What are directadmin.conf values and how to change them

The format of this document will be the name and default value.

If the value does not exist in the directadmin.conf, it will be the default internal value within DirectAdmin.

Adding a value to the directadmin.conf would override the internal default.

How to change the directadmin.conf value

Use the following steps:

/usr/local/directadmin/directadmin set variable value
service directadmin restart
1
2

Example:

/usr/local/directadmin/directadmin set letsencrypt 1
service directadmin restart
1
2

All directadmin.conf variables and values


abort_source_on_error

abort_source_on_error=1
1

To ensure failed restores actually return a non-zero code, if set to 1 (default) and if MariaDB is used the mysql binary command is used with '--abort_source_on_error'option. There are some cases where MariaDB restores are failing but still returning a success 0 code, which is not correct.


access_control_allow_origin

access_control_allow_origin=
1

Ability to add Access-Control-Allow-Origin HTTP header to DirectAdmin. Comma/whitespace separated entries are trimmed, example usage:

access_control_allow_origin=http://www.domain.com, https://www.otherdomain.com:8080
1

add_apache_comments

add_apache_comments=1
1

Ability to to disable adding comments to user httpd.conf files.


add_domain_to_domainips

add_domain_to_domainips=0
1

DirectAdmin can manage /etc/virtual/domainips and /etc/virtual/helo_data files for exim to use, to pick which IP should be used when sending email.

ValueComment
0DirectAdmin does not manage /etc/virtual/domainips and helo_data files, all domains are sending mails from server IP
1DirectAdmin sets user owned IP in files, domains on dedicated IP will use own IP as outgoing. If multiple owned IPs assigned to a domain, the first value added will have priority, when in question
2DirectAdmin use RDNS to form helo_data file for given IP, the /etc/virtual/domainips is unaffected

To disable the feature set add_domain_to_domainips to 0 and delete /etc/virtual/domainips /etc/virtual/helo_data files.

Related: How to manage domain IPS file


addip

addip=/usr/local/directadmin/scripts/addip
1

Scripts called by DA to add IPs to/from the nework device.

*Related: removeip *


add_non_readable_files_to_strict_backup

add_non_readable_files_to_strict_backup=1
1

If any file is non readable by user (chmod 0) the permissions for it will be set to 600 (directories to 700) during the backup creation time as the backup needs this as a minimum to read the file as a non-root backup. The restore will not reset these files/folders to chmod 0, they'll be left as 600 (700 for dirs).

The new data location for those files will be backup/domains/non_readable_files/.

Since this feature copies files to a 2nd location before backup, significant amounts of disk usage will be used if the files being backed up (eg: apache owned files) are not readable by the User.

The related backup_apache_files_list=1 will use the same tree parsing.

Related: backup_apache_files_list | strict_backup_permissions


add_userdb_quota

add_userdb_quota=1
1

To control adding quota value next to virtual user line in /etc/virtual/domain.com/passwd like this:

fred:$1$SdbJQZ6r$R5FmKrayU3FvPksLTd.7X0:501:12::/home/username/imap/domain.com/fred/bin/false:userdb_quota_rule=*:bytes=50M
1

Starting from version 1.59.5, the command used is as follows:

doveadm -f flow quota get -u 'email@domain.com'
1

Where the Type=STORAGE Value= (returns in in KB) is used for the internal ~/imap total.

Note: the doveadm return value only returns the size of data used, not actual disk space used. One block is always used, regardless of how small the file is, so the "Apparent Size" field will not be shown in the account hover-over usage. Also the indexes do take up space, but are not included in the actual message quota.


admindir

admindir=./data/admin
1

Path for admin data related to the serverpath. You're not likely going to want to change this.

Related: serverpath


admin_helper

admin_helper=admin.site-helper.com
1

The URL used for the help button in Admin panel.

Related: reseller_helper | user_helper


admin_ssl_check_retries

admin_ssl_check_retries=1
1

Tells DirectAdmin's check for the .ssl.next_retry file which is what the GUI would create during its requests.

Related: admin_ssl_install_to_missing | admin_ssl_replace_all_expired_invalid | admin_ssl_poll_frequency


admin_ssl_install_to_missing

admin_ssl_install_to_missing=0
1

Install certificates to hosts which do not have any.

Related: admin_ssl_check_retries | admin_ssl_replace_all_expired_invalid | admin_ssl_poll_frequency


admin_ssl_poll_frequency

admin_ssl_poll_frequency=5m:15m:30m:1h:12h:1d
1

A frequency to poll certificates for hosts:

less than 30minutes: every 5 minutes
30m-1h: every 15 minutes
1h-4hrs: every 30 minutes
4h-1day: hourly
2nd,3rd days: every 12 hours
4th day onward: once per day
1
2
3
4
5
6

Time units will all be case specific: s,m,h,d,w,M,y where m is minute, M is Month. No units will be treated as seconds, since that's how they're intended to end up anyway. Note that there are no spaces after the numbers before the units (1 d will end up being one second).

When a trigger is done, it must save that NEXT window to the next_trigger file.

Related: admin_ssl_check_retries | admin_ssl_replace_all_expired_invalid | admin_ssl_install_to_missing


admin_ssl_replace_all_expired_invalid

admin_ssl_replace_all_expired_invalid=0
1

DirectAdmin can automatically fix the old/existing/expired/invalid certificates.

ValueComment
0Disabled
1Any fully expired/invalid LetsEncrypt certificate will automatically be brought back to life following the polling schedule
2Any fully expired/invalid certificates will automatically be brought back to life, following the polling schedule. This includes non-LetsEncrypt (Eg: EV) certs, so be careful if you use this option.

Does not poll for empty certs.

Related: admin_ssl_check_retries | admin_ssl_poll_frequency | admin_ssl_poll_frequency


ajax

ajax=1
1

Enable ajax functions in DirectAdmin panel.


ajax_cache_max_time

ajax_cache_max_time=1800
1

Maximum time for ajax cache.


ajax_list_max

ajax_list_max=20
1

Maximum ajax list size.


ajax_search_max_time

ajax_search_max_time=2.000000
1

The maximum ajax search time.


allow_admin_login_as_to_reseller_skin

allow_admin_login_as_to_reseller_skin=1
1

Option to gives a notice, but allows the login using the Reseller skin in /home/reseller/skins/skinname. If you want to only ever login-as with global skin - set value to 0. The notice could be fully disabled setting variable to 2.

ValueComment
0Always use global skin with 'login as'
1Ability to user reseller skin with 'login as' but give a warning
2Ability to user reseller skin with 'login as' without a warning

Related: Master access while login-as as User


allow_backup_encryption

allow_backup_encryption=0
1

Ability to password encrypt backups from all levels. To enable, change allow_backup_encryption to 1. This feature was implemented for backup storage to be GDPR compliant. The following files are used to encrypt/decrypt the data:

/usr/local/directadmin/scripts/encrypt_file.sh

/usr/local/directadmin/scripts/decrypt_file.sh

To customize them, use the standard DirectAdmin customization procedure, e.g., create the /usr/local/directadmin/scripts/custom/ directory, copy files into it, and modify the file there. DirectAdmin will detect the custom script and use it instead.


allow_backup_exclude_path

allow_backup_exclude_path=1
1

Allow users to control exclude list by creating a file /home/username/.backup_exclude_paths with paths to be skipped by backup task. The format of the file must be relative to /home/user and should not include a /home/user prefix, example:

domains/domain.com/awstats
presentation/video
1
2

This will add '--exclude-from=/home/username/.backup_exclude_paths' just after the '-C /home/username' option in the creation of BOTH the home.tar.gz and the user's backup .tar.gz (the option uses tar exclude-file option).


allow_backup_exit_code_one

allow_backup_exit_code_one=1
1

The option which controls a backup error depending on exit status after backup script finishes. Default is 1, which means 1 (and 256) is accepted an will not throw an error. If you change it to 0, then then the exit code 1 (and 256) are no longer ok, and DA will throw an error.

Example: When compressing a tar.gz file if a source file changes or goes missing during that creation, tar can throw either code 1 or 256.


allow_db_underscore

allow_db_underscore=0
1

Option to allow underscore character in MySQL databases and db users. Set to 1 if you want to allow for example username_database_my names.


allow_dns_underscore

allow_dns_underscore=1
1

Allow using underscore "_" character in NS records for domains.


allow_domain_special_characters

allow_domain_special_characters=1
1

Allow adding domains with special characters. Set to 0 to block special characters in domain names. Some versions of named do not like them.

Related: convert_to_punycode


allow_foreign_key

allow_foreign_key=0
1

By default, the session key login system is only permitted for 127.0.0.1 . Change to 1 to allow non-local IP addresses to login using the session key system.


allow_forwarder_pipe

allow_forwarder_pipe=1
1

Allow processing email through email pipes (usually used as mail forwarder to script).


allow_incoming_email_on_suspend

allow_incoming_email_on_suspend=0
1

Change to 1 to allow suspended domains to still receive emails. The pop/imap/smtp authentication will still be disabled.

If you turn this feature on, make sure that no accounts or domains are currently suspended, or they'll be stuck in limbo using the other suspension method.

Note: If the backup box has this option enabled, ensure that this option is also enabled on the box being restored to. Else, suspended email accounts won't be unsuspended on the new box when the User account is unsuspended.


allow_numeric_username

allow_numeric_username=0
1

Change to 1 to override checks to allow a username that starts with a number. Not recommended for most Operating Systems.


allow_subdomain_docroot_override

allow_subdomain_docroot_override=1
1

Allows overwriting subdomains document root with a /usr/local/directadmin/data/users/USERNAME/domains/DOMAIN.COM.subdomains.docroot.override file.

The file might show this for sub.DOMAIN.COM: sub=public_html=/domains/DOMAIN.COM/public_html&private_html=/domains/DOMAIN.COM/private_html&php1_selection=1

where sub is the index on the left, matching up with the subdomain in question, php1_selection is php version selected for subdomain.

While writing the VirtualHost for a subdomain, if the file exists, "sub" exists, and the given public_html or private_html variable exists for that VH, DA will use the listed path as an override relative to the User's home directory.


allow_ttl_override

allow_ttl_override=1
1

Lets the Admin or User set a TTL value other than the default from the control panel interface.


allow_upper_case_username

allow_upper_case_username=0
1

Change to 1 to allow a username that has uppercase letters. Not recommended.


allow_user_exec

allow_user_exec=0
1

To give your Users the ability to use the API to run scripts (potentially dangerous, so use at your own risk).

  • API command: CMD_API_EXEC
  • method: POST
command=/path/to/program
options=your --list=of "options"
1
2

Command must be a simple filename. Don't include options in the command, just the command filename, that's it. The options will be placed after the command. Command must be the full path from top level /. No local commands allowed.

2>&1

will be added to the end of the command to catch the stderr output to stdin.

Output from DA on a successful run will look like this:

error=0&exit=12345&result=outputtext
1

If error=1, then there was a problem and the error message will be set in "text".

exit=1234 is the result number of the exec function. It's controlled by the return value of your script.

result=outputtext is the usual url encoded text that your script produces.

Note that there is a timeout (set in the Admin Settings). DA will kill the program with SIGTERM if it runs out of time.

Also, do not run any script/programs that require stdin unless you pipe it from a file with <.


always_load_all_script_env_vars

always_load_all_script_env_vars=0
1

This determines whether DA loads in the environmental variables from all_pre.sh and all_post.sh scripts for the session.


ambiguous_characters_in_random_passwords

ambiguous_characters_in_random_passwords=1
1

Enables including characters that could looks like other characters, they are: oO0Ii1lL|

Related: special_characters_in_random_passwords


apacheca

apacheca=/etc/httpd/conf/ssl.crt/server.ca
1

Path to the Apache/Nginx Certificate Authority file. For nginx, the default will be: /etc/nginx/ssl.crt/server.ca

Related: SSL Certificate Locations


apachecert

apachecert=/etc/httpd/conf/ssl.crt/server.crt
1

Path to the Apache/Nginx Certificate file. For Nginx, the default will be: /etc/nginx/ssl.crt/server.crt

Related: SSL Certificate Locations


apacheconf

apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
1

Location of the main httpd.conf where DA will add the User httpd.conf "Include" lines. For Nginx, the default will be: /etc/nginx/directadmin-vhosts.conf


apacheips

apacheips=/etc/httpd/conf/ips.conf
1

Location of the ips.conf used by DA for adding baseline Apache VirtualHosts for shared IPs. For Nginx, the default will be: /etc/nginx/directadmin-ips.conf


apachekey

apachekey=/etc/httpd/conf/ssl.key/server.key
1

Path to apache/nginx Certificate Key file. For Nginx, the default will be: /etc/nginx/ssl.key/server.key

Related: SSL Certificate Locations


apachelogdir

apachelogdir=/var/log/httpd/domains
1

Location where the domains' error, access, and bytes logs are stored. For Nginx, the default will be: /var/log/nginx/domains


apachemimetypes

apachemimetypes=/etc/mime.types
1

Mime.types file used to look up file extension types to include in HTTP header replies.


apache_pid

apache_pid=/var/run/httpd.pid
1

Location of the Apache pid file. Used to send a HUP right after rotation of the Apache logs in order to reopen them.


apache_public_html

apache_public_html=0
1

If set to 1, sets the public_html to chmod 750, chown to username:apache. This is a primitive version of the secure_access_group and is considered outdated.


apache_ver

apache_ver=2.0
1

Specifies the Apache version used for httpd.conf writing. The only 2 valid values are 1.3 and 2.0. If you're using Apache 2.2, you'd still use 2.0.


awstats

awstats=1
1

Set to 1 to enable Awstats for DirectAdmin.

