Jump to content
Froxlor Forum

Release 0.10.26 - API based froxlor with 2FA, MySQL8 compatibility, new Let's Encrypt implementation and much more...


d00p
 Share

Recommended Posts

Dear Froxlor Community,

I am proud to finally release the stable version of a new API based froxlor. Due to massive internal improvements and changes in the core (almost 600 commits since 0.9.40.1) users are now able to list/create/edit/delete resources and entities of froxlor via API (requires activation of api-usage in the settings and a user based API-key). The froxlor frontend itself uses the API backend too.

Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries. All required files will be included in the official tarball so you do not need to worry about installing and using composer (only if you are using / testing the git-master, see https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-git-sources).

Most important changes:

  • froxlor now requires at least php-7.1 or newer, php-5.6 / php-7.0 are no longer supported because of being EOL
  • you can access data via API, for more information see https://api.froxlor.org/doc/. An example can be found here: https://github.com/Froxlor/Froxlor/tree/master/doc/example
  • PHPUnit tested API backend with MySQL 5.6, 5.7 and 8 as well as MariaDB 10.3 and 10.4, see https://travis-ci.com/Froxlor/Froxlor
  • compatibility for MySQL8
  • 2FA (two-factor-authentication) for admins/resellers/customers (email or authenticator app)
  • all froxlor-database tables will automatically be converted to the InnoDB engine
  • added support for Debian 10 (buster) and Ubuntu 18.04 (bionic beaver)
  • implemented Let's Encrypt via acme.sh - Note: all your current Let's Encrypt certificates will be removed and re-created due to another structure
  • customizable error/access log handling for webserver (format, level, pipe-to-script, etc.)
  • deprecated Debian 7 (wheezy) and Ubuntu 14.04 (trusty tahr) support
  • dropped support for Ubuntu 12.04 (precise pangolin)
  • dropped ticketsystem

Changes in 0.10.1:

  • allow/disallow API access on a per-customer base
    • new API parameters for Admins.add(), Admins.update(), Customers.add() and Customers.update()
      • bool $api_allowed (default: false for Customers, true for Admins)
  • add explicit tlsv1.3 ciphersuite setting
  • fixed wrong behaviour in Ftps.add() if customer is newly created and setting customer.ftpatdomain is true
  • added expiration date to SSL certificates loaded via API request
  • fixed wrong return in Certificates.get() if given domain does not have a certificate
  • allow setting http2 flag for (sub)domains in customer view, fixes #725

Changes in 0.10.2:

  • force Let's Encrypt ACMEv2 API, fixed #728
  • added default-ssl-vhost settings and optionally allow including of non-ssl default-vhost settings, fixes #727
    • new API parameters for Domains.add() and Domains.update()
      • string $ssl_specialsettings
      • bool $include_specialsettings
      • bool $dont_use_default_ssl_ipandport_if_empty
    • removed API parameters in Domains.add()
      • bool $use_default_ssl_ipandport_if_empty
    • new API parameters for IpsAndPorts.add() and IpsAndPorts.update()
      • string $ssl_specialsettings
      • bool $include_specialsettings
      • string $ssl_default_vhostconf_domain
      • bool $include_default_vhostconf_domain
  • implemented DomainZones.listing() to return custom stored dns entries
  • fix registration and termination date to flip between empty-value and 0000-00-00

Changes in 0.10.3:

  • fallback to /tmp/froxlor.log if file-log is activated but no file given or not writeable; fixes #737
  • added tls-settings per domain for admins with change_serversettings-flag set; fixes #519
    • new API parameter for Domains.add() and Domains.update()
      • bool $override_tls (default: false)
      • array $ssl_protocols
      • string $ssl_cipher_list
      • string $tlsv13_cipher_list
  • preserve downward compatibility for 0.10.1 updaters regarding specialsettings for ssl-enabled domains; fixes #739

Changes in 0.10.4:

  • added support for CIDR/netmask in mysql-access-hosts; fixes #564
  • fixed invalid handling of escape-sequences in api-endpoint, fixes #746
  • fixed an issue with adding the default ftp user for new customer when added by admin/reseller with no ftp-resources; fixes #741
  • fixed nginx configuration issue with fastcgi_split_path_info option; fixes #744

Changes in 0.10.5:

  • bugfix release due to errors in Let's Encrypt re-new check; fixes #747

Changes in 0.10.6:

  • introducing new API parameters sql_search, sql_limit, sql_offset, sql_orderby for almost all listing() calls
  • introducing new API method listingCount() for almost all modules to return the total number of entities available
  • changed behavior of SubDomains.listing() to return all fields from the domain table instead of the limited ones for customers when called as admin
  • added new API module SysLog to query froxlor logs according to permission
  • optimized panel_admins and panel_customers table to avoid mysql/mariadb warning: Row size too large (> 8126); fixes #752
  • corrected update of hosting plans via interface; fixes #753
  • implemented API method EmailForwarders.listing(); fixes #754
  • fixed parameters defaults for Domains.update() parameters ssl_ipandports and add new parameter (see below); fixes #756
    • new API parameters for Domains.update()
      • bool $remove_ssl_ipandport

Changes in 0.10.7:

  • corrected behavior when changing mysql-access-host values; fixes #758
  • fix UI error "API keys not accessable due to missing Paging-class"
  • fix trauncating of SysLog using SysLog.delete()
  • corrected UI issue of incorrect listing of domains for customers and admin, fixes #759
  • corrected ordering of listings in UI regarding pagination
  • added new settings to set default value of domain-edit-settings 'Apply specialsettings to all subdomains' and 'Apply php-config to all subdomains'
  • corrected vhost-merging of specialsettings in nginx; fixes #757

Changes in 0.10.8:

  • fix duplicate domain entries in customer-domain-list when domain has aliases
  • fix searching for alias-domains by link in customer_domains
  • use correct apiendpoint for lets encrypt; pass debug-flag onto acme.sh; fixes #762
  • fix removing of ssl-ip-relation to domain if no ssl-ip is selected via interface
  • Debian package: Move mysql server dependency to redommends; fixes #761

Changes in 0.10.9:

  • fix SQL error when searching for certificates by domainname, fixes #764
  • fix ordering of listings when natural sorting is activated, fixes #765
  • check for valid result when reading database usage from information_schema; fixes #766

Changes in 0.10.10:

  • add new API function Froxlor.generatePassword() to return a random password based on froxlor settings regarding min-length, included characters, etc.; fixes #768
  • fix mysql8 issue with group by and sorting within; fixes #774
  • add new 'ssl-enabled' flag for domains and subdomains so ssl can be deactivated (by a customer too) even if there are ssl-ip/ports assigned; introduce new honorcipherorder and sessiontickets flags for more control over ssl-related settings on a per domain base (admin only); fixes #767 and #769
    • new API parameters for Domains.add() and Domains.update()
      • bool $sslenabled
      • bool $honorcipherorder
      • bool $sessiontickets
    • new API parameters for SubDomains.add() and SubDomains.update()
      • bool $sslenabled
    • new API method Froxlor.generatePassword()

Changes in 0.10.11:

  • apply 'notryfiles', 'writeaccesslog' and 'writeerrorlog' flags to subdomains when editing a domain
  • fix SysLog.delete(), SysLog.listing() and SysLog.listingCount() whencalled as admin/reseller withouth customers_see_all permission
  • add option to disable SSL sessiontickets globally for older systems, fixes #784
  • ability to add custom config to PHPFPM version, fixes #643
    • new API parameters for FpmDaemons.add() and FpmDaemons.update()
      • string $custom_config

Changes in 0.10.12:

  • allow using more advanced LogFormat for webserver and awstats
  • fix issue in PhpHelper::trimArray() returning an empty array, fixes #751
  • fix wrong behaviour of Emails.update() which allowed setting iscatchall-flag for more than one address of the same domain
  • fix writable-check of froxlor-logfile if logfile did not exist

Changes in 0.10.13:

  • validate nameserver ip-addresses for binds allow-transfer block; fixes #791
  • fix IpsAndPorts when checking for system.ipaddress in update() and delete()
  • fix Domains.update() if called as admin/reseller without change_serversettings privileges, thx to rseffner
  • fix the case that the spf record is not inserted with its quotes, and so the condition fails and 2 spf records are inserted in the domain
  • fix wrongly initialized resource-usage when re-calculating it; fixes #797
  • update php-fpm defaults; update paths for current stable php-7.3; read froxlor default php.ini from file rather then using phpconfig with id=1; fixes #796

Changes in 0.10.14:

  • require set password complexity for admins too when resetting password; display correct error message if password complexity is not satisfied
  • do not require enabled vhost-container for froxlor-vhost to change sslsessiontickets-setting
  • disable sslsessiontickets-option in domain-add/edit if globally disabled in the settings
  • fix listing of customer email addresses if 'domain' section is hidden via settings, fixes #803
  • add Froxlor.integrityCheck() API call to externally run integrity/consistency check, fixes #801
    • new API method Froxlor.integrityCheck()
  • make customer firstname,name,company and customer-no available for all templates; fixes #808
  • store ace-string of domain besides idn-converted string to have correct sorting in the frontend; fixes #809
  • allow private ip ranges in ips-and-ports as some configurations require that; fixes #802

Changes in 0.10.15:

  • fixed temporary userdata file creation results in an empty file on installation; fixes #815

Changes in 0.10.16:

  • remove ssl-certificates connected to domains that are being deleted when deleting a customer; fixes #818
  • fix removing ip address if ip is set as system-ipaddress but there are other entries of that ip with a different port
  • fixed parsing due to changes in dovecots default mail_log_prefix
  • restructure acmesh implementation and let acme.sh take care of renewing the certificates itself; fixes #792, fixes #816
  • Double check whether installation of acme.sh worked when not installed yet and do not continue if not; fixes #823
  • add optional dns validation for let's encrypt activated domains; fixes #817
  • let send-to-alternative-email be optional if no address is given instead of displaying error that the email address is invalid; fixes #829

Changes in 0.10.17:

  • fix minor issue with let's encrypt and uppercase letters in domainnames
  • validate we're using the required minimum version of php in frontend and cron, not only on installation
  • adding email addresses via webinterface results in error if domains are hidden from customers; fixes #803
  • fix including of language-strings in reports-cron, fixes #836

Changes in 0.10.18:

  • remove TLSv1 from the list of default SSL-protocols
  • marked Ubuntu 16.04 configuration templates as deprecated
  • removed Ubuntu 14.04 configuration templates
  • added configuration-templates for Ubuntu 20.04
  • added configuration-templates for CentOS 8
  • added distribution detection on installation and OS possibility for specific setting-adjustments (for later use)
  • read certificate data folder from acme.sh.env file, fixes #846
  • corrected API docs, fixes #856 and #857

Changes in 0.10.19:

  • return full domain object on Domains.update() call, fixes #861
  • add missing parmeter customerid for SubDomains.delete() which is required when called as admin; fixes #862
  • check for possible CNAME overrides of A/AAAA record in dns-editor, fixes #864
  • corrected timestamp-check for let's encrypt filesystem sync, fixes #865

Changes in 0.10.20:

  • fix permanent rebuilding of vhost configs when using let's encrypt
  • updated jquery library, fixes #872
  • unset any limit as we do not have pagination when showing search-results, fixes #869
  • fix missing query-parameters for IpsAndPorts.listing() when using sql_search
  • show current count of results besides total count in listings, fixes #869
  • remove underscore from dkim-selector, refs #619
  • use overridden limit_extensions and idle_timeout values in vhost config when using fpm and not mod_proxy

Changes in 0.10.21:

  • corrected check for possible empty-value but existing ssl-certificate on filesystem
  • corrected wrong unit in traffic graphs, fixes #425
  • removed old/unused table panel_diskspace_admins

Changes in 0.10.22:

  • unify customerid/loginname api-parameter-descriptions; fixes #883
  • list dns entries after add/delete action handling so the table of entries always shows the current state withouth reloading the page; fixes #887
  • create quotatallies entry if it not exists, fixes #885
  • correction in api-doc for Ftps.update ftp_password parameter, fixes #889
  • fix awstats/webalizer directory protection when using nginx; fixes #888
  • do not set description to empty value in Mysqls.update() if not passed as parameter as it is optionally; fixes #890
  • make given documentroot of domain relative to customerroot if no absolute path if given; fixes #892
  • [domainbulk] remove reqiurement for customer-select in webinterface as it is an API-parameter
  • do not allow setting www as CNAME record if domain has automatic www-Alias enabled, fixes #895
  • remove duplicate AXFR records as nameserver get added automatically in case they were added also to AXFR list

Changes in 0.10.23:

  • Due to recent updates in the requirements/dependencies a minimum version of PHP 7.1+ is required
  • corrected delete_userfiles flag not being passed to Emails.delete() via webinterface email-address overview
  • corrected validation of idn-tld's, fixes #899
  • trigger rebuild of config-files also if customer email is changed, fixes #896
  • added date-range parameters for Traffic.listing(), fixes #878
    • new API parameters for Traffic.listing()
      • int $date_from
      • int $date_until
  • added missing return-code in DomainZones.add() which messes up the error-handling when using API

Changes in 0.10.24:

  • added setting to hide non-compatible settings (mostly depending on chosen webserver)
  • [installation] set minimum required php-version to 7.1 and recommended php-version to 7.4
  • Check return of validateFormField() just for non-falsey values and not expect boolean data-type; fixes #904
  • correctly read in domain's ssl-ips for CAA entries if enabled, fixes #903
  • display sizes of used diskspace/traffic dynamically formatted depending on value instead of fixed
  • added option to specify (optional) fileextension/suffix for generated dkim-private keys; fixes #907

Changes in 0.10.25:

  • added possibility to use 'in' sql-operation in sql_where parameter for all applicable API calls
  • list only phpenabled and http-enabled domains in php-configuration overview, fixes #911
  • corrected check for required firstname/name/company in Customers.update(), fixes #915
  • more work on complete php-8 compatibility
  • added setting for email address of SOA record (nameserver)
  • added show_usages parameter for Customers.listing() and Customers.get(), fixes #912
    • new API parameters for Customers.listing() and Customers.get()
      • bool $show_usages
  • added description parameter for Domains.add()/Domains.update() and Emails.add()/Emails.update(), fixes #910
    • new API parameters for Domains.add()/Domains.update() and Emails.add()/Emails.update()
      • string $description
  • added deactivated parameter for EmailAccounts.update(), fixes #921
    • new API parameters for EmailAccounts.update()
      • bool $deactivated
  • escape passwords for email content (new email-account, new ftp-account and new database), fixes #905
  • trigger acme.sh and powerdns removal for domains if customers is being deleted, fixes #923

Changes in 0.10.26:

  • refactoring columns from large table to avoid '1118 Row size too large' error
  • check rr against possible existing CNAME entries, fixes #927
  • add vhost replacer {FPMSOCKET} for custom vhost configs; fixes #931
  • add new settings for legal-notes; terms-of-use and privacy-policy; fixes #930
  • additionally sort by length of username for libnss-extrausers passwd file to have the main user as first in result in any case; fixes #933
  • do not touch/chown error/access log if log is disabled, fixes #934
  • catch exception of password-complexity check when changing account password; fixes #935
  • bump phpmailer/phpmailer from 6.2.0 to 6.4.1

Download: 0.10.26

Note: There are no packages for oldoldstable (jessie) anymore


Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net for support, help, participation or just a chat

Thank you,
d00p

Link to comment
Share on other sites

  • d00p pinned and featured this topic
Am 3.10.2019 um 13:07 schrieb d00p:

Note: Debian packages will be created and released as soon as possible, please be patient

Guten Abend, sag gibt es schon Entwicklung bezüglich der Veröffentlichung?
Paar Kunden schreien förmlich danach.

Good evening, are there any developments regarding the release? 
Couple of customers are screaming for it.

Link to comment
Share on other sites

I don't think Stretch packages have been updated yet.. last update was December 5th 2018.. Am I doing something wrong?

