diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e7a4bf81481d388375c2e50d0d47efe1f6c086e4..75301f8723fa7f08c2bc1e39c9942ec806827a9f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -90,7 +90,7 @@ build:package:
- if [[ "$VER" == "" ]] ; then VER="3.2dev"$(date +%s) ; fi
- if [[ "$VER" != "" ]] ; then echo "Replacing 3.2dev by $VER" ; sed -i -r 's/3\.2dev/'${VER}'/g' install/tpl/config.inc.php.master install/sql/ispconfig3.sql ; fi
- RET=0
- - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' . || RET=$?
+ - tar -cpzf ISPConfig-${VER}.tar.gz --exclude "ISPConfig-${VER}.tar.gz" --exclude ".git*" --exclude ".phplint.yml" --transform 's,^\./,ispconfig3_install/,' --mode='0775' ./* || RET=$?
- if [[ $RET > 1 ]] ; then exit $RET ; fi
- echo "Listing tar contents for verification"
- tar -tvf ISPConfig-${VER}.tar.gz
@@ -101,4 +101,4 @@ build:package:
- echo "Download url is https://download.ispconfig.org/ISPConfig-${VER}.tar.gz"
needs: ["syntax:lint"]
- allow_failure: false
\ No newline at end of file
+ allow_failure: false
diff --git a/install/dist/conf/gentoo.conf.php b/install/dist/conf/gentoo.conf.php
index 057d397796d931fe54a7a962227be66fe03a95e0..1252fc7a76fe8ea270cb2da0c1cf2f6bcd91b5b8 100644
--- a/install/dist/conf/gentoo.conf.php
+++ b/install/dist/conf/gentoo.conf.php
@@ -51,6 +51,8 @@ $conf['services']['dns'] = true;
$conf['services']['file'] = true;
$conf['services']['db'] = true;
$conf['services']['vserver'] = true;
+$conf['services']['proxy'] = false;
+$conf['services']['firewall'] = false;
//* MySQL
$conf['mysql']['installed'] = false; // will be detected automatically during installation
@@ -80,7 +82,7 @@ $conf['apache']['installed'] = false; // will be detected automatically during i
$conf['apache']['user'] = 'apache';
$conf['apache']['group'] = 'apache';
$conf['apache']['init_script'] = 'apache2';
-$conf['apache']['version'] = '2.2';
+$conf['apache']['version'] = '2.4';
$conf['apache']['config_dir'] = '/etc/apache2';
$conf['apache']['config_file'] = $conf['apache']['config_dir'] .'/httpd.conf';
$conf['apache']['ssl_dir'] = '/etc/ssl/apache2';
@@ -88,8 +90,8 @@ $conf['apache']['vhost_conf_dir'] = $conf['apache']['config_dir'] . '/vhosts.d';
$conf['apache']['vhost_conf_enabled_dir'] = $conf['apache']['vhost_conf_dir'];
$conf['apache']['vhost_default'] = '00_default_vhost.conf';
$conf['apache']['vhost_port'] = '8080';
-$conf['apache']['php_ini_path_apache'] = '/etc/php/apache2-php5/php.ini';
-$conf['apache']['php_ini_path_cgi'] = '/etc/php/cgi-php5/php.ini';
+$conf['apache']['php_ini_path_apache'] = '/etc/php/apache2-php7.4/php.ini';
+$conf['apache']['php_ini_path_cgi'] = '/etc/php/cgi-php7.4/php.ini';
//* Website base settings
$conf['web']['website_basedir'] = '/var/www';
@@ -110,7 +112,7 @@ $conf['awstats']['pl'] = '/usr/bin/awstats.pl';
$conf['awstats']['buildstaticpages_pl'] = '/usr/bin/awstats_buildstaticpages.pl';
//* Fastcgi
-$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/cgi-php5';
+$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/cgi-php7.4';
$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
@@ -131,6 +133,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
+//* mlmmj
+$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
+$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
+
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['user'] = 'getmail';
@@ -176,6 +182,7 @@ $conf['pureftpd']['installed'] = false; // will be detected automatically during
$conf['pureftpd']['config_file'] = '/etc/conf.d/pure-ftpd';
$conf['pureftpd']['mysql_config_file'] = '/etc/pureftpd-mysql.conf';
$conf['pureftpd']['init_script'] = 'pure-ftpd';
+$conf['pureftpd']['main_config_file'] = '/etc/pure-ftpd.conf';
//* MyDNS
$conf['mydns']['installed'] = false; // will be detected automatically during installation
@@ -226,6 +233,13 @@ $conf['nginx']['php_fpm_pool_dir'] = '/etc/php5/fpm/pool.d';
$conf['nginx']['php_fpm_start_port'] = 9010;
$conf['nginx']['php_fpm_socket_dir'] = '/var/lib/php5-fpm';
+//* OpenVZ
+$conf['openvz']['installed'] = false;
+
+//*Bastille-Firwall
+$conf['bastille']['installed'] = false;
+$conf['bastille']['config_dir'] = '/etc/Bastille';
+
//* vlogger
$conf['vlogger']['config_dir'] = '/etc/vlogger';
@@ -235,10 +249,12 @@ $conf['cron']['crontab_dir'] = '/etc/cron.d';
$conf['cron']['group'] = 'cron';
$conf['cron']['wget'] = '/usr/bin/wget';
-//* OpenVZ
-$conf['openvz']['installed'] = false;
+//* Metronome XMPP
+$conf['xmpp']['installed'] = false;
+$conf['xmpp']['init_script'] = 'metronome';
// AppArmor
$conf['apparmor']['installed'] = false;
+
?>
diff --git a/install/dist/tpl/gentoo/apache_ispconfig.vhost.master b/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
index 01b3b383d572c4de38036ecaeadafcc079cd8e8c..e885b381bc994bfb973572aa3b9a5bc56fcb98b1 100644
--- a/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
+++ b/install/dist/tpl/gentoo/apache_ispconfig.vhost.master
@@ -6,7 +6,7 @@
{vhost_port_listen} Listen {vhost_port}
<tmpl_if name='apache_version' op='<' value='2.4' format='version'>
- NameVirtualHost *:{vhost_port}
+ # NameVirtualHost *:{vhost_port}
</tmpl_if>
<VirtualHost _default_:{vhost_port}>
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index 12440105af55fa94451bde61d5854402f35ed336..b3610db6107140a9a0f7a4bb049e9bdb28ea4536 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -52,7 +52,7 @@ class installer_base {
}
public function update_acme() {
- $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
+ $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
$acme = reset($acme);
$val = 0;
@@ -892,6 +892,20 @@ class installer_base {
public function configure_mailman($status = 'insert') {
global $conf;
+ // Fix for #6314: bug on Debian 11 systems where Mailman3 is not available and broken routes exist in the Mailman config
+ $data_dir = '/var/lib/mailman';
+ if (($conf['mailman']['installed'] != true) && is_dir($data_dir)) {
+ rename($data_dir, $data_dir . '-bk');
+ //* Create the mailman files
+ if(!is_dir('/var/lib/mailman/data')) exec('mkdir -p /var/lib/mailman/data');
+ if(!is_file('/var/lib/mailman/data/aliases')) touch('/var/lib/mailman/data/aliases');
+ exec('postmap /var/lib/mailman/data/aliases');
+ if(!is_file('/var/lib/mailman/data/virtual-mailman')) touch('/var/lib/mailman/data/virtual-mailman');
+ exec('postmap /var/lib/mailman/data/virtual-mailman');
+ if(!is_file('/var/lib/mailman/data/transport-mailman')) touch('/var/lib/mailman/data/transport-mailman');
+ exec('postmap /var/lib/mailman/data/transport-mailman');
+ }
+
$config_dir = $conf['mailman']['config_dir'].'/';
$full_file_name = $config_dir.'mm_cfg.py';
//* Backup exiting file
@@ -1653,7 +1667,7 @@ class installer_base {
//* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT mail_server, config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
- $mail_server = ($server_ini_rec['mail_server']) ? true : false;
+ $mail_server = $conf['services']['mail'];
unset($server_ini_rec);
// amavisd user config file
@@ -1777,7 +1791,7 @@ class installer_base {
//* These postconf commands will be executed on installation and update
$server_ini_rec = $this->db->queryOneRecord("SELECT mail_server, config FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
$server_ini_array = ini_to_array(stripslashes($server_ini_rec['config']));
- $mail_server = ($server_ini_rec['mail_server']) ? true : false;
+ $mail_server = $conf['services']['mail'];
unset($server_ini_rec);
$config_dir = $conf['postfix']['config_dir'];
@@ -1981,8 +1995,13 @@ class installer_base {
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/local.d/maps.d/* /etc/rspamd/override.d/*');
# protect passwords in these files
- exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
- exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
+ exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf');
+ exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf');
+
+ if(file_exists('/etc/rspamd/local.d/worker-controller.inc')) {
+ exec('chgrp _rspamd /etc/rspamd/local.d/worker-controller.inc');
+ exec('chmod 640 /etc/rspamd/local.d/worker-controller.inc');
+ }
# unneccesary, since this was done above?
$command = 'usermod -a -G amavis _rspamd';
diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master
deleted file mode 100644
index 6957ed5eb8062dc8f65021710ebb637c5e22dc7d..0000000000000000000000000000000000000000
--- a/install/tpl/apache_apps.vhost.master
+++ /dev/null
@@ -1,134 +0,0 @@
-######################################################
-# This virtual host contains the configuration
-# for the ISPConfig apps vhost
-######################################################
-
-{tmpl_var name='vhost_port_listen'} Listen {tmpl_var name='apps_vhost_port'}
-# NameVirtualHost *:{tmpl_var name='apps_vhost_port'}
-
-<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
- ServerAdmin webmaster@localhost
- {tmpl_var name='apps_vhost_servername'}
-
- <Directory {tmpl_var name='apps_vhost_dir'}>
- <FilesMatch "\.ph(p3?|tml)$">
- SetHandler None
- </FilesMatch>
- </Directory>
-
- # SSL Configuration
- <tmpl_var name="ssl_comment">SSLEngine On
- <tmpl_if name='apache_version' op='>=' value='2.3.16' format='version'>
- <tmpl_var name="ssl_comment">SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
- <tmpl_else>
- <tmpl_var name="ssl_comment">SSLProtocol All -SSLv2 -SSLv3
- </tmpl_if>
- <tmpl_var name="ssl_comment">SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
- <tmpl_var name="ssl_comment">SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
- <tmpl_var name="ssl_bundle_comment">SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
-
- <tmpl_var name="ssl_comment">SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- <tmpl_var name="ssl_comment">SSLHonorCipherOrder On
- <tmpl_if name='apache_version' op='>=' value='2.4.3' format='version'>
- <tmpl_var name="ssl_comment">SSLCompression Off
- </tmpl_if>
- <tmpl_if name='apache_version' op='>=' value='2.4.11' format='version'>
- <tmpl_var name="ssl_comment">SSLSessionTickets Off
- </tmpl_if>
-
- <IfModule mod_headers.c>
- # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
- Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
- <tmpl_var name="ssl_comment">Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
- Header set X-Content-Type-Options: nosniff
- Header set X-Frame-Options: SAMEORIGIN
- Header set X-XSS-Protection: "1; mode=block"
- Header always edit Set-Cookie (.*) "$1; HTTPOnly"
- <tmpl_var name="ssl_comment">Header always edit Set-Cookie (.*) "$1; Secure"
- <IfVersion >= 2.4.7>
- Header setifempty Strict-Transport-Security "max-age=15768000"
- </IfVersion>
- <IfVersion < 2.4.7>
- Header set Strict-Transport-Security "max-age=15768000"
- </IfVersion>
- RequestHeader unset Proxy early
- </IfModule>
-
- <tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
- <tmpl_var name="ssl_comment">SSLUseStapling On
- <tmpl_var name="ssl_comment">SSLStaplingResponderTimeout 5
- <tmpl_var name="ssl_comment">SSLStaplingReturnResponderErrors Off
- </tmpl_if>
-
- <IfModule mod_headers.c>
- RequestHeader unset Proxy early
- </IfModule>
-
- <IfModule mod_php5.c>
- DocumentRoot {tmpl_var name='apps_vhost_dir'}
- AddType application/x-httpd-php .php
- <Directory {tmpl_var name='apps_vhost_dir'}>
- Options FollowSymLinks
- AllowOverride None
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
- Order allow,deny
- Allow from all
- </tmpl_if>
- </Directory>
- </IfModule>
-
- <IfModule mod_php7.c>
- DocumentRoot {tmpl_var name='apps_vhost_dir'}
- AddType application/x-httpd-php .php
- <Directory {tmpl_var name='apps_vhost_dir'}>
- Options FollowSymLinks
- AllowOverride None
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
- Order allow,deny
- Allow from all
- </tmpl_if>
- </Directory>
- </IfModule>
-
- <IfModule mod_fcgid.c>
- DocumentRoot {tmpl_var name='apps_vhost_dir'}
- SuexecUserGroup ispapps ispapps
- <Directory {tmpl_var name='apps_vhost_dir'}>
- Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
- AllowOverride AuthConfig Indexes Limit Options FileInfo
- <FilesMatch "\.php$">
- SetHandler fcgid-script
- </FilesMatch>
- FCGIWrapper {tmpl_var name='apps_vhost_basedir'}/php-fcgi-scripts/apps/.php-fcgi-starter .php
- <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
- Require all granted
- <tmpl_else>
- Order allow,deny
- Allow from all
- </tmpl_if>
- </Directory>
- IPCCommTimeout 7200
- MaxRequestLen 15728640
- </IfModule>
-
-{tmpl_if name="use_rspamd"}
- <Location /rspamd>
- Order allow,deny
- Allow from all
- </Location>
- RewriteEngine On
- RewriteRule ^/rspamd$ /rspamd/ [R,L]
- RewriteRule ^/rspamd/(.*) http://127.0.0.1:11334/$1 [P]
-{/tmpl_if}
-
-</VirtualHost>
-
-<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
-<IfModule mod_ssl.c>
- <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
-</IfModule>
-</tmpl_if>
diff --git a/install/tpl/apache_apps.vhost.master b/install/tpl/apache_apps.vhost.master
new file mode 120000
index 0000000000000000000000000000000000000000..a2fefe5c926292f5d2f954788eeda1e76d1798b4
--- /dev/null
+++ b/install/tpl/apache_apps.vhost.master
@@ -0,0 +1 @@
+server/conf/apache_apps.vhost.master
\ No newline at end of file
diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index 7c371a217168daccacdedd378f76b4b532367bb6..521e418f6c6be9f635b5954f291ae79cf97e9699 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -140,6 +140,7 @@ php_fpm_default_chroot=n
bind_user=root
bind_group=bind
bind_zonefiles_dir=/etc/bind
+bind_keyfiles_dir=/etc/bind
named_conf_path=/etc/bind/named.conf
named_conf_local_path=/etc/bind/named.conf.local
disable_bind_log=n
diff --git a/install/tpl/system.ini.master b/install/tpl/system.ini.master
index 1ac932aea392716d66bddd0d232e95a68632450a..6ea6f4f9705818712067a9a6d5ac49b419d284f2 100644
--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -39,6 +39,7 @@ web_php_options=no,fast-cgi,mod,php-fpm
show_aps_menu=n
client_protection=y
ssh_authentication=
+le_caa_autocreate_options=y
[tools]
diff --git a/install/uninstall.php b/install/uninstall.php
index 37cbe05f866a8cce939551f2f290c5cbb965cb91..01543a64ffb222dbf8e4904d1dbcacb359719d2d 100644
--- a/install/uninstall.php
+++ b/install/uninstall.php
@@ -98,6 +98,7 @@ if($do_uninstall == 'yes') {
@exec('chattr -i /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
@unlink("/var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter");
@unlink("/var/www/php-fcgi-scripts/ispconfig");
+ @unlink("/etc/ssl/private/pure-ftpd.pem");
echo "Backups in /var/backup/ and log files in /var/log/ispconfig are not deleted.";
echo "Finished uninstalling.\n";
diff --git a/interface/lib/classes/functions.inc.php b/interface/lib/classes/functions.inc.php
index 1b396686740bc026b11204d09697debff3cd1a45..629da2fb0e21ad9ecc9dc92f99e29f1665d908c7 100644
--- a/interface/lib/classes/functions.inc.php
+++ b/interface/lib/classes/functions.inc.php
@@ -334,6 +334,14 @@ class functions {
$domain = substr($domain, strrpos($domain, '@') + 1);
}
+ // idn_to_* chokes on leading dots, but we need them for amavis, so remove it for later
+ if(substr($domain, 0, 1) === '.') {
+ $leading_dot = true;
+ $domain = substr($domain, 1);
+ } else {
+ $leading_dot = false;
+ }
+
if($encode == true) {
if(function_exists('idn_to_ascii')) {
if(defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46') && constant('IDNA_NONTRANSITIONAL_TO_ASCII')) {
@@ -378,6 +386,10 @@ class functions {
}
}
+ if($leading_dot == true) {
+ $domain = '.' . $domain;
+ }
+
if($user_part !== false) return $user_part . '@' . $domain;
else return $domain;
}
diff --git a/interface/lib/classes/ids.inc.php b/interface/lib/classes/ids.inc.php
index 6d197264178f05c533a5e5dfa1049e95e39ddcc4..ffa24a294e75ca7d1988bc822f387bdc79273340 100644
--- a/interface/lib/classes/ids.inc.php
+++ b/interface/lib/classes/ids.inc.php
@@ -77,7 +77,7 @@ class ids {
$line = trim($line);
if(substr($line,0,1) != '#') {
list($user,$path,$varname) = explode(':',$line);
- if($current_script_name == $path) {
+ if($current_script_name == $path || $path == '*') {
if($user = 'any'
|| ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin'))
|| ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) {
@@ -100,7 +100,7 @@ class ids {
$line = trim($line);
if(substr($line,0,1) != '#') {
list($user,$path,$varname) = explode(':',$line);
- if($current_script_name == $path) {
+ if($current_script_name == $path || $path == '*') {
if($user = 'any'
|| ($user == 'user' && ($_SESSION['s']['user']['typ'] == 'user' || $_SESSION['s']['user']['typ'] == 'admin'))
|| ($user == 'admin' && $_SESSION['s']['user']['typ'] == 'admin')) {
diff --git a/interface/lib/plugins/system_config_dns_ca_plugin.inc.php b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
index c35934e5bfa542b9d5540802100eec148306f74c..ba28ca0641e04a0d1d95bd275ef796cba01c86e3 100644
--- a/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
+++ b/interface/lib/plugins/system_config_dns_ca_plugin.inc.php
@@ -65,9 +65,11 @@ class system_config_dns_ca_plugin {
}
function web_vhost_domain_edit($event_name, $page_form) {
- global $app;
+ global $app, $conf;
+
+ $global_config = $app->getconf->get_global_config('sites');
- if($page_form->dataRecord['ssl_letsencrypt'] == 'y') {
+ if(($page_form->dataRecord['ssl_letsencrypt'] == 'y') && ($global_config['le_caa_autocreate_options'] != 'n')) {
$domain = $page_form->dataRecord['domain'];
$subdomain = $page_form->dataRecord['subdomain'];
$temp=$app->db->queryAllRecords("SELECT * FROM dns_rr WHERE type = 'CAA' AND (name = ? OR name = ?) AND data like ?", $domain.'.', $subdomain.'.'.$domain.'.', '%letsencrypt%');
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index bede61a3ddde653c85f7581940b2cb19a31c25ff..679ebb2b7fae5ddcff4706d56bd391b3142f7bb3 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -1652,6 +1652,20 @@ $form["tabs"]['dns'] = array(
'width' => '40',
'maxlength' => '255'
),
+ 'bind_keyfiles_dir' => array(
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '',
+ 'validators' => array( 0 => array('type' => 'NOTEMPTY',
+ 'errmsg' => 'bind_keyfiles_dir_error_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^\/[a-zA-Z0-9\.\-\_\/]{1,128}$/',
+ 'errmsg'=> 'bind_keyfiles_dir_error_regex'),
+ ),
+ 'value' => '',
+ 'width' => '40',
+ 'maxlength' => '255'
+ ),
'named_conf_path' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index bce858b5221a274487ec81b03b0d778b6474c8c5..22212b8b749eedb6fd492a21139ed3cdce10f3b6 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -246,7 +246,13 @@ $form["tabs"]['sites'] = array (
'formtype' => 'SELECT',
'default' => '',
'value' => array('' => 'ssh_authentication_password_key', 'password' => 'ssh_authentication_password', 'key' => 'ssh_authentication_key')
- )
+ ),
+ 'le_caa_autocreate_options' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'y',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
//#################################
// END Datatable fields
//#################################
diff --git a/interface/web/admin/form/users.tform.php b/interface/web/admin/form/users.tform.php
index bc77087e2852c71d10f416e559b23291ab86b243..05e88e2e2bd11d7d311eab32fe4c307435a67913 100644
--- a/interface/web/admin/form/users.tform.php
+++ b/interface/web/admin/form/users.tform.php
@@ -251,7 +251,7 @@ $form['tabs']['users'] = array (
'formtype' => 'CHECKBOX',
'regex' => '',
'errmsg' => '',
- 'default' => '',
+ 'default' => '1',
'value' => array(0 => 0, 1 => 1),
'separator' => '',
'width' => '30',
diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng
index a10274c670519674f336c0406f855cec6df4eb87..4ae8ad3416b7d0a084dd880830c7ab17797145ee 100644
--- a/interface/web/admin/lib/lang/ar_system_config.lng
+++ b/interface/web/admin/lib/lang/ar_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng
index 898020365f07503859375268e1d0d7940c72e513..2029f38ed2299bdc44dda1fca784414558e9be5a 100644
--- a/interface/web/admin/lib/lang/bg_system_config.lng
+++ b/interface/web/admin/lib/lang/bg_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng
index 1fb510ace046206ee404107ca32e9eef74068469..1128081d2de44f5f1d2767aa8f700e330093973d 100644
--- a/interface/web/admin/lib/lang/br_system_config.lng
+++ b/interface/web/admin/lib/lang/br_system_config.lng
@@ -107,3 +107,4 @@ $wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['monitor_key_txt'] = 'Senha do Monitor';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng
index 68ca245f3dd26e85b9d45701d86f5de19d3de13e..0c025306087190f150de459d187a808d4b0e1461 100644
--- a/interface/web/admin/lib/lang/ca_system_config.lng
+++ b/interface/web/admin/lib/lang/ca_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng
index c6f45e7d46319e764172fd4081017c5b71b9892e..fb0e65d5e7cdc4fc1d8276d1a1a23c54212e61fd 100644
--- a/interface/web/admin/lib/lang/cz_system_config.lng
+++ b/interface/web/admin/lib/lang/cz_system_config.lng
@@ -107,3 +107,4 @@ $wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['monitor_key_txt'] = 'Monitor keyword';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng
index 328124f6e72e33c0a0cadb6ab3d0a3b9546ef885..ed4c26f61de5a9b9ac276afc12d1c9c109f150bb 100644
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Automatische Erstellung des CAA-Records bei LE Ausstellung aktivieren';
?>
diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng
index 71533e77d0469e26624c1fd33b9c09e1028163dd..971253aae773517e8cd56f0a0fbd1503e5508d88 100644
--- a/interface/web/admin/lib/lang/dk_system_config.lng
+++ b/interface/web/admin/lib/lang/dk_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng
index f64df47bc949ca1bb6ca3e571994878e3f79dd51..8bfe8012de1d9c98b30a55ebdd1cc051480b31a7 100644
--- a/interface/web/admin/lib/lang/el_system_config.lng
+++ b/interface/web/admin/lib/lang/el_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 748e4c6d581bd9c9533e5c7d00fe4bcad3ec75c7..363f528fba2d713e819e112578797a15b7c1b782 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -91,10 +91,12 @@ $wb['apps_vhost_servername_txt'] = 'Apps-vhost Domain';
$wb['bind_user_txt'] = 'BIND User';
$wb['bind_group_txt'] = 'BIND Group';
$wb['bind_zonefiles_dir_txt'] = 'BIND zonefiles directory';
+$wb['bind_keyfiles_dir_txt'] = 'BIND keyfiles directory';
$wb['named_conf_path_txt'] = 'BIND named.conf path';
$wb['bind_user_error_empty'] = 'BIND user is empty.';
$wb['bind_group_error_empty'] = 'BIND group is empty.';
$wb['bind_zonefiles_dir_error_empty'] = 'BIND zonefiles directory is empty.';
+$wb['bind_keyfiles_dir_error_empty'] = 'BIND keyfiles directory is empty.';
$wb['named_conf_path_error_empty'] = 'BIND named.conf path is empty.';
$wb['named_conf_local_path_error_empty'] = 'BIND named.conf.local path is empty.';
$wb['mail_filter_syntax_txt'] = 'Mailfilter Syntax';
@@ -281,6 +283,7 @@ $wb['awstats_buildstaticpages_pl_error_regex'] = 'Invalid awstats_buildstaticpag
$wb['invalid_bind_user_txt'] = 'Invalid BIND user.';
$wb['invalid_bind_group_txt'] = 'Invalid BIND group.';
$wb['bind_zonefiles_dir_error_regex'] = 'Invalid BIND zonefiles directory.';
+$wb['bind_keyfiles_dir_error_regex'] = 'Invalid BIND keyfiles directory.';
$wb['named_conf_path_error_regex'] = 'Invalid named.conf path.';
$wb['named_conf_local_path_error_regex'] = 'Invalid named.conf.local path.';
$wb['fastcgi_starter_path_error_regex'] = 'Invalid fastcgi starter path.';
diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng
index 2f32d4feaaf743d705907aeaa3b3cf8b15027820..9cf04103bbec468911d70dcf98f79eadcd743010 100644
--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
@@ -107,4 +107,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng
index 471975be4330c60dee4291ae405b35df501e82ac..844c19db5884f2efbbd62eb6fc8ed40338d775f9 100644
--- a/interface/web/admin/lib/lang/es_system_config.lng
+++ b/interface/web/admin/lib/lang/es_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng
index 30dd462a2955f13f0dae5234697d1dd71e8950dc..4b4bf32cc03589a7f93bf697bbe51af1e618d5e7 100644
--- a/interface/web/admin/lib/lang/fi_system_config.lng
+++ b/interface/web/admin/lib/lang/fi_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng
index ac606922a05896fd791d5aa7b85abbde0bfe34ca..801c27b5dfdc71104a4ed7dc09a070967b08f9bf 100644
--- a/interface/web/admin/lib/lang/fr_system_config.lng
+++ b/interface/web/admin/lib/lang/fr_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng
index 0f29ae0c0c5ad6c90d8c8fb7355ad51f7ecfe4e2..87fcfff64580e1243f284a794e102e625b15a513 100644
--- a/interface/web/admin/lib/lang/hr_system_config.lng
+++ b/interface/web/admin/lib/lang/hr_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng
index 1258e6acfe878a90df09079f58d7f995ea93ab6c..cdb31136622768878f44c3055f435975dd6be2aa 100644
--- a/interface/web/admin/lib/lang/hu_system_config.lng
+++ b/interface/web/admin/lib/lang/hu_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng
index 60eff076d378caabe62bd41685391a509a484e51..f9b3f87a00f2945e355f155f7c5332a799a43438 100644
--- a/interface/web/admin/lib/lang/id_system_config.lng
+++ b/interface/web/admin/lib/lang/id_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng
index d58e1d1d22f481647a73175938358d02486c193b..2f8950d7a31245434fb140b4dfb53f02d6364490 100644
--- a/interface/web/admin/lib/lang/it_system_config.lng
+++ b/interface/web/admin/lib/lang/it_system_config.lng
@@ -107,4 +107,5 @@ $wb['show_aps_menu_note_txt'] = 'APS saranno rimosse dal pannello in un prossimo
$wb['show_aps_menu_note_url_txt'] = 'Clicca qui per maggiori informazioni.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng
index b5601ea8009d3c3032dfb493b0de4c9b95466f1b..744d83a705615f40c5e43c8e29fb3975bddf0eee 100644
--- a/interface/web/admin/lib/lang/ja_system_config.lng
+++ b/interface/web/admin/lib/lang/ja_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng
index 107c42395ecf2420d7f2f3f0a00a9e30cc96b033..b40ce962851776e9c6a918ee5fcc65c82ed9d68b 100644
--- a/interface/web/admin/lib/lang/nl_system_config.lng
+++ b/interface/web/admin/lib/lang/nl_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng
index 1bb20987655cb6a7e836797904aa0258b4285c35..54312139770491061be918d60e0ab8b43ad5aec3 100644
--- a/interface/web/admin/lib/lang/pl_system_config.lng
+++ b/interface/web/admin/lib/lang/pl_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng
index 41becdf5cbb95f563a2816bb7e5c4aa7d7c222c2..8c995047b4f00b45eab26d1b8d85ba810c87e977 100644
--- a/interface/web/admin/lib/lang/pt_system_config.lng
+++ b/interface/web/admin/lib/lang/pt_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng
index 2fc1a00b5699762a99e3a2d165c45644fd62042e..9fd8e4d587774a0cddee588a167634ed9f3267cb 100644
--- a/interface/web/admin/lib/lang/ro_system_config.lng
+++ b/interface/web/admin/lib/lang/ro_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng
index d829d1ca97d642054958057b433a1b45132a0ac7..55c87315158fe9aab11d24c8608829b9db1040cf 100644
--- a/interface/web/admin/lib/lang/ru_system_config.lng
+++ b/interface/web/admin/lib/lang/ru_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng
index fa67bc2bc9265801ba2deb04cafd3bac98cb6137..d3de89aa55885efa8990e9caf4c095acaf7c20d7 100644
--- a/interface/web/admin/lib/lang/se_system_config.lng
+++ b/interface/web/admin/lib/lang/se_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng
index 317b435eae569d8a3ba79e707d3ba33276d80b4f..1e85adca8c12ef1437dc598ef610d33c526436ab 100644
--- a/interface/web/admin/lib/lang/sk_system_config.lng
+++ b/interface/web/admin/lib/lang/sk_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng
index a6e6299375f1820031bb7181429ab0d52358b992..6054bebc888c57cb47e6d49c0fb83ba73271ead0 100644
--- a/interface/web/admin/lib/lang/tr_system_config.lng
+++ b/interface/web/admin/lib/lang/tr_system_config.lng
@@ -106,4 +106,5 @@ $wb['show_aps_menu_txt'] = 'Show APS menu';
$wb['show_aps_menu_note_txt'] = 'APS will be removed from the panel in the near future.';
$wb['show_aps_menu_note_url_txt'] = 'Click here for more information.';
