Changelog

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
As it's been requested multiple times, let's have a public changelog for CustomBuild 2.0 :) Revisions skipped means there were minor changes to typos/comments etc.

Code:
2751 - Added igbinary PHP extension support. PHP-Redis is built with igbinary by default if it's installed.

2750 - Fix ClamAV 0.104 installation on Debian 10.

2749 - Add bzip2 to the list of dependencies of ClamAV.

2748, 2747 - More ClamAV 0.104 related fixes.

2746, 2745 - Fix ClamAV 0.104 support.

2744 - Fix libpmem requirement for MariaDB 10.6.

2743 - Fix md5 check of mod_suexec_directory.patch.

2742 - Fix proundcube -> roundcube typo.

2741 - Change hardened apache patch version check, as it's been changed on files1.

2740 - Skip bubblewrap in "./build versions" on CloudLinux systems.

2739 - Fix MariaDB 10.6 installation of debian.

2738 - CloudLinux Solo support.

2737 - Add additional grub.conf locations for grub_conf.

2736 - Fix custom openlitespeed httpd-alias.conf path.

2735 - Add systemd-timesyncd to csf.pignore.

2734 - Stop pure-certd/pure-uploadscript services on pure-ftpd removal time.

2733 - Add redis to the list of components in CustomBuild plugin.

2732, 2731 - CentOS Stream 8 support.

2730 - MariaDB 10.6 support.

2729 - If force_hostname is set in directadmin.conf - use it for RoundCube password management plugin.

2728 - Protect roundcube/logs and phpMyAdmin/log directories from access over SSH.

2727 - Bugfix for redis installation.

2726 - Use cloudlinux-scl-release on CloudLinux/CentOS6 as scl repo.
       Fix "./build update_full" to execute OS related updates.

2725 - Add /usr/local/lib64 to ld.so.conf.

2724 - Use devtoolset-7 to build dovecot on CentOS6.

2723 - Protect RoundCube/phpMyAdmin logs when using Nginx.

2722 - Set jail=1, not 2 on bubblewrap installation time.
       Add redis-server to csf.pignore.

2721 - Fix nginx unit section in "./build list_removals".

2720 - Add Bubblewrap/Jail Shell to "./build all".

2719 - Add "--with-openssl" to cURL compilation flags.

2718, 2717 - Skip PHP-Redis installation on PHP 5.x.

2716 - Added "./build remove_unit".

2715 - Hide redis update in "./build versions" if redis=no is set.

2714 - Fix md5 checksum of phpredis.

2713 - Add redis=yes/no configuration option.

2712 - Fix apache 2.4.48 compilation.

2711 - Add nginx_unit to access group.

2710 - Change namespace_private.conf to auto-create Junk folder and have spam/Spam namespaces.

2709 - Fix java/python Nginx Unit modules installation on debian systems.

2708 - Added bz2 extension to PHP extensions list.

2707 - Added joomla template for nginx URL rewrites.

2706 - Added PHP-Redis extension support.

2705 - Added redis for rspamd support.

2704 - Add mysql user to csf.pignore list.

2703 - Link /usr/local/lib/node_modules to /usr/lib/node_modules for Nginx Unit, if /usr/lib/node_modules does not exist.

2702 - Fix "grub_conf" on debian systems having /etc/default/grub.d/50-cloudimg-settings.cfg (overriding default grub cmdline).

2701 - Added files-fi as official mirror.

2700 - If broken glibc-headers is found - reinstall it.

2699 - Auto-update grub configuration on debian with grub_conf.

2698 - Improved exim.conf compatiility check with the old versions.
       Fixed RPM dependency installation on RHEL8.

2697 - RHEL8: use codeready-builder-for-rhel-8-x86_64-rpms instead of powertools repo.

2696, 2695, 2694 - auto-load conf/namespace_private.conf for dovecot. Rename spam folder to .Junk.

2693, 2692 - Block access to .env in nginx/apache.

2691 - Make sure fastcgi cache purge module is compiled-in in nginx as reverse proxy as well.

2690 - Add unit to "./build rewrite_confs". Execute post-startup checks to rewrite the config if broken.

2689 - chmod PHP-FPM sockets dir 710 instead of 700.

2688 - Update grub configuration for quota/cgroups automatically after "./build all".

2687, 2686 - Create /etc/nginx/templates directory if it does not exist (nginx_apache or nginx webserver options).

2685 - Update CloudFlare IPs.

2684 - Add PHP-XMLRPC support for PHP 8.0.

2683 - Add a fallback for the installation of epel-repo.

2682 - Add cgroups for Nginx Unit.

2681 - Add directadmin.hostmark.pl to the list of unofficial mirrors.

2680 - Make Nginx FastCGI cache to be available in nginx_apache option.

2679 - Rename nginx templates directory to configure/nginx_templates/

2678 - Added +cipher_server_preference to openssl options for a higher internet.nl score.