Related: How to enable awstats


background_delete_if_num_db_users

background_delete_if_num_db_users=500
1

If the total number of MySQL Users being removed during DA User removal is greater than 500, all Users being deleted will be done in the background.
Related: background_delete_sizeopen in new window


background_delete_size

background_delete_size=10240
1

If account size is larger than this value (in megabytes) then DirectAdmin will push Account deletion to the background.
Related: background_delete_if_num_db_usersopen in new window


backup_apache_files_list

backup_apache_files_list=1
1

Option which controls if DirectAdmin will do a backup of apache owned files. It creates a list of apache owned files, and reset them as such after a backup is restored. Excessive checks for symbolic and hard links, and other trickery. This setting also applies to the restores.

Related: add_non_readable_files_to_strict_backup | strict_backup_permissions


backup_ftp_md5

backup_ftp_md5=0
1

Set to 1 to have backup job upload two files - backup itself and user.admin.fred.tar.gz.md5 containing the md5sum of the backup file. Used to verify the integrity of the backup on remove server to ensure backup was transfered correctly.

The restore does not currently download or check this file, but if you get an error message during the restore, you'll then be able to manually check the remote file to confirm it's intact, and try again if it is.


backup_ftp_pre_test

backup_ftp_pre_test=1
1

The backup job will test the listing of the FTP information before the ftp backups are created. It relies 100% on the exit value of the script(s):

/usr/local/directadmin/scripts/ftp_list.php

/usr/local/directadmin/scripts/custom/ftp_list.php

Set value to 0 to disable pre-test.


backup_gzip

backup_gzip=1
1

Option which controls what file type a backup archive will be (i.e., what type of compression will be used).

ValueComment
0.tar file will be created as a backup
1.tar.gz file will be created as a backup
2.zstd file will be created as a backup

backup_hard_link_check=1
1

Before all account backups are created by DA, a check will be done on the User's backup path. For any hard link found, DA will notify all Admins on the box, even if the backup is being created by the end-User. As well, the creation of that backup file will be aborted.

This reason this check is relevant is for when Users create a hard link to sensitive files on disk, like /etc/shadow.

If you find that this check increases the load of your system too much when backups are created, and you feel that your system will not be affected by hard-links (you trust all of your Users), then this check can be disabled (set to 0).


backup_nice

backup_nice=19
1

Default nice value for User backups.


backup_tmpdir

backup_tmpdir=/home/tmp
1

Location for backup data assembly.


backup_tmp_path_has_pid

backup_tmp_path_has_pid=1
1

Include a backup job PID in directory name next to username during backup assembly, e.g. /home/tmp/admin.1234/username


bind_address

bind_address=
1

A bind address to have DirectAdmin daemon to listen on (to listen on one IP address only).

Note it only listens on the IP you specify and this doesn't include 127.0.0.1 if you specify a public IP.


block_cracking_unblock

block_cracking_unblock=1
1

Setting that controls the ability to remove blocks against previously blocked mail accounts due to suspicious actions.

ValueComment
0Unblocking disabled
1Standard password change will unblock the account
2Password change will unblock the account, or automatic unblock after given amount of time which is set in block_cracking_unblock_minutes

Related: BlockCracking notices and unblocking


block_cracking_unblock_minutes

block_cracking_unblock_minutes=120
1

Number of minutes when automatic unblock will resume account if block_cracking_unblock is set to 2.

Related: BlockCracking notices and unblocking


block_cracking_variables_conf

block_cracking_variables_conf=/etc/exim.blockcracking/variables.conf
1

A path to config file for BlockCracking variables.

Related: Spamblocker install and extra modules.


block_ip_after_failed_security_questions

block_ip_after_failed_security_questions=0
1

Option to control if visitor IP address should be blocked after max_security_question_attempts reached on answering security questions.

ValueComment
0Blocking IP disabled
1Block IP and send a warning to user
2Block IP and do not send a warning to user

Related: Two-Step Authentication in details


block_ip_after_failed_twostep_auth

block_ip_after_failed_twostep_auth=0
1

Block IP address after failed two step authentication.

Related: Two-Step Authentication in details


block_token_chars

block_token_chars=$[]<>:#
1

Defines values that are not permitted to be passed between pages via GET for the tokens. There is a newline character in there as well, in the internal values. Can't add newline if you override it due to config file limitations.


brutecount

brutecount=20
1

Number of login attempts to DirectAdmin panel after which IP address will be blacklisted by BFM (Brute Force Monitor).

Related: Enabling and Configuring BFM


brute_dos_count

brute_dos_count=100
1

Number of attempts on loading DirectAdmin login page after which IP address will be blacklisted by BFM (Brute Force Monitor).

Related: Enabling and Configuring BFM


bruteforce

bruteforce=1
1

Global enable/disable switch for a Brute Force Monitor service.

Related: Enabling and Configuring BFM


brute_force_apache_log_list_update_interval

brute_force_apache_log_list_update_interval=10
1

Number of minutes between the refresh of apache log list, used if brute_force_scan_apache_logs set to 2. Missing logs are always removed from the list, but new logs won't start scanning for this amount of time.

Related: Enabling and Configuring BFM


brute_force_exim_log

brute_force_exim_log=/var/log/exim/mainlog
1

A path to exim mainlog file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_exim_panic_log

brute_force_exim_panic_log=/var/log/exim/paniclog
1

A path to exim paniclog file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_exim_reject_log

brute_force_exim_reject_log=/var/log/exim/rejectlog
1

A path to exim rejectlog file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_ignore_attempts_on_suspended

brute_force_ignore_attempts_on_suspended=1
1

To ignore all attempts on suspended accounts by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_log_scanner

brute_force_log_scanner=1
1

Turns ON ability to have DirectAdmin scan service logs for any brute force login attempts on a server (dovecot, exim, proftpd, sshd).

Related: Enabling and Configuring BFM


brute_force_mail_log

brute_force_mail_log=/var/log/maillog
1

A path to main dovecot log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_messages_log

brute_force_messages_log=/var/log/messages
1

A path to main system messages log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_mysql_log

brute_force_mysql_log=/var/lib/mysql/web1.example.com.err
1

A path to main mysql log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_notifications_email_only

brute_force_notifications_email_only=0
1

Ability to send email notifications only without flooding a DirectAdmin panel message system. The email will contain the details of the attack, with a link to server/BFM panel to react quickly.

ValueComment
0BFM will create a notification in DA Message System
1BFM will not create a ticket in DA Message System, but will only send an email notification to admin

Related: Enabling and Configuring BFM


brute_force_pma_log

brute_force_pma_log=/var/www/html/phpMyAdmin/log/auth.log
1

A path to PHPMyAdmin authentication log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_pureftpd_log

brute_force_pureftpd_log=/var/log/pureftpd.log
1

A path to pureftpd log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_roundcube_log

brute_force_roundcube_log=/var/www/html/roundcube/logs/errors
1

A path to RoundCube log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_scan_apache_logs

brute_force_scan_apache_logs=2
1

A Brute Force Monitor can scan apache domain logs for WordPress wp-login.php attacks.

ValueComment
0Disable scanning of apache logs by BFM
1Scan apache logs but only those specified in /usr/local/directadmin/data/admin/brute.conf file, the string should end with "equals" sign. Example adding procedure: echo "/var/log/httpd/domains/domain.com.log=" >> /usr/local/directadmin/data/admin/brute.conf
2DirectAdmin itself will create a list of all logs to form the /usr/local/directadmin/data/admin/brute.conf.

Related: Enabling and Configuring BFM


brute_force_secure_log

brute_force_secure_log=/var/log/secure
1

A path to OS secure log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_squirrelmail_log

brute_force_squirrelmail_log=/var/www/html/squirrelmail/data/squirrelmail_access_log
1

A path to SquirrelMail log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM


brute_force_time_limit

brute_force_time_limit=1200
1

The time window for which the attempts (either failed logins or unauthorized connections) must pass with no activity before the count is reset.

Related: Enabling and Configuring BFM


cacert

cacert=
1

The path to certificate file to be used for DirectAdmin panel secure connection

Related: Setting up DA port 222 with a commercial SSL certificate


cache_time

cache_time=28800
1

A default cache time for static files ( images, css files, js) in DirectAdmin panel. The panel supports Etags, so the browser can ask DA if any file has changed, and DA will respond accordingly if it has or has not.


cakey

cakey=
1

The path to a key file to be used for DirectAdmin panel secure connection

Related: Setting up DA port 222 with a commercial SSL certificate


carootcert

carootcert=/usr/local/directadmin/conf/carootcert.pem
1

The path to caroot file which is for the ca root certificate used to prevent the SSL pop-up on a purchased SSL certificates. The (null) value operates in the way way the ssl_cipher does, so do not add this variable unless you are going to use it.

Related: Setting up DA port 222 with a commercial SSL certificate


cb_version_check_odds_percent

cb_version_check_odds_percent=10
1

The chance as a percentage that any login will trigger the check of /usr/local/directadmin/custombuild/versions.txt file for possible package updates. It's important to keep your server up to date.

If you change this check to 0, then the check will never run for either the post-login trigger nor the reset.


certificate_common_name_with_www

certificate_common_name_with_www=0
1

The ability to control default domain used (domain.com or www.domain.com) in the certificate CommonName. If you change value to 1, the www subdomain will be used like so: CN = www.domain.com.


check_group_on_user_create

check_group_on_user_create=1
1

Check if system group does not exist before creating a user.


check_home_path_on_user_create

check_home_path_on_user_create=1
1

A check to see if the User's home path /home/username already exists before creating a user. Can be disabled changing to 0 , would be useful should you need to setup some things in the folder prior to creating the account.


check_load

check_load=10
1

The threshold value after which the 'system load average' notification will be sent to admins.

Related: load_spike_notice


check_load_minute

check_load_minute=5
1

The value of system load average which is checked for 'system load average' notification to be sent. Valid options are 1, 5 or 15 (same as OS load average values means). With above settings if the 5 minute load average is higher than 10 (check_load) - DirectAdmin will sent a warning.

Related: load_spike_notice


check_partitions

check_partitions=2
1

How often to check the partitions for high usage. Partitions are: / , /var , /home , /usr . /tmp . Actual list is set with /usr/local/directadmin/data/templates/partition_check.list file which can be copied to custom and modified as needed.

ValueComment
0Never check
1Every minute
2Every day

Related: partition_usage_threshold


check_plugin_update_interval

check_plugin_update_interval=1440
1

check_referer

check_referer=1
1

A check for a referer of http header passed to DA for all requests. The value in the Referer must match the Host value that was passed during the initial login. The host value will be stored in the session file.


check_referer_port

check_referer_port=1
1

If a port is passed in the Referer, the port will be checked and must match DA's currently running port.

When disabled, DirectAdmin will not check to ensure the ports match during a request. The main use for this would be during a proxy request, where the ports may not match, but you still want other referer checks, like the host, to be done.

Note, if you use: check_referer=0

then DA will automatically set: check_referer_port=0

just to avoid any confusion that may cause one to think the port check is still being done with check_referer=0, which won't be true. If check_referer=0 is set, then no referer checks are done at all, regardless of the check_referer_port setting.


check_subdomain_owner

check_subdomain_owner=1
1

Option to prevent a User from** creating a subdomain of a domain belonging to some other user**. This will also check any number of sub.sub.sub.sub.domain.com lengths, and covers domains with any number of extensions, eg sub.domain.co.uk.

Can be overridden over user.conf of a given user account.


check_subdomain_owner_in_cluster_domainowners

check_subdomain_owner_in_cluster_domainowners=0
1

Option to prevent a User from** creating a subdomain of a domain belonging to some other user** in a Multi Server Setup.

ValueComment
0Disable checking if domain exists in Multi Server Setup
1Enable checking if domain exists in Multi Server Setup
2Enable checking if domain exists in Multi Server Setup and uses strict mode - connected DA servers MUST provide the hostname in the request (recommended option)

check_task_queue

check_task_queue=2048
1

A size in bytes of /usr/local/directadmin/task.queue file after which a warning to admins will be generated about possible task queue processing issues. The DirectAdmin does check for file age also, must be older than 5 minutes + defined size. Change to 0 to disable the check.


clean_forwarders_on_email_delete

clean_forwarders_on_email_delete=1
1

Ability to clear forwarder values when deleting emails.


clear_blacklist_ip_time

clear_blacklist_ip_time=86400
1

Number of minutes after which the blacklisted IP address will be removed automatically.


clear_brute_log_entry_time

clear_brute_log_entry_time=4
1

A number of days how long to keep brute-force incidents (in /usr/local/directadmin/data/admin/brute_log_entries.list file).


clear_brute_log_time

clear_brute_log_time=48
1

Number of hours the failed login attempts to be checked within. If ip_brutecount is set to 100 then an IP can have 100 failed attempts within 48 hours before all Admins are notified. If the IP has 99 failed attempts, waits 24 hours, then makes 99 more attempts, no notifications will be sent.


cloud_cache

cloud_cache=0
1

File used by CloudLinux for quick access to uid numbers and package names. Same update times as for the show_all_users.cache. If set to 1 then /usr/local/directadmin/data/admin/cloud.cache is used.


cluster

cluster=0
1

A global switch for Multi Server Setup.


cluster_user_sync

cluster_user_sync=0
1

An ability to sync user accounts across multiple DirectAdmin servers.


commands_force_deny

commands_force_deny=CMD_LOGIN_KEYS:CMD_API_LOGIN_KEYS
1

A set of commands that will override the command being in the commands.allow file.


compress_rotated_logs

compress_rotated_logs=1
1

Option to to rotate compressed apache logs. If set to 1 (default) the files will be /home/user/domains/domain.com/logs/Aug-2019.tar.gz, if changed to 0 they will be logs/Aug-2019.log and logs/Aug-2019.error.log.

