All directadmin.conf values
This is a full list of configuration options available in directadmin.conf
file. Each config option section will include default option value and description.
If the value does not exist in the directadmin.conf
the default value will be used.
Adding a value to the directadmin.conf
would override the internal default.
directadmin.conf
values from CLI
How to change the Use the following steps:
/usr/local/directadmin/directadmin config-set variable value
systemctl restart directadmin
or
da config-set variable value
systemctl restart directadmin
Example:
/usr/local/directadmin/directadmin config-set letsencrypt 1
systemctl restart directadmin
All directadmin.conf variables and values
accept_cloudflare_proxy_requests
accept_cloudflare_proxy_requests=0
When this option is enabled DirectAdmin on start will load Cloudflare edge nodes IPv4 and IPv6 networks.
If incomming connection is from Cloudflare networks the header CF-Connecting-IP
will be used to determine end user IP address.
This option should be enabled if access to the DirectAdmin GUI is being proxied through Cloudflare. It will make sure real client IP instead of Cloudflare edge node is used.
Note: When using Cloudflare to proxy requests to DirectAdmin GUI please make sure DirectAdmin is using one of the ports supported by Cloudflare, the default DirectAdmin port 2222 are not being proxyed by Cloudflare. We recommend changing it to port=2096
for HTTPS access.
Available since version 1.648.
access_control_allow_origin
access_control_allow_origin=
Ability to add Access-Control-Allow-Origin HTTP header to DirectAdmin. Comma/whitespace separated entries are trimmed, example usage:
access_control_allow_origin=http://www.domain.com, https://www.otherdomain.com:8080
acme_server_cert_account
acme_server_cert_account=
Email address of an ACME account used to issue server host name certificate. Empty value uses default admin user email address.
acme_server_cert_additional_domains
acme_server_cert_additional_domains=
A comma separated list of additional domain names to include in the server host name TLS certificate.
Example value: additional.example.com,*.example.net
Note: Server host name is always included in the certificate. If no additional domains are needed this configuration option should be set to an empty value.
acme_server_cert_dns_provider
acme_server_cert_dns_provider=
Name of custom DNS provider passed to lego
tool when issuing server host name certificate.
Example value: cloudlflare
List of supported DNS providers.
acme_server_cert_dns_provider_env_file
acme_server_cert_dns_provider_env_file=/usr/local/directadmin/conf/ca.dnsprovider
A file with additional environment variables that are passed to lego
tool when issuing server host name certificate.
Example file contents:
CLOUDFLARE_DNS_API_TOKEN=...
List of supported DNS providers.
acme_server_cert_enabled
acme_server_cert_enabled=0
When set to 1
ACME will be used to automatically acquire and renew server host name TLS certificate.
acme_server_cert_key_type
acme_server_cert_key_type=ec256
TLS key type and size to use for server host name certificate. Can be set to:
ec256
Elliptic Curve DSA Curve P-256 keyec384
Elliptic Curve DSA Curve P-384 keyrsa2048
RSA 2048 bit keyrsa3072
RSA 3072 bit keyrsa4096
RSA 4096 bit keyrsa8196
RSA 8196 bit key
acme_server_cert_provider
acme_server_cert_provider=
Automatic certificate provider to use for issuing server host name TLS certificate. Can be set to:
letsencrypt
- to use LetsEncrypt ACME provider.letsencrypt-staging
- to use LetsEnctypt staging environment (useful only for testing).zerossl
- to use ZeroSSL ACME provider.- Empty value - to use default ACME provider configured in
default_acme_provider
.
add_apache_comments
add_apache_comments=1
Ability to disable adding comments to user httpd.conf files.
add_domain_to_domainips
add_domain_to_domainips=0
DirectAdmin can manage /etc/virtual/domainips
and /etc/virtual/helo_data
files for exim to use, to pick which IP should be used when sending email.
Value | Comment |
---|---|
0 | DirectAdmin does not manage /etc/virtual/domainips and helo_data files, all domains are sending mails from server IP |
1 | DirectAdmin sets user owned IP in files, domains on dedicated IP will use own IP as outgoing. If multiple owned IPs assigned to a domain, the first value added will have priority, when in question. helo_data is populated using the main domain of the user that owns the IP with mail.maindomain.tld |
2 | DirectAdmin use RDNS to form helo_data file for given IP. /etc/virtual/domainips behavior as with value 1 |
To disable the feature set add_domain_to_domainips to 0 and delete /etc/virtual/domainips
/etc/virtual/helo_data
files.
Related: How to manage domain IPS file
addip
addip=/usr/local/directadmin/scripts/addip
Scripts called by DA to add IPs to/from the nework device.
*Related: removeip *
add_non_readable_files_to_strict_backup
add_non_readable_files_to_strict_backup=1
If any file is non readable by user (chmod 0) the permissions for it will be set to 600 (directories to 700) during the backup creation time as the backup needs this as a minimum to read the file as a non-root backup. The restore will not reset these files/folders to chmod 0, they'll be left as 600 (700 for dirs).
The new data location for those files will be backup/domains/non_readable_files/
.
Since this feature copies files to a 2nd location before backup, significant amounts of disk usage will be used if the files being backed up (eg: apache owned files) are not readable by the User.
The related backup_apache_files_list=1
will use the same tree parsing.
Related: backup_apache_files_list | strict_backup_permissions
add_userdb_quota
add_userdb_quota=1
To control adding quota value next to virtual user line in /etc/virtual/domain.com/passwd
like this:
fred:$1$SdbJQZ6r$R5FmKrayU3FvPksLTd.7X0:501:12::/home/username/imap/domain.com/fred/bin/false:userdb_quota_rule=*:bytes=50M
Starting from version 1.59.5, the command used is as follows:
doveadm -f flow quota get -u 'email@domain.com'
Where the Type=STORAGE Value= (returns in in KB) is used for the internal ~/imap total.
Note: the doveadm return value only returns the size of data used, not actual disk space used. One block is always used, regardless of how small the file is, so the "Apparent Size" field will not be shown in the account hover-over usage. Also the indexes do take up space, but are not included in the actual message quota.
admindir
admindir=./data/admin
Path for admin data related to the serverpath. You're not likely going to want to change this.
Related: serverpath
admin_helper
admin_helper=admin.site-helper.com
The URL used for the help button in Admin panel.
Related: reseller_helper | user_helper
admin_ssl_check_retries
admin_ssl_check_retries=1
Tells DirectAdmin's check for the .ssl.next_retry
file which is what the GUI would create during its requests. Shut this off temporarily if your server is making too many LetsEncrypt/ZeroSSL requests.
Related: admin_ssl_install_to_missing | admin_ssl_replace_all_expired_invalid | admin_ssl_poll_frequency | Automatic SSL Certificates
admin_ssl_install_to_missing
admin_ssl_install_to_missing=0
Install certificates to hosts which do not have any.
Related: admin_ssl_check_retries | admin_ssl_replace_all_expired_invalid | admin_ssl_poll_frequency
admin_ssl_poll_frequency
admin_ssl_poll_frequency=5m:15m:30m:1h:12h:1d
A frequency to poll certificates for hosts:
less than 30minutes: every 5 minutes
30m-1h: every 15 minutes
1h-4hrs: every 30 minutes
4h-1day: hourly
2nd,3rd days: every 12 hours
4th day onward: once per day
Time units will all be case specific: s,m,h,d,w,M,y where m is minute, M is Month. No units will be treated as seconds, since that's how they're intended to end up anyway. Note that there are no spaces after the numbers before the units (1 d will end up being one second).
When a trigger is done, it must save that NEXT window to the next_trigger file.
Related: admin_ssl_check_retries | admin_ssl_replace_all_expired_invalid | admin_ssl_install_to_missing
admin_ssl_replace_all_expired_invalid
admin_ssl_replace_all_expired_invalid=0
DirectAdmin can automatically fix the old/existing/expired/invalid certificates.
Value | Comment |
---|---|
0 | Disabled |
1 | Any fully expired/invalid LetsEncrypt certificate will automatically be brought back to life following the polling schedule |
2 | Any fully expired/invalid certificates will automatically be brought back to life, following the polling schedule. This includes non-LetsEncrypt (Eg: EV) certs, so be careful if you use this option. |
Does not poll for empty certs. It's not recommended to leave this feature turned on all the time due to it's higher-than-average resource requirements. Use it when needed, then turn it off (TODO: lower polling frequency).
Related: admin_ssl_check_retries | admin_ssl_poll_frequency | admin_ssl_poll_frequency
admin_ssl_default_wildcard
admin_ssl_default_wildcard=1
Default choice for the Admin SSL feature, if a zone should try a wildcard dns-01 based LetsEncrypt request (default), or a httpd-01 request. Applies to new domain, pointers and wildcard checkbox default value on the Admin SSL page.
Value | Comment |
---|---|
0 | Web-based http-01 LetsEncrypt challenge will be used. Useful if most domains have external DNS not controlled by DirectAmdin. |
1 | DNS-based dns-01 LetsEncrypt challenge. Recommended as it saves multiple requests for other subdomains on the system. Web-based http-01 is still attempted as a fallback if dns-01 fails. |
Related: letsencrypt_multidomain_cert
admin_ssl_cert_per_vh
admin_ssl_cert_per_vh=1
For Admin SSL generated non-wildcard certificates, each Host
will attempt to generate it's own certificate. Subdomains below a domain will each get their own cert, saving the need to generate a new multi-host master certificate for each new subdomain created. This saves the need to request a new multi-host SSL certificate for the entire domain and existing subdomains, for any new subdomain created. The new subdomain would get it's own certifiate.
Value | Comment |
---|---|
0 | Admin SSL certificates for a domain will be geneated with all known subdomains/hosts in one multi-host certificate. Each host is checked/validated by the ACME provider. |
1 | Admin SSL will create a new SSL certificate for each domain, for each subdomain, as well as a certificate for each domain pointer, and each subdomain on a pointer. |
Related: admin_ssl_cert_per_vh
ajax
ajax=1
Enable ajax functions in DirectAdmin panel.
ajax_cache_max_time
ajax_cache_max_time=1800
Maximum time for ajax cache.
ajax_list_max
ajax_list_max=20
Maximum ajax list size.
ajax_search_max_time
ajax_search_max_time=2.000000
The maximum ajax search time.
allow_admin_login_as_to_reseller_skin
allow_admin_login_as_to_reseller_skin=1
Option to gives a notice, but allows the login using the Reseller skin in /home/reseller/skins/skinname
. If you want to only ever login-as with global skin - set value to 0. The notice could be fully disabled setting variable to 2.
Value | Comment |
---|---|
0 | Always use global skin with 'login as' |
1 | Ability to user reseller skin with 'login as' but give a warning |
2 | Ability to user reseller skin with 'login as' without a warning |
allow_backup_encryption
allow_backup_encryption=0
Ability to password encrypt backups from all levels. To enable, change allow_backup_encryption
to 1. This feature was implemented for backup storage to be GDPR compliant. The following files are used to encrypt/decrypt the data:
/usr/local/directadmin/scripts/encrypt_file.sh
/usr/local/directadmin/scripts/decrypt_file.sh
To customize them, use the standard DirectAdmin customization procedure, e.g., create the /usr/local/directadmin/scripts/custom/
directory, copy files into it, and modify the file there. DirectAdmin will detect the custom script and use it instead.
allow_backup_exclude_path
allow_backup_exclude_path=1
Allow users to control exclude list by creating a file /home/username/.backup_exclude_paths
with paths to be skipped by backup task. The format of the file must be relative to /home/user
and should not include a /home/user
prefix, example:
domains/domain.com/awstats
presentation/video
This will add '--exclude-from=/home/username/.backup_exclude_paths' just after the '-C /home/username' option in the creation of BOTH the home.tar.gz
and the user's backup .tar.gz
(the option uses tar exclude-file option).
allow_backup_exit_code_one
allow_backup_exit_code_one=1
The option which controls a backup error depending on exit status after backup script finishes. Default is 1, which means 1 (and 256) is accepted an will not throw an error. If you change it to 0, then then the exit code 1 (and 256) are no longer ok, and DA will throw an error.
Example: When compressing a tar.gz file if a source file changes or goes missing during that creation, tar can throw either code 1 or 256.
allow_dns_underscore
allow_dns_underscore=1
Allow using underscore "_" character in NS records for domains.
allow_domain_special_characters
allow_domain_special_characters=1
Allow adding domains with special characters. Set to 0 to block special characters in domain names. Some versions of named do not like them.
Related: convert_to_punycode
allow_foreign_key
allow_foreign_key=0
By default, the session key login system is only permitted for 127.0.0.1 . Change to 1 to allow non-local IP addresses to login using the session key system.
allow_forwarder_pipe
allow_forwarder_pipe=1
Allow processing email through email pipes (usually used as mail forwarder to script).
allow_incoming_email_on_suspend
allow_incoming_email_on_suspend=0
Change to 1 to allow suspended domains to still receive emails. The pop/imap/smtp authentication will still be disabled.
If you turn this feature on, make sure that no accounts or domains are currently suspended, or they'll be stuck in limbo using the other suspension method.
