Version 1.663
Released: 2024-05-09
Automatic security.txt (RFC 9116) support new
A new internet standard (RFC 9116) defines a unified way for security researchers to contact website owners.
DirectAdmin now has an optional feature to automatically generate this file for user owned domains without having to manually create and maintain it.
Automatic security.txt file support can be enabled in User Package configuration (it is automatically applied for all users created with this package), or directly in User configuration if user packages are not used.
When enabled, the web-server is reconfigured to automatically handle requests to /.well-known/security.txt and respond with user account contact information. The main user email address from user configuration is used as contact point.
This feature is particularly important for users in then Netherlands as a special incentive programme is launched by SIDN to promote the use of this new internet standard.
To make it easy switching this feature ON for all user accounts and all packages there is a helper script. When executed, it will update all user packages and all user configurations to have this feature turned on.
File system usage information new
A new setting has been added to directadmin.conf which controls whether file system information is displayed within system info page (System Info & Files -> System Information) as well as its widgets.
This feature is enabled by default and can be turned on or off by making use of the fs_in_system_info option in directadmin.conf. For example, to turn it off run the following command in your server's terminal: da config-set --restart fs_in_system_info 0.
The System Information page displays all of the relevant information in a table as well as separate pie charts for each device. Example below:
Personal information and notification settings in profile page evolution new
Profile page has been expanded to allow configuration of display name, contact e-mail and limit notice.
Image below shows the portion of the page used for configuring display name and contact e-mail address:
Image below shows the portion of the page used for configuring limit notice:
Database user access hosts configuration improved
Logic for loading custom database user access host patterns from the configuration file is updated to have better defaults and to be easier to understand.
Custom user access host patterns are configurable in ./conf/mysql.conf file by adding lines:
access_host={ip_or_host_pattern}
access_host1={ip_or_host_pattern}
access_host2={ip_or_host_pattern}
access_host...
Key changes:
- Custom user access hosts will always be used if configured. Older versions only used configured list if remote DB server was used.
- Default access host list for local DB servers is just
localhost. - Default access host list for remote DB servers is just
%. Older versions tried to detect server IP address, but it was unreliable since server could have multiple IP addresses (especially on IPv6 enabled networks). - When custom access host list is configured defaults are not used, it means administrator need to take care to add
localhostto the custom list if DB server runs locally and access host list is customized.
Custom user access host list is used when creating new databases or database user accounts.
Hotlink Protection: improved logic improved
Previously, if a User were to delete all allowed URLs, DirectAdmin would automatically add a default set of Domains and Pointers so that the website would not break. This caused some confusing so this change will instead disable the Hotlink Protection feature if there are no URLs left after the User action. This also applies if a User is trying to enable the feature before there are any URLs, DirectAdmin will not allow it. They must add the allowed URLs first, else a message will be shown.
Software version changes custombuild improved
composerupdated from2.7.2to2.7.6nginxupdated from1.25.4to1.26.0MySQL 8.0updated from8.0.36to8.0.37imagemagickupdated from7.1.1-30to7.1.1-32modsecurity_owasp_rulesupdated from3.3.5to4.2.0
With the new major OWASP Modsecurity Core rule set the name of this component in versions.txt was changed from owasp3_rules to modsecurity_owasp_rules. New name describes the software component in a more precise way.
Note: If version of owasp3_rules was customized the custom version will not be used until name is updated in the customizations file as well.
Updated nginx templates with new http2 directive custombuild improved
Configuration templates nginx web server are updated to use new syntax for enabling HTTP2 support. New syntax is already supported by the two latest major nginx versions - stable nginx (1.26.x) and mainline (1.25.x soon to be superseded with 1.27.x).
New configuration style uses http2 on; directive on a separate line. Old style was to add http2 flag to the listen directive.
Old configuration example:
server {
listen 127.0.0.1:443 ssl http2;
listen [::1]:443 ssl http2;
New configuration example:
server {
listen 127.0.0.1:443 ssl;
listen [::1]:443 ssl;
http2 on;
The following templates are updated:
data/templates/nginx_ips.confdata/templates/nginx_server_redirect.confdata/templates/nginx_server_secure.confdata/templates/nginx_server_secure_sub.confcustombuild/configure/nginx/conf/nginx-vhosts.confcustombuild/configure/nginx_reverse/conf/nginx-vhosts.conf
New configuration style is also used in configuration files dynamically created by DirectAdmin service, for example /etc/nginx/directadmin-ips.conf.
Template token |SPACE_HTTP2| should not be used anymore. It will be set to an empty value for backwards compatibility.
Note: New configuration style is not supported by old nginx versions (1.24.x or older) and it will fail to start with new configuration templates. This can happen if nginx version is customized. Updating to one of the supported versions will fix the issue.
