ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2019-07-03T11:12:07Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4353Layout Issues2019-07-03T11:12:07ZSamuel SutherLayout IssuesThe new Layout is awesome. :Thanks a lot for this.
But here a Bug I've found... the dropdodwn-Field is much to small (on any view, not only on the "Server"-View) [here in Google Chrome on Linux]:
![Auswahl_090](/uploads/e88d229820532c590...The new Layout is awesome. :Thanks a lot for this.
But here a Bug I've found... the dropdodwn-Field is much to small (on any view, not only on the "Server"-View) [here in Google Chrome on Linux]:
![Auswahl_090](/uploads/e88d229820532c590fb01f9293db2b8d/Auswahl_090.jpg)
Here how to fix it:
![Auswahl_089](/uploads/8ab8ccfc11e5fb6f5ba0e9f02ae7b7b0/Auswahl_089.jpg)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3220Add support for chrooted php-fpm2020-08-16T17:40:54ZJustin AlbstmeijerAdd support for chrooted php-fpmHi,
I got chrooted php-fpm working in ISPconfig 3.0.5.3 and I was hoping you might be interested in implementing it in a future ISPconfig version.
I don't pretend these instructions below are anywhere near the way it should be implemen...Hi,
I got chrooted php-fpm working in ISPconfig 3.0.5.3 and I was hoping you might be interested in implementing it in a future ISPconfig version.
I don't pretend these instructions below are anywhere near the way it should be implemented. It's just dirty hacked prove of concept. But I hope it covers the info you need to implement it nicely.
What did I do;
1- created a patched version of php_fpm_pool.conf.master in server/conf-custom/php_fpm_pool.conf.master. See php_fpm_pool.conf.master.patch
2- patched server/plugins-available/apache2_plugin.inc.php to get the desired chroot directory VAR to use in the php_fpm pool config. See apache2_plugin.inc.php.patch
3- added some extra needed files to jailkit. See jk_init.ini.extra
4- patched server/plugins-available/shelluser_jailkit_plugin.inc.php to change needed permissions on /etc/msmtprc. See shelluser_jailkit_plugin.inc.php.patch
5- two files are added through jailkit to make mail work in the chroot. See msmtprc (mail.rc is de default p[oviced by mailx)
6- one php fix include file is added to fix some variables that are not set correctly by php-fpm. See phpfix
7- on the Centos based web server I installed php54-php-fpm-5.4.16 packages from SCL, which makes it possible to run multiple php versions and even keep the original mod_php version available.
8- added the extra section of jk_init.ini in System->Server Config->the webserver->jailkit
9- added "Additional PHP Version" with these settings:
Path to the PHP-FPM init script: /etc/init.d/php54-php-fpm
Path to the php.ini directory: /opt/rh/php54/root/etc/php.d
Path to the PHP-FPM pool directory: /opt/rh/php54/root/etc/php-fpm.d
Some issues with the dirty hack above.
1- "hardlinks = 0" in the new jk_init.ini is ignored by ISPconfig as it utilizes "-k" on execution. This means that changing the permissions in shelluser_jailkit_plugin.inc.php will break the mail function on previous created chrooted sites.
So ISPconfig should respect the jk_init.ini settings or placing the mail support files should take place somewhere else.
2- resolving in php within the chrooted php-fpm does not work till a chrooted shell account is created providing the necessary libraries/files. so you will need to add the chrooted shell user and restart the php-fpm process to make resolving work for now. So these files should be installed on creating the vhost without the need of a chrooted shell user in the eventual implementation.
3- The same as point 2, phpfix is only added as part of a chrooted shell user. So this file should be installed on creating the vhost without the need of a chrooted shell user in the eventual implementation.
No big issues to solve, just things that are part of this dirty hack till a better place to do these things has been found.
Gr, J3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4814Symlinks breaks FPM on Debian Stretch2019-07-03T11:15:47ZSergio Brighentisergio@brighenti.meSymlinks breaks FPM on Debian Stretch## short description
Overriding the document root with the {DOCROOT} placeholder in apache directives breaks php-fpm. So:
```
DocumentRoot {DOCROOT}/folder
```
in apache directive will results in `DocumentRoot /var/www/example.com/web/fo...## short description
Overriding the document root with the {DOCROOT} placeholder in apache directives breaks php-fpm. So:
```
DocumentRoot {DOCROOT}/folder
```
in apache directive will results in `DocumentRoot /var/www/example.com/web/folder`, and php fpm stops work, and will return a file php as plain text to the browser.
But, if switch to FastCGI, mod_php, etc it works.
The problem is the symlink, because if you put in the apache directives box this, instead using the placeholder:
```
DocumentRoot /var/www/clients/clientX/webY/web/folder
```
It works also with FPM.
## correct behaviour
With mod_proxy_fcgi seems not support the symlinks, so the {DOCROOT} should be a real path, and FPM will work.
## environment
* Server OS: debian
* Server OS version: stretch
* ISPConfig version: 3.1.7
```
Server version: Apache/2.4.25 (Debian)
Server built: 2017-09-19T18:58:57
```
```
PHP 7.0.19-1 (cli) (built: May 11 2017 14:04:47) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.19-1, Copyright (c) 1999-2017, by Zend Technologies
```
## proposed fix
The {DOCROOT} placeholder should put the real path instead the symlink to the web folder.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4816PHP-FPM reload / restart problems2020-10-20T18:52:02ZMichael ScholzPHP-FPM reload / restart problems## short description
Default PHP version: 5.6
Additional PHP version: 7.0
Sometimes when switching PHP version for a website, the site isn't reachable after that. I need to manual restart PHP-FPM in the specific version, where the site ...## short description
Default PHP version: 5.6
Additional PHP version: 7.0
Sometimes when switching PHP version for a website, the site isn't reachable after that. I need to manual restart PHP-FPM in the specific version, where the site should run. By inspecting the code, i also realized that the given init scripts `/etc/init.d/php5-fpm` or `/etc/init.d/php-7-fpm` are getting translated into `service php5-fpm reload`.
The log files are 'clean' and don't show any problems. The main problem may be the 'reload' as it may not reload the config itself. Restart would be better as a reload may not be that gracefull
## correct behaviour
Switching shouldn't cause a broken connection for PHP-FPM socket.
## environment
Server OS: debian
Server OS version: jessio 8.7
ISPConfig version: 3.1.3
## references
Related bug: https://bugs.php.net/bug.php?id=60961
## solution / improvements
1.) Really keep the the init script and don't manipulate it, so it's users choice if they enter '/etc/init.d/...' or 'service ..."
2.a) Make another option, if changes should call a reload or restart
2.b) If you really need the init script from 1.) make additional fields for command of reload/restart that should be used.
I will try to provide a solution merge, but as time is really rare right now, i'll can't promise.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4946e-mail stats cronjob funktioniert nicht ( https://www.howtoforge.de/forum/thr...2019-07-03T12:02:17ZAndreas Weike-mail stats cronjob funktioniert nicht ( https://www.howtoforge.de/forum/threads/e-mail-konto-datenverkehr-ist-0mb.8806/ )E-Mail traffic wird nicht generiert. Der Fehler ist in /usr/share/ispconfig/server/lib/classes/cron.d/100-mailbox_stats.inc.php.
Im Anhang meine bearbeitete Version zur Prüfung.
Die Zeilen 194 bis 197 und 248 bis 250 sind die Änderungen...E-Mail traffic wird nicht generiert. Der Fehler ist in /usr/share/ispconfig/server/lib/classes/cron.d/100-mailbox_stats.inc.php.
Im Anhang meine bearbeitete Version zur Prüfung.
