ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-08-16T17:40:54Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3220Add support for chrooted php-fpm2020-08-16T17:40:54ZJustin AlbstmeijerAdd support for chrooted php-fpmHi,
I got chrooted php-fpm working in ISPconfig 3.0.5.3 and I was hoping you might be interested in implementing it in a future ISPconfig version.
I don't pretend these instructions below are anywhere near the way it should be implemen...Hi,
I got chrooted php-fpm working in ISPconfig 3.0.5.3 and I was hoping you might be interested in implementing it in a future ISPconfig version.
I don't pretend these instructions below are anywhere near the way it should be implemented. It's just dirty hacked prove of concept. But I hope it covers the info you need to implement it nicely.
What did I do;
1- created a patched version of php_fpm_pool.conf.master in server/conf-custom/php_fpm_pool.conf.master. See php_fpm_pool.conf.master.patch
2- patched server/plugins-available/apache2_plugin.inc.php to get the desired chroot directory VAR to use in the php_fpm pool config. See apache2_plugin.inc.php.patch
3- added some extra needed files to jailkit. See jk_init.ini.extra
4- patched server/plugins-available/shelluser_jailkit_plugin.inc.php to change needed permissions on /etc/msmtprc. See shelluser_jailkit_plugin.inc.php.patch
5- two files are added through jailkit to make mail work in the chroot. See msmtprc (mail.rc is de default p[oviced by mailx)
6- one php fix include file is added to fix some variables that are not set correctly by php-fpm. See phpfix
7- on the Centos based web server I installed php54-php-fpm-5.4.16 packages from SCL, which makes it possible to run multiple php versions and even keep the original mod_php version available.
8- added the extra section of jk_init.ini in System->Server Config->the webserver->jailkit
9- added "Additional PHP Version" with these settings:
Path to the PHP-FPM init script: /etc/init.d/php54-php-fpm
Path to the php.ini directory: /opt/rh/php54/root/etc/php.d
Path to the PHP-FPM pool directory: /opt/rh/php54/root/etc/php-fpm.d
Some issues with the dirty hack above.
1- "hardlinks = 0" in the new jk_init.ini is ignored by ISPconfig as it utilizes "-k" on execution. This means that changing the permissions in shelluser_jailkit_plugin.inc.php will break the mail function on previous created chrooted sites.
So ISPconfig should respect the jk_init.ini settings or placing the mail support files should take place somewhere else.
2- resolving in php within the chrooted php-fpm does not work till a chrooted shell account is created providing the necessary libraries/files. so you will need to add the chrooted shell user and restart the php-fpm process to make resolving work for now. So these files should be installed on creating the vhost without the need of a chrooted shell user in the eventual implementation.
3- The same as point 2, phpfix is only added as part of a chrooted shell user. So this file should be installed on creating the vhost without the need of a chrooted shell user in the eventual implementation.
No big issues to solve, just things that are part of this dirty hack till a better place to do these things has been found.
Gr, J3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4353Layout Issues2019-07-03T11:12:07ZSamuel SutherLayout IssuesThe new Layout is awesome. :Thanks a lot for this.
But here a Bug I've found... the dropdodwn-Field is much to small (on any view, not only on the "Server"-View) [here in Google Chrome on Linux]:
![Auswahl_090](/uploads/e88d229820532c590...The new Layout is awesome. :Thanks a lot for this.
But here a Bug I've found... the dropdodwn-Field is much to small (on any view, not only on the "Server"-View) [here in Google Chrome on Linux]:
![Auswahl_090](/uploads/e88d229820532c590fb01f9293db2b8d/Auswahl_090.jpg)
Here how to fix it:
![Auswahl_089](/uploads/8ab8ccfc11e5fb6f5ba0e9f02ae7b7b0/Auswahl_089.jpg)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4814Symlinks breaks FPM on Debian Stretch2019-07-03T11:15:47ZSergio Brighentisergio@brighenti.meSymlinks breaks FPM on Debian Stretch## short description
Overriding the document root with the {DOCROOT} placeholder in apache directives breaks php-fpm. So:
```
DocumentRoot {DOCROOT}/folder
```
in apache directive will results in `DocumentRoot /var/www/example.com/web/fo...## short description
Overriding the document root with the {DOCROOT} placeholder in apache directives breaks php-fpm. So:
```
DocumentRoot {DOCROOT}/folder
```
in apache directive will results in `DocumentRoot /var/www/example.com/web/folder`, and php fpm stops work, and will return a file php as plain text to the browser.
