ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2017-12-27T04:31:24Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4451[ISPC 3.1.2] Document Root Nginx patch2017-12-27T04:31:24ZAndyPL[ISPC 3.1.2] Document Root Nginx patchTo work properly the patch must be added to the database field web_root
```
ALTER TABLE `web_domain`
ADD COLUMN `web_root` VARCHAR(255) NULL DEFAULT NULL AFTER `folder_directive_snippets`;
```
[nginx-docroot.diff](/uploads/50d6...To work properly the patch must be added to the database field web_root
```
ALTER TABLE `web_domain`
ADD COLUMN `web_root` VARCHAR(255) NULL DEFAULT NULL AFTER `folder_directive_snippets`;
```
[nginx-docroot.diff](/uploads/50d616ff9b32a1fb79d5306c3ee95fa4/nginx-docroot.diff)Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4416Protected folders should make an exeption for letsencrypt verification2020-05-29T13:51:16ZChristiaan de Die le ClercqProtected folders should make an exeption for letsencrypt verificationCurrently when you protect /, `.well-known/acme-challange` also get's locked out. This makes letsencrypt validation fail.
The following is a workaround for this, I would like to see this implemented in ISPConfig.
If the user has letsen...Currently when you protect /, `.well-known/acme-challange` also get's locked out. This makes letsencrypt validation fail.
The following is a workaround for this, I would like to see this implemented in ISPConfig.
If the user has letsencrypt enabled you can use the following:
Apache2 (above `require valid-user` in .htaccess):
`Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/#`
Nginx (in vhost):
`# Exclude let's encrypt
location /.well-known {
}`
If wanted I can submit a merge request for this.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4415Cronjob table is too narrow2020-02-28T19:01:22ZMartin StepanekCronjob table is too narrowTable with web cronjobs in 3.1.x is too narrow, so I can't see command which is really inconvenient.
In older versions table width was scaled by lenght of table data.Table with web cronjobs in 3.1.x is too narrow, so I can't see command which is really inconvenient.
In older versions table width was scaled by lenght of table data.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4378admin login, relative to its path instead of pointing to the root2017-08-10T20:10:37ZBart Dorlandtadmin login, relative to its path instead of pointing to the rootHi,
would it be possible to update the code to use relative paths instead of pointing to the root. This would allow to proxy the management interface as a sub directory of another (SSL) website.
If using the proxypass 'solution' the r...Hi,
would it be possible to update the code to use relative paths instead of pointing to the root. This would allow to proxy the management interface as a sub directory of another (SSL) website.
If using the proxypass 'solution' the result would be the /login/ URL which would redirect to /, after providing the credentials.
cheers.
Bart3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4330Multi-server-setup upgrade: the master-database' schema didn't got updated2020-11-07T16:04:42ZGhost UserMulti-server-setup upgrade: the master-database' schema didn't got updatedDuring the upgrade to 3.1p1 I discovered that my master-database schema didn't got updated.
My interface runs on on of my web-servers which also acts as separate server available to the cluster. (So in theory I could put the interf...During the upgrade to 3.1p1 I discovered that my master-database schema didn't got updated.
My interface runs on on of my web-servers which also acts as separate server available to the cluster. (So in theory I could put the interface behind a load-balancer, but didn't tested that yet).
* The interface is configured to use the master-database for the interface
* The server is configured to use the master-database as source + a single database for own settings
I didn't researched yet where this happens but I would love to contribute in the following proposal to ensure an idempotent master-db-schema update, independent where I start my multi-server-cluster upgrade. Here is my proposal solution:
* If it's a multi-server setup then check the master-db-version first - if it's lower then perform the master-db schema update
* continue the regular check of the server's-database-version - if it's lower then perform the server-db schema update
* if it's a multi-server setup then also update server.db_version inside the master db (Another Issue #4326 which I will address at the same time)
What do you think?3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4326server.dbversion was not updated in multi-server setups2020-11-07T13:57:11ZGhost Userserver.dbversion was not updated in multi-server setupsHey guys,
while updateding to 3.1p1 I realised that the dbversion for each server (inside master db) didn't got updated.
