ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-12-23T17:51:14Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5974Provide a way to adapt custom templates on ISPconfig upgrade2020-12-23T17:51:14ZKoSProvide a way to adapt custom templates on ISPconfig upgradeIt would be great if on an ispconfig_update the update procedure would show what changed on the original templates files so that the custom template could easily be adapted with the changes too. Similar like you have when upgrading Debia...It would be great if on an ispconfig_update the update procedure would show what changed on the original templates files so that the custom template could easily be adapted with the changes too. Similar like you have when upgrading Debian packages and you see the differences between your version of the file and the developers version.
See https://www.howtoforge.com/community/threads/autoresponder-start-end-ignored.85929/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5979symlinked pure-ftpd.pem to ispserver.pem not chmod 6002021-03-09T01:29:22ZHj Ahmad Rasyid Hj Ismailsymlinked pure-ftpd.pem to ispserver.pem not chmod 600I finally upgraded Ubuntu 18.04 to 20.04 (nginx) and everything when smooth EXCEPT:
pureftpd-pem that is symlinked to ispserver.pem is not defaulted to 600, as ispserver.pem, as it should be, resulting services relying on it failed.
Th...I finally upgraded Ubuntu 18.04 to 20.04 (nginx) and everything when smooth EXCEPT:
pureftpd-pem that is symlinked to ispserver.pem is not defaulted to 600, as ispserver.pem, as it should be, resulting services relying on it failed.
This is also reported in the forum by someone else: https://www.howtoforge.com/community/threads/monit-and-ispconfig3-2.85509
I am making a MR for it at https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1370 anyway, and open it for further discussions.
Edited and added: Upon auto renewal of LE SSL certs for the server, ispserver.pem regenerated but the permission is not changed to 600. So the issue persisted unless resolved but the issue may not be on ISPConfig installer / updater.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6002Sort fields in debian_postfix.conf.master2021-01-07T11:02:32ZTony GSort fields in debian_postfix.conf.masterThis is a suggestion/request to sort the fields in the postfix main.cf config template - and only those where sorting makes sense.
Example where sorting might not make sense:
- Someone might prefer that the smtp_*_restrictions are sort...This is a suggestion/request to sort the fields in the postfix main.cf config template - and only those where sorting makes sense.
Example where sorting might not make sense:
- Someone might prefer that the smtp_*_restrictions are sorted in order of their application, which is not alphabetical.
In the case of proxy_read_maps, which is an aggregate of other fields, it's still OK to sort this field starting with 'p' before it's included fields, like those starting with 's', because the order of the fields in the file does not matter.
Reasoning:
- It's much easier to find a setting when it's in sorted order.
- As a practical example, it's taken me a long time to work out the delta/diff between the most recent update (3.2.2) and my own settings. If settings are sorted it's much easier to diff tpl, conf-custom, and the main.cf files.
- Related - I have many fields in main.cf that are not in the default template. It's much easier to see if there are related changes in the template if both the tpl and the conf-custom versions are in the same order.
If approved, I'll post a MR with a suggested sorting. This will only include the default tpl fields.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6003tpl debian_postfix.conf.master includes hard-coded /etc/postfix2021-01-08T14:31:18ZTony Gtpl debian_postfix.conf.master includes hard-coded /etc/postfixThe {config_dir} placeholder is used in the debian_postfix.conf.master file, replaced with /etc/postfix in main.cf. There are a couple instances of the literal text `/etc/postfix` in the settings. I have no idea if this would affect any ...The {config_dir} placeholder is used in the debian_postfix.conf.master file, replaced with /etc/postfix in main.cf. There are a couple instances of the literal text `/etc/postfix` in the settings. I have no idea if this would affect any sites. But the file was made configurable for a reason, so I'm noting that this would be an error for a site that relies on a non-default config_dir.
If approved, this can be assigned to me.Tony GTony Ghttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6004private/quota-status is dovecot-only2022-03-01T21:36:41ZJesse Norellprivate/quota-status is dovecot-onlyThe private/quota-status service is always configured (in smtpd_recipient_restrictions), need to remove that if using courier.
https://www.howtoforge.com/community/threads/ispconfig-3-2-with-courier-incoming-mails-are-undelivered.86045/The private/quota-status service is always configured (in smtpd_recipient_restrictions), need to remove that if using courier.
https://www.howtoforge.com/community/threads/ispconfig-3-2-with-courier-incoming-mails-are-undelivered.86045/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6005New feature to create a new tpl and tpl-custom folder?2021-01-20T18:16:14ZHj Ahmad Rasyid Hj IsmailNew feature to create a new tpl and tpl-custom folder?https://www.howtoforge.com/community/threads/new-feature-to-create-a-new-tpl-and-tpl-custom-folder.86053/
This is a mere suggestion which I think could be useful to all users.
What do you all think if ISPConfig 3.2 /tpl/ folder in inst...https://www.howtoforge.com/community/threads/new-feature-to-create-a-new-tpl-and-tpl-custom-folder.86053/
This is a mere suggestion which I think could be useful to all users.
What do you all think if ISPConfig 3.2 /tpl/ folder in installation package is also copied to the ISPConfig directory?
What I had early in my mind is /usr/local/ispconfig/server/conf/tpl/ or /usr/local/ispconfig/server/conf-tpl/. I don't know which one is preferred but I think it is best to copy latest tpl folder to ISPConfig folder for users' customization needs, if any.
I think this is quite easy to implement via ISPConfig installer so if there is any need to customize any of its files, one can copy and move it to /conf-custom/install/ folder, almost like the /conf/ folder itself.
Or may be introduce /usr/local/ispconfig/server/tpl/ and /usr/local/ispconfig/server/tpl-custom/ ?
Your comments, suggestions and feedback are most welcomed.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6006Add config file changes to UI2021-01-09T14:37:56ZTony GAdd config file changes to UIThis is another feature enhancement suggestion that might be easier than others. I'm hoping it can just be added to the pile of such suggestions for consideration.
The feature for adding Apache Directives can be used as a model for /etc...This is another feature enhancement suggestion that might be easier than others. I'm hoping it can just be added to the pile of such suggestions for consideration.
The feature for adding Apache Directives can be used as a model for /etc/postfix/main.cf and /etc/dovecot/dovecot.conf. In System Config>Mail provide a textarea for Additional Postfix Settings, and another for Additional Dovecot Settings. On Save the resulting config files will have a distinctive #! comment to separate these sections from existing settings. Example:
```
#! Set by ISPConfig Template: ...
smtp_helo_timeout = 15s
smtp_mail_timeout = 15s
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
#! ISPConfig Overrides
smtp_mail_timeout = 30s
smtpd_tls_loglevel = 1
smtp_tls_security_level = dane
```
On Save, scan for `^#! ISPConfig Overrides$`, remove anything below it, and insert the new content.
For consistency that pattern can be used for Postfix and Dovecot, but for Dovecot it can be made more elegant: In the tpl config, add the single line `!include conf.d/93-ispconfig.conf` and then create that file. Just replace that file with the UI textarea. At some point if Postfix supports an `include` directive then the same mechanism can be used.
Rather than using postconf for update, for this mechanism just reload Postfix whenever the related textarea changes. An admin using multi-line settings and comments is more free to write the config as they please, for better or worse.
ISPConfig itself could use this same mechanism, where defaults set by install/update are in the config file under comment `#! Set by ISPConfig Template`, updates made through the UI or API are echoed under that with comment `#! Set in ISPConfig` and then under that the manual overrides can follow. This would allow the admin to easily see only fields that are defined with ISPConfig, rather than using postconf or doveconf statements which return all possible settings.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6013SSL ISPConfig Installer / Updater Code May Be Repetitive2021-02-18T15:12:16ZHj Ahmad Rasyid Hj IsmailSSL ISPConfig Installer / Updater Code May Be RepetitiveI have been revisiting ISPConfig installer_base.lib.php as well as install.php and update.php files and I think the code with regards to SSL may be repetitive and most of them, if not all, may be avoided if the SSL request for the server...I have been revisiting ISPConfig installer_base.lib.php as well as install.php and update.php files and I think the code with regards to SSL may be repetitive and most of them, if not all, may be avoided if the SSL request for the server and its services can be made before configure_postfix (include creation of smtpd.cert and smtpd.key) and configure_dovecot (include creation of dhparam file dh.pem).
Reading on dovecot, I think it is not necessary to use ssl-parameters.dat and convert it as dhparam file (dh.pem) even if it is meant for v2.2 as using it was only a mere suggestion to ease creating creating the same but using openssl to issue it should also work as well and pure-ftpd is using one that can be symlinked.
Since symlinks can be made to all of them whether by using self-signed or LE SSL certs or others, if it is possible to rearrange the priority in those files especially install.php and update.php, we may avoid such a repetition and may be make the install / update process a little bit faster?
A thought to be discussed further before any decision could be made.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6023Does not remove dkim_key entry in /etc/amavis/conf.d/60-dkim when Updating Ma...2021-04-12T18:46:05ZCollin MachineDoes not remove dkim_key entry in /etc/amavis/conf.d/60-dkim when Updating Mail Domain and DKIM Record## short description
When updating an existing mail domain (instead of creating a new one, for the purpose of changing primary domains of mailboxex, forwarders and aliases), and updating DKIM record for new domain, the dkim_key entry for...## short description
When updating an existing mail domain (instead of creating a new one, for the purpose of changing primary domains of mailboxex, forwarders and aliases), and updating DKIM record for new domain, the dkim_key entry for the old domain remains in /etc/amavis/conf.d/60-dkim but referenced files in /var/lib/amavis/dkim are removed, so amavis throws an error similar to:
"Error in config file "/etc/amavis/conf.d/60-dkim": Can't open PEM file /var/lib/amavis/dkim/somedomain.com.private: No such file or directory at /usr/sbin/amavisd-new line XXX"
Which results in Amavis failing to start.
## correct behaviour
dkim_key entry should be removed from 60-dkim to prevent nonexistent references and allow amavis to start
## environment
Server OS: Ubuntu
Server OS version: 20.04.1
ISPConfig version: 3.2.2
## log entries
XXX XX XX:XX:XX some.server.hostname amavis[XXXXXXXX]: Error in config file "/etc/amavis/conf.d/60-dkim": Can't open PEM file /var/lib/amavis/dkim/somedomain.com.private: No such file or directory at /usr/sbin/amavisd-new line XXXhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6024change shell user Base Dir creates warning2022-09-25T19:19:23ZJesse Norellchange shell user Base Dir creates warningWhen changing the shell user Base dir, in my case from /var/www/clients/client1/web20 to /var/www/clients/client1/web20/blah, I see this error:
```
21.01.2021-13:08 - DEBUG - Calling function 'update' from plugin 'shelluser_base_plugin' ...When changing the shell user Base dir, in my case from /var/www/clients/client1/web20 to /var/www/clients/client1/web20/blah, I see this error:
```
21.01.2021-13:08 - DEBUG - Calling function 'update' from plugin 'shelluser_base_plugin' raised by event 'shell_user_update'.
21.01.2021-13:08 - DEBUG - Homedir New: /var/www/clients/client1/web20/blah
21.01.2021-13:08 - DEBUG - Homedir Old: /var/www/clients/client1/web20
21.01.2021-13:08 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client1/web20' - return code: 0
PHP Warning: rename(/var/www/clients/client1/web20,/var/www/clients/client1/web20/blah): Invalid argument in /usr/local/ispconfig/server/lib/classes/
system.inc.php on line 894
```
(From https://www.howtoforge.com/community/threads/the-following-changes-are-not-yet-populated-to-all-servers.86171/#post-416503)Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6025adding dns zone should add DKIM records2021-01-22T07:21:01ZJesse Norelladding dns zone should add DKIM recordsWhen adding a DNS zone, if a corresponding mail zone exists with a DKIM record set, that DKIM record should be added to DNS records. (Applies both to the dns wizard and adding a zone manually.)
Background:
Having found that many of our...When adding a DNS zone, if a corresponding mail zone exists with a DKIM record set, that DKIM record should be added to DNS records. (Applies both to the dns wizard and adding a zone manually.)
Background:
Having found that many of our DNS zones to not have DKIM records even though they are configured in the Email domain, the likely reason is the order of adding them - if you add an Email domain first, including a DKIM records, and add the DNS zone second, you will not have any DKIM record created in DNS. Mail will still be signed with the DKIM key, just not verifiable.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6026resync should setup dkim record2021-01-22T07:06:56ZJesse Norellresync should setup dkim recordRelated to #6025, it would be nice if the Resync tool could correct missing DKIM records. The propogation of DKIM record from mail_domain to dns_rr is currently a feature of the user interface, and neither resyncing dns nor resyncing ma...Related to #6025, it would be nice if the Resync tool could correct missing DKIM records. The propogation of DKIM record from mail_domain to dns_rr is currently a feature of the user interface, and neither resyncing dns nor resyncing mail domains will ensure that the DKIM record is setup in dns, you must edit each email domain in the ui (a pain with admin protection, where you must switch to the client, then edit, then switch back....).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6034Configure SSL CA Cert in Dovecot2023-05-03T12:43:56ZTill BrehmConfigure SSL CA Cert in DovecotCurrently, the SSL ca (bundle) SSL cert is not configured in dovecot.conf file. This may lead to connection issues with some older clients. We should add the line:
ssl_ca = </usr/local/ispconfig/interface/ssl/ispserver.bundle
in doveco...Currently, the SSL ca (bundle) SSL cert is not configured in dovecot.conf file. This may lead to connection issues with some older clients. We should add the line:
ssl_ca = </usr/local/ispconfig/interface/ssl/ispserver.bundle
in dovecot.conf, when the file /usr/local/ispconfig/interface/ssl/ispserver.bundle exists on the server.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6043jailkit: xauth error at login2021-02-13T20:40:00ZJesse Norelljailkit: xauth error at loginWhen logging in to a chroot shell user, xauth prints a message showing the non-chroot path (and possibly would not find the correct .Xauthority file?). Mostly harmless, but perhaps an env var (HOME?) could be set earlier before xauth ru...When logging in to a chroot shell user, xauth prints a message showing the non-chroot path (and possibly would not find the correct .Xauthority file?). Mostly harmless, but perhaps an env var (HOME?) could be set earlier before xauth runs, and at least get the correct chrooted path?