*Related: logs_to_keep *


convert_to_punycode

convert_to_punycode=0
1

Recognize IDN domains, and add required values to handle them. Evolution skin does the conversion automatically, so, it does not need this option.

Note, your skin must be using UTF-8, else you'll run into issues. By default, the Enhanced skin does NOT use UTF-8.

The Evolution skin doesn't need this feature, as it converts to punycode before passing any domain to DA.

Related: allow_domain_special_characters


count_email_usage

count_email_usage=0
1

Deprecated. Ability to override DA's manual email counting vs using system quotas (really only applies to mbox).


count_other_disk_usage

count_other_disk_usage=0
1

If you have data that should be counted in the total disk usage for a User, but does not fall under the standard usage areas (eg: data on a remote server), then you can use this option to create a hook, which lets you add extra bytes into the disk usage under "Other Usage". If you set count_other_disk_usage to 1, then directadmin will call /usr/local/directadmin/scripts/custom/other_disk_usage.sh script for data. The script must exit with code 0, if non-zero code is exited, the output is logged to the errortaskq.log.

The output on exit 0 must be URL encoded and for now, it will basically just be:

other_quota=12345
1

where 12345 bytes will be added to the user.usage file. The value must be a positive integer.


count_pop_usage

count_pop_usage=1
1

Ability to shut off email quota reporting on the email accounts page to speed up loading. If you have thousands of email accounts, this can cause slowness. Change to 0 to disable. Can be overridden via the user.conf on a per-User basis.


cpu_in_system_info

cpu_in_system_info=2
1

Ability to hide CPU information on the Server Info page.

ValueComment
0Hide CPU information completely
1Show a Thread Count only, without information about CPU itself
2Show full information

create_user_home_override

create_user_home_override=
1

A value to use for home directory during creating the user. This will override the useradd internal default and /etc/default/useradd HOME default. Applies to any OS.

You can now also specify a desired /home directory, settable in the skins, if you add something like:

home_override_list=/home:/home2:/home3
1

where all paths must exist before DA is restarted, else none will be set. Once set, the package will be able to have, eg:

create_user_home_override=/home2
1

allowing that account to be created into that path.

Note: Since there are no Admin packages, the directadmin.conf method is the only way to alter the admin home directory. (but you can post the desired create_user_home_override=/home2 with the creation, which would be accepted even though it's not in the form)

At this time, changing the create_user_home_override value in a package will not move a User to a different home directory. Same for editing a User's settings.. the user cannot be moved to a /home2 (for example) through DA.

Related: home_override_list | ext_quota_partitions


crypt_method

crypt_method=6
1

Ability to set the crypt type for passwords. Value 1 means DA will issue $1$ type for the MD5 crypt command. Value 6 means sha-512 mode, giving** $6$**.


custom_httpd_syntax_check

custom_httpd_syntax_check=1
1

Ability to disable Custom Httpd syntax checking. Useful on servers with OpenLiteSpeed with huge number of domains (>7000) where the syntax check is rather slow.


custom_mysql_conf

custom_mysql_conf=0
1

Ability to set per-user mysql.conf file. If you enabled it setting to 1 the database class in DA will then read in the user.conf for given user. To override the default you would add own mysql.conf into user.conf like:

mysql_conf=/usr/local/directadmin/conf/othermysql.conf
1

The path you set can be anything, but the read of the file only has "diradmin" access, so for simplicity, you might want to keep it in the same path, same permissions, like the mysql.conf. The othermysql.conf has 100% the same functionality as the mysql.conf, so you can specify different mysql.sock files, or different host or access_host values.

Also, because mysqldump and mysql restores make use of /usr/local/directadmin/conf/my.cnf any action that typically rebuilds that file, will now rebuild one for each User that has a customized mysql.conf, eg: /usr/local/directadmin/conf/my.cnf.username , so that there are no conflict with running backups at the same time using different values.


custom_stats_path

custom_stats_path=
1

A path to custom statistic engine. Null by default, if you set for example:

custom_stats_path=/some/path/%s/index.html
1

then DA will swap the href="value" with your custom_stats_path value on the CMD_USER_STATS page (webalizer and awstats table, left column). For example: custom_stats_path=/CMD_FILE_MANAGER/domains/%s/stats/index.html Would essentially do the exact same thing the normal webalizer link.

NOTE you must provide exactly one instance of %s else DA will fill the href with:

javascript:alert('check custom_stats_path setting');
1

so when clicked, Users will see a pop-up. If this option is set, it will override any webalizer/awstats setting, enabled or not.


da_gzip

da_gzip=1
1

Enable gzip compression for static files in DirectAdmin panel over port 2222.


damycnf

damycnf=/usr/local/directadmin/conf/my.cnf
1

Path used for the my.cnf file which is given to the mysqldump script to hide user/passwords from ps output.


database_extended_user_privileges

database_extended_user_privileges=1
1

Add all remaining mysql user privileges option.


da_website

da_website=http://www.directadmin.com/
1

An URL to DirectAdmin website, mostly used for templates, for example message_footer.txt.


db_grant_escape_db

db_grant_escape_db=1
1

The _ character is a wildcard in MySQL. However, we've found some instances (eg: DigitalOcean MySQL 8.0 droplet) where it does not respect this wildcard), causing access hosts not to match, thus blocking MySQL logins.

This option, defaultly enabled, continues to escape the DB name (e.g.,user\_db) during User grants:

db_grant_escape_db=1
1

For the special case, you may need to disable it, eg:

./directadmin set db_grant_escape_db 0
service directadmin restart
1
2

We do not recommend disabling this unless you're 100% sure the absence of this feature is causing the login issue.


debug_only_cmd

debug_only_cmd=0
1

If set to 1 the debug output will show CMD_* class only in the output.


debug_user_locking

debug_user_locking=0
1

default_email_notify_limit

default_email_notify_limit=1000
1

The default limit of sent emails after which DirectAdmin will send a notification to admin. Set to 0 to make unlimited.


default_mailing_list_max

default_mailing_list_max=100000
1

A default max majordomo list message size in bytes.


default_mysqldump_options

default_mysqldump_options=--single-transaction
1

Ability to pass additional command-line options to the mysqldump call, which is used to backup MySQL databases.


default_pop_quota

default_pop_quota=50
1

The default quota for mailboxes in megabytes.


default_private_html_link=1
1

Link private_html to public_html automatically during domain creation stage, so that http and https would use the same document root for the websites.


default_ttl

default_ttl=14400
1

Sets the default value used for zone TTL values. Changing this setting alters what all TTL values have for all records, zone TTL, etc. You can still override the TTL of a User domain, regardless of this setting.


delete_messages_days

delete_messages_days=0
1

The option that controls the number of days after which messages are removed from the data/tickets/0000*/* directory.


delete_tickets_days

delete_tickets_days=0
1

The option that controls the number of days after which tickets are removed from data/tickets/0000*/* directory.


delete_vacation_on_end

delete_vacation_on_end=0
1

Option not to delete vacation message after expiry.


demodocsroot

demodocsroot=./data/skins/enhanced
1

Skin used for the demo.


difficult_password_length_min

difficult_password_length_min=6
1

A minimum length of password to pass complexity check.


diradmin_envelope

diradmin_envelope=
1

Allows you to override the default "diradmin@host.name.com" in the Return-Path, and set something else, eg:

/usr/local/directadmin/directadmin set diradmin_envelope your@email.com
service directadmin restart
1
2

By default, this is disabled and relies on your hostname being setup/resolving correctly.


direct_crons

direct_crons=1
1

With this option enabled, DirectAdmin does not use /usr/local/directadmin/data/users/username/crontab.conf anymore for user cronjob configuration, and takes cronjobs directly from /usr/sbin/crontab -u username -l.


direct_imap_backup

direct_imap_backup=1
1

With this option enabled, the imap folder is included directly into the final tar.gz file. Greatly improves the speed of backups.


disable_ip_check

disable_ip_check=1
1

Option to disable the IP check in sessions. Due to IPv6 and IPv4 IPs commonly rotating for each request, causing confusing logouts, the default is set to 1.


disable_php_script_at_limit_minimum

disable_php_script_at_limit_minimum=100
1

The minimum number of emails that script must send to be chmod to 0. The minimum number is useful in the case where an account might have a limit of 1.. obviously, this wouldn't warrant the disabling of the script for sending 1 email.

So, for example script.php sends 900 emails, and the limit is 1000. The total number of emails leaving the account would have been 1000 (since the limit was triggered) but 900... aka 90% of the emails sent, were from the script.

  1. This passes the threshold of 80%.

  2. Also, 900 emails are more than 100 email, so it will also pass.

If parse_php_mail_log_at_limit=2 is set the script.php will be chmod to 0, and everyone notified. If any one is not true, the script will not be chmod to 0.

Related: parse_php_mail_log_at_limit


disable_php_script_at_limit_threshold

disable_php_script_at_limit_threshold=80
1

The percentage of total emails sent, of the hit limit, which must be exceeded by that script, in order to be chmod to 0.

Related: parse_php_mail_log_at_limit


disk_usage_suspend

disk_usage_suspend=0
1

Option to suspend based on disk usage.


dkim

dkim=1
1

Ability to enable DKIM for domains (requires manual changes).


dkim_selector

dkim_selector=x
1

The selector to be used for dkim records. This does not alter the dkim settings the /etc/exim.dkim.conf file so you would have to modify it after the change + lock with:

chattr +i /etc/exim.dkim.conf
1

dns_affect_pointers_default

dns_affect_pointers_default=1
1

If you have main User domain domain.com, and it has Domain Pointer domain.net below it, this feature would mean that any record added to domain.com through the API or GUI would be added to domain.net.

It does control a checkbox both at the top of the "Add Domain Records" table, as well as at the bottom of the "Delete Selected" table.

Setting dns_affect_pointers_default=0 will make the default checkboxes be unselected but still visible in GUI.


dns_add_spf_ipv6

dns_add_spf_ipv6=1
1

Adds server IPv6 to SPF records by default. Requires IPv6 to be enabled (ipv6=1 in the directadmin.conf). Set to 0 to disable.


dns_caa

dns_caa=1
1

Enables support for CAA dns records.


dns_ns

dns_ns=2
1

Option to control if NS records are shown in User or Admin panel. Changing to 0 will hide completely, changing to 1 will hide for User panel only.

ValueComment
0Hide NS records completely
1Show NS records only in admin panel only
2Show NS records in admin and user panel

dns_ptr

dns_ptr=2
1

Option to control if PTR records are shown in User or Admin panel. Changing to 0 will hide completely, changing to 1 will hide for User panel only.


dnssec

dnssec=0
1
ValueComment
0DNSSEC disabled
1Enable DNSSEC
2Enable DNSSEC (enable DS records) however do not sign the current domain

dnssec_add_subdomain_ds_to_parent

dnssec_add_subdomain_ds_to_parent=1
1

Sign subdomains with dnssec automatically.

1) If you're creating sub.domain.com has domain.com is already signed, sub.domain.com will be immediately keyed & signed.

2) If you've just signed the DNSSEC sub.domain.com zone, and domain.com exists on the server, if enabled DA will add the DS and NS records from sub.domain.com to domain.com


dnssec_add_subdomain_ds_to_remote_parent

dnssec_add_subdomain_ds_to_remote_parent=1
1

Add DNSSEC records to remote server if Multi Server Setup enabled and zone is not local.


dnssec_mss_use_signed_zone

dnssec_mss_use_signed_zone=1
1

To have DirectAdmin send the signed zone to the remote box if Multi Server Setup enabled.


dns_spf

dns_spf=0
1

Enables support for SPF dns records. Deprecated as SPF records themselves.


dns_tlsa

dns_tlsa=0
1

Enables support for TLSA dns records.


dns_ttl

dns_ttl=0
1

Enables per-record DNS TTL management.


docsroot

docsroot=./data/skins/enhanced
1

Path of the default skin to be used. Used for CMD_SKINS?reset=yes resets if your custom skin has gone bad.


domainips_default_ip

domainips_default_ip=
1

The default IP address that could be used as a sending IP for /etc/virtual/domainips.


dovecot

dovecot=1
1

If you have Dovecot, this will be set to 1.


dovecot_proxy

dovecot_proxy=0
1

Used to setup IMAP/POP3/SMTP proxy.

When this is enabled, anytime a value is changed on the master server, it will locally save a dovecot proxy line to the local /etc/virtual/domain.com/passwd file. With regards to the sync, this will push the info to the remote box, as before, but with dovecot_proxy=1 enabled remotely, it will also add the proxy into to the remote passwd file on the slave box, pointing to the master server's IP.