$wb['dns_show_zoneexport_txt'] = 'Show zone export.';
+$wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record on issuing LE';
?>
diff --git a/interface/web/admin/templates/server_config_dns_edit.htm b/interface/web/admin/templates/server_config_dns_edit.htm
index 995acbf98651c2557ff0f2fb055a420f3f11aaf5..dcc7328e2c10cb4241ac8ff55a046ffbf3c3a6c2 100644
--- a/interface/web/admin/templates/server_config_dns_edit.htm
+++ b/interface/web/admin/templates/server_config_dns_edit.htm
@@ -11,6 +11,9 @@
<div class="form-group">
<label for="bind_zonefiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_zonefiles_dir_txt'}</label>
<div class="col-sm-9"><input type="text" name="bind_zonefiles_dir" id="bind_zonefiles_dir" value="{tmpl_var name='bind_zonefiles_dir'}" class="form-control" /></div></div>
+ <div class="form-group">
+ <label for="bind_keyfiles_dir" class="col-sm-3 control-label">{tmpl_var name='bind_keyfiles_dir_txt'}</label>
+ <div class="col-sm-9"><input type="text" name="bind_keyfiles_dir" id="bind_keyfiles_dir" value="{tmpl_var name='bind_keyfiles_dir'}" class="form-control" /></div></div>
<div class="form-group">
<label for="named_conf_path" class="col-sm-3 control-label">{tmpl_var name='named_conf_path_txt'}</label>
<div class="col-sm-9"><input type="text" name="named_conf_path" id="named_conf_path" value="{tmpl_var name='named_conf_path'}" class="form-control" /></div></div>
diff --git a/interface/web/admin/templates/system_config_sites_edit.htm b/interface/web/admin/templates/system_config_sites_edit.htm
index c0db318d0128a62a626b04c1f5383ee41bf222cb..9a36e3275ee2dcf9348cc559f76e89c63171f1e3 100644
--- a/interface/web/admin/templates/system_config_sites_edit.htm
+++ b/interface/web/admin/templates/system_config_sites_edit.htm
@@ -96,14 +96,19 @@
<label for="default_remote_dbserver" class="col-sm-3 control-label">{tmpl_var name='default_remote_dbserver_txt'}</label>
<div class="col-sm-9"><input type="text" name="default_remote_dbserver" id="default_remote_dbserver" value="{tmpl_var name='default_remote_dbserver'}" class="form-control" /></div>
</div>
- <div class="form-group">
- <label for="ssh_authentication" class="col-sm-3 control-label">{tmpl_var name='ssh_authentication_txt'}</label>
- <div class="col-sm-9"><select name="ssh_authentication" id="ssh_authentication" class="form-control">
- {tmpl_var name='ssh_authentication'}
- </select>
+ <div class="form-group">
+ <label for="ssh_authentication" class="col-sm-3 control-label">{tmpl_var name='ssh_authentication_txt'}</label>
+ <div class="col-sm-9"><select name="ssh_authentication" id="ssh_authentication" class="form-control">
+ {tmpl_var name='ssh_authentication'}
+ </select>
+ </div>
+ </div>
+ <div class="form-group">
+ <label class="col-sm-3 control-label">{tmpl_var name='le_caa_autocreate_options_txt'}</label>
+ <div class="col-sm-9">
+ {tmpl_var name='le_caa_autocreate_options'}
+ </div>
</div>
- </div>
-
<input type="hidden" name="id" value="{tmpl_var name='id'}">
diff --git a/interface/web/client/form/client.tform.php b/interface/web/client/form/client.tform.php
index 1f60ffe1b4ca4955a2b74dda44dbf4c307a1a1fc..c6d05f9eb32b92f792cf43bed278df262fb6631b 100644
--- a/interface/web/client/form/client.tform.php
+++ b/interface/web/client/form/client.tform.php
@@ -318,7 +318,7 @@ $form["tabs"]['address'] = array (
'country' => array (
'datatype' => 'VARCHAR',
'formtype' => 'SELECT',
- 'default' => (isset($conf['language']) ? strtoupper($conf['language']) : ''),
+ 'default' => (isset($conf['default_country'])) ? strtoupper($conf['default_country']) : ((isset($conf['language'])) ? strtoupper($conf['language']) : ''),
'datasource' => array ( 'type' => 'SQL',
'querystring' => 'SELECT iso,printable_name FROM country ORDER BY printable_name ASC',
'keyfield' => 'iso',
diff --git a/interface/web/dashboard/lib/lang/de_dashlet_limits.lng b/interface/web/dashboard/lib/lang/de_dashlet_limits.lng
index 68f5e262c2e44fbe53011e264a8b3c5b88cb2c74..07a84bef10e5493dc1090433c70913615aa72da8 100644
--- a/interface/web/dashboard/lib/lang/de_dashlet_limits.lng
+++ b/interface/web/dashboard/lib/lang/de_dashlet_limits.lng
@@ -27,8 +27,8 @@ $wb['limit_client_txt'] = 'Anzahl der Kunden';
$wb['limit_database_txt'] = 'Anzahl der Datenbanken';
$wb['limit_mailmailinglist_txt'] = 'Anzahl der Mailinglisten';
$wb['limit_domain_txt'] = 'Anzahl der Domains';
-$wb['limit_mailquota_txt'] = 'Assigned mailbox quota';
-$wb['limit_web_quota_txt'] = 'Assigned web quota';
-$wb['limit_database_quota_txt'] = 'Assigned database quota';
-$wb['limit_mail_wblist_txt'] = 'Number of email white / blacklist entries';
-?>
+$wb['limit_mailquota_txt'] = 'Zugewiesenes Postfach-Speicherkontingent';
+$wb['limit_web_quota_txt'] = 'Zugewiesenes Webspace-Speicherkontingent';
+$wb['limit_database_quota_txt'] = 'Zugewiesenes Datenbank-Speicherkontingent';
+$wb['limit_mail_wblist_txt'] = 'Anzahl der Email white / blacklist Einträge';
+
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index c4643f4ed2f9f7c076df06a15106b40c1ba93cb8..e85faff8d4ad2d2aa461e2944a296e844f22b944 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -140,7 +140,7 @@ function process_login_request(app $app, &$error, $conf, $module)
} else {
//* Do 2FA authentication
- if($user['otp_type'] != 'none') {
+ if(isset($user['otp_type']) && $user['otp_type'] != 'none') {
//* Save session in pending state and destroy original session
$_SESSION['s_pending'] = $_SESSION['s'];
diff --git a/interface/web/mail/lib/lang/de_mail_user.lng b/interface/web/mail/lib/lang/de_mail_user.lng
index 8e607b80f19598a3d6e07a8b11ef529cf0dffcc1..2c49f352ff12b599aa7229dcd5f30396d9887c5a 100644
--- a/interface/web/mail/lib/lang/de_mail_user.lng
+++ b/interface/web/mail/lib/lang/de_mail_user.lng
@@ -17,7 +17,7 @@ $wb['server_id_txt'] = 'Server ID';
$wb['password_txt'] = 'Passwort';
$wb['maildir_txt'] = 'E-Mail Verzeichnis';
$wb['postfix_txt'] = 'Aktiviere Empfang';
-$wb['tooltip_postfix_txt'] = 'Allows incoming mail to this address.';
+$wb['tooltip_postfix_txt'] = 'Lässt eingehende E-Mails an diese E-Mail-Adresse zu.';
$wb['greylisting_txt'] = 'Aktiviere Greylisting';
$wb['access_txt'] = 'Aktiviere Zugriff';
$wb['policy_txt'] = 'Spamfilter';
@@ -25,9 +25,9 @@ $wb['inherit_policy'] = '- Inherit domain setting -';
$wb['limit_mailbox_txt'] = 'Die maximale Anzahl an E-Mailkonten für Ihr Konto wurde erreicht.';
$wb['limit_mailquota_txt'] = 'Der maximale Speicherplatz für Ihr E-Mail Konto wurde erreicht. Der maximal verfügbare Speicher in MB ist';
$wb['disablesmtp_txt'] = 'SMTP (Mailversand) deaktivieren';
