quota - Feature Request2020-09-08T16:05:45ZAndyPLISPC support LizardFS quota - Feature RequestCan you add support quota for web pages that are placed on the network file system LizardFS?
Project website: http://www.lizardfs.comCan you add support quota for web pages that are placed on the network file system LizardFS?
Project website: http://www.lizardfs.comhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3956New Turkish language file set (based on p9)2018-12-15T18:14:33ZTill BrehmNew Turkish language file set (based on p9)[tr_p9.lng](/uploads/aab6ac7524fe0a7114984c61ef222107/tr_p9.lng)[tr_p9.lng](/uploads/aab6ac7524fe0a7114984c61ef222107/tr_p9.lng)3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3917Show getmail-configuration status2020-09-08T16:08:03ZEgbertShow getmail-configuration statusThe UI states 'Please check first if email retrieval works, before you activate this option.' without giving any feedback whether the getmail rule works.
The log files are also not very helpful. I defined several getmail rules all at on...The UI states 'Please check first if email retrieval works, before you activate this option.' without giving any feedback whether the getmail rule works.
The log files are also not very helpful. I defined several getmail rules all at once, and got messages in the mail error log like:
May 23 15:55:01 srv getmail: getmailOperationError error (POP error (-ERR Temporary problem, please try again later))
I had to disable them one by one to find out which once was incorrect. It would be very helpful if errors are detected and attributed to the corresponding rule so that it's easier to correct the error.
This is on 3.1b by the way, not sure if it also applied on previous versions.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3828Support H2O webserver2020-09-08T16:07:45ZKaiSupport H2O webserverHi all,
it might be considered an idea to support H2O webserver (Description: http://h2o.examp1e.net/ , Repo: https://github.com/h2o , Benchmarks/Tests: https://calomel.org/h2o.html )
The configuration seems to look somehow similar to n...Hi all,
it might be considered an idea to support H2O webserver (Description: http://h2o.examp1e.net/ , Repo: https://github.com/h2o , Benchmarks/Tests: https://calomel.org/h2o.html )
The configuration seems to look somehow similar to nginx, so what would be a good starting point to support it?
Background: save energy as you need less power to serve stuff to clients, save time and bandwith for everyone.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3801Implement ruby support trough cgi for apache 2.42020-12-26T10:06:01ZTill BrehmImplement ruby support trough cgi for apache 2.4https://www.howtoforge.com/community/threads/ruby-doesnt-execute-and-show-source.72428/#post-341059https://www.howtoforge.com/community/threads/ruby-doesnt-execute-and-show-source.72428/#post-341059https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3798The cookie does not contain the "secure" attribute.2020-06-08T12:35:38ZMiquelThe cookie does not contain the "secure" attribute.I've your last version of ISPCONFIG, and the PCI SCAN show this:
For example: https://web03.efimatica.com:8080/index.php
Threat:
The cookie does not contain the "secure" attribute.
Based on the latest release of the PCI-DSS, th...I've your last version of ISPCONFIG, and the PCI SCAN show this:
For example: https://web03.efimatica.com:8080/index.php
Threat:
The cookie does not contain the "secure" attribute.
Based on the latest release of the PCI-DSS, this vulnerability is a PCI Fail.
PCI-DSSv3.1 requirement 6.5.10 is focused on secure session management, and refers to session cookies needing to have the "secure" attribute set within the Cardholder Data Environment.
Refer to PCI-DSSv3.1 for details.
Impact:
Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.
Solution:
If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS.
Result:
url: https://195.235.59.171:8080/
Payload: N/A
matched: PHPSESSID=l70vt4ik36feakh9liighafkj0; path=/; domain=195.235.59.171https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3788Enable use of wildcards when adding applications to jailkit rules2020-04-04T21:02:34ZNapEnable use of wildcards when adding applications to jailkit rulesFeature request:
Please improve parsing of the input to the Jailkit parameters to allow escaping asterisks, and other wildcards.
Feature request:
Please improve parsing of the input to the Jailkit parameters to allow escaping asterisks, and other wildcards.
https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3781SSL certificate management - prevent pasting encrypted keys2018-12-15T18:14:43ZkolorafaSSL certificate management - prevent pasting encrypted keysOne of user did paste ssl key with passphase resulting in server going down.