This has the effect, such that you can in theory have the remote slave box as mail.domain.com, with all emails arriving there with smtp. On that slave box, when exim tries to save the email with lmtp, it will be redirected back to the master server to be saved, so email is saved locally. Clients can connect to either the master or slave box to check their imap.

This task.queue option has been updated to rewrite the master data on the master box: echo "action=rewrite&value=email_passwd" >> /usr/local/directadmin/data/task.queue

or: echo "action=rewrite&value=email_passwd&user=fred" >> /usr/local/directadmin/data/task.queue

This means all of the hook scripts are used, so the remote box can still use email_create_pre.sh, or email_change_pass_pre.sh normally (and post scripts)

NOTE: the "passwd" field will be the crypted value, and not the plaintext password. If you rely on this, only the master will know the plaintext. But you'll know it's crypted because passwd_is_crypted=1 will be set in your .sh scripts.


dovecot_proxy_override

dovecot_proxy_override=
1

Ability to override the /etc/virtual/domain.com/passwd if dovecot_proxy is in use.


ecc_certificates

ecc_certificates=1
1

Ability to disable support of ECDSA (Elliptic Curve Digital Signature Algorithm) certificates.


email_ftp_password_change

email_ftp_password_change=1
1

Allow ability to change email and ftp passwords separately per /CMD_CHANGE_EMAIL_PASSWORD and /CMD_CHANGE_FTP_PASSWORD, respectively.


email_show_last_login

email_show_last_login=0
1

To save and show email last login.


email_show_last_password_change

email_show_last_password_change=1
1

To save and show last password change time. Where anytime an email password is changed, either through DirectAdmin GUI (CMD_EMAIL_POP, CMD_API_EMAIL_POP, CMD_CHANGE_EMAIL_PASSWORD, etc), the time and IP will be saved into: /etc/virtual/domain.com/last_password_change/user

in the format:

ip=1.2.3.4&when=1535140911
1

If the above setting is set to 1, then for Enhanced, the hover-over usage will include this information. If no password change has been made after this feature is present, no info will be shown.


emailspoolvirtual

emailspoolvirtual=/var/spool/virtual
1

Path to the email data for when mbox used (actual emails).


emailvirtual

emailvirtual=/etc/virtual
1

Path to the email data (virtual account names).


enable_ssl_sni

enable_ssl_sni=1
1

Enable SNI support for multiple certificates on a single IP address.


enable_threads

enable_threads=0
1

Enables** threads for Multi Server Setup**. As with any MSS feature where you have multiple remote servers setup (lets use 3 for example), doing 3 sequential requests will take 3 times as long as doing 3 parallel calls all at the same time. The enable_threads=1 directadmin.conf option creates currently works for options: User Check, User Accounts, with plans to add support for Zone Transfer/Domain Check for faster MSS syncs when more than one B slave exists on the MSS page of A.


enforce_difficult_passwords

enforce_difficult_passwords=0
1

If set to 1 all places that have users enter a new password will be enforced to use difficult password. The password checking script is /usr/local/directadmin/scripts/difficult_password.php , copy to custom/difficult_password.php if you want to modify it. Default enforcements are both upper and lower, must include numbers and be 6 or more characters long.


ensure_root_awstats_link=1
1

A workaround used on accounts restore to make sure internal links in awstats are working.


errorlog

errorlog=/var/log/directadmin/error.log
1

A path to **DirectAdmin error log **file


ethernet_dev

ethernet_dev=eth0
1

The network device name that holds the licensed IP. Other common values: eth1, eth0:0, venet0:0


exempt_local_block

exempt_local_block=1
1

If set to 1 will prevent 127.0.0.1 from being blacklisted.


exim_paniclog

exim_paniclog=0
1

To let DirectAdmin check the exim/paniclog file . Disabled by default. If you set it to real location like:

exim_paniclog=/var/log/exim/paniclog
1

Then DirectAdmin will check the file every minute and if the file exists and has a size greater than 0, then a notice will be sent to all Admins in the message system.

DA will note the time of this send in the file /usr/local/directadmin/data/admin/admin.conf with setting and timestamp, eg:

exim_paniclog_last_sent=1513064965
1

So the next minute, when DA sees that the paniclog is still greater than 0, the send won't occur again until 24 hours has passed. If the size is still more than 0 bytes, it will send again. The nightly full tally will check the admin.conf and if the exim_paniclog_last_sent value is not set to 0, it will reset it to 0.


ext_quota_partitions

ext_quota_partitions=
1

If you have another partition you want DA to count, specify that partition here.

Related: create_user_home_override | home_override_list

How to enable quota checking on a 2nd /home partition


extra_backup_option

extra_backup_option=
1

Set if you want to insert extra commands for tar to use when creating user backups.


extract_list_max_files

extract_list_max_files=5000
1

The maximum number of files to be looked for within a compressed file by DirectAdmin.
DA basically just looks for the 5000'th newline character and nulls it with a comma (,), ending the string. If this is hit, this string is added to the end of the listing:

Maximum number of files listed (5000).  Suppressing further output.
1

This should prevent hangups if a very large zip/tar.gz is being extracted.


extra_mysqldump_options

extra_mysqldump_options=
1

Ability to override mysqldump options on backup time.


extra_mysql_restore_options

extra_mysql_restore_options=
1

Ability to override MySQL options on restore time (for example character-set).


extra_spf_value

extra_spf_value=
1

Value to be added for SPF value for new domains. Valid example to use, just a single IP:

extra_spf_value= ip6:1080::8:800:200C:417A
1

** Note the space after the = character **. This is required, else the text you insert here will end up being appended to the server IP. DA isn't adding a space for you to allow for the use of the token in other creative manners, like netmasks, or like if-then-else statements on it or other template/tokenizer things.


extra_unzip_option

extra_unzip_option=
1

The usual way DA unzips a file is unzip -qo file.zip', so the extra_unzip_option value is inserted after the -qo flag.
This could be useful to unzip names in special characters like so:

path/blaåŒÅtest.jpg: mismatching "local" filename (path/bla├åœâ”¼å°test.jpg), continuing with "central" filename version
1

So set value to -O cp396 :

extra_unzip_option=-O cp396
1

favicon_ico

favicon_ico=favicon.ico
1

A file to be used as favicon.ico. Taken relatively to the docsroot directadmin.conf variable + /images/. Usually, /usr/local/directadmin/data/skins/evolution/images/favicon.ico. If any request is made to DA for 1.2.3.4:2222/favicon.ico DA will send them the file at |DOCSROOT|/images/favicon.ico.


filemanager_disable_features

filemanager_disable_features=0
1

Ability to shut off certain features of the File Manager. Configured over own bits. For any feature you wish to disable, simply add that bit to the decimal number.

Defines are as follows:

#define FM_F_PROTECTABLE 1
#define FM_F_RENAME 2
#define FM_F_COPY 4
#define FM_F_RESET_OWNER 16
#define FM_F_RESET_OWNER_RECURSIVE 32
#define FM_F_HIDE_CHECKBOX 64
#define FM_F_EDITABLE 128
#define FM_F_EXTRACTABLE 256
#define FM_F_DELETE 512
#define FM_F_CHMOD 1024
#define FM_F_MKDIR 2048
#define FM_F_CLIPBOARD 4096
#define FM_F_UPLOAD 8192
#define FM_F_DOWNLOAD 16384
#define FM_F_DOWNLOAD_AND_COMPRESS 32768
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

For example, to fully disable directory protection, set filemanager_disable_features to 1 .

To disable rename and copy, add them together and set filemanager_disable_features to 6 .

If you only want "protectable" enabled, then add everything, less 1, & set filemanager_disable_features to 8182 .

To disable the moving of files to Trash upon removal, set filemanager_disable_features to 65536 .


filemanager_du

filemanager_du=1
1

Used to do recursive folder disk usage counting in File Manager. The calculated usage value will replace the usual 4.0k you see for all directories, but this feature is expected to slow down the File Manager. Can be overridden via the user.conf.


filemanager_show_directory_count

filemanager_show_directory_count=1
1

Ability to hide directory disk usage in the "Size" column to improve performance.


fm_allow_binary_edit

fm_allow_binary_edit=0
1

Whether or not File Manager will permit editing of binary files. Set to 1 to allow binary files editing, but also to enable editing of nonexistent files (related to editing of 404.shtml when it does not exist).


fm_dir_permissons

fm_dir_permissons=755
1

Default permissions for directories created by File Manager.


fm_file_permissions

fm_file_permissions=644
1

Default permissions for files created by File Manager.


fm_hour_offset

fm_hour_offset=0.000000
1

Ability to correct displayed timestamps on files in File Manager in case time is wrong. Because the File Manager is chrooted, it cannot read the /etc/localtime file and in some cases, can show wrong dates.


fm_owners

fm_owners=|USER|:|GROUP|
1

Default ownership for files or directories created by File Manager.


fm_purge_trash_days

fm_purge_trash_days=30
1

Indicates the age of days a file before being deleted from .Trash folder. For folders, the last modified time of a folder must be >= 30 days old for it to be traversed. -1 means never auto-purge, 0 - immediately purge if found. Up to a max of 10000 days before being purged.


force_hostname

force_hostname=
1

By default DA allows people to connect to any IP, domain name, subdomain, etc.. that lives on port 2222. Setting force_hostname to any value force a browser to use a specific value when connecting.


force_pipe_post

force_pipe_post=
1

Option to forcefully use POST requests. Example set is a colon separated list of scripts you want POST to be piped through:

force_pipe_post=filemanager_pre.sh,all_pre.sh
1

Related: pipe_post


force_ssl

force_ssl=0
1

Force SSL with https redirect for all websites.


forwarder_loop_check

forwarder_loop_check=1
1

Enabled by default - DirectAdmin will abort the creation of the forwarder if local forwarders end up pointing back to the original. The process is recursive with max recursion depth of 20.


frontpage_on

frontpage_on=0
1

Deprecated. Support for frontpage extensions.


ftpconfig

ftpconfig=/etc/proftpd.conf
1

The path to the ftp config file.


ftppasswd_db

ftppasswd_db=/etc/pureftpd.pdb
1

The path to the pureftpd database file.


ftppasswd

ftppasswd=/etc/proftpd.passwd
1

The path to the proftpd passwd file.


ftpsep

ftpsep=@
1

The character used after usernames and before the domain name. An example of an ftp login would be: fred@domain.com .

The + character would be a good alternative if you are looking for change.


ftpvhosts

ftpvhosts=/etc/proftpd.vhosts.conf
1

Deprecated. The path to the proftpd vhosts file.


full_mx_records

full_mx_records=1
1

Ability to specify a subdomain for an MX name.


get_current_version_timeout

get_current_version_timeout=5
1

The timeout for checking the latest DirectAdmin versions.


global_httpd_tokens

global_httpd_tokens=/usr/local/directadmin/data/admin/global_httpd_tokens.conf
1

The file that contains global tokens to be used in Apache/Nginx templates.


graceful_restarts

graceful_restarts=1
1

Enables graceful restart for Apache/Nginx.


handshake_timeout

handshake_timeout=12
1

A handshake timeout for https calls to DirectAdmin panel over port 2222.


hard_quota_multiplier

hard_quota_multiplier=1.1
1

Ratio for the soft-limit to hard-limit for quotas. Allows a grace period for Users to go over their quotas up to the hard-limit. After the grace period, they can only delete files until below the soft-limit again.


hide_brute_force_notifications

hide_brute_force_notifications=1
1

Change to 1 to prevent sending brute-force notifications by email.


hide_ip_user_numbers

hide_ip_user_numbers=0
1

If you're sharing an IP among many Resellers, hide the number of Users on that IP.


hide_outlook

hide_outlook=0
1

Deprecated. Ability to hide the MS Outlook column.


hide_webmail_links=1
1

Ability to hide or change the webmail links and webmail button.


home_override_list

home_override_list=
1

A list of paths where to create users, to be used with create_user_home_override . Example set:

home_override_list=/home:/home2:/home3
1

Related: create_user_home_override | ext_quota_partitions


hook_custom_vars

hook_custom_vars=0
1

Ability to pass custom variables to pre/post.sh scripts from GET/POST. Set it to 1 to enable and then you can use any GET/POST variable name you want from these characters: a-zA-Z0-9_-.

It must start with the prefix custom_var_

So, a sample variable passed with GET or POST might be:

custom_var_do_something=yes
1

which would let you access:

$custom_var_do_something
1

in any hook script that is called with that request.

Note the maximum length of an environmental value is 125749 bytes. Anything greater than or equal to that length will be ignored, and its env variable will be unset if it was present already.


hsts

hsts=-1
1

The option to enable HTTP Strict-Transport-Security for the DirectAdmin login page. If SSL=1 and hsts>0 the hsts value is in seconds, and will form the header: Strict-Transport-Security: max-age=5184000

To disable the header, you must set it to -1 in the directadmin.conf or delete the hsts value from the directadmin.conf, reverting to the internal -1 default. Because browsers will remember the setting, if you are going from a large value (5184000), to make the browser "forget", you must set it to 0 for a while (hsts=0) so that the header is sent to clients set to 0 shutting it off. After all browsers/clients have received the change, then you can set it to -1.