I'm running all ispconfig servers databases (except the db-servers) inside one AWS RDS instance with one data...Hey guys,
while updateding to 3.1p1 I realised that the dbversion for each server (inside master db) didn't got updated.
I'm running all ispconfig servers databases (except the db-servers) inside one AWS RDS instance with one database per server. This runs so far pretty good but sadly after the update all single databases got updated correctly to the latest version except inside the master-database.
After some research I found out that the upgrade only checks if it's a different host in order to also update the master-db.
The related code part is located here:
> install/lib/update.lib.php:233
`
//* update the database version in server table
$inst->db->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["database"] . ".server", $current_db_version, $conf['server_id']);
if ($inst->db->dbHost != $inst->dbmaster->dbHost) {
$inst->dbmaster->query("UPDATE ?? SET dbversion = ? WHERE server_id = ?", $conf["mysql"]["master_database"] . ".server", $current_db_version, $conf['server_id']);
}
`
I would contribute to fix this issue but would also love to get some community feedback about the right solution. My suggestion would be:
* if it's a different host, then update dbmaster
* if it's the same host but a different database, then update dbmaster
* otherwise expect it's a single server installation
Best Regards3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4314Fix remote DB host in installer_base.lib.php2017-08-10T20:10:39ZNicolas JUHELFix remote DB host in installer_base.lib.phpHi,
I think having find a bug to complete an new ispconfig when the Database in on remote host (like docker, ...).
In the installer_base.lib.php, line 249 => 255, we can find this :
```
if($conf['mysql']['admin_password'] == '') {
...Hi,
I think having find a bug to complete an new ispconfig when the Database in on remote host (like docker, ...).
In the installer_base.lib.php, line 249 => 255, we can find this :
```
if($conf['mysql']['admin_password'] == '') {
caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
} else {
caselog("mysql --default-character-set=".escapeshellarg($conf['mysql']['charset'])." -h ".escapeshellarg($conf['mysql']['host'])." -u ".escapeshellarg($conf['mysql']['admin_user'])." -p".escapeshellarg($conf['mysql']['admin_password'])." ".escapeshellarg($conf['mysql']['database'])." < '".ISPC_INSTALL_ROOT."/install/sql/ispconfig3.sql' &> /dev/null",
__FILE__, __LINE__, 'read in ispconfig3.sql', 'could not read in ispconfig3.sql');
}
```
If i clean a little this code to extract the command, we will find this :
`mysql --default-character-set=charset -h host -u user -p pass db < sqlfile &> /dev/null"...`
But in this command you forget one essential parameters in some secure system : the hosting port !
It must be fix with a command like this :
`mysql --default-character-set=charset -h host -P post -u user -p pass db < sqlfile &> /dev/null"...`3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4308BIND Error Handling Request2020-06-14T20:26:39ZoNdsenBIND Error Handling RequestHi All
Is it possible to add an additional Error Handler for BIND Servers?
Right now its possible to add a CNAME for top of Domain so the whole Domain runs into a "Silent" Error which means, Domain is not responding anymore (.err File o...Hi All
Is it possible to add an additional Error Handler for BIND Servers?
Right now its possible to add a CNAME for top of Domain so the whole Domain runs into a "Silent" Error which means, Domain is not responding anymore (.err File on /etc/bind/zones).
It would be great if there are 2 additional Options:
1. Checking if the Domain Name has .err Format and Displays it at ISPConfig Panel
maybe directly running the following CMD to get the Error:
```
named-checkzone domain.com /etc/bind/zones/pri.domain.com.err
```
2. Dont allow CNAME for top of Domain
What do i mean with "top of Domain?"
Example for domain.com (see the second CNAME Entry):
```
$TTL 3600
@ IN SOA ns1.dns.com. email.dns.com. (
2016101808 ; serial, todays date + todays serial #
7200 ; refresh, seconds
540 ; retry, seconds
604800 ; expire, seconds
86400 ) ; minimum, seconds
;
* 3600 CNAME domain.com.
domain.com. 3600 CNAME web04.dns.com.
domain.com. 3600 MX 10 mx01.dns.com.
domain.com. 3600 MX 20 mx02.dns.com.
domain.com. 3600 NS ns1.dns.com.
domain.com. 3600 NS ns2.dns.com.
