ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2022-03-15T13:23:48Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6285Addon Store for snippet & Nginx Templates2022-03-15T13:23:48ZAlexAddon Store for snippet & Nginx TemplatesIts a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would ...Its a Feature Request, I think its
Nginx directives templates that can be uploaded in ISPConfig in the Webgui . Also a possibility who to integrate an art store in ISPConfig with the possibility to load addons or snippet.
This would then be a dual system of addons tested by the project & a possibility for a community repro on Git for example.
This should only be a thought impulsehttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6280Make Cron Jobs list template accurate2022-01-27T10:16:30ZDimiMake Cron Jobs list template accurateHi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI ...Hi,
I'm not a specialist in filling such requests, however as an IT guy, who manages more than 20 ISPConfig installs, with more than 500 sites on them i would like to add my opinion, which is one of the very often used and very not UI friendly done in ISPconfig.
When there are hundreds of CRON jobs - there is no way you can find what you need and check what is where. Huge gabs(paddings) between timings, very small spaces for command and site name, and whats worst - the text of command and sitename is CROPPED! , which makes the list absolutely unreadable and in fact unusable :disappointed:
I suggest -
1. Make filter bar INDEPENDANT of display area - thus you wont need giving that much space for one symbol time/day/week stars/numbers.
2. Squeeze the display area , and make at least 30-40% of space dedicated for the command to be shown fully
3. DO not crop command/website names- better use multiline
I'm sure theres clever people who can suggest how it can be done even better, but this is really one of the functionality which is a "disfunctionality" for now :)
![cron](/uploads/f52a00fb75218a74647aaf14bf0da549/cron.jpg)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6279Add the record name on item deletion confirmation popup2022-05-28T23:11:16ZSergioAdd the record name on item deletion confirmation popupHi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup t...Hi,
the default confirmation popup for a deletion is not reporting the name of the record we are going to delete (ex. a site or a whole server).
The message is "Do you really want to delete this record?"
Would be useful to have a popup that reports the name of the record we are going to delete, just to be sure that we have clicked the right button in the table, something like:
"Do you really want to delete the website www.ispconfig.org?" or
"Do you really want to delete the server server.ispconfig.org?"
Thanks :smile:
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6262support HTTP/3 QUIC in ISPConfig for nginx2023-08-15T09:15:22ZBartłomiej Bujaksupport HTTP/3 QUIC in ISPConfig for nginxHTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.HTTP/3 QUIC is available in nginx. Nice to have that option in ISPConfig.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6261MySQL Backup - Add option to allow single-transaction mode for huge InnoDB da...2021-12-10T10:29:07ZJanThielMySQL Backup - Add option to allow single-transaction mode for huge InnoDB databases## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
...## Summary (Feature Request)
Running DB Backups on sites with large databases will cause the database being locked for some time and thus make the underlying app not usable.
This is due to the current `mysqldump` command being executed.
https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/server/lib/classes/backup.inc.php#L1216
For sites only having InnoDB tables MySQL recommends to run mysqldump with `--quick` AND `--single-transaction` for huge databases.
As this flag can lead to inconsistent states when MyISAM used, I would suggest to add this as an option.
## Steps to reproduce
1. Enable the DB backup on a huge DB
2. Check the sites at the time of the DB dump, they will be unresponsive due to the locked database as long as `mysqldump` run
## Correct behaviour
The DB dump should not effect the websites uptime
## Proposed fix
1. Add a "Huge Database?" Checkbox to the backup options in the website config
2. If enabled use this command / add `--single-transaction` to the `mysqldump` call
```
$command = "mysqldump -h ? -u ? -p? -c --add-drop-table --create-options --quick --single-transaction --max_allowed_packet=512M " . $mysqldump_routines . " --result-file=? ?";
```
## References
https://serversforhackers.com/c/mysqldump-with-modern-mysql
https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html#option_mysqldump_single-transactionhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6260Special backup method: "Manifest creator" or "Delegated backup"2021-12-03T18:16:24ZClaude DuvergierSpecial backup method: "Manifest creator" or "Delegated backup"_Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear w..._Note: I know there is an issue to add support for [BorgBackup](https://borgbackup.readthedocs.io) (#6202) to ISPConfig and I must admit I came with the following idea as a workaround to use Borg to backup my ISPConfig setups. But bear with me to understand how this proposal could help "third party" integration._
When I started using ISPConfig I needed a way to backup my websites (both files and databases) using my own existing scripts but because ISPConfig has built-in various full (id. A to Z) methods for backuping the data it manages there was no way to integrate with other tools/scripts (and I understant why: it was not needed).
