DirectAdmin v1.668

[fln]

We are happy to announce the release of DirectAdmin 1.668.

This release finishes the main server TLS certificate management UI. It is now possible to enable HTTPS and issue automatic certificate from the web panel. Evolution skin received a major change in how widgets work. Web server templates were updated to drop support for obsolete features and some smaller changes and improvements.

A full release change log is here:

DirectAdmin 1.668​

The update should be automatically available for all installations subscribed to the current release channel.

We appreciate all the feedback on forums and issues reported in the ticketing system.

Thanks!

 

[Richard G]

Why is userdir_access removed? Is there an alternative?

 

[fln]

Motivation for this feature removal is:

• Feature was incomplete, it did not work well in some configurations
• It creates security risks, because multiple websites can be reached using same (hostname). Cookies set by user A website could be read by user B website.

We do not have a substitute for this, but if there is a demand for such feature we can implement a safer alternative for this.

 

[EthernetServers]

Sad to see the removal of mod_userdir, this is still quite a popular feature - or at least, we've had quite a few customers this year alone ask for it.

https://www.skipdns.link/ is something that's worth a look for those who don't want to update their device's hosts file to achieve what used to be possible with mod_userdir.

 

[Ohm J]

@fln
Some client using userdir_access to pre config their website before push online to the domain name.

 

[LawsHosting]

^^ An alternative is to lock the whole site to the client IP (either via webserver, or, PHP)...
This is what I do when I develop new sites I want to be hidden until ready.

 

[Richard G]

We also often have it activated because of customers asking for it regularly.

 

[ju5t]

In some cases, there seems to be a reference to userdir in /etc/nginx/directadmin-ips.conf. This config holds IPv6 addresses on a server we had the issue with. I'm guessing these are aliases of IPv4 addresses. The error we got was:

nginx: [emerg] open() "/etc/nginx/nginx-userdir.conf" failed (2: No such file or directory) in /etc/nginx/directadmin-ips.conf:14

We got this after updating our servers, and only on servers with Nginx/Apache. Rewriting the configs doesn't work. As a workaround I created the userdir config file.

I've raised this through a support ticket. Unfortunately with bugs like this, some of your support techs have no clue. And they are not very proactive in getting help from a more senior tech. I hope you can improve on this in the future.

 

[fln]

@ju5t thanks for reporting the issue. The configuration failure you have described can be triggered by removing userdir_access entry completely from the CustomBuild options.conf file.

The expected way of disabling this feature is to set userdir_access=no in the options.conf. Removing the line completely a triggers backwards-compatibility mode in main directadmin service. So DA treats the feature as ON, but CB treats it as OFF.

An update is released to fix it.

---

Note: we recommend managing the CB options.conf file either via GUI or with the da build set ... command. This gives CustomBuild a chance to add missing options to the options.conf file or remove no longer needed options.

 

[Richard G]

System skin deprecation, is this because Enhanced login needs extra coding only for the login screen?

 

[johannes]

userdir_access was a very handy feature for new customers. Would also like to have it back or an alternative.

 

[kristian]

As a replacement for userdir_access, I suppose it's possible to create a domain pointer on the customer account using a subdomain of one of your own domains, and make it an alias, e.g. temp-<username>.predomaintransfer.com so they can use that hostname as their temporary URL until their real domain is changed in DNS. Takes a bit more fiddling with DNS and such, and there's a risk you'll end up with a lot of remnants of old subdomain pointers unless you're good at cleaning up.

 

[Richard G]

and there's a risk you'll end up with a lot of remnants of old subdomain pointers unless you're good at cleaning up.

Which is why it's better to have a default option.

 

[Ohm J]

temp-<username>.predomaintransfer.com

It's easy to do something like this. If no function from directadmin, I planned tl use something like this. But I'm too lazy to config for all the servers.

 

[LawsHosting]

Can I ask if Debian 12 is LLU-friendly? I can't see 12 on the OS list for my licenses.

I've still yet to upgrade to 11

 

[exlhost]

Please bring the OS system packages update possibility back via the DA GUI or CustomBuild.

 

[kristian]

The removal of userdir_access, and rejection when running any da build actions when userdir_access=yes means that we all need to update our options.conf in order for things like certificate renewals to not throw errors. Perhaps it would've been nice if DA switched the value to no for us, since it's going to be disabled anyway?

Example of error we get:

Error during automated certificate renewal for server01.<redacted>        24/09/2024, 10:23

exec ["/usr/local/bin/lego" "--accept-tos" "--email=<redacted>@<redacted>" "--key-type=ec256" "--server=https://acme-v02.api.letsencrypt.org/directory" "--path=/usr/local/directadmin/data/.lego" "--http" "--http.webroot=/var/www/html" "--domains=server01.<redacted>" "run" "--no-bundle" "--preferred-chain=ISRG Root X1"]
2024/09/24 10:23:26 [INFO] [server01.<redacted>] acme: Obtaining SAN certificate
2024/09/24 10:23:26 [INFO] [server01.<redacted>] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/407740975106
2024/09/24 10:23:26 [INFO] [server01.<redacted>] acme: Could not find solver for: tls-alpn-01
2024/09/24 10:23:26 [INFO] [server01.<redacted>] acme: use http-01 solver
2024/09/24 10:23:26 [INFO] [server01.<redacted>] acme: Trying to solve HTTP-01
2024/09/24 10:23:30 [INFO] [server01.<redacted>] The server validated our request
2024/09/24 10:23:30 [INFO] [server01.<redacted>] acme: Validations succeeded; requesting certificates
2024/09/24 10:23:31 [INFO] [server01.<redacted>] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".
exec ["/usr/local/directadmin/directadmin" "build" "sync_server_cert"]
userdir_access is not supported anymore, please change 'userdir_access' line in options.conf
exit status 1

 

[fln]

Thanks @kristian.

We want server administrator to manually turn this feature off to make sure he or she is aware of the change and the consequences of the change.

It was not intended to block the certificate sync operation. We will release an update to make certificate sync operation to work even with malformed config. Server admins will still be unable to use most of the CB commands until userdir_access is turned off, but at least automated actions will continue to work as before.

 

[fln]

An update is release to allow CustomBuild sync_server_cert action to run without options.conf validation.

 

[unihostbrasil]

Now the updates are removing the custom email password change (CMD_CHANGE_EMAIL_PASSWORD) template folder:

/usr/local/directadmin/data/templates/email_pass_change/custom/index.html

This may have been happening since previous updates, not necessarily 1.668, but we only identified the problem now. Unfortunately, new updates often bring new unpleasant surprises or bugs. It would be important for you to perform better quality control of updates.