ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-06-08T13:25:41Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4073need placeholders for Webmail (and PHPMyAdmin) URL2020-06-08T13:25:41ZJesse Norellneed placeholders for Webmail (and PHPMyAdmin) URLFor proper configuration of (some) multiple server setups there needs to be some more placeholders in the Webmail URL particularly. I will have multiple web servers separate from email servers, and there is no way to set the Webmail URL...For proper configuration of (some) multiple server setups there needs to be some more placeholders in the Webmail URL particularly. I will have multiple web servers separate from email servers, and there is no way to set the Webmail URL to a website's own server.
Eg. in PHPMyAdmin I use https://[SERVERNAME]/phpmyadmin and it redirects to the webserver's hostname and works. But I enter https://[SERVERNAME]/webmail for the Webmail URL and it redirects to the mail server's hostname and fails (as there's no web server there).
I need a placeholder for either the webserver of a domain or at least the domain name itself. Maybe preserve existing behavior for SERVERNAME, then add a DOMAIN placeholder (current domain for PHPMyAdmin, or right-hand side of email address for Webmail), and if possible also a WEBSERVER, MAILSERVER and DATABASESERVER?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4034Automated copy of backups to remote location FTP(FXD)/Cloud2020-08-25T10:14:42ZMicha CassolaAutomated copy of backups to remote location FTP(FXD)/CloudI would like to request a new feature as mentioned in the head line.I would like to request a new feature as mentioned in the head line.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4024manage TLSA records2023-08-15T21:28:41ZJesse Norellmanage TLSA recordsFeature Request:
A nice augment to managing letsencrypt certificates would be to automatically setup the TLSA record in DNS; it would be impractical to use TLSA otherwise. This can also be done for non-letsencrypt certificates, of cour...Feature Request:
A nice augment to managing letsencrypt certificates would be to automatically setup the TLSA record in DNS; it would be impractical to use TLSA otherwise. This can also be done for non-letsencrypt certificates, of course.
Example command to generate the TLSA record:
```
# domain=domain.com
# openssl x509 -noout -fingerprint -sha256 < /etc/letsencrypt/live/${domain}/cert.pem | sed -e s/://g -e "s/.*=/_443._tcp.${domain}. 1800 IN TLSA 3 0 1 /"
_443._tcp.domain.com. 1800 IN TLSA 3 0 1 C2C7CE93AC8716A8550EF1D3856C669B45456CF2204C081AB8F52DCC230D0031
```
Then import that into a DNS record.
The only(?) remaining issue is handling certificate rollover, which is done by having multiple TLSA records for the old and new certificates. When adding a TLSA record, first determine the certificate's expiry date and add a little time to that (24 hours?), save that timestamp somewhere (new expire/remove date field in db table?), and run a little cleanup routine that removes old TLSA records that have expired.
Certificate expiry date is gotten with:
```
# openssl x509 -noout -enddate < /etc/letsencrypt/live/${domain}/cert.pem
notAfter=Oct 2 05:04:00 2016 GMT
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4021Webalizer GeoIP disabled2017-08-10T20:10:44ZSteffen NielsenWebalizer GeoIP disabledThe parameters GeoIP and GeoIPDatabase seems to be disabled for all sites that enables webalizer which results in a useless pie chart showing 100% unknown locations. Simply enabling those two parameters within /var/www/domain/log/webaliz...The parameters GeoIP and GeoIPDatabase seems to be disabled for all sites that enables webalizer which results in a useless pie chart showing 100% unknown locations. Simply enabling those two parameters within /var/www/domain/log/webalizer.conf enables geolocation statistics for that website.
[geo-chart](/uploads/bc4bbf7961b477fa01782af2ee750169/geo-chart.png).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3952specify ip address should be wildcard only2020-05-09T04:33:00ZJesse Norellspecify ip address should be wildcard onlyFeature request: add a checkbox to each ip address under System > Server IP Addresses to specify that this ip address should never be used in web server configs, but always use `*` when this ip address is selected.
This would help wi...Feature request: add a checkbox to each ip address under System > Server IP Addresses to specify that this ip address should never be used in web server configs, but always use `*` when this ip address is selected.
This would help with and often eliminate the common problems when mixing ip/wildcard settings in sites.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3940Add SFTP (via SSH) as (better) alternative to FTP(S) Users2021-09-28T16:32:10ZJens GrohAdd SFTP (via SSH) as (better) alternative to FTP(S) UsersAdd the Option to create an SFTP User instead of having to run pure-ftpd and use this age-old protocol. FTP/S is an OK'ish workaround for secure transmission of data, but having the option to use SFTP for file transfer uploads would be m...Add the Option to create an SFTP User instead of having to run pure-ftpd and use this age-old protocol. FTP/S is an OK'ish workaround for secure transmission of data, but having the option to use SFTP for file transfer uploads would be much better.