Die Zeilen 194 bis 197 und 248 bis 250 sind die Änderungen.[100-mailbox_stats.inc.php](/uploads/0ced0a8578cfeff07f3d1914e21dd777/100-mailbox_stats.inc.php)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4965Check amavis directory permissions on CentOS again2019-07-03T12:03:19ZTill BrehmCheck amavis directory permissions on CentOS againhttps://git.ispconfig.org/ispconfig/ispconfig3/issues/4035#note_63168https://git.ispconfig.org/ispconfig/ispconfig3/issues/4035#note_631683.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4972domain in spamfilter_user settings not punicode encoded2019-03-05T15:34:38ZTill Brehmdomain in spamfilter_user settings not punicode encodedWhen a mail domain with spamfilter enabled is saved to the spamfilter_users table, then the punicode filter is not applied correctly.When a mail domain with spamfilter enabled is saved to the spamfilter_users table, then the punicode filter is not applied correctly.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4977stats Folder created even when Statistics set to none2019-03-11T11:37:58ZAlfons L.stats Folder created even when Statistics set to noneOn every Website change in ISPConfig the **stats** Folder is getting created.
When using ownCloud or Nextcloud the Client is not able to do Updates because the Updater does a File Integrity Check first and aborts, because there should n...On every Website change in ISPConfig the **stats** Folder is getting created.
When using ownCloud or Nextcloud the Client is not able to do Updates because the Updater does a File Integrity Check first and aborts, because there should not additional Files/Folders like **stats**.
It would be the best to not create that Folder when "No Statistics" is choosen.
```
Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
Results
=======
- core
- EXTRA_FILE
- stats/.htaccess
Raw output
==========
Array
(
[core] => Array
(
[EXTRA_FILE] => Array
(
[stats/.htaccess] => Array
(
[expected] =>
[current] => 5ef12b8cca40c9c40108f0b770ae77859b302b3011472090ed59be6ba6dbd335d4f53e66cd2089c308c800f4fb25a9b933e4bbc14c64864bd5aa988d5f0b9cba
)
)
)
)
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5007Remove SSL bundle files if present on an apache 2.4 server2019-07-05T14:31:01ZTill BrehmRemove SSL bundle files if present on an apache 2.4 serverhttps://www.howtoforge.com/community/threads/ssl-bundle-break-certificate-order-solved.78718/#post-372854https://www.howtoforge.com/community/threads/ssl-bundle-break-certificate-order-solved.78718/#post-3728543.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5033Renewal of letsencrypt does not restart/reload nginx2019-06-26T13:51:42ZRajko AlbrechtRenewal of letsencrypt does not restart/reload nginx## short description
When renew letsencrypt certificates from domains in nginx service the nginx service will not restart in debian9. So it may happen, that a non valid certificate is send by nginx to clients instead of the newly generat...## short description
When renew letsencrypt certificates from domains in nginx service the nginx service will not restart in debian9. So it may happen, that a non valid certificate is send by nginx to clients instead of the newly generated one.
## correct behaviour
After renew of letsencrypt nginx should be restarted. On a debian stretch with apache as webserver it works.
## environment
Server OS: Debian
Server OS version: Stretch
ISPConfig version: 3.1.11
```
nginx version: nginx/1.10.3
```
Not sure, but I think the problem is in `900-letsencrypt.inc.php` in line 71 - `systemctl force-reload nginx` does not work.
I had not tracked down what is realy send at this point but wouldn't be a `restart` better for nginx?
Bye
Rajko3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5070Firewall > Character not allowed in tcp port definition2019-07-03T10:58:32ZAndreas B.Firewall > Character not allowed in tcp port definition## short description
What is happening and what is wrong with that?
Firewall Open TCP ports limit to 255 chars
## correct behaviour
What should happen instead?
`error message : "Character not allowed in tcp port definition. Allowed cha...## short description
What is happening and what is wrong with that?
Firewall Open TCP ports limit to 255 chars
## correct behaviour
What should happen instead?
`error message : "Character not allowed in tcp port definition. Allowed characters are numbers, ":" and ","."`
## environment
Server OS: Debian
Server OS version: jessie 8.11
ISPConfig version: 3.1.12 (define('ISPC_APP_VERSION', '3.1.12');)
If it might be related to the problem
no more output.
## references
https://www.howtoforge.de/forum/threads/firewall-character-not-allowed-in-tcp-port-definition.11141/#post-55559
## screenshots
![2018-07-03_15_55_14-ISPConfig](/uploads/bb16d9b46431b5ec4f03a0cf0a226de2/2018-07-03_15_55_14-ISPConfig.png)
## log entries
no entries3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5095The update_serial option in _delete functions of API does not work2018-08-20T20:22:58ZTill BrehmThe update_serial option in _delete functions of API does not workhttps://www.howtoforge.com/community/threads/having-some-trouble-with-acme-sh-and-isp-config-api.79616/
Reason: the $params array which is passed to the increase_serial function does not exist in the DNS record _delete() functions.https://www.howtoforge.com/community/threads/having-some-trouble-with-acme-sh-and-isp-config-api.79616/
Reason: the $params array which is passed to the increase_serial function does not exist in the DNS record _delete() functions.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5113PHP error in server config edit form when old PHP versions are used2019-06-26T14:09:13ZTill BrehmPHP error in server config edit form when old PHP versions are usedSee comments in #5063 for details.See comments in #5063 for details.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5115Only partial support for Proxy redirects (inconsistency)2019-07-05T09:52:06ZJimmy ThomsenOnly partial support for Proxy redirects (inconsistency)Please see https://git.ispconfig.org/ispconfig/ispconfig3/issues/4967 (Enable proxy rewrite support [P] for apache servers) - the issue was extracted from a forum post about missing Proxy support for subdomains. Unfortunately Proxy suppo...Please see https://git.ispconfig.org/ispconfig/ispconfig3/issues/4967 (Enable proxy rewrite support [P] for apache servers) - the issue was extracted from a forum post about missing Proxy support for subdomains. Unfortunately Proxy support was added for TLDs only.
![Screen_Shot_2018-08-30_at_21.43.04](/uploads/f01a32aad9d83744c5b6895507132596/Screen_Shot_2018-08-30_at_21.43.04.png)
The fix for TLDs looks super simple (https://git.ispconfig.org/ispconfig/ispconfig3/commit/bb00dc2d90a40a4deaca1a69868cf09b1146bf7e) - in this case it's just a change to the UI:
![Screen_Shot_2018-08-30_at_21.45.08](/uploads/1d9365e4c51d5b1d48fb24a219b8c835/Screen_Shot_2018-08-30_at_21.45.08.png)
Tested with ISPConfig 3.1.133.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5116Cronjob on Jailkit Environment is not executed2019-07-03T12:50:51ZKadek JayakCronjob on Jailkit Environment is not executed## short description
Cronjob is not executed on a jailed environment because the **home** directory is missing or not created
this happen if the website **didn't have Shell-user** but have a Cronjob ( not URL cronjob )
## correct beh...## short description
Cronjob is not executed on a jailed environment because the **home** directory is missing or not created
this happen if the website **didn't have Shell-user** but have a Cronjob ( not URL cronjob )
## correct behaviour
The cronjob should be executed, and it's log is created on the /private directory of jailed environment.
## environment
Server OS: Ubuntu
Server OS version: 18.04 Bionic Beaver
ISPConfig version: 3.1.13 .
## proposed fix
create the home directory manually seems fix the problem.
but i modify scripts on `/usr/local/ispconfig/server/scripts/create_jailkit_user.sh` to check home directory, after that i re-add the cronjob from webpanel
```
### Check if USERHOMEDIR already exists ###
if [ ! -d $CHROOT_HOMEDIR/.$CHROOT_USERHOMEDIR ]; then
mkdir -p $CHROOT_HOMEDIR/.$CHROOT_USERHOMEDIR
chown -R $CHROOT_USERNAME $CHROOT_HOMEDIR/.$CHROOT_USERHOMEDIR
fi
```
[create_jailkit_user.sh](/uploads/41d99f243b5827ca86ef93a94cdc6f26/create_jailkit_user.sh)
## screenshots
Error on auth.log
![Screen_Shot_2018-08-27_at_15.27.49](/uploads/0632067afa073974a2d2310d15f7134b/Screen_Shot_2018-08-27_at_15.27.49.png)
Thank You...3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5128Bug in password strength meter2018-09-17T09:15:14ZTim SerowskiBug in password strength meterThere is a bug in the password strength meter password level identification method in
/interface/lib/classes/validate_password.inc.php
Line 74:
`} else if (length >= 7 && length <=10) {`
Variables start with $.
