ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2022-01-07T11:47:11Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6258Purge email from Inbox after X amount of days2022-01-07T11:47:11ZDannyPurge email from Inbox after X amount of daysI have a feature request:
I would like to be able to purge email after X amount of days from ISPConfig. I have some monitoring mailboxes that are not maintained, but need some kind of history to be kept until purging it (thus X days).I have a feature request:
I would like to be able to purge email after X amount of days from ISPConfig. I have some monitoring mailboxes that are not maintained, but need some kind of history to be kept until purging it (thus X days).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6250chrooted: localhost not reachable & php mail2021-12-02T22:23:28ZNinoschrooted: localhost not reachable & php mail## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I thi...## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I think.
## Steps to reproduce
1. Enable chroot-option for website
2. Run example php sendmail script on website
3. Check mail logs
## Correct behaviour
php mail() should also work in chrooted.
## Environment
Server Debian 11 latest
ISPConfig version: 3.2.7p1
## Proposed fix
Open /etc/php/VERSION/fpm/php.ini & change:
```
SMTP = localhost
```
to:
```
SMTP = 127.0.0.1
```
After that I have no more clue (fix for first step) :Dhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6240Create symlinks for conveniance, SFTP user should not land in an empty dir.2022-01-14T12:01:05ZHelmoCreate symlinks for conveniance, SFTP user should not land in an empty dir.Title says it all... for some users it's weird to land in an empty directory when connection via sftp.
I've grown the habit of placing a few symlinks there... MR coming.Title says it all... for some users it's weird to land in an empty directory when connection via sftp.
I've grown the habit of placing a few symlinks there... MR coming.3.2.8https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6239Add ipv6 option for dns_templatezone_add()2021-12-21T12:23:38ZHelmoAdd ipv6 option for dns_templatezone_add()The remote API is missing the ipv6 option.The remote API is missing the ipv6 option.3.2.8HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6235Feature Request LSWS LiteSpeed2022-11-22T20:08:23ZTrimilurFeature Request LSWS LiteSpeedDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
RegardsDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6233Fix socket path on PHP 7 systems Starts with oldest version2022-02-28T16:20:34ZCollin MachineFix socket path on PHP 7 systems Starts with oldest versionBasically the "Fix socket path on PHP 7 systems" section of /usr/local/ispconfig/server/plugins-available/apps_vhost_plugin.inc.php is written so that it replaces the socket path of PHP5 for the PHP7 socket paths but if multiple versions...Basically the "Fix socket path on PHP 7 systems" section of /usr/local/ispconfig/server/plugins-available/apps_vhost_plugin.inc.php is written so that it replaces the socket path of PHP5 for the PHP7 socket paths but if multiple versions of PHP7 exist on the system, it uses the oldest version, as it performs a string replace on the $content variable and the string is no longer found when later PHP7 sockets are found and a replace is attempted.
## Summary
I would assume you'd want the socket for the latest version of PHP7, and possible PHP8 to be added as well?
## Steps to reproduce
Pretty self-explanatory
## Correct behaviour
Perhaps rewrite to a if/elseif statement, starting with the newest version working backwards, as the other lines are useless if the string replace has already occurred on $content
## Environment
Server OS + version: Ubuntu 20.04
ISPConfig version: 3.2.6
Software version of the related software:
Server version: Apache/2.4.48 (Ubuntu)
Server built: 2021-07-01T19:16:08
PHP 7.4.23 (cli) (built: Aug 26 2021 15:51:37) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.23, Copyright (c), by Zend Technologies
## Proposed fix
I don't know if this is how you want to do it but maybe something like this:
```
// Fix socket path on PHP 7 systems
$php7_socket = false;
if(file_exists('/var/run/php/php7.4-fpm.sock')) {
$php7_socket = '/var/run/php/php7.4-fpm.sock';
} elseif(file_exists('/var/run/php/php7.3-fpm.sock')) {
$php7_socket = '/var/run/php/php7.3-fpm.sock';
} elseif(file_exists('/var/run/php/php7.2-fpm.sock')) {
$php7_socket = '/var/run/php/php7.2-fpm.sock';
} elseif(file_exists('/var/run/php/php7.1-fpm.sock')) {
$php7_socket = '/var/run/php/php7.1-fpm.sock';
} elseif(file_exists('/var/run/php/php7.0-fpm.sock')) {
$php7_socket = '/var/run/php/php7.0-fpm.sock';
}
if(!empty($php7_socket)) $content = str_replace('/var/run/php5-fpm.sock', $php7_socket, $content);
```
--- Notice the $php7_socket variable is set to false by default just because if you do decide to add PHP8 to the beginning of this set, it doesn't throw an error for undefined variable.3.2.8ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6230Copy email address to clipboard2022-08-16T11:41:09ZHelmoCopy email address to clipboardWhen creating or editing a mail account I sometimes would like to get the email address in my copy/paste buffer.
The patch below adds that in a quick and dirty way.
Is there interest for this?