If you consider enabling it, we recommend using:

force_hostname=server.domain.com
1

htm_all_scripts

htm_all_scripts=0
1

Lets you run all_pre.sh and all_post.sh scripts on HTM files. Handy for creating your own scripted areas in DA that are not plugins.


http2

http2=1
1

Enables http2 support.


include_directadmin_port_in_brute_firewall

include_directadmin_port_in_brute_firewall=0
1

Option to include port 2222 failed login attempts in BFM blocks (CSF).


incremental_ftp

incremental_ftp=1
1

When uploading backups, the finished backup will be uploaded before the subsequent backup's creation to lower total disk usage.


inode

inode=1
1

Support for counting and displaying of inode limits for Users. Can be set in packages. Uses the hard limit multiplier, just like the disk usage, meaning, the value you set will be the soft limit, and the hard limit will be 1.1x that value.


internal_lang

internal_lang=/usr/local/directadmin/data/skins/enhanced/lang
1

Location for the fallback internal language files if other skins don't have them.


ionice_string

ionice_string=
1

Default ionice value for User backups.
If you add a string, it would look something like this:

ionice_string=/usr/bin/ionice -c2 -n7
1

This would make the resulting tar backup call look like:

/usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /bin/tar cvf .... etc.,
1

ip_blacklist

ip_blacklist=/usr/local/directadmin/data/admin/ip_blacklist
1

A path of blacklisted IPs to be used in Brute Force Monitor.


ip_brutecount

ip_brutecount=30
1

Number of bruteforce attempts per IP required to trigger sending a notification to admins.


ipv6

ipv6=0
1

Basic support for IPv6


ip_whitelist

ip_whitelist=/usr/local/directadmin/data/admin/ip_whitelist
1

A path of whitelisted IPs to be used in Brute Force Monitor.


jail

jail=0
1

Use bubblewrap to jail users (cronjobs, shell and PHP-FastCGI). Use CustomBuild to install bubblewrap, it sets the DirectAdmin value automatically.

ValueComment
0jail disabled completely
1jail is enabled by default, but can be personally disabled per package, reseller.conf or user.conf
2jail is enabled forcefully for all

language

language=en
1

Default language for the system, and also for the demos.


lan_ip

lan_ip=
1

Local IP address if LAN setup was done.


letsencrypt

letsencrypt=1
1

Ability to disable Let's Encrypt in DirectAdmin interface. If enabled globally you might want to deny access to LetsEncrypt for specific Users adding "letsencrypt=0" to user.conf file.

Note that this only applies to the interface, and does not affect background/dataskq actions. So this will not work to globally have it shut off, if you're trying to enable it for 1 User, for example. The background checks must have it enabled globally to work.


letsencrypt_account_email

letsencrypt_account_email=0
1

letsencrypt_disable_renew_after_renew_failure

letsencrypt_disable_renew_after_renew_failure=0
1

Disable Let's Encrypt certificate auto-renew after X failed attempts, with failure message.


letsencrypt_foreground_http_max

letsencrypt_foreground_http_max=10
1

Number of requests (checkboxes selected) after which the letsencrypt generation will be sent to background and processed by dataskq.


letsencrypt_list_selected

letsencrypt_list_selected=www
1

Ability to specify which DNS records will be automatically selected on the Let's Encrypt page.


letsencrypt_list

letsencrypt_list=www:mail:ftp:pop:smtp
1

Ability to select which DNS records to include in Let's Encrypt certificate.


letsencrypt_max_requests_per_week

letsencrypt_max_requests_per_week=100
1

Set the weekly max Let's Encrypt requests limit shown in the interface.


letsencrypt_multidomain_cert

letsencrypt_multidomain_cert=3
1

Ability to select which DNS records to include in Let's Encrypt certificate.


letsencrypt_renewal_days

letsencrypt_renewal_days=60
1

Ability to set time in days when DA tries to renew issues Let's Encrypt certificates.


letsencrypt_renewal_error_to_users

letsencrypt_renewal_error_to_users=1
1

Ability to control and send notifications to users on failure renewals.


letsencrypt_renewal_failure_notice_after_attempt

letsencrypt_renewal_failure_notice_after_attempt=5
1

Max failed Let's Encrypt certificate renewal attempts before sending a failure notice.


letsencrypt_renewal_notice_to_admins

letsencrypt_renewal_notice_to_admins=1
1

Ability to control and send notifications to admins on failure renewals.


letsencrypt_renewal_success_notice

letsencrypt_renewal_success_notice=0
1

Ability to receive Let's Encrypt successful renewal notices.


license

license=/usr/local/directadmin/conf/license.key
1

A path to DirectAdmin license file.


listen_backlog

listen_backlog=8
1

Sets the listen() backlog size for DirectAdmin.


litespeed

litespeed=0
1

A flag used to indicate if LiteSpeed is in use.


load_in_system_info

load_in_system_info=1
1

Calls to the System Information can now support load averageopen in new window, enabled by default. Set to 0 to disable:

/usr/local/directadmin/directadmin set load_in_system_info 0
service directadmin restart
1
2

load_iotop_string

load_iotop_string=/usr/sbin/iotop
1

The iotop command and keys to be included in a notice sent to all admins when 'server load average' notice will be generated. Defaults differ for varying OS's:

CentOS 6/7 + Debian

load_iotop_string=/usr/sbin/iotop -b -n 1
1

FreeBSD:

load_iotop_string=/usr/bin/top -b -d 1 -m io all
1

load_notice_interval

load_notice_interval=10
1

A time in minutes how often the load-average critical notifications are sent to admin, defaults to 10 minutes.


load_top_string

load_top_string=/usr/bin/top
1

The command which is used to gather the data for load average notifications.

FreeBSD:

load_top_string=/usr/bin/top -b -d 1 all
1

Other OS:

load_top_string=/usr/bin/top -c -b -n 1
1

local_mailserver_without_dnscontrol

local_mailserver_without_dnscontrol=0
1

If set to 1 the "MX Records" URL will show up when viewing a domain, and you can make changes to the "Local Mail Server" option, where you might have dnscontrol=OFF in your account.

Some Users might have external DNS, hence they shouldn't change their dns settings, but still need to change their Local Email Server settings.


lock_debug

lock_debug=0
1

logdir

logdir=/var/log/directadmin
1

A path where DirectAdmin will save own logs.


loghostname

loghostname=0
1

Option used to do reverse IP lookups in logs. Not recommended as slows things down quite a bit.


login_hash_expiry_minutes

login_hash_expiry_minutes=4320
1

New internal option simply that lets you alter the internal default time of the ./directadmin --create-login-url user=fred call.


login_history

login_history=10
1

Number of login attempts to store.


login_history_include_login_as

login_history_include_login_as=0
1

Option to hide login-as in login history.


login_keys

login_keys=1
1

login_keys_notify_on_creation

login_keys_notify_on_creation=1
1

Enables Login Keys functionality in DirectAdmin.


loginlog

loginlog=/var/log/directadmin/login.log
1

A path to login.log file.


logs_history_as_nobody

logs_history_as_nobody=0
1

Save User's logs folder and contents as "nobody", preventing them from deleting them from /home/user/domains/domain.com/logs/.


logs_to_keep

logs_to_keep=5
1

Number of rotated logs to keep in a user's home location.


lost_password

lost_password=0
1

Feature to let users reset their passwords without bugging the Admin.


maildir_with_new

maildir_with_new=1
1

This was for a template change. It's not recommend you go back. Set to 0 to disable using Maildir/new/ Maildir/.INBOX.spam/new/ etc.


mail_partition

mail_partition=
1

Custom partition location for email.


mail_sni

mail_sni=1
1

Setting for Dovecot and exim SSL SNI certificate support. Manages the /etc/virtual/snidomains file required for DirectAdmin and Pure-FTPd SNI support, too.


maxfilesize

maxfilesize=10485760
1

The maximum size, in bytes, that a POST can be. This is mainly used for file uploads but applies to all POSTs. Do not set this value to a very small number, as it would block normal POSTs as well (User creation, etc) if it's too small.


max_per_email_send_limit

max_per_email_send_limit=-1
1

Option to control the number of messages sent per email.

If you wish to allow the Users to set values higher than the default 200, but leave 200 as the default, then change the max_per_email_send_limit to be, for example, max_per_email_send_limit=500.

A value of -1 (default) tells DirectAdmin to rely on the /etc/virtual/user_limit file. A value of **0 ** is unlimited. A value above 0 is the max number a User can set.

Can be overridden via the user.conf file. This can be done by editing the user.conf file directly, or via DirectAdmin's GUI when viewing the details for a given User.
For enhanced, the page:

CMD_SHOW_USER?user=fred
1

will show an extra row, just below "Received Emails", called "Max limit User can set per E-Mail". If you're an Admin, you'll be able to modify this value. Setting a number saves max_per_email_send_limit into the User's user.conf file and setting it as a blank value deletes the max_per_email_send_limit from the user.conf.


max_read_to_memory_size

max_read_to_memory_size=524288000
1

Sets an upper limit as to the max size of file that can be stored in DirectAdmin memory, when DA uses a function to read the contents of a file to memory so it can be worked on.


max_security_question_attempts

max_security_question_attempts=5
1

Maximum number of attempts to try answering security questions.


max_twostep_auth_attempts

max_twostep_auth_attempts=5
1

Maximum number of two step authentication attempts.


max_username_length

max_username_length=10
1

The max length a username can be. Max is 30. It is limited to a max of 14 with MySQL 5.5/5.6 and MariaDB 5.5 because of the 16 character MySQL database name limit and the username naming prefix.


max_user_send_limit

max_user_send_limit=-1
1

The upper limit that can be set by a Reseller.

ValueComment
-1Upper limit is taken from the /etc/virtual/limit file
0No limit
>0A value higher than 0 becomes the limit

modsec_audit_dir

modsec_audit_dir=/var/log/modsec_audit
1

The directory for modsecurity audit logs.


mq_exim_bin

mq_exim_bin=/usr/sbin/exim
1

Where Exim is located. Use for the mail spool query calls in Admin Level -> Mail Queue Admin.


mq_exim_max_load_size

mq_exim_max_load_size=2000
1

When accessing CMD_MAIL_QUEUE to view the mail queue via the DirectAdmin panel, it will call exim -bpc before trying to load the queue. If the number of mails in the queue is higher than mq_exim_max_load_size, then an intermediate warning page is shown with a button to try anyway. This will add the GET value of force=yes to the request, telling DA not to worry about it and show it anyway.

When forced, the initial exim -bpc call is not done, in case that call itself is slow, where it's not needed since we're going to jump straight into loading the queue no matter what.


msg_sys

msg_sys=Message System
1

If you want to name your hosting company in the message system emails, this lets you specify the "name" part of the "From" header.


mx_templates

mx_templates=1
1

This variable controls the user's ability to select google/zoho from a list in User panel -> Modify MX Records. Enabled by default. Actual list is taken from two files in /usr/local/directadmin/data/templates/mx directory and can be customized if copied to templates/mx/custom directory.


mysql

mysql=1
1

Ability to disable all database functions at once.


mysqlconf

mysqlconf=/usr/local/directadmin/conf/mysql.conf
1

Path to the user/pass that DA will use for the connection to mysql.


mysql_detect_correct_methods

mysql_detect_correct_methods=1
1

Dynamically determine MySQL/MariaDB versions for a correct query syntax. If enabled (default), the 2 older settings (mysql_milestone_16 and mysql_use_new_user_methods) will be hidden from directadmin c output.


mysqldump_routines

mysqldump_routines=1
1

Allow an admin to do a full backup/restore with routines and functions.


mysql_milestone_16

mysql_milestone_16=0
1

A target milestone to have DirectAdmin form a correct query syntax.

Target options are:

MySQL 5.1, 5.5, 5.6:
mysql_milestone_16=0

else (MySQL 5.7 8.0)
mysql_milestone_16=1
1
2
3
4
5

Note: mysql_milestone_16 will be hidden from directadmin c output if mysql_detect_correct_methods is set to 1.


mysql_use_new_user_methods

mysql_use_new_user_methods=0
1

Ability to enable new methods on adding mysql users (mostly needed for MySQL version 8).

Note: mysql_use_new_user_methods will be hidden from directadmin c output if mysql_detect_correct_methods set 1.


named_checkzone

named_checkzone=1
1

Whether to run DNS zone files through a check before saving zone to disk.


named_checkzone_level

named_checkzone_level=fail
1

Is used with the named-checkzone query -k option. It was found that some warnings returned by named-checkzone would actually cause a full failure in named, so the strictness level of this call was increased to the current default fail.

Valid options for named_checkzone_level are:

  • fail
  • warn
  • ignore

If you find this to be too strict, set it back to level "warn" by adding:

named_checkzone_level=warn
1

namedconfig

namedconfig=/etc/named.conf
1

The path to main named config file (depends on OS used).


nameddir

nameddir=/var/named
1

The path to the named directory.


named_rename_hostname_zone

named_rename_hostname_zone=1
1

If you rename a hostname from the DirectAdmin panel, the process will rename the hostname zone. If set to 0, then DirectAdmin will not change zone associated with the hostname.


named_rndc

named_rndc=0
1

Allows for immediate DNS changes using rndc without any delay.


named_rndc_addzone

named_rndc_addzone=0
1

Allows for immediate DNS changes using rndc without any delay.


named_service_override

named_service_override=
1

On some OSs for named/bind, it's simpler to have DA use some different script name, rather than trying to force the specific boot script names. Specifically on Debian, apt-get provides bind9.service, but DA would still be looking for named.service.