But, if switch to FastCGI, mod_php, etc it works.
The problem is the symlink, because if you put in the apache directives box this, instead using the placeholder:
```
DocumentRoot /var/www/clients/clientX/webY/web/folder
```
It works also with FPM.
## correct behaviour
With mod_proxy_fcgi seems not support the symlinks, so the {DOCROOT} should be a real path, and FPM will work.
## environment
* Server OS: debian
* Server OS version: stretch
* ISPConfig version: 3.1.7
```
Server version: Apache/2.4.25 (Debian)
Server built: 2017-09-19T18:58:57
```
```
PHP 7.0.19-1 (cli) (built: May 11 2017 14:04:47) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.19-1, Copyright (c) 1999-2017, by Zend Technologies
```
## proposed fix
The {DOCROOT} placeholder should put the real path instead the symlink to the web folder.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4816PHP-FPM reload / restart problems2020-10-20T18:52:02ZMichael ScholzPHP-FPM reload / restart problems## short description
Default PHP version: 5.6
Additional PHP version: 7.0
Sometimes when switching PHP version for a website, the site isn't reachable after that. I need to manual restart PHP-FPM in the specific version, where the site ...## short description
Default PHP version: 5.6
Additional PHP version: 7.0
Sometimes when switching PHP version for a website, the site isn't reachable after that. I need to manual restart PHP-FPM in the specific version, where the site should run. By inspecting the code, i also realized that the given init scripts `/etc/init.d/php5-fpm` or `/etc/init.d/php-7-fpm` are getting translated into `service php5-fpm reload`.
The log files are 'clean' and don't show any problems. The main problem may be the 'reload' as it may not reload the config itself. Restart would be better as a reload may not be that gracefull
## correct behaviour
Switching shouldn't cause a broken connection for PHP-FPM socket.
## environment
Server OS: debian
Server OS version: jessio 8.7
ISPConfig version: 3.1.3
## references
Related bug: https://bugs.php.net/bug.php?id=60961
## solution / improvements
1.) Really keep the the init script and don't manipulate it, so it's users choice if they enter '/etc/init.d/...' or 'service ..."
2.a) Make another option, if changes should call a reload or restart
2.b) If you really need the init script from 1.) make additional fields for command of reload/restart that should be used.
I will try to provide a solution merge, but as time is really rare right now, i'll can't promise.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4946e-mail stats cronjob funktioniert nicht ( https://www.howtoforge.de/forum/thr...2019-07-03T12:02:17ZAndreas Weike-mail stats cronjob funktioniert nicht ( https://www.howtoforge.de/forum/threads/e-mail-konto-datenverkehr-ist-0mb.8806/ )E-Mail traffic wird nicht generiert. Der Fehler ist in /usr/share/ispconfig/server/lib/classes/cron.d/100-mailbox_stats.inc.php.
Im Anhang meine bearbeitete Version zur Prüfung.
Die Zeilen 194 bis 197 und 248 bis 250 sind die Änderungen...E-Mail traffic wird nicht generiert. Der Fehler ist in /usr/share/ispconfig/server/lib/classes/cron.d/100-mailbox_stats.inc.php.
Im Anhang meine bearbeitete Version zur Prüfung.