2677, 2676 - Fix PHP compilation of LSAPI v7.9.

2675 - LiteSpeed renamed their lsapi php SAPI directory name to litespeed-VERSION instead of just litespeed for v7.9. CustomBuild supports it now.

2674 - Changed "control_service litespeed restart" to "control_service litespeed reload"

2673 - Fix phpMyAdmin version check for PHP <7.2.

2672 - Fix RPC in rand_pass() for FreeBSD

2671 - Add cgroups support for OLS.

2670 - Add cgroups support for LiteSpeed.

2669 - Fix exection of /usr/local/directadmin/custombuild/custom/hooks/cron_execute/pre and post hooks.

2668 - Add PHP-readline to the list of PHP extensions available.

2667 - "./build create_options" to ask if defaults should be used.

2666 - Add psi=1 to /etc/default/grub when needed.

2665 - CloudLinux: skip CageFS force-update on update_webapps time if nothing has been updated.

2664 - Use mariadbd as the process name for MariaDB 10.5 on FreeBSD systems.

2663 - disable-nls automatically, even if custom configuration file is there, for ProFTPd on FreeBSD systems.

2662 - Add "tls_dh_max_bits = 4096" to exim.variables.conf.

2661 - Check if libzstd-devel (zstd-dev) is installed.

2660 - Add nginx user to apache group and vice-versa, so that PHP-FPM sockets could be read from both webservers if they're both installed.

2659 - Improve libnghttp2 check (to make sure libnghttp2-devel is installed, not just nghttp2 on CentOS).

2658, 2657 - Added "./build grub_conf" to re-generate grub configuration with kernel settings needed (for example, rootflags for XFS quotas).

2656 - Improve libpng version check for FreeBSD.

2655 - Add throttling for fastcgi.

2654 - Add throttling for php-fpm.

2653 - Ignore more unrecognized symbols in options.conf/php_extensions.conf.

2652 - Don't auto-enable http2 on CentOS6.

2651 - Fix PHP8 installation on old installs.

2650 - New install on CloudLinux6 still had issues with http2, it's fixed now.

2649 - Fix new installs on CloudLinux6.

2648 - Revert removal of libiconv, tutorials can be followed to solve the problems.

2647 - If libiconv is removed - recompile ClamAV too.

2646 - Add configure/imagemagick/configure.imagemagick for ImageMagick compilation options.

2645 - Added "./build remove_curl" option.

2644 - htscanner was still not disabled for PHP8, it's disabled now.

2643 - Skip htscanner extension for PHP 8.0 (as it's not supported yet).

2642 - Don't compile phalcon 4.x for PHP8 (as it's not supported).

2641 - Don't install epel-release on Oracle Linux 8.

2640 - Fix installation of mcrypt for PHP <7.2.

2639 - Make sure libcurl is installed on new installation time.

2638 - Fix detection of PowerTools repository on CentOS <8.3.

2637 - Make installation succeed with Oracle Linux 8.

2636 - Skip curl download on "./build update" time if curl=no is set in the options.conf file.

2635 - PCRE2 is built-into PHP core, skip it on the installation time. Install libsodium from OS repos on DA installation time.

2634 - Skip installation of libnghttp2-devel on CentOS6.

2633 - Further optimization to use more OS-provided libraries and lower the installation time of DA. curl=no is the new default in the options.conf, as it'll use OS provided version too.

2632 - Add ImageMagick to the list of recompiled components on custom iconv removal.

2631 - Improve installation checks for s-nail.

2630 - Remove compiled version of iconv only if PHP8 is in use.

2629 - Added missing zstd version in "./build versions".

2628 - Improve MySQL 5.7/8.0 installation on new installs.

2627 - Install zstd from OS packages on DA installation time (to make it faster).

2626 - Fix PHP installation on CentOS Stream.

2625 - Removed iconv support from CustomBuild, it also fixes PHP8 support for installations having compiled version of iconv.

2624 - Fix package names for FreeBSD.

2623 - Don't show empty glib line in CustomBuild plugin.

2622 - Fix CWAF md5sum on FreeBSD.

2621 - Apply MySQL 5.7 patches from ports on FreeBSD systems.

2620 - Add first nginx templates for CMS.

2619 - Use ol8_codeready_builder instead of powertools repo on Oracle Linux 8.

2618 - Use apr-1.7.0 (and higher) everywhere, APR is compiled with --with-devrandom, so, LXC/OpenVZ/VMware issues with getrandom() call shouldn't appear anymore.

2617 - Use lowercase powertools yum repo on CentOS8 if it exists.

2616 - Added missing wget timeout for Comodo WAF installation script.

2615 - All non-EOL OS versions should support read-timeout wget option, speficy it by default for all the actions.

2614 - Load /usr/lib/x86_64-linux-gnu/libxml2.so for ModSecurity on debian systems.

2613 - Fix "./build set" for cases having "+" as the value.