To have DA call bind9.service, set: named_service_override=bind9

Note, if you add named_service_override to the directadmin.conf, ensure it has a value.
If it's present but blank, this means DA would call systemctl reload .service instead of systemctl reload bind9.service.


never_commands

never_commands=
1

Global commands to never be executed by the DirectAdmin panel. An example set would be: never_commands=CMD_ACCOUNT_ADMIN:CMD_API_ACCOUNT_ADMIN


nginx

nginx=0
1

When using webserver=nginx_apache, the option is used to enable/disable the per-domain Nginx templatesopen in new window and the ability to process a domain with Nginx only when using Nginx reverse proxyopen in new window.
Related: nginx_proxy


nginx_proxy

nginx_proxy=1
1

This setting is used in conjunction with nginx= in the directadmin.conf and in the domain's .conf file for per-domain Nginx configurations.
Related: nginx


nginx_ca

nginx_ca=/etc/nginx/ssl.crt/server.ca
1

A path to the Nginx Certificate Authority file.


nginx_cert

nginx_cert=/etc/nginx/ssl.crt/server.crt
1

A path to the Nginx certificate file.


nginxconf

nginxconf=/etc/nginx/directadmin-vhosts.conf
1

The main Nginx config file with users' VirtualHosts.


nginx_fpm_always_set

nginx_fpm_always_set=0
1

Ability to always load all php-fpm settings into the User nginx.conf.


nginxips

nginxips=/etc/nginx/directadmin-ips.conf
1

The path to the file containing the Nginx configuration for server IPs.


nginx_key

nginx_key=/etc/nginx/ssl.key/server.key
1

The path to the Nginx key file.


nginxlogdir

nginxlogdir=/var/log/nginx/domains
1

The path to the directory where Nginx stores domain logs.


nginx_pid

nginx_pid=/var/run/nginx.pid
1

The path to the Nginx PID file.


nginx_proxy

nginx_proxy=0
1

The flag used to indicate if nginx_proxy is used.


nginx_proxy_buffering

nginx_proxy_buffering=0
1

The option to control flow between Nginx and Apache. If set to 0, the Apache server sends through Nginx, byte by byte, making the connection faster. If you have many slow clients, setting nginx_proxy_buffering to 1 will mean that Apache sends all data to Nginx, which stores it in a buffer, which can then disconnect from Apache to let it do other things.

The catch with setting this to 1 is that Nginx doesn't start to send all of the data until Apache has finished sending it to Nginx... meaning the first byte is not sent until Nginx receives the last byte from Apache.


notify_admins_on_all_account_creation

notify_admins_on_all_account_creation=0
1

Option to notify all Admins about the creation of any account type.


notify_on_license_update

notify_on_license_update=1
1

If you no longer want to get the notices with subject "License File has been updated", this can now be disabled:

/usr/local/directadmin/directadmin set notify_on_license_update 0
service directadmin restart
1
2

Any failures will still be sent.


notify_admins_on_mass_emailings

notify_admins_on_mass_emailings=1
1

Notify admins on mass emailing.


notify_admins_on_per_email_mass_emailings

notify_admins_on_per_email_mass_emailings=1
1

Notify admins on mass emailing.


notify_email_on_per_email_limit

notify_email_on_per_email_limit=1
1

Send an email to an email account if their** per-email limit is reached** (not referring to the per-DA-User limit).


notify_on_mass_emailing

notify_on_mass_emailing=1
1

Notify admins of a mass emailing by user.


notify_reseller_on_mass_emailing

notify_reseller_on_mass_emailing=1
1

Notify resellers of a mass emailing by his user.


notify_user_at_full_quota

notify_user_at_full_quota=1
1

To send notification to user if his quota is full.


notify_user_on_mass_emailing

notify_user_on_mass_emailing=1
1

Notify user on mass emailing.


ns1

ns1=ns1.hostname.com
1

The primary, default, Admin NameServers, values as set at Admin Level -> Admin Settings -> ns1.


ns2

ns2=ns2.hostname.com
1

The primary, default, Admin NameServers, values as set at Admin Level -> Admin Settings -> ns2.


numservers

numservers=10
1

Number of child processes spawned at DirectAdmin startup. DirectAdmin uses the prefork method for preparing child processes.


old_public_html_link=1
1

Ability to change ~username to be ~username/domain.com, thus allowing use of all domains before they resolve.
Feature was disabled by default due to mass confusion and complaints, but can still be enabled if you want it.


one_click_pma_login

one_click_pma_login=0
1

A one-click login to phpMyAdmin.


one_click_webmail_link=/roundcube
1

The single sign-on (SSO) tool for the URL path /roundcube can be changed via this option. So if you've got your /roundcube setup with /webmail, this lets you have the button within DA to redirect the specified link.


one_click_webmail_login

one_click_webmail_login=0
1

A one-click login to RoundCube


open_basedir

open_basedir=ON
1

Default values for safemode and open_basedir. Configured over Admin Level -> Php Safemode Config.


os_override

os_override=
1

Used to tell the call to /cgi-bin/daupdate to use a specific OS, rather than the value set in the license on our end. The values are the "value" from the OS selection dropdown when ordering a license, eg:

For ES 6.0 64:

os_override=ES%206.0%2064
1

For ES 7.0 64:

os_override=ES%207.0%2064
1

For FreeBSD 11.0 64:

os_override=FreeBSD%2011.0%2064
1

For Debian 9 64:

os_override=Debian%209%2064
1

Where spaces must be swapped with %20 as DA passes it as a raw value, and apache won't accept spaces in the GET request, else it throws a syntax error.

You'll only ever set this if you need to grab different binaries, and are unable to change in on our end (eg: you don't have /clients access). If you do not want this set, you must remove the os_override= completely from the directadmin.conf else it will still be used and will likely break the download.

If /root/.os_override exists but os_override directadmin.conf value not set, then during directadimn startup, the variable will be filled with value from /root/.os_override.


owsadm

owsadm=/usr/local/frontpage/version5.0/bin/owsadm.exe
1

Deprecated. Path to FrontPage binary. Don't change this unless you know what you're doing.


parse_php_mail_log_at_limit

parse_php_mail_log_at_limit=1
1
ValueComment
0Disabled
1To display a path to the script on the "E-Mail Usage" page in the User panel
2To block the script with chmod 000. Further control can be achieved via the disable_php_script_at_limit_threshold and disable_php_script_at_limit_minimum values.

Related: disable_php_script_at_limit_minimum | disable_php_script_at_limit_threshold


partition_usage_threshold

partition_usage_threshold=95
1

If the usage of a given partition exceeds this threshold value, an email is sent to all admins. This email is only sent once per day if the usage is not reduced or settings changed (the message time history is stored in the admin.conf).


password_placeholder

password_placeholder=XXXXXXXXXX
1

A character to be used to replace visible password within DA panel.

Anytime the form is saved, either creation of a new cron, ftp listing update.. or modification of a cron, the existing back-end password will be loaded into DA internally, decrypted, and will replace the XXXX string with the actual value.

This should improve security, as the passwords are no longer saved in the html as plaintext.

You may change the value to something else other than X.

The reason for making a password_placeholder variable is in case someone actually wants to use a password value of XXXXXXXXX, they could then set password_placeholder=YYYYYYYYY for example. Of course, using XXXXXXXXX for a password is a terrible idea anyway, so don't do it.


php_fpm_max_children_default

php_fpm_max_children_default=10
1

Ability to set default PHP-FPM max children limit.
./build rewrite_confs is required after the change for the setting to be applied.


php_fpm_restarts

php_fpm_restarts=0
1

Option that controls how a PHP-FPM restart is performed. By default, it uses a graceful restart. If you're having issues with php-fpm not executing the above command properly for your system, you can set this value to 1, so that it calls a full "restart" for the php-fpmXX service(s).


php_home_tmp_session_save_path

php_home_tmp_session_save_path=0
1

Set /home/tmp as the PHP temporary files save path.
./build rewrite_confs is required after the change for the setting to be applied.


php_mail_log

php_mail_log=1
1

Option which** enables logging all calls to mail() function by PHP files** and stores results in the /home/username/.php/php-mail.log file. The log will be rotated by the tally.

The number of logs is the same as for Apache and set in: Admin Level -> Admin Settings -> Number of logs to keep.


php_mail_log_dir

php_mail_log_dir=
1

This feature allows you to override the /home/user/.php PHP mail() log folder to use some other location, in the event your clients have a habit of deleting their logs, e.g.: php_mail_log_dir=|HOME|/.php, which would be the same as the default we already have now. If you add any string, even an empty value like php_mail_log_dir= this will be used (don't add an empty value).


php_version_selector

php_version_selector=1
1

Enables selecting different PHP versions from DirectAdmin user panel. The additional PHP versions should be installed separately .


pid_to_logs

pid_to_logs=0
1

To control if the PID should be written to each log, which is useful to enable if you are trying to step through the logs while multiple processes are logging at the same time.


pigz

pigz=0
1

If set to higher than 0 then DirectAdmin backup jobs will use pigz instead of gzip with tar. Actual value set (lets say 4) would mean to use that, about of cores (4 threads in our example). This speeds up the backup job.


pipe_log

pipe_log=/dev/null
1

The main directadmin process is redirecting stdout/sdterr to /dev/null. You may actually see more details if it uses a real file. For example, set: pipe_log=/var/log/directadmin/pipe.log .


plugin_max_hooks

plugin_max_hooks=16
1

The number of default plugin tokens that will be set to "". Note that this never restricted the upper limit of plugins used, it did prevent the auto-filling of the blank plugin token values.. So if you had 20 tokens, and 8 plugins, the last 4 wouldn't be filled with "", and would end up showing "none".


plugins_allowed_run_as

plugins_allowed_run_as=1
1

Ability to run plugin as other than logged-in user.


pointers_own_virtualhost

pointers_own_virtualhost=0
1

Make Domain Pointers and Aliases to use their own VirtualHost.


pop_disk_usage_cache

pop_disk_usage_cache=0
1

Alternative to disabling pop usage is to generate a cache instead.


pop_disk_usage_dovecot_quota

pop_disk_usage_dovecot_quota=0
1

Use doveadm for faster email quota loads.


pop_disk_usage_true_bytes

pop_disk_usage_true_bytes=0
1

By default the E-Mail accounts page will show the usage of each account, in terms of how much disk space the account is using up: how many blocks are used.

This may cause confusion because quota reporting for dovecot uses the file's size, rather than block usage, so the two numbers could vary by a large degree. When you *set it to 1 the E-Mail usage page will instead show the sum of the file sizes, rather than the block usage.

The "hover-over" pop-up will show the "other" size


port

port=2222
1

Port Used for DirectAdmin to run on.


preserve_html_sequences

preserve_html_sequences=0
1

Disabled by default, DirectAdmin will keep charsets as typed. Set it to 1 If you are using different charsets and want DirectAdmin to swap any typed occurrences of & with &#38; so it gets displayed exactly as typed.

Such that message/ticket system will respect any html characters set in the file as long as they use the format:

&#xxxx;
1

where xxxx is a string of 1 or more numbers 0-9.


process_list_debug

process_list_debug=0
1

Debug option to be used with the dataskq to list processes from the /bin/ps aux output if a program isn't seen to be running by the dataskq (and likely gets restarted repeatedly).


proxy_ip

proxy_ip=
1

You can set proxy_ip=1.2.3.4 into the directadmin.conf, and it will add that value: |PROXY_IP| available in the apache and nginx templates (including proxy). If you don't set it in the directadmin.conf, it will be set to the default |IP|.

If the proxy_ip is an ipv6, the token will be wrapped with square brackets, eg:

proxy_ip=::1 will load in the token: PROXY_IP=[::1]


purge_spam_days

purge_spam_days=0
1

If you have Maildir, this option tells DA to remove all emails in the spambox and trash older than this number of days.


quota_partition

quota_partition=/home
1

The value of the partition you want DA to use for user quotas.

Related: ext_quota_partitions


quota_update_interval

quota_update_interval=10
1

Frequency a User is allowed to update his disk usage via the button. Real-time quotas are recommended to use for the disk-space usage.

Related: realtime_quota


ram_in_system_info

ram_in_system_info=1
1

To show a memory information on a System Information page. Set to 0 to hide.


random_password_length

random_password_length=8
1

Option that controls the length of the random password generated by the DirectAdmin service. Applies to all random password areas. (DA account creation, email, mysql, ftp, lost password reset, and resend welcome message).


random_password_length_max

random_password_length_max=10
1

Option that controls the maximum length of the random password generated by the DirectAdmin service. Applies to all random password areas. (DA account creation, email, mysql, ftp, lost password reset, and resend welcome message).


realtime_quota

realtime_quota=2
1

Make use of the live system quotas to let Users see their usage in realtime.

ValueComment
0Disable realtime quota, quota stats would be updated by dataskq
1Use slow "quota -v username" calls to take quota value for user
2Use kernel-level quotactl function calls. [RECOMMENDED]

reload_apache_after_rotation

reload_apache_after_rotation=1
1

Control if DA sends an HUP signal to the pid file set in the directadmin.conf setting apache_pid=/var/run/httpd.pid , or if nginx=1 DA internally sets it to apache_pid=/var/run/nginx.pid .