SFTP could be used via an addition to the OpenSSH server configuration by adding an option set for a specific group or groups (e.g. sftponly) to force those upload account to only be used for SFTP and not provide a login shell.
As the "webXY" users already exist and point to a directory (/var/www/clients/clientXX/webXY) that is owned by root:root, the requirements for SFTP chrooting are already given. Those SFTP accounts could be created just like the Shell Users function with the exceptions given above.
The following snippet would provide a safe chroot environment
# SFTP Only Users
Match Group sftponly
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory %h
ForceCommand internal-sftp
A user (e.g. sftp19_webspace) would just get its homedir (e.g. /var/www/clients/client5/web19) without providing a shell (in /etc/passwd) and would get sftp-only as group so to force the chroot active.
Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3904Systemstatus / Servermonitoring for general availability in Multiserversetup2020-10-21T21:29:35ZSimone-AliciaSystemstatus / Servermonitoring for general availability in MultiserversetupAt the moment the Systemstatus / Servermonitor shows a "green lable", also if a server in a multiserver setup is completely down / not available.
Please add a function, that the master-server look for the last timestamp from note-serve...At the moment the Systemstatus / Servermonitor shows a "green lable", also if a server in a multiserver setup is completely down / not available.
Please add a function, that the master-server look for the last timestamp from note-servers or the master-server should ping the node-servers in every master-cronjob to verify if the nodes are alive.
as it is now, i think it is a dangerous miss information, because the Panel shows green, even though the server is down.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3890User friendliness: domainbased approach2020-06-14T21:24:30ZEgbertUser friendliness: domainbased approachNot sure if this is somewhere to be found already. I couldn't find other issues, but also couldn't come up with proper terms of what I'm trying to say. So I'm sorry if I'm partially or completely duplicating another request / issue.
I...Not sure if this is somewhere to be found already. I couldn't find other issues, but also couldn't come up with proper terms of what I'm trying to say. So I'm sorry if I'm partially or completely duplicating another request / issue.
I really love ISPConfig, but being the admin it all makes sense to me, and technically I could do all configuration manually. However, the feedback I get from all my clients is that they find the ISPConfig panel confusing because of the apparent separation of all things while they shouldn't be separate, combined with a lot of settings that they do not understand.
For each of them, their domain name or domain names are the basic building blocks of the ISPConfig panel. What they'd like to see is create a tree like structure:
Domain example.com
* email configuration for example.com
* dns-configuration for example.com
* database configuration for example.com
* SSL-certificate generation for example.com
* hosting-configuration for example.com
** creation of subdomains for example.com
It would be cool if you could have a single summary page for any of your domain names, and have checkboxes or something to enable/disable DNS (defaults?), email, hosting and databases for this domain, where defaults should be the starting point. With this I mean that if you enable a server it should just accept defaults and allow changing later, rather than presenting a form full of, to the average user, confusing questions and options. Automatic creation of databases with names based on the customer username and/or the domain name would also be cool.
Preferable, the admin should be able to configure default services to be enabled for a new domain, so that when you create a new domain, DNS, hosting and e-mail are enabled by default, for example.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3875Limit number of mails sent by user per hour/day2020-10-07T07:58:10Zm4recekLimit number of mails sent by user per hour/dayHi,
our mail server was added to various spam databases because one client with smtp access got a virus and started sending large amout of emails.
It would be nice to have a quota for maximum emails sent per hour or day. May be jus...Hi,
our mail server was added to various spam databases because one client with smtp access got a virus and started sending large amout of emails.
It would be nice to have a quota for maximum emails sent per hour or day. May be just a soft one with account breaching quota reported to server administrator.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3818Implement trusted hostname for web panel ( ? )2020-09-15T15:40:09ZNick AndriopoulosImplement trusted hostname for web panel ( ? )Currently (`3.0.5.4p9`), at least when Apache is used, the ISPConfig panel is accessible on the port defined during installation, regardless of the hostname even if one is provided during install.
As an example, if I ask the install...Currently (`3.0.5.4p9`), at least when Apache is used, the ISPConfig panel is accessible on the port defined during installation, regardless of the hostname even if one is provided during install.
As an example, if I ask the installer to have SSL enabled for the `example.com` domain on port `8080`, my panel is accessible at `https://example.com:8080` .
When clients are hosted on the same IP, `https://clientdomain.com:8080` will also take them to the panel page. I am uncertain whether this is a desired behavior, but my personal preference would be to have the option to limit ISPConfig panel access to the FQDN defined in the installer script.