 

Architectures: amd64 arm64 armel armhf i386
Codename: stretch
Components: main
Date: Wed, 05 Dec 2018 07:51:29 +0000
Label: Froxlor Repository
Origin: froxlor.org
Suite: stable

 

Link to comment
Share on other sites

5 minutes ago, llucps said:

I don't think Stretch packages have been updated yet.. last update was December 5th 2018.. Am I doing something wrong?

 


Architectures: amd64 arm64 armel armhf i386
Codename: stretch
Components: main
Date: Wed, 05 Dec 2018 07:51:29 +0000
Label: Froxlor Repository
Origin: froxlor.org
Suite: stable

 

I'll check what's up there, sorry for the inconvinience

Link to comment
Share on other sites

  • 2 weeks later...

I encounter a strange issue in 0.10.6-1 (from Debian Stretch repository): For some customers, some domains show up multiple times. The domains appear once in admins domain list and in the customer dashboard. But in the domain settings of the customer, where the customer can configure subdomains, the same domain appears multiple times. Some domains twice, one domain 7 times. They link to the exact same edit link. I am not talking about subdomains, the affected domains do not even have subdomains.

This is not the case for all domains, not even all domains of the affected customer.

In the database, everything seems fine, the domain is only there once. It looks like there is some JOIN going wrong duplicating the domains.

Edit: I checked a different server also running froxlor (same version) and it also is affected. There domains with subdomains are affected and the subdomains are also listed multiple times.

Link to comment
Share on other sites

42 minutes ago, crazy4chrissi said:

I encounter a strange issue in 0.10.6-1 (from Debian Stretch repository): For some customers, some domains show up multiple times. The domains appear once in admins domain list and in the customer dashboard. But in the domain settings of the customer, where the customer can configure subdomains, the same domain appears multiple times. Some domains twice, one domain 7 times. They link to the exact same edit link. I am not talking about subdomains, the affected domains do not even have subdomains.

This is not the case for all domains, not even all domains of the affected customer.

In the database, everything seems fine, the domain is only there once. It looks like there is some JOIN going wrong duplicating the domains.

Edit: I checked a different server also running froxlor (same version) and it also is affected. There domains with subdomains are affected and the subdomains are also listed multiple times.

There are known issues in 0.10.6 with the new listing which have been fixed for the upcoming 0.10.7 (tomorrow), sorry for any inconvenience

Link to comment
Share on other sites

On 11/21/2019 at 11:07 AM, d00p said:

There are known issues in 0.10.6 with the new listing which have been fixed for the upcoming 0.10.7 (tomorrow), sorry for any inconvenience

I installed 0.10.7-1 and it does not quite fix the problem completely.

In the previous version, the domains and all subdomains had been duplicated. Example:

example.com [Statistics]
example.com %PATH% [edit] [delete] [letsencrypt]
somesub.example.com %PATH% [edit] [delete] [letsencrypt]
example.com [Statistics]
example.com %PATH% [edit] [delete] [letsencrypt]
somesub.example.com %PATH% [edit] [delete] [letsencrypt]

The part in bold is the duplicate that shouldn't be there.

Now, the domain is there once, but under that, the line where you can configure it is duplicated. Example:

example.com [Statistics]
example.com %PATH% [edit] [delete] [letsencrypt]
example.com %PATH% [edit] [delete] [letsencrypt]
somesub.example.com %PATH% [edit] [delete] [letsencrypt]
 

The bold part shouldn't be there. The same domains are affected as in the last version.