If you do not wish to have the post-rotation send the HUP, you can set:

reload_apache_after_rotation=0
1

*** HOWEVER *** the HUP is sent for a reason.

This is used to re-open all rotated logs and bytes logs. So if apache/nginx does not get the HUP, you may have logging issues.

If needed, immediately after that HUP is sent, the hook script tally_rotation_post.sh is called if it exists. So if you disable the HUP, you can take any other desired actions with that script.


remote_dns_retries

remote_dns_retries=0
1

Number of retries by DA if the cluster sync fails.


remove_clipboard_on_logout

remove_clipboard_on_logout=1
1

If user logout from DirectAdmin the** FileManager temporary file** /home/user/.clipboard will be removed. If the client just closes his or her browser, the event will not be triggered.


removeip

removeip=/usr/local/directadmin/scripts/removeip
1

A script used to remove server IP address.


renew_letsencrypt_on_suspended_domain

renew_letsencrypt_on_suspended_domain=0
1

Option to skip LetsEncrypt auto-renew if domain is suspended.


request_timeout

request_timeout=20
1

A timeout for requests to DirectAdmin panel.


reseller_allocation_include_self

reseller_allocation_include_self=0
1

Option for Reseller's own User limits to be included in their own allocation total.


reseller_backup_bandwidth

reseller_backup_bandwidth=1
1

Include Reseller backup bandwidth in their usage.


reseller_can_customize_config_json

reseller_can_customize_config_json=1
1

Allow resellers to customize or rebrand skins. If set to 0, resellers will not be able to change the design.


reseller_can_reset_email_count

reseller_can_reset_email_count=0
1

reseller_can_set_email_limit

reseller_can_set_email_limit=0
1

The option that controls whether a Reseller has the ability to reset the sent email limit.

reseller_helper

reseller_helper=reseller.site-helper.com
1

The URL used as the help page for the Reseller panel.

Related: admin_helper | user_helper


reseller_use_admin_config_json

reseller_use_admin_config_json=1
1

Whether or not to query for a custom config.json file set by admin for the reseller. This can also be set via the reseller.conf, which trumps the directadmin.conf setting.


reseller_warning_thresh

reseller_warning_thresh=75
1

A threshold of sent mails when email warning will be sent to reseller.

Related: send_usage_message


reserved_env_vars

reserved_env_vars=PATH:SHELL:_:LD_LIBRARY_PATH:LD_PRELOAD:LD_DEBUG:LD_DEBUG_OUTPUT:LD_DYNAMIC_WEAK:LD_SHOW_AUXV:GETCONF_DIR:NLSPATH:NIS_PATH:IFS:LD_AUDIT:LD_AOUT_LIBRARY_PATH:LD_AOUT_PRELOAD:LD_ORIGIN_PATH:LD_PROFILE:GCONV_PATH:HOSTALIASES:LOCPATH:MALLOC_TRACE:RESOLV_HOST_CONF:RES_OPTIONS:TMPDIR:TZDIR:LD_USE_LOAD_BIAS:MALLOC_CHECK_:ORIGIN:LC_ALL
1

restart_apache_after_tally

restart_apache_after_tally=1
1

After a tally is run, Apache is restarted. Set this to 0 if you don't want it to restart.


restore_database_as_admin

restore_database_as_admin=1
1

Ability to restore MySQL databases with SUPER privileges at Admin Level.


rotate_httpd_error_log_global

rotate_httpd_error_log_global=0
1

rotate_httpd_error_log_meg

rotate_httpd_error_log_meg=0
1

A size in megabytes when apache error_log for any domains will be rotated. Prevents webserver error logs from getting too large in a run-away case, variables that let the dataskq check the size of these logs, and rotate/truncate them if needed.


rotate_httpd_error_log_notify

rotate_httpd_error_log_notify=3
1

rotate_httpd_error_log_truncate

rotate_httpd_error_log_truncate=1
1

Method to truncate error_log on rotation if rotate_httpd_error_log_meg was triggered. Value of 1 means truncation will create a new log 1/2 the size of the original (half of rotate_httpd_error_log_meg).

Truncating to a specific size requires:

  • fseek to location at 1/2 the size of the log
  • go forwards byte by byte until you hit the first newline character, then go 1 more.
  • read each line from the current position, and write to a new log.
  • re-open the current log from where the end used to be, and continue read/writing, because new data might have been added
  • delete the old log, rename the new one to the old name, and HUP apache/nginx.

rotation

rotation=1
1

Enable rotation of apache logs.


safemode

safemode=OFF
1

Default values for safemode. Configured over Admin Level -> Php Safemode Config.


secure_access_group

secure_access_group=access
1

A security permissions state where the group ownership of a home directory is set to this value, allowing only that group visible access to the folder and thus blocking other users. If variable changed the rewrite should be issued:

echo "action=rewrite&value=secure_access_group" >> /usr/local/directadmin/data/task.queue
1

And related services should be restarted.


secure_disposal

secure_disposal=/home/.disposal
1

A directory used to process awstats temporary files under certain conditions.


securitylog

securitylog=/var/log/directadmin/security.log
1

A main DirectAdmin security log file.


security_questions

security_questions=1
1

Turns On Security Questions for additional layer of protection during login to DirectAdmin.


send_usage_message

send_usage_message=1
1

Global switch which controls the sending of usage warning emails to users, resellers, and admins. Can be added to a given User's user.conf and/or a given Reseller's reseller.conf, which will override the global setting.


servername

servername=web1.domain.com
1

The hostname of your system used by DirectAdmin. It should match the actual hostname of your system and must comply with mail system rules.


serverpath

serverpath=/usr/local/directadmin
1

Main path for all DirectAdmin data. Don't change this unless you know what you're doing (you'd need a very good reason to do so).


session_cookie_multiplier=24
1

A multiplier used for cookie expire time related to the duration of session itself. Used to workaround possible issues when server or client desktop times are out of sync.


session_minutes

session_minutes=60
1

Number of minutes an inactive DirectAdmin session will remain logged in. After that time, the User must authenticate again. After every page load of DA, the counter resets to 0.


sessions_dir

sessions_dir=/usr/local/directadmin/data/sessions
1

Location on disk for DA login sessions.


set_php_bin_path_in_crons

set_php_bin_path_in_crons=1
1

Ability to add the php binary path to cron PATH variable. Enabled by default. Can be disabled like so:

/usr/local/directadmin/directadmin set set_php_bin_path_in_crons 0
service directadmin restart
1
2

You can remove duplicate /usr/local/phpXX/bin entries from the crontab's PATH value by setting set_php_bin_path_in_crons=2. Eg, if you have:

crontab -u fred -l | grep PATH
PATH=/usr/local/php70/bin:/usr/local/php74/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/fred/bin
1
2

where there are 2 entries for php 7.0 and 7.4, you can clear out the 2nd entry, regardless of the version set, by setting set_php_bin_path_in_crons=2, and issuing a rewrite:

cd /usr/local/directadmin
echo "action=rewrite&value=httpd&user=fred" > data/task.queue.cb; ./dataskq d1000 --custombuild
1
2

and it will reduce the path in the crontab to the following:

PATH=/usr/local/php70/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/fred/bin
1

If you need to do this for all accounts, issue the aforementioned command without &user=fred.

NOTE: This setting should only be used temporarily, and we would recommend setting it back to 1 once you're done clearing any duplicates.


set_php_bin_path_in_shell

set_php_bin_path_in_shell=1
1

Ability to add the php binary path to PATH variable in .bash_profile. Enabled by default. Can be disabled like so:

/usr/local/directadmin/directadmin set set_php_bin_path_in_shell 0
service directadmin restart
1
2

set_php_ini_scan_dir_in_crons

set_php_ini_scan_dir_in_crons=0
1

Ability to add PHP_INI_SCAN_DIR for per-User php.ini in cronjobs.


show_all_users_cache_extra_vars

show_all_users_cache_extra_vars=date_created
1

Ability to add extra variable columns to Show All Users or List Users pages. More fields could be added like: "date_created:mysql" . Be sure to force a cache update with:

cd /usr/local/directadmin
echo "action=cache&value=showallusers" >> /usr/local/directadmin/data/task.queue; ./dataskq d2000
1
2

BEHAVIOR

When adding a variable to the show_all_users_cache_extra_vars list, how it's shown depends on if it's in the user.conf, user.usage, or both.

If it's only in one or the other, then that value is simply taken from the given file and place into the cache.

If the variable is in BOTH user.conf and user.usage files, then the value is stored in the show_all_users.cache with the usage/limit format, eg:

mysql=1 / unlimited
1

show_custom_script_path

show_custom_script_path=1
1

Ability to hide "Script Output /path/to/script.sh" for custom scripts if set to 0. If you have custom scripts in /usr/local/directadmin/scripts/custom/*.sh on non-zero result, before echoing your echo'd data they will usually display:

Script Output: /usr/local/directadmin/scripts/custom/script_name.sh
1

This is typically done to avoid confusion as to what's throwing the error. But if you're fully aware of it, and are sure you're echoing data on non-zero output, then you should be able to use this.


show_db_usage

show_db_usage=1
1

Ability to hide or change the rules for when DA shows the sizes of databases. Allows for DBs with many tables to not have its usage counted on the display page.

ValueComment
0Do not show any database sizes on the mysql page
1Show all database usage
>1Show size if number of tables in database is fewer than this value. If you set show_db_usage to 1000 all databases with fewer than 1000 tables will have their disk usage shown

Can be overridden via the user.conf .


show_info_in_header

show_info_in_header=0
1

Option used to control whether to hide version and license owner in HTTP headers when connecting to DirectAdmin panel over port 2222. This information is hidden (set to 0) by default.


show_info_in_title

show_info_in_title=1
1

Ability to hide DirectAdmin version title for logged-in users.


show_main_spambox

show_main_spambox=1
1

Ability to hide the main spam folder, e.g. /home/user/Maildir/.INBOX.spam/new/ from the skin.

By default, there are 4 choices as to where to redirect spam messages to.

  • Inbox (no redirect)
  • Main imap spambox
  • per-account spambox
  • drop the email

The "Main imap spambox" option, aka "Redirect it to the catch-all spam folder in your main imap account."


show_php_version

show_php_version=1
1

To control if the PHP version will be shown on the System Information page.


show_pointers_in_list

show_pointers_in_list=1
1

Option that shows domain pointers on the "List Users" and "Show All Users" pages.


simple_disk_usage

simple_disk_usage=0
1

For systems where disk access needs to be kept to a minimum, enabling this option relies only on the system quotas. Stats will not be completely correct as a result (tally will not do manual directory traversing for usage).


skin_domain_redirect

skin_domain_redirect=1
1

Ability to disable the User Level domain redirect on Enhanced skin.


skinsdir

skinsdir=./data/skins
1

Location where the skins are to be found.


skip_databases_in_backups

skip_databases_in_backups=0
1

Enabling this option will exclude databases from all backups. This will skip everything, including DB settings, DB Users, and the sql data for the databases themselves.


skip_domains_in_backups

skip_domains_in_backups=0
1

To be selective with backup data, this will skip /home/user/domains for all Users. You'd really only use this if you have other means, like rsync, for backing up that data. Handy if you just want to restore the User with all of his settings, but without his web data.


skip_ftp_on_backup_fail

skip_ftp_on_backup_fail=0
1

Option to skip uploading backup to ftp if some portion of the .tar.gz was created incorrectly. Set to 1 if you do not want to upload incomplete backups. This only works if incremental_ftp is set to 1.


skip_hometargz_in_backups

skip_hometargz_in_backups=0
1

To speed up the User backup process, one may enable this to skip the home.tar.gz file, which omits some email data amongst other things.


skip_imap_in_backups

skip_imap_in_backups=0
1

Similar to skip_domains_in_backups, when this option is enabled, it will skip the folder: /home/user/imap when generating backups. Enabling this will only skip the email data itself (email messages), but does not skip the email accounts/passwords.


skip_roundcube_in_backups

skip_roundcube_in_backups=0
1

The option that controls the ability to skip roundcube webmail client settings when backups are generated.


skip_trash_in_backups

skip_trash_in_backups=0
1

The option that controls the ability to skip the File Manager trash folder when backups are generated.


skip_uebimiau_in_backups

skip_uebimiau_in_backups=0
1

The option that controls the ability to skip uebimiau webmail client settings when backups are generated.


spam_inbox_prefix

spam_inbox_prefix=1
1

Ability to set Spam folder from INBOX.spam to Junk.


spam_inbox_prefix_name

spam_inbox_prefix_name=INBOX.spam
1

Ability to set a new value for INBOX.spam in the directadmin.conf. It's only used when spam_inbox_prefix=1 is set, which is when INBOX.spam applied.

Simply swaps all INBOX.spam strings with the new value.


special_characters_in_random_passwords

special_characters_in_random_passwords=0
1

Enables ability to have e the random password generation include special characters, eg:

`~!@#$%^&*()_-+=
1

basically, all ascii characters 33-126 inclusive, but not 47 or 92 (forward and backwards slashes) . ! through ~ .This applies to both the javascript generation, and the internal AJAX password generation.

Setting special_characters_in_random_passwords=2 which will offer a greatly reduced list of special characters, only: #$@-!=?

