ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2023-09-16T10:48:24Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6388support multiple logos for resellers2023-09-16T10:48:24ZMattia Rizzolosupport multiple logos for resellersIn my company, we have a bunch of resellers that also allows some of their customers access to the panel.
For those, we have been asked to place their own logos in the login page and at the top of the panel. At this time, we have a loc...In my company, we have a bunch of resellers that also allows some of their customers access to the panel.
For those, we have been asked to place their own logos in the login page and at the top of the panel. At this time, we have a local patch like this:
```diff
--- index.php.bak 2022-09-27 11:23:24.014454894 +0200
+++ index.php 2022-09-27 11:25:56.915375461 +0200
@@ -103,6 +103,10 @@
$base64_logo_txt = $logo['default_logo'];
}
$tmp_base64 = explode(',', $base64_logo_txt, 2);
+if (strpos($_SERVER['HTTP_HOST'], 'example.com')){
+ $im = file_get_contents('themes/default/assets/images/logo_customer_example.png');
+ $base64_logo_txt = 'data:image/png;base64,'.base64_encode($im);
+}
$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
--- login/index.php.bak 2022-09-27 11:26:38.029796023 +0200
+++ login/index.php 2022-09-27 11:28:19.584394637 +0200
@@ -485,6 +485,10 @@
$base64_logo_txt = $logo['default_logo'];
}
$tmp_base64 = explode(',', $base64_logo_txt, 2);
+if (strpos($_SERVER['HTTP_HOST'], 'example.com')){
+ $im = file_get_contents('../themes/default/assets/images/logo_customer_example.png');
+ $base64_logo_txt = 'data:image/png;base64,'.base64_encode($im);
+}
$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
```
Which is quite not nice for me :smile:
I wonder if it would be possible to upload the reseller logo to their profile, and then somehow associate a domain to them so that it would pick a different logo depending on known domain names used to access the website?
Thank you for considering!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6387DMARC update just like SPF2023-07-04T21:14:53ZhkendusersDMARC update just like SPF<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
<!-- What is happening and what is wrong with that? -->
When I update SPF record by clicking the record (not SPF button), it shows "DNS SPF" editing page.
However if I update DMARC record by clicking the record (not DMARC button), it shows "DNS TXT" editing page but not showing "DNS DMARC" editing page, and it even shows error "DMARC is not allowed. Use the DMARC button" if save it.
Is it OK that DMARC editing just like SPF? Means clicking the record then show "DNS DMARC" editing page directly, it will prevent user's confusion.'
## Environment
Server OS + version: CentOS Stream release 8
ISPConfig version: 3.2.8p1
## Proposed fix
Open /usr/local/ispconfig/interface/web/dns/dns_txt_edit.php
> if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
> header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
> exit;
> }
Update to
> if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
> header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
> exit;
> } else if ("v=DMARC1"== mb_substr($this->dataRecord["data"], 0, 8)) {
> header(sprintf("Location: dns_dmarc_edit.php?id=%d", $this->dataRecord["id"]));
> exit;
> }https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6382Improve supported sieve extensions enabled by default using require2022-10-18T08:10:23ZJudah - MWImprove supported sieve extensions enabled by default using requireThese are the dovecot pigeonhole sieve extensions included in dovecot by default that we don't currently support in custom sieve filters, and the version of pigeonhole which first included them. [This list is from the Dovecot wiki.](htt...These are the dovecot pigeonhole sieve extensions included in dovecot by default that we don't currently support in custom sieve filters, and the version of pigeonhole which first included them. [This list is from the Dovecot wiki.](https://doc.dovecot.org/configuration_manual/sieve/pigeonhole_sieve_interpreter/#supported-features)
| Extension | Supported since |
|---|---|
| body | always |
| duplicate | v0.4.3+ |
| enotify | v0.1.3+ |
| environment | v0.4.0+ |
| foreverypart | v0.4.14+ |
| ihave | v0.2.4+ |
| include | v0.4.0+ |
| index | v0.4.7+ |
| mime | v0.4.14+ |
| extracttext | v0.4.14+ |
| variables | always |
We should definitely be including `body` and `variables` as they are enabled by default and supported in every version of dovecot pigeonhole. Body in particular is vital for many custom filters. For simplicity's sake I'm submitting a merge request for these 2 extensions straight away so it can hopefully become part of %"3.2.9". Having sane defaults is especially important because the list of required extensions can't be updated later in the filter due to a limitation of sieve/pigeonhole: `require commands can only be placed at top level at the beginning of the file` (See #5124)
As for the others, currently the most recent extension we use is `date` with a release version of v0.1.12 from 2010. The most recent pigeonhole version needed to support all these extensions would be v0.4.14 which is from April 2016, over 6 years ago. Could we safely assume that all installations would have at least that version? Perhaps for these more specific extensions we should make no default inclusion and simply carry on letting admins enable them by installing a modified config into `conf-custom`? Some of these extensions also have security considerations such as `include` which allows including other sieve files.
