Jump to content
Froxlor Forum

d00p

Administrators
  • Content Count

    7662
  • Joined

  • Last visited

  • Days Won

    41

Everything posted by d00p

  1. This doesnt sound like a config-only-problem. Regarding google, microsoft and bigger, you are most likely on a blacklist (for now). Also to verify non-working DKIM or anything one would need to know at least one domain from you. I can take a look at this mess if you want to Here's my pubkey (https://froxlor.support/files/froxlorhelp.pub, need root access) or PM me details
  2. Then I would just add a bash / PHP script that executes what I want...doesn't prevent anything Yes, basically it would have to be enabled on a per customer base and maybe even limited like other resources (amount of subdomains, amount of FTP accounts, etc). In case you want to do such a feature, a pull request is a good way to start. Maybe for 0.10.1 or similar.
  3. Aus der Config: Zweiteres machen wir, siehe dovecot-sql.conf.ext: user_query = "[...] CONCAT('*:storage=', quota,'M') AS quota_rule FROM mail_users WHERE (username = '%u' OR email = '%u')" Also w├╝rde ich intuitiv mal auf folgendes tippen: quota = maildir:User quota
  4. Well - implementing this is not the big deal...but it's just a huge security risk letting customers do that themselves, you never not what kind of script is being added and what it does and whether it's possible malware due to some security leaks or whatever...
  5. what more features in the API??? We're at release-candidate level....What exactly do you mean by "cronjobs"? You mean managing the froxlor-cronjobs via API? or do you want customers to be able to manage their own cronjobs?
  6. this is intended as libnss-extrausers is optional (but required for fpm / fcgid) - that's why the docs say, first adjust settings, then run configuration
  7. You can repeat the --apply of the config-script as often as you like I wouldn't recommend doing that when already in production but for the setup - no problem
  8. That is the problem. hard to tell where this comes from. My latest installations/configurations on debian buster went through just fine
  9. There were over 100 commits since rc2 ....especially regarding mysql8 - you should give it a try using current git. But beware, if you checkout git repo you need to run composer install manually, see https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-git-sources#3-download-dependencies
  10. Updated the wiki No, normally the installer does this for you. What version are you testing with, latest git-master?
  11. Kannst du denn sagen wo das auftaucht? In einem bestimmten cronjobs von froxlor vllt? Oder wenn du im Panel agierst?
  12. Hmmm, okay, need to invest and see how we can a avoid that.
  13. added, commited, pushed, now part of current git-master.
  14. @peterpan you can now test with latest git-master
  15. This file is no longer part of froxlor. Remove it I think the updater should do that ... Definitely something for the final version
  16. Hm, I cant seem to find the proper configuration. Accessing attachments should be allowed for the members group. But the file is basically the same as the diff I've sent you, here the contents: From 6ebb8dabc448a692c591c4286a5a39eae13c275b Mon Sep 17 00:00:00 2001 From: Michael Kaufmann <d00p@froxlor.org> Date: Thu, 12 Sep 2019 12:30:47 +0200 Subject: [PATCH] re-create certificate if SAN list or domain changes Signed-off-by: Michael Kaufmann <d00p@froxlor.org> --- lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php index e0967ca0..32d7fae1 100644 --- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php +++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php @@ -62,7 +62,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron SELECT domssl.`id`, domssl.`domainid`, - domssl.expirationdate, + domssl.`expirationdate`, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, @@ -221,9 +221,14 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron // Only renew let's encrypt certificate if no broken ssl_redirect is enabled if ($certrow['ssl_redirect'] != 2) { - if (! empty($certrow['ssl_cert_file'])) { + $do_force = false; + if (! empty($certrow['ssl_cert_file']) && !empty($certrow['expirationdate'])) { $cert_mode = 'renew'; $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']); + } else if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) { + // domain changed (SAN or similar) + $do_force = true; + $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']); } else { $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']); } @@ -252,7 +257,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron } } - self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected); + self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force); } else { $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect"); } @@ -270,7 +275,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron } } - private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0) + private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0, $force = false) { if (! empty($domains)) { @@ -295,6 +300,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron if (Settings::Get('system.letsencryptca') == 'testing') { $acmesh_cmd .= " --staging"; } + if ($force) { + $acmesh_cmd .= " --force"; + } $acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd); -- 2.20.1
  17. sure it was meant for you. Hmm, what do you mean with not available? can you give me an error message? users should be able to download attachments
  18. 0001-re-create-certificate-if-SAN-list-or-domain-changes.patch
  19. Ok, so I debugged a bit. Changes to domains/aliases/etc. set the expiration-date to NULL which in the former let's encrypt implementation was enough to trigger a re-issue. Acme.sh on the other side displays an error: Could you test the following changes to see if the certificate issue is now done properly when changing a domain alias? diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php index e0967ca0..32d7fae1 100644 --- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php +++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php @@ -62,7 +62,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron SELECT domssl.`id`, domssl.`domainid`, - domssl.expirationdate, + domssl.`expirationdate`, domssl.`ssl_cert_file`, domssl.`ssl_key_file`, domssl.`ssl_ca_file`, @@ -221,9 +221,14 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron // Only renew let's encrypt certificate if no broken ssl_redirect is enabled if ($certrow['ssl_redirect'] != 2) { - if (! empty($certrow['ssl_cert_file'])) { + $do_force = false; + if (! empty($certrow['ssl_cert_file']) && !empty($certrow['expirationdate'])) { $cert_mode = 'renew'; $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']); + } else if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) { + // domain changed (SAN or similar) + $do_force = true; + $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']); } else { $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']); } @@ -252,7 +257,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron } } - self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected); + self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force); } else { $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect"); } @@ -270,7 +275,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron } } - private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0) + private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0, $force = false) { if (! empty($domains)) { @@ -295,6 +300,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron if (Settings::Get('system.letsencryptca') == 'testing') { $acmesh_cmd .= " --staging"; } + if ($force) { + $acmesh_cmd .= " --force"; + } $acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
  20. You might want to ask that in a wordpress support forum.... Or explain more detailed what you mean
  21. Are you acting as root user on the machine?
  22. Then the user www-data should definitely exist
  23. Well what distribution? Did you install a Webserver (Apache, nginx)?
×
×
  • Create New...