This could lead to a...There is a bug in the password strength meter password level identification method in
/interface/lib/classes/validate_password.inc.php
Line 74:
`} else if (length >= 7 && length <=10) {`
Variables start with $.
This could lead to a password incorrectly being classified as strength level 4 instead of level 3.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5129Syntax errors in PHP 5.3.32019-06-26T14:06:59ZTill BrehmSyntax errors in PHP 5.3.3There are some syntax errors in PHP 5.3.3 due to lack of new PHP array access function syntax:
https://www.howtoforge.com/community/threads/cant-generate-dkim-and-access-server-config.80015/There are some syntax errors in PHP 5.3.3 due to lack of new PHP array access function syntax:
https://www.howtoforge.com/community/threads/cant-generate-dkim-and-access-server-config.80015/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5146disabled reseller still may login2019-07-05T08:56:41ZTobias Wollowskidisabled reseller still may login## short description
A disables reseller is able to login into ispconfig
## correct behaviour
Login should be disabled
## environment
Server OS: debian
ISPConfig version: 3## short description
A disables reseller is able to login into ispconfig
## correct behaviour
Login should be disabled
## environment
Server OS: debian
ISPConfig version: 33.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5149100-monitor_database_size.inc.php reports always 0 used space2018-10-18T07:48:41ZRoberto Altravia100-monitor_database_size.inc.php reports always 0 used space## short description
On the ISPConfig main page, on database Quota, Used space is always 0kb
If I run /usr/local/ispconfig/server/cron.sh by hand, 100-monitor_database_size.inc.php says:
database c0testdb size does not exceed quota: 262...## short description
On the ISPConfig main page, on database Quota, Used space is always 0kb
If I run /usr/local/ispconfig/server/cron.sh by hand, 100-monitor_database_size.inc.php says:
database c0testdb size does not exceed quota: 26214400 (quota) > 0 (used)
But that's not true. I checked the library and internally it runs a mysql query:
SELECT SUM(data_length+index_length) FROM information_schema.TABLES WHERE table_schema='c0testdb';
that if I run manually on mysql it returns correctly about 40MB :
>
> +-------------------------------+
> | SUM(data_length+index_length) |
>
>
> +-------------------------------+| 41324160 |
> +-------------------------------+
>
After some debugging, the problem seems to be in the function getDatabaseSize in file db_mysql.inc.php. It returns always 0
## correct behaviour
The database quota size should be reported on the ISPConfig main page
100-monitor_database_size.inc.php should report correct values
## environment
Server OS: Ubuntu
Server OS version: 14.04.5 LTS Trusty
ISPConfig version: 3.1dev e2465bd7a2d324259c3c1dae00dfca8c2535edcc
apachectl -v
Server version: Apache/2.4.7 (Ubuntu)
Server built: Apr 18 2018 15:36:26
PHP 5.5.9-1ubuntu4.26 (cli) (built: Sep 17 2018 13:46:30)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
with XCache v3.1.0, Copyright (c) 2005-2013, by mOo
with Zend OPcache v7.0.3, Copyright (c) 1999-2014, by Zend Technologies
with XCache Optimizer v3.1.0, Copyright (c) 2005-2013, by mOo
with XCache Cacher v3.1.0, Copyright (c) 2005-2013, by mOo
with XCache Coverager v3.1.0, Copyright (c) 2005-2013, by mOo3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5152Move https redirect rule after the LE rule in apache vhost2019-07-04T16:17:13ZTill BrehmMove https redirect rule after the LE rule in apache vhosthttps://www.howtoforge.com/community/threads/redirection-to-https-not-work-for-specific-condition.80284/#post-380545https://www.howtoforge.com/community/threads/redirection-to-https-not-work-for-specific-condition.80284/#post-3805453.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5161DNSSEC support in PowerDNS plugin2019-03-05T08:34:52ZGhost UserDNSSEC support in PowerDNS pluginContinuing from #4613, we have successfully extended the PowerDNS plugin to provide DNSSEC support. The dnssec_info box shows the DS keys (and KSK, which is required for .nl). In our efforts we have tried to match the behaviour for the B...Continuing from #4613, we have successfully extended the PowerDNS plugin to provide DNSSEC support. The dnssec_info box shows the DS keys (and KSK, which is required for .nl). In our efforts we have tried to match the behaviour for the BIND plugin as much as possible, to keep things consistent. There is just one final question to solve before we open the pull request.
In the BIND plugin, if you uncheck the `Sign zone (DNSSEC)` checkbox, the key files are not deleted. Only the `.signed` file is deleted. If you re-enable the checkbox again, the existing keys will be used. This is also denoted by the text at the checkbox, stating:
```
(When disabling DNSSEC keys are not going to be deleted if DNSSEC was enabled before and keys already have been generated but the zone will no longer be delievered in signed format afterwards.)
```
Unfortunately this behaviour is problematic to implement with PowerDNS, because when you run `pdnssec disable-dnssec` it actually deletes the keys too. So if you re-enable it afterwards, you will have new keys and your dnssec configuration will be invalid.
There are several options we can think of:
a. Export the key to text files when disabling, and import them when re-enabling
b. De-activate the keys instead of running `disable-dnssec` - but this is problematic if you have any inactive keys for rotation. So in this case we would also somehow need to remember the key ID's which we de-activated, so we know which ones to re-activate
c. Change the text message to a warning that existing keys will be deleted if you are using PowerDNS. This is the simplest and most concise solution, because it matches how PowerDNS works. But I don't know if this is possible to do, since the template is the same for both BIND and PowerDNS. So we would somehow need to know in the `dns_soa_edit.htm` template, what kind of DNS server we are operating on.
So in short the question is: how do you guys think we should deal with this 'disable' checkbox? What is the expected behaviour, and how important is it for the project to keep behaviour here the same for BIND and PowerDNS? We have a preference for option C. Do you guys agree, or do you see other possibilities?
Thank you in advance.
Edit: one more option comes to mind... how about a confirmation dialog when disabling DNSSEC, warning you that you must remove DS records first (and wait for caching DNS servers to forget those too)?3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5163Databases still exists on reseller delete2019-07-04T16:55:34ZWHODatabases still exists on reseller delete## short description
Reseller-Databases still exists in ISPConfig if a reseller will deleted. (Only assigned site will removed)
## correct behaviour
If a reseller is deleted the databases should removed too.
## environment
Server OS: (...## short description
Reseller-Databases still exists in ISPConfig if a reseller will deleted. (Only assigned site will removed)
## correct behaviour
If a reseller is deleted the databases should removed too.
## environment
Server OS: (debian)
Server OS version: (stretch)
ISPConfig version: (3.1.13 stable)
Server version: Apache/2.4.25 (Debian)
Server built: 2018-06-02T08:01:13
PHP 7.2.11-2+0~20181015120801.9+stretch~1.gbp8105e0 (cli) (built: Oct 15 2018 12:08:03) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.11-2+0~20181015120801.9+stretch~1.gbp8105e0, Copyright (c) 1999-2018, by Zend Technologies3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5165PHP Syntax error in "install/dist/lib/opensuse.lib.php" on line 5102018-10-25T12:58:37ZAnthonyPHP Syntax error in "install/dist/lib/opensuse.lib.php" on line 510## short description
What is happening and what is wrong with that?
crash of the install script.
## correct behaviour
What should happen instead?
the script should finish its work
## environment
Server OS: OpenSuse
Server OS version: Lea...## short description
What is happening and what is wrong with that?
crash of the install script.