```
$ ssh client_user1f@ispc.hoster.tld
kentec_asdf@ispc.hoster.tld's password:
Linux srv-cp 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
/usr/bin/xauth: file /var/www/clients/client1/web2/./home/client_user1/.Xauthority does not exist
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6055Disable client (/admin) protection by default2021-02-11T19:28:58ZThomDisable client (/admin) protection by defaultAny opinions wether this should be enabled by default or not?Any opinions wether this should be enabled by default or not?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6057Can't load DH parameters - Dovecot 2.3.8 (9df20d2db)2021-03-04T14:33:50ZLucas SchatzCan't load DH parameters - Dovecot 2.3.8 (9df20d2db)Hi, after updating Dovecot to 2.3.8 and ISPConfig to latest release (at Centos8), I got this error:
> Feb 12 15:20:54 serverName dovecot[854011]: config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
> Feb 12 15:20:54 serverName dove...Hi, after updating Dovecot to 2.3.8 and ISPConfig to latest release (at Centos8), I got this error:
> Feb 12 15:20:54 serverName dovecot[854011]: config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
> Feb 12 15:20:54 serverName dovecot[854011]: config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
> Feb 12 15:20:54 serverName dovecot[854011]: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=NNN.NNN.NNN.NNN, lip=192.168.1.1, session=<eTJqsie7nQyxg3mB>
> Feb 12 15:20:54 serverName dovecot[854011]: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=NNN.NNN.NNN.NNN, lip=192.168.1.1, session=<eTJqsie7nQyxg3mB>
To fix, I had to do this changes suggested in the logs
Is it interesting to integrate into the installer?
Thankshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6059Added directive to `custom_php_ini` to add fpm pool directives2021-02-14T08:31:34ZKreso PendicAdded directive to `custom_php_ini` to add fpm pool directivesHi, I needed to add directives for php fpm 'OPTIONS' tab -> inside existing php.ini settings textarea:
process.priority
pm.status_path
etc..
and that are fpm pool directives but the issue is that plugin `nginx_plugin.inc.ph...Hi, I needed to add directives for php fpm 'OPTIONS' tab -> inside existing php.ini settings textarea:
process.priority
pm.status_path
etc..
and that are fpm pool directives but the issue is that plugin `nginx_plugin.inc.php` file wrappes it in `php_admin_value[]` so I ended up with solution to prefix line with 'POOL' keyword and escaped ithttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6063problem with mail_user_add api call when missing mohedir and maildir attributes2021-03-04T19:23:17ZJiri Slezkaproblem with mail_user_add api call when missing mohedir and maildir attributes## short description
I am trying add mail user through mail_user_add api call but it behaves strange when I omit some attributes (homedir, maildir).
Mail user dir is created on disk in right place (/var/vmail/example.cz/test) but homedi...## short description
I am trying add mail user through mail_user_add api call but it behaves strange when I omit some attributes (homedir, maildir).
Mail user dir is created on disk in right place (/var/vmail/example.cz/test) but homedir and maildir in db is empty. Also when quota is specified other than 0 (for example 1024MB), every mail is rejected with "Quota exceeded (mailbox for user is full)". .quotausage file is created in right place and it contains
```
priv/quota/messages
6494
priv/quota/storage
1073743931
```
## correct behaviour
homedir and maildir should be generated on ISPConfig side (if missing)
## environment
Server OS: CentOS
Server OS version: CentOS7
ISPConfig version: (3.2.2)
## log entries
maillog
```
Feb 18 09:06:02 server dovecot: lda(test@example.cz): Error: User test@example.cz doesn't have home dir set, disabling duplicate database
Feb 18 09:06:02 server dovecot: lda(test@example.cz): msgid=<20210218080602.616B0249A54@smtp.example.cz>: save failed to INBOX: Quota exceeded (mailbox for user is full)
Feb 18 09:06:02 server dovecot: lda(test@example.cz): msgid=<20210218080602.616B0249A54@smtp.example.cz>: rejected: Quota exceeded (mailbox for user is full)
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6066Enable TLSv1.3 for the panel and apps vhost (nginx)2021-03-07T13:21:47ZThomEnable TLSv1.3 for the panel and apps vhost (nginx)Enable TLSv1.3 if supportedEnable TLSv1.3 if supportedhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6067Add option to disable backup on mirror systems2021-02-22T08:39:24ZTill BrehmAdd option to disable backup on mirror systemsAdd option to disable backup on mirror systems to avoid that web, mail and database backups get written multiple times.Add option to disable backup on mirror systems to avoid that web, mail and database backups get written multiple times.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6073Aliases created by the "Website auto alias" setting are not added to the Lets...2021-03-03T16:43:53ZJudah - MWAliases created by the "Website auto alias" setting are not added to the Lets Encrypt certificate request## Short description
If a value is defined in System > Server Config > Web > Website Auto Alias, it is automatically added as an alias to the site vhost. However it is not added to the LE certificate request.
## Correct behaviour
The a...## Short description
If a value is defined in System > Server Config > Web > Website Auto Alias, it is automatically added as an alias to the site vhost. However it is not added to the LE certificate request.
## Correct behaviour
The auto alias should be part of the certificate request.
(I know some people use auto alias for internal aliases, that would still be fine as the LE check would catch the non-routable alias and discard it.)
## An example
We have `mail.[website_domain]` configured as our auto alias:
![image](/uploads/75f4a0d35fdedf07204a38da6d8c1d28/image.png)
This correctly appears in all _new_ nginx vhosts like so:
```
server_name example.com www.example.com mail.example.com;
```
However it does not get added to the certificate request. Viewing the request in `acme.log` shows it is not included and viewing the certificate afterwards shows this:
```bash
$ openssl x509 -in /var/www/example.com/ssl/example.com-le.crt -text -noout | grep DNS
DNS: example.com, DNS: www.example.com
```
## Environment
Server OS: CentOS 8
ISPConfig version: 3.2.2
Webserver: NGINX
## Proposed fix
Looks like the certificate generation logic is in [server/plugins-available/nginx_plugin.inc.php:1385](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/plugins-available/nginx_plugin.inc.php#L1385)
```php
//* Generate Let's Encrypt SSL certificat
if($data['new']['ssl'] == 'y' && $data['new']['ssl_letsencrypt'] == 'y' && $conf['mirror_server_id'] == 0 && ( // ssl and let's encrypt is active and no mirror server
($data['old']['ssl'] == 'n' || $data['old']['ssl_letsencrypt'] == 'n') // we have new let's encrypt configuration
|| ($data['old']['domain'] != $data['new']['domain']) // we have domain update
|| ($data['old']['subdomain'] != $data['new']['subdomain']) // we have new or update on "auto" subdomain
|| $this->update_letsencrypt == true
)) {
$success = $app->letsencrypt->request_certificates($data, 'nginx');
if($success) {
/* we don't need to store it.
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
$app->db->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET ssl_request = '', ssl_cert = '', ssl_key = '' WHERE domain = ?", $data['new']['domain']);
$app->dbmaster->query("UPDATE web_domain SET ssl_action = '' WHERE domain = ?", $data['new']['domain']);
} else {
$data['new']['ssl_letsencrypt'] = 'n';
if($data['old']['ssl'] == 'n') $data['new']['ssl'] = 'n';
/* Update the DB of the (local) Server */
$app->db->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ? AND `server_id` = ?", $data['new']['ssl'], 'n', $data['new']['domain'], $conf['server_id']);
/* Update also the master-DB of the Server-Farm */
$app->dbmaster->query("UPDATE web_domain SET `ssl` = ?, `ssl_letsencrypt` = ? WHERE `domain` = ?", $data['new']['ssl'], 'n', $data['new']['domain']);
}
}
```
The problem appears to be it simply takes the information straight out of `$data` but the part that deals with the auto alias hasn't been called yet as [it's all the way down on line 1651](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/plugins-available/nginx_plugin.inc.php#L1651):
```php
// get autoalias
$auto_alias = $web_config['website_autoalias'];
if($auto_alias != '') {
// get the client username
$client = $app->db->queryOneRecord("SELECT `username` FROM `client` WHERE `client_id` = ?", $client_id);
$aa_search = array('[client_id]', '[website_id]', '[client_username]', '[website_domain]');
$aa_replace = array($client_id, $data['new']['domain_id'], $client['username'], $data['new']['domain']);
$auto_alias = str_replace($aa_search, $aa_replace, $auto_alias);
unset($client);
unset($aa_search);
unset($aa_replace);
$server_alias[] .= $auto_alias.' ';
}
```
There's not an obvious way to add it to that file, as it just passes the `$data` array off to the letsencrypt library. However we could add it in the LE lib, [maybe after line 365?](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/letsencrypt.inc.php#L365) We'd basically just have to add the above "get auto alias" stuff in there. The only problem with that I can see is if the Apache plugin works differently and is already adding the auto alias, in which case we don't want to duplicate it.
Can anyone confirm if the Apache plugin does that? If not would this method be acceptable?
Thankshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6074Postfix 3.4: TLS SNI Mapping2021-04-27T15:09:13ZColin OgilviePostfix 3.4: TLS SNI Mapping## short description
Postfix 3.4 supports a new feature which enables TLS SNI Mapping to enable each domain to have it's own SSL certificate.
## correct behaviour
It would be good if ISPConfig could support this by default.
## environm...## short description
Postfix 3.4 supports a new feature which enables TLS SNI Mapping to enable each domain to have it's own SSL certificate.
## correct behaviour
It would be good if ISPConfig could support this by default.
## environment
Server OS: Ubuntu
Server OS version: 20.04
ISPConfig version: 3.2.2
## proposed fix
* Allow various options to enable the use of certificates in the domain and include that in the generation of the certificate through LetsEncrypt. This could either be 'mail.domain' or even just domain by default.
* Maintain, or write, the ability to set the `tls_server_sni_maps` variable in Postfix (from SQL if possible)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6078Default server PHP handler used even if client does not have the handler in h...2021-03-01T12:04:34ZThomDefault server PHP handler used even if client does not have the handler in his limitsIf the server's default is FastCGI (or any other mode), and the client creates a web, the default PHP handler is set, even if it is not within the client's limits.If the server's default is FastCGI (or any other mode), and the client creates a web, the default PHP handler is set, even if it is not within the client's limits.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6079Mailboxpassword Encoding not correct2023-08-08T07:21:26ZDominikMailboxpassword Encoding not correct## short description
Setting Mailboxpasswords with some special chars (like e.g. §) doesn't work on Ubuntu/MariaDB. Password is set, but Login isn't possible with web-clients like roundcube - i already discussed this with Florian, but al...## short description
Setting Mailboxpasswords with some special chars (like e.g. §) doesn't work on Ubuntu/MariaDB. Password is set, but Login isn't possible with web-clients like roundcube - i already discussed this with Florian, but also after that, I don't come to a solution or the real reason, why it is, like it is... So maybe somebody out there has the same issue with this setup and might have an idea.
## environment
Server OS: Ubuntu 20.04
ISPConfig version: 3.2.2 (also seen with 3.1.x)
If I change the following in /interface/lib/classes/auth.inc.php, Line 272
```
public function crypt_password($cleartext_password, $charset = 'UTF-8') {
if($charset != 'UTF-8') {
//$cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
}
```
this means removing the mb_convert_encoding
everything works fine!!
additionally if I add this:
```
public function crypt_password($cleartext_password, $charset = 'UTF-8') {
if(($charset != 'UTF-8') && (mb_detect_encoding($cleartext_password) != 'UTF-8)) {
$cleartext_password = mb_convert_encoding($cleartext_password, $charset, 'UTF-8');
}
```
it also works fine!!
this means in my setup encoding IS already UTF-8, and doesn't need a second encoding...
But I don't know, if this is the solution - since the function is explicitly called with parameter $charset='ISO-8859-1'
this happens in file
/interface/lib/classes/tform_base.inc.php
in Line 1373
and I don't understand the Comment that was added there:
```
} elseif(isset($field['encryption']) && $field['encryption'] == 'CRYPTMAIL') {
// The password for the mail system needs to be converted to latin1 before it is hashed.
$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
}
```
so it seems like: nobody looks on the real encoding of the incoming password, but it is "simulated" to ISO-8859-1 and as a consequence it is encoed....
## proposed fix
change this line:
/interface/lib/classes/tform_base.inc.php - Line 1373
```
$entry = stripslashes($record[$key]);
$record[$key] = $app->auth->crypt_password($entry,mb_detect_encoding($entry));
```
## additional comment
What I found to my astonishment
The Problem with wrong encoded password doesn't seem to be a problem for Mailclient Thunderbird. If you access such a double encoded password-mailbox with Thunderbird you find a password-missmatch log-entry in postfix-log, but Thunderbird seems to retry and change some things and always (reproducible) in the third try, Thunderbird can access... But Roundcube for example only tries once and cannot access....
If i change the things above, in both cases login works on the first try...3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6082rspamd white/blacklist using multimap module2022-07-27T01:05:03ZJesse Norellrspamd white/blacklist using multimap moduleNeed to rework the rspamd implementation of white/blacklists to use the multimap module rather than setting want_spam=yes - see notes/comments in https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1411Need to rework the rspamd implementation of white/blacklists to use the multimap module rather than setting want_spam=yes - see notes/comments in https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1411Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6087Apache vhost config invalid when using redirect: proxy and to-https2022-06-17T11:16:13ZPetr MifekApache vhost config invalid when using redirect: proxy and to-https## short description
Using both Redirect Type: proxy and Rewrite HTTP to HTTPS with Apache results in invalid configuration - Apache returns status 500. Site is configured on server with Apache and SSL with Letsencrypt enabled.
