Jump to content
Froxlor Forum
d00p

Maintenance Release 0.9.38.8 - Let's Encrypt for panel, HSTS / OSCP settings and ssl-cert overview

Recommended Posts

Dear Froxlor Community,
 
as our latest stable release of froxlor is quite established now, it is time for some minor bugfixes and improvements.

Changes in 0.9.38.8:

+ added OCSP stapling support for apache2 and nginx

+ added libnss-extrausers support for debian/ubuntu users

+ added http2 support for froxlor-vhost and per-domain and domain-import

+ added setting to disable LE self-check

+ #416: added letsencrypt, HSTS settings, oscp-stapling and phpenabled-flag to Domain-import

+ #464: added simple smtp-settings test-page


~ #412: fixed libnss config

~ #434: allow non fqdn CNAME entries (froxlor appends zone's domain automatically if there's no trailing dot)

~ #447: fixed wildcard entries in dns editor

~ #472: generate multiline txt-record if content is too long

~ #475: corrected setting for php-fpm peardir

~ #479: removed each() keyword as it is deprecated as of php-7.2

~ #485: added default/global directory options in apache regardless of whether fcgid/fpm is being used or not

~ #496: explicitly deactivate TLS (and auto-tls) in phpMailer when setting use-tls is OFF

~ #1697: allow underscore in DNS labels

~ #1720: do not show full path of file on php-error

~ #1726: use correct pagination in admin-log/customer-log

~ #1728: clearify field label for domain termination date

~ fixed phpenabled flag for new subdomains added by customers

~ fixed auto-update of database in cronjob if activated

~ fixed ssl integration in lighttpd

You can see all changes on Github at https://github.com/Froxlor/Froxlor/compare/0.9.38.7...0.9.38.8

Download: 0.9.38.8

Note: Gentoo-ebuild and Debian packages will be released shortly as always.

Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

Thank you,
d00p

Share this post


Link to post
Share on other sites
7 minutes ago, Afox said:

still not fully compatible with Debian Stretch, correct?

compatible, sure, there are just no config-templates. You can still just adjust jessie configs for example (if you're firm in services configuration)

Share this post


Link to post
Share on other sites
7 hours ago, Chaos234 said:

How is the state for the debian update package? I checked it two times but it hasn't found the update yet.

Will be released as soon as possible - sorry, no ETA

Share this post


Link to post
Share on other sites

Bin neu hier - und wollte mich auf dem Demo-Account umsehen.

Hängt beim Update demo.froxlor.org/admin_updates.php

Schade, war ganz nützlich als Vorlage zum Einrichten von Froxlor.

Danke für die Software - kenne Plesk und Confixx, scheint eine prima Alternative zu sein.

Markus

Share this post


Link to post
Share on other sites

Geht schon wieder, sorry, ich spiel da ganz gern mal dran rum :)

Share this post


Link to post
Share on other sites
On 31.12.2017 at 1:20 PM, d00p said:

compatible, sure, there are just no config-templates. You can still just adjust jessie configs for example (if you're firm in services configuration)

Hey d00p,

I try to setup a new VM with froxlor (latest debian package) on debian 9.3 but this is quite "complicated"...
The debian-guys switched to php7 (which is great) and removed php5-* packages. To install froxlor you've to add the dependency to php5-<package> or to php-<package> to make the dependency check working on debian stretch as well.

Example on debian stretch:

# apt install froxlor
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 froxlor : Depends: php5 but it is not installable or
                    php5-cgi but it is not installable
           Depends: php5-cli but it is not installable
           Depends: php5-curl but it is not installable
           Depends: php5-mysqlnd but it is not installable or
                    php5-mysql but it is not installable
           Recommends: postfix-mysql but it is not going to be installed or
                       exim4-daemon-heavy but it is not going to be installed
           Recommends: libsasl2-modules-sql but it is not going to be installed
           Recommends: maildrop but it is not going to be installed
           Recommends: dovecot-common or
                       courier-authlib-mysql but it is not going to be installed
           Recommends: dovecot-imapd but it is not going to be installed or
                       courier-imap but it is not going to be installed
           Recommends: dovecot-pop3d but it is not going to be installed or
                       courier-pop but it is not going to be installed
           Recommends: php5-gd but it is not installable
           Recommends: php5-imap but it is not installable
           Recommends: proftpd-mod-mysql but it is not going to be installed or
                       pure-ftpd-mysql but it is not going to be installed
           Recommends: bind9 but it is not going to be installed or
                       pdns-server but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

Please keep this in mind when creating the new package. - Making the world much easier. :-)

Thanks alot.

