Changelog

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,146
Location
LT, EU
As it's been requested multiple times, let's have a public changelog for CustomBuild 2.0 :) Revisions skipped means there were minor changes to typos/comments etc.

Code:
2502 - Use devtoolset-7 on CentOS6 for installation of zstd.

2501 - If MySQL/MariaDB is not managed by CustomBuild - use correct syntax for user creation/password changes.

2500 - Added zstd support by default.

2499 - Added session.save_path/upload_tmp_dir for webapps in case mod_lsapi is used.

2498 - Update some text/documentation in "./build versions" and "./build opt_help full".

2497 - Enable pigeonhole by default.

2496 - ModSecurity ruleset fixes on nginx installation time.

2495 - MySQL 5.7.27 downgrade for FreeBSD, as there is no newer version of MySQL 5.7 in official repositories.

2494 - Include exim.dkim.conf in exim_conf update command.

2493 - Execute /usr/share/magicspam/bin/activate_module on exim_conf time, if it exists.

2492 - Install sqlite-devel for fts-xapian automatically.

2491 - Basic support for letsencrypt.sh 2.0 and Lego client.

2490 - Fix SpamAssassin pre-requisites installation on CentOS8.

2489 - Some systems got MPM auto-switched to prefork on PHP recompilation time, this release should fix this.

2488 - Turn on "managesieve_vacation" option by default in RoundCube if Pigeonhole is used.

2487 - Auto-install libuv on libzip installation time.

2486 - Add ldconfig calls to more places after installation of new libraries.

2485 - Added new mirror.

2484 - Update configure/fastcgi/fcgid.sh to support /~userdir access with jailshell.

2483 - Auto-reload OpenLiteSpeed with pureftpd_uploadscan=yes if .htaccess is uploaded.

2482 - Improve netdata socket directory permissions.

2481 - ProFTPd configuration respects ssl_configuration=modern/intermediate/old.

2480 - Added Netdata installation command.

2479 - ProFTPd related fixes for CentOS8.

2478 - Improve installed packages check on debian systems.

2477 - Automatically open UDP port 11335 in CSF on rspamd installation time.

2476 - Rspamd: revert "normal" listener to TCP/IP port 11333.

2475 - Create "/usr/lib/modules" on jailshell installation time if it does not exist.

2474 - Added snuffleupagus to "./build versions".

2473 - Initial support for snuffleupagus PHP extension.
   Set jail=2 with "./build bubblewrap" by default.

2472, 2471 - rspamd: for security reasons, use socket files in /var/run/rspamd, instead of TCP/IP.

2470, 2469 - Fix http/2 default on CentOS8 new installations.

2468 - php-fastcgi related fixes for webapps.

2467 - Remove vm-pop3d from services.status on dovecot installation time.

2466 - Don't hardcode /home/ for user homedir in jailed fcgid.

2465 - Simplified fcgid.sh scripts (same version for all PHP variants). Added "dovecotconf" as an alias to "dovecot_conf". Fastcgi mode supports jail now.

2464 - Set dovecot=1 in directadmin.conf on new installations.

2463 - Some fixes for MySQL 8.0 installation.

2461, 2462 - Remove Let's Encrypt pre-checks for old invalid certificates (it was added temporarily).

2460 - Fix CustomBuild cronjob syntax.

2459 - Revert jailcron, because jailshell is enough for cronjob shells.

2458 - Added custom/hooks/cron_execute/pre and custom/hooks/cron_execute/post hooks for pre/post execution of the CustomBuild cronjob. "./build cron" is needed to re-generate the cronjob which uses the hooks.

2457 - Fix MySQL 5.6 installation on new installs.

2456 - Some minor fixes for installation of phalcon PHP extension.

2455 - Another systemd-related fix for Apache 2.4.43.

2454 - Added rspamd to csf.pignore. Added jailcron for cronjobs.

2453 - Don't call dovecot conversion on new installation time.

2452 - Fix Apache 2.4.43 compilation issues.

2451 - Added jailed shell support. More details to come in documentation.

2450 - Don't include --with-apxs2 in PHP configuration file if mod_php isn't used.