Note: If the backup box has this option enabled, ensure that this option is also enabled on the box being restored to. Else, suspended email accounts won't be unsuspended on the new box when the User account is unsuspended.
allow_numeric_username
allow_numeric_username=0
Change to 1 to override checks to allow a username that starts with a number. Not recommended for most Operating Systems.
allow_ttl_override
allow_ttl_override=1
Allows users to control whether they can set per record TTL values. For example, if enabled, regular users can go to user level
-> DNS Management
-> Override TTL value
.
Value that's set there will force all records to use that same value for the domain it is configured for.
Admin users can do the same in admin level
-> DNS Administration
.
allow_upper_case_username
allow_upper_case_username=0
Change to 1 to allow a username that has uppercase letters. Not recommended.
allow_user_exec
allow_user_exec=0
To give your Users the ability to use the API to run scripts (potentially dangerous, so use at your own risk).
- API command: CMD_API_EXEC
- method: POST
command=/path/to/program
options=your --list=of "options"
Command must be a simple filename. Don't include options in the command, just the command filename, that's it. The options will be placed after the command. Command must be the full path from top level /. No local commands allowed.
2>&1
will be added to the end of the command to catch the stderr output to stdin.
Output from DA on a successful run will look like this:
error=0&exit=12345&result=outputtext
If error=1
, then there was a problem and the error message will be set in "text".
exit=1234
is the result number of the exec function. It's controlled by the return value of your script.
result=outputtext
is the usual url encoded text that your script produces.
Note that there is a timeout (set in the Admin Settings). DA will kill the program with SIGTERM if it runs out of time.
Also, do not run any script/programs that require stdin unless you pipe it from a file with <
.
always_load_all_script_env_vars
always_load_all_script_env_vars=0
This determines whether DA loads in the environmental variables from all_pre.sh
and all_post.sh
scripts for the session.
apacheca
apacheca=/etc/httpd/conf/ssl.crt/server.ca
Path to the Apache/Nginx Certificate Authority file. For nginx, the default will be: /etc/nginx/ssl.crt/server.ca
Related: SSL Certificate Locations
apachecert
apachecert=/etc/httpd/conf/ssl.crt/server.crt
Path to the Apache/Nginx Certificate file. For Nginx, the default will be: /etc/nginx/ssl.crt/server.crt
Related: SSL Certificate Locations
apacheconf
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
Location of the main httpd.conf where DA will add the User httpd.conf "Include" lines. For Nginx, the default will be: /etc/nginx/directadmin-vhosts.conf
apacheips
apacheips=/etc/httpd/conf/ips.conf
Location of the ips.conf used by DA for adding baseline Apache VirtualHosts for shared IPs. For Nginx, the default will be: /etc/nginx/directadmin-ips.conf
apachekey
apachekey=/etc/httpd/conf/ssl.key/server.key
Path to apache/nginx Certificate Key file. For Nginx, the default will be: /etc/nginx/ssl.key/server.key
Related: SSL Certificate Locations
apachelogdir
apachelogdir=/var/log/httpd/domains
Location where the domains' error, access, and bytes logs are stored. For Nginx, the default will be: /var/log/nginx/domains
apachemimetypes
apachemimetypes=/etc/mime.types
Mime.types file used to look up file extension types to include in HTTP header replies.
apache_pid
apache_pid=/var/run/httpd.pid
Location of the Apache pid file. Used to send a HUP right after rotation of the Apache logs in order to reopen them.
apache_public_html
apache_public_html=0
If set to 1, sets the public_html to chmod 750, chown to username:apache. This is a primitive version of the secure_access_group and is considered outdated.
apache_ver
apache_ver=2.0
Specifies the Apache version used for httpd.conf writing. The only 2 valid values are 1.3 and 2.0. If you're using Apache 2.2, you'd still use 2.0.
autoupdate
autoupdate=1
Controls whether Directadmin auto-updates feature is enabled (1
) or disabled (0
).
Note: This differs from the admin.conf auto_update=yes|no
setting, which controls if an update request can be pushed to your server.
autopatch
autopatch=1
Controls whether Directadmin same version hot-fix updates is enabled (1
) or disabled (0
).
awstats
awstats=1
Set to 1 to enable Awstats for DirectAdmin.
Related: How to enable awstats
background_delete_if_num_db_users
background_delete_if_num_db_users=500
If the total number of MySQL Users being removed during DA User removal is greater than 500, all Users being deleted will be done in the background.
Related: background_delete_size
background_delete_size
background_delete_size=10240
If account size is larger than this value (in megabytes) then DirectAdmin will push Account deletion to the background.
Related: background_delete_if_num_db_users
background_suspend_if_num_users
Meant for suspending/unsuspending in the background, internal default:
background_suspend_if_num_users=0
Related: suspend in the background
backup_apache_files_list
backup_apache_files_list=1
Option which controls if DirectAdmin will do a backup of apache owned files. It creates a list of apache owned files, and reset them as such after a backup is restored. Excessive checks for symbolic and hard links, and other trickery. This setting also applies to the restores.
Related: add_non_readable_files_to_strict_backup | strict_backup_permissions
backup_ftp_md5
backup_ftp_md5=0
Set to 1 to have backup job upload two files - backup itself and user.admin.fred.tar.gz.md5
containing the md5sum of the backup file. Used to verify the integrity of the backup on remove server to ensure backup was transferred correctly.
The restore does not currently download or check this file, but if you get an error message during the restore, you'll then be able to manually check the remote file to confirm it's intact, and try again if it is.
backup_ftp_pre_test
backup_ftp_pre_test=1
The backup job will test the listing of the FTP information before the ftp backups are created. It relies 100% on the exit value of the script(s):
/usr/local/directadmin/scripts/ftp_list.php
/usr/local/directadmin/scripts/custom/ftp_list.php
Set value to 0 to disable pre-test.
backup_gzip
backup_gzip=2
Option which controls what file type a backup archive will be (i.e., what type of compression will be used).
Value | Comment |
---|---|
0 | .tar file will be created as a backup |
1 | .tar.gz file will be created as a backup |
2 | .zstd file will be created as a backup |
backup_hard_link_check
backup_hard_link_check=1
Before all account backups are created by DA, a check will be done on the User's backup path. For any hard link found, DA will notify all Admins on the box, even if the backup is being created by the end-User. As well, the creation of that backup file will be aborted.
This reason this check is relevant is for when Users create a hard link to sensitive files on disk, like /etc/shadow
.
If you find that this check increases the load of your system too much when backups are created, and you feel that your system will not be affected by hard-links (you trust all of your Users), then this check can be disabled (set to 0).
backup_nice
backup_nice=19
Default nice value for User backups.
backup_tmpdir
backup_tmpdir=/home/tmp
Location for backup data assembly.
backup_tmp_path_has_pid
backup_tmp_path_has_pid=1
Include a backup job PID in directory name next to username during backup assembly, e.g. /home/tmp/admin.1234/username
bind_address
bind_address=
A bind address to have DirectAdmin daemon to listen on (to listen on one IP address only).
Note it only listens on the IP you specify and this doesn't include 127.0.0.1 if you specify a public IP.
block_cracking_unblock
block_cracking_unblock=1
Setting that controls the ability to remove blocks against previously blocked mail accounts due to suspicious actions.
Value | Comment |
---|---|
0 | Unblocking disabled |
1 | Standard password change will unblock the account |
2 | Password change will unblock the account, or automatic unblock after given amount of time which is set in block_cracking_unblock_minutes |
Related: BlockCracking notices and unblocking
block_cracking_unblock_minutes
block_cracking_unblock_minutes=120
Number of minutes when automatic unblock will resume account if block_cracking_unblock is set to 2.
Related: BlockCracking notices and unblocking
block_cracking_variables_conf
block_cracking_variables_conf=/etc/exim.blockcracking/variables.conf
A path to config file for BlockCracking variables.
Related: Spamblocker install and extra modules.
block_ip_after_failed_twostep_auth
block_ip_after_failed_twostep_auth=0
Block IP address after failed two step authentication.
Related: Two-Step Authentication in details
block_token_chars
block_token_chars=$[]<>:#
Defines values that are not permitted to be passed between pages via GET for the tokens. There is a newline character in there as well, in the internal values. Can't add newline if you override it due to config file limitations.
brutecount
brutecount=20
Number of login attempts to DirectAdmin panel after which IP address will be blacklisted by BFM (Brute Force Monitor).
Related: Enabling and Configuring BFM
brute_dos_count
brute_dos_count=100
Number of attempts on loading DirectAdmin login page after which IP address will be blacklisted by BFM (Brute Force Monitor).
Related: Enabling and Configuring BFM
bruteforce
bruteforce=1
Global enable/disable switch for a Brute Force Monitor service.
Related: Enabling and Configuring BFM
brute_force_apache_log_list_update_interval
brute_force_apache_log_list_update_interval=10
Number of minutes between the refresh of apache log list, used if brute_force_scan_apache_logs set to 2. Missing logs are always removed from the list, but new logs won't start scanning for this amount of time.
Related: Enabling and Configuring BFM
brute_force_exim_log
brute_force_exim_log=/var/log/exim/mainlog
A path to exim mainlog file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_exim_reject_log
brute_force_exim_reject_log=/var/log/exim/rejectlog
A path to exim rejectlog file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_ignore_attempts_on_suspended
brute_force_ignore_attempts_on_suspended=1
To ignore all attempts on suspended accounts by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_log_scanner
brute_force_log_scanner=1
Turns ON ability to have DirectAdmin scan service logs for any brute force login attempts on a server (dovecot, exim, proftpd, sshd).
Related: Enabling and Configuring BFM
brute_force_mail_log
brute_force_mail_log=/var/log/maillog
A path to main dovecot log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_messages_log
brute_force_messages_log=/var/log/messages
A path to main system messages log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_mysql_log
brute_force_mysql_log=/var/lib/mysql/web1.example.com.err
A path to main mysql log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_notifications_email_only
brute_force_notifications_email_only=0
Ability to send email notifications only without flooding a DirectAdmin panel message system. The email will contain the details of the attack, with a link to server/BFM panel to react quickly.
Value | Comment |
---|---|
0 | BFM will create a notification in DA Message System |
1 | BFM will not create a ticket in DA Message System, but will only send an email notification to admin |
Related: Enabling and Configuring BFM
brute_force_pma_log
brute_force_pma_log=/var/www/html/phpMyAdmin/log/auth.log
A path to PHPMyAdmin authentication log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_pureftpd_log
brute_force_pureftpd_log=/var/log/pureftpd.log
A path to pureftpd log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_roundcube_log
brute_force_roundcube_log=/var/www/html/roundcube/logs/errors
A path to RoundCube log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_scan_apache_logs
brute_force_scan_apache_logs=2
A Brute Force Monitor can scan apache domain logs for WordPress wp-login.php attacks.
Value | Comment |
---|---|
0 | Disable scanning of apache logs by BFM |
1 | Scan apache logs but only those specified in /usr/local/directadmin/data/admin/brute.conf file, the string should end with "equals" sign. Example adding procedure: echo "/var/log/httpd/domains/domain.com.log=" >> /usr/local/directadmin/data/admin/brute.conf |
2 | DirectAdmin itself will create a list of all logs to form the /usr/local/directadmin/data/admin/brute.conf . |
Related: Enabling and Configuring BFM
brute_force_secure_log
brute_force_secure_log=/var/log/secure
A path to OS secure log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_squirrelmail_log
brute_force_squirrelmail_log=/var/www/html/squirrelmail/data/squirrelmail_access_log
A path to SquirrelMail log file to be scanned by Brute Force Monitor.
Related: Enabling and Configuring BFM
brute_force_time_limit
brute_force_time_limit=1200
The time window for which the attempts (either failed logins or unauthorized connections) must pass with no activity before the count is reset.
Related: Enabling and Configuring BFM
cacert
cacert=
The path to certificate file to be used for DirectAdmin panel secure connection
Related: Setting up DA port 222 with a commercial SSL certificate
cache_time
cache_time=28800
A default cache time for static files ( images, css files, js) in DirectAdmin panel. The panel supports Etags, so the browser can ask DA if any file has changed, and DA will respond accordingly if it has or has not.
cakey
cakey=
The path to a key file to be used for DirectAdmin panel secure connection
Related: Setting up DA port 222 with a commercial SSL certificate
carootcert
carootcert=/usr/local/directadmin/conf/carootcert.pem
The path to caroot file which is for the ca root certificate used to prevent the SSL pop-up on a purchased SSL certificates.
Related: Setting up DA port 222 with a commercial SSL certificate
cb_version_check_odds_percent
cb_version_check_odds_percent=10
The chance as a percentage that any login will trigger the check of /usr/local/directadmin/custombuild/versions.txt
file for possible package updates. It's important to keep your server up to date.
If you change this check to 0, then the check will never run for either the post-login trigger nor the reset.
certificate_common_name_with_www
certificate_common_name_with_www=0
The ability to control default domain used (domain.com or www.domain.com) in the certificate CommonName. If you change value to 1, the www subdomain will be used like so: CN = www.domain.com.
cgroup
cgroup=1
Enables cgroup support. If set to 0, features such as Resource limits
and per user resource throttling won't be available in the panel.
check_group_on_user_create
check_group_on_user_create=1
Check if system group does not exist before creating a user.
check_home_path_on_user_create
check_home_path_on_user_create=1
A check to see if the User's home path /home/username
already exists before creating a user. Can be disabled changing to 0 , would be useful should you need to setup some things in the folder prior to creating the account.
check_load
check_load=10
The threshold value after which the 'system load average' notification will be sent to admins.