2612 - exim.variables.conf: use /etc/exim_dh.pem as dhparams file.

2611 - Force compile PCRE on CentOS6 for new installations.

2610, 2609 - Use APR-1.7.0 or newer when possible, downgrade to 1.6.5 on LXC/OpenVZ.

2608 - Use nginx_unit for unit (instead of nobody).

2607 -  Detect correct libxml2 path for ModSecurity (Apache).
  Don't re-install ICU on FeeBSD if already installed.

2606 - Fix PCRE detection for PHP <7.4 on debian new installs.

2605 - Change pure-ftpd intermedaite to respresent only HIGH ciphersuite.

2604 - pure-ftpd.conf: change default TLSCipherSuite to HIGH.

2603 - Added php-ldap to the list of available PHP extensions.

2602 - Add PHP8 support for imagick module.

2601, 2600 - Another pcre-related path fix for PHP <7.2.

2599 - Auto-install mcrypt if not installed for PHP <7.2.

2598 - Fix PHP <7.2 installations on new installs.

2597 - Support multiple versions of Java in Nginx unit.

2596 - Install icu-config and freetype-config bash scripts on Debian >=10 to support PHP <=7.3.

2595 - Changed PHP default to PHP 7.4.

2594 - Fix PHP8 compilation on CentOS6 (new DA installs only)

2593 - Fix path to PCRE in apache configuration.

2592 - Check for not used packages in "./build update" and skip download of them.

2591 - The following can be used to overwrite anything in CB options.conf:
export php1_release=8.0
./setup.sh auto

For PHP modules:
export php_imap=yes
./setup.sh auto

2590 - Turn PrivateTmp off on LXC systems for MySQL/Apache/PHP-FPM, due to no privileges in LXC for new namespaces.

2589 - Speed up new installation time of DA by using more OS-provided libraries instead of compiled ones.

2588 - Show security warning in "./build versions" if EOL version of MySQL/MariaDB is used.

2587 - Use libzip from OS repositories where possible.

2586 - Fix PHP 7.4 dependencies installation.

2585 - Fix Apache installation on AWS Debian 10.6.
  Skip libzip installation for PHP 7.4.

2584, 2583 - Fix PHP 7.4 installation on CentOS6 32bit.

2582 - Fix composer 2.0 version check.

2581 - Take jailshell parameter directly from /etc/passwd in fcgid*.sh scripts.

2580, 2579, 2578 - Fix PHP installation on CentOS7 new installs.

2577 - Fix 'with-pcre-regex' path in PHP configure.phpXX file if OS-bundled PCRE2 version is used.

2576 - Don't compile PCRE2 on systems having it in OS-package manager.
  Add basic Nginx FastCGI cache global configuration.

2575 - Auto-install ngx_cache_purge module with nginx.
  Auto-install java/ruby/python from OS repos for Nginx Unit. Install NodeJS from NodeJS repos.

2574 - If directadmin-only auto-updates are set in CustomBuild cronjob, execute "./build update_da" only if there is a new version of DirectAdmin released.

2573 - Generate /etc/dovecot/conf.d/95-sni.conf on DirectAdmin installation time.

2572 - Improve java module compilation for nginx unit.

2571 - Fix MySQL 5.6 installation on debian/ubuntu.

2570 - Make sure the owner of /var/log/httpd is apache.

2569 - Auto-swap |IP| in /etc/proftpd.sftp.conf.

2568 - Fix MySQL8 installation on debian/ubuntu.

2567 - Auto-load /etc/proftpd.sftp.conf in /etc/proftpd.conf if file is detected.

2566 - Fix installation of latest version of libxml2 on FreeBSD.

2565 - Fix MySQL 5.7 installation on FreeBSD.

2564 - Set exim queue_run_max to the number of CPU cores on systems having >5 cores.
  Added lshttpd exception to csf.pignore for LiteSpeed.

2563 - Code preparation for PHP8.

2562 - Fix MariaDB 10.5 installation on FreeBSD.

2561 - Fix xapian-core compilation on CentOS6.

2560 - Don't lock MySQL 5.7 version to 5.7.27 on FreeBSD boxes.

2559 - Added /usr/libexec/dovecot/indexer and /usr/libexec/dovecot/indexer-worker to default csf.pignore list.

2558, 2557 - Add noftpd function to make sure DA installation succeeds when no FTP server is set in the options.conf file.

2556 - Move x-forwarded-for definition to nginx-cloudflare.conf and httpd-cloudflare.conf files.

2555 - Add CloudFlare IPs to the trusted IPs list by default to replace the IP in webserver logs with the one provided by X-Forwarded-For header.

2554 - Added new 3rd party mirror: directadmin.mirrors.misaka.one

2553 - Dynamic version check for dnsproviders file (let's encrypt).

2552 - Always set mysql_detect_correct_methods=1 in directadmin.conf.

2551 - Fix psr module installation for php2/3/4.