Put it simply the situation is:
* ISPConfig knows (using the users' settings/preferences):
* where are the data and how to access them
* how often it must be backuped (backups frequency)
* how long (backups retention)
* My backup scripts knows what to do with files and SQL tables (read, compress, de-duplicate, encrypt, send to remote storage, etc.)
From that, my idea is to make ISPConfig "tell" other systems (an existing well-known tool, a self made script, ...) what the user wants to backup, and hence delegate the backup.
So I suggest the creation of a backup method for both websites files and databases that does not backup, compress nor encrypt anything, it would just create a manifest of what to backup.
For the files of a website, the manifest file would provide:
* Website name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* The full/absolute path of the base directory to backup
* The list of paths to exclude (cf. the "Excluded Directories" setting) as full/absolute paths.
For the database, the manifest file would provide:
* Database name (eg. for naming the backups)
* The backup interval (the frequency)
* Number of backup copies (the retention)
* Credentials to connect to the database server (as the backup/read-only user)
The manifest files would be recreated by ISPConfig when backup settings (frequency, retention, paths, databases, credentials, exclusions, etc.) are changed.
Then ISPConfig work is done and it's up to the other system/script to do the job, the way it detects changes to manifest files is not ISPConfig's business.
Some blur zones (non-exhaustive list):
* Backup triggers: I choose to write the backup frequency in the manifest so the backup tool/script can be aware of this frequency and run accordingly (eg. re-schedule itself or run everyday but detect when was the last execution and skip if not needed yet). But I think ISPConfig could trigger the backup, by executing a well-known command (eg. `/usr/bin/ispconfig/delegate-backup.sh /path/to/one/manifest-file`).
* The fact the manifest file will contains the credentials and could be read by other. So I was thinking ISPConfig could write the credentials only when backup must be run and let the backup tool/script delete it.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6250chrooted: localhost not reachable & php mail2021-12-02T22:23:28ZNinoschrooted: localhost not reachable & php mail## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I thi...## Summary
php mail() is not working on chrooted websites (php-fpm), still after changing `SMTP = localhost` to `SMTP = 127.0.0.1` in php.ini-file. localhost is not reachable via chrooted, but that's not the problem with php mail() I think.
## Steps to reproduce
1. Enable chroot-option for website
2. Run example php sendmail script on website
3. Check mail logs
## Correct behaviour
php mail() should also work in chrooted.
## Environment
Server Debian 11 latest
ISPConfig version: 3.2.7p1
## Proposed fix
Open /etc/php/VERSION/fpm/php.ini & change:
```
SMTP = localhost
```
to:
```
SMTP = 127.0.0.1
```
After that I have no more clue (fix for first step) :Dhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6235Feature Request LSWS LiteSpeed2022-11-22T20:08:23ZTrimilurFeature Request LSWS LiteSpeedDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
RegardsDear developers,
I herewith request litespeed webserver support for ispconfig. LSWS is highly compatibly to apache configurations and very performant. It also natively supports HTTP/3 and should be a big benefit to this project.
Regardshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6225Possible Alternative to disable LE check for natted servers.2021-09-03T08:00:13ZChrisPossible Alternative to disable LE check for natted servers.As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external se...As an ISPConfig user that is behind a nat router (I have not yet figured nat hairpinning in cisco routers) I propose the following as an alternative to just disabling the LE check.