2449 - added damirror.pars.host to https mirrors list.

2448 - A fix for default MPM module loaded after PHP re-build.

2447 - Install epel-release package on SpamAssassin installation time to get all of the dependencies installed.

2446 - Skip imagick extension installation if particular version of php hasn't been installed yet.

2445 - Build ImageMagick after PHP time on new installation.

2444 - Fix writeLog function to log minutes to custombuild.log correctly (it was logging months instead of minutes in time format).

2443 - Reinstall imagick PHP extension after update of ImageMagick.

2442 - Fix MagicSpam include in exim.conf.

2441 - Fix litespeed installation with the trial key.

2440 - Auto-create mysqld runtime directory on systemd-based OS.

2439 - Added gmp to the list of possible PHP extensions.

2438 - Fix MySQL8 installation on FreeBSD11.

2437 - Fix MySQL wget URL on FreeBSD systems.

2436 - Alpha bits for Unit installation.

2435 - Re-install FTS-Xapian on "./build dovecot" time if it has been installed already.
    Add --enable-embed PHP configuration flag if mod_php is not used.

2434 - Fix php-imap compilation with OpenSSL 1.1.

2433 - Improve wording of php-imap/xml extensions in "./build versions".

2432 - Check for invalid Let's Encrypt certificates on systems with mail_sni=0.

2431 - Add Let's Encrypt checks for CAA issues to update_webapps and update_da calls.

2430 - Let's Encrypt hotfix for CAA bug (https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591). Any command doing doChecks() (for example "./build versions" will do a 1-time checkup for cert renewal).

2429 - Allow clicking 'enter' for default settings when custom installation settings are used.

2428 - Fix php_extensions.conf on customized new installation.

2427 - Disable root logins to phpMyAdmin.

2426 - Cosmetic bugfix for "./build set" for old PHP extensions..

2425 - Add option_set_valid_php() for validity of php_extensions.conf settings.

2424 - Fix ioncube question on custom installation set.

2423 - Auto-install pam-devel for PHP-IMAP.

2422 - Improvements for "PHP Extension Settings" section. Changed variables structure for php_extensions.conf settings.

2421 - Improvements for getPhpOpt() function.

2420 - Added "./build php_extensions" to build all PHP extensions at once. Added "xmlrpc" to the list of available PHP extensions.

2419 - Add new PHP extension section to CB plugin (plugin will need to be updated).

2418 - Use "./build set_php extension yes/no". Backwards compatibility for ioncube/zend/suhosin/imagick/opcache.

2417 - Rename phalcon -> php_phalcon, append php_ to every "./build php_extension". Backwards compatibility for ioncube/zend/suhosin/imagick/opcache.

2416 - PHP extensions controlled in php_extensions.conf. phalcon and imap added as new PHP extensions.

2415 - Show correct OpenLiteSpeed version in installation output.

2414 - Added -DWITHOUT_MROONGA=YES to compilation of MariaDB on FreeBSD.

2413 - Fix MariaDB compilation on FreeBSD.

2412 - Add mirror.serverion.com to unofficial mirrors list.

2411 - Install libnsl on CentOS8 for OpenLiteSpeed web admin.

2410 - Added files-ca to official mirrors list. Better detection of MySQL binary package on FreeBSD systems.

2409 - exim Makefile using uses getFile() instead of wget now.

2408 - phpMyAdmin SSO: the cookies set the host, so if mysql is remote, ensure the direct_login/index.php is updated to point to that host

2407 - Fix empty line in /etc/exim.variables.conf with ssl_configuration=modern option set.

2406 - Downgrade ssl_configuration option to "old" on EOL OS (CentOS4/5, Debian6/7 etc.).

2405 - Fix OpenSSL <1.0.2 version check for SSLOpenSSLConfCmd use on CentOS6/Debian8/Debian9 .

2404 - Use predefined 4096-bit DHE public key where possible, to solve internet.nl error. Configure it using SSLOpenSSLConfCmd directive in Apache, if OpenSSL 1.0.2 or higher is detected.

