ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2019-02-14T17:27:50Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5241Add a {docroot] variable for apache directive snippets2019-02-14T17:27:50ZTill BrehmAdd a {docroot] variable for apache directive snippetsAdd a {docroot] variable for apache directive snippetsAdd a {docroot] variable for apache directive snippets3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5237DNS: xfer / also_notify fields too short2019-03-20T18:07:15ZKordian BruckDNS: xfer / also_notify fields too shortI need to add a longer list of IPs for transfer and notification to those fields. The DB columns are limited to `varchar(255)`. Can we change this to `TEXT`?
Example List:
```
109.201.133.61
108.59.2.202
79.137.84.65
46.165.221.164
185....I need to add a longer list of IPs for transfer and notification to those fields. The DB columns are limited to `varchar(255)`. Can we change this to `TEXT`?
Example List:
```
109.201.133.61
108.59.2.202
79.137.84.65
46.165.221.164
185.136.96.96
185.136.97.96
185.136.98.96
185.136.99.96
185.206.180.196
2a00:1768:1001:9::21
2604:9a00:2100:a006:4::1
2001:41d0:401:3100::5784
2a00:c98:2030:a006:2::1
2a06:fb00:1::1:96
2a06:fb00:1::2:96
2a06:fb00:1::3:96
2a06:fb00:1::4:96
2a0b:1640:1:3::4
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5236Reverse proxy to ispconfig on port 8080 does not work due cookie storage problem2023-12-13T20:51:05ZRajko AlbrechtReverse proxy to ispconfig on port 8080 does not work due cookie storage problemI tried to setup a reverse proxy for `config.mydomain.de` pointing to `localhost:8080`. Login page appears, enter credentials and submit. Login page appears again. So usage of ispconfig via reverse proxy isn't possible.
This is the snip...I tried to setup a reverse proxy for `config.mydomain.de` pointing to `localhost:8080`. Login page appears, enter credentials and submit. Login page appears again. So usage of ispconfig via reverse proxy isn't possible.
This is the snippet I use:
```
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/
```
## correct behaviour
It should work as accessing it via 8080
## environment
Happens with nginx and apache.
The reason is line 73 in `app.inc.php`: You assign the `SERVER_NAME` to `$cookie_domain`, which is in that case `localhost`.
I think it was made for CSRF protection, but IMHO this is the wrong way. For CSRF you should send an extra CSRF-Token with each post and the cookiedomain should be blank (browser bind it themself to called domain). this is the way, application servers like Ruby on Rails or tomcat and php software like wordpress and so on do it.
Alternative check for `$_SERVER['HTTP_X_FORWARDED_SERVER']`, too.
The current way is no real protection agains CSRF (realy) and another reason does not exist for that I think.
Alternative you may give an option for admins "forbid proxy redirection to ispconfig panel" which enables the current behaviour and for those don't want it, eg, want access it via there own domain name (or can not use port 8080 due firewall restrictions) may let it unchecked and `$cookie_domain` is not set this hard way.
rewrite line
```php
$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
```
to
```php
$cookie_domain = '';
```
makes our resellers happy 'cause them can use snippet above.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5227SOAP API "dns_templatezone_add" error "Column 'xfer' cannot be null"2019-02-15T16:47:58ZMaBoRaKSOAP API "dns_templatezone_add" error "Column 'xfer' cannot be null"## short description
The SOAP API process "dns_templatezone_add" is not working in the latest version of ISPConfig
the file:
```
interface/lib/classes/remote.d/dns.inc.php
```
line `132`
## correct behaviour
Small code modification....## short description
The SOAP API process "dns_templatezone_add" is not working in the latest version of ISPConfig
the file:
```
interface/lib/classes/remote.d/dns.inc.php
```
line `132`
## correct behaviour
Small code modification.