-$wb['tooltip_disablesmtp_txt'] = 'Disables mail submission from this mail account.';
-$wb['disabledeliver_txt'] = 'Disable (local) delivering';
-$wb['tooltip_disabledeliver_txt'] = 'Disables delivery to INBOX, and processing by mail filters and sieve scripts. Mail forwards to \'Send copy to\' address.';
+$wb['tooltip_disablesmtp_txt'] = 'Deaktiviert den Versand von E-Mails von diesem E-Mail-Konto.';
+$wb['disabledeliver_txt'] = 'Deaktiviere lokale Zustellung';
+$wb['tooltip_disabledeliver_txt'] = 'Deaktiviert die Zustellung in den Posteingang und die Verarbeitung durch Mailfilter und Sieve-Skripte. Mails werden an die Adresse \"Kopie senden an\" weitergeleitet.';
$wb['disableimap_txt'] = 'IMAP deaktivieren';
$wb['disablepop3_txt'] = 'POP3 deaktivieren';
$wb['password_strength_txt'] = 'Passwortkomplexität';
@@ -37,17 +37,17 @@ $wb['autoresponder_start_date_txt'] = 'Startet am';
$wb['autoresponder_start_date_ispast'] = 'Startdatum kann nicht in der Vergangenheit liegen.';
$wb['autoresponder_end_date_txt'] = 'Endet am';
$wb['autoresponder_end_date_isgreater'] = 'Enddatum muss angegeben werden und muss später als das Startdatum sein.';
-$wb['move_junk_txt'] = 'Spam E-Mails in das Junk Verzeichnis verschieben';
-$wb['move_junk_y_txt'] = 'Move first, before custom filters.';
-$wb['move_junk_a_txt'] = 'Move last, after custom filters.';
-$wb['move_junk_n_txt'] = 'Do not move Spam Emails to Junk folder.';
+$wb['move_junk_txt'] = 'Spam E-Mails in den Junk-Ordner verschieben';
+$wb['move_junk_y_txt'] = 'Zuerst verschieben, vor benutzerdefinierten Filtern.';
+$wb['move_junk_a_txt'] = 'Als Letztes verschieben, nach benutzerdefinierten Filtern.';
+$wb['move_junk_n_txt'] = 'Spam-E-Mails nicht in den Junk-Ordner verschieben.';
$wb['name_txt'] = 'Name';
$wb['name_optional_txt'] = '(optional)';
$wb['autoresponder_active'] = 'Autoresponder aktivieren';
$wb['cc_txt'] = 'Eingehende Mails in Kopie senden an';
$wb['cc_error_isemail'] = 'Das Feld "Kopie senden an" enthält keine gültige E-Mail Adresse';
-$wb['forward_in_lda_txt'] = 'Copy during delivery';
-$wb['tooltip_forward_in_lda_txt'] = 'Controls if mail copy is forwarded before or during delivery to mailbox.';
+$wb['forward_in_lda_txt'] = 'Kopiere E-Mail während der Zustellung';
+$wb['tooltip_forward_in_lda_txt'] = 'Legt fest, ob die E-Mail-Kopie vor oder während der Zustellung an die Mailbox weitergeleitet werden soll.';
$wb['login_error_unique'] = 'Benutzername wird bereits verwendet.';
$wb['login_error_regex'] = 'Zulässige Zeichen sind A-Z, a-z, 0-9, ., _ und -.';
$wb['login_txt'] = 'Anmelden';
@@ -70,8 +70,8 @@ $wb['sender_cc_txt'] = 'Kopie ausgehender Emails senden an (BCC)';
$wb['sender_cc_error_isemail'] = '-Kopie ausgehender Emails senden an- Feld enthält keine gültige Emailadresse';
$wb['sender_cc_note_txt'] = '(Mehrere E-Mail-Adressen mit Kommas trennen)';
$wb['password_click_to_set_txt'] = 'Passwort erzeugen';
-$wb['purge_trash_days_txt'] = 'Purge Trash automatically after X days';
-$wb['tooltip_purge_trash_days_txt'] = '0 = disabled';
-$wb['purge_junk_days_txt'] = 'Purge Junk automatically after X days';
-$wb['tooltip_purge_junk_days_txt'] = '0 = disabled';
-?>
+$wb['purge_trash_days_txt'] = 'Papierkorb automatisch nach X Tagen leeren';
+$wb['tooltip_purge_trash_days_txt'] = '0 = deaktiviert';
+$wb['purge_junk_days_txt'] = 'Junk-Ordner automatisch nach X Tagen leeren';
+$wb['tooltip_purge_junk_days_txt'] = '0 = deaktiviert';
+
diff --git a/interface/web/sites/lib/lang/de_web_vhost_domain.lng b/interface/web/sites/lib/lang/de_web_vhost_domain.lng
index e99e1eebcbaf82827f8d19cb9d7c456ccdb35455..79ae474885ac1d4ffeb0f301ce0271eb92c0c094 100644
--- a/interface/web/sites/lib/lang/de_web_vhost_domain.lng
+++ b/interface/web/sites/lib/lang/de_web_vhost_domain.lng
@@ -14,7 +14,7 @@ $wb['domain_txt'] = 'Domain';
$wb['type_txt'] = 'Typ';
$wb['parent_domain_id_txt'] = 'Zugehörige Webseite';
$wb['web_folder_error_regex'] = 'Ungültige Verzeichnisangabe, bitte keinen / eingeben.';
-$wb['web_folder_error_empty'] = 'Web folder cannot be empty. Use /web/ to make the same as the Parent Website';
+$wb['web_folder_error_empty'] = 'Der Webordner darf nicht leer sein. Verwenden Sie /web/, um denselben Ordner wie die übergeordnete Website zu erstellen.';
$wb['redirect_type_txt'] = 'Weiterleitungstyp';
$wb['r_redirect_txt'] = 'R (Temporary redirect)';
$wb['l_redirect_txt'] = 'L (Last redirect rule)';
@@ -105,7 +105,7 @@ $wb['hd_quota_error_regex'] = 'Speicherplatzbeschränkung ist ungültig.';
$wb['traffic_quota_error_regex'] = 'Transfervolumenbeschränkung ist ungültig.';
$wb['server_php_id_txt'] = 'PHP Version';
$wb['server_php_id_invalid_txt'] = 'PHP Version is ungültig.';
-$wb['server_php_id_default_hidden_warning_txt'] = 'PHP Version was set to "default" but that can no longer be selected. Choose your desired PHP Version and save your settings.';
+$wb['server_php_id_default_hidden_warning_txt'] = 'Die PHP-Version war auf "Standard oder Default" eingestellt, kann aber nicht mehr ausgewählt werden. Wählen Sie die gewünschte PHP-Version und speichern Sie Ihre Einstellungen.';
$wb['pm_txt'] = 'PHP-FPM FastCGI Prozess Manager';
$wb['pm_process_idle_timeout_txt'] = 'PHP-FPM pm.process_idle_timeout';
$wb['pm_max_requests_txt'] = 'PHP-FPM pm.max_requests';
@@ -155,20 +155,20 @@ $wb['http_port_txt'] = 'HTTP Port';
$wb['https_port_txt'] = 'HTTPS Port';
$wb['http_port_error_regex'] = 'HTTP Port ungültig.';
$wb['https_port_error_regex'] = 'HTTPS Port ungültig.';
-$wb['enable_pagespeed_txt'] = 'Enable PageSpeed';
+$wb['enable_pagespeed_txt'] = 'Aktiviere PageSpeed';
$wb['log_retention_txt'] = 'Log-Dateien Aufbewahrungszeit';
$wb['log_retention_error_regex'] = 'Aufbewahrungszeit in Tagen (Erlaubte Werte: min. 0 - max. 9999)';
$wb['limit_web_quota_not_0_txt'] = 'Harddisk Quota kann nicht 0 sein.';
-$wb['proxy_protocol_txt'] = 'Enable PROXY Protocol';
-$wb['backup_format_web_txt'] = 'Backup format for web files';
-$wb['backup_format_db_txt'] = 'Backup format for database';
-$wb['backup_missing_utils_txt'] = 'The following formats can not be used because they are not installed on the webserver: ';
-$wb['backup_compression_options_txt'] = 'Compression options';
-$wb['backup_encryption_note_txt'] = 'Encryption is only available for 7z, RAR, and zip (not secure).';
-$wb['backup_encryption_options_txt'] = 'Encryption options';
-$wb['backup_enable_encryption_txt'] = 'Enable encryption';
-$wb['backup_password_txt'] = 'Password';
-$wb['backup_format_default_txt'] = 'Default: zip (deflate) or tar (gzip)';
+$wb['proxy_protocol_txt'] = 'Aktiviere PROXY Protocol';
+$wb['backup_format_web_txt'] = 'Backup-Format für Webspace';