## correct behaviour
What should happen instead?
the script should finish its work
## environment
Server OS: OpenSuse
Server OS version: Leap 42.3
ISPConfig version: 3.1.13
_you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_
If it might be related to the problem
```
insert the output of `nginx -v` or `apachectl -v` here
```
```
insert the output of `php -v` here
```
## proposed fix
optional, of course.
if you want to post code snippets, please use
```
your code
```
replace :
$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir']);
by :
$content = str_replace('{amavis_config_dir}', $conf['amavis']['config_dir'], $content);
in :
ispconfig3_install/install/dist/lib/opensuse.lib.php
on line : 510
## references
if you know of related bugs or feature requests, please reference them by using `#<bugnumber>`, e. g. #123
if you have done a merge request already, please reference it by using `!<mergenumber>`, e. g. !12
if you know of a forum post on howtoforge.com that deals with this topic, just add the link to the forum topic here
## screenshots
optional, of course.
Add screenshots of the problem by clicking "Attach a file" on the bottom right.
## log entries
```
apache / nginx error.log lines (if related)
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5167DKIM public key for subdomain not saved in dns2018-12-12T17:02:15ZJaapDKIM public key for subdomain not saved in dns## short description
DKIM public key is not published in dns when making a DKIM key for a subdomain
## correct behaviour
When creating a DKIM key from Email->Domain, the key should not only be stored for use by Amavis, but the public ke...## short description
DKIM public key is not published in dns when making a DKIM key for a subdomain
## correct behaviour
When creating a DKIM key from Email->Domain, the key should not only be stored for use by Amavis, but the public key should also be published in DNS. This works for normal domains, but not for subdomains.
## environment
Server OS: Debian
Server OS version: Wheezy
ISPConfig version: 3.1.13
## proposed fix
I don't know ISPConfig well enough to fix this myself :-(
## references
My post on howtoforge about this subject:
https://www.howtoforge.com/community/threads/dkim-public-key-for-subdomain-not-saved-in-dns.80434
## log entries
/var/log/ispconfig/ispconfig.log:
```
29.10.2018-17:07 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
29.10.2018-17:07 - DEBUG - Found 1 changes, starting update process.
29.10.2018-17:07 - DEBUG - Calling function 'soa_update' from plugin 'bind_plugin' raised by event 'dns_soa_update'.
29.10.2018-17:07 - DEBUG - Writing BIND domain file: /etc/bind/pri.domain.tld
29.10.2018-17:07 - DEBUG - Writing BIND named.conf.local file: /etc/bind/named.conf.local
29.10.2018-17:07 - DEBUG - Processed datalog_id 52547
29.10.2018-17:07 - DEBUG - Calling function 'restartBind' from module 'dns_module'.
29.10.2018-17:07 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5168Mail server settings can generate invalid main.cf2018-12-04T17:58:52ZJan PechekMail server settings can generate invalid main.cf## short description
System > Server Configuration -> Mail settings allow me leave "Message Size Limit" unconfigured when i specify"Mailbox Size Limit". This lead to misconfigured Postfix main.cf:
`fatal: main.cf configuration error: ma...## short description
System > Server Configuration -> Mail settings allow me leave "Message Size Limit" unconfigured when i specify"Mailbox Size Limit". This lead to misconfigured Postfix main.cf:
`fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit`
This also can have other consequences, for example Mailman cannot deliver emails to local transport:
`to=<conf@localhost>, orig_to=<Conf@lists.domain.com>, relay=none, delay=414887, delays=414887/0.08/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable)`
## correct behaviour
ISPConfig should check if mailbox_size_limit isn't lower than message_size_limit and should notify user.
## environment
Server OS: Debian
Server OS version: Jessie
ISPConfig version: 3.1.113.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5189Check cron lock file date2018-12-04T09:10:25ZKordian BruckCheck cron lock file dateFor `sys_cron` we are using a lock file in `/usr/local/ispconfig/server/temp/.ispconfig_cron_lock`. It would be nice, if the monitor page checks this file for its creation time.
For me someday a cronjob has died and ever since it hadn'...For `sys_cron` we are using a lock file in `/usr/local/ispconfig/server/temp/.ispconfig_cron_lock`. It would be nice, if the monitor page checks this file for its creation time.
For me someday a cronjob has died and ever since it hadn't started those tasks like backup, dns changes etc.:
```
-rwxr-x--- 1 root root 5 Sep 15 03:00 /usr/local/ispconfig/server/temp/.ispconfig_cron_lock
```
We could have a cooldown that would delete this file after a few hours/days just in case or at least have the monitor page alert admins/users that the system maintenance tasks have not been run in a while.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5190nginx server listen ipv6 and ipv4 and SSL2019-07-05T07:51:32ZSebastiannginx server listen ipv6 and ipv4 and SSL## short description
Creating a website on a nginx Webserver which got ipv6 and ipv4, the template only creates `listen *:80;` in server config.
That way nginx is only serving ipv4 connections.
## correct behaviour
Since ISPConfig is a...## short description
Creating a website on a nginx Webserver which got ipv6 and ipv4, the template only creates `listen *:80;` in server config.
That way nginx is only serving ipv4 connections.
## correct behaviour
Since ISPConfig is able to split serving ipv4 and ipv6 for a vhost, I suggest best way is to add:
```
listen *:80;
listen [::]:80 ipv6only=on;
```
That way you keep the visual splitting. If you remove ipv6only=on,
`listen [::]:80;`
is serving IPv4 AND IPv6 and you could drop the `listen *:80;`.
Additional, if you did not use gai.conf to prefer ipv4 over ipv6, letsencrypt is not able to verify the website, unless you add `listen [::]:80;`
After SSL is working you need to add the IPv6 SSL listen parameter manually, too.
To have IPv4 and IPv6 working with SSL on a vhost, I suggest this:
```
server {
listen *:80;
listen [::]:80 ipv6only=on;
listen *:443 ssl;
listen [::]:443 ssl ipv6only=on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
```
In my manually edited config, I currently use this, because it is shorter. It is also working for IPv4 and IPv6.
```
server {
listen [::]:80;
listen [::]:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/client0/web38/ssl/domain.com-le.crt;
ssl_certificate_key /var/www/clients/client0/web38/ssl/domain.com-le.key;
server_name domain.com ;
root /var/www/domain.com/web/;
```
## environment
Server OS: debian
Server OS version: stretch
ISPConfig version: 3.1.13
If it might be related to the problem
```
nginx version: nginx/1.10.3
```
```
PHP 7.0.30-0+deb9u1 (cli) (built: Jun 14 2018 13:50:25) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.30-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5202Add client_get_by_groupid in remote library2019-01-08T11:07:57ZMathieu PellegrinAdd client_get_by_groupid in remote libraryHello,
I searched inside the code of the API and I didn't find a function that returns the client from the group ID. Note that The contrary is possible with client_get_groupid.
I wrote an implementation in `interface/lib/classes/remote...Hello,
I searched inside the code of the API and I didn't find a function that returns the client from the group ID. Note that The contrary is possible with client_get_groupid.
I wrote an implementation in `interface/lib/classes/remote.d/client.inc.php`:
```
public function client_get_by_groupid($session_id, $group_id)
{
global $app;
if(!$this->checkPerm($session_id, 'client_get_id')) {
throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
return false;
}
$group_id = $app->functions->intval($group_id);
$rec = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $group_id);
if(isset($rec['client_id'])) {
$client_id = $app->functions->intval($rec['client_id']);
return $this->client_get($session_id, $client_id);
} else {
throw new SoapFault('no_group_found', 'There is no client for this group ID.');
return false;
}
}
```
I didn't know how to handle the checkPerm, so I copy/past from `client_get_id`.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5209Add support for renaming empty databases2019-01-08T10:21:36ZTill BrehmAdd support for renaming empty databaseshttps://www.howtoforge.com/community/threads/renaming-database-in-ispc.80952/https://www.howtoforge.com/community/threads/renaming-database-in-ispc.80952/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5214relayhost without authentication (easy fix)2023-06-05T06:59:21ZGhost Userrelayhost without authentication (easy fix)## short description
Setting up a relayhost without username/password results in "smtp_sasl_auth_enable = yes", which means it is trying to authenticate to the relayhost, but cannot (nothing to authenticate with), hence a SASL authentica...## short description
Setting up a relayhost without username/password results in "smtp_sasl_auth_enable = yes", which means it is trying to authenticate to the relayhost, but cannot (nothing to authenticate with), hence a SASL authentication failure error from the relayhost.
