ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2023-08-30T16:35:08Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6563enhancement in certificates2023-08-30T16:35:08ZBruno Meirellesenhancement in certificatesHi,
certbot and acme.sh now sign using elliptic curve by default.
If possible, sign the certificates using this new modern signature, as the handshake is more faster.
https://community.letsencrypt.org/t/ecdsa-certificates-by-default-a...Hi,
certbot and acme.sh now sign using elliptic curve by default.
If possible, sign the certificates using this new modern signature, as the handshake is more faster.
https://community.letsencrypt.org/t/ecdsa-certificates-by-default-and-other-upcoming-changes-in-certbot-2-0/177013
https://github.com/acmesh-official/acme.sh#:~:text=ec%2D256%20(prime256v1%2C%20%22,is%20the%20default%20key%20type)
Thank youhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4024manage TLSA records2023-08-15T21:28:41ZJesse Norellmanage TLSA recordsFeature Request:
A nice augment to managing letsencrypt certificates would be to automatically setup the TLSA record in DNS; it would be impractical to use TLSA otherwise. This can also be done for non-letsencrypt certificates, of cour...Feature Request:
A nice augment to managing letsencrypt certificates would be to automatically setup the TLSA record in DNS; it would be impractical to use TLSA otherwise. This can also be done for non-letsencrypt certificates, of course.
Example command to generate the TLSA record:
```
# domain=domain.com
# openssl x509 -noout -fingerprint -sha256 < /etc/letsencrypt/live/${domain}/cert.pem | sed -e s/://g -e "s/.*=/_443._tcp.${domain}. 1800 IN TLSA 3 0 1 /"
_443._tcp.domain.com. 1800 IN TLSA 3 0 1 C2C7CE93AC8716A8550EF1D3856C669B45456CF2204C081AB8F52DCC230D0031
```
Then import that into a DNS record.
The only(?) remaining issue is handling certificate rollover, which is done by having multiple TLSA records for the old and new certificates. When adding a TLSA record, first determine the certificate's expiry date and add a little time to that (24 hours?), save that timestamp somewhere (new expire/remove date field in db table?), and run a little cleanup routine that removes old TLSA records that have expired.
Certificate expiry date is gotten with:
```
# openssl x509 -noout -enddate < /etc/letsencrypt/live/${domain}/cert.pem
notAfter=Oct 2 05:04:00 2016 GMT
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6557Add support to quic/http3 in ngnix2023-08-15T21:25:17ZBruno MeirellesAdd support to quic/http3 in ngnixHi friends,
if possible, add quic/http 3 support to ngnix.
I don't think any other panel supports quic/http3, ispconfig will be a pioneer.Hi friends,
if possible, add quic/http 3 support to ngnix.
I don't think any other panel supports quic/http3, ispconfig will be a pioneer.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6262support HTTP/3 QUIC in ISPConfig for nginx2023-08-15T09:15:22ZBartłomiej Bujaksupport HTTP/3 QUIC in ISPConfig for nginxHTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.HTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6527Add support for Debian 122023-08-09T15:28:54ZTill BrehmAdd support for Debian 12Add support for Debian 12Add support for Debian 123.2.11Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6324Cleanup vhost.conf.master2023-08-08T07:22:15ZThomCleanup vhost.conf.masterThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etcThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etc3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6479Nginx as a reverse proxy2023-08-08T07:22:08ZAdamNginx as a reverse proxyI created a plugin that allows you to use nginx as a reverse proxy.
Merge request for this plugin: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1703
All you need to do is:
1. Change apache port to 6080 for http and 6...I created a plugin that allows you to use nginx as a reverse proxy.
Merge request for this plugin: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1703
All you need to do is:
1. Change apache port to 6080 for http and 6443 for https.
2. Install Nginx web server
3. Activate the Nginx Reverse Proxy plugin.
`ln -s /usr/local/ispconfig/server/plugins-available/nginx_reverseproxy_plugin.inc.php /usr/local/ispconfig/server/plugins-enabled/nginx_reverseproxy_plugin.inc.php`3.2.12AdamAdamhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5376New field to DNS CAA iodef ...2023-08-08T07:21:44ZMarek AdamskiNew field to DNS CAA iodef ...I need new field in to DNS.\
example.com. IN CAA 0 iodef "mailto:security@example.com" #where to send info about try generate cert by not authorized center\
example.com. IN CAA 0 issue ";" #Disallow to generate cert.\
example.com. IN CAA...I need new field in to DNS.\
example.com. IN CAA 0 iodef "mailto:security@example.com" #where to send info about try generate cert by not authorized center\
example.com. IN CAA 0 issue ";" #Disallow to generate cert.\
example.com. IN CAA 0 issuewild ";" #Disallow to generate wild cert.\
Can you add option to add CAA entries without template? \
Sources of info: https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization\
My ISPConfig version: 3.1.14p23.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5145remote api for clients2023-08-07T11:14:28ZJesse Norellremote api for clientsThe remote api should be able to support clients, so they can manage their own dns zone (via acme.sh IPSConfig plugin), email accounts, etc.
As for the implementation, perhaps allow specifying a client for each Remote User (optional), a...The remote api should be able to support clients, so they can manage their own dns zone (via acme.sh IPSConfig plugin), email accounts, etc.
As for the implementation, perhaps allow specifying a client for each Remote User (optional), and do permission checks/query where clauses/etc. as needed.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6553Show aliases in mail user edit form2023-08-05T22:10:47ZHelmoShow aliases in mail user edit formWouldn't it be nice to see which aliases a mail user had when editing the user...
What about:
![image](/uploads/cbb000c00ad7845493f60ae4faa49303/image.png)
When a user has many aliases it would wrap over multiple lines. Still readable.Wouldn't it be nice to see which aliases a mail user had when editing the user...
What about:
![image](/uploads/cbb000c00ad7845493f60ae4faa49303/image.png)
When a user has many aliases it would wrap over multiple lines. Still readable.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6552Show quota usage for mail user on edit form2023-08-05T21:34:03ZHelmoShow quota usage for mail user on edit formIt would be nice to show the current disk usage while editing a mail user. What about adding it under the quota form item like this?
With a quota:
![image](/uploads/78e06a2df4a30ec4800abe8e9ecf39a1/image.png)
When no quota is set:
![i...It would be nice to show the current disk usage while editing a mail user. What about adding it under the quota form item like this?
With a quota:
![image](/uploads/78e06a2df4a30ec4800abe8e9ecf39a1/image.png)
When no quota is set:
![image](/uploads/49dfa3facb4f6dee8821e509c8c8bb75/image.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5452PHP version select box size2023-08-01T13:39:56ZSteffan NoordPHP version select box sizeFuture request
Is it possible to change the size of the php version select box after selecting PHP-FPM?Future request
Is it possible to change the size of the php version select box after selecting PHP-FPM?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5372Re-use dashboard dashlets as tab on client2023-07-30T13:43:47ZHelmoRe-use dashboard dashlets as tab on clientAs admin you see data for all clients on your dashboard.
And as client you see your own usage.
But how can I as an admin see the overview of what a specific client is using?
Just an idea ... Can't we add an extra tab when viewing a cli...As admin you see data for all clients on your dashboard.
And as client you see your own usage.
But how can I as an admin see the overview of what a specific client is using?
Just an idea ... Can't we add an extra tab when viewing a client. Besides 'Address' and 'Limits' I'd like to have an overview or 'dashboard'.
Additionally it might then be nice to make the make the statistics rows clickable to directly navigate to a certain mail account.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6387DMARC update just like SPF2023-07-04T21:14:53ZhkendusersDMARC update just like SPF<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
When I update SPF record by clicking the record (not SPF button), it shows "DNS SPF" editing page.
However if I update DMARC record by clicking the record (not DMARC button), it shows "DNS TXT" editing page but not showing "DNS DMARC" editing page, and it even shows error "DMARC is not allowed. Use the DMARC button" if save it.
Is it OK that DMARC editing just like SPF? Means clicking the record then show "DNS DMARC" editing page directly, it will prevent user's confusion.'
