Search results

The path for session.save_path is hardcoded into a PHP ini file, but some of us prefer to use a memcache solution for performance and security reasons, so it would be great if we would specify that path in options.conf or have that ini file in config, so that we can create a customised version...

Just tried the latest version on FreeBSD and it's completely unusable on that platform.

This is getting more important to get in the next release or so of DA as PHP7 is just round the corner with it's 100% speed increase. Lots of apps will be happy on 7, but 5.6 will still be the go to option for most websites and there will be exception running on 5.5 as 5,4 is now EOL.

We need this first http://forum.directadmin.com/showthread.php?t=49840 so that we can easily add various versions of PHP to test.

This is in custombuild/configure/fpm/conf/php-fpm.conf.55 ;php_admin_value[open_basedir] = /tmp:/var/tmp:/var/www/html:/usr/local/php55/lib/php This is in build APP_TMP=/var/www/tmp Apps which need to upload files via PHP will fail if one just uncomments that open_basedir line in...

I'm with Tristan on this. Let's keep it generic and name it 2-factor auth. We don't want people to think that anything is sent to Google. Otherwise, based on the screenshot nad the doc, good job!

The current method used by Directadmin to calculate email quota leads to wrong results on compressed filesystems such as ZFS. A mailbox may contain messages totalling 100MB according to Dovecot which uses the message size to calculate it, but they will only take 60MB of disk space. I suggest...

This is still a problem, especially when changing PHP1 in CB2. We need the proper symlinks to be created by CB.

I've played with various ideas and a <user-php> user for a user's PHP-FPM pool is the way to go. Other apps aren't affected because the base unix user is still the same Permissions are managed like with mod_php, so there is plenty of documentation and examples. It's portable (no patching required)

Great news about the tokenisation of strings and variables. Regarding Easy Spam Fighter, I would try to include OpenDmarc support. I would also make Spamassassin optional by commenting out those sections. The original script did not have any SA code in it. ClamAV does a great job at identifying...

http://help.directadmin.com/item.php?id=245 chmod 644 /etc/exim.key

Then you're probably using the wrong openssl on FreeBSD. /usr/local/bin should be checked before /usr/bin # /usr/local/bin/openssl version OpenSSL 1.0.1j 15 Oct 2014 # /usr/bin/openssl version OpenSSL 0.9.8za-freebsd 5 Jun 2014

Just tested it and it's not quite working properly, but I think it's because you only support TLS1.0 and not TLS 1.2 which has all the best ciphers. I'm limited to SHA1 which is not good enough these days, even if DA servers don't store national secrets :)

DA is using its own, custom, fail2ban, but I support this request to get more stats.

Cool beans :)

If you're like me, you've made some modifications to disable unwanted features or to patch some apps so that they behave the way you want to. You probably also has lots of custom config files. Tracking changes in CB is a pain, if not impossible. We learn about new features if we track this...

When trying to install PHP I get Downloading icu4c-0-src.tgz... This is because of this if [ "${OS}" = "FreeBSD" ]; then if [ ${MAINVER} -ge 10 ]; then if [ ! -e /usr/local/lib/libicui18n.so ]; then removeLockfile; doICU; fi else if [ ! -d /usr/local/icu/lib ]...

I'm not sure how far you want to take the feature, but I think it would be good if it was designed to ignore apps in custom_versions.txt

Well, DA is the only server component not following the cipher order. Proftpd, exim, dovecot, Apache, NGINX all use PFS. I should have given you a proper list. The one I gave you was what the browser was recognising. Here is a list which should give you TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 as...

Not if SHA1 and CBC modes are still allowed in HIGH. But the problem is the cipher order. I want DA to use TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, so this comes first in my list, but DA doesn't listen and downgrades the connection.