It would be nice to prevent server going down because of that.One of user did paste ssl key with passphase resulting in server going down.
It would be nice to prevent server going down because of that.3.1Marius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3780Docker support2018-12-15T18:14:43ZBradley WestonDocker supportJust an idea, would it be good to have an interface to manage docker containers?
Features:
- [ ] Search for Docker images using Docker hub api.
- [ ] Allow to run Docker images, check the Dockerfile to show exposed ports/volumes/env...Just an idea, would it be good to have an interface to manage docker containers?
Features:
- [ ] Search for Docker images using Docker hub api.
- [ ] Allow to run Docker images, check the Dockerfile to show exposed ports/volumes/environment variables.
https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3777Improvements for php-fpm reload code2023-12-03T21:12:17ZTill BrehmImprovements for php-fpm reload codeThank you to Dominik for providing this code.
In der web_module.inc.php gaaaaanz unten vor dem return $retval folgenden Block rein:
// Now test if restart has hung up and do a restart instead of reload
if (($init_script) && ($action =...Thank you to Dominik for providing this code.
In der web_module.inc.php gaaaaanz unten vor dem return $retval folgenden Block rein:
// Now test if restart has hung up and do a restart instead of reload
if (($init_script) && ($action == 'reload') && ($init_script != $conf['init_scripts'].'/'.$web_config['php_fpm_init_script'])) {
$path_parts = pathinfo($init_script);
$childcnt = exec('echo $(pgrep -c -P$(</opt/'.str_replace('-fpm', '', $path_parts['basename']).'/var/run/php-fpm.pid))');
// Count child-process number must be greater than 2
// 2 is the default process child-count (pm.start_servers = 2) -> see php-fpm.conf
// if it is only 2, then restart is also ok, because no webpages on it
if ($childcnt <= 2) {
$initcommand = $app->system->getinitcommand($path_parts['basename'], 'restart', $path_parts['dirname']);
$retval = array('output' => '', 'retval' => 0);
exec($initcommand.' 2>&1', $retval['output'], $retval['retval']);
$app->log("Restarting php-fpm after reload not worked: $initcommand", LOGLEVEL_DEBUG);
}
unset($childcnt);
}
-------------------------------
Außerdem - beim den bisherigen Ausnahmen schlage ich vor die Zeile 261 (master-Stand)
if($action == 'reload') {
mit einem "else" anfangen zu lassen -> sonst läuft es bei ner reload-Action die schon in der ersten If-Abfrage drin war durch den zweiten Block auch noch durch... und das Init-Command im zweiten If sollte so aussehen:
$initcommand = $app->system->getinitcommand($path_parts['basename'], 'restart', $path_parts['dirname']);
weil das was aktuell drin steht startet einfach nur nochmal den System-FPM-Dienst statt dem Versionsspezifischen wofür es eigentlich da sein sollte....Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3773Authorize several secondary dns servers for a customer2018-12-15T18:14:43ZDenis LepesqueurAuthorize several secondary dns servers for a customerIf admin sets several secondary zones on differents secondary dns servers for a customer's domain name, this customer will see all secondary zones but only the line with his default secondary dns server will be correct, for the others th...If admin sets several secondary zones on differents secondary dns servers for a customer's domain name, this customer will see all secondary zones but only the line with his default secondary dns server will be correct, for the others the column server will be empty.
It would be nice to associate several secondary server for a customer instead only one.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3769Configuration improvement suggestion for postfix 2.10+2020-08-27T13:36:15ZEricConfiguration improvement suggestion for postfix 2.10+In http://www.postfix.org/SMTPD_ACCESS_README.html#danger Vietse advises to specify relay policy under smtpd_relay_restrictions and spam blocking policy under smtpd_recipient_restrictions.
Cause: "Then, a permissive spam blocking policy...In http://www.postfix.org/SMTPD_ACCESS_README.html#danger Vietse advises to specify relay policy under smtpd_relay_restrictions and spam blocking policy under smtpd_recipient_restrictions.
Cause: "Then, a permissive spam blocking policy will not result in a permissive mail relay policy."
Current configuration looks like this:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
which seems to be ok, but invites for errors in case of manual reconfiguration.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3756Add support for mod_proxy_fcgi on Debian 82020-12-26T10:06:00ZTill BrehmAdd support for mod_proxy_fcgi on Debian 8https://www.howtoforge.com/community/threads/bug-fix-php-fpm-fastcgi-mod_proxy_fcgi-sockets-not-working-together.72154/https://www.howtoforge.com/community/threads/bug-fix-php-fpm-fastcgi-mod_proxy_fcgi-sockets-not-working-together.72154/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3755Disable SSL fields on SSL tab if Let's Encrypt is enabled2020-08-30T22:29:43ZMarius BurkardDisable SSL fields on SSL tab if Let's Encrypt is enabledAs Let's Encrypt certificate is issued for all domains, alias domains and subdomains, the ssl tab fields are not needed.As Let's Encrypt certificate is issued for all domains, alias domains and subdomains, the ssl tab fields are not needed.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3754Add client limits for Let's Encrypt2018-12-15T18:14:45ZMarius BurkardAdd client limits for Let's EncryptClients should only be able to use this if they are given the limit.Clients should only be able to use this if they are given the limit.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3742Customer change for domain in frontend2018-12-15T18:14:45ZMartin SebaldCustomer change for domain in frontendPlease add the feature which allows an admin to change the customer/user for a domain in the frontend. At the moment this is not possible. I can click on the record and save it, but both fields (domain and customer) are blocked.Please add the feature which allows an admin to change the customer/user for a domain in the frontend. At the moment this is not possible. I can click on the record and save it, but both fields (domain and customer) are blocked.3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3735Add DANE/TLSA support2018-12-15T18:14:45ZMartin SebaldAdd DANE/TLSA supportPlease add support for DANE in Postfix / TLSA records in DNS to ISPConfig. In these days everything against spam should be done. DANE/TLSA is a great effort to achieve this goal.
Here some links with more information:
https://www.p...Please add support for DANE in Postfix / TLSA records in DNS to ISPConfig. In these days everything against spam should be done. DANE/TLSA is a great effort to achieve this goal.
Here some links with more information:
https://www.paranoids.at/ispconfig-tlsa-patch-for-dane-using-postfix/
https://sys4.de/de/blog/2014/05/24/einen-tlsa-record-fuer-dane-mit-bind-9-publizieren/
https://www.kernel-error.de/postfix/postfix-dane-tlsa3.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3730cron tasks / queue slow2020-09-08T16:08:01ZAntalcron tasks / queue slowSometimes changes take up to 2 minutes to run, especially when making a lot of changes.
Maybe it's somehow possible to speed up the tasks queue or make it temporarily do realtime changes? If possible the admin could activate this functi...Sometimes changes take up to 2 minutes to run, especially when making a lot of changes.
Maybe it's somehow possible to speed up the tasks queue or make it temporarily do realtime changes? If possible the admin could activate this function for a couple of minutes/hours when he/she is going to make a lot of changes that need to change fast.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3728client overview2020-06-08T13:14:08ZAntalclient overviewCould you add an overview per client, with all items that the client has configured.
-Domains
-Full DNS records
-All e-mail boxes, forwards, etc
-Websites
-Databases
-Etc.
In the current version it cost a lot of time to gather...Could you add an overview per client, with all items that the client has configured.
-Domains
-Full DNS records
-All e-mail boxes, forwards, etc
-Websites
-Databases
-Etc.
In the current version it cost a lot of time to gather all this information and you'll have to click through a lot of tabs.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3725Change Enable SSL from sites section2020-06-08T13:10:55ZAurel RomanChange Enable SSL from sites sectionhello,
i think is very useful to modify the enable ssl checkbox to something like:
Off - no ssl -> listen only on 80
Only ssl -> ssl ON -> listen only on 443 -> the rediction can be done by adding the server directive (form below) bef...hello,
i think is very useful to modify the enable ssl checkbox to something like:
Off - no ssl -> listen only on 80
Only ssl -> ssl ON -> listen only on 443 -> the rediction can be done by adding the server directive (form below) before the current server used (or create it on a separate vhosts like sitename.80.vhost and sitenam.443.vhost)
Both -> ssl on -> listen on both 80 and 443
redirect from 80 to 443 on nginx
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}