DirectAdmin 1.691

Systemd service journal: journalctl -u directadmin.service --since=today
 
toktokcity said:
I receive the following error by updating Apache in combination with ModSecurity:

httpd: Syntax error on line 51 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf/extra/httpd-modsecurity-enable.conf: Syntax error on line 1 of /etc/httpd/conf/extra/httpd-modsecurity.conf: Cannot load /usr/local/lib/libxml2.so into server: /usr/local/lib/libxml2.so: cannot open shared object file: No such file or directory

I can fix it by commenting the first row in /etc/httpd/conf/extra/httpd-modsecurity.conf with the text "#LoadFile /usr/local/lib/libxml2.so".

But after building ModSecurity or Apache, the problem is back.
Click to expand...
Is this problem fixed in 1.692?
 
Hi,

since DirectAdmin version "1.691" we are facing an issue with "Custom HTTPD Configuration" entries.

**Issue description:**

When we add the following entry to the Custom HTTPD Configuration:

|?DOCROOT=/home/xxxxx/domains/xxxxxxx/public_html|
|?USER=xxxxx|
|?GROUP=xxxx|

it correctly appears in:

"/usr/local/xxxx/data/users/xxxxxx/domains/xxxxxxx.cust_httpd"

However, it is **not applied correctly** to the generated configuration file:

"/usr/local/xxxx/data/users/xxxxxx/httpd.conf"

In the resulting "httpd.conf", the **original document root path** is modified with the correct value.
but it not change the AddHandler and leave the paket user and not the |?USER=xxxxx| in the AddHandler

**Question:**

Is there any known issue, change, or regression related to this behavior since upgrading from
"DirectAdmin 1.690" to "DirectAdmin 1.691" or newer versions?
 
Last edited:
smtalk said:
It was most likely caused by custom configuration, check for custom files in /usr/local/directadmin/custombuild/custom.
Click to expand...
This is the apache config file running atm:


Code: 
#!/bin/sh
"./configure" \
    "--enable-systemd" \
    "--prefix=/etc/httpd" \
    "--exec-prefix=/etc/httpd" \
    "--bindir=/usr/bin" \
    "--sbindir=/usr/sbin" \
    "--sysconfdir=/etc/httpd/conf" \
    "--enable-so" \
    "--enable-dav" \
    "--enable-dav-fs" \
    "--enable-dav-lock" \
    "--enable-suexec" \
    "--enable-deflate" \
    "--enable-unique-id" \
    "--enable-cgi" \
    "--disable-cgid" \
    "--enable-mods-static=most" \
    "--enable-mpms-shared=all" \
    "--with-suexec-caller=apache" \
    "--with-suexec-docroot=/" \
    "--with-suexec-gidmin=100" \
    "--with-suexec-logfile=/var/log/httpd/suexec_log" \
    "--with-suexec-uidmin=100" \
    "--with-suexec-userdir=public_html" \
    "--with-suexec-bin=/usr/sbin/suexec" \
    "--with-included-apr" \
    "--includedir=/usr/include/apache" \
    "--libexecdir=/usr/lib/apache" \
    "--libdir=/usr/lib/apache" \
    "--mandir=/usr/share/man" \
    "--datadir=/var/www" \
    "--localstatedir=/var" \
    "--enable-logio" \
    "--enable-ssl" \
    "--enable-rewrite" \
    "--enable-http2" \
    "--enable-proxy" \
    "--enable-expires" \
    "--enable-reqtimeout" \
    "--with-ssl=/usr" \
    "--disable-md" \
    "--enable-headers"
 
@Marwen, please open a support ticket. There should be no changes in how custom template files between the 1.690 and 1.691 versions.
 
toktokcity said:
This is the apache config file running atm:


Code: 
#!/bin/sh
"./configure" \
    "--enable-systemd" \
    "--prefix=/etc/httpd" \
    "--exec-prefix=/etc/httpd" \
    "--bindir=/usr/bin" \
    "--sbindir=/usr/sbin" \
    "--sysconfdir=/etc/httpd/conf" \
    "--enable-so" \
    "--enable-dav" \
    "--enable-dav-fs" \
    "--enable-dav-lock" \
    "--enable-suexec" \
    "--enable-deflate" \
    "--enable-unique-id" \
    "--enable-cgi" \
    "--disable-cgid" \
    "--enable-mods-static=most" \
    "--enable-mpms-shared=all" \
    "--with-suexec-caller=apache" \
    "--with-suexec-docroot=/" \
    "--with-suexec-gidmin=100" \
    "--with-suexec-logfile=/var/log/httpd/suexec_log" \
    "--with-suexec-uidmin=100" \
    "--with-suexec-userdir=public_html" \
    "--with-suexec-bin=/usr/sbin/suexec" \
    "--with-included-apr" \
    "--includedir=/usr/include/apache" \
    "--libexecdir=/usr/lib/apache" \
    "--libdir=/usr/lib/apache" \
    "--mandir=/usr/share/man" \
    "--datadir=/var/www" \
    "--localstatedir=/var" \
    "--enable-logio" \
    "--enable-ssl" \
    "--enable-rewrite" \
    "--enable-http2" \
    "--enable-proxy" \
    "--enable-expires" \
    "--enable-reqtimeout" \
    "--with-ssl=/usr" \
    "--disable-md" \
    "--enable-headers"
Click to expand...

You are looking at wrong file.

Check your custom file located here:
Code: 
/usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf
and compare with the file that directadmin uses:
Code: 
/usr/local/directadmin/custombuild/configure/ap2/conf/extra/httpd-modsecurity.conf

You'll notice that DA file does not have any libxml2.so load line, and some other slight changes.
Consider removing the custom file to fall back to the default DA modsecurity file.
 
fln said:
fln said:
@Marwen, please open a support ticket. There should be no changes in how custom template files between the 1.690 and 1.691 versions.
Click to expand...
Click to expand...
Hi,

are you sure about this?
I just replaced the following entry

"AddHandler \"proxy:unix:|PHP_FPM_SOCKET_PATH||fcgi://localhost\" .inc .php .phtml"
with the one from one of my older configurations:
"AddHandler \"proxy:unix:/usr/local/php|PHP1_RELEASE|/sockets/|USER|.sock|fcgi://localhost\" .inc .php .phtml .php|PHP1_RELEASE|"

After doing this, the PHP socket is now running again with the user that I specified in the "Custom HTTPD Configurations" using:
"|USER=webuser|"

So it looks like the new variable "|PHP_FPM_SOCKET_PATH|" might ignore or override the custom "USER" value defined in the Custom HTTPD Configuration.
 
Last edited:
@Marwen, yes the web server templates are using the PHP_FPM_SOCKET_PATH token for full path to the PHP-FPM socket. If you are using non-standard location of PHP-FPM socket you need to replace the PHP_FPM_SOCKET_PATH token with correct value.
 
nsc said:
You are looking at wrong file.

Check your custom file located here:
Code: 
/usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf
and compare with the file that directadmin uses:
Code: 
/usr/local/directadmin/custombuild/configure/ap2/conf/extra/httpd-modsecurity.conf

You'll notice that DA file does not have any libxml2.so load line, and some other slight changes.
Consider removing the custom file to fall back to the default DA modsecurity file.
Click to expand...
Thanks!

I did commented the first row in /usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf with the text "#LoadFile /usr/local/lib/libxml2.so" and now it works again!
 
toktokcity said:
Thanks!

I did commented the first row in /usr/local/directadmin/custombuild/custom/ap2/conf/extra/httpd-modsecurity.conf with the text "#LoadFile /usr/local/lib/libxml2.so" and now it works again!
Click to expand...
There are more differences in that file, like inclusion for the disabled rules, the ifmodule section.

The best way would be to understand why did you make the file custom. It's probably one of the setting lines where you needed a bigger value. So you can take the "current" version of modsecurity configuration file - adjust that one value and have the most up-to-date configuration file that you could have. In the future it will be much easier to understand what was the actual reason for the customisation and what like you actually need to be custom.
To avoid ending up with a server full of mystery configurations, try to stick to the original template as much as possible. Instead of stripping lines out, just target the specific variables you need to change - your future self will thank you.
 
romans said:
"Full Audit Log" should be working fine in DA version 1.692 (current release). Please try to update to that version and check if it helps for your case.
Click to expand...
Thanks for your quick response! I have the same issue on a server running v1.692.
 
You must log in or register to reply here.
Back
Top