Related: load_spike_notice
check_load_minute
check_load_minute=5
The value of system load average which is checked for 'system load average' notification to be sent. Valid options are 1, 5 or 15 (same as OS load average values means). With above settings if the 5 minute load average is higher than 10 (check_load) - DirectAdmin will sent a warning.
Related: load_spike_notice
check_partitions
check_partitions=2
How often to check the partitions for high usage. Partitions are: /
, /var
, /home
, /usr
. /tmp
. Actual list is set with /usr/local/directadmin/data/templates/partition_check.list
file which can be copied to custom
and modified as needed.
Value | Comment |
---|---|
0 | Never check |
1 | Every minute |
2 | Every day |
Related: partition_usage_threshold
check_referer
check_referer=1
A check for a referer of http header passed to DA for all requests. The value in the Referer must match the Host value that was passed during the initial login. The host value will be stored in the session file.
check_subdomain_owner
check_subdomain_owner=1
Option to prevent a User from** creating a subdomain of a domain belonging to some other user**. This will also check any number of sub.sub.sub.sub.domain.com lengths, and covers domains with any number of extensions, eg sub.domain.co.uk.
Can be overridden over user.conf
of a given user account.
check_subdomain_owner_in_cluster_domainowners
check_subdomain_owner_in_cluster_domainowners=0
Option to prevent a User from** creating a subdomain of a domain belonging to some other user** in a Multi Server Setup.
Value | Comment |
---|---|
0 | Disable checking if domain exists in Multi Server Setup |
1 | Enable checking if domain exists in Multi Server Setup |
2 | Enable checking if domain exists in Multi Server Setup and uses strict mode - connected DA servers MUST provide the hostname in the request (recommended option) |
check_task_queue
check_task_queue=2048
A size in bytes of /usr/local/directadmin/task.queue
file after which a warning to admins will be generated about possible task queue processing issues. The DirectAdmin does check for file age also, must be older than 5 minutes + defined size. Change to 0 to disable the check.
clear_blacklist_ip_time
clear_blacklist_ip_time=86400
Number of minutes after which the blacklisted IP address will be removed automatically.
clear_brute_log_entry_time
clear_brute_log_entry_time=4
A number of days how long to keep brute-force incidents (in /usr/local/directadmin/data/admin/brute_log_entries.list
file).
clear_brute_log_time
clear_brute_log_time=48
Number of hours the failed login attempts to be checked within. If ip_brutecount is set to 100 then an IP can have 100 failed attempts within 48 hours before all Admins are notified. If the IP has 99 failed attempts, waits 24 hours, then makes 99 more attempts, no notifications will be sent.
cloud_cache
cloud_cache=0
File used by CloudLinux for quick access to uid numbers and package names. Same update times as for the show_all_users.cache. If set to 1 then /usr/local/directadmin/data/admin/cloud.cache
is used.
cluster
cluster=0
A global switch for Multi Server Setup.
cluster_ip_bind
cluster_ip_bind=
If not empty it will force outgoing cluster connections (to other DirectAdmin instances) to bind to the specified source IP address.
It is recommended to keep this value not set, then OS will be responsible for picking correct source IP address, which is the expected behaviour most of the time.
Note: The IP address specified in this config option should be available locally on the system. It is used as source IP address not destination IP address.
cluster_user_sync
cluster_user_sync=0
An ability to sync user accounts across multiple DirectAdmin servers.
commands_force_deny
commands_force_deny=CMD_LOGIN_KEYS:CMD_API_LOGIN_KEYS
A set of commands that will override the command being in the commands.allow
file.
compress_rotated_logs
compress_rotated_logs=1
Option to to rotate compressed apache logs. If set to 1 (default) the files will be /home/user/domains/domain.com/logs/Aug-2019.tar.gz
, if changed to 0 they will be logs/Aug-2019.log
and logs/Aug-2019.error.log
.
*Related: logs_to_keep *
convert_to_punycode
convert_to_punycode=0
Recognize IDN domains, and add required values to handle them. Evolution skin does the conversion automatically, so, it does not need this option.
Note, your skin must be using UTF-8, else you'll run into issues. By default, the Enhanced skin does NOT use UTF-8.
The Evolution skin doesn't need this feature, as it converts to punycode before passing any domain to DA.
Related: allow_domain_special_characters
count_email_usage
count_email_usage=0
Deprecated. Ability to override DA's manual email counting vs using system quotas (really only applies to mbox).
count_other_disk_usage
count_other_disk_usage=0
If you have data that should be counted in the total disk usage for a User, but does not fall under the standard usage areas (eg: data on a remote server), then you can use this option to create a hook, which lets you add extra bytes into the disk usage under "Other Usage". If you set count_other_disk_usage to 1, then directadmin will call /usr/local/directadmin/scripts/custom/other_disk_usage.sh
script for data. The script must exit with code 0, if non-zero code is exited, the output is logged to the errortaskq.log
.
The output on exit 0 must be URL encoded and for now, it will basically just be:
other_quota=12345
where 12345 bytes will be added to the user.usage
file. The value must be a positive integer.
count_pop_usage
count_pop_usage=1
Ability to shut off email quota reporting on the email accounts page to speed up loading. If you have thousands of email accounts, this can cause slowness. Change to 0 to disable. Can be overridden via the user.conf
on a per-User basis.
cpu_in_system_info
cpu_in_system_info=2
Ability to hide CPU information on the Server Info page.
Value | Comment |
---|---|
0 | Hide CPU information completely |
1 | Show a Thread Count only, without information about CPU itself |
2 | Show full information |
create_user_home_override
create_user_home_override=
A value to use for home directory during creating the user. This will override the useradd internal default and /etc/default/useradd
HOME default. Applies to any OS.
You can now also specify a desired /home directory, settable in the skins, if you add something like:
home_override_list=/home:/home2:/home3
where all paths must exist before DA is restarted, else none will be set. Once set, the package will be able to have, eg:
create_user_home_override=/home2
allowing that account to be created into that path.
Note: Since there are no Admin packages, the directadmin.conf
method is the only way to alter the admin home directory. (but you can post the desired create_user_home_override=/home2 with the creation, which would be accepted even though it's not in the form)
At this time, changing the create_user_home_override value in a package will not move a User to a different home directory. Same for editing a User's settings.. the user cannot be moved to a /home2 (for example) through DA.
Related: home_override_list | ext_quota_partitions
crypt_method
crypt_method=6
Ability to set the crypt type for passwords. Value 1 means DA will issue $1$ type for the MD5 crypt command. Value 6 means sha-512 mode, giving** $6$**.
custom_httpd_syntax_check
custom_httpd_syntax_check=1
Ability to disable Custom Httpd syntax checking. Useful on servers with OpenLiteSpeed with huge number of domains (>7000) where the syntax check is rather slow.
custom_mysql_conf
custom_mysql_conf=0
Ability to set per-user mysql.conf file. If you enabled it setting to 1 the database class in DA will then read in the user.conf
for given user. To override the default you would add own mysql.conf into user.conf
like:
mysql_conf=/usr/local/directadmin/conf/othermysql.conf
The path you set can be anything, but the read of the file only has "diradmin" access, so for simplicity, you might want to keep it in the same path, same permissions, like the mysql.conf
. The othermysql.conf
has 100% the same functionality as the mysql.conf
, so you can specify different mysql.sock files, or different host or access_host values.
Also, because mysqldump and mysql restores make use of /usr/local/directadmin/conf/my.cnf
any action that typically rebuilds that file, will now rebuild one for each User that has a customized mysql.conf, eg: /usr/local/directadmin/conf/my.cnf.username
, so that there are no conflict with running backups at the same time using different values.
custom_stats_path
custom_stats_path=
A path to custom statistic engine. Null by default, if you set for example:
custom_stats_path=/some/path/%s/index.html
then DA will swap the href="value" with your custom_stats_path value on the CMD_USER_STATS page (webalizer and awstats table, left column). For example: custom_stats_path=/CMD_FILE_MANAGER/domains/%s/stats/index.html
Would essentially do the exact same thing the normal webalizer link.
NOTE you must provide exactly one instance of %s else DA will fill the href with:
javascript:alert('check custom_stats_path setting');
so when clicked, Users will see a pop-up. If this option is set, it will override any webalizer/awstats setting, enabled or not.
damycnf
damycnf=/usr/local/directadmin/conf/my.cnf
Path used for the my.cnf file which is given to the mysqldump script to hide user/passwords from ps
output.
database_extended_user_privileges
database_extended_user_privileges=1
Add all remaining mysql user privileges option.
dataskq_max_instances
dataskq_max_instances=0
Sets a limit to maximum number of concurrently running dataskq
instances started by main directadmin service.
Main directadmin service executes dataskq
once every minute (configurable via dataskq_run_interval
option) to process pending tasks. New dataskq
instances will be started even if previous instances have not finished running. Setting this value to a non zero value will stop starting new dataskq
processes if there is already configured number of processes running.
This limit does not include dataskq
instances started manually.
Default value of 0
means there is no limit.
dataskq_run_interval
dataskq_run_interval=1m
Controls how often main directadmin
service starts task queue processor. Value can use the m
suffix for minutes and s
suffix for seconds.
If value is set to 0
will disable periodic dataskq execution. This might be useful for debugging or if dataskq
is started by other means.
da_website
da_website=http://www.directadmin.com/
An URL to DirectAdmin website, mostly used for templates, for example message_footer.txt
.
db_grant_escape_db
db_grant_escape_db=1
The _
character is a wildcard in MySQL. However, we've found some instances (eg: DigitalOcean MySQL 8.0 droplet) where it does not respect this wildcard), causing access hosts not to match, thus blocking MySQL logins.
This option, defaultly enabled, continues to escape the DB name (e.g.,user\_db
) during User grants:
db_grant_escape_db=1
For the special case, you may need to disable it, eg:
./directadmin set db_grant_escape_db 0
service directadmin restart
We do not recommend disabling this unless you're 100% sure the absence of this feature is causing the login issue.
db_hosts_per_user
db_hosts_per_user=30
Controls maximum number of hosts database users can have. It is recommended to keep this value at least 2
.
Zero value disables the limit.
debug_only_cmd
debug_only_cmd=0
If set to 1 the debug output will show CMD_* class only in the output.
debug_user_locking
debug_user_locking=0
default_acme_provider
default_acme_provider=letsencrypt
Internal default acme provider used for SSL Certificate requests, in absence of User selection. Set to letsencrypt
or zerossl
.
default_email_notify_limit
default_email_notify_limit=1000
The default limit of sent emails after which DirectAdmin will send a notification on overusage. This is only a notification threshold and does not impose any send limits. This setting only applies if the User's send limit is 0 (global /etc/virtual/limit
or per-User override: /etc/virtual/limit_fred
), where 0 is unlimited, and is only meant as a fallback to notify about many emails being sent. If a User limit is imposed, which is is by default, this setting will have no effect. Setting default_email_notify_limit=0
is not recommended, but would simply result in a notice being sent out daily should more than 0 emails be sent (assuming User has unlimited send limit).
Related: notify_on_mass_emailing | notify_user_on_mass_emailing | notify_reseller_on_mass_emailing | notify_admins_on_mass_emailings
default_mailing_list_max
default_mailing_list_max=100000
A default max majordomo list message size in bytes.
default_mysqldump_options
default_mysqldump_options=--single-transaction --max-allowed-packet=1G
Ability to pass additional command-line options to the mysqldump call, which is used to backup MySQL databases.
default_pop_quota
default_pop_quota=50
The default quota for mailboxes in megabytes.
default_ttl
default_ttl=14400
Sets the default value used for zone TTL values. Changing this setting alters what all TTL values have for all records, zone TTL, etc. You can still override the TTL of a User domain, regardless of this setting.
delete_messages_days
delete_messages_days=0
The option that controls the number of days after which messages are removed from the data/tickets/0000*/*
directory.
delete_tickets_days
delete_tickets_days=0
The option that controls the number of days after which tickets are removed from data/tickets/0000*/*
directory.
delete_vacation_on_end
delete_vacation_on_end=0
Option not to delete vacation message after expiry.
difficult_password_length_min
difficult_password_length_min=6
Passwords shorter than the set value will be refused.
Note that auto-generated passwords (more specifically passwords consisting of at least 20 symbols) will always be accepted.
diradmin_envelope
diradmin_envelope=
Allows you to override the default "diradmin@host.name.com" in the Return-Path, and set something else, eg:
/usr/local/directadmin/directadmin set diradmin_envelope your@email.com
service directadmin restart
By default, this is disabled and relies on your hostname being setup/resolving correctly.
direct_crons
direct_crons=1
With this option enabled, DirectAdmin does not use /usr/local/directadmin/data/users/username/crontab.conf
anymore for user cronjob configuration, and takes cronjobs directly from /usr/sbin/crontab -u username -l
.
direct_imap_backup
direct_imap_backup=1
With this option enabled, the imap folder is included directly into the final tar.gz file. Greatly improves the speed of backups.
disable_php_script_at_limit_minimum
disable_php_script_at_limit_minimum=100
The minimum number of emails that script must send to be chmod to 0. The minimum number is useful in the case where an account might have a limit of 1.. obviously, this wouldn't warrant the disabling of the script for sending 1 email.