## Environment
Server OS + version: CentOS Stream release 8
ISPConfig version: 3.2.8p1
## Proposed fix
Open /usr/local/ispconfig/interface/web/dns/dns_txt_edit.php
> if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
> header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
> exit;
> }
Update to
> if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
> header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
> exit;
> } else if ("v=DMARC1"== mb_substr($this->dataRecord["data"], 0, 8)) {
> header(sprintf("Location: dns_dmarc_edit.php?id=%d", $this->dataRecord["id"]));
> exit;
> }https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6529Multiserver Database IPv6 autocomplete and suggested IPs2023-06-16T04:20:26ZPhilipp HieberMultiserver Database IPv6 autocomplete and suggested IPs## Summary
If a multiserver setup is used with external database servers with IPv6, the IPv6 address of the web server will not autocomplete for external access. \
IPv6 addresses configured in serverconfigs. \
IPv6 addresses in hosts fil...## Summary
If a multiserver setup is used with external database servers with IPv6, the IPv6 address of the web server will not autocomplete for external access. \
IPv6 addresses configured in serverconfigs. \
IPv6 addresses in hosts file on master server are configured.
Only IPv4 addresses shown in the suggested IPs list.
## Steps to reproduce
1. Create customer
2. Create webspace (Server 1)
3. Create database user
4. Create database (Server 2)
5. show database config (Only IPv4 address of server 1 added to external access)
## Correct behaviour
also IPv6 address of Server 1 should be added to external access \
even IPv6 addresses should be shown in the suggested IPs list.
## Environment
Server OS + version: Debian 11 \
ISPConfig version: 3.2.10
Software version of the related software: Apache/2.4.56 (Debian)
```
Server version: Apache/2.4.56 (Debian)
Server built: 2023-04-02T03:06:01
```
## Screenshots
![Screenshot_2023-06-15_103341](/uploads/852473560748c38c9fe78424467a30e5/Screenshot_2023-06-15_103341.png)
![Screenshot_2023-06-15_103821](/uploads/dce561173b8826326559c824407dec7d/Screenshot_2023-06-15_103821.png)
![Screenshot_2023-06-15_104013](/uploads/8f1c765b892a52ac4ac4093b5a03590e/Screenshot_2023-06-15_104013.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6526web restore writes into web folder and don't replaces it2023-06-12T05:45:13ZHannesweb restore writes into web folder and don't replaces itVersion 3.2.10<br>
I don't know if that's the intention or a bug that the restore write into the web folder and don't replaces it.<br>
(with borg but think it happens with tar.gz and others too).<br>
A restore don't delete the old cont...Version 3.2.10<br>
I don't know if that's the intention or a bug that the restore write into the web folder and don't replaces it.<br>
(with borg but think it happens with tar.gz and others too).<br>
A restore don't delete the old content of web folder first<br>
It copies the files into the directories - replaces the files but don't delete other files there.<br>
That's lead into multiple problems (over quota/files chaos) if the backup is older/other CMS/contains hacked files/..<br>
borg uses
<pre>
safe_exec cmd: cd '/var/www/clients/client1/web2' && borg extract --nobsdflags '/var/backup/web2/borg_web::web2_2023-06-11_13-18'
</pre>
and tar.gz uses
<pre>
tar xf xxx.tar.gz --directory /var/www/domain.xxx
</pre>
both write into folder i think and there is no rm -R web folder first <br><br>
I don't checked how rar, zip, 7z, bzp2... handles thishttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6Mail statistics2023-06-06T12:34:08ZTill BrehmMail statisticsShow mail statistics in the interface. the mail statistics are stored
in the database table mail_traffic and are collected by the file
server/cron_daily.phpShow mail statistics in the interface. the mail statistics are stored
in the database table mail_traffic and are collected by the file
server/cron_daily.php3.0.0.5Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5Network card configuration2023-06-06T12:34:08ZTill BrehmNetwork card configurationAdd a backend plugin to configure network card settings. The IP address settings are stored in the server_ip table.Add a backend plugin to configure network card settings. The IP address settings are stored in the server_ip table.3.0.0.7 Betahttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4Add a function to let a server join a existing installation.2023-06-06T12:34:08ZTill BrehmAdd a function to let a server join a existing installation.Add a function to let a server join a existing installation (database) that resides on another server.Add a function to let a server join a existing installation (database) that resides on another server.3.0.0.5https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3Load and update system config from file into sql database during installation.2023-06-06T12:34:08ZTill BrehmLoad and update system config from file into sql database during installation.Load and update system config from file into sql database during installation.Load and update system config from file into sql database during installation.3.0.0.4