Die Zeilen 194 bis 197 und 248 bis 250 sind die Änderungen.[100-mailbox_stats.inc.php](/uploads/0ced0a8578cfeff07f3d1914e21dd777/100-mailbox_stats.inc.php)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4965Check amavis directory permissions on CentOS again2019-07-03T12:03:19ZTill BrehmCheck amavis directory permissions on CentOS againhttps://git.ispconfig.org/ispconfig/ispconfig3/issues/4035#note_63168https://git.ispconfig.org/ispconfig/ispconfig3/issues/4035#note_631683.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4972domain in spamfilter_user settings not punicode encoded2019-03-05T15:34:38ZTill Brehmdomain in spamfilter_user settings not punicode encodedWhen a mail domain with spamfilter enabled is saved to the spamfilter_users table, then the punicode filter is not applied correctly.When a mail domain with spamfilter enabled is saved to the spamfilter_users table, then the punicode filter is not applied correctly.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4977stats Folder created even when Statistics set to none2019-03-11T11:37:58ZAlfons L.stats Folder created even when Statistics set to noneOn every Website change in ISPConfig the **stats** Folder is getting created.
When using ownCloud or Nextcloud the Client is not able to do Updates because the Updater does a File Integrity Check first and aborts, because there should n...On every Website change in ISPConfig the **stats** Folder is getting created.
When using ownCloud or Nextcloud the Client is not able to do Updates because the Updater does a File Integrity Check first and aborts, because there should not additional Files/Folders like **stats**.
It would be the best to not create that Folder when "No Statistics" is choosen.
```
Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
Results
=======
- core
- EXTRA_FILE
- stats/.htaccess
Raw output
==========
Array
(
[core] => Array
(
[EXTRA_FILE] => Array
(
[stats/.htaccess] => Array
(
[expected] =>
[current] => 5ef12b8cca40c9c40108f0b770ae77859b302b3011472090ed59be6ba6dbd335d4f53e66cd2089c308c800f4fb25a9b933e4bbc14c64864bd5aa988d5f0b9cba
)
)
)
)
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5007Remove SSL bundle files if present on an apache 2.4 server2019-07-05T14:31:01ZTill BrehmRemove SSL bundle files if present on an apache 2.4 serverhttps://www.howtoforge.com/community/threads/ssl-bundle-break-certificate-order-solved.78718/#post-372854https://www.howtoforge.com/community/threads/ssl-bundle-break-certificate-order-solved.78718/#post-3728543.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5033Renewal of letsencrypt does not restart/reload nginx2019-06-26T13:51:42ZRajko AlbrechtRenewal of letsencrypt does not restart/reload nginx## short description
When renew letsencrypt certificates from domains in nginx service the nginx service will not restart in debian9. So it may happen, that a non valid certificate is send by nginx to clients instead of the newly generat...## short description
When renew letsencrypt certificates from domains in nginx service the nginx service will not restart in debian9. So it may happen, that a non valid certificate is send by nginx to clients instead of the newly generated one.
## correct behaviour
After renew of letsencrypt nginx should be restarted. On a debian stretch with apache as webserver it works.
## environment
Server OS: Debian
Server OS version: Stretch
ISPConfig version: 3.1.11
```
nginx version: nginx/1.10.3
```
Not sure, but I think the problem is in `900-letsencrypt.inc.php` in line 71 - `systemctl force-reload nginx` does not work.
I had not tracked down what is realy send at this point but wouldn't be a `restart` better for nginx?
Bye
Rajko3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5070Firewall > Character not allowed in tcp port definition2019-07-03T10:58:32ZAndreas B.Firewall > Character not allowed in tcp port definition## short description
What is happening and what is wrong with that?
Firewall Open TCP ports limit to 255 chars
## correct behaviour
What should happen instead?
`error message : "Character not allowed in tcp port definition. Allowed cha...## short description
What is happening and what is wrong with that?
Firewall Open TCP ports limit to 255 chars
## correct behaviour
What should happen instead?
`error message : "Character not allowed in tcp port definition. Allowed characters are numbers, ":" and ","."`
## environment
Server OS: Debian
Server OS version: jessie 8.11
ISPConfig version: 3.1.12 (define('ISPC_APP_VERSION', '3.1.12');)
If it might be related to the problem
no more output.