## correct behaviour
No relayhost credentials provided shouldn't cause authentication to be tried.
## environment
Server OS: Debian
Server OS version: stretch (9.6)
ISPConfig version: 3.1.13
## proposed fix
When the username field is empty, do not flip the smtp_sasl_auth_enable setting, but leave it instead to its default of "smtp_sasl_auth_enable = no".3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5215New Remote API Functions for sys_datalog and DNS slave zones2019-01-08T11:10:09ZTill BrehmNew Remote API Functions for sys_datalog and DNS slave zonesNew remote API functions added:
sys_datalog_get($session_id, $datalog_id, $newer = false)
sys_datalog_get_by_tstamp($session_id, $tstamp)
dns_slave_zone_get($session_id, $primary_id)New remote API functions added:
sys_datalog_get($session_id, $datalog_id, $newer = false)
sys_datalog_get_by_tstamp($session_id, $tstamp)
dns_slave_zone_get($session_id, $primary_id)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5216Send emails to active customers and resellers only.2019-03-11T11:38:14ZTill BrehmSend emails to active customers and resellers only.https://www.howtoforge.com/community/threads/send-email-function.81046/https://www.howtoforge.com/community/threads/send-email-function.81046/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5218Add incron plugin2019-03-26T16:55:20ZWebsliceAdd incron pluginIt is feasible for us to allow our customers to reload PHP-FPM to clear the opcache, after they perform deployments of their PHP applications. To facilitate this we would like to add a plugin which creates a default incrond configuration.It is feasible for us to allow our customers to reload PHP-FPM to clear the opcache, after they perform deployments of their PHP applications. To facilitate this we would like to add a plugin which creates a default incrond configuration.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5219Run getmail only on master when server is a mirror2019-03-05T17:03:53ZTill BrehmRun getmail only on master when server is a mirrorhttps://www.howtoforge.com/community/threads/getmail-catch-emails-duplicate-on-servers-in-cluster.81076/https://www.howtoforge.com/community/threads/getmail-catch-emails-duplicate-on-servers-in-cluster.81076/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5223PowerDNS 4.x support2019-01-18T08:21:02ZWebslicePowerDNS 4.x supportThe main difference is that pdnssec is now called pdnsutil. Furthermore the DNSsec output is slightly different. Also, secure-zone now creates a CSK but we need the KSK/ZSK, so that command was changed to explicitly use add-zone-key inst...The main difference is that pdnssec is now called pdnsutil. Furthermore the DNSsec output is slightly different. Also, secure-zone now creates a CSK but we need the KSK/ZSK, so that command was changed to explicitly use add-zone-key instead of the 'shortcut' secure-zone command.
In any case, we should detect the correct version of PowerDNS by looking for either pdnssec or pdnsutil. The attached pr !865 should take care of this, while maintaining PowerDNS 3.x compatibility3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5225ISPConfig fails to create ispconfig user during initial installation with MyS...2019-07-03T13:52:29ZolokosISPConfig fails to create ispconfig user during initial installation with MySQL 8.0.14## short description
I'm trying to install ispconfig on a machine that did not have it before, but it's halting on this step:
ERROR: Unable to create database user: ispconfig Error:
and wouldn't proceed any further
## correct behaviour
...## short description
I'm trying to install ispconfig on a machine that did not have it before, but it's halting on this step:
ERROR: Unable to create database user: ispconfig Error:
and wouldn't proceed any further
## correct behaviour
Installer script should proceed further, but won't if running MySQL 8 since creating users using GRANT statement is removed in 8.
## environment
Server OS: Ubuntu server
Server OS version: 18.04 x64
ISPConfig version: https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1 that one
## proposed fix
I found a workaround here https://www.eninsoft.com/instalacion-de-ispconfig-3-x-en-debian-9-mysql8-version-optimizada/
But proper fix would be to create user according to mysql 8 guidelines without GRANT statement usage.
Starting with MySQL 8 you no longer can (implicitly) create a user using the GRANT command. Use CREATE USER instead, followed by the GRANT statement:
mysql> CREATE USER 'root'@'%' IDENTIFIED BY 'root';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5227SOAP API "dns_templatezone_add" error "Column 'xfer' cannot be null"2019-02-15T16:47:58ZMaBoRaKSOAP API "dns_templatezone_add" error "Column 'xfer' cannot be null"## short description
The SOAP API process "dns_templatezone_add" is not working in the latest version of ISPConfig
the file:
```
interface/lib/classes/remote.d/dns.inc.php
```
line `132`
## correct behaviour
Small code modification....## short description
The SOAP API process "dns_templatezone_add" is not working in the latest version of ISPConfig
the file:
```
interface/lib/classes/remote.d/dns.inc.php
```
line `132`
## correct behaviour
Small code modification.
## environment
- Server OS: CentOS
- Server OS version: 7.6
- ISPConfig version: 3.1.5
## proposed fix
Change the line:
```
$xfer = $vars['xfer'];
```
to
```
$xfer = '';
```
## log entries
MySQL error output:
```
MariaDB [dbispconfig]> INSERT INTO `dns_soa` (`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`origin`,`ns`,`mbox`,`serial`,`refresh`,`retry`,`expire`,`minimum`,`ttl`,`active`,`xfer`,`also_notify`,`update_acl`) VALUES ('2','2','riud','riud','','1','plusdedevis.com.','ns1.plusdedevis.com.','support.plusdedevis.com.','2019012501','7200','540','604800','3600','3600','Y',NULL,NULL,NULL);
ERROR 1048 (23000): Column 'xfer' cannot be null
MariaDB [dbispconfig]>
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5236Reverse proxy to ispconfig on port 8080 does not work due cookie storage problem2023-12-13T20:51:05ZRajko AlbrechtReverse proxy to ispconfig on port 8080 does not work due cookie storage problemI tried to setup a reverse proxy for `config.mydomain.de` pointing to `localhost:8080`. Login page appears, enter credentials and submit. Login page appears again. So usage of ispconfig via reverse proxy isn't possible.
This is the snip...I tried to setup a reverse proxy for `config.mydomain.de` pointing to `localhost:8080`. Login page appears, enter credentials and submit. Login page appears again. So usage of ispconfig via reverse proxy isn't possible.
This is the snippet I use:
```
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/
```
## correct behaviour
It should work as accessing it via 8080
## environment
Happens with nginx and apache.
The reason is line 73 in `app.inc.php`: You assign the `SERVER_NAME` to `$cookie_domain`, which is in that case `localhost`.
I think it was made for CSRF protection, but IMHO this is the wrong way. For CSRF you should send an extra CSRF-Token with each post and the cookiedomain should be blank (browser bind it themself to called domain). this is the way, application servers like Ruby on Rails or tomcat and php software like wordpress and so on do it.
Alternative check for `$_SERVER['HTTP_X_FORWARDED_SERVER']`, too.
The current way is no real protection agains CSRF (realy) and another reason does not exist for that I think.
Alternative you may give an option for admins "forbid proxy redirection to ispconfig panel" which enables the current behaviour and for those don't want it, eg, want access it via there own domain name (or can not use port 8080 due firewall restrictions) may let it unchecked and `$cookie_domain` is not set this hard way.
rewrite line
```php
$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
```
to
```php
$cookie_domain = '';
```
makes our resellers happy 'cause them can use snippet above.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5237DNS: xfer / also_notify fields too short2019-03-20T18:07:15ZKordian BruckDNS: xfer / also_notify fields too shortI need to add a longer list of IPs for transfer and notification to those fields. The DB columns are limited to `varchar(255)`. Can we change this to `TEXT`?