It is trivial to fix (I currently patch it), by changing the generated ispconfig.vhost so that the
<VirtualHost _default_:8080>
line is replaced by a simple virtualhost that produces a 404, and the actual configuration resides in a virtualhost with the proper FQDN:
<VirtualHost _default_:8080>
DocumentRoot "/var/sample/404"
</VirtualHost>
<VirtualHost *:8080>
ServerName myfqdn.com
`_default_:8080` Virtualhost produces a 404, and include all the configuration on a <FQDN>:8080 virtualhost
I am uncertain whether this would be of general use, however it is standard practice for my servers, and was wondering if it is something that others might find useful as well.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3815Domain Limit Module Optimizations2020-07-22T20:49:44ZarrakenDomain Limit Module OptimizationsEnabling the "domain limits" option in ISPConfig leads to some issues and inconsistencies in the handling of subdomains which I want to address in this feature request:
## Problems:
- Clients cannot create "real/standalone" websites ...Enabling the "domain limits" option in ISPConfig leads to some issues and inconsistencies in the handling of subdomains which I want to address in this feature request:
## Problems:
- Clients cannot create "real/standalone" websites for freely chosen subdomains, and they also cannot create aliasdomains for freely chosen subdomains. The admin would have to assign each subdomain to the client manually. I think this is a real showstopper for companies with many clients, and quite "anit automation". The client has to contact the admin (if he even is aware of the option), and the admin has to quickly respond. Not a really smooth workflow.
- The client can still create subdomains via the "Subdomain" and "Subdomain (vHost)" options. This makes the domain limits function a bit inconsistent, because clients can "partially" work with subdomains. So as an admin, you can't really stop them from creating subdomains, but they can still not fully use them (e.g. real/standalone websites, aliasdomains).
- Until now (without the domain limits enabled) we encouraged users to create subdomains as real/standalone websites if they are not tightly linked to the website of the root domain, because it leads to a cleaner and more logical separation, and it also allows them to individually backup/restore said websites. This is not possible at the moment, and the workaround with Subdomain (vHost) websites doesn't lead to a clean separation of websites.
## Possible Solution
- In the "create new wesite" and "create new aliasdomain" forms, add an (optional) freetext-field "Host" or "Subdomain", just like in the "create new subdomain" form. That way, users can create subdomain-websites and subdomain-aliaswebsites, but only for the domains which were assigned to them, which is the ideal usecase of the domain limit module in my opinion.
https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3805Replace/cleanup DNS hostname validators2020-09-07T13:10:55ZDavid KreitschmannReplace/cleanup DNS hostname validatorsI noticed that the validators for DNS entries are different for most forms. Sometimes * is allowed, sometimes _, sometimes none. Often it can result in invalid entries: _ is only allowed at the beginning, - only in the middle of a label....I noticed that the validators for DNS entries are different for most forms. Sometimes * is allowed, sometimes _, sometimes none. Often it can result in invalid entries: _ is only allowed at the beginning, - only in the middle of a label.
I think this should be a good validator:
```
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^(\*|(\*\.)?_?([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\._?([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*\.?)$/',
',
'errmsg'=> 'name_error_regex'),
```
It allows corner cases, e.g.:
*
*._asdf._asdf (currently not possible for TXT)
asdf.example.com.
but disallows the following invalid records which can currently be entered e.g.:
-asdf
asd_f
asdf*3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3804disable modification of /etc/fstab2019-05-22T15:08:23ZRobert Vergedisable modification of /etc/fstabProvide option to disable modification of /etc/fstabProvide option to disable modification of /etc/fstabhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3794Dovecot SNI support2021-06-25T08:17:14ZNapDovecot SNI supportWith Lets Encrypt, it would be nice to incorporate Dovecot SNI configuration through ISPConfig.
Send and Receive works with my installation across a number of domains when using Outlook 2007 and iPhone4 (iOS7).
My iPhone complains abou...With Lets Encrypt, it would be nice to incorporate Dovecot SNI configuration through ISPConfig.
Send and Receive works with my installation across a number of domains when using Outlook 2007 and iPhone4 (iOS7).
My iPhone complains about the LE certificate, but after accepting it, all mail functions work fine.
My VPS system:
(Ubuntu 14.04 LTS, Kernel 3.15.4-x86_64, Apache 2.4.7, MariaDB Server 5.5.40, MariaDB Client 5.5.41, PHP 5.5.9, ISPConfig 3.0.5.4p8, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, amavis, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3782Drop ?> in just PHP files.2020-08-31T14:20:03ZBradley WestonDrop ?> in just PHP files.How do you guys feel about this. https://pear.php.net/manual/en/standards.tags.php#2203
Could also start using PSR-2, then you can have static analysis tests from `php-cs-fixer` which I'd be more then happy to make a PR for.How do you guys feel about this. https://pear.php.net/manual/en/standards.tags.php#2203
Could also start using PSR-2, then you can have static analysis tests from `php-cs-fixer` which I'd be more then happy to make a PR for.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3771AWS Route532020-08-28T16:09:21ZRyan AWS Route53I know there has been previous requests before, but nothing really became of it.