Instead, it would be possible to request an external service verify the host/domain is indeed accessible.
How I see this in practice:
Ispconfig > system > server config > ssl > NAT Router (checkbox) (as oppose to disable LE check)
When performing the check, if the NAT box is checked, Call out to verification server.
[It could be a service hosted by ISPConfig but could just as easily be any of the "is this site up" services that has a free user api. (with a quick google, I see that: check-host.net for example has an array of check types that could be used for this.)
Get the result and proceed with cert creation or report back an issue.
In summary:
I believe this approach would be more effective than just disabling the check because it will mean misconfigured hostnames/domains, missing dns or websites, wrong server used for a site, firewall woes and the rest of the usual suspects will not result in a failed cert request to LE.
One or two fails may not be an issue but we know there is a rate limit so whatever we can do to keep the failures from occurring in the first place would be a bonus.
Essentially this will allow ISPConfig to still pre-empt failures and would only affect those that have the NAT configuration set in server configs. For everybody else you can just perform the normal check.
An option in the installer that allows for enabling the option from the outset would be preferable although that would just be a small bonus addition to the overall feature.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6222Make reproducible release tarballs2023-12-03T21:07:13ZDaniel JagszentMake reproducible release tarballsI check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e4...I check the SHA sum of the ISPConfig tarballs before I install them.
The SHA 256 sum of the 3.2.5 release at https://www.ispconfig.org/downloads/ISPConfig-3.2.5.tar.gz changed from `c071f975e0f570c58fd14f517b4e42e350a2123625650f6365796e416b8242d5` to `b18e992f9ac81acb30e9536f6cff4e6deebf631fc3ec126b897314c4a03891b9`.
That made me suspicious (could have easily been a hack that replaced the original release with a malicious one) – but the two tarballs extract to the very same directory tree (I had the earlier version laying around to check).
Looks like the tarball was re-created recently (maybe to test !1496?). The tar and gzip file format include metadata (like the current PID or the current time) that make two tar+gzip archives of the same directory tree binary different even if they extract to the same directory tree.
Please consider to either
* never ever overwrite a published release (e.g. skip uploading if there is a file with the same name) or
* make the tarballs [reproducible](https://reproducible-builds.org/docs/archives/).
Also, "offical" SHA 256 sums in the release blog post would be wonderful :smile:Daniel JagszentDaniel Jagszenthttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6211Selected PHP Version in Jail2021-08-18T13:29:54ZGhost UserSelected PHP Version in JailTaken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switch...Taken from /etc/jailkit/jk_init.ini:
```
# Debian 10 default php version is 7.3 (Debian 9 is 7.0)
# Todo: set default version in ISPConfig installer,
# but install the php cli version matching the website
```
In this case, should switching the PHP version remove the old PHP version from the jail? To me it looks like that would be hard to implement, considering ISPConfig doesn't remove redundant things (aka sections or applications I removed from System > Server Config > Jailkit that were previously there) from jails after re-syncing shell users.
If this is the specific reason it wasn't implemented yet, I think an easier approach would be including all PHP versions in the jail, and just modify the php (no version number) binaries to be symlinked to the right version like `sudo update-alternatives --config php` does (this command only works outside of the jail).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6206Interface setting > mail > max backup copies2021-07-30T13:17:26ZFrançois GrizzlyDevInterface setting > mail > max backup copiesRegarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the ma...Regarding this commit, which enabled to retain up to 30 backup copies (previously limited to 10): aa1eed46b3d03746640a73db6df7d163ba036df3
The goal of this merge request is to add an interface setting in order to limit (below 30) the maximum backup copies (for **email** only), so clients' options would be globally limited when accessing the "Backup" tab.
Before going any further, my guess is to add an [interface setting](https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md#interface-settings).