So, for example script.php
sends 900 emails, and the limit is 1000. The total number of emails leaving the account would have been 1000 (since the limit was triggered) but 900... aka 90% of the emails sent, were from the script.
This passes the threshold of 80%.
Also, 900 emails are more than 100 email, so it will also pass.
If parse_php_mail_log_at_limit=2 is set the script.php
will be chmod to 0, and everyone notified. If any one is not true, the script will not be chmod to 0.
Related: parse_php_mail_log_at_limit
disable_php_script_at_limit_threshold
disable_php_script_at_limit_threshold=80
The percentage of total emails sent, of the hit limit, which must be exceeded by that script, in order to be chmod to 0
.
Related: parse_php_mail_log_at_limit
disk_usage_suspend
disk_usage_suspend=0
Option to suspend based on disk usage.
dkim
dkim=2
Ability to enable DKIM for domains (requires manual changes for existing accounts).
Value | Comment |
---|---|
0 | DKIM is disabled by default for the new domains |
1 | DKIM is enforced by default for the new domains |
2 | DKIM functionality is enabled, but not enforced for the new domains |
dkim_selector
dkim_selector=x
The selector to be used for dkim records. You must update the dkim settings in the /etc/exim.dkim.conf
by running:
da build exim_conf
Related: DKIM: ability to use selector instead of x
dns_affect_pointers_default
dns_affect_pointers_default=1
If you have main User domain domain.com, and it has Domain Pointer domain.net below it, this feature would mean that any record added to domain.com through the API or GUI would be added to domain.net.
It does control a checkbox both at the top of the "Add Domain Records" table, as well as at the bottom of the "Delete Selected" table.
Setting dns_affect_pointers_default=0 will make the default checkboxes be unselected but still visible in GUI.
dns_add_spf_ipv6
dns_add_spf_ipv6=1
Adds server IPv6 to SPF records by default. Requires IPv6 to be enabled (ipv6=1
in the directadmin.conf). Set to 0 to disable.
dns_caa
dns_caa=1
Enables support for CAA dns records.
dns_ns
dns_ns=2
Option to control if NS records are shown in User or Admin panel. Changing to 0 will hide completely, changing to 1 will hide for User panel only.
Value | Comment |
---|---|
0 | Hide NS records completely |
1 | Show NS records only in admin panel only |
2 | Show NS records in admin and user panel |
dns_ptr
dns_ptr=2
Option to control if PTR records are shown in User or Admin panel. Changing to 0 will hide completely, changing to 1 will hide for User panel only.
dnssec
dnssec=0
Value | Comment |
---|---|
0 | DNSSEC disabled |
1 | Enable DNSSEC |
2 | Enable DNSSEC (enable DS records) however do not sign the current domain |
dnssec_add_subdomain_ds_to_parent
dnssec_add_subdomain_ds_to_parent=1
Sign subdomains with dnssec automatically.
1) If you're creating sub.domain.com has domain.com is already signed, sub.domain.com will be immediately keyed & signed.
2) If you've just signed the DNSSEC sub.domain.com zone, and domain.com exists on the server, if enabled DA will add the DS and NS records from sub.domain.com to domain.com
dnssec_add_subdomain_ds_to_remote_parent
dnssec_add_subdomain_ds_to_remote_parent=1
Add DNSSEC records to remote server if Multi Server Setup enabled and zone is not local.
dnssec_mss_use_signed_zone
dnssec_mss_use_signed_zone=1
To have DirectAdmin send the signed zone to the remote box if Multi Server Setup enabled.
dns_spf
dns_spf=0
Enables support for SPF dns records. Deprecated as SPF records themselves.
dns_tlsa
dns_tlsa=0
Enables support for TLSA dns records.
dns_ttl
dns_ttl=0
Enables per-record DNS TTL management.
1.664)
docsroot (unavailable sincedocsroot=./data/skins/enhanced
Path of the default skin to be used. Used for CMD_SKINS?reset=yes
resets if your custom skin has gone bad.
1.669)
system_skin (unavailable sincesystem_skin=enhanced
Name of the default skin to be used. Used for login page and for CMD_SKINS?reset=yes
resets if your custom skin has gone bad.
domainips_default_ip
domainips_default_ip=
The default IP address that could be used as a sending IP for /etc/virtual/domainips
.
dovecot
dovecot=1
If you have Dovecot, this will be set to 1.
dovecot_proxy
dovecot_proxy=0
Used to setup IMAP/POP3/SMTP proxy.
When this is enabled, anytime a value is changed on the master server, it will locally save a dovecot proxy line to the local /etc/virtual/domain.com/passwd
file. With regards to the sync, this will push the info to the remote box, as before, but with dovecot_proxy=1 enabled remotely, it will also add the proxy into to the remote passwd file on the slave box, pointing to the master server's IP.
This has the effect, such that you can in theory have the remote slave box as mail.domain.com, with all emails arriving there with smtp. On that slave box, when exim tries to save the email with lmtp, it will be redirected back to the master server to be saved, so email is saved locally. Clients can connect to either the master or slave box to check their imap.
This task.queue option has been updated to rewrite the master data on the master box: echo "action=rewrite&value=email_passwd" >> /usr/local/directadmin/data/task.queue
or: echo "action=rewrite&value=email_passwd&user=fred" >> /usr/local/directadmin/data/task.queue
This means all of the hook scripts are used, so the remote box can still use email_create_pre.sh
, or email_change_pass_pre.sh normally (and post scripts)
NOTE: the "passwd" field will be the crypted value, and not the plaintext password. If you rely on this, only the master will know the plaintext. But you'll know it's crypted because passwd_is_crypted=1 will be set in your .sh scripts.
dovecot_proxy_override
dovecot_proxy_override=
Ability to override the /etc/virtual/domain.com/passwd
if dovecot_proxy is in use.
ecc_certificates
ecc_certificates=1
Ability to disable support of ECDSA (Elliptic Curve Digital Signature Algorithm) certificates.
email_ftp_password_change
email_ftp_password_change=1
Allow ability to change email and ftp passwords separately per /CMD_CHANGE_EMAIL_PASSWORD and /CMD_CHANGE_FTP_PASSWORD, respectively.
email_show_last_login
email_show_last_login=0
To save and show email last login.
email_show_last_password_change
email_show_last_password_change=1
To save and show last password change time. Where anytime an email password is changed, either through DirectAdmin GUI (CMD_EMAIL_POP, CMD_API_EMAIL_POP, CMD_CHANGE_EMAIL_PASSWORD, etc), the time and IP will be saved into: /etc/virtual/domain.com/last_password_change/user
in the format:
ip=1.2.3.4&when=1535140911
If the above setting is set to 1, then for Enhanced, the hover-over usage will include this information. If no password change has been made after this feature is present, no info will be shown.
emailspoolvirtual
emailspoolvirtual=/var/spool/virtual
Path to the email data for when mbox used (actual emails).
emailvirtual
emailvirtual=/etc/virtual
Path to the email data (virtual account names).
enable_threads
enable_threads=0
Enables** threads for Multi Server Setup**. As with any MSS feature where you have multiple remote servers setup (lets use 3 for example), doing 3 sequential requests will take 3 times as long as doing 3 parallel calls all at the same time. The enable_threads=1 directadmin.conf option creates currently works for options: User Check, User Accounts, with plans to add support for Zone Transfer/Domain Check for faster MSS syncs when more than one B slave exists on the MSS page of A.
enforce_difficult_passwords
enforce_difficult_passwords=0
If set to 1, new passwords without at least one number, lowercase and uppercase letter will be refused.
If you want to customize password checking, see password_check_script.
Note that this password check is independent of difficult_password_length_min and password_check_script.
ensure_root_awstats_link
ensure_root_awstats_link=1
A workaround used on accounts restore to make sure internal links in awstats are working.
errorlog
errorlog=/var/log/directadmin/error.log
A path to **DirectAdmin error log **file
ethernet_dev
ethernet_dev=eth0
The network device name that holds the licensed IP. Other common values: eth1, eth0:0, venet0:0
exempt_local_block
exempt_local_block=1
If set to 1 will prevent 127.0.0.1 from being blacklisted.
exim_paniclog
exim_paniclog=0
To let DirectAdmin check the exim/paniclog file . Disabled by default. If you set it to real location like:
exim_paniclog=/var/log/exim/paniclog
Then DirectAdmin will check the file every minute and if the file exists and has a size greater than 0, then a notice will be sent to all Admins in the message system.
DA will note the time of this send in the file /usr/local/directadmin/data/admin/admin.conf
with setting and timestamp, eg:
exim_paniclog_last_sent=1513064965
So the next minute, when DA sees that the paniclog is still greater than 0, the send won't occur again until 24 hours has passed. If the size is still more than 0 bytes, it will send again. The nightly full tally will check the admin.conf
and if the exim_paniclog_last_sent value is not set to 0, it will reset it to 0.
ext_quota_partitions
ext_quota_partitions=
If you have another partition you want DA to count, specify that partition here.
Related: create_user_home_override | home_override_list
How to enable quota checking on a 2nd /home partition
extra_backup_option
extra_backup_option=
Set if you want to insert extra commands for tar to use when creating user backups.
extract_list_max_files
extract_list_max_files=5000
The maximum number of files to be looked for within a compressed file by DirectAdmin.
DA basically just looks for the 5000'th newline character and nulls it with a comma (,), ending the string. If this is hit, this string is added to the end of the listing:
Maximum number of files listed (5000). Suppressing further output.
This should prevent hangups if a very large zip/tar.gz is being extracted.
extra_mysqldump_options
extra_mysqldump_options=
Ability to override mysqldump options on backup time.
extra_mysql_restore_options
extra_mysql_restore_options=
Ability to override MySQL options on restore time (for example character-set).
extra_spf_value
extra_spf_value=
Value to be added for SPF value for new domains. Valid example to use, just a single IP:
extra_spf_value= ip6:1080::8:800:200C:417A
** Note the space after the = character **. This is required, else the text you insert here will end up being appended to the server IP. DA isn't adding a space for you to allow for the use of the token in other creative manners, like netmasks, or like if-then-else statements on it or other template/tokenizer things.
extra_unzip_option
extra_unzip_option=
The usual way DA unzips a file is unzip -qo file.zip'
, so the extra_unzip_option value is inserted after the -qo flag.
This could be useful to unzip names in special characters like so:
path/blaåŒÅtest.jpg: mismatching "local" filename (path/bla├åœâ”¼å°test.jpg), continuing with "central" filename version
So set value to -O cp396 :
extra_unzip_option=-O cp396
favicon_ico
favicon_ico=favicon.ico
A file to be used as favicon.ico. Taken relatively to the docsroot directadmin.conf variable + /images/. Usually, /usr/local/directadmin/data/skins/evolution/images/favicon.ico
. If any request is made to DA for 1.2.3.4:2222/favicon.ico
DA will send them the file at |DOCSROOT|/images/favicon.ico
.
filemanager_disable_features
filemanager_disable_features=0
Ability to shut off certain features of the File Manager. Configured over own bits. For any feature you wish to disable, simply add that bit to the decimal number.
Defines are as follows:
#define FM_F_PROTECTABLE 1
#define FM_F_RENAME 2
#define FM_F_COPY 4
#define FM_F_RESET_OWNER 16
#define FM_F_RESET_OWNER_RECURSIVE 32
#define FM_F_HIDE_CHECKBOX 64
#define FM_F_EDITABLE 128
#define FM_F_EXTRACTABLE 256
#define FM_F_DELETE 512
#define FM_F_CHMOD 1024
#define FM_F_MKDIR 2048
#define FM_F_CLIPBOARD 4096
#define FM_F_UPLOAD 8192
#define FM_F_DOWNLOAD 16384
#define FM_F_DOWNLOAD_AND_COMPRESS 32768
For example, to fully disable directory protection, set filemanager_disable_features to 1 .
To disable rename and copy, add them together and set filemanager_disable_features to 6 .
If you only want "protectable" enabled, then add everything, less 1, & set filemanager_disable_features to 8182 .