## corre...## short description
Using both Redirect Type: proxy and Rewrite HTTP to HTTPS with Apache results in invalid configuration - Apache returns status 500. Site is configured on server with Apache and SSL with Letsencrypt enabled.
## correct behaviour
The request should be handled with a rewrite to HTTPS and then proxied.
```
# Generated (faulting) config snippet (Apache non-ssl part of the config):
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
RewriteRule ^ - [END]
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^/(.*)$ http://1.2.3.4/$1 [proxy]
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^/(.*)$ http://1.2.3.4/$1 [proxy]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
```
```
# Updated (working) config snippet (Apache non-ssl part of the config):
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
RewriteRule ^ - [END]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^/(.*)$ http://1.2.3.4/$1 [proxy]
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^/(.*)$ http://1.2.3.4/$1 [proxy]
```
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.2.2/nightly
## proposed fix
Move the HTTP-to-HTTPS rewrite up just after the acme challenge exemption:
Patch:
```
--- ispconfig/server/conf/vhost.conf.master 2021-03-04 01:17:38.371357346 +0000
+++ ispconfig/server/conf/vhost.conf.master.fix_tossl_and_proxy 2021-03-04 01:16:47.113325799 +0000
@@ -493,6 +493,15 @@
RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
RewriteRule ^ - [END]
</tmpl_if>
+<tmpl_if name='ssl_enabled'>
+<tmpl_else>
+<tmpl_if name='rewrite_to_https' op='==' value='y'>
+ RewriteCond %{HTTPS} off
+ <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+</tmpl_if>
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
+</tmpl_if>
+</tmpl_if>
<tmpl_if name='seo_redirect_enabled'>
RewriteCond %{HTTP_HOST} <tmpl_var name='seo_redirect_operator'>^<tmpl_var name='seo_redirect_origin_domain'>$ [NC]
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
@@ -521,15 +530,6 @@
RewriteRule ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'>
</tmpl_loop>
-<tmpl_if name='ssl_enabled'>
-<tmpl_else>
-<tmpl_if name='rewrite_to_https' op='==' value='y'>
- RewriteCond %{HTTPS} off
- <tmpl_if name='apache_version' op='<' value='2.4' format='version'>RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
-</tmpl_if>
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE]
-</tmpl_if>
-</tmpl_if>
</tmpl_if>
# add support for apache mpm_itk
```
## screenshots
![ApacheRedirProxyAndHttpsResultsInStatus500](/uploads/578e36743df07352654ae7c2d349250c/ApacheRedirProxyAndHttpsResultsInStatus500.jpg)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6092Add Nagios check for ISPconfig2022-05-24T12:28:13ZHelmoAdd Nagios check for ISPconfigThe monitor page in ISPconfig has a nice overview of the system status, but I would like to be alerted when something changes.
In my setup I have Icinga for that, which is Nagios compatible.
I created a Nagios compatible script to expor...The monitor page in ISPconfig has a nice overview of the system status, but I would like to be alerted when something changes.
In my setup I have Icinga for that, which is Nagios compatible.
I created a Nagios compatible script to export data from the monitor page.
It outputs a single line like: `WARNING: (ok: 12, info: system_update, warning: sys_log)`
Usage:
In an NRPE compatible config file:
`command[check_ispconfig]=/usr/bin/sudo /usr/local/ispconfig/server/check_ispconfig.php`
/etc/sudoers.d/ispconfig:
```
Cmnd_Alias CHECK_ISPCONFIG = /usr/local/ispconfig/server/check_ispconfig.php
nagios ALL = NOPASSWD : CHECK_ISPCONFIG
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6093Monitor MX records2022-12-27T22:35:12ZHelmoMonitor MX recordsWhen a domain moves to an external mail provider it's important to de-activate or remove the mail domain from ispconfig.
When forgotten this can lead to mails not being delivered.
I've written a perl script to check this in the past and...When a domain moves to an external mail provider it's important to de-activate or remove the mail domain from ispconfig.
When forgotten this can lead to mails not being delivered.
I've written a perl script to check this in the past and now ported that to ispconfig.
It resolves the server name and checks that the MX record for a mail_domain matches one of those IP's. Extra IP's can be added via `$mail_config['additional_smtp_ips']`
On one of my systems I use an extra IP for incomming smtp, so there I had to override the server hostname. There I've put in a `$mail_config['hostname'] = '...'; line in onRunJob() for now. I don't think we have a field for that and it's probably not worth creating it for just me. But I'm open to suggestions.
TODO
- [x] String updates?
- [x] Maybe some layout?
- [x] UI for $mail_config['additional_smtp_ips'] and `$mail_config['additional_smtp_hostnames']`?
- [x] Maybe remove the $app->log warning lines as it might a bit redundant
- [x] translation files
Anyway, feedback welcome.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6095change of jailkit default/site section addition/override and location2021-03-11T10:08:01Zleechange of jailkit default/site section addition/override and locationit's not particularly clear when looking at the jailkit settings on a website options page if any settings configured there are in addition to the default server jailkit settings, or completely override them, so only sections in the site...it's not particularly clear when looking at the jailkit settings on a website options page if any settings configured there are in addition to the default server jailkit settings, or completely override them, so only sections in the site settings get applied.
it's current location also means that admin intervention is required whenever a client wants a particular application added to their site's jailkit, either to add the section to their sites jailkit settings (or to remove it at a later date), or to add the application to the servers jailkit settings so everyone gets the additional application whether they want it or not.
it may be a better option to move the site's jailkit settings to the ssh account creation/settings page, and have additional sections made available for selection by the client user, just like apache or php directives are.
discussion on howtoforge forum: https://www.howtoforge.com/community/threads/quick-question-about-website-jailkit-options.86557/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6101Discussion: Simplify the UI for end users2022-06-18T14:34:09ZThomDiscussion: Simplify the UI for end usersI just went through the UI to see which things could be confusing for novice clients, and which could be a reason for ISPs not to use ISPConfig. Some things could be hidden for all clients, some only when a specific setting is set in the...I just went through the UI to see which things could be confusing for novice clients, and which could be a reason for ISPs not to use ISPConfig. Some things could be hidden for all clients, some only when a specific setting is set in the main config or client limits.
## Sites
* Website vs subdomain -> some clients will add a subdomain "different.example.com" for a completely different site than the main web, maybe we could rephrase this, or add some explanation to the tab what adding a subdomain does?
* Read-only database user -> Maybe we can add a global option to enable/disable this, or put it within client limits?
* Order of Databases and database users -> Maybe we should put database users first, as this is the first thing you have to create, or allow the creation of a DB user when creating the DB itself?
## Email
* I think it would be good to switch the order of email mailbox and domain, or at least set mailbox as default tab, as this tab is the most used.
* It would be good to add global settings and/or client limits for the following buttons on the mailbox form:
* Copy during delivery
* Spampolicy (inherited from domain by default) (we might hide this on the domain form aswell and let the admin set a default policy)
* Enable receiving
* Disable sending
* Disable (local) delivering
* Enable greylisting
* Disable IMAP
* Disable POP3
## DNS
* #5490
* Almost all the zone settings could be hidden:
* NS
* Email
* Refresh
* Retry
* Expire
* Minimum (negative cache ttl)
* TTL
* Allow zone transfers to these IPs (comma separated list) (as client limit)
* Also Notify (as client limit)
* Serial
This issue is to discuss this - it's not necessarily a feature request.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6104Creating DNS secondary zone fails if name has ÅÄÖ characters and name without...2022-06-17T12:51:22ZTapio LehtonenCreating DNS secondary zone fails if name has ÅÄÖ characters and name without umlauts exists## short description
Trying to create DNS secondary zone for a zone where zone name has non ASCII characters fails. Looks like if there is zone name with Ö replaced by O or Ä replaced by A adding fails with error
There is already a reco...## short description
Trying to create DNS secondary zone for a zone where zone name has non ASCII characters fails. Looks like if there is zone name with Ö replaced by O or Ä replaced by A adding fails with error
There is already a record for this zone.
## correct behaviour
It should work so also those zones get secondary.
Example: I have primary zone hääyöaie.fi. Adding secondary for that works.
I remove the secondary zone, create new primary zone haayoaie.fi, create secondary zone fo haayoaie.fi. Now creating secondary zone for hääyöaie.fi fails with error "There is already a record for this zone."
How to work around the bug: Create the secondary zone where name has ÅÄÖ characters first. Then adding secondary zone with umlauts removed works.
I'm guessing ISPConfig checks for existing secondary zone by removing umlauts. It does not add umlauts when checking so changing order of creating secondary zones helps
## environment
root@posti:~# cat /etc/debian_version
10.8
ISPConfig 3.2.2
If it might be related to the problem
```
insert the output of `nginx -v` or `apachectl -v` here
root@posti:~# apachectl -v
Server version: Apache/2.4.38 (Debian)
Server built: 2020-08-25T20:08:29
```
```
insert the output of `php -v` here
root@posti:~# php -v
PHP 7.3.27-9+0~20210227.82+debian10~1.gbpa4a3d6 (cli) (built: Feb 27 2021 15:50:50) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.27, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.27-9+0~20210227.82+debian10~1.gbpa4a3d6, Copyright (c) 1999-2018, by Zend Technologies
root@posti:~#
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6110Improve dns records list2021-03-16T10:19:21ZHelmoImprove dns records listThe type, aux and ttl columns take too much space in the DNS records listing.
The patch below is more of a quick fix until a more comprehensive solution like #5490 gets done.
It reduces the width of these columns ... Which should pro...The type, aux and ttl columns take too much space in the DNS records listing.
The patch below is more of a quick fix until a more comprehensive solution like #5490 gets done.
It reduces the width of these columns ... Which should probably be done via CSS, that's why this is not a MR. Someone else is probably better at finding the proper selector and place for it.
```patch
diff --git a/interface/web/dns/templates/dns_a_list.htm b/interface/web/dns/templates/dns_a_list.htm
index 4d0f3b2b2..a7b94fc96 100755
--- a/interface/web/dns/templates/dns_a_list.htm
+++ b/interface/web/dns/templates/dns_a_list.htm
@@ -58,11 +58,11 @@
<thead class="dark form-group-sm">
<tr>
<th class="tiny-col" data-column="active"><tmpl_var name="active_txt"></th>
- <th data-column="type"><tmpl_var name="type_txt"></th>
+ <th data-column="type" style="width: 12%;"><tmpl_var name="type_txt"></th>
<th data-column="name"><tmpl_var name="name_txt"></th>
<th data-column="data"><tmpl_var name="data_txt"></th>
- <th data-column="aux"><tmpl_var name="aux_txt"></th>
- <th data-column="ttl"><tmpl_var name="ttl_txt"></th>
+ <th data-column="aux" style="width: 8%;"><tmpl_var name="aux_txt"></th>
+ <th data-column="ttl" style="width: 8%;"><tmpl_var name="ttl_txt"></th>
<th class="small-col text-right">{tmpl_var name='search_limit'}</th>
</tr>
<tr>
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6112use placeholders for the firewall2021-03-21T09:00:44ZFlorian Schaaluse placeholders for the firewallhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6116PHPMyAdmin not working when chrooted PHP-FPM is enabled2021-04-17T14:15:11ZThomPHPMyAdmin not working when chrooted PHP-FPM is enabledIt will give a error "File not found", but other files from the PMA folder can be opened.
https://www.howtoforge.com/community/threads/how-is-pma-supposed-to-be-setup-on-a-slave.86629/page-2#post-420195It will give a error "File not found", but other files from the PMA folder can be opened.
https://www.howtoforge.com/community/threads/how-is-pma-supposed-to-be-setup-on-a-slave.86629/page-2#post-420195https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6122add smtp error detection/logging to ispcmail class2021-03-23T21:54:28ZJesse Norelladd smtp error detection/logging to ispcmail classWhen smtp errors happen inside the ispcmail class, they are never recorded or reported to anyone, making it harder to troubleshoot mail problems, we should log these and possibly provide a means to report to the caller (when calling send...When smtp errors happen inside the ispcmail class, they are never recorded or reported to anyone, making it harder to troubleshoot mail problems, we should log these and possibly provide a means to report to the caller (when calling send()).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6125cp user passwords mishandled2022-03-17T23:03:22ZJesse Norellcp user passwords mishandledI generated a random password and change the 'admin' password via System > CP Users, and afterwards could not login with the new password. (I did verify the sys_user.passwort value changed.) The password was: 'u^iv9nbV(SU\KE[gj I te...I generated a random password and change the 'admin' password via System > CP Users, and afterwards could not login with the new password. (I did verify the sys_user.passwort value changed.) The password was: 'u^iv9nbV(SU\KE[gj I tested the same procedure with a simpler alphanumeric password and I was able to login, so the UI is mishandling the password when saving it.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6126Add mail_plugins to separate dovecot config file which is included earlier2021-05-21T12:35:34ZThomAdd mail_plugins to separate dovecot config file which is included earlierUpdate: mail_plugins (and postmaster address?) are refered to in the service blocks from the ISPConfig template. A script should grab them from the conf-custom file, comment them out in the `99-ispconfig-custom-config.conf` file and add ...Update: mail_plugins (and postmaster address?) are refered to in the service blocks from the ISPConfig template. A script should grab them from the conf-custom file, comment them out in the `99-ispconfig-custom-config.conf` file and add them to a new file `98-ispconfig-custom-config.conf` or something like that. This file should be included in the ISPConfig template before the service blocks.
~~I am now looking to the code of !1459 - This will break the implementation~~
~~Because it is included earlier, values after it will override the custom config, but the custom config should override the config in dovecot.conf ofcourse.