And obviously enforce the limit in the `mail_user.backup_copies` SQL column when this setting is changed. This could be done using some feature such as the setting input "custom" validator, for example: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/interface/web/admin/form/system_config.tform.php#L224
For this last point especially, I am not sure this is the way to go, comments are welcome!https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6188Add field for FPM-Chroot Docroot2021-06-21T13:49:21ZPatrick OmlandAdd field for FPM-Chroot DocrootIf Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Poo...If Chroot FPM is selected, add a Field for Custom Docroot. When there is detected a Custom Docroot Input change FPM Pool config with new Docroot. Like Openbasedir Field no Input = Change nothing and / Custom Input = Change Docroot in Pool config
See this Thread (German)
https://forum.howtoforge.de/threads/docroot-unter-chroot-fpm.12662/#post-62035https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6184rspamd: don't use secure_ip2021-06-21T15:47:39ZJesse Norellrspamd: don't use secure_ipWe currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail ...We currently setup rspamd with a password for worker-controller, with secure_ip set to localhost; that is probably fine for a dedicated mail server, but allows access to the controller by all clients for systems which share web and mail services (eg. single-server), as addresses in secure_ip do not require a password. We should drop the use of secure_ip, and preferably switch to using unix sockets to talk to all rspamd daemons.
Also provide examples of how to configure reverse proxies to connect and authenticate (eg. add a Password header and use unix rather than tcp socket).https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6171rspamd config errors (harmless) during install2021-06-20T18:53:47ZJesse Norellrspamd config errors (harmless) during installI have a server running amavis, which I'm updating prior to converting to rspamd, however rspamd is installed - during ispconfig update some (harmless) errors showed configuring rspamd, probably due to my current install/config state, bu...I have a server running amavis, which I'm updating prior to converting to rspamd, however rspamd is installed - during ispconfig update some (harmless) errors showed configuring rspamd, probably due to my current install/config state, but can easily be hidden or avoided:
```
Configuring Postfix
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Rspamd
chgrp: cannot access '/etc/rspamd/local.d/worker-controller.inc': No such file or directory
chmod: cannot access '/etc/rspamd/local.d/worker-controller.inc': No such file or directory
Configuring Getmail
...
```https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6170Always log a warning/error when LE + SSL is disabled because of a failure2021-05-20T19:16:21ZThomAlways log a warning/error when LE + SSL is disabled because of a failureCurrently, a warning is logged if the Let's Encrypt check is enabled (default behaviour) and it couldn't create the cert. But when there is a setting roll back, it is not logged. See the discussion on #5042Currently, a warning is logged if the Let's Encrypt check is enabled (default behaviour) and it couldn't create the cert. But when there is a setting roll back, it is not logged. See the discussion on #5042https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6169Generalised 3rd party service integration (to support Cloudflare DNS)2022-10-02T09:23:50ZJudah - MWGeneralised 3rd party service integration (to support Cloudflare DNS)Details
=======
Hi all, we would like to integrate Cloudflare (DNS specifically) with ISPConfig so that ISPC can be the master source of truth for DNS (and still continue to run named) but can keep separate CF DNS accounts in sync with ...Details
=======
Hi all, we would like to integrate Cloudflare (DNS specifically) with ISPConfig so that ISPC can be the master source of truth for DNS (and still continue to run named) but can keep separate CF DNS accounts in sync with DNS changes. At the moment we have to make DNS changes twice, once in ISPC and then replicated to CF which is slow and error prone.
In doing some research for this oft-requested feature we found this open feature request: #4846 and [this HowToForge thread.](https://www.howtoforge.com/community/threads/dns-cloudflare-sync.84504/)
At the bottom of that HowToForge thread, @jnorell suggests generalising the system so it is provider agnostic and can then work with multiple DNS providers, which makes a lot of sense to me. It could even be generalised further so that it isn't just limited to linking DNS with external systems but also potentially websites with CDNs, etc.
