DirectAdmin 1.700

[sparek]

The DA version 1.701 is released. It comes with new apache and exim. Version 1.700 also got latest apache and exim versions.

Wouldn't this be an incentive to keep DirectAdmin updates and Custombuild (software stack) updates separate? No forcing to update DirectAdmin just to update Exim and Apache because of security issues?

 

[Wanabo]

We will be releasing an automatic fix for removing the old variable from the /etc/exim.easy_spam_fighter/variables.conf.custom.

Is that why I can't update exim? Updated just a few minutes ago to DA 1.700.

safe_download: downloading 'https://downloads.exim.org/exim4/old/exim-4.99.2.tar.gz' to '/usr/local/directadmin/custombuild/tmp/tmp.lu4O4FX7JR.safe_download' failed (2/3)
curl: (22) The requested URL returned error: 404

safe_download: downloading 'https://files.directadmin.com/cache/exim-4.99.2.tar.gz' to '/usr/local/directadmin/custombuild/tmp/tmp.lu4O4FX7JR.safe_download' failed (2/3)
[1mUpdating exim.conf(B[m
Restarting exim.

 

[Wanabo]

Today I thought the exim dowload would fail again (saw several retries), but in the end it downloaded and got installed.
Solved in my case.

 

[fln]

A new build is released with latest PHP versions.

 

[fln]

A new build is released. It bumps Nginx version from 1.30.0 to 1.30.1.

 

[Ohm J]

Hi,
do you have any roadmap to implements "isolated-php-fpm" separate config from "jailed home" on disabled "jailed home" state ?
Some client want have full separate FPM process, but please keep "Jailed" enable/strict in this isolated or have other config to handle on FPM process.

 

[fln]

@Ohm J, do you mean having jailed PHP-FPM but non jailed user shell over SSH?

 

[Ohm J]

yes, but the goal is, my client want to host their website with isolated-php-fpm. Like they don't want to use pool sharing with our main php-fpm pool.

because this mode only work when enable the "jailed home", right ?

 

[fln]

Yes. The isolated mode is enabled only when user config has Jailed check-box enabled. Both features - isolated FPM and jailing user shell and cron uses the same flag - jail=ON from user.conf.

If we would split it out into jail_shell=ON and jail_fpm=ON it would allow having user with non jailed SSH (and cron) access, but with isolated FPM. However the isolated FPM process would still use jailshell/bwrap when starting an FPM service.

If you want the per user FPM process to not be jailed, this would require having two completely different PHP modes - per user FPM mode (FPM instance is not jailed) and isolated FPM mode (FPM instance is jailed). Each mode would need to have custom service files and custom config files.

I am still not sure which scenario are you interested in:

• Allowing user to have unrestricted SSH access, but jailed PHP FPM instance.
• Allowing user to have non-jailed PHP FPM instance.

 

[Ohm J]

- Allowing user to have unrestricted SSH access, but jailed PHP FPM instance.
keep the logics SSH/Cronjob, my client only need jailed PHP FPM instance,

so, even jailed disable for ssh or cronjob, php-fpm should have option to run in isolated mode.