     Use ssl_configuration=old/intermediate/moden for Exim and Dovecot. TLSv1.1 is EOL as of March 31, 2020. Windows 7 support ended on January 14, 2020.

2403 - Don't allow setting ssl_configuration=modern on OS/webservers not supporting TLSv1.3. Old OS support TLSv1.3 by default in LiteSpeed/OpenLiteSpeed only.

2402 - Disable MySQL/MariaDB versions in options.conf that are unavailable on CentOS8.

2401 - libpng->libwebp for libwebp updates in CustomBuild plugin.

2400 - modify setup.txt and set correct da_admin password there on MySQL/MariaDB reinstallation time.

2399 - don't remove MySQL-python package on MySQL update time.

2398 - added dummy da-exim dpkg package for exim installations on debian.

2397 - error and exit if mod_ruid2 if enabled on unsupported system.

      set MySQL data direcotry to /var/lib/mysql on new installations of debian.

2396 - install dependencies on SpamAssassin installation time.

2395 - downgrade version of ICU if PHP 5.3/5.4 is enabled.

2394 - added ability to upgrade MySQL 5.1 to 5.5.

2393 - fix nginx installation on CentOS6 if libmodsecurity 3.0 is used.

2392 - skip modsecurity download on "./build update" if webserver is not set to apache.

2391 - fix libmodsecurity 3.0 installation on CentOS6.

2390 - fix mariadb 5.5 installation on new installs

2389 - exit litespeed update sooner in case license is expired.

2388 - fix ICU linking issue on Ubuntu 18.04 (https://unicode-org.atlassian.net/browse/ICU-20959).

2387 - hide libmodsecurity/modsecurity connector updates in available updates list if nginx is not used.

2386 - phpMyAdmin config.inc.php is chmod 440 by default now.

2385 - fixed composer current version check in CustomBuild plugin.

2384 - added "pexe:/opt/alt/php../usr/bin/php" to csf.pignore list.

2383 - Fixed typo for composer component in the output of "./build version".

2382 - Fixed PHP 5.3 "make install" for new installations. It needed "bin" directory to be pre-created.

2381 - Added composer support.

       Added csf.pignore checks for CustomBuild used services. It takes the list from configure/csf.pignore.

2380 - Added lua 5.3 support, which is minimal version required required for ModSecurity.

2379 - Suppress s-nail warnings in "./build version" output.

2378 - Fixed imagick compilation when multiple versions of PHP are used.

2377 - Set global CacheRoot for LiteSpeed by default.

2376 - Use "['Servers'][]['DisableIS'] = true;" in phpMyAdmin configuration to make large tables load faster.

2375 - Auto-install sqlite on Centos6 boxes for PHP 7.4.

2374 - Fix "newaliases" command for new installations of exim.

2373 - Added "--with-pear" option to PHP 7.4.

2372 - Fix OpenLiteSpeed taking up nginx_apache ports on startup.

       Auto-enable mod_lsapi when switching from another webserver to apache if CloudLinux is used.

2371 - Fix OpenLiteSpeed taking up nginx_apache ports on startup.

2370 - Suppress warnings on FreeBSD for nginx-related certification copying on the build time.

2369 - Inherit exits from subshell in CustomBuild hooks.

2368 - Added "update_full" alias for "update_versions_full"/"update_versions full".

2367 - Added per-call CustomBuild hooks. (https://forum.directadmin.com/threads/custombuild-2-0-rev-2369-with-steroids.60153/)

       Added "full" update method (update_versions_full and update_versions full). Runs OS updates + CustomBuild update and update_versions.
 
Last edited:

jayw1

Verified User
Joined
Nov 20, 2019
Messages
166
Location
USA
Does custombuild autoupdate or should I be running a command when it's updated?
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
45
@smtalk Possible bug: CustomBuld does not install libnsl for OpenLiteSpeed WebAdmin on CentOS 7
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,146
Location
LT, EU
@smtalk Possible bug: CustomBuld does not install libnsl for OpenLiteSpeed WebAdmin on CentOS 7
It only does that on CentOS8. I could modify it if needed, but OLS developers didn't mention CentOS7 for it in the past. Did you need to install it on your CentOS7 box?
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
45
It only does that on CentOS8. I could modify it if needed, but OLS developers didn't mention CentOS7 for it in the past. Did you need to install it on your CentOS7 box?
Thank you for replying.