New table design for email forwarders page evolution improved
The email forwarders table (present in E-mail Manager -> Forwarders page) has been redesigned, similar to the one in the databases page.
Image below shows what the new table looks like:
Forwarders create and modify pages evolution improved
Email forwarder creation and modification dialog windows have been moved out to separate pages.
The creation page is accessible by going to E-mail Manager -> Forwarders and then clicking Create E-mail Forwarder button. On the other hand, the modification page is accessible by going to that same E-mail Manager -> Forwarders page and clicking Modify present within any of the forwarder table rows.
Per user resource limit hits page and its redesign evolution improved
The resource limit hits page has seen a few big changes:
- Resource limit hits dialog (accessible by navigating to System Info & Files -> Resource Limits, clicking Limit Hits next to the Show input label) has been moved out as a separate page.
- Table has been visually redesigned and clicking Details now expands the table row to display information about that specific event. Where as before users had to click an arrow icon to navigate back and forth and in doing so were obscured from previously shown information. With this change, all of the related event details are accessible with a single click.
- Time period input has been changed to the same type of input as present in the index page (System Info & Files -> Resource Limits -> Limit Hits tab, Newer Than input field). Subsequently, after opening the per user limit hits page the Newer Than input is picked up where user left off in the index page (has the same starting period already set).
Image below shows what the per user resource limit hits page looks like:
Cron job edit page evolution improved
Cron job edit dialog (accessed by going to Advanced Features -> Cron Jobs -> clicking the edit icon) has been moved out as a separate page. It's been made to look and feel similar to the cron job creation page.
Skip database size computation evolution improved
In this release, we've introduced a new option that allows you to skip calculating the size of your databases. When this option is enabled, the system will no longer compute the size of databases when listing them. This can help save server resources and reduce the time it takes to display your list of databases.
You can find this new option in two places: on the Skin Options page (or sidebar) and under the databases table on the Database Management page.
ModSecurity log evolution improved
ModSecurity log table were redesigned to make it easier to check affected rules and perform actions. 
New Install WordPress page evolution improved
In this update, we've revamped the Create WordPress Installation page to incorporate a new quick WordPress installation mode. This process lets users install WordPress by simply entering the instance title and directory, while the server takes care of the rest.
Additionally, we've introduced an Advanced Mode. When toggled, this mode expands the WordPress installation form to reveal extra input fields, giving users more control over their WordPress installation.
In the screenshot below you can see the quick WordPress installation form
Here is how the form looks when Advanced Mode is toggle on
When Use Existing database option is selected
DNSSEC url and other changes evolution improved
The DNS security pages (Account Manager -> DNS Management -> DNSSEC as well as its admin/reseller level counterparts) have seen a couple minor changes:
- Admin and reseller level pages can no longer be accessed directly via url without providing a domain. Previously admin/reseller user's default domain data was loaded after accessing the page.
- Admin and reseller level pages no longer appear in search results
Also fixed a few minor issues where data or url didn't change correctly when navigating global search results or switching between domains.
Live API documentation text contrast in dark mode evolution fixed
Fixed issue where using dark mode, large portions of api documentation (Support & help -> Live API documentation) were barely readable because the text blended into the background.
Buffer overflow reading logs fixed
Using log viewer (/CMD_LOG_VIEWER command) on log files that are being actively updated could lead to unexpected buffer overflow and failure to get log contents.
Issue is fixed in this release.
Nginx unit configuration in backups fixed
User account backup used to only include nginx unit configuration if domain data (website files from user home directory) is also included in the backup. Starting this release nginx unit configuration will be always included in the backup.
LiteSpeed & Unit: Use ProxyPass instead of RewriteRule fixed
It was found that the RewriteRule in LiteSpeed was not passing the Host header, thus Unit was not able to pass the request to the correct route. Testing of various LiteSpeed versions confirmed that the ProxyPass is required to properly have LiteSpeed pass the Host header to Unit.
Modifying a Reseller cleared their own additional User IPs fixed
If you've assigned some Reseller 'fred' some additional IPs at fred's User Level, when modifying Reseller fred's Reseller data (eg: fred's Reseller bandwidth, for example), fred's user_ip.list would only result in having the IP from fred's user.conf[ip].
Non-system skins removed in CMD_SKINS removed
CMD_SKINS will no longer show non-system skins.
It's no longer possible for resellers to upload or remove skins. Any skin uploaded by admin will always be accessible to everyone.
Removed support for demodocsroot configuration option removed
Configuration option demodocsroot is removed from directadmin.conf. demodocsroot was used for demo accounts, which were removed in 1.652
Removed Upload/Delete skins action for resellers evolution removed
Due to backend support changes (it's no longer possible for resellers to upload or remove skins), corresponding actions were dropped from the UI. Upload dialog for admins would not have "Server-wide" checkbox anymore, as any uploaded skin considered server-wide.