Related: ambiguous_characters_in_random_passwords


special_exit_code

special_exit_code=42
1

Forcefully display hook output, even when no errors occur.

You can diable the feature by setting it to 0, eg:

./directadmin set special_exit_code 0
service directadmin restart
1
2

List of supported hooks:

  • dns_write_post.sh
    More available upon request, assuming reasonable need.

sshdconfig

sshdconfig=/etc/ssh/sshd_config
1

Path to the sshd_config. Will rarely be changed. One case where you might change it is to set a placebo file for DA.


ssl

ssl=1
1

Turn on/off SSL for DirectAdmin panel.


ssl_cipher

ssl_cipher=
1

Cipher for DA over SSL forcing which SSL protocol to use.

The (null) default value can only exist if the ssl_cipher value is not in the directadmin.conf. This means that if you do not want any SSL ciphers, you must completely remove the ssl_cipher value from your directadmin.conf, or else an empty string of ciphers will be used which wouldn't work.


ssl_ignore_when_local

ssl_ignore_when_local=0
1

Option which lets you tell DA to disable ssl if a connection is made on localhost.


ssl_port

ssl_port=0
1

Allows DirectAdmin to run on 2 ports at the same time, where the port value specified in the ssl_port option will use SSL. Commonly used as port 2223 .


strict_backup_permissions

strict_backup_permissions=1
1

Enabled by default - the backup process will go through all data in /home/username/domains and will do check to see which ones the username (DA account) cannot read. A second data list is created backup/non_readable_files.list which is used as '--exclude-from' tar key.

Related option:

add_non_readable_files_to_strict_backup=1
1

The option is used by backup process to actually copy these files to a new data location non_readable_files which sits next to "backup" and "domains" at the top level.

If any file is chmod to 0, when the file is copied, it will be set to 600 (directories to 700).. as the backup needs this as a minimum to read the file as a non-root backup. The restore will not reset these files/folders to chmod 0. They'll be left as 600 (700 for dirs).

Since this feature copies files to a 2nd location before backup, significant amounts of disk usage will be used if the files being backed up (eg: apache owned files) are not readable by the User.

This related option will use the same tree parsing:

backup_apache_files_list=1
1

so either add_non_readable_files_to_strict_backup or backup_apache_files_list will cause a full /home/user/domains directory traversal.

Related: add_non_readable_files_to_strict_backup | backup_apache_files_list


subdomain_force_redirect

subdomain_force_redirect=0
1

Relating to the User Level feature that allows forcing domain.com » to www.domain.com (or vice versa)open in new window, this option excludes subdomains from this redirection since we rarely intend for the redirection to affect subdomains. For example, the following is rarely desired:

sub.domain.com » www.sub.domain.com
1

So, with subdomain_force_redirect=0, any www or non-www redirection for domains or pointers will no longer affect subdomains (where a subdomain in this context is one that is created under a domain, and not subdomains created as "full domains").

If you do need subdomains to redirect to www, then enable the setting globally:

/usr/local/directadmin/directadmin set subdomain_force_redirect 1
service directadmin restart
1
2

And the next rewrite of the User httpd.conf (or other server User config) will be updated with the change.

To update all User configs, type:

/usr/local/directadmin/custombuild/build rewrite_confs
1

sysbk_conf

sysbk_conf=/usr/local/sysbk/conf.sysbk
1

Config file for the "sysbk" script (Admin Level -> System Backup).


systemd

systemd=-1
1

Ability to enable/disable use of systemd. -1 means auto-detect.


systemlog

systemlog=/var/log/directadmin/system.log
1

A path to main system.log file.


system_user_to_virtual_passwd

system_user_to_virtual_passwd=0
1

Include the system account in the virtual passwd file at /etc/virtual/domain.com/passwd so you can login with systemuser@domain.com and Dovecot LMTP would be used for delivery (supports compression, Sieve filters).


table_case_sensitive_search=1
1

Ability to perform case sensitive search in table class inside DirectAdmin.

This can be useful if you might have a filename or some value in a table cell that shouldn't be case sensitively matched. Or to fight with mobile phones that decide upper case is always the best, when: autocapitalize='none' has not been added to the input field.

You can also add the following flag to any table search/sort (including "starts with", "contains" or the "equals" options)

&case_sensitive_search=1
1

or

&case_sensitive_search=0
1

to override whatever might be set in the directadmin.conf.

Because we do not want to affect searching performance of the table class, we've implemented this using function pointers. Case sensitivity choice is known ahead of time, so the function pointer for the actual string comparison is set once, and the function pointer is called directly per comparison. This is as opposed to the slower method which would need an "if" statement check on the choice for every cell/search, which would be slower ("in theory").


table_default_ipp

table_default_ipp=50
1

Ability set default items per page in tables. skin.conf option default_ipp=20 overrides this setting.


table_highlighting

table_highlighting=1
1

Enables the highlighting table row when you hover the mouse over it (changes to a darker background, to more easily track which value you're about to select).


tally_after_restore

tally_after_restore=2
1

If you wish to not run the tally after you restore data, set to this to 0. This will lower your CPU time, but make your usage stats out of sync until the next tally.

If you do want to run the tally, but want to get the restore message before the tally, you can now use tally_after_restore=2 . The only "downside" is the slight lag in stats being updated, though they will be updated after the tally finishes (which time can vary depending on the amount of data to be processed).

Which will call a tally for that Reseller to the task.queue (to be run later), so the result message will arrive much more quickly.

To run the tally immediately following any restore, seet this to 1. Note that the notice about the restore being successful doesn't get sent out until after the tally finishes (in the same thread).


taskqueue

taskqueue=/usr/local/directadmin/data/task.queue
1

Location of the task.queue file used for background tasks run by the dataskq. You'll probably never change this.


templates

templates=/usr/local/directadmin/data/templates
1

Location on disk for all templates.


ticketsdir

ticketsdir=/usr/local/directadmin/data/tickets
1

Location where the tickets and messages for the internal messaging system live.


timeout

timeout=60
1

Number of seconds a DirectAdmin process is allowed to run before generating a timeout signal and aborting. Note that some of the more time-consuming processes use a multiplier on this value.


tmpdir

tmpdir=/home/tmp
1

Location for temporary data.


tokenizer_clear_env

tokenizer_clear_env=1
1

When set to the default (1), the Tokenizer will wipe the environment before adding new values, but then restore it afterwards. So the env vars from before the tokenizer runs a script, will be restored after the script is done.

You can set this value to 0 if desired, though the only benefit is to pass any pre-script env vars to the script (aside from anything that is set/ovewritten for the script, as before, which will still be set).


tokenizer_debug

tokenizer_debug=0
1

Ability to generate skin/template debug output.


track_task_queue_processes

track_task_queue_processes=1
1

Ability to track backup progress.

ValueComment
0Disable task queue tracking
1Enable simple task queue tracking
2Verbose task queue tracking

twostep_auth

twostep_auth=1
1

twostep_auth_discrepancy

twostep_auth_discrepancy=1
1

Enable two step authentication


twostep_auth_trust_days

twostep_auth_trust_days=30
1

Number of days to trust device after two step authentication done.


unblock_brute_ip_time

unblock_brute_ip_time=2880
1

A number of minutes after which the IP is automatically unblocked by Brute Force Monitoring.


unified_ftp_password_file

unified_ftp_password_file=1
1

The option for the proftpd password files to be unified (/etc/proftpd.passwd used as single config for ftp accounts).


user_action_locking

user_action_locking=30
1

A number of minutes the** actions under account are prohibited** after the backup process starts.


user_brutecount

user_brutecount=30
1

The BruteForceMonitor can scan how many times a specific IP attacks a server, but also how many times a specific User is attacked from any IP. Sometimes the Admin might not want to bother with the number of attacks on a specific User, so you can set the option user_brutecount=0 to 0, which will disable DA's count on specific Users. Setting to 0 will likely improve the loading time of the Brute Force Monitor page.


user_can_select_skin

user_can_select_skin=0
1

If set to 1 then users will be able to pick whatever skin they want.


user_can_set_email_limit

user_can_set_email_limit=0
1

Disabled by default, if enabled users will be able to set send email limit via the interface. Note that regardless of the limit set, all email account sends are still limited by the DA-User limit, one of /etc/virtual/limit or /etc/virtual/limit_username .

If user_can_set_email_limit=1 is set, then on the "E-Mail Accounts" page, you'll see a new column called Sent which will show the number of emails sent today. If a limit is set for that User, the limit is then displayed, eg: 2 / 5 . If no per-email limit is set, but a global per-email is set in /etc/virtual/user_limit file then that limit will be shown, eg 2 / 50 . If no limit is set... and no user_limit is set, then no limit will be shown, eg: 2 . Feature will save send/limit into the usage.cache, if that feature is enabled.


user_dnssec_control

user_dnssec_control=0
1

Ability to make "Generate Keys" and "Sign" buttons visible in DirectAdmin panel for users for DNSSEC records.


user_email_quota_max

user_email_quota_max=0
1

Ability to set maximum value for email quotas.


user_email_smtp_logs

user_email_smtp_logs=1
1

Option to disable User access to per-email smtp logs. Value of 2 enables the use of exigrep to parse the logs.


user_helper

user_helper=www.site-helper.com
1

A URL used for help button in user panel.

Related: admin_helper | user_helper


users_can_add_remove_domains

users_can_add_remove_domains=0
1

Option to control whether users can add or remove domains.

ValueComment
0Allows deleting and removing domains by users
1Allows only adding domains by user (no delete)
2Block ability to add or delete domain

Can be overridden via the user.conf file.


users_can_rename_domains

users_can_rename_domains=1
1

Allow renaming of domains from user panel.


user_warning_thresh

user_warning_thresh=80
1

The threshold on bandwidth when user will be notified.


user_warning_thresh_disk

user_warning_thresh_disk=95
1

The threshold on disk usage when user will be notified.


user_warning_thresh_inode

user_warning_thresh_inode=95
1

Option to control of when user will be notified on inode usage.


use_syslogd

use_syslogd=0
1

For use with the syslogd logging facility, which allows for more logging options including remote logs.


use_uid_counting

use_uid_counting=1
1

To **prevent ever reusing the same uid/gid **again. The DirectAdmin manages 2 files /usr/local/directadmin/data/admin/high_uid.number and high_gid.number which contains the last highest uid/gid values created through DA. Upon creating new user, DA will check those files as well as the /etc/passwd and /etc/group, and check to see what the current high uid/gid values are, and use that value+1 for the next User. If your system is doing a lot of adding/removing of users you may allow reusing same uid/gid setting the value to 0.


use_xfs_quota

use_xfs_quota=0
1

If changed to 1 enables maintaining quotas on XFS partition.


utf8_encode_from_to

utf8_encode_from_to=0
1

UTF-8 Encoded To/From/Reply-To fields in DA emails.


utf8_encode_subject

utf8_encode_subject=0
1

Ability to automatically encode subjects to UTF-8 for emails generated by DA.


webalizer

webalizer=0
1

To enable webalizer statistics.


webapps_ssl

webapps_ssl=1
1

Option to control whether web applications (webmail, phpmyadmin) are forced to use SSL. Default is taken from the setting ssl=0|1 in the directadmin.conf. Can be overridden via config files or .htaccess.


webmail_backup_is_email_data

webmail_backup_is_email_data=1
1

Is used to include webmail data if the 'email_data' backup checkbox was selected. This could be disabled by setting to 0 for cases where you want your RoundCube database backed up and restored, but want to exclude email Maildir data, as Maildir can be easily transferred with rsync.


webmail_link=roundcube
1

Ability to change the webmail links and webmail button.


wrap_long_dns_values

wrap_long_dns_values=1
1

Long records, like DKIM TXT records are broken into multiple shorter lines for cleaner viewing.


x_forwarded_from_ip

x_forwarded_from_ip=
1

Set X-Forwarded-For header for proxy or load balancers accessing DirectAdmin.


x_frame_options

x_frame_options=sameorigin
1

Adds HTTP header to all iframe requests in DirectAdmin: X-Frame-Options: sameorigin.


xfs_on_domains

xfs_on_domains=0
1

Enables by default if use_xfs_quota is set to 1. So you only need to change xfs_on_domains if you don't want quotas to be enabled on the domains. When domain xfs quotas are enabled, this will create a project called domain.com with the path /home/user/domains/domain.com and the xfs system will limit the files uploaded to that location for any file ownership, including apache/root as per the limit specified by the User on that domain at: User Level -> Domain Setup -> domain.com.

This is useful for cases where:

  • the User has many domains, and does not want any one domain to use up too much space.
  • there are files uploaded under some different username, as the xfs domain quotas are enforced by path, not file ownership.

zip

zip=1
1

Ability to zip and unzip files in the File Manager.


zip_bin

zip_bin=
1

If the values are set to null (aka: not in the directadmin.conf at all), then DA will look for /usr/bin/zip else /usr/local/bin/zip to use for compression.

The purpose of this is to allow an override if in case you need to add a wrapper to unzip, in such cases as extraction of UTF-8 files, eg:

unzip_bin=/usr/bin/unzip2
1

With unzip2 containing:

#!/bin/bash
export LANG=en_US.UTF-8
exec /usr/bin/unzip $@
exit $?
1
2
3
4
Last Updated: 6/29/2021, 10:45:57 PM