2550 - Added x-httpd-php to the list of default handlers for mod_lsphp.

2548, 2549 - Add msmtp support for jailshell email sends.

2546, 2547 - Use "gmake install" instead of "make install" for ProFTPd installation on FreeBSD systems.

2545 - Fix visual bug on option-change time when the value is already set to the same one.

2544 - chown roundcube under webapps before setup is finished.

2543 - New pigeonhole package name was a typo from their side. Reverted the fix as new package has been released.

2542 - Use php-litespeed SAPI from CloudLinux repository if mod_lsapi is used.

2541 - Pigeonhole uses x.y.z dovecot version instead of x.y now, updating the code to support it.

2540 - Fix libcap detection on CentOS6 systems.

2539 - Preserve MySQL custom logrotate file if any (on RPM-based systems).

2538 - Keep changes to /etc/logrotate.d/mysql on MySQL update/upgrade time.

2537 - Some backwards compatibility for custom_versions.txt php53:5.2.17:.

2536 - Added socat to the list of dependencies for MariaDB.

2535 - Remove IdentLookups from proftpd.conf, it is not supported anymore.

2534 - CloudLinux boxes should have first lsphp version handler always defined as /usr/local/bin/lsphp.

2533 - exim.jail.conf support.

2432 - Show "Setting is already set to XX" if no changes are done using "./build set ..".

2431 - Add netdata to clsupergid on CloudLinux systems.

2429, 2430 - Unify httpd-directories.conf to top '/' level to allow for home2 rules.

2428 - Added unofficial_mirrors=yes/no. Defaults to no. Does not affect old installations (unless "set_fastest" is ran).

2427 - Fix gmp PHP extension compilation on debian.

2426 - Added files-sg.directadmin.com to official mirrors list.

2425 - Fix MariaDB installation on CentOS6 boxes.

2524 - Fix installation of yajl-devel and lua-devel from PowerTools repo on CentOS8.

2523 - Fix doIMagick call in "./build php_extensions".

2522 - If there is no yajl compiled-into ModSecurity - show current version as 0, so that update of ModSecurity would be shown.

2521 - Update dnsproviders.json to 3.8.0 (added ArvanCloud).

2520 - Remove default /icons/ alias for FancyIndex (apache).
Make intermediate ciphersuite internet.nl-friendly.
Add max_allowed_packet=64M to default my.cnf if none is set.

2519 - Changed default ModSecurity ruleset to owasp (CRS).

2518 - Added pcre2 to MariaDB 10.5 dependencies.

2517 - MariaDB 10.5 support.

2516 - Allow building ioncube for PHP 7.4.

2515 - Always install lego on letsencrypt installation time (earlier it had a version check).

2514 - Fix libzip installation on centos8 (cmake pre-requisite).

2513 - chown fix for dnsproviders.json

2512 - Use devtoolset on CentOS6 for ICU/PHP compilation (we may support newer versions of ICU in the future).

2511 - Fix yajl-devel installation on CentOS8 for ModSecurity.

2510 - Fix "redirection unexpected" on debian machines.

2509 - Fix "SecAuditLogFormat JSON" support in ModSecurity 2.9 (used for Apache). Requires recompilation of ModSecurity.

2508 - Default modsecurity_audit.log format is JSON now.
  MySQL is given more time to start after upgrades.

2507 - Execute "./build update" on "./build update_full" time.
   Use zstd for compression of emails in dovecot 2.3.11 and newer.

2506 - Add -ltr to debian7 exim ldflags.

2505 - More safety checks for config/version mismatch for exim 4.94.

2504 - Fix exim 4.94 installation on CentOS6.

2503 - Compatibility fixes for exim 4.94.

2502 - Use devtoolset-7 on CentOS6 for installation of zstd.

2501 - If MySQL/MariaDB is not managed by CustomBuild - use correct syntax for user creation/password changes.

2500 - Added zstd support by default.

2499 - Added session.save_path/upload_tmp_dir for webapps in case mod_lsapi is used.

2498 - Update some text/documentation in "./build versions" and "./build opt_help full".

2497 - Enable pigeonhole by default.

2496 - ModSecurity ruleset fixes on nginx installation time.

2495 - MySQL 5.7.27 downgrade for FreeBSD, as there is no newer version of MySQL 5.7 in official repositories.

2494 - Include exim.dkim.conf in exim_conf update command.

2493 - Execute /usr/share/magicspam/bin/activate_module on exim_conf time, if it exists.

2492 - Install sqlite-devel for fts-xapian automatically.

2491 - Basic support for letsencrypt.sh 2.0 and Lego client.

2490 - Fix SpamAssassin pre-requisites installation on CentOS8.

2489 - Some systems got MPM auto-switched to prefork on PHP recompilation time, this release should fix this.

2488 - Turn on "managesieve_vacation" option by default in RoundCube if Pigeonhole is used.

2487 - Auto-install libuv on libzip installation time.