I tested the order before the original MR.~~
~~$mail_plugins should be added, that's good!~~https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6129spam scanning: default to add header2021-03-26T20:05:15ZJesse Norellspam scanning: default to add headerCurrently spamfilter policies default to changing the subject, which breaks DKIM signatures, we should change the default behavior to adding a header. (Would affect mail that is scanned by ISPConfig then forwarded to another server/acco...Currently spamfilter policies default to changing the subject, which breaks DKIM signatures, we should change the default behavior to adding a header. (Would affect mail that is scanned by ISPConfig then forwarded to another server/account.)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6131rspamd: allow mismatch hdrfrom/username2021-03-29T15:41:45ZJesse Norellrspamd: allow mismatch hdrfrom/usernameI propose we set `allow_hdrfrom_mismatch = true;` and `allow_username_mismatch = true;' in `/etc/rspamd/local.d/dkim_signing.conf` if reject_sender_login_mismatch is in use.
https://www.howtoforge.com/community/threads/rspamd-not-signi...I propose we set `allow_hdrfrom_mismatch = true;` and `allow_username_mismatch = true;' in `/etc/rspamd/local.d/dkim_signing.conf` if reject_sender_login_mismatch is in use.
https://www.howtoforge.com/community/threads/rspamd-not-signing-email-alias-with-dkim.86690/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6132dns: better cname checks2022-05-09T17:33:41ZJesse Norelldns: better cname checksNeed to implement more/better checking for CNAME records to prevent invalid records. Eg. not long ago someone reported an issue which was caused by creating CAA records for a hostname which had a CNAME records. Just now I created a CNA...Need to implement more/better checking for CNAME records to prevent invalid records. Eg. not long ago someone reported an issue which was caused by creating CAA records for a hostname which had a CNAME records. Just now I created a CNAME record for a hostname which already had a TXT record, which is invalid. We should look up the exact set of what is allowed to be present with CNAME and only allow those.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6143postfix: custom reject message2022-03-04T23:44:23ZJesse Norellpostfix: custom reject messageAdd a field for custom reject message to postfix blacklist entries.Add a field for custom reject message to postfix blacklist entries.Planned featuresJesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6150rspamd greylisting2022-06-17T12:51:14ZJesse Norellrspamd greylistingNot sure if this is a bug or feature request, but currently when using rspamd, the greylisting setting of the users' spamfilter policy is not respected, if the "Enable greylisting" checkbox is disabled, then greylisting within rspamd is ...Not sure if this is a bug or feature request, but currently when using rspamd, the greylisting setting of the users' spamfilter policy is not respected, if the "Enable greylisting" checkbox is disabled, then greylisting within rspamd is explicitly disabled as well; if "Enable greylisting" is enabled, things are setup correctly in rspamd settings, but also postgrey is set to always greylist, which is not what I want. I want to use rpsamd's greylisting at the policy specified threshold, and not greylist everything via postgrey.
I can see a use case/expectations case for the current behavior as well, ie. "Enable greylisting" is not checked, you might expect it to be disabled in rspamd even if the selected policy specifies it should be used.
2 solutions come to mind, I'd probably favor #2 unless #1 is pretty unanimously agreed to be the correct behavior:
1) Change the wording of "Enable greylisting" to something more like "Always greylist" ("Force enable greylisting" ?), and have the checkbox only control the use of postgrey (so rspamd's policy settings (greylist level) are always used).
2) Add a server config setting to allow the admin to choose whether the "Enable greylisting" button should override the spamfilter policy or not.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6151Make default DNS template selectable in user limits2021-04-17T20:07:02ZDannyMake default DNS template selectable in user limitsMake default DNS template to be a choice in user/reseller limits or even make it selectable which templates they will see. This will make sure clients/resellers uses the correct template. Now i have clients that uses my default which is ...Make default DNS template to be a choice in user/reseller limits or even make it selectable which templates they will see. This will make sure clients/resellers uses the correct template. Now i have clients that uses my default which is not ment for them to use.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6152Config for protected folders in Apache should be done in vhost file2021-04-17T20:07:26ZJohannesConfig for protected folders in Apache should be done in vhost fileCurrently a .htaccess file is used to realize folder protection which is not recommended (https://httpd.apache.org/docs/2.4/howto/htaccess.html#when). This should be done directly in the vhost file with an additional `<directory>` direct...Currently a .htaccess file is used to realize folder protection which is not recommended (https://httpd.apache.org/docs/2.4/howto/htaccess.html#when). This should be done directly in the vhost file with an additional `<directory>` directive. The .htpasswd file could go for example to `/var/www/.../private` and not be accessible via web even if the user makes a strange config (or stay where it is).
(Background is that I had a user who set the option "Apache AllowOverride=none" for performance reasons without realizing that this disables the password protection)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6153Make firewall config more userfriendly2021-04-17T20:06:46ZJohannesMake firewall config more userfriendlyCurrently there is just one line each to open ports for UDP and TCP, respectively. Each port has to be added in a comma-separated list. I would like to have something like a sorted table of ports where I can choose tcp/upd and add a comm...Currently there is just one line each to open ports for UDP and TCP, respectively. Each port has to be added in a comma-separated list. I would like to have something like a sorted table of ports where I can choose tcp/upd and add a comment.
For example:
| Port | TCP | UDP | Comment |
| ------ | ------ | ------ | ------ |
| 22 | x | | SSH |
| 8080 | x | | IspConfig Interface |
| 9987 | | x | Teamspeak3 |
| 30033 | x | x | Teamspeak3 |
| 54321 | x | | Custom Python server for User xyz|
...https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6154Extra single quote when creating wildcart certs in SSL tab2023-09-16T14:46:24ZHj Ahmad Rasyid Hj IsmailExtra single quote when creating wildcart certs in SSL tab## Summary
Wildcard subdomain created certs has single quotes in uts filename instead of not having it.
## Steps to reproduce
1. Go to Sites tab
1. Click on any website e.g. domain.tld
1. Select its SSL tab
1. Select \*.domain.tld
1. ...## Summary
Wildcard subdomain created certs has single quotes in uts filename instead of not having it.
## Steps to reproduce
1. Go to Sites tab
1. Click on any website e.g. domain.tld
1. Select its SSL tab
1. Select \*.domain.tld
1. Create SSL
1. Certs created in ssl folder but with single quote in its file name e.g. '\*.domain.tld.ext'
## Correct behaviour
The files' name should just be \*.domain.tld.ext (without any quotes) instead of '\*.domain.tld.ext' (with single quotes)
## Environment
Server OS + version: Ubuntu 20.04 ISPConfig version: 3.2.4https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6159Add support for CentOS Stream to OS detection code2022-09-06T09:13:54ZTill BrehmAdd support for CentOS Stream to OS detection code
https://www.howtoforge.com/community/threads/centos8-amavis-and-clamd-scan-not-point-to-same-sock-file.86819/#post-421711
https://www.howtoforge.com/community/threads/centos8-amavis-and-clamd-scan-not-point-to-same-sock-file.86819/#post-421711https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6161php-fpm wrong sock file creation and configuration2021-10-10T16:01:12ZFco. David Ferraes Feriaphp-fpm wrong sock file creation and configurationIn a multiple php-fpm version setup, when you change from one version to another the webXX.sock and the vhost configuration has incorrect paths of the new php-fpm-sock directory.
To reproduce this behaviour yo need:
1. Multiple php-fp...In a multiple php-fpm version setup, when you change from one version to another the webXX.sock and the vhost configuration has incorrect paths of the new php-fpm-sock directory.
To reproduce this behaviour yo need:
1. Multiple php-fpm versions configured for example:
PHP-FPM 7.0
Path to the PHP-FPM init script: /etc/init.d/php7.0-fpm
Path to the php.ini directory: /etc/php/7.0/fpm/php.ini
Path to the PHP-FPM pool directory: /etc/php/7.0/fpm/pool.d/
PHP-FPM socket directory: /var/lib/php7.0-fpm/
PHP-FPM 7.4
Path to the PHP-FPM init script: /etc/init.d/php7.4-fpm
Path to the php.ini directory: /etc/php/7.4/fpm/php.ini
Path to the PHP-FPM pool directory: /etc/php/7.4/fpm/pool.d/
PHP-FPM socket directory: /var/lib/php7.4-fpm/
2. Select a different version of php-fpm on vhost configuration
3. The webxx.sock was created in the right place.
/etc/php/7.0/fpm/pool.d# ls -l
total 28
-rw-r--r-- 1 root root 1013 abr 27 14:23 web6.conf
4. But the contents was wrong
[web6]
listen = /var/lib/php7.4-fpm/web6.sock
listen.owner = web6
listen.group = www-data
listen.mode = 0660
...
5. The sock was created according this configuration
/etc/php/7.0/fpm/pool.d# ls -l /var/lib/php7.4-fpm/web6.sock
srw-rw---- 1 web6 www-data 0 abr 27 12:59 /var/lib/php7.4-fpm/web6.sock
6. And the vhost has the same error:
/etc/apache2/sites-available# grep FastCgiExternalServer xxxxxxxx.net.vhost
FastCgiExternalServer /var/www/clients/client3/web6/cgi-bin/php-fcgi-*-80-xxxxxxx.net -idle-timeout 300 -socket /var/lib/php7.4-fpm/web6.sock -pass-header Authorization -pass-header Content-Type
FastCgiExternalServer /var/www/clients/client3/web6/cgi-bin/php-fcgi-*-443-xxxxxxx.net -idle-timeout 300 -socket /var/lib/php7.4-fpm/web6.sock -pass-header Authorization -pass-header Content-Type
7. But the php versión is ok
PHP Version 7.0.33-47+ubuntu20.04.1+deb.sury.org+1
System Linux vsweb01 5.11.16-arch1-1 #1 SMP PREEMPT Wed, 21 Apr 2021 17:22:13 +0000 x86_64
Build Date Feb 23 2021 15:04:06
Server API FPM/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php/7.0/fpm
Loaded Configuration File /etc/php/7.0/fpm/php.ini
Scan this dir for additional .ini files /etc/php/7.0/fpm/conf.d
...
open_basedir /var/www/clients/client3/web6/web:/var/www/clients/client3/web6/private:/var/www/clients/client3/web6/tmp:/var/www/recupera.net/web:/srv/www/recupera.net/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom
8. In the creation of the vhost no error was reported:
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: chattr -i '/var/www/clients/client3/web6' - return code: 0
mar 27 abr 2021 14:23:01 CDT chattr: Operation not permitted while setting flags on /var/www/clients/client3/web6
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client3/web6' - return code: 1
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: df -T '/var/www/clients/client3/web6'|awk 'END{print $2,$NF}' - return code: 0
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: which 'setquota' 2> /dev/null - return code: 0
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: setquota -u 'web6' '0' '0' 0 0 -a &> /dev/null - return code: 0
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: setquota -T -u 'web6' 604800 604800 -a &> /dev/null - return code: 0
mar 27 abr 2021 14:23:01 CDT chattr: Operation not permitted while setting flags on /var/www/clients/client3/web6
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: chattr +i '/var/www/clients/client3/web6' - return code: 1
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - Enable SSL for: recupera.net
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/recupera.net.vhost
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - Creating symlink: /etc/apache2/sites-enabled/100-recupera.net.vhost->/etc/apache2/sites-available/recupera.net.vhost
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - Created GoAccess config file: /var/www/clients/client3/web6/log/goaccess.conf
mar 27 abr 2021 14:23:01 CDT 27.04.2021-19:23 - DEBUG - safe_exec cmd: which 'apache2ctl' 2> /dev/null - return code: 0
mar 27 abr 2021 14:23:02 CDT 27.04.2021-19:23 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.0/fpm/pool.d/web6.conf
mar 27 abr 2021 14:23:03 CDT 27.04.2021-19:23 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
mar 27 abr 2021 14:23:03 CDT 27.04.2021-19:23 - DEBUG - Restarting php-fpm: systemctl reload php7.0-fpm.service
mar 27 abr 2021 14:23:03 CDT 27.04.2021-19:23 - DEBUG - Apache status is: running
mar 27 abr 2021 14:23:03 CDT 27.04.2021-19:23 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
mar 27 abr 2021 14:23:03 CDT 27.04.2021-19:23 - DEBUG - Restarting httpd: systemctl restart apache2.service
mar 27 abr 2021 14:23:03 CDT 27.04.2021-19:23 - DEBUG - Apache restart return value is: 0
mar 27 abr 2021 14:23:05 CDT 27.04.2021-19:23 - DEBUG - Apache online status after restart is: running
mar 27 abr 2021 14:23:05 CDT 27.04.2021-19:23 - DEBUG - Processed datalog_id 97
The correct behaviour is:
1. The webxxx.sock file will be created on the right PHP-FPM socket directory.
2. In the vhost configuration, the parameter FastCgiExternalServer and all other parameters related to php-fpm configuration will be pointed to the right webxxx.sock configuration.
No problem was detected with this configuration, the correct version of php-fpm selected was working but this get some confusion.
My environment is:
Server OS + version: Ubuntu 20.04
ISPConfig version: 3.2.4
Thanks in advance.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6164Make IPv6 address inselectable when * is set for IPv4 address for vhost.2021-05-12T12:55:06ZThomMake IPv6 address inselectable when * is set for IPv4 address for vhost.<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
When creating a new site and selecting "*" for IPv4 address, you can still select a IPv6 address. This option should be blurred out (and set to none), and maybe we should show a text like "Vhost is listening on all server addresses" to the IPv6 field.
## References
https://www.howtoforge.com/community/threads/2-ipv6-addresses-which-one.86944/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6166private/cron.log, private/cron_error.log are rotated multiple times2023-12-25T13:43:49Zlennartprivate/cron.log, private/cron_error.log are rotated multiple times<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
Users cron log files private/cron.log, private/cron_error.log, are rotated multiple times every night if there are multiple records in table web_domain of type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias'.
