ISPConfig 3 issueshttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues2020-09-07T18:27:15Zhttps://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4969Apache fails start on Debian 8 (jessie) due to Protocol h2 setting aka not ch...2020-09-07T18:27:15ZPascal DreissenApache fails start on Debian 8 (jessie) due to Protocol h2 setting aka not checking minor version!## short description
On Debian 8 (jessie) on update or install the https://git.ispconfig.org/ispconfig/ispconfig3/blob/master/install/tpl/apache_ispconfig.vhost.master#L11 installs the http2 protocol settings, which is only available sin...## short description
On Debian 8 (jessie) on update or install the https://git.ispconfig.org/ispconfig/ispconfig3/blob/master/install/tpl/apache_ispconfig.vhost.master#L11 installs the http2 protocol settings, which is only available since apache 2.4.17. Since Debian 8 has apache 2.4.10 this is going to fail due to the fact that the minor version isn't checked. Due to this apache won't start!
## correct behaviour
Don't set `Protocols h2 h2c http/1.1` when using Debian 8, so basically we need to check the minor version (2.4.17 >=)
## environment
Server OS: (debian)
Server OS version: (jessie)
ISPConfig version: (3.1dev / master)
_you can use `grep 'ISPC_APP_VERSION' /usr/local/ispconfig/server/lib/config.inc.php` to get it from the command line_
If it might be related to the problem
```
## proposed fix
check the minor version (2.4.17 >=)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4657ispconfig 3.1.3: Statistics sorting2020-09-07T18:18:46ZLubosispconfig 3.1.3: Statistics sortingThe statistics (Web traffic, FTP traffic, site quota, database quota) under the Sites tab do not work sorting by size.
The same is for Email Statistics
![traffic](/uploads/75a86430db007a7d48bb3646490d67c0/traffic.png)The statistics (Web traffic, FTP traffic, site quota, database quota) under the Sites tab do not work sorting by size.
The same is for Email Statistics
![traffic](/uploads/75a86430db007a7d48bb3646490d67c0/traffic.png)3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4402MySQL Master Port is collected but not used in multiserver setup of slave ser...2020-09-07T18:15:16ZCostinMySQL Master Port is collected but not used in multiserver setup of slave serversIn case you have the master MySQL server running on a custom port, the config script is not implementing this option into the code even if it is collected from the input console.
Check install/install.php line 267 where this detail is ...In case you have the master MySQL server running on a custom port, the config script is not implementing this option into the code even if it is collected from the input console.
Check install/install.php line 267 where this detail is collected (custom MySQL port).
Then at install/install.php line 282 will fail because there is no MySQL server running at the standard port.
This bug may break your install in case of tunnel/proxy mysql remote server.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4932mysql port not used in installation2020-09-07T18:15:12ZAndy Stallardmysql port not used in installation## short description
on installation it asks for a mysql port, however this is not used
## correct behaviour
the mysql command needs something like this adding:
-P $port
I'm testing an installation and mysql is on a custom port which I'...## short description
on installation it asks for a mysql port, however this is not used
## correct behaviour
the mysql command needs something like this adding:
-P $port
I'm testing an installation and mysql is on a custom port which I've never used before, I enter port 3030 and the sql installation failed. I opened install/lib/installer_base.lip.php and hard coded ' -P 3030 ' into the query, this then ran properly.