2486 - Add ldconfig calls to more places after installation of new libraries.

2485 - Added new mirror.

2484 - Update configure/fastcgi/fcgid.sh to support /~userdir access with jailshell.

2483 - Auto-reload OpenLiteSpeed with pureftpd_uploadscan=yes if .htaccess is uploaded.

2482 - Improve netdata socket directory permissions.

2481 - ProFTPd configuration respects ssl_configuration=modern/intermediate/old.

2480 - Added Netdata installation command.

2479 - ProFTPd related fixes for CentOS8.

2478 - Improve installed packages check on debian systems.

2477 - Automatically open UDP port 11335 in CSF on rspamd installation time.

2476 - Rspamd: revert "normal" listener to TCP/IP port 11333.

2475 - Create "/usr/lib/modules" on jailshell installation time if it does not exist.

2474 - Added snuffleupagus to "./build versions".

2473 - Initial support for snuffleupagus PHP extension.
   Set jail=2 with "./build bubblewrap" by default.

2472, 2471 - rspamd: for security reasons, use socket files in /var/run/rspamd, instead of TCP/IP.

2470, 2469 - Fix http/2 default on CentOS8 new installations.

2468 - php-fastcgi related fixes for webapps.

2467 - Remove vm-pop3d from services.status on dovecot installation time.

2466 - Don't hardcode /home/ for user homedir in jailed fcgid.

2465 - Simplified fcgid.sh scripts (same version for all PHP variants). Added "dovecotconf" as an alias to "dovecot_conf". Fastcgi mode supports jail now.

2464 - Set dovecot=1 in directadmin.conf on new installations.

2463 - Some fixes for MySQL 8.0 installation.

2461, 2462 - Remove Let's Encrypt pre-checks for old invalid certificates (it was added temporarily).

2460 - Fix CustomBuild cronjob syntax.

2459 - Revert jailcron, because jailshell is enough for cronjob shells.

2458 - Added custom/hooks/cron_execute/pre and custom/hooks/cron_execute/post hooks for pre/post execution of the CustomBuild cronjob. "./build cron" is needed to re-generate the cronjob which uses the hooks.

2457 - Fix MySQL 5.6 installation on new installs.

2456 - Some minor fixes for installation of phalcon PHP extension.

2455 - Another systemd-related fix for Apache 2.4.43.

2454 - Added rspamd to csf.pignore. Added jailcron for cronjobs.

2453 - Don't call dovecot conversion on new installation time.

2452 - Fix Apache 2.4.43 compilation issues.

2451 - Added jailed shell support. More details to come in documentation.

2450 - Don't include --with-apxs2 in PHP configuration file if mod_php isn't used.

2449 - added damirror.pars.host to https mirrors list.

2448 - A fix for default MPM module loaded after PHP re-build.

2447 - Install epel-release package on SpamAssassin installation time to get all of the dependencies installed.

2446 - Skip imagick extension installation if particular version of php hasn't been installed yet.

2445 - Build ImageMagick after PHP time on new installation.

2444 - Fix writeLog function to log minutes to custombuild.log correctly (it was logging months instead of minutes in time format).

2443 - Reinstall imagick PHP extension after update of ImageMagick.

2442 - Fix MagicSpam include in exim.conf.

2441 - Fix litespeed installation with the trial key.

2440 - Auto-create mysqld runtime directory on systemd-based OS.

2439 - Added gmp to the list of possible PHP extensions.

2438 - Fix MySQL8 installation on FreeBSD11.

2437 - Fix MySQL wget URL on FreeBSD systems.

2436 - Alpha bits for Unit installation.

2435 - Re-install FTS-Xapian on "./build dovecot" time if it has been installed already.
    Add --enable-embed PHP configuration flag if mod_php is not used.

2434 - Fix php-imap compilation with OpenSSL 1.1.

2433 - Improve wording of php-imap/xml extensions in "./build versions".

2432 - Check for invalid Let's Encrypt certificates on systems with mail_sni=0.

2431 - Add Let's Encrypt checks for CAA issues to update_webapps and update_da calls.

2430 - Let's Encrypt hotfix for CAA bug (https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591). Any command doing doChecks() (for example "./build versions" will do a 1-time checkup for cert renewal).

2429 - Allow clicking 'enter' for default settings when custom installation settings are used.

2428 - Fix php_extensions.conf on customized new installation.

2427 - Disable root logins to phpMyAdmin.

2426 - Cosmetic bugfix for "./build set" for old PHP extensions..

2425 - Add option_set_valid_php() for validity of php_extensions.conf settings.

2424 - Fix ioncube question on custom installation set.

2423 - Auto-install pam-devel for PHP-IMAP.

2422 - Improvements for "PHP Extension Settings" section. Changed variables structure for php_extensions.conf settings.

2421 - Improvements for getPhpOpt() function.