To disable the moving of files to Trash upon removal, set filemanager_disable_features to 65536 .
filemanager_du
filemanager_du=1
Used to do recursive folder disk usage counting in File Manager. The calculated usage value will replace the usual 4.0k you see for all directories, but this feature is expected to slow down the File Manager. Can be overridden via the user.conf
.
filemanager_show_directory_count
filemanager_show_directory_count=1
Ability to hide directory disk usage in the "Size" column to improve performance.
fm_allow_binary_edit
fm_allow_binary_edit=0
Whether or not File Manager will permit editing of binary files. Set to 1 to allow binary files editing, but also to enable editing of nonexistent files (related to editing of 404.shtml when it does not exist).
fm_dir_permissons
fm_dir_permissons=755
Default permissions for directories created by File Manager.
fm_file_permissions
fm_file_permissions=644
Default permissions for files created by File Manager.
fm_owners
fm_owners=|USER|:|GROUP|
Default ownership for files or directories created by File Manager.
fm_purge_trash_days
fm_purge_trash_days=30
Indicates the age of days a file before being deleted from .Trash folder. For folders, the last modified time of a folder must be >= 30 days old for it to be traversed. -1
means never auto-purge, 0
- immediately purge if found. Up to a max of 10000
days before being purged.
force_hostname
force_hostname=
By default DA allows people to connect to any IP, domain name, subdomain, etc.. that lives on port 2222. Setting force_hostname to any value force a browser to use a specific value when connecting.
force_pipe_post
force_pipe_post=
Option to forcefully use POST requests. Example set is a colon separated list of scripts you want POST to be piped through:
force_pipe_post=filemanager_pre.sh,all_pre.sh
Related: pipe_post
force_ssl
force_ssl=0
Force SSL with https redirect for all websites.
forwarder_loop_check
forwarder_loop_check=1
Enabled by default - DirectAdmin will abort the creation of the forwarder if local forwarders end up pointing back to the original. The process is recursive with max recursion depth of 20.
fs_in_system_info
fs_in_system_info=1
When enabled shows file system information and disk usage in the System Information page.
ftpconfig
ftpconfig=/etc/proftpd.conf
The path to the ftp config file.
ftppasswd_db
ftppasswd_db=/etc/pureftpd.pdb
The path to the pureftpd database file.
ftppasswd
ftppasswd=/etc/proftpd.passwd
The path to the proftpd passwd file.
ftpsep
ftpsep=@
The character used after usernames and before the domain name. An example of an ftp login would be: fred@domain.com .
The + character would be a good alternative if you are looking for change.
ftpvhosts
ftpvhosts=/etc/proftpd.vhosts.conf
Deprecated. The path to the proftpd vhosts file.
ftp_list_run_as
ftp_list_run_as=nobody
If using the default option, when /usr/local/directadmin/scripts/ftp_list.php is executed from the GUI (using the admin backup/transfer feature), it'll be run by user "nobody".
full_mx_records
full_mx_records=1
Ability to specify a subdomain for an MX name.
global_httpd_tokens
global_httpd_tokens=/usr/local/directadmin/data/admin/global_httpd_tokens.conf
The file that contains global tokens to be used in Apache/Nginx templates.
handshake_timeout
handshake_timeout=12
A handshake timeout for https calls to DirectAdmin panel over port 2222.
hard_quota_multiplier
hard_quota_multiplier=1.1
Ratio for the soft-limit to hard-limit for quotas. Allows a grace period for Users to go over their quotas up to the hard-limit. After the grace period, they can only delete files until below the soft-limit again.
hide_brute_force_notifications
hide_brute_force_notifications=1
Change to 1 to prevent sending brute-force notifications by email.
hide_ip_user_numbers
hide_ip_user_numbers=0
If you're sharing an IP among many Resellers, hide the number of Users on that IP.
hide_webmail_links
hide_webmail_links=1
Ability to hide or change the webmail links and webmail button.
home_override_list
home_override_list=
A list of paths where to create users, to be used with create_user_home_override . Example set:
home_override_list=/home:/home2:/home3
Related: create_user_home_override | ext_quota_partitions
hook_custom_vars
hook_custom_vars=0
Ability to pass custom variables to pre/post.sh scripts from GET/POST. Set it to 1 to enable and then you can use any GET/POST variable name you want from these characters: a-zA-Z0-9_-.
It must start with the prefix custom_var_
So, a sample variable passed with GET or POST might be:
custom_var_do_something=yes
which would let you access:
$custom_var_do_something
in any hook script that is called with that request.
Note the maximum length of an environmental value is 125749 bytes. Anything greater than or equal to that length will be ignored, and its env variable will be unset if it was present already.
hsts
hsts=-1
The option to enable HTTP Strict-Transport-Security for the DirectAdmin login page. If SSL=1
and hsts>0
the hsts value is in seconds, and will form the header: Strict-Transport-Security: max-age=5184000
To disable the header, you must set it to -1 in the directadmin.conf or delete the hsts value from the directadmin.conf, reverting to the internal -1 default. Because browsers will remember the setting, if you are going from a large value (5184000), to make the browser "forget", you must set it to 0 for a while (hsts=0
) so that the header is sent to clients set to 0 shutting it off. After all browsers/clients have received the change, then you can set it to -1
.
If you consider enabling it, we recommend using:
force_hostname=server.domain.com
htm_all_scripts
htm_all_scripts=0
Lets you run all_pre.sh and all_post.sh scripts on HTM files. Handy for creating your own scripted areas in DA that are not plugins.
include_directadmin_port_in_brute_firewall
include_directadmin_port_in_brute_firewall=0
Option to include port 2222 failed login attempts in BFM blocks (CSF).
incremental_ftp
incremental_ftp=1
When uploading backups, the finished backup will be uploaded before the subsequent backup's creation to lower total disk usage.
inode
inode=1
Support for counting and displaying of inode limits for Users. Can be set in packages. Uses the hard limit multiplier, just like the disk usage, meaning, the value you set will be the soft limit, and the hard limit will be 1.1x that value.
internal_lang
internal_lang=/usr/local/directadmin/data/skins/enhanced/lang
Location for the fallback internal language files if other skins don't have them.
ionice_string
ionice_string=
Default ionice value for User backups.
If you add a string, it would look something like this:
ionice_string=/usr/bin/ionice -c2 -n7
This would make the resulting tar backup call look like:
/usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /bin/tar cvf .... etc.,
ip_blacklist
ip_blacklist=/usr/local/directadmin/data/admin/ip_blacklist
A path of blacklisted IPs to be used in Brute Force Monitor.
ip_brutecount
ip_brutecount=30
Number of bruteforce attempts per IP required to trigger sending a notification to admins.
ipv6
ipv6=1
Basic support for IPv6
ip_whitelist
ip_whitelist=/usr/local/directadmin/data/admin/ip_whitelist
A path of whitelisted IPs to be used in Brute Force Monitor.
jail
jail=0
Use bubblewrap to jail users (cronjobs, shell and PHP-FastCGI). Use CustomBuild to install bubblewrap, it sets the DirectAdmin value automatically.
Value | Comment |
---|---|
0 | jail disabled completely |
1 | jail is enabled by default, but can be personally disabled per package, reseller.conf or user.conf |
2 | jail is enabled forcefully for all |
language
language=en
Default language for the system, and also for the demos.
language_list
language_list=
List of languages (separated with :
symbol) that should be available in DirectAdmin language selection. Used to minimize the number of languages offered for end-customers.
When empty all default languages that comes with pre-installed will be available.
For example setting:
language_list=en:nl
Will limit supported languages to English and Dutch.
lan_ip
lan_ip=
Local IP address if LAN setup was done.
letsencrypt
letsencrypt=1
Ability to disable Let's Encrypt in DirectAdmin interface. If enabled globally you might want to deny access to LetsEncrypt for specific Users adding "letsencrypt=0" to user.conf
file.
Note that this only applies to the interface, and does not affect background/dataskq actions. So this will not work to globally have it shut off, if you're trying to enable it for 1 User, for example. The background checks must have it enabled globally to work.
letsencrypt_disable_renew_after_renew_failure
letsencrypt_disable_renew_after_renew_failure=0
Disable Let's Encrypt certificate auto-renew after X failed attempts, with failure message.
letsencrypt_foreground_http_max
letsencrypt_foreground_http_max=10
Number of requests (checkboxes selected) after which the letsencrypt generation will be sent to background and processed by dataskq.
letsencrypt_list_selected
letsencrypt_list_selected=www
Ability to specify which DNS records will be automatically selected on the Let's Encrypt page.
letsencrypt_list
letsencrypt_list=www:mail:ftp:pop:smtp
Ability to select which DNS records to include in Let's Encrypt certificate.
letsencrypt_max_requests_per_week
letsencrypt_max_requests_per_week=200
Set the weekly max Let's Encrypt requests limit shown in the interface.
letsencrypt_multidomain_cert
letsencrypt_multidomain_cert=3
Ability to select which DNS records to include in Let's Encrypt certificate.
letsencrypt_renewal_days
letsencrypt_renewal_days=60
Ability to set time in days when DA tries to renew issues Let's Encrypt certificates.
letsencrypt_renewal_error_to_users
letsencrypt_renewal_error_to_users=1
Ability to control and send notifications to users on failure renewals.
letsencrypt_renewal_failure_notice_after_attempt
letsencrypt_renewal_failure_notice_after_attempt=5
Max failed Let's Encrypt certificate renewal attempts before sending a failure notice.
letsencrypt_renewal_notice_to_admins
letsencrypt_renewal_notice_to_admins=1
Ability to control and send notifications to admins on failure renewals.
letsencrypt_renewal_success_notice
letsencrypt_renewal_success_notice=0
Ability to receive Let's Encrypt successful renewal notices.
letsencrypt_success_full_output
letsencrypt_success_full_output=0
Ability for the full output to be shown again upon success.
listen_backlog
listen_backlog=8
Sets the listen() backlog size for DirectAdmin.
litespeed
litespeed=0
A flag used to indicate if LiteSpeed is in use.
load_in_system_info
load_in_system_info=1
Calls to the System Information can now support load average, enabled by default. Set to 0 to disable:
/usr/local/directadmin/directadmin set load_in_system_info 0
service directadmin restart
load_iotop_string
load_iotop_string=/usr/sbin/iotop
The iotop command and keys to be included in a notice sent to all admins when 'server load average' notice will be generated. Defaults differ for varying OS's:
CentOS 6/7 + Debian
load_iotop_string=/usr/sbin/iotop -b -n 1
load_notice_interval
load_notice_interval=10
A time in minutes how often the load-average critical notifications are sent to admin, defaults to 10 minutes.
load_top_string
load_top_string=/usr/bin/top
The command which is used to gather the data for load average notifications.
load_top_string=/usr/bin/top -c -b -n 1
local_mailserver_without_dnscontrol
local_mailserver_without_dnscontrol=0
If set to 1 the "MX Records" URL will show up when viewing a domain, and you can make changes to the "Local Mail Server" option, where you might have dnscontrol=OFF in your account.
Some Users might have external DNS, hence they shouldn't change their dns settings, but still need to change their Local Email Server settings.
lock_debug
lock_debug=0
logdir
logdir=/var/log/directadmin
A path where DirectAdmin will save own logs.
loghostname
loghostname=0
Option used to do reverse IP lookups in logs. Not recommended as slows things down quite a bit.
login_hash_expiry_minutes
login_hash_expiry_minutes=4320
New internal option simply that lets you alter the internal default time of the ./directadmin --create-login-url user=fred
call.
login_history
login_history=10
Number of login attempts to store.
login_history_include_login_as
login_history_include_login_as=0
Option to hide login-as in login history.
login_keys
login_keys=1
login_keys_notify_on_creation
login_keys_notify_on_creation=1
Enables Login Keys functionality in DirectAdmin.
loginlog
loginlog=/var/log/directadmin/login.log
A path to login.log file.
logs_history_as_nobody
logs_history_as_nobody=0
Save User's logs folder and contents as "nobody", preventing them from deleting them from /home/user/domains/domain.com/logs/
.
logs_to_keep
logs_to_keep=5
Number of rotated logs to keep in a user's home location.
logs_to_keep_days
logs_to_keep_days=0
Relating to logs_to_keep=5.
When set to a positive integer (in days), specifies a secondary log rotation limiter based on age, not just count.
lost_password
lost_password=0
Feature to let users reset their passwords without bugging the Admin.
maildir_with_new
maildir_with_new=1
This was for a template change. It's not recommend you go back. Set to 0 to disable using Maildir/new/
Maildir/.INBOX.spam/new/
etc.
mail_autoconfig
mail_autoconfig=1
Controls whether web server's configs include routing for email auto configuration feature for Thunderbird and MS Outlook (pro-pack).
mail_partition
mail_partition=
Custom partition location for email.
mail_sni
mail_sni=1
Setting for Dovecot and exim SSL SNI certificate support. Manages the /etc/virtual/snidomains
file required for DirectAdmin and Pure-FTPd SNI support, too.
maxfilesize
maxfilesize=10485760
The maximum size, in bytes, that a POST can be. This is mainly used for file uploads but applies to all POSTs. Do not set this value to a very small number, as it would block normal POSTs as well (User creation, etc) if it's too small.
max_per_email_send_limit
max_per_email_send_limit=-1
Option to control the number of messages sent per email.
If you wish to allow the Users to set values higher than the default 200, but leave 200 as the default, then change the max_per_email_send_limit
to be, for example, max_per_email_send_limit=500
.
A value of -1 (default) tells DirectAdmin to rely on the /etc/virtual/user_limit
file. A value of **0 ** is unlimited. A value above 0 is the max number a User can set.
Can be overridden via the user.conf
file. This can be done by editing the user.conf
file directly, or via DirectAdmin's GUI when viewing the details for a given User.
For enhanced, the page:
CMD_SHOW_USER?user=fred
will show an extra row, just below "Received Emails", called "Max limit User can set per E-Mail". If you're an Admin, you'll be able to modify this value. Setting a number saves max_per_email_send_limit
into the User's user.conf
file and setting it as a blank value deletes the max_per_email_send_limit
from the user.conf
.
max_read_to_memory_size
max_read_to_memory_size=524288000
Sets an upper limit as to the max size of file that can be stored in DirectAdmin memory, when DA uses a function to read the contents of a file to memory so it can be worked on.
max_twostep_auth_attempts
max_twostep_auth_attempts=5
Maximum number of two step authentication attempts.
max_username_length
max_username_length=10
The max length a username can be. Max is 30. It is limited to a max of 14 with MySQL 5.5/5.6 and MariaDB 5.5 because of the 16 character MySQL database name limit and the username naming prefix.
max_user_send_limit
max_user_send_limit=-1
The upper limit that can be set by a Reseller.
