Jump to content
Froxlor Forum

Release 0.10.26 - API based froxlor with 2FA, MySQL8 compatibility, new Let's Encrypt implementation and much more...


d00p
 Share

Recommended Posts

I just found out: Only domains that have alias domains are duplicated. And the number of duplicates is exactly the number of alias domains.

So I guess it is a problem with alias domains. If you still can't replicate, please let me know.

Edit: After removing the alias domains, the duplicates are gone.

Also the link to the alias domains leads to an empty list of domains.

Edited by crazy4chrissi
Link to comment
Share on other sites

I can reproduce some issues with alias-domains yes, but your problem seems to be another, as for alias domains, there should no %PATH% shown but "Alias for domain [domain.tld]". Also, please tell me whether the "subdomains" have been added as admin (sub but maindomain) or the customer itself.

Link to comment
Share on other sites

  • 3 weeks later...

What is the recommended upgrade path when running Debian 8 (Jessie) with Froxlor 0.9.40.1-1+jessie1? Upgrade Debian twice, then add the repo 'deb https://deb.froxlor.org/debian buster main', then upgrade Froxlor?

Also, is that repo still only 'testing', as was mentioned here (earlier in this thread)?

I will make an VPS snapshot so I have some room for experimentation (I can revert in a pinch), but knowing what to expect is better of course :)

Link to comment
Share on other sites

Yes, First through all Debians nothing special. Remember to backup everything! If on latest Debian you don't necessarily need to add the repository if you already have froxlor installed. the repository is official and includes the latest stable release of froxlor. It is safe to use.

Don't forget that due to changes in many services I'd recommend re-configure these. Also don't forget to adjust Froxlors settings according to the new environment (apache 2.2 -> 2.4, if using php-fpm, need to use mod_proxy,etc.) all prior to reconfiguring the services.

 

Link to comment
Share on other sites

On 1/26/2020 at 3:10 PM, d00p said:

Yes, First through all Debians nothing special. Remember to backup everything! If on latest Debian you don't necessarily need to add the repository of you already have froxlor installed. the repository is official and includes the latest stable release of froxlor. It is safe to use.

Don't forget that due to changes in many services I'd recommend re-configure these. Also don't forget to adjust Froxlors settings according to the new environment (apache 2.2 -> 2.4, if using php-fpm, need to use mod_proxy,etc.) all prior to reconfiguring the services.

 

Because I had to revert a failed upgrade some time ago from Debian 8 with Froxlor 0.9 with Courier IMAP/POP3, I learned some things that may be relevant to others upgrading, so I thought I'd post them.

Important pre-steps:

  • Tip: put /etc all in git.
  • Disable all lines in /etc/cron.d/froxlor before doing anything.
  • When upgrading Debian, it always leaves the old PHP versions around. You have to explicitly remove them after 'dist-upgrade'. Having php5 still around, unknowingly, was one of my previous problems. See your installed packages with 'aptitude search php | grep ^i'.

Further, I can't seem to find much info about it, but Froxlor dropped Courier support? At least when suggesting configs in its system setup, it only suggests Dovecot. I decided to retain Courier (for the foreseeable future). There was a big warning by apt saying ''the Courier MTA packaging has been extensively rewritten...", but in the end, I only had to fix minor permission things.

Because Froxlor only gives you Postfix+Dovecot default configs, I retained my Postfix configs, except the virtual mail configuration configs that define mysql queries. They had to be selectively taken from the system setup page in the admin panel. The tables where users reside changed, so that was important. My Postfix config still defined a 'virtual_mailbox_base', so the default 'mysql-virtual_mailbox_maps.cf' didn't work. The original file did work.

Courier didn't need changes related to logins or maildir, but it will give some errors in the error log that are easy to fix. The new courier did, however, change in which files the CA chain needs to be stored. I now have cert, key and chain all in 'TLS_CERTFILE'. My Nagios/Icinga ssl checker script is happy again.

Apt will mark courier as 'no longer needed', so you need to 'apt install' manually to make sure apt doesn't 'autoremove' it later.

/etc/cron.d/froxlor is still never regenerated. I had to edit it to replace 'php5' with php. I've had this before. Still looking into it.

Link to comment
Share on other sites

8 minutes ago, halfgaar said:

Disable all lines in /etc/cron.d/froxlor before doing anything.

Or simply just stop the cron service :)

8 minutes ago, halfgaar said:

When upgrading Debian, it always leaves the old PHP versions around. You have to explicitly remove them after 'dist-upgrade'. Having php5 still around, unknowingly, was one of my previous problems. See your installed packages with 'aptitude search php | grep ^i'.

Beware of removing old but possibly still in use php-versions...I'd recommend removing older php-version after validating froxlor or customers do not use them anylonger

9 minutes ago, halfgaar said:

Further, I can't seem to find much info about it, but Froxlor dropped Courier support?

no maintainer, I don't know anyone still using courier. You are welcome to provide required configuration-templates for it

11 minutes ago, halfgaar said:

etc/cron.d/froxlor is still never regenerated. I had to edit it to replace 'php5' with php. I've had this before.