Example List:
```
109.201.133.61
108.59.2.202
79.137.84.65
46.165.221.164
185....I need to add a longer list of IPs for transfer and notification to those fields. The DB columns are limited to `varchar(255)`. Can we change this to `TEXT`?
Example List:
```
109.201.133.61
108.59.2.202
79.137.84.65
46.165.221.164
185.136.96.96
185.136.97.96
185.136.98.96
185.136.99.96
185.206.180.196
2a00:1768:1001:9::21
2604:9a00:2100:a006:4::1
2001:41d0:401:3100::5784
2a00:c98:2030:a006:2::1
2a06:fb00:1::1:96
2a06:fb00:1::2:96
2a06:fb00:1::3:96
2a06:fb00:1::4:96
2a0b:1640:1:3::4
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5241Add a {docroot] variable for apache directive snippets2019-02-14T17:27:50ZTill BrehmAdd a {docroot] variable for apache directive snippetsAdd a {docroot] variable for apache directive snippetsAdd a {docroot] variable for apache directive snippets3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5242Problems Configuration Enable PageSpeed and HTTP2 with NGINX2019-02-26T13:39:51ZFlorian SchaalProblems Configuration Enable PageSpeed and HTTP2 with NGINXhttps://www.howtoforge.com/community/threads/problems-configuration-enable-pagespeed-and-http2-with-nginx-ispconfig-3-1-13.81276/#post-385004https://www.howtoforge.com/community/threads/problems-configuration-enable-pagespeed-and-http2-with-nginx-ispconfig-3-1-13.81276/#post-3850043.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5246Mail traffic update - handle different syslog timestamps when parsing logs2019-02-15T14:49:37ZplatyMail traffic update - handle different syslog timestamps when parsing logsWe've noticed on our ISPC instance that the mail traffic stats had not been updated for a few months now.
The thing is, we've enabled rsyslog's high precision timestamps on our severs in order to get actually useful logs.
And it turns o...We've noticed on our ISPC instance that the mail traffic stats had not been updated for a few months now.
The thing is, we've enabled rsyslog's high precision timestamps on our severs in order to get actually useful logs.
And it turns out that ISPC can't update the mail traffic stats because it doesn't find what it needs from the log files anymore.
The culprit is the regexp used in the parse_mail_log_line private function in 100-mailbox_stats.inc.php
The regexp looks for the (shameful) traditional rsyslog timestamp when parsing lines from /var/log/mail.log, timestamp which is then turned into a php timestamp using the strtotime function.
The code can be easily changed to take at least three timestamp formats : traditional rsyslog, rsyslog "detailed" (schematically: yyyy-MM-ddThh:mm:ssZ), and rsyslog "high precision" (which is like the detailed but with milliseconds on top).
See attached patch for the changes.[mail_traffic_improve_log_timestamp_parse.diff](/uploads/e2ca9419c09840a92e00e9675a3cc368/mail_traffic_improve_log_timestamp_parse.diff)3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5248ISPConfig user login database record not created on percona DB2019-07-03T14:49:01ZTill BrehmISPConfig user login database record not created on percona DBhttps://www.howtoforge.com/community/threads/created-client-doesnt-have-user-login.81343/https://www.howtoforge.com/community/threads/created-client-doesnt-have-user-login.81343/3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5249Backport CAA record feature from 3.2 to 3.1.142019-02-25T15:27:21ZTill BrehmBackport CAA record feature from 3.2 to 3.1.14Backport CAA record feature from 3.2 to 3.1.14Backport CAA record feature from 3.2 to 3.1.143.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5250Error in Debian version detection code2019-02-19T17:49:10ZTill BrehmError in Debian version detection codeAn Error in the Debian version detection code in ISPConfig leads to the problem that Debian 9.8 is detected as Debian 8. This issue will be fixed in 3.1.14 and there will be also a 3.1.13p1 release to patch the issue in current stable re...An Error in the Debian version detection code in ISPConfig leads to the problem that Debian 9.8 is detected as Debian 8. This issue will be fixed in 3.1.14 and there will be also a 3.1.13p1 release to patch the issue in current stable release.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5253Server Config is having an error 500 with ISPConfig Version: 3.1.13p12019-03-05T17:13:45ZPagchen KelsangServer Config is having an error 500 with ISPConfig Version: 3.1.13p1Found a bug in file interface/web/admin/server_config_edit.php
line 110
`-- $app->tpl->setVar('server_name', $app->functions->htmlentities($app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ? AND ((SELECT COUNT(*)...Found a bug in file interface/web/admin/server_config_edit.php
line 110
`-- $app->tpl->setVar('server_name', $app->functions->htmlentities($app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ? AND ((SELECT COUNT(*) FROM server) > 1)", $this->id)['server_name']));`
`++ $app->tpl->setVar('server_name', $app->functions->htmlentities($app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ? AND ((SELECT COUNT(*) FROM server) > 1)", $this->id)));`3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5254Cronjob locking not working properly2020-09-08T12:51:04ZThomas Hellert.heller@timmehosting.deCronjob locking not working properly## short description
If a cronjob (e.g. website backups) is taking a really long time, it gets started again even though it is still running.
## correct behaviour
Cronjobs should be locked according to `running` status in `sys_cron`.
...## short description
If a cronjob (e.g. website backups) is taking a really long time, it gets started again even though it is still running.
## correct behaviour
Cronjobs should be locked according to `running` status in `sys_cron`.
## proposed fix
Is caused by `cronjob::run()` which will reset `running` status through `onCompleted()` after the first failed attempt. Will supply MR.
## environment
Server OS: debian
Server OS version: buster
ISPConfig version: 3.1.0.03.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5258Let's Encrypt Cert file: does not exist.2019-05-13T16:08:06ZBart DorlandtLet's Encrypt Cert file: does not exist.## short description
While trying to enable a website with a LE certificate, it goes through the process, which all looks fine, except for the part it says: "Let's Encrypt Cert file: does not exist." (with debug enabled).
Therefore not ...## short description
While trying to enable a website with a LE certificate, it goes through the process, which all looks fine, except for the part it says: "Let's Encrypt Cert file: does not exist." (with debug enabled).
Therefore not enabling SSL (with LE) on the website.
Even though the LE certs are created in the correct directory.
## correct behaviour
The letsencrypt log shows the process where the certificate has been received. It is expected that ispconfig uses that certificate to enable the website with SSL.
## environment
Server OS: Debian
Server OS version: 9.7, stretch
ISPConfig version: 3.1.13
## log entries
/var/log/ispconfig/ispconfig.log
```
27.02.2019-13:37 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
27.02.2019-13:37 - DEBUG - Found 1 changes, starting update process.
27.02.2019-13:37 - DEBUG - Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
27.02.2019-13:37 - DEBUG - Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'.
27.02.2019-13:37 - DEBUG - Verified domain zwart-licht.nl should be reachable for letsencrypt.
27.02.2019-13:37 - DEBUG - Verified domain www.zwart-licht.nl should be reachable for letsencrypt.
27.02.2019-13:37 - DEBUG - Create Let's Encrypt SSL Cert for: zwart-licht.nl
27.02.2019-13:37 - DEBUG - Let's Encrypt SSL Cert domains: --domains zwart-licht.nl --domains www.zwart-licht.nl
27.02.2019-13:37 - DEBUG - exec: /opt/eff.org/certbot/venv/bin/certbot certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@zwart-licht.nl --domains zwart-licht.nl --domains www.zwart-licht.nl --webroot-path /usr/local/ispconfig/interface/acme
27.02.2019-13:37 - DEBUG - Let's Encrypt Cert file: does not exist.
