Version 1.677

Released: 2025-05-??

Filemanager upload hook new improved

A new hook for filemanager upload is added file_manager_upload_pre.sh. This hook is a successor of now depreated file_manager_upload_post.sh hook.

It's a similar hook with a couple key differences:

  • New hook acts on a fully uploaded temporary file (not target file)
  • If the hook exits with non-zero status, the upload is cancelled and temporary file is removed by DirectAdmin (target file is left untouched)

Roundcube installer and customizations custombuild improved

The Roundcube installation script is updated. The changes make sure Roundcube installation is more reliable, upgrades are less likely to disrupt active Roundcube users, and customisation of Roundcube is simpler.

Key changes:

  • Running Roundcube installation again or upgrading Roundcube will no longer change DB credentials. Old versions used to generate new Roundcube DB credentials every time Roundcube was reinstalled.
  • Roundcube update (or reinstall) will try and keep the same cookie encryption key. A new key is generated when Roundcube is installed for the first time, and the same key is reused when Roundcube is upgraded. This change ensures any existing user sessions will not get disrupted after the Roundcube upgrade.
  • The default Roundcube configuration file can be customised in the same way as in previous versions, by creating the custom configuration file in ./custombuild/custom/roundcube/config.inc.php. However, the default configuration used by CustomBuild is now exposed in the file ./custombuild/configure/roundcube/config.inc.php. It makes it easier to know this file is customisable and also serves as a reference to what configuration would be used if there were no customisations.
  • The default Apache config for Roundcube is now stored in ./custombuild/configure/roundcube/.htaccess. Same as in earlier versions, it can be customised by creating the ./custombuild/custom/roundcube/.htaccess file.
  • Roundcube plugins, skins and extra dependencies can also be customised the same way as before, by creating ./custom/roundcube/{plugins,skins,vendor} directories. To make it easier to know these directories can be customised, the CustomBuild configuration directory now has ./configure/roundcube/{plugins,skins,vendor} directories with a README file explaining how customisation works.
  • The composer.json file in the Roundcube installation directory can no longer be customised. The install script is not using Composer, so customising this file had no practical effect.
  • The directory ./program can no longer be customised. This used to allow replacing critical Roundcube source files. This customisation is discontinued because it is very fragile and nearly impossible to support multiple Roundcube versions.
  • The file with Roundcube database credentials /var/www/html/roundcube/config/my.cnf is no longer created. This file is no longer needed by CustomBuild because all Roundcube database-related operations are performed by the Roundcube PHP code.
  • The post-install script to upgrade Roundcube is now executed as the webapps UNIX user instead of running it as root.
  • Roundcube install or reinstall is now fully reproducible. This means reinstalling the same Roundcube version will recreate the installation directory from scratch instead of extracting files over existing files.

Default Change: ACME certificates will renew 17 days before expiry

With recent discussion for lowering maximum certificate lifetimes (from 90, possibly to 47 days), likely going into effect in the near future, this change will allow for a more efficient use of time during the lifetime of the certificate, and will lower the load on the ACME provider's system to decrease renewal frequency. The previous default was letsencrypt_renew_before_expiry_days=30 but has been changed to letsencrypt_renew_before_expiry_days=17. This may change in the future, depending on how the final duration ends up by various certificate providers.

On CloudLinux 8 and CloudLinux 9 systems, the file /etc/yum.conf is a symlink to the /etc/dnf/dnf.conf file. As part of the mod_lsapi install procedure, CustomBuild used to replace the /etc/yum.conf symlink with a normal file.

This bug is fixed. Reinstalling mod_lsapi will instead modify the /etc/dnf/dnf.conf file, leaving the /etc/yum.conf as a symlink.

‼️ Removed ssl_port configuration option from directadmin.conf removed

The DirectAdmin service no longer supports running on multiple TCP ports (one for encrypted connections and one for unencrypted connections).

The option to enable an additional listening port is removed. The motivation for discontinuing two TCP port mode is the following:

  • If the system has a valid TLS certificate, then having an additional plain text port open is a security risk.
  • Any integration or software that needs to access DirectAdmin service needs to be aware of dual port mode. Most of the integrations fail to handle this correctly and only connect using the primary TCP port.
  • Thanks to the free certificate providers like Let's Encrypt and ZeroSSL, having a valid TLS certificate now costs nothing. It is easy to enable TLS mode using the UI.
  • DirectAdmin service will never fail to start in TLS mode, even if TLS certificates are missing or misconfigured. The main service will generate self-signed certificates on the fly if needed.

The systems that used to run in dual-port mode will be automatically reconfigured to only listen on the TLS port:

  • Servers that used to have port=X, ssl=0, ssl_port=Y configuration will be reconfigured to have port=Y, ssl=1.
  • Servers with tls_port=0 (disabled additional port) or ssl=1 (TLS already enabled on primary port) will not be reconfigured.

Note: Special care should be taken if HTTP proxy servers are used for proxying requests to the main DirectAdmin service. The proxy server might need to update the configuration to start using TLS instead of plain text connections.

Removed unified_ftp_password_file configuration option from directadmin.conf removed

The unified FTP password will no longer be configurable and will always be enabled. The NON-unified password mode is a legacy mode that used to work only with the ProFTPD service and blocked the multi-IP feature.

Last Updated: