Version 1.659

Released: 2024-02-02

• Database Management interface and API evolution new
• ClamAV removal script custombuild new
• Let's Encrypt staging environment as alternative ACME provider evolution update
• Validation errors evolution update
• Software version changes custombuild update
• Support for rebuilding single PHP version custombuild update
• Hide PHP extension updates for not yet installed PHP versions custombuild update
• More strict defaults for password validator update
• Reworked password check (formerly difficult_password.php script) update
• Uniform scripts ownership and permissions update
• Migrate scripts/setup.txt to conf/setup.txt update
• User SSL Certificates: Auto SSL GUI update fix
• Building Nginx Unit modules on Debian and ARM64 systems custombuild fix
• Changed location for custom MX records fix
• Deny colons in custom FTP path fix
• Close dialogs on outside click evolution fix
• External links in tooltips evolution fix
• Lost Password page evolution fix
• Removed support for letsencrypt=2 mode removal
• Removed support for clean_forwarders_on_email_delete=0 configuration option removal
• Removed support for pointers_own_virtualhost=0 configuration option removal
• Removed support for dovecot=0 configuration option removal
• Removed support for vm-pop3d service removal
• Removed support for Nginx Unit PHP modules removal

Database Management interface and API evolution new

Database management page received a major upgrade. New user interface is using new database management API and comes with multiple improvements compared to old functionality.

Key improvements of the new user interface:

• Database management page uses new UI components, avoids pop-up dialog favoring in-place editing. It makes it easier to use and navigate.

• There is a separate page to show full list of all DB user accounts. Older version would only show user accounts associated with a particular database making it hard to see a general overview. It makes it possible to see DB user accounts that does not have have access to any of the existing databases.

• New interface shows more detailed information about the database contents - it will show number of tables, views, triggers, events and collation information.
• Importing database backup is now much easier, it does not require to know database credentials to restore DB from backup, and offers an option to either remove or keep existing DB data when performing import.

• Users associated with a single database can have different allowed access hosts configured. Old interface used to force same access hosts for all users having access to a single database.

New API groups all database management related actions under /api/db-show and /api/db-manage paths. There are two endpoint prefixes to cleanly separate read-only and state changing endpoints. API documentation is available in the Support & Help > Live API Documentation section.

Main benefits of the new API:

• New API endpoints are optimized for easier access. It groups group API endpoints based on the resources they control. Old API was page oriented having API endpoints correspond to GUI pages.
• All database operations are more reliable and designed to work with any supported DB software version.
• Database import is performed in streaming mode. This allows restoring database of any size (not limited by max upload size). Uploaded file is not stored on disk even temporarily. Automatic DB dump decompression also performed in streaming mode.
• Database import is much safer, it no longer allows executing arbitrary shell commands using the mysql client built-in system or \! commands.
• Database export is being performed in streaming mode. This means database dump is not even temporarily stored on disk, everything is streamed directly to the browser downloading the dump. Automatic DB compression is performed in streaming mode as well.
• Database export is extended to filter out problematic DEFINER clauses. This avoids problems when database is imported and original user that created triggers, views or events no longer exists.
• Creating new database has a quick create mode, which allows backend to take care of creating user account and auto-generate user password (/api/db-manage/create-db-quick endpoint).

Important changes:

• New management interface will not support MySQL and MariaDB older than 5.5.
• All new databases will be automatically configured to use utf8mb4 as default database character set and utf8mb4_general_ci collation. Creating DB via API it is possible to specify custom character set, but UI will always use UTF-8.
• Access to newly created databases will be granted to newly created users (using same user name as database name), but will NOT be granted for the database user that has the same name as DirectAdmin user account.
• Database users are not allowed to have more than 30 access hosts or access host patterns. If more hosts are needed allow all pattern of % can be used.

ClamAV removal script custombuild new

CustomBuild script is extended to support removing ClamAV using system package management tools.

Command da build remove_clamav will remove ClamAV from the system.

If ClamAV is installed but not configured (custombuild/options.conf has clamav=no) removing ClamAV will be listed in the da build list_removals and CustomBuild GUI.

Let's Encrypt staging environment as alternative ACME provider evolution update

Certificate management page now allows selecting Let's Encrypt staging environment as ACME provider.