## environment
centos 7.4
define('ISPC_APP_VERSION', '3.1.11');
## proposed fix
just add into the query starting on line 259:
-P $conf['mysql']['admin_port']3.1.12https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4836installer does not honor database port settings2020-09-07T18:14:04ZThomas Albechinstaller does not honor database port settingsIt seems like even if an alternate port is specified during install it will still try to connect on port 3306. Done tcpdump to verify that this is in fact the case.It seems like even if an alternate port is specified during install it will still try to connect on port 3306. Done tcpdump to verify that this is in fact the case.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4527Datalog modal dialog box close button not translated2020-09-07T18:12:11Zoliver gmelchDatalog modal dialog box close button not translatedThe close button caption in the datalog modal dialog box is neither translated nor translatable.The close button caption in the datalog modal dialog box is neither translated nor translatable.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4484Bug. Without translation the labels on buttons "Yes, re-login as" and "No, lo...2020-09-07T18:11:58ZAlexanderBug. Without translation the labels on buttons "Yes, re-login as" and "No, logout" in tab logout [+ solution bug]![relogin](/uploads/94bfaa0be93da9651cf65110d570e280/relogin.PNG)
The solution to the problem
/usr/local/ispconfig/interface/web/login/logout.php
Find the code starting at line number 59:
` <button class="btn btn-default formbu...![relogin](/uploads/94bfaa0be93da9651cf65110d570e280/relogin.PNG)
The solution to the problem
/usr/local/ispconfig/interface/web/login/logout.php
Find the code starting at line number 59:
` <button class="btn btn-default formbutton-success" type="button" value="Yes, re-login as ' . $utype . '" data-submit-form="pageForm" data-form-action="/login/index.php"><span>Yes, re-login as ' . $utype . '</span></button>`
and replace to this code:
` <button class="btn btn-default formbutton-success" type="button" value="'.$wb['yes_reloginas_txt'].' ' . $utype . '" data-submit-form="pageForm" data-form-action="/login/index.php"><span>'.$wb['yes_reloginas_txt'].' ' . $utype . '</span></button>`
Find the code starting at line number 60:
` <button class="btn btn-default formbutton-default" type="button" value="No, logout" data-load-content="login/logout.php?l=1"><span>No, logout</span></button>
</div>`
and replace to this code:
` <button class="btn btn-default formbutton-default" type="button" value="'.$wb['btn_nologout_txt'].'" data-load-content="login/logout.php?l=1"><span>'.$wb['btn_nologout_txt'].'</span></button>
</div>`
and to add the lines
`$wb['yes_reloginas_txt'] = 'Yes, re-login as';
$wb['btn_nologout_txt'] = 'No, logout';`
in files /usr/local/ispconfig/interface/web/login/lib/lang/{en, de, ru, etc}_login_as.lng3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4526Global search watermark string not translated2020-09-07T18:11:51Zoliver gmelchGlobal search watermark string not translatedThe watermark "Search" in the global search box is neither translated nor translatable.The watermark "Search" in the global search box is neither translated nor translatable.3.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4603APS installer use wrong db server2020-09-07T17:52:26ZLuisAPS installer use wrong db serverMy configuration is a multiserver setup, I followed the 3.1 manual.
The first server is only web and master db, the
"System -> Server Services" show the correct activated service for every server.
The "System -> Main Config" has "Def...My configuration is a multiserver setup, I followed the 3.1 manual.
The first server is only web and master db, the
"System -> Server Services" show the correct activated service for every server.
The "System -> Main Config" has "Default Webserver" and "Default Database Server" property configurated.
Even the client has the correct server's limit configurated.
But when a client uses APS to install a application, the APS install the databases on the first server (Only configurated to Web and the client don't has permission to used). The files are correct installed on the client webserver limited.
Configurations: Multi Debian 8 / ispconfig 3.1.2https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4390APS installer tasks get not added2020-09-07T17:51:54ZTill BrehmAPS installer tasks get not addedhttps://www.howtoforge.com/community/threads/aps-installer-not-installing-packages-after-update.75086/https://www.howtoforge.com/community/threads/aps-installer-not-installing-packages-after-update.75086/https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4503Create email account: Form field "Send outgoing copy to" displayed twice2020-09-07T17:48:12Zoliver gmelchCreate email account: Form field "Send outgoing copy to" displayed twiceWhen creating a new email account, the form field "Send outgoing copy to" is displayed twice in the HTML form, cf. the following example in interface/web/mail/templates/mail_user_mailbox_edit.htm:
` <div class="form-group">...When creating a new email account, the form field "Send outgoing copy to" is displayed twice in the HTML form, cf. the following example in interface/web/mail/templates/mail_user_mailbox_edit.htm:
` <div class="form-group">
<label for="name" class="col-sm-3 control-label">{tmpl_var name='cc_txt'}</label>
<div class="col-sm-6"><input type="text" name="cc" id="cc" value="{tmpl_var name='cc'}" class="form-control" /></div><div class="col-sm-3 input-sm"> {tmpl_var name='name_optional_txt'} {tmpl_var name='cc_note_txt'}
</div></div>
<div class="form-group">
<label for="sender_name" class="col-sm-3 control-label">{tmpl_var name='sender_cc_txt'}</label>
<div class="col-sm-6"><input type="text" name="sender_cc" id="sender_cc" value="{tmpl_var name='sender_cc'}" class="form-control" /></div><div class="col-sm-3 input-sm"> {tmpl_var name='name_optional_txt'} {tmpl_var name='sender_cc_note_txt'}
</div></div>`
Both input fields carry different IDs which both relate to fields in the table dbispconfig.mail_user that actually exist:
* cc
* sender_cc
Looking at /etc/postfix/mysql-virtual_outgoing_bcc.cf that has been generated by ISPConfig, I suspect that above field "cc" is obsolete and should be removed from both, dbispconfig and the mail module.