I am having lots of issues with OpenLiteSpeed and IPv6, that is, IPv6 linked to IPv4.

I thought libnsl could be the solution, but I am not sure.

It seems OpenLiteSpeed stops listening to IPv6 after a while or if a graceful restart was performed - either manually or, internally by DirectAdmin.

When it stops listening to IPv6, installing Let's Encrypt SSL fails, and websites are no longer available over IPv6. They are still available over IPv4 however.

Domains without IPv6 do not face any of the issues and Let's Encrypt installs without any issue, too.

I have linked IPv6 to IPv4.
Server hostname to user domains, all IPv4 have IPv6 linked.
I have installed DirectAdmin + OLS over 15 times, all installs have the same error.

I see the following errors with CloudLinux and without CloudLinux installed:

Code:
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-80: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x-0-0-0-1-80) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-80] failed to start listener on address [2602:x:x:x:0:0:0:1]:80!
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-443: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x0-0-0-1-443) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-443] failed to start listener on address [2602:x:x:x:0:0:0:1]:443!
[ERROR] Hostname [*] on listener [45.x.x.x:80] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!
[ERROR] Hostname [*] on listener [45.x.x.x:443] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!
If I do any of the following, the websites become available over IPv6 again and Let's Encrypt Installs fine:

Code:
systemctl stop lsws
systemctl start lsws

or

./build rewrite_confs
Doing above removes some of the listener errors from the above, too.
Sometimes, ./build rewrite_confs fails to restart OLS.

Doing a graceful restart does not solve the issues. But doing it twice in a row solves the errors.
Code:
systemctl restart lsws
When websites are available over IPv6, do a graceful restart once, they are no longer available over IPv6. Stop OpenLiteSpeed and start, they become available again.

When websites are available over IPv6, I can install Let's Encrypt only on one domain. If I add another user and try to install Let's Encrypt, it fails and the websites become unavailable over IPv6
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,146
Location
LT, EU
Thank you for replying.

I am having lots of issues with OpenLiteSpeed and IPv6, that is, IPv6 linked to IPv4.

I thought libnsl could be the solution, but I am not sure.

It seems OpenLiteSpeed stops listening to IPv6 after a while or if a graceful restart was performed - either manually or, internally by DirectAdmin.

When it stops listening to IPv6, installing Let's Encrypt SSL fails, and websites are no longer available over IPv6. They are still available over IPv4 however.

Domains without IPv6 do not face any of the issues and Let's Encrypt installs without any issue, too.

I have linked IPv6 to IPv4.
Server hostname to user domains, all IPv4 have IPv6 linked.
I have installed DirectAdmin + OLS over 15 times, all installs have the same error.

I see the following errors with CloudLinux and without CloudLinux installed:

Code:
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-80: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x-0-0-0-1-80) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-80] failed to start listener on address [2602:x:x:x:0:0:0:1]:80!
[ERROR] HttpListener::start(): Can't listen at address 2602-x-x-x-0-0-0-1-443: Address already in use!
[ERROR] HttpServer::addListener(2602-x-x-x0-0-0-1-443) failed to create new listener
[ERROR] [config:server:listener:2602-x-x-x-0-0-0-1-443] failed to start listener on address [2602:x:x:x:0:0:0:1]:443!
[ERROR] Hostname [*] on listener [45.x.x.x:80] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!
[ERROR] Hostname [*] on listener [45.x.x.x:443] is mapped to virtual host [x.x.x.x], can't map to virtual host [hostname]!
If I do any of the following, the websites become available over IPv6 again and Let's Encrypt Installs fine:

Code:
systemctl stop lsws
systemctl start lsws

or

./build rewrite_confs
Doing above removes some of the listener errors from the above, too.
Sometimes, ./build rewrite_confs fails to restart OLS.

Doing a graceful restart does not solve the issues. But doing it twice in a row solves the errors.
Code:
systemctl restart lsws
When websites are available over IPv6, do a graceful restart once, they are no longer available over IPv6. Stop OpenLiteSpeed and start, they become available again.

