Version 1.63.2

Released: 2021-11-25

• Git Manager (PRO PACK) new
• Backup locking slots: max_concurrent_backups=3 new
• Make rootauth login keys read-only for normal users improved
• Refactored setup.sh and install.sh scripts improved
• Script getLicense.sh accepts just the license key improved
• License and version information page simplified in Evolution skin improved
• UNIT: no need for SSL listener by default (DEFAULT) improved
• Cron: disable jail needs to clear jailshell fixed
• Custom dns_txt.conf with _dmarc causes double _dmarc after restore fixed
• Subdomain-Alias with domain subdomain: missing CERT/KEY not reverting correctly fixed
• Fix typo in rspamd template fixed

Git Manager (PRO PACK) new

Git Manager allows users to host and manage Git repositories on the Directadmin server.

Syncing with remote repositories is available as well with auto deployment support via a webhook.

Read more.

Backup locking slots: max_concurrent_backups=3 new

Each call to create an Admin/Reseller level triggered backup will require a backup lock. y default, there will be:

max_concurrent_backups=3

meaning 3 different lock files. The backup being attempted must get one of those locks, eg:

• /usr/local/directadmin/data/admin/backup_slot.1.lock
• /usr/local/directadmin/data/admin/backup_slot.2.lock
• /usr/local/directadmin/data/admin/backup_slot.3.lock

where the contents of the lock will be some json with the PID of the dataskq running and other misc info, so it can be verified later, in case it's no longer active.

LOCK DURATION

The lock duration default is 8 hours, based on the directadmin.conf timeout=60. If you have a higher timeout, eg: timeout=120, the lock timeout will double as well: 16hrs. It's a dynamic value, in case you need to adjust it.

LOCK CONTENTS

The contents of the backup_slot.X.lock will be json, eg:

{
        "id": "1",
        "owner": "admin",
        "pid": "501795"
}

Where id is the backup id. If it's manual trigger, it will not be present there. Field pid is the process ID of the running dataskq call, so it can be checked if it's still alive.

Owner is the account that triggered the backup (cron or direct).

Make rootauth login keys read-only for normal users improved

Login keys created by root account using commands directadmin --root-auth-url or directadmin --root-auth-url-for=username will be marked as read-only for normal user accounts (will have client_read_only=yes in key.conf).

These keys are used by DA server administrator or some 3rd party plugins to gain API access to a particular account. Marking them as read-only will prevent users from disabling or removing these keys.

Refactored setup.sh and install.sh scripts improved

Changed setup.sh script to have no installation logic, all the installation bits have been moved to install.sh. The scripts have also been cleaned up of unused functions. setup.sh has the ability to install DA from any update channel/branch. Instructions for the usage can be found here.

Script getLicense.sh accepts just the license key improved

As our new licensing system does not require re-download of license.key, we have changed getLicense.sh to only accept license key as the argument. Instructions for the usage can be found here.

License and version information page simplified in Evolution skin improved

Using Evolution skin information about current DA version and license is simplified. Change of preferred release channel is now done immediately without having to wait for DA restart.

UNIT: no need for SSL listener by default (DEFAULT) improved

Default change to the directadmin.conf option, new value:

unit_port_ssl=0`

where the previous default would be:

unit_port_ssl=8091

This change, upon full rewrite, will clear:

• /certificates/hostname
• /listeners/*:8091

from the unit config, as it's extra overhead which is not needed (we use localhost plaintext) If you need ssl with your connection to unit, just enable it:

./directadmin set unit_port_ssl 8091
service directadmin restart

When updating DA, these fields will not be purged. Only after a full rewrite, eg:

echo "action=rewrite&value=nginx_unit" /usr/local/directadmin/data/task.queue

or:

/usr/local/directadmin/custombuild/build rewrite_confs

will the 2 values get dropped. Nothing internal to DA's code is connecting to the 8091 port, hence it's removal.

Cron: disable jail needs to clear jailshell fixed

When modifying a User, if the jail option is disabled when cron is still on, the value SHELL=/usr/bin/jailshell needed to be cleared from the crontab.

Custom dns_txt.conf with _dmarc causes double _dmarc after restore fixed

For anyone who are trying to automate setting up _dmarc records by default for new zones, during a restore, it will end up merging the backed up _dmarc with the templates/custom/dns_txt.conf _dmarc records.

Fixed: Prevent duplicate _dmarc records. Other record types not touched to prevent affecting the spf values which are controlled via checkbox restore options.

Subdomain-Alias with domain subdomain: missing CERT/KEY not reverting correctly fixed

If you have a domain, say domain.com and it has a subdomain, called sub.domain.com.

If you were to create a domain alias on domain.com called sub.domain.com when the httpd.conf writes, it will also try to add all subdomains, adding a VH with name sub.sub.domain.com

If that cert/value was not available, a bug in the code did not correctly revert to the server cert/key values.

Fix typo in rspamd template fixed

Typo in rspamd temlate prioity=1 changed to priority=1.