## environment
- Server OS: CentOS
- Server OS version: 7.6
- ISPConfig version: 3.1.5
## proposed fix
Change the line:
```
$xfer = $vars['xfer'];
```
to
```
$xfer = '';
```
## log entries
MySQL error output:
```
MariaDB [dbispconfig]> INSERT INTO `dns_soa` (`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`origin`,`ns`,`mbox`,`serial`,`refresh`,`retry`,`expire`,`minimum`,`ttl`,`active`,`xfer`,`also_notify`,`update_acl`) VALUES ('2','2','riud','riud','','1','plusdedevis.com.','ns1.plusdedevis.com.','support.plusdedevis.com.','2019012501','7200','540','604800','3600','3600','Y',NULL,NULL,NULL);
ERROR 1048 (23000): Column 'xfer' cannot be null
MariaDB [dbispconfig]>
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5225ISPConfig fails to create ispconfig user during initial installation with MyS...2019-07-03T13:52:29ZolokosISPConfig fails to create ispconfig user during initial installation with MySQL 8.0.14## short description
I'm trying to install ispconfig on a machine that did not have it before, but it's halting on this step:
ERROR: Unable to create database user: ispconfig Error:
and wouldn't proceed any further
## correct behaviour
...## short description
I'm trying to install ispconfig on a machine that did not have it before, but it's halting on this step:
ERROR: Unable to create database user: ispconfig Error:
and wouldn't proceed any further
## correct behaviour
Installer script should proceed further, but won't if running MySQL 8 since creating users using GRANT statement is removed in 8.
## environment
Server OS: Ubuntu server
Server OS version: 18.04 x64
ISPConfig version: https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1 that one
## proposed fix
I found a workaround here https://www.eninsoft.com/instalacion-de-ispconfig-3-x-en-debian-9-mysql8-version-optimizada/
But proper fix would be to create user according to mysql 8 guidelines without GRANT statement usage.
Starting with MySQL 8 you no longer can (implicitly) create a user using the GRANT command. Use CREATE USER instead, followed by the GRANT statement:
mysql> CREATE USER 'root'@'%' IDENTIFIED BY 'root';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5223PowerDNS 4.x support2019-01-18T08:21:02ZWebslicePowerDNS 4.x supportThe main difference is that pdnssec is now called pdnsutil. Furthermore the DNSsec output is slightly different. Also, secure-zone now creates a CSK but we need the KSK/ZSK, so that command was changed to explicitly use add-zone-key inst...The main difference is that pdnssec is now called pdnsutil. Furthermore the DNSsec output is slightly different. Also, secure-zone now creates a CSK but we need the KSK/ZSK, so that command was changed to explicitly use add-zone-key instead of the 'shortcut' secure-zone command.
In any case, we should detect the correct version of PowerDNS by looking for either pdnssec or pdnsutil. The attached pr !865 should take care of this, while maintaining PowerDNS 3.x compatibility3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5219Run getmail only on master when server is a mirror2019-03-05T17:03:53ZTill BrehmRun getmail only on master when server is a mirrorhttps://www.howtoforge.com/community/threads/getmail-catch-emails-duplicate-on-servers-in-cluster.81076/https://www.howtoforge.com/community/threads/getmail-catch-emails-duplicate-on-servers-in-cluster.81076/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5218Add incron plugin2019-03-26T16:55:20ZWebsliceAdd incron pluginIt is feasible for us to allow our customers to reload PHP-FPM to clear the opcache, after they perform deployments of their PHP applications. To facilitate this we would like to add a plugin which creates a default incrond configuration.It is feasible for us to allow our customers to reload PHP-FPM to clear the opcache, after they perform deployments of their PHP applications. To facilitate this we would like to add a plugin which creates a default incrond configuration.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5216Send emails to active customers and resellers only.2019-03-11T11:38:14ZTill BrehmSend emails to active customers and resellers only.https://www.howtoforge.com/community/threads/send-email-function.81046/https://www.howtoforge.com/community/threads/send-email-function.81046/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5215New Remote API Functions for sys_datalog and DNS slave zones2019-01-08T11:10:09ZTill BrehmNew Remote API Functions for sys_datalog and DNS slave zonesNew remote API functions added:
sys_datalog_get($session_id, $datalog_id, $newer = false)
sys_datalog_get_by_tstamp($session_id, $tstamp)
dns_slave_zone_get($session_id, $primary_id)New remote API functions added:
sys_datalog_get($session_id, $datalog_id, $newer = false)
sys_datalog_get_by_tstamp($session_id, $tstamp)
dns_slave_zone_get($session_id, $primary_id)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5214relayhost without authentication (easy fix)2023-06-05T06:59:21ZGhost Userrelayhost without authentication (easy fix)## short description
Setting up a relayhost without username/password results in "smtp_sasl_auth_enable = yes", which means it is trying to authenticate to the relayhost, but cannot (nothing to authenticate with), hence a SASL authentica...## short description
Setting up a relayhost without username/password results in "smtp_sasl_auth_enable = yes", which means it is trying to authenticate to the relayhost, but cannot (nothing to authenticate with), hence a SASL authentication failure error from the relayhost.