Link to comment
Share on other sites

  • d00p changed the title to Release 0.10.26 - API based froxlor with 2FA, MySQL8 compatibility, new Let's Encrypt implementation and much more...
  • d00p unpinned this topic
  • d00p unfeatured this topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      this release integrates a few security improvements that have been reported to us regarding the session settings, session id and possible url manipulation. Additionally, thanks to the guys from INWX, support for mysql-tls settings have been integrated in the installation-process and the system. Thanks again for the contribution.
      Changes in 0.10.29:
      set php session security related settings (httponly and secure flag) secure commonly used filename-variable against url manipulation generate unpredictable unique session ids fix session for 2fa enabled logins integrate the new czech language file; refs #976 possibility to decide whether target database should be dropped after backup when installing adds mysql tls support, refs #979 Changes in 0.10.29.1:
      fix fresh installation (database exist check)
        Download: 0.10.29.1 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      this release brings the ability to allow customers to set custom names when creating a database. Just set DBNAME as SQL prefix in the account settings. The DNS of a domain is now validated on creation and update if Let's Encrypt is enabled to ensure the domain resolves to one of the server's (and selected!) IP addresses to prevent failure when generating certificates. Additionally to the new logo upload possibility introduced in 0.10.27 we've re-enabled the overwriting of theme-logo's using the logo_custom.png and logo_custom_login.png files and also introduce new settings to control whether this is wanted or not (see panel settings, right above the logo upload).
      Changes in 0.10.28:
      added new sql-prefix mode DBNAME in order to allow custom database names; fixes #672 correct heredoc indentation in AcmeSh for php-7.1 - php-7.3; fixes #957 fixed Minimum and Expired SOA-Records according to RFC; see #959 have more power over theme logo, custom theme logo and uploaded logo; fixes #958 added option to disable creation of default subdomain; fixes #960 added/updated czech language file; see #870 added Buypass to the list of ACME providers; see #968 add setting for a custom system group for all customer-users (requires libnss-extrausers); fixes #953 check dns for lets encrypt when adding/editing domains and via cron; fixes #971  
      Download: 0.10.28 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      in this release, we start to support the new Debian Bullseye (11) distribution (including packages via deb.froxlor.org). We have also added the ZeroSSL endpoint as an alternative to Let's Encrypt, you can read more about ZeroSSL here: https://zerossl.com/letsencrypt-alternative/. It is now also possible to customize the login and header logo from within the panel-settings. For users that are currently using the custom_logo.png file to override it - the updater will convert it for you.
      Changes in 0.10.27:
      added a default robots.txt to avoid indexing by search-engines add setting for default serveralias value for new domains prefer custom zone entries over automatically created ones when system.dns_createmailentry is enabled; fixes #944 support ZeroSSL via acme.sh (v3); fixes #946 allow defining php_value/php_admin_value for session.save_path when using php-fpm; fixes #954 possibility to upload custom header/login logo, refs #948 possibility to specify custom css; refs #949 bump phpmailer/phpmailer from 6.4.1 to 6.5.0 support for Debian Jessie has been dropped  
      Download: 0.10.27 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By soxlo
      I tried to use the Froxlor API with curl but I got stuck at "Invalid request header".
      This is the curl command I am trying:
      curl --location --request POST 'https://MYDOMAIN/api.php' \ --header 'secret: mysecretstring' \ --header 'apikey: myapikey' \ --header 'Content-Type: application/json' \ --data-raw '{ "command": "Froxlor.listFunctions" }' of course I insert the real domain and secret strings this is clear not the issue.
      If I understand the code right it fails even before trying to authenticate:
      https://github.com/Froxlor/Froxlor/blob/bd48fb732847c3926526335603ca2f3ba2c7c3b4/lib/Froxlor/Api/FroxlorRPC.php#L30
      Any idea whats wrong with my request header?
       
      EDIT:
      This is a working curl command:
      curl --location --request POST 'https://MYDOMAIN/api.php' \ --header 'Content-Type: application/json' \ --data-raw '{ "header": { "apikey": "MYAPIKEY", "secret": "MYSECRET" }, "body": { "command": "Froxlor.listFunctions" } }'  
    • By logicbloke
      Hi,
      I'm just wondering what the difference is between the following 2 folders:
      Why is froxlor installing acme.sh cron everytime it runs at 3am everyday especially since the 5-min let's encrypt froxlor cron is already in place? Also, all my db config points to /etc/ssl/froxlor-custom for the domains and all keys/certificates inside that folder have a different md5 from the ones under /root/.acme.sh/, so I'm wondering what's with the mismatch? Are we updating certificates for domains twice?
       
      If anyone can shed some more light on this, it will be very much appreciated.
       
      Many thanks!
×
×
  • Create New...