Share this post


Link to post
Share on other sites

Hi
good news! Is there a sane way for current debian-package-users to upgrade without breaking anything (ie. upgrading using the latest tar.gz)?

thx,
hk

Share this post


Link to post
Share on other sites
14 minutes ago, hk@ said:

Hi
good news! Is there a sane way for current debian-package-users to upgrade without breaking anything (ie. upgrading using the latest tar.gz)?

thx,
hk

Just use the "Auto-Update" from within the Panel

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By d00p
      Dear Froxlor Community,
       
      many great new features have found their way into our latest release. Here are the biggest innovations:
      Debian 9.x (Stretch) Support
      We finally added configuration templates for the current stable release of the Debian Linux Distribution. Important for all PHP-FPM users, you need to use mod_proxy/mod_proxy_fcgi as there is no libapache2-mod-fastcgi anymore.
      Multiple PHP-FPM installations
      Users with more than one PHP Version installed on their system were forced to use FCGID until now if they wanted to assign different versions of PHP to different customers or domains. This can now also be done for PHP-FPM. Some of the settings have moved from the global settings to a new section in the admin PHP menu called PHP-FPM version. Here you can add all the PHP-versions you have installed on your system with their corresponding config-path, restart-command, etc. In PHP-Configurations you can then choose the desired PHP-FPM version from a select-box.
      Settings Import / Export
      When installing Froxlor on multiple systems with equal settings, you can now export your settings from one intallation and import them to another. System-Hostname, default IP addresses and a few more variables that are either system specific or filled by the installation process anyway are being omitted. This feature will be "older version" compatible in later versions, meaning you will be able to import settings from 0.9.39 into newer versions of Froxlor. Please note that this new feature requires the PHP-json extension to be installed and loaded.
      Let customers choose PHP configuration
      When adding a new or editing an existing customer, the admin/reseller can now select from all available PHP configurations which of them are usable for the customer.  If none is selected, the one the admin used when adding the domain is used. When the customer adds a new or edits an existing (sub)domain he can choose between the assigned PHP configurations (especially helpful if you have PHP configurations for different PHP-versions).
      Other PHP-FPM related changes
      Three minor changes/additions for PHP-FPM users: 
      You can now specify paths which will be added to the PATH environment variable in each PHP-FPM pool. There was no such entry until now. If the setting is left empty, no env[PATH] entry will be generated You can now specify values for the security.limit_extensions setting on a per PHP-FPM version basis. You can now enable '-pass-header Authorization' for each PHP configuration so authorization headers are being passed from the webserver to PHP-FPM Testing implementation of Let's Encrypts ACME v2
      As announced earlier by Let's Encrypt (see https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605 ) the new api version will be live as of 27th of februrary and is already available for testing (staging api). You can select the ACME v2 standard in the settings if you want to test it using the staging api. Sadly, wildcard-certificates, which is one of the biggest innovations in ACME v2, will only work using the dns-reg challenge (validation via DNS record) so this won't be an option for 99% of you (also, we did not implement the dns-reg challenge, only http-reg). It would be awesome if this is going to be changed. Note: You will still be able to (and probably should) use the ACME v1 API, especially if you have any productive certificates obtained already.
      Minor installation changes
      When checking the webserver and apache is found, we now assume that apache-2.4 is used instead of 2.2
      MySQL STRICT-MODE issues
      Some newer distributions ar enabling the so-called STRICT-MODE for the DBMS by default, which Froxlor could not deal with on installation (e.g. some tables would not be created). These issues should be resolved now.
      *UPDATE*
      0.9.39.1:
      fix possible invalid php-fpm-socket filename for dummy-socket fix selected phpfpm daemon when editing php-configuration fix updating wrong column when deleting a fpm configuration get rid of the need for allow_url_fopen only let admin select php-configs that the customer is allowed to use to avoid unwanted php-config changes when customer edits domain 0.9.39.2:
      add script to automatically configure services from shell without the need of copy/paste from the interface 0.9.39.3:
      add new hosting-plans feature add domain flag to avoid generation of nginx try_files directive in webroot which is not suitable for some applications 0.9.39.4:
      fixed add/edit domain due to misuse of Settings-class 0.9.39.5:
      fixed display of imap/pop3 flag when editing hosting plans You can see all changes on Github at https://github.com/Froxlor/Froxlor/compare/0.9.38.8...0.9.39.5