## correct behaviour
No relayhost credentials provided shouldn't cause authentication to be tried.
## environment
Server OS: Debian
Server OS version: stretch (9.6)
ISPConfig version: 3.1.13
## proposed fix
When the username field is empty, do not flip the smtp_sasl_auth_enable setting, but leave it instead to its default of "smtp_sasl_auth_enable = no".3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5209Add support for renaming empty databases2019-01-08T10:21:36ZTill BrehmAdd support for renaming empty databaseshttps://www.howtoforge.com/community/threads/renaming-database-in-ispc.80952/https://www.howtoforge.com/community/threads/renaming-database-in-ispc.80952/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5202Add client_get_by_groupid in remote library2019-01-08T11:07:57ZMathieu PellegrinAdd client_get_by_groupid in remote libraryHello,
I searched inside the code of the API and I didn't find a function that returns the client from the group ID. Note that The contrary is possible with client_get_groupid.
I wrote an implementation in `interface/lib/classes/remote...Hello,
I searched inside the code of the API and I didn't find a function that returns the client from the group ID. Note that The contrary is possible with client_get_groupid.
I wrote an implementation in `interface/lib/classes/remote.d/client.inc.php`:
```
public function client_get_by_groupid($session_id, $group_id)
{
global $app;
if(!$this->checkPerm($session_id, 'client_get_id')) {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
$group_id = $app->functions->intval($group_id);
$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $group_id);
if(isset($rec['client_id'])) {
$client_id = $app->functions->intval($rec['client_id']);
return $this->client_get($session_id, $client_id);
} else {
throw new SoapFault('no_group_found', 'There is no client for this group ID.');
return false;
}
}
```
I didn't know how to handle the checkPerm, so I copy/past from `client_get_id`.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5190nginx server listen ipv6 and ipv4 and SSL2019-07-05T07:51:32ZSebastiannginx server listen ipv6 and ipv4 and SSL## short description
Creating a website on a nginx Webserver which got ipv6 and ipv4, the template only creates `listen *:80;` in server config.
That way nginx is only serving ipv4 connections.
## correct behaviour
Since ISPConfig is a...## short description
Creating a website on a nginx Webserver which got ipv6 and ipv4, the template only creates `listen *:80;` in server config.
That way nginx is only serving ipv4 connections.
## correct behaviour
Since ISPConfig is able to split serving ipv4 and ipv6 for a vhost, I suggest best way is to add:
```
listen *:80;
listen [::]:80 ipv6only=on;
```
That way you keep the visual splitting. If you remove ipv6only=on,
`listen [::]:80;`
is serving IPv4 AND IPv6 and you could drop the `listen *:80;`.
Additional, if you did not use gai.conf to prefer ipv4 over ipv6, letsencrypt is not able to verify the website, unless you add `listen [::]:80;`
After SSL is working you need to add the IPv6 SSL listen parameter manually, too.
To have IPv4 and IPv6 working with SSL on a vhost, I suggest this:
```
server {
listen *:80;
listen [::]:80 ipv6only=on;
listen *:443 ssl;
listen [::]:443 ssl ipv6only=on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
```
In my manually edited config, I currently use this, because it is shorter. It is also working for IPv4 and IPv6.
```
server {
listen [::]:80;
listen [::]:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/client0/web38/ssl/domain.com-le.crt;
ssl_certificate_key /var/www/clients/client0/web38/ssl/domain.com-le.key;
server_name domain.com ;
root /var/www/domain.com/web/;
```
## environment
Server OS: debian
Server OS version: stretch
ISPConfig version: 3.1.13
If it might be related to the problem
```
nginx version: nginx/1.10.3
```
```
PHP 7.0.30-0+deb9u1 (cli) (built: Jun 14 2018 13:50:25) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.30-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5189Check cron lock file date2018-12-04T09:10:25ZKordian BruckCheck cron lock file dateFor `sys_cron` we are using a lock file in `/usr/local/ispconfig/server/temp/.ispconfig_cron_lock`. It would be nice, if the monitor page checks this file for its creation time.