+$wb['backup_format_db_txt'] = 'Backup-Format für Datenbank';
+$wb['backup_missing_utils_txt'] = 'Die folgenden Formate können nicht verwendet werden, da sie nicht auf dem Webserver installiert sind: ';
+$wb['backup_compression_options_txt'] = 'Komprimierungsoptionen';
+$wb['backup_encryption_note_txt'] = 'Verschlüsselung ist nur für 7z, RAR und zip verfügbar (nicht sicher).';
+$wb['backup_encryption_options_txt'] = 'Verschlüsselungsoptionen';
+$wb['backup_enable_encryption_txt'] = 'Aktiviere Verschlüsselung';
+$wb['backup_password_txt'] = 'Passwort';
+$wb['backup_format_default_txt'] = 'Standard: zip (deflate) oder tar (gzip)';
$wb['backup_format_zip_txt'] = 'zip (deflate)';
$wb['backup_format_gzip_txt'] = 'gzip';
$wb['backup_format_bzip2_txt'] = 'bzip2';
@@ -186,11 +186,11 @@ $wb['backup_format_tar_7z_lzma_txt'] = 'tar + 7z (LZMA)';
$wb['backup_format_tar_7z_lzma2_txt'] = 'tar + 7z (LZMA2)';
$wb['backup_format_tar_7z_ppmd_txt'] = 'tar + 7z (PPMd)';
$wb['backup_format_tar_7z_bzip2_txt'] = 'tar + 7z (BZip2)';
-$wb['dependent_domains_txt'] = 'Dependent sub- / aliasdomains';
-$wb['error_ipv4_change_forbidden'] = 'The IP cannot be changed. Please contact your administrator if you want to change the IPv4 address.';
-$wb['error_ipv6_change_forbidden'] = 'The IP cannot be changed. Please contact your administrator if you want to change the IPv6 address.';
-$wb['error_domain_change_forbidden'] = 'The domain name cannot be changed. Please contact your administrator if you want to change the domain name.';
-$wb['error_server_change_not_possible'] = 'The server cannot be changed.';
+$wb['dependent_domains_txt'] = 'Abhängige Sub-/Aliasdomänen';
+$wb['error_ipv4_change_forbidden'] = 'Die IP kann nicht geändert werden. Bitte wenden Sie sich an Ihren Administrator, wenn Sie die IPv4-Adresse ändern möchten.';
+$wb['error_ipv6_change_forbidden'] = 'Die IP kann nicht geändert werden. Bitte wenden Sie sich an Ihren Administrator, wenn Sie die IPv6-Adresse ändern möchten.';
+$wb['error_domain_change_forbidden'] = 'Der Domänenname kann nicht geändert werden. Wenden Sie sich bitte an Ihren Administrator, wenn Sie den Domänennamen ändern möchten.';
+$wb['error_server_change_not_possible'] = 'Der Server kann nicht geändert werden.';
$wb['jailkit_chroot_app_sections_txt'] = 'Jailkit Chroot Anwendungsbereiche';
$wb['jailkit_chroot_app_programs_txt'] = 'Jailkit Chrooted Anwendungen';
$wb['jailkit_chroot_app_sections_error_empty'] = 'Jailkit Chroot Anwendungsbereiche ist leer.';
@@ -199,6 +199,6 @@ $wb['jailkit_chroot_app_sections_error_regex'] = 'Invalid jaikit chroot sections
$wb['jailkit_chroot_app_programs_error_regex'] = 'Invalid jaikit chroot app programs.';
$wb['tooltip_jailkit_chroot_app_sections_txt'] = 'When empty, uses Jailkit chroot app sections from Server Config';
$wb['tooltip_jailkit_chroot_app_programs_txt'] = 'When empty, uses Jailkit chroot applications from Server Config';
-$wb['delete_unused_jailkit_txt'] = 'Delete unused jailkit chroot';
-$wb['tooltip_delete_unused_jailkit_txt'] = 'Delete the jailkit chroot environment when there are no shell users or cron jobs which require it.';
-$wb['ssl_options_not_for_le_txt'] = 'You have Let\'s Encrypt certificates enabled for this website. Please be aware that all options on this page apply to non-Let\'s Encrypt certificates only. Remember to uncheck Let\'s Encrypt on the main tab if you want to switch to a different certificate.';
+$wb['delete_unused_jailkit_txt'] = 'Lösche unbenutzte Jailkit chroot';
+$wb['tooltip_delete_unused_jailkit_txt'] = 'Lösche die Jailkit-Chroot-Umgebung, wenn es keine Shell-Benutzer oder Cronjobs gibt, die sie benötigen.';
+$wb['ssl_options_not_for_le_txt'] = 'Sie haben Let\'s Encrypt-Zertifikate für diese Website aktiviert. Bitte beachten Sie, dass alle Optionen auf dieser Seite nur für Nicht-Let\'s Encrypt-Zertifikate gelten. Denken Sie daran, Let\'s Encrypt auf der Hauptregisterkarte zu deaktivieren, wenn Sie zu einem anderen Zertifikat wechseln möchten.';
diff --git a/server/conf/apache_apps.vhost.master b/server/conf/apache_apps.vhost.master
index 8d6df71b7da0cf2c07e7e57cce50c77d04787b2e..6957ed5eb8062dc8f65021710ebb637c5e22dc7d 100644
--- a/server/conf/apache_apps.vhost.master
+++ b/server/conf/apache_apps.vhost.master
@@ -9,10 +9,12 @@
<VirtualHost {tmpl_var name='apps_vhost_ip'}:{tmpl_var name='apps_vhost_port'}>
ServerAdmin webmaster@localhost
{tmpl_var name='apps_vhost_servername'}
-
- <FilesMatch "\.ph(p3?|tml)$">
- SetHandler None
- </FilesMatch>
+
+ <Directory {tmpl_var name='apps_vhost_dir'}>
+ <FilesMatch "\.ph(p3?|tml)$">
+ SetHandler None
+ </FilesMatch>
+ </Directory>
# SSL Configuration
<tmpl_var name="ssl_comment">SSLEngine On
@@ -96,7 +98,7 @@
DocumentRoot {tmpl_var name='apps_vhost_dir'}
SuexecUserGroup ispapps ispapps
<Directory {tmpl_var name='apps_vhost_dir'}>
- Options +Indexes +FollowSymLinks +MultiViews +ExecCGI
+ Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
AllowOverride AuthConfig Indexes Limit Options FileInfo
<FilesMatch "\.php$">
SetHandler fcgid-script
@@ -109,6 +111,8 @@
Allow from all
</tmpl_if>
</Directory>
+ IPCCommTimeout 7200
+ MaxRequestLen 15728640
</IfModule>
{tmpl_if name="use_rspamd"}
diff --git a/server/conf/apps_php_fpm_pool.conf.master b/server/conf/apps_php_fpm_pool.conf.master
index 74597272c0e998f5b1d7412188b9e71e18ed9ee0..e0db30dad69d0efe4052cc13014ccaf858632a08 100644
--- a/server/conf/apps_php_fpm_pool.conf.master
+++ b/server/conf/apps_php_fpm_pool.conf.master
@@ -17,4 +17,7 @@ pm.max_spare_servers = 5
chdir = /
; php_admin_value[open_basedir] = /var/www/apps:/srv/www/apps:/usr/share
-php_admin_flag[magic_quotes_gpc] = off
\ No newline at end of file
+php_admin_flag[magic_quotes_gpc] = off
+
+php_admin_value[post_max_size] = 100M
+php_admin_value[upload_max_filesize] = 100M
diff --git a/server/conf/sieve_filter.master b/server/conf/sieve_filter.master
index fd216d3d6401bf2e81f35b7239041daabbfd6054..5635b946aa8c2e3fed747f4543011ecc979c7415 100644
--- a/server/conf/sieve_filter.master
+++ b/server/conf/sieve_filter.master
@@ -3,7 +3,7 @@
# You can create and activate a per-user sieve script (manually or via managesieve),
# which will execute after this.
-require ["fileinto", "mailbox", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"];
+require ["body", "copy", "date", "envelope", "fileinto", "imap4flags", "mailbox", "regex", "reject", "relational", "subaddress", "vacation", "variables"];
<tmpl_if name="move_junk" op="==" value="y">
# Move spam to spam folder
@@ -29,7 +29,7 @@ redirect :copy "<tmpl_var name='address'>";