      Download: 0.9.39.5

      Note: Gentoo-ebuild and Debian packages will be released shortly as always.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,

      we are proud to announce the final release of version 0.9.37 which includes a complete DNS editor for domains and also supports PowerDNS in standalone mode as nameserver.

      DNS-Editor
       
      Admins and customers are now able to edit the DNS settings of domains. You can freely add and remove entries - froxlor will always ensure that the basic required entries are present. These are NS, MX and A/AAAA. They will always be generated if not overwritten by a custom entry.
       
      The access to the DNS-editor can be managed on a per-customer base by the admin. Only domains that have the nameserver-flag enabled and which are allowed to be edited by the customer can have DNS records.
       
      Please keep in mind that we limited the record-types to the following list: A, AAAA, CNAME, MX, NS, SRV, TXT
       
      We are aware that DNS is way more that that and that there is always a bunch of users who need other types - patches and pull-requests are always welcomed ;-)
       
      NOTE: If you are using <=PHP-5.3 you will need to patch the file lib/functions/dns/function.CreateDomainZone.php as follows as we missed using the 'long' array syntax there (will be fixed in the first maintenance release). See https://github.com/Froxlor/Froxlor/compare/51152ef0262f...11d358133e57
      --- a/lib/functions/dns/function.createDomainZone.php +++ b/lib/functions/dns/function.createDomainZone.php @@ -55,8 +55,8 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo if ($domain['isemaildomain'] === '1') { addRequiredEntry('@', 'MX', $required_entries); if (Settings::Get('system.dns_createmailentry')) { - foreach(['imap', 'pop3', 'mail', 'smtp'] as $record) { - foreach(['AAAA', 'A'] as $type) { + foreach(array('imap', 'pop3', 'mail', 'smtp') as $record) { + foreach(array('AAAA', 'A') as $type) { addRequiredEntry($record, $type, $required_entries); } }  
      PowerDNS
       
      As alternative to bind, you are now able to use PowerDNS (pdns) as nameserver.
       
      Attention: you will have to create the powerdns database yourself! When using froxlor's configuraton template for powerdns, froxlor will use powerdns' configuration file to read the database-user-credentials to be able to add/edit/remove zones and records. So double check that all path's are correct.
       
      Minor enhancements

      You can now also customize the global customer-docroot options when using apache webserver and mod_php. Please be aware that no syntax-checking is done (as known from 'specialsettings' or 'custom vhost-content').
       
      The warn-emails about traffic and web-usage can now be enabled and disabled separately by setting the required percentage to 0.
       
      In addition to that, admins can now specify whether specific menu-items are hidden from the customer (regardless of resources assigned to the customer). These settings are global and valid for all customers.


      Changes in 0.9.37:
       
      You can see all (minor) changes in our bugtracker at https://redmine.froxlor.org/versions/72 and https://redmine.froxlor.org/versions/74

      Download: 0.9.37

      Note: Gentoo-ebuild and Debian packages will be available shortly as usual.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
       
      we are proud to announce the final release of 0.9.36 which comes with a customer backup solution and some improvements for our Let's Encrypt implementation.
       
      Customer backup
       
      If enabled, customer are now able to backup their data from within the panel. A nightly cronjob processes the backup-jobs and stores the archive into the customer-given directory. Of course, the time interval for the cronjob can be changed according to your needs.

      Let's Encrypt

      Our implementation of LE now handles alias-domains correctly and adds them to the SAN list of the certificate-request.

      Changes in 0.9.36:
      You can see all changes in our bugtracker at https://redmine.froxlor.org/versions/71

      Download: 0.9.36

      Note: Gentoo-ebuild and Debian packages will be available shortly as usual.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p


×