2420 - Added "./build php_extensions" to build all PHP extensions at once. Added "xmlrpc" to the list of available PHP extensions.

2419 - Add new PHP extension section to CB plugin (plugin will need to be updated).

2418 - Use "./build set_php extension yes/no". Backwards compatibility for ioncube/zend/suhosin/imagick/opcache.

2417 - Rename phalcon -> php_phalcon, append php_ to every "./build php_extension". Backwards compatibility for ioncube/zend/suhosin/imagick/opcache.

2416 - PHP extensions controlled in php_extensions.conf. phalcon and imap added as new PHP extensions.

2415 - Show correct OpenLiteSpeed version in installation output.

2414 - Added -DWITHOUT_MROONGA=YES to compilation of MariaDB on FreeBSD.

2413 - Fix MariaDB compilation on FreeBSD.

2412 - Add mirror.serverion.com to unofficial mirrors list.

2411 - Install libnsl on CentOS8 for OpenLiteSpeed web admin.

2410 - Added files-ca to official mirrors list. Better detection of MySQL binary package on FreeBSD systems.

2409 - exim Makefile using uses getFile() instead of wget now.

2408 - phpMyAdmin SSO: the cookies set the host, so if mysql is remote, ensure the direct_login/index.php is updated to point to that host

2407 - Fix empty line in /etc/exim.variables.conf with ssl_configuration=modern option set.

2406 - Downgrade ssl_configuration option to "old" on EOL OS (CentOS4/5, Debian6/7 etc.).

2405 - Fix OpenSSL <1.0.2 version check for SSLOpenSSLConfCmd use on CentOS6/Debian8/Debian9 .

2404 - Use predefined 4096-bit DHE public key where possible, to solve internet.nl error. Configure it using SSLOpenSSLConfCmd directive in Apache, if OpenSSL 1.0.2 or higher is detected.

     Use ssl_configuration=old/intermediate/moden for Exim and Dovecot. TLSv1.1 is EOL as of March 31, 2020. Windows 7 support ended on January 14, 2020.

2403 - Don't allow setting ssl_configuration=modern on OS/webservers not supporting TLSv1.3. Old OS support TLSv1.3 by default in LiteSpeed/OpenLiteSpeed only.

2402 - Disable MySQL/MariaDB versions in options.conf that are unavailable on CentOS8.

2401 - libpng->libwebp for libwebp updates in CustomBuild plugin.

2400 - modify setup.txt and set correct da_admin password there on MySQL/MariaDB reinstallation time.

2399 - don't remove MySQL-python package on MySQL update time.

2398 - added dummy da-exim dpkg package for exim installations on debian.

2397 - error and exit if mod_ruid2 if enabled on unsupported system.

      set MySQL data direcotry to /var/lib/mysql on new installations of debian.

2396 - install dependencies on SpamAssassin installation time.

2395 - downgrade version of ICU if PHP 5.3/5.4 is enabled.

2394 - added ability to upgrade MySQL 5.1 to 5.5.

2393 - fix nginx installation on CentOS6 if libmodsecurity 3.0 is used.

2392 - skip modsecurity download on "./build update" if webserver is not set to apache.

2391 - fix libmodsecurity 3.0 installation on CentOS6.

2390 - fix mariadb 5.5 installation on new installs

2389 - exit litespeed update sooner in case license is expired.

2388 - fix ICU linking issue on Ubuntu 18.04 (https://unicode-org.atlassian.net/browse/ICU-20959).

2387 - hide libmodsecurity/modsecurity connector updates in available updates list if nginx is not used.

2386 - phpMyAdmin config.inc.php is chmod 440 by default now.

2385 - fixed composer current version check in CustomBuild plugin.

2384 - added "pexe:/opt/alt/php../usr/bin/php" to csf.pignore list.

2383 - Fixed typo for composer component in the output of "./build version".

2382 - Fixed PHP 5.3 "make install" for new installations. It needed "bin" directory to be pre-created.

2381 - Added composer support.

       Added csf.pignore checks for CustomBuild used services. It takes the list from configure/csf.pignore.

2380 - Added lua 5.3 support, which is minimal version required required for ModSecurity.

2379 - Suppress s-nail warnings in "./build version" output.

2378 - Fixed imagick compilation when multiple versions of PHP are used.

2377 - Set global CacheRoot for LiteSpeed by default.

2376 - Use "['Servers'][]['DisableIS'] = true;" in phpMyAdmin configuration to make large tables load faster.

2375 - Auto-install sqlite on Centos6 boxes for PHP 7.4.

2374 - Fix "newaliases" command for new installations of exim.

2373 - Added "--with-pear" option to PHP 7.4.

2372 - Fix OpenLiteSpeed taking up nginx_apache ports on startup.

       Auto-enable mod_lsapi when switching from another webserver to apache if CloudLinux is used.

2371 - Fix OpenLiteSpeed taking up nginx_apache ports on startup.

2370 - Suppress warnings on FreeBSD for nginx-related certification copying on the build time.

2369 - Inherit exits from subshell in CustomBuild hooks.

2368 - Added "update_full" alias for "update_versions_full"/"update_versions full".

2367 - Added per-call CustomBuild hooks. (https://forum.directadmin.com/threads/custombuild-2-0-rev-2369-with-steroids.60153/)

       Added "full" update method (update_versions_full and update_versions full). Runs OS updates + CustomBuild update and update_versions.
 
Last edited:

jayw1

Verified User
Joined
Nov 20, 2019
Messages
200
Location
USA
Does custombuild autoupdate or should I be running a command when it's updated?
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
67
@smtalk Possible bug: CustomBuld does not install libnsl for OpenLiteSpeed WebAdmin on CentOS 7
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
@smtalk Possible bug: CustomBuld does not install libnsl for OpenLiteSpeed WebAdmin on CentOS 7
It only does that on CentOS8. I could modify it if needed, but OLS developers didn't mention CentOS7 for it in the past. Did you need to install it on your CentOS7 box?
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
67
It only does that on CentOS8. I could modify it if needed, but OLS developers didn't mention CentOS7 for it in the past. Did you need to install it on your CentOS7 box?

Thank you for replying.

I am having lots of issues with OpenLiteSpeed and IPv6, that is, IPv6 linked to IPv4.

I thought libnsl could be the solution, but I am not sure.

It seems OpenLiteSpeed stops listening to IPv6 after a while or if a graceful restart was performed - either manually or, internally by DirectAdmin.

When it stops listening to IPv6, installing Let's Encrypt SSL fails, and websites are no longer available over IPv6. They are still available over IPv4 however.

Domains without IPv6 do not face any of the issues and Let's Encrypt installs without any issue, too.

I have linked IPv6 to IPv4.
Server hostname to user domains, all IPv4 have IPv6 linked.
I have installed DirectAdmin + OLS over 15 times, all installs have the same error.

I see the following errors with CloudLinux and without CloudLinux installed:

Code:
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-80: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x-0-0-0-1-80) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-80] failed to start listener on address [2602:x:x:x:0:0:0:1]:80!
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-443: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x0-0-0-1-443) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-443] failed to start listener on address [2602:x:x:x:0:0:0:1]:443!
[ERROR] Hostname [*] on listener [45.x.x.x:80] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!
[ERROR] Hostname [*] on listener [45.x.x.x:443] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!

If I do any of the following, the websites become available over IPv6 again and Let's Encrypt Installs fine:

Code:
systemctl stop lsws
systemctl start lsws

or

./build rewrite_confs

Doing above removes some of the listener errors from the above, too.
Sometimes, ./build rewrite_confs fails to restart OLS.

Doing a graceful restart does not solve the issues. But doing it twice in a row solves the errors.
Code:
systemctl restart lsws

When websites are available over IPv6, do a graceful restart once, they are no longer available over IPv6. Stop OpenLiteSpeed and start, they become available again.

When websites are available over IPv6, I can install Let's Encrypt only on one domain. If I add another user and try to install Let's Encrypt, it fails and the websites become unavailable over IPv6
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
Thank you for replying.

I am having lots of issues with OpenLiteSpeed and IPv6, that is, IPv6 linked to IPv4.

I thought libnsl could be the solution, but I am not sure.

It seems OpenLiteSpeed stops listening to IPv6 after a while or if a graceful restart was performed - either manually or, internally by DirectAdmin.

When it stops listening to IPv6, installing Let's Encrypt SSL fails, and websites are no longer available over IPv6. They are still available over IPv4 however.

Domains without IPv6 do not face any of the issues and Let's Encrypt installs without any issue, too.

I have linked IPv6 to IPv4.
Server hostname to user domains, all IPv4 have IPv6 linked.
I have installed DirectAdmin + OLS over 15 times, all installs have the same error.

I see the following errors with CloudLinux and without CloudLinux installed:

Code:
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-80: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x-0-0-0-1-80) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-80] failed to start listener on address [2602:x:x:x:0:0:0:1]:80!
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-443: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x0-0-0-1-443) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-443] failed to start listener on address [2602:x:x:x:0:0:0:1]:443!
[ERROR] Hostname [*] on listener [45.x.x.x:80] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!
[ERROR] Hostname [*] on listener [45.x.x.x:443] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!

If I do any of the following, the websites become available over IPv6 again and Let's Encrypt Installs fine:

Code:
systemctl stop lsws
systemctl start lsws

or

./build rewrite_confs

Doing above removes some of the listener errors from the above, too.
Sometimes, ./build rewrite_confs fails to restart OLS.

Doing a graceful restart does not solve the issues. But doing it twice in a row solves the errors.
Code:
systemctl restart lsws

When websites are available over IPv6, do a graceful restart once, they are no longer available over IPv6. Stop OpenLiteSpeed and start, they become available again.