```3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4278Add automatic IDN name conversion to DNS wizard2017-08-10T20:10:40ZTill BrehmAdd automatic IDN name conversion to DNS wizardAdd automatic IDN name conversion to DNS wizard and the Record list (not zone list) should show the host part of the records converted as well.Add automatic IDN name conversion to DNS wizard and the Record list (not zone list) should show the host part of the records converted as well.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4276Add support for MLMMJ Mailinglist manager2020-09-07T19:27:16ZTill BrehmAdd support for MLMMJ Mailinglist managerAdd support for MLMMJ Mailinglist manager.Add support for MLMMJ Mailinglist manager.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4192[3.1rc1] Domain Limit / Missing info text for customer2020-09-07T18:58:38ZDenny Bortfeldt[3.1rc1] Domain Limit / Missing info text for customerHey,
if you activate the domain limit modul in "system config -> settings -> domains", then the customer isn't able to edit the domain field free anymore (which is clear).
But the html text, which is above the checkbox, won't display an...Hey,
if you activate the domain limit modul in "system config -> settings -> domains", then the customer isn't able to edit the domain field free anymore (which is clear).
But the html text, which is above the checkbox, won't display anywhere so that the customer don't know, why he/she can't edit the field.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3940Add SFTP (via SSH) as (better) alternative to FTP(S) Users2021-09-28T16:32:10ZJens GrohAdd SFTP (via SSH) as (better) alternative to FTP(S) UsersAdd the Option to create an SFTP User instead of having to run pure-ftpd and use this age-old protocol. FTP/S is an OK'ish workaround for secure transmission of data, but having the option to use SFTP for file transfer uploads would be m...Add the Option to create an SFTP User instead of having to run pure-ftpd and use this age-old protocol. FTP/S is an OK'ish workaround for secure transmission of data, but having the option to use SFTP for file transfer uploads would be much better.
SFTP could be used via an addition to the OpenSSH server configuration by adding an option set for a specific group or groups (e.g. sftponly) to force those upload account to only be used for SFTP and not provide a login shell.
As the "webXY" users already exist and point to a directory (/var/www/clients/clientXX/webXY) that is owned by root:root, the requirements for SFTP chrooting are already given. Those SFTP accounts could be created just like the Shell Users function with the exceptions given above.
The following snippet would provide a safe chroot environment
# SFTP Only Users
Match Group sftponly
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory %h
ForceCommand internal-sftp
A user (e.g. sftp19_webspace) would just get its homedir (e.g. /var/www/clients/client5/web19) without providing a shell (in /etc/passwd) and would get sftp-only as group so to force the chroot active.
Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3805Replace/cleanup DNS hostname validators2020-09-07T13:10:55ZDavid KreitschmannReplace/cleanup DNS hostname validatorsI noticed that the validators for DNS entries are different for most forms. Sometimes * is allowed, sometimes _, sometimes none. Often it can result in invalid entries: _ is only allowed at the beginning, - only in the middle of a label....I noticed that the validators for DNS entries are different for most forms. Sometimes * is allowed, sometimes _, sometimes none. Often it can result in invalid entries: _ is only allowed at the beginning, - only in the middle of a label.
I think this should be a good validator:
```
'validators' => array ( 0 => array ( 'type' => 'REGEX',
'regex' => '/^(\*|(\*\.)?_?([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\._?([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*\.?)$/',
',
'errmsg'=> 'name_error_regex'),
```
It allows corner cases, e.g.:
*
*._asdf._asdf (currently not possible for TXT)
asdf.example.com.
but disallows the following invalid records which can currently be entered e.g.:
-asdf
asd_f
asdf*3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3726client filter in top menu2017-08-10T20:10:47ZAntalclient filter in top menuPlease consider a client filter in the top menu, only display items for the selected client and be able to deleted everything just like I can do as an admin.
Log in as client, does not provide all abilities an admin has and is too muc...Please consider a client filter in the top menu, only display items for the selected client and be able to deleted everything just like I can do as an admin.
Log in as client, does not provide all abilities an admin has and is too much of a hassle.