Value | Comment |
---|---|
-1 | Upper limit is taken from the /etc/virtual/limit file |
0 | No limit |
>0 | A value higher than 0 becomes the limit |
modsec_audit_dir
modsec_audit_dir=/var/log/modsec_audit
The directory for modsecurity audit logs.
mq_exim_bin
mq_exim_bin=/usr/sbin/exim
Where Exim is located. Use for the mail spool query calls in Admin Level -> Mail Queue Admin.
mq_exim_max_load_size
mq_exim_max_load_size=2000
When accessing CMD_MAIL_QUEUE
to view the mail queue via the DirectAdmin panel, it will call exim -bpc
before trying to load the queue. If the number of mails in the queue is higher than mq_exim_max_load_size, then an intermediate warning page is shown with a button to try anyway. This will add the GET value of force=yes
to the request, telling DA not to worry about it and show it anyway.
When forced, the initial exim -bpc
call is not done, in case that call itself is slow, where it's not needed since we're going to jump straight into loading the queue no matter what.
msg_sys
msg_sys=Message System
If you want to name your hosting company in the message system emails, this lets you specify the "name" part of the "From" header.
mx_templates
mx_templates=1
This variable controls the user's ability to select google/zoho from a list in User panel -> Modify MX Records. Enabled by default. Actual list is taken from two files in /usr/local/directadmin/data/templates/mx
directory and can be customized if copied to templates/mx/custom
directory.
mysql
mysql=1
Ability to disable all database functions at once.
mysqlconf
mysqlconf=/usr/local/directadmin/conf/mysql.conf
Path to the user/pass that DA will use for the connection to mysql.
named_checkzone
named_checkzone=1
Whether to run DNS zone files through a check before saving zone to disk.
named_checkzone_level
named_checkzone_level=fail
Is used with the named-checkzone query -k option. It was found that some warnings returned by named-checkzone would actually cause a full failure in named, so the strictness level of this call was increased to the current default fail.
Valid options values are:
- fail
- warn
- ignore
If you find this to be too strict, set it back to level "warn" by adding:
named_checkzone_level=warn
namedconfig
namedconfig=/etc/named.conf
The path to main named config file (depends on OS used).
nameddir
nameddir=/var/named
The path to the named directory.
named_rename_hostname_zone
named_rename_hostname_zone=1
If you rename a hostname from the DirectAdmin panel, the process will rename the hostname zone. If set to 0, then DirectAdmin will not change zone associated with the hostname.
named_rndc
named_rndc=0
Allows for immediate DNS changes using rndc without any delay.
named_rndc_addzone
named_rndc_addzone=0
Allows for immediate DNS changes using rndc without any delay.
named_service_override
named_service_override=
On some OSs for named/bind, it's simpler to have DA use some different script name, rather than trying to force the specific boot script names. Specifically on Debian, apt-get provides bind9.service, but DA would still be looking for named.service.
To have DA call bind9.service, set: named_service_override=bind9
Note, if you add named_service_override
to the directadmin.conf
, ensure it has a value.
If it's present but blank, this means DA would call systemctl reload .service instead of systemctl reload bind9.service.
never_commands
never_commands=
Global commands to never be executed by the DirectAdmin panel. An example set would be: never_commands=CMD_ACCOUNT_ADMIN:CMD_API_ACCOUNT_ADMIN
nginx
nginx=0
When using webserver=nginx_apache
, the option is used to enable/disable the per-domain Nginx templates and the ability to process a domain with Nginx only when using Nginx reverse proxy.
Related: nginx_proxy
nginx_proxy
nginx_proxy=1
This setting is used in conjunction with nginx=
in the directadmin.conf and in the domain's .conf file for per-domain Nginx configurations.
Related: nginx
nginx_ca
nginx_ca=/etc/nginx/ssl.crt/server.ca
A path to the Nginx Certificate Authority file.
nginx_cert
nginx_cert=/etc/nginx/ssl.crt/server.crt
A path to the Nginx certificate file.
nginxconf
nginxconf=/etc/nginx/directadmin-vhosts.conf
The main Nginx config file with users' VirtualHosts.
nginx_fpm_always_set
nginx_fpm_always_set=0
Ability to always load all php-fpm settings into the User nginx.conf.
nginxips
nginxips=/etc/nginx/directadmin-ips.conf
The path to the file containing the Nginx configuration for server IPs.
nginx_key
nginx_key=/etc/nginx/ssl.key/server.key
The path to the Nginx key file.
nginxlogdir
nginxlogdir=/var/log/nginx/domains
The path to the directory where Nginx stores domain logs.
nginx_pid
nginx_pid=/var/run/nginx.pid
The path to the Nginx PID file.
nginx_proxy
nginx_proxy=0
The flag used to indicate if nginx proxy is used.
nginx_proxy_buffering
nginx_proxy_buffering=0
The option to control flow between Nginx and Apache. If set to 0, the Apache server sends through Nginx, byte by byte, making the connection faster. If you have many slow clients, setting nginx_proxy_buffering to 1 will mean that Apache sends all data to Nginx, which stores it in a buffer, which can then disconnect from Apache to let it do other things.
The catch with setting this to 1 is that Nginx doesn't start to send all of the data until Apache has finished sending it to Nginx... meaning the first byte is not sent until Nginx receives the last byte from Apache.
notify_admins_on_all_account_creation
notify_admins_on_all_account_creation=0
Option to notify all Admins about the creation of any account type.
notify_admins_on_mass_emailings
notify_admins_on_mass_emailings=1
Notify admins on mass emailing.
notify_admins_on_per_email_mass_emailings
notify_admins_on_per_email_mass_emailings=1
Notify admins on mass emailing.
notify_email_on_per_email_limit
notify_email_on_per_email_limit=1
Send an email to an email account if their** per-email limit is reached** (not referring to the per-DA-User limit).
notify_on_autoupdate
notify_on_autoupdate=1
Notify admins on DirectAdmin auto updates.
notify_on_autopatch
notify_on_autopatch=0
Notify admins on DirectAdmin auto updates (hotfixes).
notify_on_mass_emailing
notify_on_mass_emailing=1
Notify admins of a mass emailing by user.
notify_reseller_on_mass_emailing
notify_reseller_on_mass_emailing=1
Notify resellers of a mass emailing by his user.
notify_user_at_full_quota
notify_user_at_full_quota=1
To send notification to user if his quota is full.
notify_user_on_mass_emailing
notify_user_on_mass_emailing=1
Notify user on mass emailing.
ns1
ns1=ns1.hostname.com
The primary, default, Admin NameServers, values as set at Admin Level -> Admin Settings -> ns1.
ns2
ns2=ns2.hostname.com
The primary, default, Admin NameServers, values as set at Admin Level -> Admin Settings -> ns2.
numservers_waiting
numservers_waiting=10
Number of directadmin
processes started to wait for new incoming HTTP requests. It does not include the processes that are already processing a request. Total number of processes can be controlled with numservers
parameter.
numservers
numservers=50
Limits total number of directadmin
processes dedicated for handling incoming HTTP requests. It includes both types or processes - waiting for new request to arrive and processes already processing a request.
one_click_pma_login
one_click_pma_login=0
A one-click login to phpMyAdmin.
one_click_webmail_link
one_click_webmail_link=/roundcube
The single sign-on (SSO) tool for the URL path /roundcube can be changed via this option. So if you've got your /roundcube setup with /webmail, this lets you have the button within DA to redirect the specified link.
one_click_webmail_login
one_click_webmail_login=0
A one-click login to RoundCube
one_click_webmail_timeout
one_click_webmail_timeout=10
Ability to wait longer for the "One Click Login" webmail tool, in case there is two-factor authentication, or the login needs more time.
open_basedir
open_basedir=ON
Default values for safemode and open_basedir. Configured over Admin Level -> Php Safemode Config.
parse_php_mail_log_at_limit
parse_php_mail_log_at_limit=1
Value | Comment |
---|---|
0 | Disabled |
1 | To display a path to the script on the "E-Mail Usage" page in the User panel |
2 | To block the script with chmod 000 . Further control can be achieved via the disable_php_script_at_limit_threshold and disable_php_script_at_limit_minimum values. |
Related: disable_php_script_at_limit_minimum | disable_php_script_at_limit_threshold
partition_usage_threshold
partition_usage_threshold=95
If the usage of a given partition exceeds this threshold value, an email is sent to all admins. This email is only sent once per day if the usage is not reduced or settings changed (the message time history is stored in the admin.conf).
password_check_script
password_check_script=
If non-empty, defines a script (or any binary) to be executed for checking password.
If script returns non-zero exit code, password is refused and output is reported to the user (both stdout
and stderr
).
Script is executed as diradmin
user with the following environment variables:
Environment variable | Value | Note |
---|---|---|
password | Password to check | - |
language | language | - |
difficult_password_length_min | difficult_password_length_min | ⚠️ DEPRECATED: difficult_password_length_min is always checked before the script. |
random_password_length | 20 | ⚠️ DEPRECATED: passwords consisting of at least 20 symbols are always accepted. |
random_password_length_max | 20 | ⚠️ DEPRECATED: passwords consisting of at least 20 symbols are always accepted. |
special_characters_in_random_passwords | 0 | ⚠️ DEPRECATED. |
password_placeholder
password_placeholder=XXXXXXXXXX
A character to be used to replace visible password within DA panel.
Anytime the form is saved, either creation of a new cron, ftp listing update.. or modification of a cron, the existing back-end password will be loaded into DA internally, decrypted, and will replace the XXXX string with the actual value.
This should improve security, as the passwords are no longer saved in the html as plaintext.
You may change the value to something else other than X.
The reason for making a password_placeholder variable is in case someone actually wants to use a password value of XXXXXXXXX, they could then set password_placeholder=YYYYYYYYY
for example. Of course, using XXXXXXXXX for a password is a terrible idea anyway, so don't do it.
php_fpm_max_children_default
php_fpm_max_children_default=10
Ability to set default PHP-FPM max children limit../build rewrite_confs
is required after the change for the setting to be applied.
php_fpm_restarts
php_fpm_restarts=0
Option that controls how a PHP-FPM restart is performed. By default, it uses a graceful restart. If you're having issues with php-fpm not executing the above command properly for your system, you can set this value to 1, so that it calls a full "restart" for the php-fpmXX service(s).
php_home_tmp_session_save_path
php_home_tmp_session_save_path=0
Set /home/tmp
as the PHP temporary files save path../build rewrite_confs
is required after the change for the setting to be applied.
php_mail_log
php_mail_log=1
Option which** enables logging all calls to mail() function by PHP files** and stores results in the /home/username/.php/php-mail.log
file. The log will be rotated by the tally.
The number of logs is the same as for Apache and set in: Admin Level -> Admin Settings -> Number of logs to keep.
php_mail_log_dir
php_mail_log_dir=
This feature allows you to override the /home/user/.php
PHP mail() log folder to use some other location, in the event your clients have a habit of deleting their logs, e.g.: php_mail_log_dir=|HOME|/.php
, which would be the same as the default we already have now. If you add any string, even an empty value like php_mail_log_dir=
this will be used (don't add an empty value).
php_version_selector
php_version_selector=1
Enables selecting different PHP versions from DirectAdmin user panel. The additional PHP versions should be installed separately .
pid_to_logs
pid_to_logs=0
To control if the PID should be written to each log, which is useful to enable if you are trying to step through the logs while multiple processes are logging at the same time.
pigz
pigz=0
If set to higher than 0 then DirectAdmin backup jobs will use pigz instead of gzip with tar. Actual value set (lets say 4) would mean to use that, about of cores (4 threads in our example). This speeds up the backup job.
pipe_log
pipe_log=/dev/null
The main directadmin process is redirecting stdout/sdterr to /dev/null
. You may actually see more details if it uses a real file. For example, set: pipe_log=/var/log/directadmin/pipe.log .
plugin_max_hooks
plugin_max_hooks=16
The number of default plugin tokens that will be set to "". Note that this never restricted the upper limit of plugins used, it did prevent the auto-filling of the blank plugin token values.. So if you had 20 tokens, and 8 plugins, the last 4 wouldn't be filled with "", and would end up showing "none".
plugins_allowed_run_as
plugins_allowed_run_as=1
Ability to run plugin as other than logged-in user.
pop_disk_usage_cache
pop_disk_usage_cache=0
Alternative to disabling pop usage is to generate a cache instead.
pop_disk_usage_dovecot_quota
pop_disk_usage_dovecot_quota=0
Use doveadm for faster email quota loads.
pop_disk_usage_true_bytes
pop_disk_usage_true_bytes=0
By default the E-Mail accounts page will show the usage of each account, in terms of how much disk space the account is using up: how many blocks are used.
This may cause confusion because quota reporting for dovecot uses the file's size, rather than block usage, so the two numbers could vary by a large degree. When you set it to 1 the E-Mail usage page will instead show the sum of the file sizes, rather than the block usage.
