Jump to content
Froxlor Forum

All Activity

This stream auto-updates

  1. Yesterday
  2. Thank you very much for the quick response. No problem. I can wait for a fix. No need to hassle.
  3. There is indeed a bug with this, missing csrf-tokens in some ajax-requests, I will have to make a bugfix release for that (or you would have to build the assets yourself with npm etc. if you want, let me know). Most like on friday this week then
  4. Oh yeah there seems to be an issue with a ajax-request to for this option, need a bit more time for that
  5. This is a per domain setting and should be stored permanently of course. Let me run some checks and get back to you
  6. OK. LogLevel, ErrorLog and CustomLog are now generated. Can you say why "Separate logfiles" is not permanently set? I found the "vhost_combined" option which helps me a lot already. But separate logs per domain would be nice too.
  7. try the following patch: diff --git a/lib/Froxlor/Cron/Http/Apache.php b/lib/Froxlor/Cron/Http/Apache.php index f3fe3f6b..609f9164 100644 --- a/lib/Froxlor/Cron/Http/Apache.php +++ b/lib/Froxlor/Cron/Http/Apache.php @@ -823,6 +823,7 @@ class Apache extends HttpConfigBase $modrew_red = ' [R=' . $code . ';L,NE]'; } + $vhost_content .= $this->getLogfiles($domain); // redirect everything, not only root-directory, #541 $vhost_content .= ' <IfModule mod_rewrite.c>' . "\n"; $vhost_content .= ' RewriteEngine On' . "\n";
  8. Yup, just checked, there are no log-directives generated when the domain is a redirect
  9. no "AccessLog" directive is generated. The SSL vhost looks like this: ServerName xyz ServerAlias xyz ServerAdmin xyz SSLEngine On SSLProtocol -ALL +TLSv1.2 SSLCompression Off SSLSessionTickets on SSLHonorCipherOrder off SSLCipherSuite ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128 SSLVerifyDepth 10 SSLCertificateFile /etc/ssl/froxlor-custom/xyz.crt SSLCertificateKeyFile /etc/ssl/froxlor-custom/xyz.key SSLCACertificateFile /etc/ssl/froxlor-custom/xyzCA.pem SSLCertificateChainFile /etc/ssl/froxlor-custom/xyzchain.pem <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge RewriteRule ^/(.*) https://www.xyz.de$1 [R=301;L,NE] </IfModule> <IfModule !mod_rewrite.c> Redirect 301 / https://www.xyz.de </IfModule>
  10. Last week
  11. check the vhost, is there a "AccessLog" directive being generated? if yes, does the log file exist and do entries get logged on visit?
  12. Hello, we successfully set up Froxlor on Ubuntu Bookworm 22.04.1. We mainly use it for redirecting domains. So far so good 😀. Now we would like to messure using the traffic statistics (goaccess) how often a redirect is "triggered". But the statistics seem empty. Cron is running. Investigating the issue we found that when using DocumentRoot to redirect, no logging configuration is made. Even if setting custom (SSL) vHost settings like "LogLevel info rewrite:trace6" these are not written to the configuration file. Is that correct? Also in any case, even if DocumentRoot is not used for redirecting, the domain configuration option "Separate Logfile" can be set but is ignored. Meaning the next time the configuration page is opened the toggle button is off again. Can you help me with that? Thank you. Ciao, Rene
  13. Aaah, I thought I was - but in fact I am still on 2.1.4. Will test again with 2.1.7 then
  14. Aktuell handlet das froxlor nicht, denn Let's Encrypt auch in postfix/dovecot zu nutzen ist natürlich möglich, aber admin-Entscheidung - da hat froxlor keine Finger drin. Ändert sich mit 2.2, siehe https://github.com/froxlor/Froxlor/issues/1186
  15. Hallo, ich nutze Lets Encrypt für SSL Zertifikate. Ich stolpere gerade darüber, das Dovecot (und evlt Postfix) nicht mitbekommen, wenn diese von Froxlor für die Domain erneuert werden und liefert weiterhin die alten Zertifikate aus. systemctl restart postfix systemctl restart dovecot beheben das zwar,aber sollte das nicht automatisch passieren? Übersehe ich permanent was in den Einstellungen?
  16. Earlier
  17. Are you using the latest v2.1.7? there was a fix: https://github.com/Froxlor/Froxlor/commit/537b274b4c50b6d5a28c140d48e955466173b7dc
  18. I am using Deployer PHP to deploy websites into a Froxlor environment. Deployer's default mode of operation is that it switches a Symlink (called "current") pointint to the new release after a succesful deployment. So for example if you have the website "foobar" within a customer's home, Deployer will create a structure like this: foobar/releases (individual releases) foobar/shared (files and folders shared between releases via symlinks) foobar/current (the symlink pointing to a specific release, e.g. "releases/21") When I set up the domain I typically enter something like this as the DocumentRoot for the domain: /foobar/current/public Froxlor will initially create this folder structure for me and before I make deployments, I delete the foobar/current folder and the deployment script will create the symlink instead. However, when you then want to later on change any settings for this (sub)domain, the following error will occur: The only way to work around this currently is to delete the symlink, save the (sub)domain's settings and then recreate the symlink afterwards. It would be great if Froxlor took such symlink deployments into account so that I do not have to do this
  19. Update: auch mit den Mozilla Einträgen will das nicht klappen, ich werde mal den gegnerischen Support bemühen.
  20. Oh dann hab ich die Nachricht falsch interpretiert. Das erklärt auch warum ich beim Upload als Root es darf... Hab die Nachricht anders verstanden. Tausend Dank! Kann zu.
  21. Du hast dem Kunden ein Kontingent von 5000 MB für disk/webspace zugewiesen....wenn es voll ist, macht der FTP dicht
  22. Hallo, ich habe einen Nutzer der über mehrere FTP-Accounts innerhalb derselben Froxlor-Instanz Daten via FTP hochlädt. Für jeden Kunden erstellt er sich einzeln einen FTP-User und lädt dann hoch. Leider bekommt er nach einer Weile immer beigefügten Error. Wie kann ich das ausstellen? Ich kann nichts in Froxlor finden dazu. Ich nutze Froxlor 2. Viele Grüße und Danke Nils
  23. Dann probier doch z.B. mal was mozilla vorgibt/empfiehlt: https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=intermediate&openssl=1.1.1k&guideline=5.7 Ich meine immer noch das das ein Problem beim "fremden" smtp ist
  24. smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_cert_file = /etc/ssl/froxlor-custom/mail.mein-server.de_fullchain.pem smtpd_tls_key_file = /etc/ssl/froxlor-custom/mail.mein-server.de.key smtpd_tls_CAfile = /etc/ssl/froxlor-custom/mail.mein-server.de_CA.pem smtpd_tls_security_level = may smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes
  25. Sieht doch alles fein aus, sogar TLSv1.3, da würde ich ja fast behaupten, dass vllt die zwei server die nichts mehr an dich senden können ggfls veraltet sind oder falsch konfiguriert. Offenbar haben die ja eine änderung, wenn deine logs da trotz anonymisierung irgendwie stimmen: IPMAIL1.FremderMailserver <> IPMAIL2.FremderMailserver Aber zeig doch bitte hierfür auch mal deine postfix config in bezug auf TLS (alles bitte), also z.b.: ### TLS settings ### ## TLS for outgoing mails from the server to another server smtp_tls_security_level = may smtp_tls_note_starttls_offer = yes ## TLS for email client smtpd_tls_security_level = may smtpd_tls_key_file = /root/.acme.sh/domain/domain.key smtpd_tls_cert_file = /root/.acme.sh/domain/fullchain.cer smtpd_tls_CAfile = /root/.acme.sh/domain/ca.cer smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtp_use_tls = yes smtpd_use_tls = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