27.02.2019-13:37 - DEBUG - Writing the vhost file: /etc/apache2/sites-available/zwart-licht.nl.vhost
27.02.2019-13:37 - DEBUG - Writing the PHP-FPM config file: /etc/php/7.0/fpm/pool.d/web22.conf
27.02.2019-13:37 - DEBUG - Calling function 'restartPHP_FPM' from module 'web_module'.
27.02.2019-13:37 - DEBUG - Restarting php-fpm: systemctl reload php7.0-fpm.service
27.02.2019-13:37 - DEBUG - Apache status is: running
27.02.2019-13:37 - DEBUG - Calling function 'restartHttpd' from module 'web_module'.
27.02.2019-13:37 - DEBUG - Restarting httpd: systemctl restart apache2.service
27.02.2019-13:37 - DEBUG - Apache restart return value is: 0
27.02.2019-13:37 - DEBUG - Apache online status after restart is: running
27.02.2019-13:37 - DEBUG - Processed datalog_id 1344
27.02.2019-13:37 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
```
/var/log/letsencrypt/letsencrypt.log
```
2019-02-27 13:37:12,844:DEBUG:certbot.storage:Archive directory /etc/letsencrypt/archive/zwart-licht.nl and live directory /etc/letsencrypt/live/zwart-licht.nl created.
2019-02-27 13:37:12,844:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/live/zwart-licht.nl/cert.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing private key to /etc/letsencrypt/live/zwart-licht.nl/privkey.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/live/zwart-licht.nl/chain.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/live/zwart-licht.nl/fullchain.pem.
2019-02-27 13:37:12,845:DEBUG:certbot.storage:Writing README to /etc/letsencrypt/live/zwart-licht.nl/README.
2019-02-27 13:37:12,959:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer <certbot.cli._Default object at 0x7f846dcbc4d0>
2019-02-27 13:37:13,086:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
2019-02-27 13:37:13,086:DEBUG:certbot.cli:Var webroot_map=set(['webroot_path']) (set by user).
2019-02-27 13:37:13,362:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
2019-02-27 13:37:14,026:DEBUG:certbot.cli:Var webroot_path=/usr/local/ispconfig/interface/acme (set by user).
2019-02-27 13:37:14,145:DEBUG:certbot.cli:Var rsa_key_size=4096 (set by user).
2019-02-27 13:37:14,779:DEBUG:certbot.cli:Var authenticator=webroot (set by user).
2019-02-27 13:37:14,875:DEBUG:certbot.cli:Var server=https://acme-v02.api.letsencrypt.org/directory (set by user).
2019-02-27 13:37:14,875:DEBUG:certbot.cli:Var account=set(['server']) (set by user).
2019-02-27 13:37:15,780:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/zwart-licht.nl.conf.
2019-02-27 13:37:15,781:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/zwart-licht.nl/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/zwart-licht.nl/privkey.pem
```
CLI information
```
# pwd
/etc/letsencrypt/live/zwart-licht.nl
# ll
total 4,0K
lrwxrwxrwx 1 root root 38 feb 27 13:37 cert.pem -> ../../archive/zwart-licht.nl/cert1.pem
lrwxrwxrwx 1 root root 39 feb 27 13:37 chain.pem -> ../../archive/zwart-licht.nl/chain1.pem
lrwxrwxrwx 1 root root 43 feb 27 13:37 fullchain.pem -> ../../archive/zwart-licht.nl/fullchain1.pem
lrwxrwxrwx 1 root root 41 feb 27 13:37 privkey.pem -> ../../archive/zwart-licht.nl/privkey1.pem
-rw-r--r-- 1 root root 692 feb 27 13:37 README
# pwd
/etc/letsencrypt/renewal
# cat zwart-licht.nl.conf
# renew_before_expiry = 30 days
version = 0.31.0
archive_dir = /etc/letsencrypt/archive/zwart-licht.nl
cert = /etc/letsencrypt/live/zwart-licht.nl/cert.pem
privkey = /etc/letsencrypt/live/zwart-licht.nl/privkey.pem
chain = /etc/letsencrypt/live/zwart-licht.nl/chain.pem
fullchain = /etc/letsencrypt/live/zwart-licht.nl/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = ***
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = webroot
rsa_key_size = 4096
webroot_path = /usr/local/ispconfig/interface/acme,
[[webroot_map]]
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5262Nginx ssl directive deprecated warning in ispconfig.vhost file2019-03-04T18:28:12ZTill BrehmNginx ssl directive deprecated warning in ispconfig.vhost fileError message:
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-enabled/000-ispconfig.vhost:4Error message:
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/sites-enabled/000-ispconfig.vhost:43.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5265IDN Domain issues in email domain form2019-03-05T15:34:03ZTill BrehmIDN Domain issues in email domain formThere are several problems with IDN domains in the mail domain form which cause paths to switch between idn domain and its ascii representation and also DKIM fails for IDN domains.There are several problems with IDN domains in the mail domain form which cause paths to switch between idn domain and its ascii representation and also DKIM fails for IDN domains.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5275DNS Wizard does not add new zone2019-03-20T17:46:41ZTill BrehmDNS Wizard does not add new zoneThis issue existed in GIT stable branch temporarily only, the code was not part of any released version.This issue existed in GIT stable branch temporarily only, the code was not part of any released version.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5288Wrong permissions of dkim cert folder on CentOS 72019-04-08T16:34:07ZTill BrehmWrong permissions of dkim cert folder on CentOS 7The wrong permissions cause this error:
Error in config file "/etc/amavisd/amavisd.conf": Error in config file "/etc/amavisd/60-dkim": Can't open PEM file /var/lib/amavis/dkimThe wrong permissions cause this error:
Error in config file "/etc/amavisd/amavisd.conf": Error in config file "/etc/amavisd/60-dkim": Can't open PEM file /var/lib/amavis/dkim3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5291Unable to initalize letsencrypt with subdomains2019-04-15T12:19:33ZRajko AlbrechtUnable to initalize letsencrypt with subdomains## short description
When setting up a site with auto subdomains enable of letsencrypt fails.
## environment
* Server OS: debian
* Server OS version: 9.8
* ISPConfig version: 3.1.13
* certbot: 0.33.1
* Apache/2.4.25 (Debian)
## Probl...## short description
When setting up a site with auto subdomains enable of letsencrypt fails.
## environment
* Server OS: debian
* Server OS version: 9.8
* ISPConfig version: 3.1.13
* certbot: 0.33.1
* Apache/2.4.25 (Debian)
## Problem behind
in `get_letsencrypt_certificate_paths` in `letsencrypt.inc.php` you try to read the related domains from renewal config files due reading the lines in section `[[webroot_map]]`
But sometimes (I don't know why) certbot does not write these lines into config file. So there is no certificate files given back to `request_certificates` and then letsencrypt is of course disabled.
A possible stable solution would, instead of parsing the config file of letsencrypt you may use the output of `certbot-auto certificates -d <maindomain> -d <subdomain> -d <subdomain>` which results always in a _single_ output of associated files like
```
Certificate Name: example.com
Domains: example.com www.example.com
Expiry Date: xxxxx (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
```
I think parsing such a small blob would be more stable then reading of config files.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5293If an email is submitted via SMTPUTF8 it will bounce2019-07-03T10:31:34ZPatrick GatterdamIf an email is submitted via SMTPUTF8 it will bounce## short description
If a email is accepted via SMTPUTF8 and amavis via port 10026 is used the email is bounced.
I think this happens if the mail is being forwarded.
## correct behaviour
amavis should announce SMTPUTF8 on port 10026 cor...## short description
If a email is accepted via SMTPUTF8 and amavis via port 10026 is used the email is bounced.
I think this happens if the mail is being forwarded.