This behaviour has been observed using ISPConfig 3.1.2.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4371SSL view2020-09-07T17:46:54ZNedelcescu RaduSSL viewI have created 4 certificates, each from the ISP interface. But the moment I select a domain or subdomain from the SSL tab in a domain the keys and other things do not change, the last created certificate (of that domain) remains there...I have created 4 certificates, each from the ISP interface. But the moment I select a domain or subdomain from the SSL tab in a domain the keys and other things do not change, the last created certificate (of that domain) remains there. From the FTP I can see it is not the same and it differs.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4309ISPConfig 3.1 / 3.1.1 Login Page 404 Errors2020-09-07T17:45:46ZoNdsenISPConfig 3.1 / 3.1.1 Login Page 404 ErrorsIt seems that the 3.1 / 3.1.1 Default Template has some small Bugs on the Login Page:
![login](/uploads/c14f76eaa5c04783b1cc5333ea85c572/login.png)It seems that the 3.1 / 3.1.1 Default Template has some small Bugs on the Login Page:
![login](/uploads/c14f76eaa5c04783b1cc5333ea85c572/login.png)https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4663OCSP Stapling2020-09-07T16:09:18ZNinosOCSP StaplingIt would be nice to have ocsp stapling implemented into webservers. Before some days LetsEncrypt had problems with their OCSP, so such implementation would bypass OCSP errors.It would be nice to have ocsp stapling implemented into webservers. Before some days LetsEncrypt had problems with their OCSP, so such implementation would bypass OCSP errors.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3400Inadequate hostname validation rules prevent valid hostnames from being enter...2020-09-07T13:00:00ZBen JohnsonInadequate hostname validation rules prevent valid hostnames from being entered in Server ConfigNOTE: I am using ISPConfig 3.0.5.4.p5, but this version is not available in the "Reported Version" drop-down.
According to RFC 1123 ( https://tools.ietf.org/html/rfc1123 ), valid hostnames do not necessarily have to be fully-qualified d...NOTE: I am using ISPConfig 3.0.5.4.p5, but this version is not available in the "Reported Version" drop-down.
According to RFC 1123 ( https://tools.ietf.org/html/rfc1123 ), valid hostnames do not necessarily have to be fully-qualified domain names (FQDNs).
The ISPConfig interface seems to require a FQDN in the Hostname field. I am trying to enter a hostname such as "MY-SERVER" (without the quotes) and ISPConfig complains with "Invalid Hostname." when attempting to save the change.
From what I can determine, the validation was added with http://git.ispconfig.org/ispconfig/ispconfig3/commit/a43eb3b0ccaf84a6ab44a1f46f47cc4f8ce54844 .
I am happy to write a more suitable regular expression to validate hostnames, if one cannot readily be found on the Internet.
P.S. I am very grateful for the addition of the Hostname field.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3467Modify "PHP-FPM init script" field labels to reflect expected input type in v...2020-09-07T12:58:44ZBen JohnsonModify "PHP-FPM init script" field labels to reflect expected input type in various scenariosThere are two instances of the field labeled "PHP-FPM init script":
1) System -> Server Config -> [server name] -> Web -> PHP Settings
2) System -> Additional PHP Versions -> Add new PHP version -> PHP-FPM Settings
The first instance ...There are two instances of the field labeled "PHP-FPM init script":
1) System -> Server Config -> [server name] -> Web -> PHP Settings
2) System -> Additional PHP Versions -> Add new PHP version -> PHP-FPM Settings
The first instance of this field expects a "service name" or "init script name", which cannot contain a path prefix (i.e., no forward slashes). Per Till, "The field in server config shall contain either the name of the init script if its a init script based system or the name of the service if it uses a different init system."
The second instance expects a full path, which may contain forward slashes, because additional PHP versions may be installed anywhere on the system, including in uncommon locations, thus necessitating the ability to enter a full path.