  26. Ich habe ja nichts verändert, mail Empfang läuft ja nach wie vor, bis auf mittlerweile 2 Firmen die plötzlich keine mail mehr an mich verschicken können. root@mail:~# postconf | grep smtpd_tls_protocols smtpd_tls_protocols = !SSLv2, !SSLv3 tlsproxy_tls_protocols = $smtpd_tls_protocols marcus@marcus-desktop:~$ openssl s_client -starttls smtp -crlf -connect mein-server.de:587 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = mail.mein-server.de verify return:1 --- Certificate chain 0 s:CN = mail.mein-server.de i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:02:11 2024 GMT; NotAfter: Jun 7 22:02:10 2024 GMT 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEaTCCA1GgAwIBAgISBEnvZDItomrNNZQs+zuNr/J0MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMDkyMjAyMTFaFw0yNDA2MDcyMjAyMTBaMCExHzAdBgNVBAMT Fm1haWwuYW53YWx0LWNhc3Ryb3AuZGUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATi XdjyHLJCGbTn0Kt8tSl7DCdkjFp6C8t8xxuy9FzgkQG8GCfSnGyGikY+vNLM3hY5 v3ZQeprTqlb8+QvogHbWKHvu0Bwn4AiFxCYIr9Hx11qQ/Y25sH4X7xjf5FujCc2j ggI2MIICMjAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMYRNbOt1P1WPAD6a22eqjKr 5qu2MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEB BEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUF BzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMD0GA1UdEQQ2MDSCFm1haWwuYW53 YWx0LWNhc3Ryb3AuZGWCGnd3dy5tYWlsLmFud2FsdC1jYXN0cm9wLmRlMBMGA1Ud IAQMMAowCAYGZ4EMAQIBMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAO1N3dT4t uYBOizBbBv5AO2fYT8P0x70ADS1yb+H61BcAAAGOJXPV0QAABAMASDBGAiEA8NTr nGsJzlH+SJ4/gbC+Z6lqXMqwU4qJMTBrVPHFH5ICIQCzKzY1A2DzzFwa1J2ca/7A l6cqo4eUwUVMncK+0AKF6wB3AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZx H7WbAAABjiVz1dgAAAQDAEgwRgIhAIw+BcyCG7nz3VcZospnlyrrJ5IBQGV6SS2l CaEUUaT0AiEAoxfb+6rHUAAGHtzF6+pvx05FfDc4jnbl7Vhttg45OrAwDQYJKoZI hvcNAQELBQADggEBAIW/TZwCvWFpyswjcZMg1Pd9ZmEnvd4OJvtS+7ssWJ135k4f gXof9didIU+BeZ7mCuVd3weeICBgZ6N1y0NV7mCkbipUTHh6Oq8+Ge9eCJCWihN1 W6oTBDsZlUjRxZSblqHOdgIKjLA7iuHwphyA2cOxa3vO+YZPHGqqVw47nlJNj+PP HDS9UPeAlISmly7gVKtDDSntB6/FBK3YmYftsz5D4mgj8xoOkkaQ3v0i3jEkKq7l 7qSEeobxTLY1y9vJ0DOEtBaPoMdXuaYPix1B4QcWmytrqssoKMqV4lY0AJp96ukC OxtE3hYT8gUnbUKSL+jxtnCBVfnHKBFisW+dN5s= -----END CERTIFICATE----- subject=CN = mail.mein-server.de issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA384 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 3068 bytes and written 432 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 384 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- 250 DSN --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 88AFD7EC65487372738552E7C079955E8BB11B8429473008F3BA5533112C2378 Session-ID-ctx: Resumption PSK: 4FD14209543187DAC7D78E504D402E36DF9C9C0E9FFFB2857714D1EDD5C1A2AC69F9E2918A3E549A57852A9EFDDC9D3D PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 29 a0 cc ab bc 95 9f 11-2c 7b f1 d9 78 a4 f4 b5 ).......,{..x... 0010 - 7a 7f f9 b3 e3 69 c0 26-45 da fd c0 8d 9c dc 66 z....i.&E......f 0020 - 7d b8 c6 1d 1d b1 db d9-c8 55 da d4 c6 c2 11 93 }........U...... 0030 - e8 3a 23 6e 14 a5 0f 13-5f 66 1d 45 70 44 46 5c .:#n...._f.EpDF\ 0040 - 95 ed 0f 7c 6f 70 19 1d-ad 9d a1 a7 7e a2 68 17 ...|op......~.h. 0050 - 64 e7 4a 53 1b 26 89 c6-1d ba a3 f9 96 b2 d9 c5 d.JS.&.......... 0060 - c9 4e 29 fd 22 e3 6d a0-a2 59 28 01 5d 29 9e db .N).".m..Y(.]).. 0070 - 2b c7 de 9e 2b e9 3f ee-70 b9 78 c0 51 b0 1a 82 +...+.?.p.x.Q... 0080 - 78 5c a5 1a e6 17 3c 6e-f1 9e d8 db e3 65 93 8d x\....<n.....e.. 0090 - 1e 96 8e fd d5 d7 79 73-75 ee da 53 c7 86 03 5c ......ysu..S...\ 00a0 - 92 d0 37 fb d6 dc cf d1-0c bc 36 3c 2b c1 7e 0a ..7.......6<+.~. 