## correct behaviour
amavis should announce SMTPUTF8 on port 10026 correctly, port 10024 is not affected
## environment
Server OS: (debian)
Server OS version: (stretch)
ISPConfig version: (3.1.13p1)
## proposed fix
remove this line from install/tpl/amavisd_user_config.master
```
smtpd_discard_ehlo_keywords => ['8BITMIME'],
```
## references
http://www.postfix.org/SMTPUTF8_README.html
```
Introduced with Postfix version 3.0, this fully supports UTF-8 email addresses and UTF-8 message header values.
```
https://www.ijs.si/software/amavisd/release-notes.txt
```
A SMTP response to an EHLO command will now announce SMTPUTF8 capability by default.
```
## log entries
```
relay=127.0.0.1[127.0.0.1]:10026, delay=0.2, delays=0.15/0/0.05/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host 127.0.0.1[127.0.0.1])
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5303Database Backup including routines2019-07-03T10:29:25ZThomasDatabase Backup including routines## short description
Is it a bad pratice to include procedures and functions in dump ?
If not, would be nice.
## proposed fix
`mysqldump --routines`
in ispconfig/server/lib/classes/cron.d/500-backup.inc.php## short description
Is it a bad pratice to include procedures and functions in dump ?
If not, would be nice.
## proposed fix
`mysqldump --routines`
in ispconfig/server/lib/classes/cron.d/500-backup.inc.php3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5309Debian testing/unknown template is outdated2019-07-03T10:03:19ZŁukasz DomeradzkiDebian testing/unknown template is outdatedHello.
I have two issues with current installation/update process. In particular, settings for Debian Testing no longer apply to that version (for example, older php version), and I also believe that unknown Debian version should point ...Hello.
I have two issues with current installation/update process. In particular, settings for Debian Testing no longer apply to that version (for example, older php version), and I also believe that unknown Debian version should point to Testing, which is the most correct in terms of future compatibility. For example, my existing setup is detected as such, because I'm using Testing and not Sid.
I've attached my patch below that addresses above issues. I'm not sending PR with it right away as I'm not sure if you're fine with my approach. Please review it and if you could do something similar (or just merging my patch) to address my issue above, I'd appreciate that.
```diff
--- ispconfig3_install/install/dist/conf/debiantesting.conf.php 2018-08-17 18:22:58.000000000 +0200
+++ ispconfig3_install2/install/dist/conf/debiantesting.conf.php 2019-05-20 13:17:47.644034627 +0200
@@ -1,7 +1,7 @@
<?php
/*
-Copyright (c) 2016, Till Brehm, ISPConfig UG
+Copyright (c) 2017, Till Brehm, ISPConfig UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
@@ -28,11 +28,11 @@ NEGLIGENCE OR OTHERWISE) ARISING IN ANY
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-//*** Ubuntu 16.04 default settings
+//*** Ubuntu 18.04 default settings
//* Main
$conf['language'] = 'en';
-$conf['distname'] = 'ubuntu1604';
+$conf['distname'] = 'ubuntu1804';
$conf['hostname'] = 'server1.domain.tld'; // Full hostname
$conf['ispconfig_install_dir'] = '/usr/local/ispconfig';
$conf['ispconfig_config_dir'] = '/usr/local/ispconfig';
@@ -83,8 +83,8 @@ $conf['apache']['version'] = '2.4';
$conf['apache']['vhost_conf_dir'] = '/etc/apache2/sites-available';
$conf['apache']['vhost_conf_enabled_dir'] = '/etc/apache2/sites-enabled';
$conf['apache']['vhost_port'] = '8080';
-$conf['apache']['php_ini_path_apache'] = '/etc/php/7.0/apache2/php.ini';
-$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.0/cgi/php.ini';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/7.3/apache2/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/7.3/cgi/php.ini';
//* Website base settings
$conf['web']['website_basedir'] = '/var/www';
@@ -99,7 +99,7 @@ $conf['web']['apps_vhost_user'] = 'ispap
$conf['web']['apps_vhost_group'] = 'ispapps';
//* Fastcgi
-$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.0/cgi/';
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.3/cgi/';
$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
@@ -183,7 +183,7 @@ $conf['jailkit']['installed'] = false; /
$conf['jailkit']['config_dir'] = '/etc/jailkit';
$conf['jailkit']['jk_init'] = 'jk_init.ini';
$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';
-$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch';
+$conf['jailkit']['jailkit_chroot_app_programs'] = '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch /etc/localtime';
$conf['jailkit']['jailkit_chroot_cron_programs'] = '/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php';
//* Squid
@@ -201,11 +201,11 @@ $conf['nginx']['vhost_conf_enabled_dir']
$conf['nginx']['init_script'] = 'nginx';
$conf['nginx']['vhost_port'] = '8080';
$conf['nginx']['cgi_socket'] = '/var/run/fcgiwrap.socket';
-$conf['nginx']['php_fpm_init_script'] = 'php7.0-fpm';
-$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.0/fpm/php.ini';
-$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.0/fpm/pool.d';
+$conf['nginx']['php_fpm_init_script'] = 'php7.3-fpm';
+$conf['nginx']['php_fpm_ini_path'] = '/etc/php/7.3/fpm/php.ini';
+$conf['nginx']['php_fpm_pool_dir'] = '/etc/php/7.3/fpm/pool.d';
$conf['nginx']['php_fpm_start_port'] = 9010;
-$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.0-fpm';
+$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php7.3-fpm';
//* OpenVZ
$conf['openvz']['installed'] = false;
diff -rupN ispconfig3_install/install/lib/install.lib.php ispconfig3_install2/install/lib/install.lib.php
--- ispconfig3_install/install/lib/install.lib.php 2019-02-19 15:31:07.000000000 +0100
+++ ispconfig3_install2/install/lib/install.lib.php 2019-05-20 13:25:25.990839694 +0200
@@ -238,7 +238,7 @@ function get_distname() {
$distname = 'Debian';
$distver = 'Unknown';
$distid = 'debian60';
- $distconfid = 'debian90';
+ $distconfid = 'debiantesting';
$distbaseid = 'debian';
swriteln("Operating System: Debian or compatible, unknown version.\n");
}
```3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5313Extend custom php.ini check regex2019-07-03T10:02:49ZTill BrehmExtend custom php.ini check regexhttps://forum.howtoforge.de/threads/fehler-invalid_custom_php_ini_settings_txt.11654/#post-57922https://forum.howtoforge.de/threads/fehler-invalid_custom_php_ini_settings_txt.11654/#post-579223.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5326LE Renewal issue on systems that use the relative symlink option for websites2019-06-26T13:48:15ZTill BrehmLE Renewal issue on systems that use the relative symlink option for websitesThere is an issue with LE renewals when the relative symlinks option is on under system > server config > web. This option is off by default and only needed on some specific chrooted apache configurations, not used in any standard ISPCon...There is an issue with LE renewals when the relative symlinks option is on under system > server config > web. This option is off by default and only needed on some specific chrooted apache configurations, not used in any standard ISPConfig setup, so very few users are affected by this.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5330Limit available PHP Handlers globally in ISPConfig UI2019-07-04T16:08:14ZTill BrehmLimit available PHP Handlers globally in ISPConfig UIISPConfig still supports several old PHP handlers for legacy reasons (suPHP, CGI and HHVM), but they should not be available on new systems. A new option has been added under System > Interface > Main config to hide old PHP handlers in t...ISPConfig still supports several old PHP handlers for legacy reasons (suPHP, CGI and HHVM), but they should not be available on new systems. A new option has been added under System > Interface > Main config to hide old PHP handlers in the UI. The new default is to show only php-fcgi, php-fpm and mod_php. This option is relevant for Apache servers only as Nginx systems use just php-fpm anyway.3.1.14https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5331Disallow 0 as website harddisk quota value2019-07-05T10:16:12ZTill BrehmDisallow 0 as website harddisk quota valueDisallow 0 as website harddisk quota value as this is treated by the quota command as unlimited too while ISPConfig uses -1 as unlimited value.Disallow 0 as website harddisk quota value as this is treated by the quota command as unlimited too while ISPConfig uses -1 as unlimited value.3.1.14