Certificates issued by staging environment are not considered valid by the browsers, and should not be used for production websites. It is intended to be used when testing out different certificate configurations or debugging. Key benefit is that staging environment has much higher rate-limits allowing to test things out without reaching production environment limits.

In previous versions it was possible to use LE staging environment by passing staging=yes environment variable to the letsencrypt.sh script. This environment variable is no longer used.

Validation errors evolution update

Only a single validation error will be displayed at a time under inputs where as before multiple were displayed.

Software version changes custombuild update

• phalcon5 updated from 5.5.0 to 5.6.0
• redis updated from 7.2.3 to 7.2.4
• roundcubemail updated from 1.6.5 to 1.6.6
• imagemagick updated from 7.1.1-25 to 7.1.1-27
• PHP 8.3 updated from 8.3.1 to 8.3.2
• PHP 8.2 updated from 8.2.14 to 8.2.15
• ngx_cache_purge updated from 2.3 to 2.5.3
• openlitespeed updated from 1.7.19 to 1.7.19.1

Support for rebuilding single PHP version custombuild update

CustomBuild CLI interface is updated to support rebuilding single PHP version without php_expert command. Command da build php takes one optional parameter for PHP release version.

Examples:

• da build php - will rebuild all configured PHP versions.
• da build php 8.1 - will rebuild only PHP 8.1 (if PHP 8.1 is configured)

Command da build php does not require specifying PHP mode. PHP mode will be automatically loaded from options.conf file.

Usage of old command da build php_expert {php_version} {php_mode} is discouraged. It still works for backwards compatibility, but is now alias to the da build php command.

Hide PHP extension updates for not yet installed PHP versions custombuild update

Enabling new PHP version will now hide PHP extension updates for the new not yet installed PHP version. Once PHP is installed, PHP extension updates will be shown.

More strict defaults for password validator update

Make default password validator more strict by increasing minimum password length to 6. This is accomplished by always enforcing difficult_password_length_min field from directadmin.conf.

Previously difficult_password_length_min field was only enforced if enforce_difficult_passwords=1 was set in directadmin.conf.

Reworked password check (formerly difficult_password.php script) update

Default difficult_pasword.php script is dropped and implemented natively in the codebase, no longer requiring php to be installed in order to work.

A new directadmin.conf field password_check_script is introduced which defines a script (or any binary) to execute for checking password. Customized custom/difficult_password.php is auto-migrated to use this field.

Password checking steps now are:

1. Passwords shorter than difficult_password_length_min will be refused even when enforce_difficult_passwords is disabled or there is non empty password_check_script configured.
2. If enforce_difficult_passwords is enabled, passwords without at least one lowercase, uppercase and number characters will be refused. The check will be performed inside DA service without calling extra scripts.
3. If password_check_script is not empty, then configured script will be called and password will be refused if script exits with non zero exit code.

These cheks are independent, meaning that if enforce_difficult_passwords is enabled and password_check_script is configured password must pass both checks to be considered valid.

Auto-generated passwords (more specifically passwords consisting of at least 20 symbols) will always be accepted.

Updater will take care of updating directadmin.conf to keep consistent behaviour. This is what will happen for various configuration combinations.

Configuration description	Changes after update
Servers with enforce_difficult_passwords=0	passwords shorter than six symbols will not be accepted unless difficult_password_length_min is changed.
Servers with enforce_difficult_passwords=1 using default difficult_password.php script	same pasword checking rules but checking is now performed without executing PHP script.
Servers with enforce_difficult_passwords=1 and customized scripts/custom/difficult_password.php	configuration will be updated to have password_check_script=scripts/custom/difficult_password.php and internal difficult password check logic will be disabled with enforce_difficult_passwords=0

Uniform scripts ownership and permissions update

DirectAdmin bundled scripts are now owned by root and are readable and executable by any system user (755 permissions).

scripts/custom directory is also owned by root with 711 permissions, preserving compatibility for custom scripts to be executable.

Migrate scripts/setup.txt to conf/setup.txt update

setup.txt configuration file (created by DirectAdmin installer) is migrated to a better suited location: /usr/local/directadmin/scripts/setup.txt -> /usr/local/directadmin/conf/setup.txt

For backwards compatibilty, a symlink is created in /usr/local/directadmin/scripts directory.