For me someday a cronjob has died and ever since it hadn'...For `sys_cron` we are using a lock file in `/usr/local/ispconfig/server/temp/.ispconfig_cron_lock`. It would be nice, if the monitor page checks this file for its creation time.
For me someday a cronjob has died and ever since it hadn't started those tasks like backup, dns changes etc.:
```
-rwxr-x--- 1 root root 5 Sep 15 03:00 /usr/local/ispconfig/server/temp/.ispconfig_cron_lock
```
We could have a cooldown that would delete this file after a few hours/days just in case or at least have the monitor page alert admins/users that the system maintenance tasks have not been run in a while.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5168Mail server settings can generate invalid main.cf2018-12-04T17:58:52ZJan PechekMail server settings can generate invalid main.cf## short description
System > Server Configuration -> Mail settings allow me leave "Message Size Limit" unconfigured when i specify"Mailbox Size Limit". This lead to misconfigured Postfix main.cf:
`fatal: main.cf configuration error: ma...## short description
System > Server Configuration -> Mail settings allow me leave "Message Size Limit" unconfigured when i specify"Mailbox Size Limit". This lead to misconfigured Postfix main.cf:
`fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit`
This also can have other consequences, for example Mailman cannot deliver emails to local transport:
`to=<conf@localhost>, orig_to=<Conf@lists.domain.com>, relay=none, delay=414887, delays=414887/0.08/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable)`
## correct behaviour
ISPConfig should check if mailbox_size_limit isn't lower than message_size_limit and should notify user.
## environment
Server OS: Debian
Server OS version: Jessie
ISPConfig version: 3.1.113.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5167DKIM public key for subdomain not saved in dns2018-12-12T17:02:15ZJaapDKIM public key for subdomain not saved in dns## short description
DKIM public key is not published in dns when making a DKIM key for a subdomain
## correct behaviour
When creating a DKIM key from Email->Domain, the key should not only be stored for use by Amavis, but the public ke...## short description
DKIM public key is not published in dns when making a DKIM key for a subdomain
## correct behaviour
When creating a DKIM key from Email->Domain, the key should not only be stored for use by Amavis, but the public key should also be published in DNS. This works for normal domains, but not for subdomains.
## environment
Server OS: Debian
Server OS version: Wheezy
ISPConfig version: 3.1.13
## proposed fix
I don't know ISPConfig well enough to fix this myself :-(
## references
My post on howtoforge about this subject:
https://www.howtoforge.com/community/threads/dkim-public-key-for-subdomain-not-saved-in-dns.80434
## log entries
/var/log/ispconfig/ispconfig.log:
```
29.10.2018-17:07 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
29.10.2018-17:07 - DEBUG - Found 1 changes, starting update process.
29.10.2018-17:07 - DEBUG - Calling function 'soa_update' from plugin 'bind_plugin' raised by event 'dns_soa_update'.
29.10.2018-17:07 - DEBUG - Writing BIND domain file: /etc/bind/pri.domain.tld
29.10.2018-17:07 - DEBUG - Writing BIND named.conf.local file: /etc/bind/named.conf.local
29.10.2018-17:07 - DEBUG - Processed datalog_id 52547
29.10.2018-17:07 - DEBUG - Calling function 'restartBind' from module 'dns_module'.
29.10.2018-17:07 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5165PHP Syntax error in "install/dist/lib/opensuse.lib.php" on line 5102018-10-25T12:58:37ZAnthonyPHP Syntax error in "install/dist/lib/opensuse.lib.php" on line 510## short description
What is happening and what is wrong with that?
crash of the install script.
## correct behaviour
What should happen instead?
the script should finish its work
## environment
Server OS: OpenSuse
Server OS version: Lea...## short description
What is happening and what is wrong with that?
crash of the install script.