## Steps to reproduce
1. [First step]
2. [Second step]
3. [and so on...]
see [https://www.howtoforge.com/community/threads/many-user-cron-log-files.86937/#post-422325](https://www.howtoforge.com/community/threads/many-user-cron-log-files.86937/#post-422325)
## Correct behaviour
<!-- What should happen instead? -->
private/cron.log, private/cron_error.log should be rotated only once every night.
## Environment
Server OS + version: (Debian 10/Ubuntu 20.04/CentOS 8/...) \
ISPConfig version: (3.1.15p3/3.2.3/3.2dev/...)
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
```
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
define('ISPC_APP_VERSION', '3.2.4');
$conf['app_version'] = ISPC_APP_VERSION;
Server version: Apache/2.4.38 (Debian)
Server built: 2020-08-25T20:08:29
PHP 7.3.28-1+0~20210503.84+debian10~1.gbp6819da (cli) (built: May 3 2021 11:59:15) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.28, Copyright (c) 1998-2018 Zend Technologies
with the ionCube PHP Loader + ionCube24 v10.4.5, Copyright (c) 2002-2020, by ionCube Ltd.
with Zend OPcache v7.3.28-1+0~20210503.84+debian10~1.gbp6819da, Copyright (c) 1999-2018, by Zend Technologies
```
## Proposed fix
optional, of course.
if you want to post code snippets, please use
```
*** 200-logfiles.inc-orig-324.php 2021-05-09 14:47:49.000000000 +0200
--- 200-logfiles.inc.php 2021-05-09 15:25:34.000000000 +0200
***************
*** 71,76 ****
--- 71,79 ----
$sql = "SELECT domain_id, domain, type, document_root, web_folder, parent_domain_id, log_retention FROM web_domain WHERE (type = 'vhost' or type = 'vhostsubdomain' or type = 'vhostalias') AND server_id = ?";
$records = $app->db->queryAllRecords($sql, $conf['server_id']);
+ // ikasp
+ // rotate user cron files once
+ $cron_logfile_rotated = [];
foreach($records as $rec) {
//* create traffic statistics based on yesterdays access log file
***************
*** 126,131 ****
--- 129,139 ----
foreach($cron_logfiles as $cron_logfile) {
$cron_logfile = $rec['document_root'].'/private/' . $cron_logfile;
+ // ikasp
+ // check if already rotated
+ if (isset($cron_logfile_rotated[$cron_logfile]) and $cron_logfile_rotated[$cron_logfile]) continue;
+ $cron_logfile_rotated[$cron_logfile] = true;
+
// rename older files (move up by one)
$num = $log_retention;
while($num >= 1) {
```
or attach a code file. Best is to create a merge request of course.
## References
if you know of related bugs or feature requests, please reference them by using `#<issuenumber>`, e. g. #6105
if you have done a merge request already, please reference it by using `!<mergenumber>`, e. g. !1444
if you know of a forum post on howtoforge.com that deals with this topic, just add the link to the forum topic here
## Screenshots
optional, of course.
Add screenshots of the problem by clicking "Attach a file" on the bottom right.
## Related log entrieshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6169Generalised 3rd party service integration (to support Cloudflare DNS)2022-10-02T09:23:50ZJudah - MWGeneralised 3rd party service integration (to support Cloudflare DNS)Details
=======
Hi all, we would like to integrate Cloudflare (DNS specifically) with ISPConfig so that ISPC can be the master source of truth for DNS (and still continue to run named) but can keep separate CF DNS accounts in sync with ...Details
=======
Hi all, we would like to integrate Cloudflare (DNS specifically) with ISPConfig so that ISPC can be the master source of truth for DNS (and still continue to run named) but can keep separate CF DNS accounts in sync with DNS changes. At the moment we have to make DNS changes twice, once in ISPC and then replicated to CF which is slow and error prone.
In doing some research for this oft-requested feature we found this open feature request: #4846 and [this HowToForge thread.](https://www.howtoforge.com/community/threads/dns-cloudflare-sync.84504/)
At the bottom of that HowToForge thread, @jnorell suggests generalising the system so it is provider agnostic and can then work with multiple DNS providers, which makes a lot of sense to me. It could even be generalised further so that it isn't just limited to linking DNS with external systems but also potentially websites with CDNs, etc.
So I guess I'd like to know: does that sound like something that fits nicely into ISPC? If I started on it would it be something you'd accept as a contribution? Do you have any guidance on the design/implementation? Are there any other ongoing efforts to do something similar I could take part in?
Finally, what would be preferable:
1. A Cloudflare specific integration.
2. A DNS specific integration (but 3rd party API agnostic, like Jesse suggested.)
3. A completely general 3rd party framework (not limited to DNS.)
How it could work
=================
Server
------
- Server plugin for 3rd parties which imports 3rd party specific libraries.
- Server library for Cloudflare imported as above which registers the right event listeners.
- New DB table `third_party_connection` used by the plugin to store generic 3rd party connections.
Interface
---------
- New tab in Settings > Server config > called "3rd party connections" where the administrator can provide Cloudflare Reseller credentials, they are stored in the generic `third_party_connection` database as type `cloudflare_reseller`.
- New limits in limit template to enable 3rd party access for clients.
- New tab on DNS zone "External DNS" with dropdown menu to select a 3rd party integration, then option to supply email/API key and even a "New account" button if reseller credentials are installed on server. (Creds also stored in `third_party_connection` table.
- New tab on DNS record "External DNS", allowing setting specific settings such as Cloudflare proxy status. (Where would that info be stored? Tricky. Extend the DNS record table to include a new column `third_party_data` (to keep it general)? Or a new table `third_party_data` to store all extra data?)
I'd appreciate your feedback on the approach before I start to see if I'm barking up the wrong tree, and also to see if anyone would like to help.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6170Always log a warning/error when LE + SSL is disabled because of a failure2021-05-20T19:16:21ZThomAlways log a warning/error when LE + SSL is disabled because of a failureCurrently, a warning is logged if the Let's Encrypt check is enabled (default behaviour) and it couldn't create the cert. But when there is a setting roll back, it is not logged. See the discussion on #5042Currently, a warning is logged if the Let's Encrypt check is enabled (default behaviour) and it couldn't create the cert. But when there is a setting roll back, it is not logged. See the discussion on #5042https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6171rspamd config errors (harmless) during install2021-06-20T18:53:47ZJesse Norellrspamd config errors (harmless) during installI have a server running amavis, which I'm updating prior to converting to rspamd, however rspamd is installed - during ispconfig update some (harmless) errors showed configuring rspamd, probably due to my current install/config state, bu...I have a server running amavis, which I'm updating prior to converting to rspamd, however rspamd is installed - during ispconfig update some (harmless) errors showed configuring rspamd, probably due to my current install/config state, but can easily be hidden or avoided:
```
Configuring Postfix
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Rspamd
chgrp: cannot access '/etc/rspamd/local.d/worker-controller.inc': No such file or directory
chmod: cannot access '/etc/rspamd/local.d/worker-controller.inc': No such file or directory
Configuring Getmail
...
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6184rspamd: don't use secure_ip2021-06-21T15:47:39ZJesse Norellrspamd: don't use secure_ipWe currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail ...We currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail services (eg. single-server), as addresses in secure_ip do not require a password. We should drop the use of secure_ip, and preferably switch to using unix sockets to talk to all rspamd daemons.
Also provide examples of how to configure reverse proxies to connect and authenticate (eg. add a Password header and use unix rather than tcp socket).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6188Add field for FPM-Chroot Docroot2021-06-21T13:49:21ZPatrick OmlandAdd field for FPM-Chroot DocrootIf Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Poo...If Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Pool config
See this Thread (German)
https://forum.howtoforge.de/threads/docroot-unter-chroot-fpm.12662/#post-62035https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6189Mailuser password malformed when using a umlaut2023-08-08T07:21:10ZThomMailuser password malformed when using a umlaut<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
Letters with a umlaut in a password for a mailuser, like ä or Ö are malformed. The user can not log in.
## Steps to reproduce
1. Set the password to "ällo3456"
2. Try logging in.
## Correct behaviour
<!-- What should happen instead? -->
The user should be able to log in.
## Environment
Server OS + version: Debian 10 \
ISPConfig version: 3.2.4
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6195API and web_domain.sys_groupid in case of $client_id=02021-07-07T18:20:17Zfrancois parreaux-eyAPI and web_domain.sys_groupid in case of $client_id=0Following that discussion
https://www.howtoforge.com/community/threads/api-and-groupid.87230/#post-424590
## Summary
When creating a web site with API for admin, sys_groupid in web_domain table is set to 1 instead of 0 with web interfa...Following that discussion
https://www.howtoforge.com/community/threads/api-and-groupid.87230/#post-424590
## Summary
When creating a web site with API for admin, sys_groupid in web_domain table is set to 1 instead of 0 with web interface.
This bug is almost invisible because as soon as you open web interface and look at domain, web interface will correct the problem (autosave when tab changing)
Moreover it has no global impact on ISPConfig: I saw it because API request to that domain gives nothing in some cases
## Steps to reproduce
1. Run below script
```
#nano file
insert code and modify first variables as appropriate
<?php
//variables to adapt
$server='myserver.test.fr';
$remoteUser='myremoteuser';
$remotePassword='mypass';
$domain='test.test.fr';
$client_id=0;
//script
$remoteSoapLocation='https://'.$server.':8080/remote/index.php' ;
$remoteSoapUri='https://'.$server.':8080/remote/' ;
$context = stream_context_create([
'ssl' => [
'verify_host' => true,
'verify_peer' => true,
'verify_peer_name' => true,
'allow_self_signed' => false
]
]);
$client = new SoapClient(null,
array('location' => $remoteSoapLocation,
'uri' => $remoteSoapUri,
'trace' => 1,
'exceptions' => 1,
'stream_context' => $context));
$session_id = $client->login($remoteUser, $remotePassword) ;
$tstamp=date("Y-m-d H:i:s") ;
$params = array(
'server_id' => 1,
'ip_address' => '*',
'domain' => $domain,
'type' => 'vhost',
'parent_domain_id' => 0,
'vhost_type' => 'name',
'hd_quota' => -1,
'traffic_quota' => -1,
'cgi' => 'n',
'ssi' => 'n',
'ruby' => 'n',
'python' => 'n',
'perl' => 'n',
'suexec' => 'n',
'errordocs' => 1,
'is_subdomainwww' => 1,
'subdomain' => 'none',
'php' => 'php-fpm',
'redirect_type' => '',
'redirect_path' => '',
'seo_redirect' => 'www_to_non_www',
'rewrite_to_https' => 'y',
'ssl' => 'y',
'ssl_letsencrypt' => 'y',
'ssl_letsencrypt_exclude' => 'n',
'ssl_state' => '',
'ssl_locality' => '',
'ssl_organisation' => '',
'ssl_organisation_unit' => '',
'ssl_country' => '',
'ssl_domain' => '',
'ssl_request' => '',
'ssl_key' => '',
'ssl_cert' => '',
'ssl_bundle' => '',
'ssl_action' => '',
'stats_password' => 'toto_toto!',
'stats_type' => 'awstats',
'allow_override' => 'All',
'apache_directives' => '',
'php_fpm_use_socket' => 'y',
'php_fpm_chroot' => 'n',
'pm' => 'ondemand',
'pm_max_children' => 10,
'pm_start_servers' => 2,
'pm_min_spare_servers' => 1,
'pm_max_spare_servers' => 5,
'pm_process_idle_timeout' => 10,
'pm_max_requests' => 0,
'pm_max_requests' => 0,
'custom_php_ini' => '' ,
'backup_interval' => 'none',
'backup_copies' => 2,
'backup_format_web' => 'default',
'backup_format_db' => 'gzip',
'backup_encrypt' => 'n',
'backup_password' => '' ,
'backup_excludes' => '',
'active' => 'y',
'traffic_quota_lock' => 'n',
'http_port' => '80',
'https_port' => '443',
'log_retention' => 5 ,
'proxy_protocol' => 'n' ,
'added_date' => $tstamp ,
'added_by' => 'admin'
);
$sites_web_id = $client->sites_web_domain_add($session_id, $client_id, $params) ;
$client->logout($session_id) ;
?>
run code
#php file
#mysql
> select `sys_groupid` FROM `dbispconfig`.`web_domain` WHERE `domain` LIKE 'test.test.fr' ;
2. Open web_interface>sites>websites, open test.test.fr domain and save
3. run
#mysql
> select `sys_groupid` FROM `dbispconfig`.`web_domain` WHERE `domain` LIKE 'test.test.fr' ;
```
## Correct behaviour
step 1 (API) gives me
```
+-------------+
| sys_groupid |
+-------------+
| 1 |
+-------------+
```
step 3 (web interface) gives me
```
+-------------+
| sys_groupid |
+-------------+
| 0 |
+-------------+
```
Working behavior is step 3 sys_group_id=0
## Environment
Server OS + version: Ubuntu 20.04 \
ISPConfig version: 3.2.5
Software version of the related software:
```
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-06-17T18:27:53
```
## Proposed fix
```
I didn't find out where is it.
May be, you will not have that behavior !?
```
## References
https://www.howtoforge.com/community/threads/api-and-groupid.87230/#post-424590https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6197Use of want_spam & actions (wblist) in rspamd yields unexpected results2022-12-05T16:55:28ZZakUse of want_spam & actions (wblist) in rspamd yields unexpected results## Summary
User Block-/Allowlist config is generated with both "actions" and "want_spam" present. \
The usage of "actions" renders "want_spam" obsolete und does not honor the function that "want_spam" is supposed to provide. \
If "want_s...## Summary
User Block-/Allowlist config is generated with both "actions" and "want_spam" present. \
The usage of "actions" renders "want_spam" obsolete und does not honor the function that "want_spam" is supposed to provide. \
If "want_spam" is used rspamd is supposed to skip the evaluation of an email. The resulting config might provide the expected result because of "actions", but it still adds the "X-Spamd-Bar" header, which is unwanted behaviour because the header might be used in sieve rules and therefore should not be present (or at least present without a value) on emails that are handled by an entry in the allowlist.