What do you think @jnorell?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6375Multiserver setup: custom files autoload (e.g. a custom standard_index.html)2022-08-08T19:37:40ZSergioMultiserver setup: custom files autoload (e.g. a custom standard_index.html)Hi, in a Multiserver setup, during installation of a new server, would be useful to have the chance to autoload custom files from the master server, as can be the standard_index.html or a custom service config file, as nginx_vhost.conf.m...Hi, in a Multiserver setup, during installation of a new server, would be useful to have the chance to autoload custom files from the master server, as can be the standard_index.html or a custom service config file, as nginx_vhost.conf.master.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6363rfe: rspamd: add mxroute lists2022-07-15T19:31:14ZJesse Norellrfe: rspamd: add mxroute listsConsider adding https://github.com/mxroute/rspamd_rules/tree/master/lists to rspamd configuration.Consider adding https://github.com/mxroute/rspamd_rules/tree/master/lists to rspamd configuration.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6355rspamd: trusted ARC signers2022-06-27T16:18:59ZJesse Norellrspamd: trusted ARC signersFeature Request: Add to the UI a way to specify trusted ARC signers (rspamd whitelisted_signers_map setting). Ideally we could allow individual domain owners to specify what signers are trusted when mailing their domain, but it may hav...Feature Request: Add to the UI a way to specify trusted ARC signers (rspamd whitelisted_signers_map setting). Ideally we could allow individual domain owners to specify what signers are trusted when mailing their domain, but it may have to be a server/system wide setting, I've not dug into the details).
This will help improve mail authentication for mail forwarded to an ISPConfig system, if the forwarder breaks DMARC (spf usually breaks, DKIM breaks if headers/body/sender is changed) but ARC signed the message that they received, rspamd can ignore the DMARC failure and consider the message authenticated. This feature allows the server/domain admin to specify what ARC forwarders should be trusted.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6349Lost root ssh access, here's how2022-06-17T18:08:06ZSergioLost root ssh access, here's howHi, today I lost the root ssh access to the ISPConfig installation, running on Ubuntu 20.04. When I first installed ISPConfig I removed the prefix for FTP users and Shell users. Today I wanted to test a few customizations on shell users,...Hi, today I lost the root ssh access to the ISPConfig installation, running on Ubuntu 20.04. When I first installed ISPConfig I removed the prefix for FTP users and Shell users. Today I wanted to test a few customizations on shell users, so I created a new user with the same username of the only user on sudoers (it's my name afterall :P), then I deleted it and boom. That action deleted the sudoer user, so I lost the root access to my machine. Nothing really serious, I recovered it, then it was a virtual machine running on my home computer, but I think it shouldn't have happened. In this way a ISPConfig user with create users privileges, could compromise the access to the machine. Maybe there could be a check if the user already exists before creating a new one.