At the moment i used Route53 almost exclusively for my DNS, there are many advantages. Anyways, it could be great with some implementaiton for support w...I know there has been previous requests before, but nothing really became of it.
At the moment i used Route53 almost exclusively for my DNS, there are many advantages. Anyways, it could be great with some implementaiton for support with external DNS services, route53 (others are also available).. I know AWS R53 has a php library, and a cli too.
If there is nothing planned, i might look into writing one myself. Just dont need to be re-inventing the wheel here :)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3768SSL certificate management2021-01-21T09:39:10ZEricSSL certificate managementCurrently ssl certificates, keys, certificate requests and chaincerts need to be added by copy-n-paste into a vhost configuration. The plesk/odin approach seems to be more comfortable: They use an upload button and certs, keys, etc will ...Currently ssl certificates, keys, certificate requests and chaincerts need to be added by copy-n-paste into a vhost configuration. The plesk/odin approach seems to be more comfortable: They use an upload button and certs, keys, etc will be added to a named set of certificates, that can be later chosen in vhost configs.
As letsencrypt certificates will be supported in upcoming versions of ispconfig, it would seem wise to create these (if enabled) as such a set, that the user can choose of as described above.
It should also be possible to save only the location of a cert instead of it's contents in such a set.
Sets of certificates should be swapped out to their own tables, that are referenced by the vhost.
IMO that would improve the handling a lot.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3767Add support for mailing list manager SYMPA2024-01-02T17:38:14ZEricAdd support for mailing list manager SYMPAThe sympa mailing list manager is capable of virtual domains in so called "robots" and can serve data from various formats: text (via ftp, http, ...), various databases.
Packages are available in debian.
Basic aliases and transports fo...The sympa mailing list manager is capable of virtual domains in so called "robots" and can serve data from various formats: text (via ftp, http, ...), various databases.
Packages are available in debian.
Basic aliases and transports for postfix can be set in transport-regexp e.g.:
```
/^.*+owner\@domain\.tld$/ sympabounce:
/^.*\@domain\.tld$/ sympa:
```
sympabounce and sympa represent services in master.cf - e.g.
```
sympa unix - n n - 1 pipe flags=RF user
=sympa argv=/usr/lib/sympa/lib/sympa/queue ${recipient}
sympabounce unix - n n - 1 pipe flags=RF user
=sympa argv=/usr/lib/sympa/lib/sympa/bouncequeue ${user}@${domain}
Domain owners will be listed in virtual-regexp:
/^(.*)-owner\@(.*)$/ $1+owner@$2
```
Eventually aliases retrieved through ispconfig's database are preferable.
The web interface can be made available through fpm-wrapper and one aliased virtual host. Example config for nginx:
```
server {
listen _default:443;
listen [2001:db8::1]:443;
server_name hostname.domain.tld lists.otherdomain.tld;
root /var/www/lists;
location / {
rewrite ^/$ https://$http_host/home last;
rewrite ^/wws/(.*)$ /$1 last;
rewrite ^/wws$ /home last;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param HTTPS on;
if (-f $request_filename) { break; }
if (!-e $request_filename) {
gzip off;
fastcgi_pass unix:/var/run/sympa/wwsympa.socket;
}
}
location /static-sympa {
alias /var/lib/sympa/static_content;
}
}
```
/var/www/lists/[domain]_css/ will contain css data and may be adapted per domain.
config data will reside in /etc/sympa/hostname.domain.tld
I plea for integration of Sympa as a better alternative to mailman.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3726client filter in top menu2017-08-10T20:10:47ZAntalclient filter in top menuPlease consider a client filter in the top menu, only display items for the selected client and be able to deleted everything just like I can do as an admin.
Log in as client, does not provide all abilities an admin has and is too muc...Please consider a client filter in the top menu, only display items for the selected client and be able to deleted everything just like I can do as an admin.
Log in as client, does not provide all abilities an admin has and is too much of a hassle.
The system wide filter would save a lot of time and system resources when switching tabs.Planned featuresMarius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3708Support NodeJS2020-04-05T07:54:52ZLeonhard WolfmayrSupport NodeJSAs discussed in this thread: https://www.howtoforge.com/community/threads/support-for-nodejs.71538/#post-336594
NodeJS will be used much more widely if Wordpress makes the switch. ISPConfig should definitely support it then.As discussed in this thread: https://www.howtoforge.com/community/threads/support-for-nodejs.71538/#post-336594
NodeJS will be used much more widely if Wordpress makes the switch. ISPConfig should definitely support it then.Planned features