# You can create and activate a per-user sieve script (manually or via managesieve),
# which will execute before this.
-require ["fileinto", "mailbox", "regex", "date", "relational", "vacation", "imap4flags", "envelope", "subaddress", "copy", "reject"];
+require ["body", "copy", "date", "envelope", "fileinto", "imap4flags", "mailbox", "regex", "reject", "relational", "subaddress", "vacation", "variables"];
<tmpl_if name="move_junk" op="==" value="a">
# Move spam to spam folder
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
index a1873eab84033afbc75776924ac7414962aeef6a..f687bee839ba003cdbcaa195bd1cadbb0590a356 100644
--- a/server/conf/vhost.conf.master
+++ b/server/conf/vhost.conf.master
@@ -408,6 +408,13 @@
</tmpl_if>
<tmpl_if name='use_tcp'>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ fcgi://127.0.0.1:<tmpl_var name='fpm_port'><tmpl_var name='web_document_root'>/$1
+ <Directory {tmpl_var name='web_document_root_www'}>
+ <FilesMatch "\.php[345]?$">
+ <If "-f '%{REQUEST_FILENAME}'">
+ SetHandler "proxy:fcgi://127.0.0.1:<tmpl_var name='fpm_port'>"
+ </If>
+ </FilesMatch>
+ </Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
@@ -418,6 +425,13 @@
</tmpl_if>
<tmpl_if name='use_socket'>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix://<tmpl_var name='fpm_socket'>|fcgi://localhost/<tmpl_var name='web_document_root'>/$1
+ <Directory {tmpl_var name='web_document_root_www'}>
+ <FilesMatch "\.php[345]?$">
+ <If "-f '%{REQUEST_FILENAME}'">
+ SetHandler "proxy:unix:<tmpl_var name='fpm_socket'>|fcgi://localhost"
+ </If>
+ </FilesMatch>
+ </Directory>
<Directory {tmpl_var name='web_document_root'}>
<FilesMatch "\.php[345]?$">
<If "-f '%{REQUEST_FILENAME}'">
diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 723360aa839f94a7367966897c57ec1df94b4eea..3096a5b06273aa2347eaa6060688f6bc9b2059c2 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -77,7 +77,7 @@ class db
$this->dbPort = $port ? $port : $conf['db_port'];
$this->dbName = $database ? $database : $conf['db_database'];
$this->dbUser = $user ? $user : $conf['db_user'];
- $this->dbPass = $pass ? $pass : $conf['db_password'];
+ $this->dbPass = ( $pass !== NULL ) ? $pass : $conf['db_password'];
$this->dbCharset = $conf['db_charset'];
$this->dbClientFlags = ($flags !== NULL) ? $flags : $conf['db_client_flags'];
$this->_iConnId = mysqli_init();
diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index 8b7559fc4334c67c7e64c69ffa8c5d11a4646a01..5a69ce18a11e80bf4ef8bba2d784a61e8c50a94e 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -44,8 +44,7 @@ class letsencrypt {
}
public function get_acme_script() {
- $which_acme = shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh');
- $acme = explode("\n", $which_acme ? $which_acme : '');
+ $acme = explode("\n", shell_exec('which acme.sh /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh 2> /dev/null'));
$acme = reset($acme);
if(is_executable($acme)) {
return $acme;
diff --git a/server/lib/classes/monitor_tools.inc.php b/server/lib/classes/monitor_tools.inc.php
index 5d91bf5ace51733753749363d492f12c0b3e4279..bb0124a26c20a0bfe5f58c4d6a828c643f79fc63 100644
--- a/server/lib/classes/monitor_tools.inc.php
+++ b/server/lib/classes/monitor_tools.inc.php
@@ -470,16 +470,21 @@ class monitor_tools {
}
}
- /* Monitor MySQL Server */
- $data['mysqlserver'] = -1; // unknown - not needed
- if ($services['db_server'] == 1) {
- if ($this->_checkTcp($conf['db_host'], $conf['db_port'])) {
- $data['mysqlserver'] = 1;
- } else {
- $data['mysqlserver'] = 0;
- $state = 'error'; // because service is down
- }
- }
+ /* Monitor MySQL Server */
+ $data['mysqlserver'] = -1; // unknown - not needed
+ if ($services['db_server'] == 1) {
+ // hail MySQL server:
+ mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
+ $ispcDB = mysqli_connect($conf['db_host'], $conf['db_user'], $conf['db_password'], $conf['db_database'], $conf['db_port']);
+ if ($ispcDB !== false) {
+ $data['mysqlserver'] = 1;
+ } else {
+ $data['mysqlserver'] = 0;
+ $state = 'error'; // because service is down
+ }
+ mysqli_close($ispcDB); // we can ignore the result (gwyneth 20220605)
+ }
+
/*
$data['mongodbserver'] = -1;
if ($this->_checkTcp('localhost', 27017)) {
diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php
index 2deabc7e23a71f29f7747b313f72a70f529d1d7c..d337a039d166152536097448becb6cf581a918a5 100644
--- a/server/plugins-available/bind_plugin.inc.php
+++ b/server/plugins-available/bind_plugin.inc.php
@@ -98,11 +98,11 @@ class bind_plugin {
//* Verify that we do not already have keys (overwriting-protection)
if($data['old']['dnssec_algo'] == $data['new']['dnssec_algo']) {
- if (file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) {
+ if (file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) {
return $this->soa_dnssec_update($data);
} else if ($data['new']['dnssec_initialized'] == 'Y') { //In case that we generated keys but the dsset-file was not generated
$keycount=0;
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'*.key') as $keyfile) {
$keycount++;
}
if ($keycount > 0) {
@@ -116,11 +116,11 @@ class bind_plugin {
$dnssec_algo = explode(',',$data['new']['dnssec_algo']);
//* Create the Zone Signing and Key Signing Keys
- if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
- $app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
+ if(in_array('ECDSAP256SHA256',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key')) == 0) {
+ $app->system->exec_safe('cd ?; dnssec-keygen -3 -a ECDSAP256SHA256 -n ZONE ?; dnssec-keygen -f KSK -3 -a ECDSAP256SHA256 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
}
- if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
- $app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_zonefiles_dir'], $domain, $domain);
+ if(in_array('NSEC3RSASHA1',$dnssec_algo) && count(glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key')) == 0) {
+ $app->system->exec_safe('cd ?; dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE ?; dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE ?', $dns_config['bind_keyfiles_dir'], $domain, $domain);
}
$this->soa_dnssec_sign($data); //Now sign the zone for the first time
@@ -149,8 +149,8 @@ class bind_plugin {
//* Include ECDSAP256SHA256 keys in zone
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
- $includeline = '$INCLUDE '.basename($keyfile);
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
+ $includeline = '$INCLUDE ' . $keyfile;
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
$keycount++;
}
@@ -158,8 +158,8 @@ class bind_plugin {
//* Include NSEC3RSASHA1 keys in zone
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
- $includeline = '$INCLUDE '.basename($keyfile);
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
+ $includeline = '$INCLUDE ' . $keyfile;
if (!preg_match('@'.preg_quote($includeline).'@', $zonefile)) $zonefile .= "\n".$includeline."\n";
$keycount++;
}
@@ -171,20 +171,20 @@ class bind_plugin {
file_put_contents($dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain, $zonefile);
//* Sign the zone and set it valid for max. 16 days
- $app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $filespre.$domain);
+ $app->system->exec_safe('cd ?; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o ? -K ? -t ?', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_keyfiles_dir'], $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
//* Write Data back ino DB
- $dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
+ $dnssecdata = "DS-Records:\n".file_get_contents($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
$dnssecdata .= "\n------------------------------------\n\nDNSKEY-Records:\n";
if(in_array('ECDSAP256SHA256',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+013*.key') as $keyfile) {
$dnssecdata .= file_get_contents($keyfile)."\n\n";
}
}
if(in_array('NSEC3RSASHA1',$dnssec_algo)) {
- foreach (glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
+ foreach (glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+007*.key') as $keyfile) {
$dnssecdata .= file_get_contents($keyfile)."\n\n";
}
}
@@ -213,7 +213,7 @@ class bind_plugin {
return false;
}
- if (!$new && !file_exists($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
+ if (!$new && !file_exists($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.')) $this->soa_dnssec_create($data);
$dbdata = $app->db->queryOneRecord('SELECT id,serial FROM dns_soa WHERE id=?', intval($data['new']['id']));
$app->system->exec_safe('cd ?; named-checkzone ? ? | egrep -ho \'[0-9]{10}\'', $dns_config['bind_zonefiles_dir'], $domain, $dns_config['bind_zonefiles_dir'].'/'.$filespre.$domain);
@@ -237,12 +237,12 @@ class bind_plugin {
$domain = substr($data['new']['origin'], 0, strlen($data['new']['origin'])-1);
- $key_files = glob($dns_config['bind_zonefiles_dir'].'/K'.$domain.'.+*');
+ $key_files = glob($dns_config['bind_keyfiles_dir'].'/K'.$domain.'.+*');
foreach($key_files as $file) {
unlink($file);
}
unlink($dns_config['bind_zonefiles_dir'].'/'.$this->zone_file_prefix().$domain.'.signed');
- unlink($dns_config['bind_zonefiles_dir'].'/dsset-'.$domain.'.');
+ unlink($dns_config['bind_keyfiles_dir'].'/dsset-'.$domain.'.');
if ($app->dbmaster !== $app->db) $app->dbmaster->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
$app->db->query('UPDATE dns_soa SET dnssec_info=\'\', dnssec_initialized=\'N\' WHERE id=?', intval($data['new']['id']));
@@ -323,6 +323,10 @@ class bind_plugin {
}
}
}
+ else {
+ $app->log("DNS zone[".$zone['origin']."] has no records yet, skip...", LOGLEVEL_DEBUG);
+ return;
+ }
$tpl->setLoop('zones', $records);
$filename = $dns_config['bind_zonefiles_dir'].'/' . $this->zone_file_prefix() . str_replace("/", "_", substr($zone['origin'], 0, -1));