So I guess I'd like to know: does that sound like something that fits nicely into ISPC? If I started on it would it be something you'd accept as a contribution? Do you have any guidance on the design/implementation? Are there any other ongoing efforts to do something similar I could take part in?
Finally, what would be preferable:
1. A Cloudflare specific integration.
2. A DNS specific integration (but 3rd party API agnostic, like Jesse suggested.)
3. A completely general 3rd party framework (not limited to DNS.)
How it could work
=================
Server
------
- Server plugin for 3rd parties which imports 3rd party specific libraries.
- Server library for Cloudflare imported as above which registers the right event listeners.
- New DB table `third_party_connection` used by the plugin to store generic 3rd party connections.
Interface
---------
- New tab in Settings > Server config > called "3rd party connections" where the administrator can provide Cloudflare Reseller credentials, they are stored in the generic `third_party_connection` database as type `cloudflare_reseller`.
- New limits in limit template to enable 3rd party access for clients.
- New tab on DNS zone "External DNS" with dropdown menu to select a 3rd party integration, then option to supply email/API key and even a "New account" button if reseller credentials are installed on server. (Creds also stored in `third_party_connection` table.
- New tab on DNS record "External DNS", allowing setting specific settings such as Cloudflare proxy status. (Where would that info be stored? Tricky. Extend the DNS record table to include a new column `third_party_data` (to keep it general)? Or a new table `third_party_data` to store all extra data?)
I'd appreciate your feedback on the approach before I start to see if I'm barking up the wrong tree, and also to see if anyone would like to help.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6164Make IPv6 address inselectable when * is set for IPv4 address for vhost.2021-05-12T12:55:06ZThomMake IPv6 address inselectable when * is set for IPv4 address for vhost.<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug,...<!-- Before creating a bug report, please:
- Read the contribution guidelines: https://git.ispconfig.org/ispconfig/ispconfig3/-/blob/develop/CONTRIBUTING.md
- Do not ask support questions here. If you are unsure if your problem is a bug, post a thread on the forum: https://www.howtoforge.com/community/#ispconfig-3.23
- Make sure to remove any content from the description that you did not add. For example, if there are no related log entries, remove the whole "Related log entries" part.
-->
## Summary
When creating a new site and selecting "*" for IPv4 address, you can still select a IPv6 address. This option should be blurred out (and set to none), and maybe we should show a text like "Vhost is listening on all server addresses" to the IPv6 field.
## References
https://www.howtoforge.com/community/threads/2-ipv6-addresses-which-one.86944/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6159Add support for CentOS Stream to OS detection code2022-09-06T09:13:54ZTill BrehmAdd support for CentOS Stream to OS detection code
https://www.howtoforge.com/community/threads/centos8-amavis-and-clamd-scan-not-point-to-same-sock-file.86819/#post-421711
https://www.howtoforge.com/community/threads/centos8-amavis-and-clamd-scan-not-point-to-same-sock-file.86819/#post-421711https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6154Extra single quote when creating wildcart certs in SSL tab2023-09-16T14:46:24ZHj Ahmad Rasyid Hj IsmailExtra single quote when creating wildcart certs in SSL tab## Summary
Wildcard subdomain created certs has single quotes in uts filename instead of not having it.
## Steps to reproduce
1. Go to Sites tab
1. Click on any website e.g. domain.tld
1. Select its SSL tab
1. Select \*.domain.tld
1. ...## Summary
Wildcard subdomain created certs has single quotes in uts filename instead of not having it.
## Steps to reproduce
1. Go to Sites tab
1. Click on any website e.g. domain.tld
1. Select its SSL tab
1. Select \*.domain.tld
1. Create SSL
1. Certs created in ssl folder but with single quote in its file name e.g. '\*.domain.tld.ext'
## Correct behaviour
The files' name should just be \*.domain.tld.ext (without any quotes) instead of '\*.domain.tld.ext' (with single quotes)
## Environment
Server OS + version: Ubuntu 20.04 ISPConfig version: 3.2.4