The "hover-over" pop-up will show the "other" size
port
port=2222
Port Used for DirectAdmin to run on.
preserve_html_sequences
preserve_html_sequences=0
Disabled by default, DirectAdmin will keep charsets as typed. Set it to 1 If you are using different charsets and want DirectAdmin to swap any typed occurrences of &
with &
so it gets displayed exactly as typed.
Such that message/ticket system will respect any html characters set in the file as long as they use the format:
&#xxxx;
where xxxx is a string of 1 or more numbers 0-9.
process_list_debug
process_list_debug=0
Debug option to be used with the dataskq to list processes from the /bin/ps aux
output if a program isn't seen to be running by the dataskq (and likely gets restarted repeatedly).
proxy_ip
proxy_ip=
You can set proxy_ip=1.2.3.4
into the directadmin.conf, and it will add that value: |PROXY_IP|
available in the apache and nginx templates (including proxy). If you don't set it in the directadmin.conf, it will be set to the default |IP|
.
If value is an ipv6, the token will be wrapped with square brackets, eg:
proxy_ip=::1
will load in the token: PROXY_IP=[::1]
purge_spam_days
purge_spam_days=0
If you have Maildir, this option tells DA to remove all emails in the spambox and trash older than this number of days.
quota_partition
quota_partition=/home
The value of the partition you want DA to use for user quotas.
Related: ext_quota_partitions
quota_update_interval
quota_update_interval=10
Frequency a User is allowed to update his disk usage via the button. Real-time quotas are recommended to use for the disk-space usage.
Related: realtime_quota
ram_in_system_info
ram_in_system_info=1
To show a memory information on a System Information page. Set to 0 to hide.
realtime_quota
realtime_quota=2
Make use of the live system quotas to let Users see their usage in realtime.
Value | Comment |
---|---|
0 | Disable realtime quota, quota stats would be updated by dataskq |
1 | Use slow "quota -v username" calls to take quota value for user |
2 | Use kernel-level quotactl function calls. [RECOMMENDED] |
reload_apache_after_rotation
reload_apache_after_rotation=1
Control if DA sends an HUP signal to the pid file set in the directadmin.conf setting apache_pid=/var/run/httpd.pid
, or if nginx=1
DA internally sets it to apache_pid=/var/run/nginx.pid
.
If you do not wish to have the post-rotation send the HUP, you can set:
reload_apache_after_rotation=0
*** HOWEVER *** the HUP is sent for a reason.
This is used to re-open all rotated logs and bytes logs. So if apache/nginx does not get the HUP, you may have logging issues.
If needed, immediately after that HUP is sent, the hook script tally_rotation_post.sh
is called if it exists. So if you disable the HUP, you can take any other desired actions with that script.
remote_dns_retries
remote_dns_retries=0
Number of retries by DA if the cluster sync fails.
remove_clipboard_on_logout
remove_clipboard_on_logout=1
If user logout from DirectAdmin the FileManager temporary file /home/user/.clipboard
will be removed. If the client just closes his or her browser, the event will not be triggered.
removeip
removeip=/usr/local/directadmin/scripts/removeip
A script used to remove server IP address.
renew_letsencrypt_on_suspended_domain
renew_letsencrypt_on_suspended_domain=0
Option to skip LetsEncrypt auto-renew if domain is suspended.
request_timeout
request_timeout=20
A timeout for requests to DirectAdmin panel.
reseller_allocation_include_self
reseller_allocation_include_self=0
Option for Reseller's own User limits to be included in their own allocation total.
reseller_backup_bandwidth
reseller_backup_bandwidth=1
Include Reseller backup bandwidth in their usage.
reseller_can_customize_config_json
reseller_can_customize_config_json=1
Allow resellers to customize or rebrand skins. If set to 0, resellers will not be able to change the design.
reseller_can_reset_email_count
reseller_can_reset_email_count=0
The option that controls whether a Reseller has the ability to reset the sent email limit.
reseller_can_set_email_limit
reseller_can_set_email_limit=0
Option to allow Resellers to set a custom mail limit for their users.
reseller_helper
reseller_helper=reseller.site-helper.com
The URL used as the help page for the Reseller panel.
Related: admin_helper | user_helper
reseller_warning_thresh
reseller_warning_thresh=75
A threshold of sent mails when email warning will be sent to reseller.
Related: send_usage_message
reserved_env_vars
reserved_env_vars=PATH:SHELL:_:LD_LIBRARY_PATH:LD_PRELOAD:LD_DEBUG:LD_DEBUG_OUTPUT:LD_DYNAMIC_WEAK:LD_SHOW_AUXV:GETCONF_DIR:NLSPATH:NIS_PATH:IFS:LD_AUDIT:LD_AOUT_LIBRARY_PATH:LD_AOUT_PRELOAD:LD_ORIGIN_PATH:LD_PROFILE:GCONV_PATH:HOSTALIASES:LOCPATH:MALLOC_TRACE:RESOLV_HOST_CONF:RES_OPTIONS:TMPDIR:TZDIR:LD_USE_LOAD_BIAS:MALLOC_CHECK_:ORIGIN:LC_ALL
restart_apache_after_tally
restart_apache_after_tally=1
After a tally is run, Apache is restarted. Set this to 0 if you don't want it to restart.
rotate_httpd_error_log_global
rotate_httpd_error_log_global=0
rotate_httpd_error_log_meg
rotate_httpd_error_log_meg=0
A size in megabytes when apache error_log for any domains will be rotated. Prevents webserver error logs from getting too large in a run-away case, variables that let the dataskq check the size of these logs, and rotate/truncate them if needed.
rotate_httpd_error_log_notify
rotate_httpd_error_log_notify=3
rotate_httpd_error_log_truncate
rotate_httpd_error_log_truncate=1
Method to truncate error_log on rotation if rotate_httpd_error_log_meg
was triggered. Value of 1 means truncation will create a new log 1/2 the size of the original (half of rotate_httpd_error_log_meg
).
Truncating to a specific size requires:
- fseek to location at 1/2 the size of the log
- go forwards byte by byte until you hit the first newline character, then go 1 more.
- read each line from the current position, and write to a new log.
- re-open the current log from where the end used to be, and continue read/writing, because new data might have been added
- delete the old log, rename the new one to the old name, and HUP apache/nginx.
rotation
rotation=1
Enable rotation of apache logs.
safemode
safemode=OFF
Default values for safemode. Configured over Admin Level -> Php Safemode Config.
secure_access_group
secure_access_group=access
A security permissions state where the group ownership of a home directory is set to this value, allowing only that group visible access to the folder and thus blocking other users. If variable changed the rewrite should be issued:
echo "action=rewrite&value=secure_access_group" >> /usr/local/directadmin/data/task.queue
And related services should be restarted.
secure_disposal
secure_disposal=/home/.disposal
A directory used to process awstats temporary files under certain conditions.
securitylog
securitylog=/var/log/directadmin/security.log
A main DirectAdmin security log file.
send_usage_message
send_usage_message=1
Global switch which controls the sending of usage warning emails to users, resellers, and admins. Can be added to a given User's user.conf
and/or a given Reseller's reseller.conf
, which will override the global setting.
servername
servername=web1.domain.com
The hostname of your system used by DirectAdmin. It should match the actual hostname of your system and must comply with mail system rules.
serverpath
serverpath=/usr/local/directadmin
Main path for all DirectAdmin data. Don't change this unless you know what you're doing (you'd need a very good reason to do so).
session_cookie_multiplier
session_cookie_multiplier=24
A multiplier used for cookie expire time related to the duration of session itself. Used to workaround possible issues when server or client desktop times are out of sync.
session_minutes
session_minutes=60
Number of minutes an inactive DirectAdmin session will remain logged in. After that time, the User must authenticate again. After every page load of DA, the counter resets to 0.
sessions_dir
sessions_dir=/usr/local/directadmin/data/sessions
Location on disk for DA login sessions.
set_php_bin_path_in_crons
set_php_bin_path_in_crons=1
Ability to add the php binary path to cron PATH variable. Enabled by default. Can be disabled like so:
/usr/local/directadmin/directadmin set set_php_bin_path_in_crons 0
service directadmin restart
You can remove duplicate /usr/local/phpXX/bin
entries from the crontab's PATH value by setting set_php_bin_path_in_crons=2
. Eg, if you have:
crontab -u fred -l | grep PATH
PATH=/usr/local/php70/bin:/usr/local/php74/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/fred/bin
where there are 2 entries for php 7.0 and 7.4, you can clear out the 2nd entry, regardless of the version set, by setting set_php_bin_path_in_crons=2
, and issuing a rewrite:
cd /usr/local/directadmin
echo "action=rewrite&value=httpd&user=fred" > data/task.queue.cb; ./dataskq d1000 --custombuild
and it will reduce the path in the crontab to the following:
PATH=/usr/local/php70/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/fred/bin
If you need to do this for all accounts, issue the aforementioned command without &user=fred
.
NOTE: This setting should only be used temporarily, and we would recommend setting it back to 1 once you're done clearing any duplicates.
set_php_bin_path_in_shell
set_php_bin_path_in_shell=1
Ability to add the php binary path to PATH variable in .bash_profile. Enabled by default. Can be disabled like so:
/usr/local/directadmin/directadmin set set_php_bin_path_in_shell 0
service directadmin restart
set_php_ini_scan_dir_in_crons
set_php_ini_scan_dir_in_crons=0
Ability to add PHP_INI_SCAN_DIR for per-User php.ini in cronjobs.
show_all_users_cache_extra_vars
show_all_users_cache_extra_vars=date_created
Ability to add extra variable columns to Show All Users or List Users pages. More fields could be added like: "date_created:mysql" . Be sure to force a cache update with:
cd /usr/local/directadmin
echo "action=cache&value=showallusers" >> /usr/local/directadmin/data/task.queue; ./dataskq d2000
BEHAVIOR
When adding a variable to the show_all_users_cache_extra_vars list, how it's shown depends on if it's in the user.conf, user.usage, or both.
If it's only in one or the other, then that value is simply taken from the given file and place into the cache.
If the variable is in BOTH user.conf and user.usage files, then the value is stored in the show_all_users.cache with the usage/limit format, eg:
mysql=1 / unlimited
show_custom_script_path
show_custom_script_path=1
Ability to hide "Script Output /path/to/script.sh" for custom scripts if set to 0. If you have custom scripts in /usr/local/directadmin/scripts/custom/*.sh
on non-zero result, before echoing your echo'd data they will usually display:
Script Output: /usr/local/directadmin/scripts/custom/script_name.sh
This is typically done to avoid confusion as to what's throwing the error. But if you're fully aware of it, and are sure you're echoing data on non-zero output, then you should be able to use this.
show_info_in_title
show_info_in_title=1
Ability to hide DirectAdmin version title for logged-in users.
show_main_spambox
show_main_spambox=1
Ability to hide the main spam folder, e.g. /home/user/Maildir/.INBOX.spam/new/
from the skin.
By default, there are 4 choices as to where to redirect spam messages to.
- Inbox (no redirect)
- Main imap spambox
- per-account spambox
- drop the email
The "Main imap spambox" option, aka "Redirect it to the catch-all spam folder in your main imap account."
show_php_version
show_php_version=1
To control if the PHP version will be shown on the System Information page.
show_pointers_in_list
show_pointers_in_list=1
Option that shows domain pointers on the "List Users" and "Show All Users" pages.
simple_disk_usage
simple_disk_usage=0
For systems where disk access needs to be kept to a minimum, enabling this option relies only on the system quotas. Stats will not be completely correct as a result (tally will not do manual directory traversing for usage).
skin_domain_redirect
skin_domain_redirect=1
Ability to disable the User Level domain redirect on Enhanced skin.
skinsdir
skinsdir=./data/skins
Location where the skins are to be found.
skip_databases_in_backups
skip_databases_in_backups=0
Enabling this option will exclude databases from all backups. This will skip everything, including DB settings, DB Users, and the sql data for the databases themselves.
skip_domains_in_backups
skip_domains_in_backups=0
To be selective with backup data, this will skip /home/user/domains
for all Users. You'd really only use this if you have other means, like rsync, for backing up that data. Handy if you just want to restore the User with all of his settings, but without his web data.
skip_ftp_on_backup_fail
skip_ftp_on_backup_fail=0
Option to skip uploading backup to ftp if some portion of the .tar.gz was created incorrectly. Set to 1 if you do not want to upload incomplete backups. This only works if incremental_ftp is set to 1.
skip_hometargz_in_backups
skip_hometargz_in_backups=0
To speed up the User backup process, one may enable this to skip the home.tar.gz file, which omits some email data amongst other things.
skip_imap_in_backups
skip_imap_in_backups=0
Similar to skip_domains_in_backups
, when this option is enabled, it will skip the folder: /home/user/imap
when generating backups. Enabling this will only skip the email data itself (email messages), but does not skip the email accounts/passwords.
skip_roundcube_in_backups
skip_roundcube_in_backups=0
The option that controls the ability to skip roundcube webmail client settings when backups are generated.
skip_trash_in_backups
skip_trash_in_backups=0
The option that controls the ability to skip the File Manager trash folder when backups are generated.
skip_uebimiau_in_backups
skip_uebimiau_in_backups=0
The option that controls the ability to skip uebimiau webmail client settings when backups are generated.
spam_inbox_prefix
spam_inbox_prefix=1
Ability to set Spam folder from INBOX.spam
to Junk
.
spam_inbox_prefix_name
spam_inbox_prefix_name=INBOX.spam
Ability to set a new value for INBOX.spam in the directadmin.conf. It's only used when spam_inbox_prefix=1
is set, which is when INBOX.spam
applied.