## Steps to reproduce
Using the stock template (slightly modified to also match the from header):
```
spamfilter_wblist-2046 {
priority = 26;
from = "sender@domain.tld";
rcpt = "recipient@domain.tld";
want_spam = yes;
apply {
actions {
reject = null;
"add header" = null;
greylist = null;
"rewrite subject" = null;
}
}
}
spamfilter_wblist-2046.2 {
priority = 26;
mime_from = "sender@domain.tld";
rcpt = "recipient@domain.tld";
want_spam = yes;
apply {
actions {
reject = null;
"add header" = null;
greylist = null;
"rewrite subject" = null;
}
}
}
```
the following is logged by rspamd:
```
2021-07-12 11:03:46 #930(normal) <24ddc3>; task; rspamd_task_write_log: id: <CAP03e=xDdfHS_j7N=7JdzSrOc3fiXA2Efk+oumGrzZ9ugWEwHw@mail.domain.tld>, qid: <4698E3BE9D>, ip: 209.85.160.171, from: <sender@domain.tld>, (default: F (no action): [-0.51/nan] [DMARC_POLICY_ALLOW(-0.50){domain.tld;none;},R_PARTS_DIFFER(0.50){100.0%;},R_DKIM_ALLOW(-0.20){domain.tld:s=20161025;},R_SPF_ALLOW(-0.20){+ip4:209.85.128.0/17;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ALREADY_AV_CHECKED(0.00){},ARC_NA(0.00){},ASN(0.00){asn:15169, ipnet:209.85.128.0/17, country:US;},DKIM_TRACE(0.00){domain.tld:+;},FREEMAIL_ENVFROM(0.00){domain.tld;},FREEMAIL_FROM(0.00){domain.tld;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){recipient@domain.tld;},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_ALL(0.00){},SENDER_REP_HAM(0.00){asn: 15169(-0.19), country: US(-0.00), ip: 0.0.0.0(-0.50);},TO_DN_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){},USER_REJECTS_BLACKLISTED_FILES(0.00){recipient@domain.tld;}]), len: 2555, time: 775.295ms, dns req: 21, digest: <4915ae6bed441b333c191c11653f0540>, rcpts: <recipient@domain.tld>, mime_rcpts: <recipient@domain.tld>, settings_id: spamfilter_wblist-2046.2
```
## Correct behaviour
Skip evaluation of an email immediately. \
Using a config without the actions stanza
```
spamfilter_wblist-2046 {
priority = 26;
from = "sender@domain.tld";
rcpt = "recipient@domain.tld";
want_spam = yes;
}
spamfilter_wblist-2046.2 {
priority = 26;
mime_from = "sender@domain.tld";
rcpt = "recipient@domain.tld";
want_spam = yes;
}
```
the following is logged:
```
2021-07-12 11:04:44 #1587(normal) <7a17ab>; task; rspamd_task_write_log: id: <CAP03e=wRW8By+3ONS3BcpcFF=EHqP0Ja9SpDV0gBqubzt2FiMQ@mail.domain.tld>, qid: <BCD863BFA5>, ip: 209.85.219.51, from: <sender@domain.tld>, (default: S (no action): [0.00/15.00] []), len: 2548, time: 1.217ms, dns req: 0, digest: <5eb295da1042112a088cf8f7958bcbe6>, rcpts: <recipient@domain.tld>, mime_rcpts: <recipient@domain.tld>, settings_id: spamfilter_wblist-2046.2
```
Therefore the evaluation is immediately skipped.
## Environment
OS: irrelevant \
ISPConfig up to 3.2.5.
## Proposed fix
Remove "actions from the "rspamd_wblist.inc.conf.master" template. \
(And add a second entry to match the "From header" - I already proposed that in #5419)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6205vhost for ispconfig seems never updated on CentOS 72021-08-02T06:28:12Zumaxxvhost for ispconfig seems never updated on CentOS 7## Summary
In 'long running' ISPConfig installations the vhost (file) for ISPconfig itself
is never re-generated, hence contains outdated (template) settings, for example
the old (template) line:
` ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
...## Summary
In 'long running' ISPConfig installations the vhost (file) for ISPconfig itself
is never re-generated, hence contains outdated (template) settings, for example
the old (template) line:
` ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
Newer nginx vhost template contains the following line instead:
`ssl_protocols TLSv1.3 TLSv1.2;`
## Steps to reproduce
1. Install ISPConfig
2. run re-sync tool
## Correct behaviour
ispconfig.vhost file should be re-generated and updated from template
in case of ISPConfig updates or in case of re-sync
## Environment
Server OS + version: CentOS7
ISPConfig version: 3.2.3
Software version of the related software: nginx version: nginx/1.20.1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6206Interface setting > mail > max backup copies2021-07-30T13:17:26ZFrançois GrizzlyDevInterface setting > mail > max backup copiesRegarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the ma...Regarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the maximum backup copies (for **email** only), so clients' options would be globally limited when accessing the "Backup" tab.
Before going any further, my guess is to add an [interface setting](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md#interface-settings).
And obviously enforce the limit in the `mail_user.backup_copies` SQL column when this setting is changed. This could be done using some feature such as the setting input "custom" validator, for example: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/admin/form/system_config.tform.php#L224
For this last point especially, I am not sure this is the way to go, comments are welcome!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6211Selected PHP Version in Jail2021-08-18T13:29:54ZGhost UserSelected PHP Version in JailTaken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switch...Taken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switching the PHP version remove the old PHP version from the jail? To me it looks like that would be hard to implement, considering ISPConfig doesn't remove redundant things (aka sections or applications I removed from System > Server Config > Jailkit that were previously there) from jails after re-syncing shell users.
If this is the specific reason it wasn't implemented yet, I think an easier approach would be including all PHP versions in the jail, and just modify the php (no version number) binaries to be symlinked to the right version like `sudo update-alternatives --config php` does (this command only works outside of the jail).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6222Make reproducible release tarballs2023-12-03T21:07:13ZDaniel JagszentMake reproducible release tarballsI check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e4...I check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e416b8242d5` to `b18e992f9ac81acb30e9536f6cff4e6deebf631fc3ec126b897314c4a03891b9`.
That made me suspicious (could have easily been a hack that replaced the original release with a malicious one) – but the two tarballs extract to the very same directory tree (I had the earlier version laying around to check).
Looks like the tarball was re-created recently (maybe to test !1496?). The tar and gzip file format include metadata (like the current PID or the current time) that make two tar+gzip archives of the same directory tree binary different even if they extract to the same directory tree.
Please consider to either
* never ever overwrite a published release (e.g. skip uploading if there is a file with the same name) or
* make the tarballs [reproducible](https://reproducible-builds.org/docs/archives/).
Also, "offical" SHA 256 sums in the release blog post would be wonderful :smile:Daniel JagszentDaniel Jagszenthttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6223Feature Request: Allow sending from alias domains2023-02-09T13:29:17ZCollin MachineFeature Request: Allow sending from alias domainsWould there be a way to allow sending from alias domains? As in, when configuring an alias domain as a source to be directed to a different as the destination, could an option be added to allow sending from this alias (source) domain as ...Would there be a way to allow sending from alias domains? As in, when configuring an alias domain as a source to be directed to a different as the destination, could an option be added to allow sending from this alias (source) domain as well, so that all email accounts, aliases, and forwarders for the "destination" domain are duplicated for every domain alias as well?
An example would be I have a domain called firstdomain.tld but I want an alias domain of seconddomain.tld. When active, any email sent to secomddomain.tld will check if the address exists in firstdomain.tld and send to the recipient, i.e user@firstdomain.tld. But what if I want to send an email from user@seconddomain.tld. I can't currently because the address is not owned by user@firstdomain.tld.
It would be great to have the option to enable this above the Active checkbox/option, similar to how alias and forwarder addresses have the Allow sending from this address option.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6225Possible Alternative to disable LE check for natted servers.2021-09-03T08:00:13ZChrisPossible Alternative to disable LE check for natted servers.As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external se...As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external service verify the host/domain is indeed accessible.
How I see this in practice:
Ispconfig > system > server config > ssl > NAT Router (checkbox) (as oppose to disable LE check)
When performing the check, if the NAT box is checked, Call out to verification server.
[It could be a service hosted by ISPConfig but could just as easily be any of the "is this site up" services that has a free user api. (with a quick google, I see that: check-host.net for example has an array of check types that could be used for this.)
Get the result and proceed with cert creation or report back an issue.
In summary:
I believe this approach would be more effective than just disabling the check because it will mean misconfigured hostnames/domains, missing dns or websites, wrong server used for a site, firewall woes and the rest of the usual suspects will not result in a failed cert request to LE.
One or two fails may not be an issue but we know there is a rate limit so whatever we can do to keep the failures from occurring in the first place would be a bonus.
Essentially this will allow ISPConfig to still pre-empt failures and would only affect those that have the NAT configuration set in server configs. For everybody else you can just perform the normal check.
An option in the installer that allows for enabling the option from the outset would be preferable although that would just be a small bonus addition to the overall feature.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6227Apache config file version checks2021-09-03T10:52:28ZTill BrehmApache config file version checksIn Apache vhost.conf file. we use in several places if constructs like:
<tmpl_if name='apache_version' op='>=' value='2.4.30' format='version'>
But in the Apache plugin, we set apache_version variable just to $app->system->getapacheve...In Apache vhost.conf file. we use in several places if constructs like:
<tmpl_if name='apache_version' op='>=' value='2.4.30' format='version'>
But in the Apache plugin, we set apache_version variable just to $app->system->getapacheversion() (means version is set to e.g. 2.4 and not 2.4.30) and not to $app->system->getapacheversion(true), so apache_version does not contain the full version number. But it might even be that the if comparator would have issues with a number that contains two dots.
There seem to be no open issues based on that at the moment, but we should check and verify this as it might be that some apache config snippets will never be used at the moment.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6232mail domain alias allowed when shouldn't be2022-02-10T18:39:50ZJesse Norellmail domain alias allowed when shouldn't beWhen adding a mail domain alias there should be a check for existing addresses (mailboxes, forwards, aliases and catchall) in that domain and not allow creating the domain alias if found.
Checks in the other direction exist for mailboxe...When adding a mail domain alias there should be a check for existing addresses (mailboxes, forwards, aliases and catchall) in that domain and not allow creating the domain alias if found.
Checks in the other direction exist for mailboxes/forwards/alaises, but also missing for catchall. (Ie. you cannot create a mailbox for a domain which is setup as an alias, but you can create a catchall.)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6235Feature Request LSWS LiteSpeed2022-11-22T20:08:23ZTrimilurFeature Request LSWS LiteSpeedDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
RegardsDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6248FTP Users unable to log in when client (owner) of parent website is changed2022-03-23T16:21:44ZMarius BurkardFTP Users unable to log in when client (owner) of parent website is changedWhen changing the owner (client) of a website, the document root is updated, but the home dir of the FTP users of the websites are not.
Afterwards the FTP users are no longer able to login because the home dir does not exist. It is hard ...When changing the owner (client) of a website, the document root is updated, but the home dir of the FTP users of the websites are not.
Afterwards the FTP users are no longer able to login because the home dir does not exist. It is hard to debug because the pureftp server just behaves as if the password was wrong.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6250chrooted: localhost not reachable & php mail2021-12-02T22:23:28ZNinoschrooted: localhost not reachable & php mail## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I thi...## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I think.
## Steps to reproduce
1. Enable chroot-option for website
2. Run example php sendmail script on website
3. Check mail logs
## Correct behaviour
php mail() should also work in chrooted.
## Environment
Server Debian 11 latest
ISPConfig version: 3.2.7p1
## Proposed fix
Open /etc/php/VERSION/fpm/php.ini & change:
```
SMTP = localhost
```
to:
```
SMTP = 127.0.0.1
```
After that I have no more clue (fix for first step) :Dhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6256placeholders not always handeld with cron-jobs2021-11-24T20:50:59ZFlorian Schaalplaceholders not always handeld with cron-jobsSee https://www.howtoforge.com/community/threads/cron-for-one-site-not-running.88003/#post-429555
fix cron_plugin.inc.php:
1. add `web_folder` to $parent_domain in line 95
<code>
$parent_domain = $app->db->queryOneRecord("SELECT `domain...See https://www.howtoforge.com/community/threads/cron-for-one-site-not-running.88003/#post-429555
fix cron_plugin.inc.php:
1. add `web_folder` to $parent_domain in line 95
<code>
$parent_domain = $app->db->queryOneRecord("SELECT `domain_id`, `system_user`, `system_group`, `document_root`, `hd_quota`, `web_folder` FROM `web_domain` WHERE `domain_id` = ?", $data["new"]["parent_domain_id"]);
</code>
2. replace (line 251+)
<code>
$web_root = '';
if($job['type'] == 'chrooted') {
if(substr($job['command'], 0, strlen($this->parent_domain['document_root'])) == $this->parent_domain['document_root']) {
//* delete the unneeded path part
$job['command'] = substr($job['command'], strlen($this->parent_domain['document_root']));
}
} else {
$web_root = $this->parent_domain['document_root'];
}
</code>
with
<code>
$web_folder = ($this->parent_domain['web_folder'] != '') ? $this->parent_domain['web_folder'] : 'web';
if($job['type'] == 'chrooted') {
if(substr($job['command'], 0, strlen($this->parent_domain['document_root'])) == $this->parent_domain['document_root']) {
//* delete the unneeded path part
$job['command'] = substr($job['command'], strlen($this->parent_domain['document_root']));
} else {
$web_root = '/'.$web_folder;
}
} else {
$web_root = $this->parent_domain['document_root'] . '/' . $web_folder;
}
</code>https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6259subroot not working with chrooted php-fpm2022-02-17T08:29:46ZBartłomiej Bujaksubroot not working with chrooted php-fpm<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
## Steps to reproduce
1. use subroot in snippet
2. enable chroot for php-fpm
## Correct behaviour
Chrooted php-fpm should work with subroot
## Environment
ISPConfig version: 3.2.7p1, not related with OS
## Proposed fix
nothing yet
## References
[https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/698](https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/698)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6260Special backup method: "Manifest creator" or "Delegated backup"2021-12-03T18:16:24ZClaude DuvergierSpecial backup method: "Manifest creator" or "Delegated backup"_Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear w..._Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear with me to understand how this proposal could help "third party" integration._
When I started using ISPConfig I needed a way to backup my websites (both files and databases) using my own existing scripts but because ISPConfig has built-in various full (id. A to Z) methods for backuping the data it manages there was no way to integrate with other tools/scripts (and I understant why: it was not needed).