When websites are available over IPv6, I can install Let's Encrypt only on one domain. If I add another user and try to install Let's Encrypt, it fails and the websites become unavailable over IPv6

Doesn't 1.6.11 solve this? If it doesn't - I'd suggest reporting this to OLS, I'm sure they could solve it really soon if you provide them access.
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
67
v 1.6.11 has been released on April 02. I have replied here before that :)

I have rebuilt OLS and it is now 1.6.11. But the issues remain. I am going to contact them and see what happens.

Any more help from you or DA would be appreciated, too.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
For anyone with IPv6 issues - just contact OLS devs, they're waiting for access to boxes having the issue to fix it permanently :)
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
67
For anyone with IPv6 issues - just contact OLS devs, they're waiting for access to boxes having the issue to fix it permanently :)

They are very slow. I have opened a ticket on 3rd April, provided how to reproduce the issue, yet they replied only once and failed to reproduce it. It seems they didn't read my entire ticket which is why they failed.

I again pointed out the steps and since then no reply on the ticket.

This is why I think if you contact them, it could bring the solution faster. To reproduce the issue, just install DA + OLS with 3 or more IPv4 and the same number of IPv6, add an IPv6 as linked IPs to each IPv4. Install SSL on the hostname. Add a domain and install SSL certificate. OLS will fail and stop listening to IPv6.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
They are very slow. I have opened a ticket on 3rd April, provided how to reproduce the issue, yet they replied only once and failed to reproduce it. It seems they didn't read my entire ticket which is why they failed.

I again pointed out the steps and since then no reply on the ticket.

This is why I think if you contact them, it could bring the solution faster. To reproduce the issue, just install DA + OLS with 3 or more IPv4 and the same number of IPv6, add an IPv6 as linked IPs to each IPv4. Install SSL on the hostname. Add a domain and install SSL certificate. OLS will fail and stop listening to IPv6.
They said they're waiting for root access from your side.
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
67
They said they're waiting for root access from your side.

I provided them root access 6 days ago :)

But since you are saying this, I have replied to the ticket and provided the same password again.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
I provided them root access 6 days ago :)

But since you are saying this, I have replied to the ticket and provided the same password again.
Strange.. Let's hope things go fine now :) If not - just let me know. Thank you!
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
67
@smtalk Thank you for the help and the push from your part.

One of their developers was working on the issue. They tried, but the issue remains. It seems the developer has given up.

IPv6 still fails every time after installing SSL.

They installed OLS 1.7.0.

Is there a way to install beta OLS with DA?

I won't be able to keep this node open for them to run tests. I need to spin up another VPS for testing purposes with OLS 1.7.0.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
@smtalk Thank you for the help and the push from your part.

One of their developers was working on the issue. They tried, but the issue remains. It seems the developer has given up.

IPv6 still fails every time after installing SSL.

They installed OLS 1.7.0.

Is there a way to install beta OLS with DA?

I won't be able to keep this node open for them to run tests. I need to spin up another VPS for testing purposes with OLS 1.7.0.
They said 1.7.0 should have no issues. Does it have any?
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
67
Same issue?

No, not all the same issues.

The IPv6 listeners no longer show any errors, only the server hostname IPv4 and IPv6 listeners, which they said due to DA creating duplicate configuration.

Since this does not create any noticeable issue, I ignored the error and decided not to investigate it further.

But when you install SSL certificates, the website is no longer available over IPv6.

This was the main issue that landed me finding the errors in the IPv6 listeners.

I suspected since SSL install initiates a restart of OLS, and since restarting OLS indeed caused some issues at that time, the original issue is related to OLS restarts.

OLS restarts no longer create any errors.

But every time, after installing or reinstalling SSL makes IPv6 unavailable. Strange thing is, when this happens, there is no IPv6 listener error.
 

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
432
I just read update today. why you seperate " real_ip_header X-Forwarded-For; " to nginx-default.conf from the nginx-cloudflare.conf
because I don't use it.
I have my own update IP list,
should I custom nginx-default.conf ? or should put " real_ip_header X-Forwarded-For; " to same in the file " nginx-cloudflare.conf " ?

because I have custom nginx.conf then nginx-cloudflare.conf so I don't problem with this file.
I have problem with nginx-default.conf /// i don't want to custom this file because it important to receipt some update from DA.
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,144
Location
LT, EU
I just read update today. why you seperate " real_ip_header X-Forwarded-For; " to nginx-default.conf from the nginx-cloudflare.conf
because I don't use it.
I have my own update IP list,
should I custom nginx-default.conf ? or should put " real_ip_header X-Forwarded-For; " to same in the file " nginx-cloudflare.conf " ?

because I have custom nginx.conf then nginx-cloudflare.conf so I don't problem with this file.
I have problem with nginx-default.conf /// i don't want to custom this file because it important to receipt some update from DA.

What do you use instead of X-Forwarded-For for your own solution?
 
Top