## references
https://www.howtoforge.de/forum/threads/firewall-character-not-allowed-in-tcp-port-definition.11141/#post-55559
## screenshots
![2018-07-03_15_55_14-ISPConfig](/uploads/bb16d9b46431b5ec4f03a0cf0a226de2/2018-07-03_15_55_14-ISPConfig.png)
## log entries
no entries3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5095The update_serial option in _delete functions of API does not work2018-08-20T20:22:58ZTill BrehmThe update_serial option in _delete functions of API does not workhttps://www.howtoforge.com/community/threads/having-some-trouble-with-acme-sh-and-isp-config-api.79616/
Reason: the $params array which is passed to the increase_serial function does not exist in the DNS record _delete() functions.https://www.howtoforge.com/community/threads/having-some-trouble-with-acme-sh-and-isp-config-api.79616/
Reason: the $params array which is passed to the increase_serial function does not exist in the DNS record _delete() functions.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5113PHP error in server config edit form when old PHP versions are used2019-06-26T14:09:13ZTill BrehmPHP error in server config edit form when old PHP versions are usedSee comments in #5063 for details.See comments in #5063 for details.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5115Only partial support for Proxy redirects (inconsistency)2019-07-05T09:52:06ZJimmy ThomsenOnly partial support for Proxy redirects (inconsistency)Please see https://git.ispconfig.org/ispconfig/ispconfig3/issues/4967 (Enable proxy rewrite support [P] for apache servers) - the issue was extracted from a forum post about missing Proxy support for subdomains. Unfortunately Proxy suppo...Please see https://git.ispconfig.org/ispconfig/ispconfig3/issues/4967 (Enable proxy rewrite support [P] for apache servers) - the issue was extracted from a forum post about missing Proxy support for subdomains. Unfortunately Proxy support was added for TLDs only.
![Screen_Shot_2018-08-30_at_21.43.04](/uploads/f01a32aad9d83744c5b6895507132596/Screen_Shot_2018-08-30_at_21.43.04.png)
The fix for TLDs looks super simple (https://git.ispconfig.org/ispconfig/ispconfig3/commit/bb00dc2d90a40a4deaca1a69868cf09b1146bf7e) - in this case it's just a change to the UI:
![Screen_Shot_2018-08-30_at_21.45.08](/uploads/1d9365e4c51d5b1d48fb24a219b8c835/Screen_Shot_2018-08-30_at_21.45.08.png)
Tested with ISPConfig 3.1.133.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5116Cronjob on Jailkit Environment is not executed2019-07-03T12:50:51ZKadek JayakCronjob on Jailkit Environment is not executed## short description
Cronjob is not executed on a jailed environment because the **home** directory is missing or not created
this happen if the website **didn't have Shell-user** but have a Cronjob ( not URL cronjob )
## correct beh...## short description
Cronjob is not executed on a jailed environment because the **home** directory is missing or not created
this happen if the website **didn't have Shell-user** but have a Cronjob ( not URL cronjob )
## correct behaviour
The cronjob should be executed, and it's log is created on the /private directory of jailed environment.
## environment
Server OS: Ubuntu
Server OS version: 18.04 Bionic Beaver
ISPConfig version: 3.1.13 .
## proposed fix
create the home directory manually seems fix the problem.
but i modify scripts on `/usr/local/ispconfig/server/scripts/create_jailkit_user.sh` to check home directory, after that i re-add the cronjob from webpanel
```
### Check if USERHOMEDIR already exists ###
if [ ! -d $CHROOT_HOMEDIR/.$CHROOT_USERHOMEDIR ]; then
mkdir -p $CHROOT_HOMEDIR/.$CHROOT_USERHOMEDIR
chown -R $CHROOT_USERNAME $CHROOT_HOMEDIR/.$CHROOT_USERHOMEDIR
fi
```
[create_jailkit_user.sh](/uploads/41d99f243b5827ca86ef93a94cdc6f26/create_jailkit_user.sh)
## screenshots
Error on auth.log
![Screen_Shot_2018-08-27_at_15.27.49](/uploads/0632067afa073974a2d2310d15f7134b/Screen_Shot_2018-08-27_at_15.27.49.png)
Thank You...3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5128Bug in password strength meter2018-09-17T09:15:14ZTim SerowskiBug in password strength meterThere is a bug in the password strength meter password level identification method in
/interface/lib/classes/validate_password.inc.php
Line 74:
`} else if (length >= 7 && length <=10) {`
Variables start with $.