User SSL Certificates: Auto SSL GUI update fix

Assuming Auto SSL is available on the server, the User Level Certificates page will always show the 4 related tables:

• List of certificates/hosts
• Next Retries, with the ability to cancel them at any time, regardless of SSL mode (paste, best match, or ACME)
• SNI Hosts List
• Manual Trigger: If used and successful, it will automatically set the mode to best match.

Logging in the system.log now also log who/why any creation of a domain.com.ssl file happened, as well as why an Admin SSL domain retry happens, to more easily determine if DA has decided it's invalid, expired, missing, etc. Possible changes to Evolution soon to clean up the SSL mode layout vs 'actions'

Also added the ability for a User to reset their retry counter. Certificate renewals will only try letsencrypt_renewal_failure_notice_after_attempt=5 times before giving up. Clearing this file allows a fresh request to renew in the future. Also clears this domain.com.letsencrypt_remaining_retries file when a new cert request succeeds.

CMD_SSL
method: POST
action=reset_retry_count
domain=domain.com

Building Nginx Unit modules on Debian and ARM64 systems custombuild fix

CustomBuild script for build Nginx Unit language modules is upgraded. Notable changes:

• Java module on Debian systems uses headless packages. This reduces the amount of external packages that needs to be installed for java support.
• Java support is now available on ARM64 systems.
• Automatic configuration of nodejs module now works on Debian based systems.
• Ruby module compilation now works on Debian based systems.

Changed location for custom MX records fix

Custom MX records templates used to be loaded from .../templates/mx/custom directory. All other customizations are being loaded from .../templates/custom.

With this release MX record customizations will be loaded from .../templates/custom/mx directory, following the same patter as other customized templates.

Update script makes sure to automatically move data from .../templates/mx/custom to .../templates/custom/mx during upgrade.

Deny colons in custom FTP path fix

Using colons in custom FTP path causes system to incorrectly detect FTP path due to config file using colon-separated values format.

Use of : is no longer allowed in custom FTP path.

Close dialogs on outside click evolution fix

The newly designed dialogs did not close when clicking outside the modal dialog window. This has been fixed, and now all dialogs will close after clicking outside of them. An example dialog that did not exhibit this behavior can be observed in /evo/admin/dns/:domain/edit after clicking "Reset Defaults."

External links in tooltips evolution fix

Fixed external documentation links that were not visible inside their respective tooltips. This change affects the following pages:

• admin backups (modify and schedule)
• admin settings
• reseller backups (schedule)

Lost Password page evolution fix

The lost password page is updated fixing minor UI bugs:

• Show more details in case of an network error.
• Parts of the page was not translatable.
• Added loader icon when request is being processed.

Removed support for letsencrypt=2 mode removal

Using letsencrypt=2 in directadmin.conf will no longer use user home directories for ACME HTTP challenge well-know directory location. Setting letsencrypt=2 will treated the same as letsencrypt=1 and will always use /var/www/html/.well-known/acme-challenge directory for ACME HTTP challenges.

Removed support for clean_forwarders_on_email_delete=0 configuration option removal

Configuration option clean_forwarders_on_email_delete is removed from directadmin.conf. Option to clean email forwarders when deleting mailbox will be always available for users.

Removed support for pointers_own_virtualhost=0 configuration option removal

Configuration option pointers_own_virtualhost is removed from directadmin.conf. Starting this release domain pointers will always have separate virtual host definition block in the web server configuration files.

This change makes |SERVER_ALIASES| configuration token obsolete. This token is removed from all templates. For compatibility reasons token will be always set to empty value.

Removed support for dovecot=0 configuration option removal

Configuration option dovecot is removed from directadmin.conf. Dovecot is always enabled, making DirectAdmin always function in dovecot-compatible way.

Removed support for vm-pop3d service removal

DirectAdmin support for vm-pop3d service is completely removed in favor of Dovecot.

Removed support for Nginx Unit PHP modules removal

Nginx Unit can be used to run Ruby, Perl, Python or JavaScript applications accessible via HTTP as websites. It used to support PHP as well, but native PHP support through the php-fpm, fastcgi or lsphp is preferred over running it via Nginx Unit.

Starting this release Nginx Unit will no longer support running PHP applications.