Sure it's regenerated, but only with data from the settings. If you have php5 in there you need to adjust the corresponding setting first

Link to comment
Share on other sites

24 minutes ago, d00p said:

Or simply just stop the cron service

You never know what apt restarts, and also because of reboots, I prefer to make it permanent.

24 minutes ago, d00p said:

Beware of removing old but possibly still in use php-versions...I'd recommend removing older php-version after validating froxlor or customers do not use them anylonger

Froxlor went haywire last time running on php5, so I wanted to be sure this time. I communicated the PHP5 to 7.3 upgrade to users before the upgrade, so I was covered there.

24 minutes ago, d00p said:

no maintainer, I don't know anyone still using courier. You are welcome to provide required configuration-templates for it

I could, perhaps, but I don't have any special reason to use it (. I just didn't want to tag a Courier-to-dovecot migration to my upgrade as well. People installing fresh would like not care, but people upgrading like me do. But, I've found very little comments that people do. This forum post may help the few who do.

24 minutes ago, d00p said:

Sure it's regenerated, but only with data from the settings. If you have php5 in there you need to adjust the corresponding setting first

The cronjob settings page says:

"Cron execution command (php-binary): Command to execute our cronjobs. Change this only if you know what you are doing (default: "/usr/bin/nice -n 5 /usr/bin/php5 -q")!"

Here in source.

Shouldn't that have been covered in a migration?

I just changed that setting, and the cronjob, that I had added some test comments too, is indeed regenerated.

Link to comment
Share on other sites

6 minutes ago, halfgaar said:

The cronjob settings page says:

"Cron execution command (php-binary): Command to execute our cronjobs. Change this only if you know what you are doing (default: "/usr/bin/nice -n 5 /usr/bin/php5 -q")!"

Here in source.

you're right, missed that in the language files. The fallback in CronConfig.php is very unlikely to happen, but also updated now, thank you.

Link to comment
Share on other sites

23 minutes ago, gamefreaktegel said:

Hi,

Quick question...

Does that mean that we have to create the cronjob of acme.sh using the "--install" or "--install-cronjob" option?

No froxlor handles that for you

Link to comment
Share on other sites

ok, that's my issue. There is nothing related to acme.sh.

I checked "AcmeSh.php" and can see the checkUpgrade() function. This function will be called in function runAcmeSh(). Looks also good.

 

After running:

acme.sh --install-cronjob

... it looks all good. The cronjob was inserted.

Strange...

Link to comment
Share on other sites

I found this issue, because I got notifications from the Let's Encrypt Expiry Bot.

So I checked all logs and didn't see any errors. Froxlor was showing me that a lot of certificates needs to be renewed.

Afterwards I ran the master cronjob with --force and --debug. Also no errors and I saw messages like "[information] Updated Let's Encrypt certificate for example.tld".

So this was looking also good, but no certificate was updated.

I checked acme.sh --list and saw that no certificate were updated, too.

 

So I came to the point that acme.sh was not being executed at all.

Link to comment
Share on other sites

4 hours ago, brecherspitz82 said:

Just FYI: Updated a little late, but got a database error, when logging in as an admin and performing the update. Got an "SQLSTATE[23000]: Integrity constraint violation:[...]" caused by entrys with the same domain-id. Deleted one of them and it worked. 

 

Thanks, known and fixed, see https://github.com/Froxlor/Froxlor/issues/840

Link to comment
Share on other sites

  • d00p changed the title to Release 0.10.26 - API based froxlor with 2FA, MySQL8 compatibility, new Let's Encrypt implementation and much more...
  • d00p unpinned this topic
  • d00p unfeatured this topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      this release brings the ability to allow customers to set custom names when creating a database. Just set DBNAME as SQL prefix in the account settings. The DNS of a domain is now validated on creation and update if Let's Encrypt is enabled to ensure the domain resolves to one of the server's (and selected!) IP addresses to prevent failure when generating certificates. Additionally to the new logo upload possibility introduced in 0.10.27 we've re-enabled the overwriting of theme-logo's using the logo_custom.png and logo_custom_login.png files and also introduce new settings to control whether this is wanted or not (see panel settings, right above the logo upload).
      Changes in 0.10.28:
      added new sql-prefix mode DBNAME in order to allow custom database names; fixes #672 correct heredoc indentation in AcmeSh for php-7.1 - php-7.3; fixes #957 fixed Minimum and Expired SOA-Records according to RFC; see #959 have more power over theme logo, custom theme logo and uploaded logo; fixes #958 added option to disable creation of default subdomain; fixes #960 added/updated czech language file; see #870 added Buypass to the list of ACME providers; see #968 add setting for a custom system group for all customer-users (requires libnss-extrausers); fixes #953 check dns for lets encrypt when adding/editing domains and via cron; fixes #971  
      Download: 0.10.28 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By d00p
      Dear Froxlor Community,
      in this release, we start to support the new Debian Bullseye (11) distribution (including packages via deb.froxlor.org). We have also added the ZeroSSL endpoint as an alternative to Let's Encrypt, you can read more about ZeroSSL here: https://zerossl.com/letsencrypt-alternative/. It is now also possible to customize the login and header logo from within the panel-settings. For users that are currently using the custom_logo.png file to override it - the updater will convert it for you.
      Changes in 0.10.27:
      added a default robots.txt to avoid indexing by search-engines add setting for default serveralias value for new domains prefer custom zone entries over automatically created ones when system.dns_createmailentry is enabled; fixes #944 support ZeroSSL via acme.sh (v3); fixes #946 allow defining php_value/php_admin_value for session.save_path when using php-fpm; fixes #954 possibility to upload custom header/login logo, refs #948 possibility to specify custom css; refs #949 bump phpmailer/phpmailer from 6.4.1 to 6.5.0 support for Debian Jessie has been dropped  
      Download: 0.10.27 | website