Thanks :smile:https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6341disable AUTH on port 252022-05-02T17:55:25ZJesse Norelldisable AUTH on port 25Add a server setting to disable AUTH on port 25. This of course requires clients to be using proper mail submission ports, but blocks a lot of junk authentication attempts where it can be used.Add a server setting to disable AUTH on port 25. This of course requires clients to be using proper mail submission ports, but blocks a lot of junk authentication attempts where it can be used.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6340disable plaintext email logins2022-05-02T16:13:37ZJesse Norelldisable plaintext email loginsAdd a server setting to disable plaintext email logins, which will help with email account compromises.Add a server setting to disable plaintext email logins, which will help with email account compromises.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6324Cleanup vhost.conf.master2023-08-08T07:22:15ZThomCleanup vhost.conf.masterThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etcThe vhost.conf.master template is quite a mess. I will go through it and clean it up, fix indentation, etc3.2.12ThomThomhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6308dns_zone_get_by_user: server_id should be optional2022-03-23T15:31:27ZJesse Norelldns_zone_get_by_user: server_id should be optionalMake the server_id optional in [dns_zone_get_by_user](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L766).
Currently the acme proxy can only update a single DNS server as it mus...Make the server_id optional in [dns_zone_get_by_user](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/lib/classes/remote.d/dns.inc.php#L766).
Currently the acme proxy can only update a single DNS server as it must supply the server_id, so it can't be used fully in a multi-server install with multiple DNS servers.Jesse NorellJesse Norellhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6292Goaccess retention issue2022-07-31T21:04:05ZLorenzo ValoriGoaccess retention issueHi, i noticed a problem with the goaccess configuration, in a nutshell it does not respect the "Logfiles retention time" parameter.
Let me explain better, i have a web area with the "Logfiles retention time" set to 10 days and in fact t...Hi, i noticed a problem with the goaccess configuration, in a nutshell it does not respect the "Logfiles retention time" parameter.
Let me explain better, i have a web area with the "Logfiles retention time" set to 10 days and in fact the apache logs are correctly rotated, but in the log folder there is the goaccess_db folder which, in my case, has reached occupy 1.6 GB.
I believe thath this issue causes lose control of the space occupied by the statistics even if the log files are rotated.
The "--keep-last" parameter could be implemented in the goaccess configuration to solve the question, what do you think about?https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6285Addon Store for snippet & Nginx Templates2022-03-15T13:23:48ZAlexAddon Store for snippet & Nginx TemplatesIts a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would ...Its a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would then be a dual system of addons tested by the project & a possibility for a community repro on Git for example.
This should only be a thought impulsehttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6280Make Cron Jobs list template accurate2022-01-27T10:16:30ZDimiMake Cron Jobs list template accurateHi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI ...Hi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI friendly done in ISPconfig.
When there are hundreds of CRON jobs - there is no way you can find what you need and check what is where. Huge gabs(paddings) between timings, very small spaces for command and site name, and whats worst - the text of command and sitename is CROPPED! , which makes the list absolutely unreadable and in fact unusable :disappointed:
I suggest -
1. Make filter bar INDEPENDANT of display area - thus you wont need giving that much space for one symbol time/day/week stars/numbers.
2. Squeeze the display area , and make at least 30-40% of space dedicated for the command to be shown fully
3. DO not crop command/website names- better use multiline
I'm sure theres clever people who can suggest how it can be done even better, but this is really one of the functionality which is a "disfunctionality" for now :)
![cron](/uploads/f52a00fb75218a74647aaf14bf0da549/cron.jpg)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6279Add the record name on item deletion confirmation popup2022-05-28T23:11:16ZSergioAdd the record name on item deletion confirmation popupHi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup t...Hi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup that reports the name of the record we are going to delete, just to be sure that we have clicked the right button in the table, something like:
"Do you really want to delete the website www.ispconfig.org?" or
"Do you really want to delete the server server.ispconfig.org?"
Thanks :smile:
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6262support HTTP/3 QUIC in ISPConfig for nginx2023-08-15T09:15:22ZBartłomiej Bujaksupport HTTP/3 QUIC in ISPConfig for nginxHTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.HTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6261MySQL Backup - Add option to allow single-transaction mode for huge InnoDB da...2021-12-10T10:29:07ZJanThielMySQL Backup - Add option to allow single-transaction mode for huge InnoDB databases## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
...## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/backup.inc.php#L1216
For sites only having InnoDB tables MySQL recommends to run mysqldump with `--quick` AND `--single-transaction` for huge databases.