If so then we can add translation and a be...When creating or editing a mail account I sometimes would like to get the email address in my copy/paste buffer.
The patch below adds that in a quick and dirty way.
Is there interest for this?
If so then we can add translation and a better icon...
```patch
diff --git a/interface/web/mail/templates/mail_user_mailbox_edit.htm b/interface/web/mail/templates/mail_user_mailbox_edit.htm
index 170ab15db..93ff6e04d 100644
--- a/interface/web/mail/templates/mail_user_mailbox_edit.htm
+++ b/interface/web/mail/templates/mail_user_mailbox_edit.htm
@@ -12,6 +12,9 @@
<select name="email_domain" id="email_domain" class="form-control" style="height:50px;min-width:170px;">{tmpl_var name='email_domain'}</select>
</div>
</div>
+ <a class="btn btn-default formbutton-narrow" href="javascript: navigator.clipboard.writeText(document.getElementById('email_local_part').value + '@' + document.getElementById('email_domain').value);" title="Copy to clipboard">
+ <span class="icon icon-bulb"></span>
+ </a>
</div>
</div>
<tmpl_if name="enable_custom_login"><div class="form-group">
```3.2.9https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6225Possible Alternative to disable LE check for natted servers.2021-09-03T08:00:13ZChrisPossible Alternative to disable LE check for natted servers.As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external se...As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external service verify the host/domain is indeed accessible.
How I see this in practice:
Ispconfig > system > server config > ssl > NAT Router (checkbox) (as oppose to disable LE check)
When performing the check, if the NAT box is checked, Call out to verification server.
[It could be a service hosted by ISPConfig but could just as easily be any of the "is this site up" services that has a free user api. (with a quick google, I see that: check-host.net for example has an array of check types that could be used for this.)
Get the result and proceed with cert creation or report back an issue.
In summary:
I believe this approach would be more effective than just disabling the check because it will mean misconfigured hostnames/domains, missing dns or websites, wrong server used for a site, firewall woes and the rest of the usual suspects will not result in a failed cert request to LE.
One or two fails may not be an issue but we know there is a rate limit so whatever we can do to keep the failures from occurring in the first place would be a bonus.
Essentially this will allow ISPConfig to still pre-empt failures and would only affect those that have the NAT configuration set in server configs. For everybody else you can just perform the normal check.
An option in the installer that allows for enabling the option from the outset would be preferable although that would just be a small bonus addition to the overall feature.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6224Add DNS api functions for LOC type2021-09-08T09:46:27ZHelmoAdd DNS api functions for LOC typeI noticed that the meta data for the LOC and DS functions was added by mistake ages ago in ecb8fc2c5b3c1b42e15e3e44d287a650ef3b6aa6 but no implementation.
While preparing a MR I noticed that DS functions are already proposed in #6187 so...I noticed that the meta data for the LOC and DS functions was added by mistake ages ago in ecb8fc2c5b3c1b42e15e3e44d287a650ef3b6aa6 but no implementation.
While preparing a MR I noticed that DS functions are already proposed in #6187 so this one just for dns_loc_*
The error I got that triggered me:
`SoapFault: Method dns_ds_add does not exist in SoapClient->__call()`3.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6222Make reproducible release tarballs2023-12-03T21:07:13ZDaniel JagszentMake reproducible release tarballsI check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e4...I check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e416b8242d5` to `b18e992f9ac81acb30e9536f6cff4e6deebf631fc3ec126b897314c4a03891b9`.
That made me suspicious (could have easily been a hack that replaced the original release with a malicious one) – but the two tarballs extract to the very same directory tree (I had the earlier version laying around to check).
Looks like the tarball was re-created recently (maybe to test !1496?). The tar and gzip file format include metadata (like the current PID or the current time) that make two tar+gzip archives of the same directory tree binary different even if they extract to the same directory tree.
Please consider to either
* never ever overwrite a published release (e.g. skip uploading if there is a file with the same name) or
* make the tarballs [reproducible](https://reproducible-builds.org/docs/archives/).
Also, "offical" SHA 256 sums in the release blog post would be wonderful :smile:Daniel JagszentDaniel Jagszenthttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6213Add support for Debian 112021-09-07T07:07:44ZTill BrehmAdd support for Debian 11Add Debian 11 support in ISPConfig.Add Debian 11 support in ISPConfig.3.2.6Till BrehmTill Brehmhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6211Selected PHP Version in Jail2021-08-18T13:29:54ZGhost UserSelected PHP Version in JailTaken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switch...Taken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switching the PHP version remove the old PHP version from the jail? To me it looks like that would be hard to implement, considering ISPConfig doesn't remove redundant things (aka sections or applications I removed from System > Server Config > Jailkit that were previously there) from jails after re-syncing shell users.
If this is the specific reason it wasn't implemented yet, I think an easier approach would be including all PHP versions in the jail, and just modify the php (no version number) binaries to be symlinked to the right version like `sudo update-alternatives --config php` does (this command only works outside of the jail).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6210periodically force jailkit update2021-08-31T09:15:39ZJesse Norellperiodically force jailkit updateIt wouldn't hurt to force all jails to update periodically, so eg. changes to sections in jk_init.ini get propogated.It wouldn't hurt to force all jails to update periodically, so eg. changes to sections in jk_init.ini get propogated.3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6206Interface setting > mail > max backup copies2021-07-30T13:17:26ZFrançois GrizzlyDevInterface setting > mail > max backup copiesRegarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the ma...Regarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the maximum backup copies (for **email** only), so clients' options would be globally limited when accessing the "Backup" tab.
Before going any further, my guess is to add an [interface setting](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md#interface-settings).
And obviously enforce the limit in the `mail_user.backup_copies` SQL column when this setting is changed. This could be done using some feature such as the setting input "custom" validator, for example: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/admin/form/system_config.tform.php#L224
For this last point especially, I am not sure this is the way to go, comments are welcome!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6202Support for borg archive in backups2022-11-12T19:39:41ZJorge MuñozSupport for borg archive in backupsAdd support for borg archive as backup, this is a must for large file systems where a common backup format would take forever and fill up all space real quick. Borg format is an archive format supporting differential backups and per-file...Add support for borg archive as backup, this is a must for large file systems where a common backup format would take forever and fill up all space real quick. Borg format is an archive format supporting differential backups and per-file diffs.3.2.8Jorge MuñozJorge Muñozhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6198clarify "ISPConfig v2 detected" message2021-08-31T09:15:48ZJesse Norellclarify "ISPConfig v2 detected" messageClarify the "ISPConfig v2 detected" message, perhaps a few less support tickets.Clarify the "ISPConfig v2 detected" message, perhaps a few less support tickets.3.2.6https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6191improve letsencrypt renew hook2021-08-31T09:15:59ZJesse Norellimprove letsencrypt renew hookChange the letsencrypt renew hook to allow a custom script to run in addition to (rather than just instead of) the default one. The pre and post hooks already do this.
https://www.howtoforge.com/community/threads/hook-evolution-for-isp...Change the letsencrypt renew hook to allow a custom script to run in addition to (rather than just instead of) the default one. The pre and post hooks already do this.
https://www.howtoforge.com/community/threads/hook-evolution-for-ispconfig-le-renewal.87185/3.2.6Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6188Add field for FPM-Chroot Docroot2021-06-21T13:49:21ZPatrick OmlandAdd field for FPM-Chroot DocrootIf Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Poo...If Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Pool config
See this Thread (German)
https://forum.howtoforge.de/threads/docroot-unter-chroot-fpm.12662/#post-62035https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6187DS RECORD functions for API2022-01-21T23:14:44Zfrancois parreaux-eyDS RECORD functions for APIHello,
Following below discussion (link) I propose to add DS RECORD functions for API
https://www.howtoforge.com/community/threads/dnssec-cascade-inside-ispconfig.86988/#post-423182
code added in 'interface/lib/classes/remote.d/dns.i...Hello,
Following below discussion (link) I propose to add DS RECORD functions for API
https://www.howtoforge.com/community/threads/dnssec-cascade-inside-ispconfig.86988/#post-423182
code added in 'interface/lib/classes/remote.d/dns.inc.php'
// ----------------------------------------------------------------------------------------------------------------
//* Get record details
public function dns_ds_get($session_id, $primary_id) {
return $this->dns_rr_get($session_id, $primary_id, 'DS');
}
//* Add a record
public function dns_ds_add($session_id, $client_id, $params, $update_serial=false) {
return $this->dns_rr_add($session_id, $client_id, $params, $update_serial, 'DS');
}
//* Update a record
public function dns_ds_update($session_id, $client_id, $primary_id, $params, $update_serial=false) {
return $this->dns_rr_update($session_id, $client_id, $primary_id, $params, $update_serial, 'DS');
}
//* Delete a record
public function dns_ds_delete($session_id, $primary_id, $update_serial=false) {
return $this->dns_rr_delete($session_id, $primary_id, $update_serial, 'DS');
}
As a reminder, in case you want to have a cascade of zones using DNSSEC, you need to :
1. let's create child.dom.tld
1.a Create zone with 'dnssec_wanted=y'
2. in parent zone ie dom.tld
2.a. Create DS_record pointing to child zone (this is the aim of the functions I am adding)
2.b. Create 2 NS_records pointing to child zone
3. update parent zone dom.tld to have zone signing updated
4. don't forget to create secondary Zones on your secondary bind server
Many thanks for your trust
francoisPE3.2.8francois parreaux-eyfrancois parreaux-eyhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6184rspamd: don't use secure_ip2021-06-21T15:47:39ZJesse Norellrspamd: don't use secure_ipWe currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail ...We currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail services (eg. single-server), as addresses in secure_ip do not require a password. We should drop the use of secure_ip, and preferably switch to using unix sockets to talk to all rspamd daemons.
Also provide examples of how to configure reverse proxies to connect and authenticate (eg. add a Password header and use unix rather than tcp socket).