## correct behaviour
What should happen instead?
the script should finish its work
## environment
Server OS: OpenSuse
Server OS version: Leap 42.3
ISPConfig version: 3.1.13
_you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_
If it might be related to the problem
```
insert the output of `nginx -v` or `apachectl -v` here
```
```
insert the output of `php -v` here
```
## proposed fix
optional, of course.
if you want to post code snippets, please use
```
your code
```
replace :
$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir']);
by :
$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
in :
ispconfig3_install/install/dist/lib/opensuse.lib.php
on line : 510
## references
if you know of related bugs or feature requests, please reference them by using `#<bugnumber>`, e. g. #123
if you have done a merge request already, please reference it by using `!<mergenumber>`, e. g. !12
if you know of a forum post on howtoforge.com that deals with this topic, just add the link to the forum topic here
## screenshots
optional, of course.
Add screenshots of the problem by clicking "Attach a file" on the bottom right.
## log entries
```
apache / nginx error.log lines (if related)
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5163Databases still exists on reseller delete2019-07-04T16:55:34ZWHODatabases still exists on reseller delete## short description
Reseller-Databases still exists in ISPConfig if a reseller will deleted. (Only assigned site will removed)
## correct behaviour
If a reseller is deleted the databases should removed too.
## environment
Server OS: (...## short description
Reseller-Databases still exists in ISPConfig if a reseller will deleted. (Only assigned site will removed)
## correct behaviour
If a reseller is deleted the databases should removed too.
## environment
Server OS: (debian)
Server OS version: (stretch)
ISPConfig version: (3.1.13 stable)
Server version: Apache/2.4.25 (Debian)
Server built: 2018-06-02T08:01:13
PHP 7.2.11-2+0~20181015120801.9+stretch~1.gbp8105e0 (cli) (built: Oct 15 2018 12:08:03) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.11-2+0~20181015120801.9+stretch~1.gbp8105e0, Copyright (c) 1999-2018, by Zend Technologies3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5161DNSSEC support in PowerDNS plugin2019-03-05T08:34:52ZGhost UserDNSSEC support in PowerDNS pluginContinuing from #4613, we have successfully extended the PowerDNS plugin to provide DNSSEC support. The dnssec_info box shows the DS keys (and KSK, which is required for .nl). In our efforts we have tried to match the behaviour for the B...Continuing from #4613, we have successfully extended the PowerDNS plugin to provide DNSSEC support. The dnssec_info box shows the DS keys (and KSK, which is required for .nl). In our efforts we have tried to match the behaviour for the BIND plugin as much as possible, to keep things consistent. There is just one final question to solve before we open the pull request.
In the BIND plugin, if you uncheck the `Sign zone (DNSSEC)` checkbox, the key files are not deleted. Only the `.signed` file is deleted. If you re-enable the checkbox again, the existing keys will be used. This is also denoted by the text at the checkbox, stating:
```
(When disabling DNSSEC keys are not going to be deleted if DNSSEC was enabled before and keys already have been generated but the zone will no longer be delievered in signed format afterwards.)
```
Unfortunately this behaviour is problematic to implement with PowerDNS, because when you run `pdnssec disable-dnssec` it actually deletes the keys too. So if you re-enable it afterwards, you will have new keys and your dnssec configuration will be invalid.
There are several options we can think of:
a. Export the key to text files when disabling, and import them when re-enabling
b. De-activate the keys instead of running `disable-dnssec` - but this is problematic if you have any inactive keys for rotation. So in this case we would also somehow need to remember the key ID's which we de-activated, so we know which ones to re-activate
c. Change the text message to a warning that existing keys will be deleted if you are using PowerDNS. This is the simplest and most concise solution, because it matches how PowerDNS works. But I don't know if this is possible to do, since the template is the same for both BIND and PowerDNS. So we would somehow need to know in the `dns_soa_edit.htm` template, what kind of DNS server we are operating on.
So in short the question is: how do you guys think we should deal with this 'disable' checkbox? What is the expected behaviour, and how important is it for the project to keep behaviour here the same for BIND and PowerDNS? We have a preference for option C. Do you guys agree, or do you see other possibilities?
Thank you in advance.
Edit: one more option comes to mind... how about a confirmation dialog when disabling DNSSEC, warning you that you must remove DS records first (and wait for caching DNS servers to forget those too)?3.1.14