00b0 - 9b 6a 6d 2c 47 49 5a 5d-2d 9f 34 35 47 a8 f4 84 .jm,GIZ]-.45G... 00c0 - a7 45 27 dc 69 b3 1a de-c0 1f b6 02 3f 09 f4 8a .E'.i.......?... Start Time: 1710663731 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK ^C marcus@marcus-desktop:~$ marcus@marcus-desktop:~$ openssl s_client -starttls smtp -crlf -connect mein-server.de:25 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = mail.mein-server.de verify return:1 --- Certificate chain 0 s:CN = mail.mein-server.de i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 9 22:02:11 2024 GMT; NotAfter: Jun 7 22:02:10 2024 GMT 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIEaTCCA1GgAwIBAgISBEnvZDItomrNNZQs+zuNr/J0MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMDkyMjAyMTFaFw0yNDA2MDcyMjAyMTBaMCExHzAdBgNVBAMT Fm1haWwuYW53YWx0LWNhc3Ryb3AuZGUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATi XdjyHLJCGbTn0Kt8tSl7DCdkjFp6C8t8xxuy9FzgkQG8GCfSnGyGikY+vNLM3hY5 v3ZQeprTqlb8+QvogHbWKHvu0Bwn4AiFxCYIr9Hx11qQ/Y25sH4X7xjf5FujCc2j ggI2MIICMjAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMYRNbOt1P1WPAD6a22eqjKr 5qu2MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEB BEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUF BzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMD0GA1UdEQQ2MDSCFm1haWwuYW53 YWx0LWNhc3Ryb3AuZGWCGnd3dy5tYWlsLmFud2FsdC1jYXN0cm9wLmRlMBMGA1Ud IAQMMAowCAYGZ4EMAQIBMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAO1N3dT4t uYBOizBbBv5AO2fYT8P0x70ADS1yb+H61BcAAAGOJXPV0QAABAMASDBGAiEA8NTr nGsJzlH+SJ4/gbC+Z6lqXMqwU4qJMTBrVPHFH5ICIQCzKzY1A2DzzFwa1J2ca/7A l6cqo4eUwUVMncK+0AKF6wB3AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZx H7WbAAABjiVz1dgAAAQDAEgwRgIhAIw+BcyCG7nz3VcZospnlyrrJ5IBQGV6SS2l CaEUUaT0AiEAoxfb+6rHUAAGHtzF6+pvx05FfDc4jnbl7Vhttg45OrAwDQYJKoZI hvcNAQELBQADggEBAIW/TZwCvWFpyswjcZMg1Pd9ZmEnvd4OJvtS+7ssWJ135k4f gXof9didIU+BeZ7mCuVd3weeICBgZ6N1y0NV7mCkbipUTHh6Oq8+Ge9eCJCWihN1 W6oTBDsZlUjRxZSblqHOdgIKjLA7iuHwphyA2cOxa3vO+YZPHGqqVw47nlJNj+PP HDS9UPeAlISmly7gVKtDDSntB6/FBK3YmYftsz5D4mgj8xoOkkaQ3v0i3jEkKq7l 7qSEeobxTLY1y9vJ0DOEtBaPoMdXuaYPix1B4QcWmytrqssoKMqV4lY0AJp96ukC OxtE3hYT8gUnbUKSL+jxtnCBVfnHKBFisW+dN5s= -----END CERTIFICATE----- subject=CN = mail.mein-server.de issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA384 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 3111 bytes and written 432 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 384 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- 250 DSN --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: B0FA5370185DD9F1F98B49E9F52DA8D4C1966C6D48F9121A5D3A5EE524E6F344 Session-ID-ctx: Resumption PSK: F7704271E7EB00A87AA9DDE56A3F16B4B555A1562ABC77202CF37298C08BF29766B20EF345B1EE86E3617B2EAB7BD83D PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 29 a0 cc ab bc 95 9f 11-2c 7b f1 d9 78 a4 f4 b5 ).......,{..x... 0010 - 31 59 fc f5 64 e8 1d fb-eb d9 a1 e4 98 97 c9 d2 1Y..d........... 0020 - e6 98 3b af 2a 49 f0 66-53 e2 3a b8 b9 5b 8b 47 ..;.*I.fS.:..[.G 0030 - 6a 42 1e 7a f7 14 fe 7c-be 2c 2c 53 8e 82 73 ee jB.z...|.,,S..s. 0040 - 29 c4 fe b8 e3 8f 72 81-45 b0 ae 17 a3 16 60 87 ).....r.E.....`. 0050 - 46 8b ed 9f 51 cf 56 71-d9 6b 5b ac 2c 08 15 1f F...Q.Vq.k[.,... 0060 - 61 51 ef 72 e6 a5 81 3b-cc b8 6d 7c 73 c5 3a 37 aQ.r...;..m|s.:7 0070 - 09 77 cc 87 b0 60 ca 8b-26 5e e4 5c 19 63 cd 2a .w...`..&^.\.c.* 0080 - 08 e1 3d 73 9b 4e 19 dd-02 03 07 bd 8d 30 85 50 ..=s.N.......0.P 0090 - 13 a5 4f 35 df 7a f6 94-7a 57 39 03 40 98 b3 ee ..O5.z..zW9.@... 00a0 - 25 bb 3f 27 5d 1c e1 84-bb 07 3e eb cf ae df d6 %.?'].....>..... 00b0 - 01 d8 1b bc 16 7d 20 34-28 c9 f5 bb 19 6f 96 d3 .....} 4(....o.. 00c0 - 19 3a 3c 6e 24 75 76 ef-6c c1 62 3c 85 c1 02 38 .:<n$uv.l.b<...8 Start Time: 1710663755 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK
  1. Load more activity


×
×
  • Create New...