When websites are available over IPv6, I can install Let's Encrypt only on one domain. If I add another user and try to install Let's Encrypt, it fails and the websites become unavailable over IPv6
Doesn't 1.6.11 solve this? If it doesn't - I'd suggest reporting this to OLS, I'm sure they could solve it really soon if you provide them access.
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
45
v 1.6.11 has been released on April 02. I have replied here before that :)

I have rebuilt OLS and it is now 1.6.11. But the issues remain. I am going to contact them and see what happens.

Any more help from you or DA would be appreciated, too.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,146
Location
LT, EU
For anyone with IPv6 issues - just contact OLS devs, they're waiting for access to boxes having the issue to fix it permanently :)
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
45
For anyone with IPv6 issues - just contact OLS devs, they're waiting for access to boxes having the issue to fix it permanently :)
They are very slow. I have opened a ticket on 3rd April, provided how to reproduce the issue, yet they replied only once and failed to reproduce it. It seems they didn't read my entire ticket which is why they failed.

I again pointed out the steps and since then no reply on the ticket.

This is why I think if you contact them, it could bring the solution faster. To reproduce the issue, just install DA + OLS with 3 or more IPv4 and the same number of IPv6, add an IPv6 as linked IPs to each IPv4. Install SSL on the hostname. Add a domain and install SSL certificate. OLS will fail and stop listening to IPv6.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,146
Location
LT, EU
They are very slow. I have opened a ticket on 3rd April, provided how to reproduce the issue, yet they replied only once and failed to reproduce it. It seems they didn't read my entire ticket which is why they failed.

I again pointed out the steps and since then no reply on the ticket.

This is why I think if you contact them, it could bring the solution faster. To reproduce the issue, just install DA + OLS with 3 or more IPv4 and the same number of IPv6, add an IPv6 as linked IPs to each IPv4. Install SSL on the hostname. Add a domain and install SSL certificate. OLS will fail and stop listening to IPv6.
They said they're waiting for root access from your side.
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
45
They said they're waiting for root access from your side.
I provided them root access 6 days ago :)

But since you are saying this, I have replied to the ticket and provided the same password again.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,146
Location
LT, EU
I provided them root access 6 days ago :)

But since you are saying this, I have replied to the ticket and provided the same password again.
Strange.. Let's hope things go fine now :) If not - just let me know. Thank you!
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
45
@smtalk Thank you for the help and the push from your part.

One of their developers was working on the issue. They tried, but the issue remains. It seems the developer has given up.

IPv6 still fails every time after installing SSL.

They installed OLS 1.7.0.

Is there a way to install beta OLS with DA?

I won't be able to keep this node open for them to run tests. I need to spin up another VPS for testing purposes with OLS 1.7.0.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,146
Location
LT, EU
@smtalk Thank you for the help and the push from your part.

One of their developers was working on the issue. They tried, but the issue remains. It seems the developer has given up.

IPv6 still fails every time after installing SSL.

They installed OLS 1.7.0.

Is there a way to install beta OLS with DA?

I won't be able to keep this node open for them to run tests. I need to spin up another VPS for testing purposes with OLS 1.7.0.
They said 1.7.0 should have no issues. Does it have any?
 

Meiji

Verified User
Joined
Jul 2, 2019
Messages
45
Same issue?
No, not all the same issues.

The IPv6 listeners no longer show any errors, only the server hostname IPv4 and IPv6 listeners, which they said due to DA creating duplicate configuration.

Since this does not create any noticeable issue, I ignored the error and decided not to investigate it further.

But when you install SSL certificates, the website is no longer available over IPv6.

This was the main issue that landed me finding the errors in the IPv6 listeners.

I suspected since SSL install initiates a restart of OLS, and since restarting OLS indeed caused some issues at that time, the original issue is related to OLS restarts.

OLS restarts no longer create any errors.

But every time, after installing or reinstalling SSL makes IPv6 unavailable. Strange thing is, when this happens, there is no IPv6 listener error.
 
Top