Simply swaps all INBOX.spam
strings with the new value.
special_exit_code
special_exit_code=42
Forcefully display hook output, even when no errors occur.
You can diable the feature by setting it to 0, eg:
./directadmin set special_exit_code 0
service directadmin restart
List of supported hooks:
- dns_write_post.sh
More available upon request, assuming reasonable need.
sshdconfig
sshdconfig=/etc/ssh/sshd_config
Path to the sshd_config. Will rarely be changed. One case where you might change it is to set a placebo file for DA.
ssl
ssl=1
Turn on/off SSL for DirectAdmin panel.
ssl_allow_signed_sha1
ssl_allow_signed_sha1=0
Forces DirectAdmin to do a check at update time to look for older SHA1 certificates and report back if any are found. Related: SSL warning about older SHA1 certificates
ssl_port
ssl_port=0
Allows DirectAdmin to run on 2 ports at the same time, where the port value specified in the ssl_port option will use SSL. Commonly used as port 2223 .
strict_backup_permissions
strict_backup_permissions=1
Enabled by default - the backup process will go through all data in /home/username/domains
and will do check to see which ones the username (DA account) cannot read. A second data list is created backup/non_readable_files.list
which is used as '--exclude-from' tar key.
Related option:
add_non_readable_files_to_strict_backup=1
The option is used by backup process to actually copy these files to a new data location non_readable_files
which sits next to "backup" and "domains" at the top level.
If any file is chmod to 0, when the file is copied, it will be set to 600 (directories to 700).. as the backup needs this as a minimum to read the file as a non-root backup. The restore will not reset these files/folders to chmod 0. They'll be left as 600 (700 for dirs).
Since this feature copies files to a 2nd location before backup, significant amounts of disk usage will be used if the files being backed up (eg: apache owned files) are not readable by the User.
This related option will use the same tree parsing:
backup_apache_files_list=1
so either add_non_readable_files_to_strict_backup or backup_apache_files_list will cause a full /home/user/domains
directory traversal.
Related: add_non_readable_files_to_strict_backup | backup_apache_files_list
subdomain_force_redirect
subdomain_force_redirect=0
Relating to the User Level feature that allows forcing domain.com » to www.domain.com (or vice versa), this option excludes subdomains from this redirection since we rarely intend for the redirection to affect subdomains. For example, the following is rarely desired:
sub.domain.com » www.sub.domain.com
So, with subdomain_force_redirect=0
, any www or non-www redirection for domains or pointers will no longer affect subdomains (where a subdomain in this context is one that is created under a domain, and not subdomains created as "full domains").
If you do need subdomains to redirect to www, then enable the setting globally:
/usr/local/directadmin/directadmin set subdomain_force_redirect 1
service directadmin restart
And the next rewrite of the User httpd.conf
(or other server User config) will be updated with the change.
To update all User configs, type:
/usr/local/directadmin/custombuild/build rewrite_confs
sysbk_conf
sysbk_conf=/usr/local/sysbk/conf.sysbk
Config file for the "sysbk" script (Admin Level -> System Backup).
systemlog
systemlog=/var/log/directadmin/system.log
A path to main system.log file.
system_user_to_virtual_passwd
system_user_to_virtual_passwd=0
Include the system account in the virtual passwd file at /etc/virtual/domain.com/passwd
so you can login with systemuser@domain.com
and Dovecot LMTP would be used for delivery (supports compression, Sieve filters).
table_case_sensitive_search
table_case_sensitive_search=1
Ability to perform case sensitive search in table class inside DirectAdmin.
This can be useful if you might have a filename or some value in a table cell that shouldn't be case sensitively matched. Or to fight with mobile phones that decide upper case is always the best, when: autocapitalize='none'
has not been added to the input field.
You can also add the following flag to any table search/sort (including "starts with", "contains" or the "equals" options)
&case_sensitive_search=1
or
&case_sensitive_search=0
to override whatever might be set in the directadmin.conf.
Because we do not want to affect searching performance of the table class, we've implemented this using function pointers. Case sensitivity choice is known ahead of time, so the function pointer for the actual string comparison is set once, and the function pointer is called directly per comparison. This is as opposed to the slower method which would need an "if" statement check on the choice for every cell/search, which would be slower ("in theory").
table_default_ipp
table_default_ipp=50
Ability set default items per page in tables. skin.conf
option default_ipp=20
overrides this setting.
table_highlighting
table_highlighting=1
Enables the highlighting table row when you hover the mouse over it (changes to a darker background, to more easily track which value you're about to select).
tally_after_restore
tally_after_restore=2
If you wish to not run the tally after you restore data, set to this to 0. This will lower your CPU time, but make your usage stats out of sync until the next tally.
If you do want to run the tally, but want to get the restore message before the tally, you can now use tally_after_restore=2 . The only "downside" is the slight lag in stats being updated, though they will be updated after the tally finishes (which time can vary depending on the amount of data to be processed).
Which will call a tally for that Reseller to the task.queue (to be run later), so the result message will arrive much more quickly.
To run the tally immediately following any restore, seet this to 1. Note that the notice about the restore being successful doesn't get sent out until after the tally finishes (in the same thread).
taskqueue
taskqueue=/usr/local/directadmin/data/task.queue
Location of the task.queue file used for background tasks run by the dataskq. You'll probably never change this.
templates
templates=/usr/local/directadmin/data/templates
Location on disk for all templates.
ticketsdir
ticketsdir=/usr/local/directadmin/data/tickets
Location where the tickets and messages for the internal messaging system live.
timeout
timeout=60
Number of seconds a DirectAdmin process is allowed to run before generating a timeout signal and aborting. Note that some of the more time-consuming processes use a multiplier on this value.
tls_min_version
tls_min_version=tls12
Controls minimum allowed TLS version for HTTPS connections. Valid values include tls12
(default) or tls13
.
TLS 1.2 is configured to only use strong cipher suites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
But for even stronger security, TLS 1.3 can be used.
tmpdir
tmpdir=/home/tmp
Location for temporary data.
tokenizer_clear_env
tokenizer_clear_env=1
When set to the default (1), the Tokenizer will wipe the environment before adding new values, but then restore it afterwards. So the env vars from before the tokenizer runs a script, will be restored after the script is done.
You can set this value to 0 if desired, though the only benefit is to pass any pre-script env vars to the script (aside from anything that is set/ovewritten for the script, as before, which will still be set).
track_task_queue_processes
track_task_queue_processes=1
Ability to track backup progress.
Value | Comment |
---|---|
0 | Disable task queue tracking |
1 | Enable simple task queue tracking |
2 | Verbose task queue tracking |
twostep_auth
twostep_auth=1
twostep_auth_discrepancy
twostep_auth_discrepancy=1
Enable two step authentication
twostep_auth_trust_days
twostep_auth_trust_days=30
Number of days to trust device after two step authentication done.
unblock_brute_ip_time
unblock_brute_ip_time=2880
A number of minutes after which the IP is automatically unblocked by Brute Force Monitoring.
unified_ftp_password_file
unified_ftp_password_file=1
The option for the proftpd password files to be unified (/etc/proftpd.passwd
used as single config for ftp accounts).
user_action_locking
user_action_locking=30
A number of minutes the** actions under account are prohibited** after the backup process starts.
user_brutecount
user_brutecount=30
The BruteForceMonitor can scan how many times a specific IP attacks a server, but also how many times a specific User is attacked from any IP. Sometimes the Admin might not want to bother with the number of attacks on a specific User, so you can set the option user_brutecount=0
to 0, which will disable DA's count on specific Users. Setting to 0 will likely improve the loading time of the Brute Force Monitor page.
user_can_select_skin
user_can_select_skin=0
If set to 1 then users will be able to pick whatever skin they want.
user_can_set_email_limit
user_can_set_email_limit=0
Disabled by default, if enabled users will be able to set send email limit via the interface. Note that regardless of the limit set, all email account sends are still limited by the DA-User limit, one of /etc/virtual/limit
or /etc/virtual/limit_username
.
If user_can_set_email_limit=1
is set, then on the "E-Mail Accounts" page, you'll see a new column called Sent which will show the number of emails sent today. If a limit is set for that User, the limit is then displayed, eg: 2 / 5
. If no per-email limit is set, but a global per-email is set in /etc/virtual/user_limit
file then that limit will be shown, eg 2 / 50
. If no limit is set... and no user_limit is set, then no limit will be shown, eg: 2
. Feature will save send/limit into the usage.cache
, if that feature is enabled.
user_dnssec_control
user_dnssec_control=0
Ability to make "Generate Keys" and "Sign" buttons visible in DirectAdmin panel for users for DNSSEC records.
user_email_quota_max
user_email_quota_max=0
Ability to set maximum value for email quotas.
user_email_smtp_logs
user_email_smtp_logs=1
Option to disable User access to per-email smtp logs. Value of 2
enables the use of exigrep
to parse the logs.
user_helper
user_helper=www.site-helper.com
A URL used for help button in user panel.
Related: admin_helper | user_helper
update_channel
update_channel=current
Used to change what channel to receive updates from (current, stable, alpha or beta)
users_can_add_remove_domains
users_can_add_remove_domains=0
Option to control whether users can add or remove domains.
Value | Comment |
---|---|
0 | Allows deleting and removing domains by users |
1 | Allows only adding domains by user (no delete) |
2 | Block ability to add or delete domain |
Can be overridden via the user.conf
file.
users_can_rename_domains
users_can_rename_domains=1
Allow renaming of domains from user panel.
user_warning_thresh
user_warning_thresh=80
The threshold on bandwidth when user will be notified.
user_warning_thresh_disk
user_warning_thresh_disk=95
The threshold on disk usage when user will be notified.
user_warning_thresh_inode
user_warning_thresh_inode=95
Option to control of when user will be notified on inode usage.
use_syslogd
use_syslogd=0
For use with the syslogd logging facility, which allows for more logging options including remote logs.
use_uid_counting
use_uid_counting=1
To **prevent ever reusing the same uid/gid **again. The DirectAdmin manages 2 files /usr/local/directadmin/data/admin/high_uid.number
and high_gid.number
which contains the last highest uid/gid values created through DA. Upon creating new user, DA will check those files as well as the /etc/passwd
and /etc/group
, and check to see what the current high uid/gid values are, and use that value+1 for the next User. If your system is doing a lot of adding/removing of users you may allow reusing same uid/gid setting the value to 0.
utf8_encode_from_to
utf8_encode_from_to=0
UTF-8 Encoded To/From/Reply-To fields in DA emails.
utf8_encode_subject
utf8_encode_subject=0
Ability to automatically encode subjects to UTF-8 for emails generated by DA.
webalizer
webalizer=0
To enable webalizer statistics.
webapps_ssl
webapps_ssl=1
Option to control whether web applications (webmail, phpmyadmin) are forced to use SSL. Default is taken from the setting ssl=0|1
in the directadmin.conf. Can be overridden via config files or .htaccess.
webmail_backup_is_email_data
webmail_backup_is_email_data=1
Is used to include webmail data if the 'email_data' backup checkbox was selected. This could be disabled by setting to 0 for cases where you want your RoundCube database backed up and restored, but want to exclude email Maildir data, as Maildir can be easily transferred with rsync.
webmail_link
webmail_link=roundcube
Ability to change the webmail links and webmail button.
wrap_long_dns_values
wrap_long_dns_values=1
Long records, like DKIM TXT records are broken into multiple shorter lines for cleaner viewing.
x_forwarded_from_ip
x_forwarded_from_ip=
Set X-Forwarded-For header for proxy or load balancers accessing DirectAdmin.
x_frame_options
x_frame_options=sameorigin
Adds HTTP header to all iframe requests in DirectAdmin: X-Frame-Options: sameorigin
.
xfs_on_domains
xfs_on_domains=0
Disable if you don't want quotas enabled for your domains. When enabled, this will create a project called domain.com with the path /home/user/domains/domain.com
and the xfs system will limit the files uploaded to that location for any file ownership, including apache/root as per the limit specified by the User on that domain at: User Level -> Domain Setup -> domain.com.
This is useful for cases where:
- the User has many domains, and does not want any one domain to use up too much space.
- there are files uploaded under some different username, as the xfs domain quotas are enforced by path, not file ownership.
zip
zip=1
Ability to zip and unzip files in the File Manager.
zip_bin
zip_bin=
If the values are set to null (aka: not in the directadmin.conf at all), then DA will look for /usr/bin/zip
else /usr/local/bin/zip
to use for compression.
The purpose of this is to allow an override if in case you need to add a wrapper to unzip, in such cases as extraction of UTF-8 files, eg:
unzip_bin=/usr/bin/unzip2
With unzip2
containing:
#!/bin/bash
export LANG=en_US.UTF-8
exec /usr/bin/unzip $@
exit $?
zstd
zstd=1
Allows zstd compression for backups.
zstd_bin
zstd_bin=/usr/bin/zstdmt
Path to the zstd binary.