Put it simply the situation is:
* ISPConfig knows (using the users' settings/preferences):
* where are the data and how to access them
* how often it must be backuped (backups frequency)
* how long (backups retention)
* My backup scripts knows what to do with files and SQL tables (read, compress, de-duplicate, encrypt, send to remote storage, etc.)
From that, my idea is to make ISPConfig "tell" other systems (an existing well-known tool, a self made script, ...) what the user wants to backup, and hence delegate the backup.
So I suggest the creation of a backup method for both websites files and databases that does not backup, compress nor encrypt anything, it would just create a manifest of what to backup.
For the files of a website, the manifest file would provide:
* Website name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* The full/absolute path of the base directory to backup
* The list of paths to exclude (cf. the "Excluded Directories" setting) as full/absolute paths.
For the database, the manifest file would provide:
* Database name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* Credentials to connect to the database server (as the backup/read-only user)
The manifest files would be recreated by ISPConfig when backup settings (frequency, retention, paths, databases, credentials, exclusions, etc.) are changed.
Then ISPConfig work is done and it's up to the other system/script to do the job, the way it detects changes to manifest files is not ISPConfig's business.
Some blur zones (non-exhaustive list):
* Backup triggers: I choose to write the backup frequency in the manifest so the backup tool/script can be aware of this frequency and run accordingly (eg. re-schedule itself or run everyday but detect when was the last execution and skip if not needed yet). But I think ISPConfig could trigger the backup, by executing a well-known command (eg. `/usr/bin/ispconfig/delegate-backup.sh /path/to/one/manifest-file`).
* The fact the manifest file will contains the credentials and could be read by other. So I was thinking ISPConfig could write the credentials only when backup must be run and let the backup tool/script delete it.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6261MySQL Backup - Add option to allow single-transaction mode for huge InnoDB da...2021-12-10T10:29:07ZJanThielMySQL Backup - Add option to allow single-transaction mode for huge InnoDB databases## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
...## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/backup.inc.php#L1216
For sites only having InnoDB tables MySQL recommends to run mysqldump with `--quick` AND `--single-transaction` for huge databases.
As this flag can lead to inconsistent states when MyISAM used, I would suggest to add this as an option.
## Steps to reproduce
1. Enable the DB backup on a huge DB
2. Check the sites at the time of the DB dump, they will be unresponsive due to the locked database as long as `mysqldump` run
## Correct behaviour
The DB dump should not effect the websites uptime
## Proposed fix
1. Add a "Huge Database?" Checkbox to the backup options in the website config
2. If enabled use this command / add `--single-transaction` to the `mysqldump` call
```
$command = "mysqldump -h ? -u ? -p? -c --add-drop-table --create-options --quick --single-transaction --max_allowed_packet=512M " . $mysqldump_routines . " --result-file=? ?";
```
## References
https://serversforhackers.com/c/mysqldump-with-modern-mysql
https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html#option_mysqldump_single-transactionhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6262support HTTP/3 QUIC in ISPConfig for nginx2023-08-15T09:15:22ZBartłomiej Bujaksupport HTTP/3 QUIC in ISPConfig for nginxHTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.HTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6267Changing a website from the alias domain to the other leaves duplicate entries2022-02-28T16:02:56ZWHOChanging a website from the alias domain to the other leaves duplicate entries## Summary
alias domain can refer to the same website domain
## Steps to reproduce
Alias domain points from domain to own domain.
Given configuration (so far also correct): Website domain: domain.de Alias domain: test.de (test.de...## Summary
alias domain can refer to the same website domain
## Steps to reproduce
Alias domain points from domain to own domain.
Given configuration (so far also correct): Website domain: domain.de Alias domain: test.de (test.de is alias of domain.de)
The customer can do this by following the steps below: Edit websites and change the domain from domain.de to test.de.
The result of the change is then that an alias domain can refer to the same domain.
## Correct behaviour
change should not be possible because domain is no longer unique
## Environment
Server OS + version: Debian 10 ISPConfig version: 3.2.7p1 Software version of the related software:
```
Server version: Apache/2.4.38 (Debian)
Server built: 2021-12-21T16:50:43
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6271Allow Zone transfert and Also notify field not working with powerDNS2021-12-24T23:32:57ZCédricAllow Zone transfert and Also notify field not working with powerDNSHello there,
According to the powerDNS documentation (https://doc.powerdns.com/authoritative/domainmetadata.html) , we should be able to set AXFR / notify for each domain via the table powerdns.metadata
![2021-12-23_11_05_20-ISPConfig]...Hello there,
According to the powerDNS documentation (https://doc.powerdns.com/authoritative/domainmetadata.html) , we should be able to set AXFR / notify for each domain via the table powerdns.metadata
![2021-12-23_11_05_20-ISPConfig](/uploads/5d277c27ca2c0befa22c3b547fb0c5df/2021-12-23_11_05_20-ISPConfig.png)
As you can see field are present in ISPConfig but when I'm looking the content of the powerdns plugin there is nothing to store those two fields in the appropriate table.
https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/plugins-available/powerdns_plugin.inc.phphttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6272Rewriterule with docroot on Redirect2022-01-07T11:49:35ZWHORewriterule with docroot on Redirect## Summary
If used /dev as an redirect target on websites, subdomains, aliasdomain, etc., it produces an error 403, caused by using a directoryname existing in /. The docroot is not used first.
## Steps to reproduce
1. Add /dev on redi...## Summary
If used /dev as an redirect target on websites, subdomains, aliasdomain, etc., it produces an error 403, caused by using a directoryname existing in /. The docroot is not used first.
## Steps to reproduce
1. Add /dev on redirect with no_flag
2. Call the site
## Correct behaviour
Get the contents of docroot/dev upon calling the site.
## Proposed fix
Changing the RewriteRule in vhost.conf.master
from:
```
RewriteRule ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'>
```
to:
```
RewriteRule ^/(.*)$ %{DOCUMENT_ROOT}<tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if> <tmpl_var name='rewrite_type'>
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6273_getinitcommand init script symlinks broken2022-12-05T17:01:51ZChristian_getinitcommand init script symlinks brokenon my gentoo system i'm using symlinks for php-fpm init scripts.
```
/etc/init.d/php-fpm-php7.4 -> /etc/init.d/php-fpm
/etc/init.d/php-fpm-php7.3 -> /etc/init.d/php-fpm
```
```
file system.inc.php
function _getinitcommand
$full_init_scr...on my gentoo system i'm using symlinks for php-fpm init scripts.
```
/etc/init.d/php-fpm-php7.4 -> /etc/init.d/php-fpm
/etc/init.d/php-fpm-php7.3 -> /etc/init.d/php-fpm
```
```
file system.inc.php
function _getinitcommand
$full_init_script_path = realpath($init_script_directory.'/'.$servicename);
```
realpath() changes /etc/init.d/php-fpm-php7.4 to /etc/init.d/php-fpm which breaks reload and restart commands.
why is realpath() there? can this be adjusted in any way?
my workaround so far:
```
if(is_link($init_script_directory.'/'.$servicename)) {
$full_init_script_path = $init_script_directory.'/'.$servicename;
}
else {
$full_init_script_path = realpath($init_script_directory.'/'.$servicename);
}
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6279Add the record name on item deletion confirmation popup2022-05-28T23:11:16ZSergioAdd the record name on item deletion confirmation popupHi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup t...Hi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup that reports the name of the record we are going to delete, just to be sure that we have clicked the right button in the table, something like:
"Do you really want to delete the website www.ispconfig.org?" or
"Do you really want to delete the server server.ispconfig.org?"
Thanks :smile:
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6280Make Cron Jobs list template accurate2022-01-27T10:16:30ZDimiMake Cron Jobs list template accurateHi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI ...Hi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI friendly done in ISPconfig.
When there are hundreds of CRON jobs - there is no way you can find what you need and check what is where. Huge gabs(paddings) between timings, very small spaces for command and site name, and whats worst - the text of command and sitename is CROPPED! , which makes the list absolutely unreadable and in fact unusable :disappointed:
I suggest -
1. Make filter bar INDEPENDANT of display area - thus you wont need giving that much space for one symbol time/day/week stars/numbers.
2. Squeeze the display area , and make at least 30-40% of space dedicated for the command to be shown fully
3. DO not crop command/website names- better use multiline
I'm sure theres clever people who can suggest how it can be done even better, but this is really one of the functionality which is a "disfunctionality" for now :)
![cron](/uploads/f52a00fb75218a74647aaf14bf0da549/cron.jpg)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6282Mariadb ENUM default not used2022-03-07T15:46:17ZHelmoMariadb ENUM default not usedI have a weird case of default values gone bad.
A client creates sites via the ispconfig API but when later enables php for the site via the ispconfig webinterface the php fpm server fails to restart.
```
systemd[1]: Starting The PHP 7...I have a weird case of default values gone bad.
A client creates sites via the ispconfig API but when later enables php for the site via the ispconfig webinterface the php fpm server fails to restart.
```
systemd[1]: Starting The PHP 7.4 FastCGI Process Manager...
php-fpm7.4[1047134]: ERROR: [/etc/php/7.4/fpm/pool.d/web35.conf:9] unable to parse value for entry 'pm': invalid process manager (static, dynamic or ondemand)
php-fpm7.4[1047134]: ERROR: Unable to include /etc/php/7.4/fpm/pool.d/web35.conf from /etc/php/7.4/fpm/php-fpm.conf at line 9
php-fpm7.4[1047134]: ERROR: failed to load configuration file '/etc/php/7.4/fpm/php-fpm.conf'
php-fpm7.4[1047134]: ERROR: FPM initialization failed
```
The `pm` options is empty so php-fpm is right to fail. But in the database the field is also empty which should be impossible ...
The column is defined as:
```
`pm` enum('static','dynamic','ondemand') NOT NULL DEFAULT 'ondemand',
```
This server is running Debian 11 with MariaDB 10.5.12-0+deb11u1 (Confirmed also on Debian 10 with MariaDB 10.3.31-0+deb10u1)
```sql
CREATE TABLE `enum_test` (
`domain_id` int(11) UNSIGNED NOT NULL,
`pm` enum('static','dynamic','ondemand') NOT NULL DEFAULT 'ondemand'
) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC;
INSERT INTO `enum_test` (`domain_id`, `pm`) VALUES ('1', '');
SELECT * FROM `enum_test`;
```
The select above will show an empty value for `pm`.
On MySQL 8.0.27-0ubuntu0.20.04.1 the insert query gives an error (as it should).
`ERROR 1265 (01000): Data truncated for column 'pm' at row 1`
I'm not the first to run into this ... https://stackoverflow.com/questions/63392899/how-to-make-mariadb-produce-an-error-if-value-not-specified-on-not-null-enum-col
And more details on https://mariadb.com/kb/en/enum/
The solution to getting an error is setting the Mysql config option sql-mode to include `STRICT_ALL_TABLES`.
But that does not solve my issue with the API client. Unfortunately I do not have access to the client's source as it's compiled/obfuscated :disappointed: by https://www.hostfact.nl/ But as it's an optional field I cannot blame them for leaving it out.
The patch below seems to solve it. It calls 'default(`pm`)' to let the mysql daemon figure out the default value.
```patch
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index cfaf0958d..78848bdfc 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -1388,6 +1388,17 @@ class tform_base {
} else {
$sql_insert_val .= "'".$record[$key]."', ";
}
+ } elseif ($field['formtype'] == 'SELECT') {
+ $sql_insert_key .= "`$key`, ";
+ if (is_null($record[$key])) {
+ $sql_insert_val .= 'NULL';
+ } elseif ($record[$key] === '') {
+ $sql_insert_val .= "default(`$key`)";
+ }
+ else {
+ $sql_insert_val .= "'".$record[$key]."'";
+ }
+ $sql_insert_val .= ", ";
} else {
$sql_insert_key .= "`$key`, ";
$sql_insert_val .= (is_null($record[$key]) ? 'NULL' : "'".$record[$key]."'") . ", ";
```
Reproducing the API call can be done with [our demo code](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/remoting_client/examples/sites_web_domain_add.php) by commenting the pm value on line 56 and changing line to `'php' => 'n'`HelmoHelmohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6285Addon Store for snippet & Nginx Templates2022-03-15T13:23:48ZAlexAddon Store for snippet & Nginx TemplatesIts a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would ...Its a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would then be a dual system of addons tested by the project & a possibility for a community repro on Git for example.
This should only be a thought impulsehttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6291changing owner website from reseller to client gives site on 2 places2024-02-01T15:36:54ZSteffan Noordchanging owner website from reseller to client gives site on 2 placesWhen i cange a website owner from a reseller to a new client the website is visable to the new client, but also stays in the reseller controlpanel.
When looking in the database i see that sys_userid is not changed to the new client
When...When i cange a website owner from a reseller to a new client the website is visable to the new client, but also stays in the reseller controlpanel.
When looking in the database i see that sys_userid is not changed to the new client
When i change sys_userid one number higher then sys_groupid everything is fine again.3.2.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6292Goaccess retention issue2022-07-31T21:04:05ZLorenzo ValoriGoaccess retention issueHi, i noticed a problem with the goaccess configuration, in a nutshell it does not respect the "Logfiles retention time" parameter.
Let me explain better, i have a web area with the "Logfiles retention time" set to 10 days and in fact t...Hi, i noticed a problem with the goaccess configuration, in a nutshell it does not respect the "Logfiles retention time" parameter.
Let me explain better, i have a web area with the "Logfiles retention time" set to 10 days and in fact the apache logs are correctly rotated, but in the log folder there is the goaccess_db folder which, in my case, has reached occupy 1.6 GB.
I believe thath this issue causes lose control of the space occupied by the statistics even if the log files are rotated.
The "--keep-last" parameter could be implemented in the goaccess configuration to solve the question, what do you think about?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6303Website backup with password encryption failure2022-03-17T23:03:21ZTill BrehmWebsite backup with password encryption failureThere seems to be an issue with some special chars in website backup password protection which cause backups to fail.
https://www.howtoforge.com/community/threads/website-backup-not-working.88518/#post-433755There seems to be an issue with some special chars in website backup password protection which cause backups to fail.
https://www.howtoforge.com/community/threads/website-backup-not-working.88518/#post-433755https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6308dns_zone_get_by_user: server_id should be optional2022-03-23T15:31:27ZJesse Norelldns_zone_get_by_user: server_id should be optionalMake the server_id optional in [dns_zone_get_by_user](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L766).
Currently the acme proxy can only update a single DNS server as it mus...Make the server_id optional in [dns_zone_get_by_user](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L766).
Currently the acme proxy can only update a single DNS server as it must supply the server_id, so it can't be used fully in a multi-server install with multiple DNS servers.Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6315move E-Mail to Junk in Panel does not work2022-12-19T16:30:38ZSebastianmove E-Mail to Junk in Panel does not work
## Summary
<!-- What is happening and what is wrong with that? -->
When selecting something in the dropdown on ISPConfig Panel "email / email account / email filter / move spam to junk folder"
following happens:
Panel-tab gets refresh...
## Summary
<!-- What is happening and what is wrong with that? -->
When selecting something in the dropdown on ISPConfig Panel "email / email account / email filter / move spam to junk folder"
following happens:
Panel-tab gets refreshed when selecting another "move spam to junk folder" option.
Using firefox inspector, it states "tab change interrupted, request still running".
## Steps to reproduce
1. Go on the Panel
2. click E-Mail
3. click E-Mail Account
4. Select Tab: E-Mail filter
5. Select the "move spam to junk folder" and chose any other option
## Correct behaviour
<!-- What should happen instead? -->
It should select another option instead of refreshing the tab.
## Environment
Server OS + version: Debian 11.2 \
ISPConfig version: 3.2.7p1
<!-- _you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_ -->
Software version of the related software:
<!-- You can use 'nginx -v' or 'apachectl -v' to find the webserver version. Use 'php -v' to find the PHP version.> Put this in code blocks, like so: -->
```
nginx version: nginx/1.18.0
PHP 7.4.28 (cli) (built: Feb 17 2022 16:17:19) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.28, Copyright (c), by Zend Technologies
```
## Proposed fix
at /usr/local/ispconfig/interface/web/mail/templates/mail_user_filter_list.htm
remove this onclick attribut
```
onclick="return ISPConfig.changeTab('filter_records','mail/mail_user_edit.php');"
```
## References
https://www.howtoforge.com/community/threads/changing-move-e-mail-to-junk-folder-in-gui-doesnt-work.88635/page-2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6318Module name not translatable in ISPConfig user settings2022-03-25T17:20:44ZTill BrehmModule name not translatable in ISPConfig user settingsModule name not translatable in ISPConfig user settingsModule name not translatable in ISPConfig user settingshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6324Cleanup vhost.conf.master2023-08-08T07:22:15ZThomCleanup vhost.conf.masterThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etcThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etc3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6327Failed datalog jobs are "successful" if another unrelated job succeeds2022-04-24T19:41:16ZWebsliceFailed datalog jobs are "successful" if another unrelated job succeedsAccording to the function datalogStatus(), the pending datalog jobs query is:
```
SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog....According to the function datalogStatus(), the pending datalog jobs query is:
```
SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action
```
If I intentionally let 5 jobs crash on a slave node, and then submit a completely unrelated different job successfully, the server.updated field is updated and the 5 crashed jobs are "successful".
Would it be feasible to have the datalog remember for each individual job, whether it was successful or not? So we can retry failed jobs?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6339Issue on managing aliases in a multiserver environment2022-12-05T17:02:25ZLorenzo ValoriIssue on managing aliases in a multiserver environment## Summary
If you change the parent domain on an alias with another site hosted on a different server than the initial one, the configuration will be correctly done on the new server but the alias will not be removed from the old server
...## Summary
If you change the parent domain on an alias with another site hosted on a different server than the initial one, the configuration will be correctly done on the new server but the alias will not be removed from the old server
## Steps to reproduce
1. create a website alias (e.g. dev.example.com) and assign it to a site hosted on server A (e.g. example.com)
2. enter in the alias you just created (dev.example.com) and change the assignment to another site hosted on server B (e.g. example.it)
3. now dev.example.com will be correctly configured on server B but will not be removed from the vhost on server A example.com, it will still result in the apache configuration and the a DB record on server A will also remain
## Correct behaviour
The alias configuration should be completely removed from server A and carried over to server B
## Environment
Server OS + version: Ubuntu 18.04.6 LTS
ISPConfig version: 3.2.8p1https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6340disable plaintext email logins2022-05-02T16:13:37ZJesse Norelldisable plaintext email loginsAdd a server setting to disable plaintext email logins, which will help with email account compromises.Add a server setting to disable plaintext email logins, which will help with email account compromises.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6341disable AUTH on port 252022-05-02T17:55:25ZJesse Norelldisable AUTH on port 25Add a server setting to disable AUTH on port 25. This of course requires clients to be using proper mail submission ports, but blocks a lot of junk authentication attempts where it can be used.Add a server setting to disable AUTH on port 25. This of course requires clients to be using proper mail submission ports, but blocks a lot of junk authentication attempts where it can be used.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6348Apps Vhost blocked from using PHP after saving changes in ISPConfig2022-05-28T09:07:50ZAlex JohnsonApps Vhost blocked from using PHP after saving changes in ISPConfig## Summary
File in question: /etc/apache2/sites-enabled/000-apps.vhost
Apps.vhost is modified after saving on a fresh ISPConfig system as below, removing the ability to use PHP apps (phpmyadmin, etc) after the save.
Saving changes und...## Summary
File in question: /etc/apache2/sites-enabled/000-apps.vhost
Apps.vhost is modified after saving on a fresh ISPConfig system as below, removing the ability to use PHP apps (phpmyadmin, etc) after the save.
Saving changes under System Server Config > Server Name > Web > Apps VHost causes ISPConfig to pull from the conf master file. This file is not the same as a fresh installed ISPConfig.
Occurs on both Debian and Ubuntu systems, installed using: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
## Steps to reproduce
Active File: /etc/apache2/sites-enabled/000-apps.vhost
On the fresh install, without touching ISPConfig yet, the apps vhost has the following under ServerAdmin line (around line 9):
<Directory /var/www/apps>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
Inactive File: /usr/local/ispconfig/server/conf-custom/apache_apps.vhost.master
Conf directory apps vhost, same location as above:
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
Without the directory line in there, all PHP is disabled.
## Correct behaviour
The conf directory file should contain the directory statements in /usr/local/ispconfig/server/conf-custom/apache_apps.vhost.master
## Environment
Many OS & versions, effects any server I install using this tutorial: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
## Proposed fix
Correct conf directory file as listed abovehttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6349Lost root ssh access, here's how2022-06-17T18:08:06ZSergioLost root ssh access, here's howHi, today I lost the root ssh access to the ISPConfig installation, running on Ubuntu 20.04. When I first installed ISPConfig I removed the prefix for FTP users and Shell users. Today I wanted to test a few customizations on shell users,...Hi, today I lost the root ssh access to the ISPConfig installation, running on Ubuntu 20.04. When I first installed ISPConfig I removed the prefix for FTP users and Shell users. Today I wanted to test a few customizations on shell users, so I created a new user with the same username of the only user on sudoers (it's my name afterall :P), then I deleted it and boom. That action deleted the sudoer user, so I lost the root access to my machine. Nothing really serious, I recovered it, then it was a virtual machine running on my home computer, but I think it shouldn't have happened. In this way a ISPConfig user with create users privileges, could compromise the access to the machine. Maybe there could be a check if the user already exists before creating a new one.
Thanks :smile:https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6351Website redirect target with hashtag #2022-06-17T11:16:27ZJulianWebsite redirect target with hashtag #If the redirect target contains a hashtag, the rewrite option NE is required else the hashtag gets url encoded.
does not work:
![grafik](/uploads/681b5443a245e770527f21d5327145d1/grafik.png)
works:
![grafik](/uploads/058501190375edc0...If the redirect target contains a hashtag, the rewrite option NE is required else the hashtag gets url encoded.
does not work:
![grafik](/uploads/681b5443a245e770527f21d5327145d1/grafik.png)
works:
![grafik](/uploads/058501190375edc038f8a062bde2fb38/grafik.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6352CentOS 8 / Almalinux 8 mailman - unkonwn user in virtual mailbox table + mail...2022-06-17T09:21:08ZPacoCentOS 8 / Almalinux 8 mailman - unkonwn user in virtual mailbox table + mailman.conf for httpdI post that issue here, firstly posted in forum:
https://www.howtoforge.com/community/threads/centos-8-almalinux-8-mailman-unkonwn-user-in-virtual-mailbox-table.89076/
I found a solution and post it on forum and I'll be happy if you im...I post that issue here, firstly posted in forum:
https://www.howtoforge.com/community/threads/centos-8-almalinux-8-mailman-unkonwn-user-in-virtual-mailbox-table.89076/
I found a solution and post it on forum and I'll be happy if you implement that in next version of ispconfig and update centos 8 and/or create a new perfect server tutorial for AlmaLinux 8.PacoPacohttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6354Rewrite to HTTPs doesn't work for aliasdomains (Apache)2022-12-05T17:01:26ZDominikRewrite to HTTPs doesn't work for aliasdomains (Apache)
## Summary
Rewrite HTTP to HTTPS doesn't work for aliasdomains with own redirect rules (e.g. subdirectory) in Apache
## Steps to reproduce
1. Setup a website and an aliasdomain for it
2. Set this aliasdomain redirecting to any subdirec...
## Summary
Rewrite HTTP to HTTPS doesn't work for aliasdomains with own redirect rules (e.g. subdirectory) in Apache
## Steps to reproduce
1. Setup a website and an aliasdomain for it
2. Set this aliasdomain redirecting to any subdirectory via Redirect Path...
3. Enable Rewrite HTTP to HTTPS for this website
If you open the website itself in the browser, the rediret to https works for the website itself. If you open the aliasdomain, the redirect doesn't work and stays with http.
## Correct behaviour
redirect should also work for the aliasdomain
## Suggestions
either we should add a corresponding checkbox to all alias and subdomains, to make it possible to enable https-rewrite for all domains, or we can move the https-rewrite-rule in vhost-config to the top, that it is called as the first one.
for sure both solutions mean impact - in the latter case also redirects to external URLs would be translated to https before redirected, which might be the wrong behaviour for several cases - but in my opinion this is the correct behaviour anyway... if I enable this redirect for my hole website, i would expect that it works with all domains and sudbomains. If I don't want it for all domains I can still use htaccess for the selected domains and keep it disabled for the website itself...
The option to add a checkbox to all aliasdomains seems to be inconvenient if there are many domains in a website...https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6355rspamd: trusted ARC signers2022-06-27T16:18:59ZJesse Norellrspamd: trusted ARC signersFeature Request: Add to the UI a way to specify trusted ARC signers (rspamd whitelisted_signers_map setting). Ideally we could allow individual domain owners to specify what signers are trusted when mailing their domain, but it may hav...Feature Request: Add to the UI a way to specify trusted ARC signers (rspamd whitelisted_signers_map setting). Ideally we could allow individual domain owners to specify what signers are trusted when mailing their domain, but it may have to be a server/system wide setting, I've not dug into the details).
This will help improve mail authentication for mail forwarded to an ISPConfig system, if the forwarder breaks DMARC (spf usually breaks, DKIM breaks if headers/body/sender is changed) but ARC signed the message that they received, rspamd can ignore the DMARC failure and consider the message authenticated. This feature allows the server/domain admin to specify what ARC forwarders should be trusted.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6356Email Spamfilter blacklist doesn't create .conf file2022-12-05T17:00:34ZTony GEmail Spamfilter blacklist doesn't create .conf fileIn a fully operational Postfix/Rspamd environment, go to ISPConfig Email>Spamfilter and create a whitelist record. A new .conf file is created in:
/etc/rspamd/local.d/users/spamfilter_wblist_nn.conf.
Now go to create a blacklist rec...In a fully operational Postfix/Rspamd environment, go to ISPConfig Email>Spamfilter and create a whitelist record. A new .conf file is created in:
/etc/rspamd/local.d/users/spamfilter_wblist_nn.conf.
Now go to create a blacklist record. The record is saved in the ISPConfig database but no file is created in the folder for Rspamd to use.
I've searched my system and the filters are not anywhere in the file system.
If this is expected behaviour, please note here how Rspamd uses the blacklist data without the .conf file, action info, etc.
When a whitelist record is disabled, it remains in the database but the .conf file is removed. ~~Might blacklist records simply be in the same state, disabled, even when the UI says they are enabled?~~ I checked the spamfilter_wblist table and 'B' Blacklist records are active.
More info will be provided if required.
Ubuntu 20.04
ISPConfig version: 3.2.2