As this flag can lead to inconsistent states when MyISAM used, I would suggest to add this as an option.
## Steps to reproduce
1. Enable the DB backup on a huge DB
2. Check the sites at the time of the DB dump, they will be unresponsive due to the locked database as long as `mysqldump` run
## Correct behaviour
The DB dump should not effect the websites uptime
## Proposed fix
1. Add a "Huge Database?" Checkbox to the backup options in the website config
2. If enabled use this command / add `--single-transaction` to the `mysqldump` call
```
$command = "mysqldump -h ? -u ? -p? -c --add-drop-table --create-options --quick --single-transaction --max_allowed_packet=512M " . $mysqldump_routines . " --result-file=? ?";
```
## References
https://serversforhackers.com/c/mysqldump-with-modern-mysql
https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html#option_mysqldump_single-transactionhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6260Special backup method: "Manifest creator" or "Delegated backup"2021-12-03T18:16:24ZClaude DuvergierSpecial backup method: "Manifest creator" or "Delegated backup"_Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear w..._Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear with me to understand how this proposal could help "third party" integration._
When I started using ISPConfig I needed a way to backup my websites (both files and databases) using my own existing scripts but because ISPConfig has built-in various full (id. A to Z) methods for backuping the data it manages there was no way to integrate with other tools/scripts (and I understant why: it was not needed).
Put it simply the situation is:
* ISPConfig knows (using the users' settings/preferences):
* where are the data and how to access them
* how often it must be backuped (backups frequency)
* how long (backups retention)
* My backup scripts knows what to do with files and SQL tables (read, compress, de-duplicate, encrypt, send to remote storage, etc.)
From that, my idea is to make ISPConfig "tell" other systems (an existing well-known tool, a self made script, ...) what the user wants to backup, and hence delegate the backup.
So I suggest the creation of a backup method for both websites files and databases that does not backup, compress nor encrypt anything, it would just create a manifest of what to backup.
For the files of a website, the manifest file would provide:
* Website name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* The full/absolute path of the base directory to backup
* The list of paths to exclude (cf. the "Excluded Directories" setting) as full/absolute paths.
For the database, the manifest file would provide:
* Database name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* Credentials to connect to the database server (as the backup/read-only user)
The manifest files would be recreated by ISPConfig when backup settings (frequency, retention, paths, databases, credentials, exclusions, etc.) are changed.
Then ISPConfig work is done and it's up to the other system/script to do the job, the way it detects changes to manifest files is not ISPConfig's business.
Some blur zones (non-exhaustive list):
* Backup triggers: I choose to write the backup frequency in the manifest so the backup tool/script can be aware of this frequency and run accordingly (eg. re-schedule itself or run everyday but detect when was the last execution and skip if not needed yet). But I think ISPConfig could trigger the backup, by executing a well-known command (eg. `/usr/bin/ispconfig/delegate-backup.sh /path/to/one/manifest-file`).
* The fact the manifest file will contains the credentials and could be read by other. So I was thinking ISPConfig could write the credentials only when backup must be run and let the backup tool/script delete it.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6250chrooted: localhost not reachable & php mail2021-12-02T22:23:28ZNinoschrooted: localhost not reachable & php mail## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I thi...## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I think.
## Steps to reproduce
1. Enable chroot-option for website
2. Run example php sendmail script on website
3. Check mail logs
## Correct behaviour
php mail() should also work in chrooted.
## Environment
Server Debian 11 latest
ISPConfig version: 3.2.7p1
## Proposed fix
Open /etc/php/VERSION/fpm/php.ini & change:
```
SMTP = localhost
```
to:
```
SMTP = 127.0.0.1
```
After that I have no more clue (fix for first step) :Dhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6235Feature Request LSWS LiteSpeed2022-11-22T20:08:23ZTrimilurFeature Request LSWS LiteSpeedDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
RegardsDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
Regards