The field labels should be modified to reflect the type of input that is required in each instance.
For detailed discussion, see:
https://www.howtoforge.com/community/threads/ispconfig-with-zend-server.68112/#post-324366https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/3073Check how the login as function can be enabled for manually created admins.2020-09-07T12:53:53ZTill BrehmCheck how the login as function can be enabled for manually created admins.http://www.howtoforge.com/forums/showthread.php?t=65232http://www.howtoforge.com/forums/showthread.php?t=65232https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4119[3.1rc1] "Make relative symlinks" prevents "Let's encrypt" renewal2020-09-07T12:41:28ZWolfspirit[3.1rc1] "Make relative symlinks" prevents "Let's encrypt" renewalHello,
I'm using latest 3.1 and noticed that my Let's encrypt certificates are not renewing.
The problem is that once "Make relative symlinks" is enabled in "Web" Config (which it was out of whatever reason...I have no idea) then ISPCon...Hello,
I'm using latest 3.1 and noticed that my Let's encrypt certificates are not renewing.
The problem is that once "Make relative symlinks" is enabled in "Web" Config (which it was out of whatever reason...I have no idea) then ISPConfig will generate the SSL File as a symlink to:
```
../../../../../../etc/letsencrypt/archive/DOMAIN/privkeyX.pem
```
instead of
```
/etc/letsencrypt/live/DOMAIN/privkey.pem
```
Once a renew happens the live symlink is changed but the ISPConfig SSL Symlink still points to the "old" one.
So internally it does what it says as it really makes relative symlinks but to the wrong file causing the renew feature of Lets Encrypt to break.
Also I have no idea why "Make relative symlinks" was checked on my server.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/4380letsencrypt symlinks in ../ssl folder refers to archive folder2020-09-07T12:41:27Zchicoletsencrypt symlinks in ../ssl folder refers to archive folderHi,
in ispconfig 3.1. the symlinks in /var/www/domain/ssl refers to /etc/letsencrypt/archive/domain.
Because of the renew mechanism in lets encrypt the files there are counted up and the newest files has the highest number e.g. cert99....Hi,
in ispconfig 3.1. the symlinks in /var/www/domain/ssl refers to /etc/letsencrypt/archive/domain.
Because of the renew mechanism in lets encrypt the files there are counted up and the newest files has the highest number e.g. cert99.pem.
The symlinks in the live folder of letsencrypt refers to this files with the highest number e.g.
cert.pem -> ../../archive/domain/cert99.pem
so it would be better to set the symlinks in /var/www/domain/ssl to /etc/letsencrypt/live/domain. Otherwise every manually updated certificate with *certbot-auto renew* would not be recognised by the ISPconfig installation and the related domains.https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5314Clean up SSL-config at least for apache2 to disable TLS1.0 and make use of re...2020-09-07T12:35:56ZKaiClean up SSL-config at least for apache2 to disable TLS1.0 and make use of recommended settings## Whats wrong?
Using ispconfig with Apache and Lets Encrypt leads to a situation where one seems to have no chance to disable TLSv1.0.
There is a setting in httpd.conf, maybe in httpd.conf.d, in the vhosts-File, in /etc/letsencrypt/opti...## Whats wrong?
Using ispconfig with Apache and Lets Encrypt leads to a situation where one seems to have no chance to disable TLSv1.0.
There is a setting in httpd.conf, maybe in httpd.conf.d, in the vhosts-File, in /etc/letsencrypt/options-ssl-apache.conf
Some of them are rewritten if you change settings of the specific vhost, some not. The settings in /etc/letsencrypt/options-ssl-apache.conf seem to overwrite some settings. Some settings seem to be overwritten, when the ispconfig cronjobs run, but it is not exactly clear, which of those files are affected.
## correct behaviour
Maybe it might be considered to clean up this mess ;-)
Considerations:
* make use of the settings from https://cipherli.st/ and put them into the template-files for apache2/nginx/lighttpd
* create a graphical representation of how and when which setting wins, especially for apache2
* remove duplicates of settings or try to find out, who wins
* add option to set this stuff at a central place to be used for all vhosts (either as a textfile or as a setting in the GUI)
## environment
Server OS: Ubuntu, but independent
Server OS version: independent
Webserver: Apache/2.4.18
ISPConfig version: 3.1.13p1