This could lead to a...There is a bug in the password strength meter password level identification method in
/interface/lib/classes/validate_password.inc.php
Line 74:
`} else if (length >= 7 && length <=10) {`
Variables start with $.
This could lead to a password incorrectly being classified as strength level 4 instead of level 3.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5129Syntax errors in PHP 5.3.32019-06-26T14:06:59ZTill BrehmSyntax errors in PHP 5.3.3There are some syntax errors in PHP 5.3.3 due to lack of new PHP array access function syntax:
https://www.howtoforge.com/community/threads/cant-generate-dkim-and-access-server-config.80015/There are some syntax errors in PHP 5.3.3 due to lack of new PHP array access function syntax:
https://www.howtoforge.com/community/threads/cant-generate-dkim-and-access-server-config.80015/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5146disabled reseller still may login2019-07-05T08:56:41ZTobias Wollowskidisabled reseller still may login## short description
A disables reseller is able to login into ispconfig
## correct behaviour
Login should be disabled
## environment
Server OS: debian
ISPConfig version: 3## short description
A disables reseller is able to login into ispconfig
## correct behaviour
Login should be disabled
## environment
Server OS: debian
ISPConfig version: 33.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5149100-monitor_database_size.inc.php reports always 0 used space2018-10-18T07:48:41ZRoberto Altravia100-monitor_database_size.inc.php reports always 0 used space## short description
On the ISPConfig main page, on database Quota, Used space is always 0kb
If I run /usr/local/ispconfig/server/cron.sh by hand, 100-monitor_database_size.inc.php says:
database c0testdb size does not exceed quota: 262...## short description
On the ISPConfig main page, on database Quota, Used space is always 0kb
If I run /usr/local/ispconfig/server/cron.sh by hand, 100-monitor_database_size.inc.php says:
database c0testdb size does not exceed quota: 26214400 (quota) > 0 (used)
But that's not true. I checked the library and internally it runs a mysql query:
SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='c0testdb';
that if I run manually on mysql it returns correctly about 40MB :
>
> +-------------------------------+
> | SUM(data_length+index_length) |
>
>
> +-------------------------------+| 41324160 |
> +-------------------------------+
>
After some debugging, the problem seems to be in the function getDatabaseSize in file db_mysql.inc.php. It returns always 0
## correct behaviour
The database quota size should be reported on the ISPConfig main page
100-monitor_database_size.inc.php should report correct values
## environment
Server OS: Ubuntu
Server OS version: 14.04.5 LTS Trusty
ISPConfig version: 3.1dev e2465bd7a2d324259c3c1dae00dfca8c2535edcc
apachectl -v
Server version: Apache/2.4.7 (Ubuntu)
Server built: Apr 18 2018 15:36:26
PHP 5.5.9-1ubuntu4.26 (cli) (built: Sep 17 2018 13:46:30)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
with XCache v3.1.0, Copyright (c) 2005-2013, by mOo
with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies
with XCache Optimizer v3.1.0, Copyright (c) 2005-2013, by mOo
with XCache Cacher v3.1.0, Copyright (c) 2005-2013, by mOo
with XCache Coverager v3.1.0, Copyright (c) 2005-2013, by mOo3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5152Move https redirect rule after the LE rule in apache vhost2019-07-04T16:17:13ZTill BrehmMove https redirect rule after the LE rule in apache vhosthttps://www.howtoforge.com/community/threads/redirection-to-https-not-work-for-specific-condition.80284/#post-380545https://www.howtoforge.com/community/threads/redirection-to-https-not-work-for-specific-condition.80284/#post-3805453.1.14