The system wide filter would save a lot of time and system resources when switching tabs.Planned featuresMarius BurkardMarius Burkardhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3708Support NodeJS2020-04-05T07:54:52ZLeonhard WolfmayrSupport NodeJSAs discussed in this thread: https://www.howtoforge.com/community/threads/support-for-nodejs.71538/#post-336594
NodeJS will be used much more widely if Wordpress makes the switch. ISPConfig should definitely support it then.As discussed in this thread: https://www.howtoforge.com/community/threads/support-for-nodejs.71538/#post-336594
NodeJS will be used much more widely if Wordpress makes the switch. ISPConfig should definitely support it then.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3654Syntax error in "Custom php.ini settings" field causes php-fpm to go down; ch...2020-01-08T11:58:49ZBen JohnsonSyntax error in "Custom php.ini settings" field causes php-fpm to go down; check with FPM's --testHello!
While editing a virtual host's "Custom php.ini settings" value, I entered the following, which contains a superfluous and erroneous "&":
[code]
error_reporting = E_ALL & & ~E_DEPRECATED
[/code]
This is, of course, synta...Hello!
While editing a virtual host's "Custom php.ini settings" value, I entered the following, which contains a superfluous and erroneous "&":
[code]
error_reporting = E_ALL & & ~E_DEPRECATED
[/code]
This is, of course, syntactically invalid. But ISPConfig went ahead and attempted to restart php-fpm anyway, which resulted in a PHP outage across every site on the server, because php-fpm was stopped but never restarted (due to the syntax error that ISPConfig saved to the configuration).
Given that php-fpm has a built-in mechanism for validating its configuration, ISPConfig should make use of this feature.
If ISPConfig is already using "php-fpm --test", then something is not working correctly, because I just tested this very example and it is caught as expected:
# php-fpm --test PHP: syntax error, unexpected '&' in Unknown on line 1
[09-Sep-2015 09:56:23] ERROR: Unable to include /usr/local/zend/etc/fpm.d/web4.conf from /usr/local/zend/etc/php-fpm.conf at line 24
[09-Sep-2015 09:56:23] ERROR: failed to load configuration file '/usr/local/zend/etc/php-fpm.conf'
[09-Sep-2015 09:56:23] ERROR: FPM initialization failed
Calling "php-fpm --test" returns "0" status code if the configuration is valid, and a non-zero code if it is invalid. This should make it relatively simple to test the configuration before reloading PHP-FPM, rolling-back if necessary.
This is exactly what is done with NGINX and Apache configuration changes, so the same should be applied to other services, such as PHP, wherever possible.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3532Add dynamic reject with postfix verify service2020-09-25T20:35:26ZTill BrehmAdd dynamic reject with postfix verify serviceAdd a dynmic reject configuration by using the postfix verify service for systems that use transports in fron of other mail servers like exchange servers.Add a dynmic reject configuration by using the postfix verify service for systems that use transports in fron of other mail servers like exchange servers.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3494Allow enable/disable directive snippets for clients2020-11-01T16:11:59ZsdafsadfsdAllow enable/disable directive snippets for clientsI know that apache and php additional options are disabled for clients/resellers due to security as they can potentially break the whole webserver setup. However it is still needed to allow clients/resellers to enable some options in cer...I know that apache and php additional options are disabled for clients/resellers due to security as they can potentially break the whole webserver setup. However it is still needed to allow clients/resellers to enable some options in certain situations. My suggestions is to allow them to simply include some of the predefined snippets. I.e. the snippets that are added in the Directive snippets section are available as a list of checkboxes which resellers/clients can simply enable or disable.Planned featureshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3406Remove suphp support2020-10-06T11:19:55ZTill BrehmRemove suphp supportRemove suphp support in ispconfig. The apache mod_suphp is not under active development anymore and the module has been removed from debian as well. there are already better php modes available in ISPConfig like fastcgi or php-fpm togeth...Remove suphp support in ispconfig. The apache mod_suphp is not under active development anymore and the module has been removed from debian as well. there are already better php modes available in ISPConfig like fastcgi or php-fpm together with suexec.3.3https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3253Add ip address filter to suggest IP function2017-08-10T20:10:58ZTill BrehmAdd ip address filter to suggest IP functionRefer to: #3206Refer to: #3206Planned features