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.libera.chat for support, help, participation or just a chat

      Thank you,
      d00p
    • By soxlo
      I tried to use the Froxlor API with curl but I got stuck at "Invalid request header".
      This is the curl command I am trying:
      curl --location --request POST 'https://MYDOMAIN/api.php' \ --header 'secret: mysecretstring' \ --header 'apikey: myapikey' \ --header 'Content-Type: application/json' \ --data-raw '{ "command": "Froxlor.listFunctions" }' of course I insert the real domain and secret strings this is clear not the issue.
      If I understand the code right it fails even before trying to authenticate:
      https://github.com/Froxlor/Froxlor/blob/bd48fb732847c3926526335603ca2f3ba2c7c3b4/lib/Froxlor/Api/FroxlorRPC.php#L30
      Any idea whats wrong with my request header?
       
      EDIT:
      This is a working curl command:
      curl --location --request POST 'https://MYDOMAIN/api.php' \ --header 'Content-Type: application/json' \ --data-raw '{ "header": { "apikey": "MYAPIKEY", "secret": "MYSECRET" }, "body": { "command": "Froxlor.listFunctions" } }'  
    • By logicbloke
      Hi,
      I'm just wondering what the difference is between the following 2 folders:
      Why is froxlor installing acme.sh cron everytime it runs at 3am everyday especially since the 5-min let's encrypt froxlor cron is already in place? Also, all my db config points to /etc/ssl/froxlor-custom for the domains and all keys/certificates inside that folder have a different md5 from the ones under /root/.acme.sh/, so I'm wondering what's with the mismatch? Are we updating certificates for domains twice?
       
      If anyone can shed some more light on this, it will be very much appreciated.
       
      Many thanks!
    • By ZARk
      Hello

      I can't renew certs (or create new certs) since the 0.10 upgrade. was working fine before on 0.9

      I'm basically getting the same output everytime i run this command.
       
      xander /var/www/froxlor # /usr/bin/php7.3 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Requesting/renewing Let's Encrypt certificates [information] Creating certificate for Westecheurope.eu [information] Adding SAN entry: Westecheurope.eu [information] Adding SAN entry: www.Westecheurope.eu [Mon 4 Nov 11:23:46 CET 2019] It is recommended to install socat first. [Mon 4 Nov 11:23:46 CET 2019] We use socat for standalone server if you use standalone mode. [Mon 4 Nov 11:23:46 CET 2019] If you don't use standalone mode, just ignore this warning. [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mon 4 Nov 11:23:45 CET 2019] Installing from online archive. [Mon 4 Nov 11:23:45 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Extracting master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Installing to /root/.acme.sh [Mon 4 Nov 11:23:46 CET 2019] Installed to /root/.acme.sh/acme.sh [Mon 4 Nov 11:23:46 CET 2019] Good, bash is found, so change the shebang to use bash as preferred. [Mon 4 Nov 11:23:47 CET 2019] OK [Mon 4 Nov 11:23:47 CET 2019] Install success! [Mon 4 Nov 11:23:47 CET 2019] Upgrade success! [Mon 4 Nov 11:23:47 CET 2019] Removing cron job [Mon 4 Nov 11:23:52 CET 2019] get to authz error. [Mon 4 Nov 11:23:52 CET 2019] _authorizations_map='www.westecheurope.eu,{"identifier":{"type":"dns","value":"www.westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/e3Lmew","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/rs0T6w","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/ZPjfSg","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"}]} westecheurope.eu,{"identifier":{"type":"dns","value":"westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/hOWGhQ","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/nj7_Ow","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/v7Bc7A","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"}]} ' [Mon 4 Nov 11:23:52 CET 2019] Please add '--debug' or '--log' to check more details. [Mon 4 Nov 11:23:52 CET 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [debug] [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [error] Could not get Let's Encrypt certificate for Westecheurope.eu: [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [information] No new certificates or certificates due for renewal found [notice] Checking system's last guid  
×
×
  • Create New...