This article will explain the structure of DirectAdmin and related services. Some of them could be overwritten so we'll start with the default locations as of now.
Main directories and configs
/usr/local/directadmin/ - main server path for the DirectAdmin panel itself.
/usr/local/directadmin/conf/directadmin.conf - main config file for the directadmin service.
/usr/local/directadmin/custombuild/ - the directory for the CustomBuild service.
/usr/local/directadmin/conf/my.cnf - default mysql connection details for the directadmin service. Commonly used commands utilizing these details include the following:
mysql --defaults-extra-file=/usr/local/directadmin/conf/my.cnf mysqldump --defaults-extra-file=/usr/local/directadmin/conf/my.cnf anydatabase > anydatabase.sql mysql_upgrade --defaults-extra-file=/usr/local/directadmin/conf/my.cnf --force
conf/ - the directory containing the main config file, certificates, mysql config, and license
data/admin - the main directory for the admin account
data/session - the directory which stores open sessions of logged-in users
data/skins - the directory containing skins
data/templates - the directory for system templates (used to form configuration files for apache/nginx, dns zones, mails etc.)
data/tickets - the directory containing all tickets from the DirectAdmin Message System
data/users - the directory where all user configs are stored
crontab.conf - the config file for user cronjobs
domains - the directory containing per-domain configs and certificates
domains/domain.com.conf - the main config file for a single domain
.cust_nginx - the customized part of a domain's VirtualHost
domains.list - a list of domains belonging to a user
httpd.conf - the main apache config used for all user domains
nginx.conf - the main nginx config used for all user domains
nginx_php.conf - the nginx_php config
php - a directory for PHP-FPM configs
skin_customizations - a directory containing customizations done to skins by that user
user.conf - the main user config file, many global values from directadmin.conf could be overwritten by adding them here.
user_ip.list - a list of IPs assigned to this user
user.usage - usage statistics per user
Every single file can be customized after you copy it to the
adult.list - the file containing stop words for spam detection filters
block_cracking_notice_denied_path.txt block_cracking_notice_script.txt block_cracking_notice.txt edit_files.txt email_limit_message.txt load_check_message.txt lost_password_email.txt message_footer.txt message_tech.txt message_user.txt partition_check_message.txt per_email_limit_email_message.txt per_email_limit_message.txt reply_headers.txt reseller_limit.txt suspension_reason.txt user_limit.txt user_suspension.txt
The above are templates used to send messages or notifications (with the exception of the suspension_reason.txt file, which exists just for customizingopen in new window).
directadmin.conf - the main template for directadmin.conf
dns_aaaa.conf dns_a.conf dns_caa.conf dns_cname.conf dns_mx.conf dns_ns.conf dns_spf.conf dns_srv.conf dns_tlsa.conf dns_txt.conf
The templates used to generate DNS record of a desired type ( A, MX, AAAA, TXT).
named.db - the main template which forms full DNS zone files from the above templates.
nginx_blank.conf nginx_ips.conf nginx_php.conf nginx_protected_directory.conf
The templates used to generate Nginx main config files.
nginx_redirect.conf - a redirection template
nginx_server.conf - nginx section for non-secure domains
nginx_server_redirect.conf - a redirection template for "Redirect to SSL or www" option in DA panel
nginx_server_secure.conf - nginx section for secure domains
nginx_server_secure_sub.conf - nginx section for secure subdomains
nginx_server_sub.conf - nginx section for non-secure subdomains
openlitespeed_context_protected.conf openlitespeed_ips.conf openlitespeed_listener.conf openlitespeed_redirect_vhost.conf openlitespeed_vhost.conf
The templates used to generate OpenLiteSpeed sections.
virtual_host2.conf - the apache2 section for non-secure domains
virtual_host2_secure.conf - the apache2 section for secure domains
virtual_host2_secure_sub.conf - the apache2 section for secure subdomains
virtual_host2_sub.conf - the apache2 section for non-secure subdomains
zone.conf a zone include syntax to be used in main
build - the main bash script that controls the CustomBuild process, executable as
configure/ - the directory containing configuration files that are used during software installation
custom/ - the directory where you can copy configuration directories/files from
configure/ to customize them for one's own needs
options.conf - the main configuration file for the CustomBuild service. Do not edit directly, but use
./build set option value instead.
custom_versions.txt - the file used to customize any software versions to be installed
versions.txt - the file containing all maintained packages and their latest versions
patches_versions.txt - the file containing all patches and versions used during installing packages
php_extensions.conf - a list of all maintained PHP extensions to be installed with
./build set_php XYZ yes; ./build php_XYZ
versions_cwaf.txt - a separate file for the Comodo Web Application Firewall (ModSec rules by Comodo)
versions_litespeed.txt - a separate file for available Litespeed versions
The first place you should go when trying to debug a problem is the log file for that program. The list of Log Files are as follows:
/var/log/directadmin/ - a directory with main logs, like:
YYYY-MM-DD.log - the access_log for the directadmin service
Will be deprecated in favor of
access.log with the upcoming updates.
access.log - access log for the directadmin service.
Provides information concerning directadmin service access including timestamp, processing time, method, path, referer/origin, authenticated user and authentication type.
Note that, for the time being, it is not fully compatible with all the requests, making some appear as unauthenticated. Despite that a combination of
YYYY-MM-DD.log will provide all the necessary information until full compatibility in the upcoming updates.
error.log - the error log for the directadmin service
errortaskq.log - contains errors resulting from running the dataskq processor
login.log - contains all login attempts (both successful and failed logins)
security.log - contains suspicious incidents across the directadmin service (failed login attempts, abnormal amount of mails sent, attempts at using disabled commands, etc.)
system.log - logs all valuable actions done in the DirectAdmin panel (creating/removing users and domains, renewing certificates, restoring a user, tally details, etc.)
/var/log/httpd/error_log /var/log/httpd/access_log /var/log/httpd/suexec_log /var/log/httpd/fpexec_log /var/log/httpd/domains/domain.com.error.log /var/log/httpd/domains/domain.com.log /var/log/messages (generic errors)
/var/log/nginx/error_log /var/log/nginx/access_log /var/log/nginx/domains/domain.com.error.log /var/log/nginx/domains/domain.com.log
/var/log/proftpd/access.log /var/log/proftpd/auth.log /var/log/proftpd/proftpd.tls.log /var/log/messages (generic errors)
Dovecot and vm-pop3d:
/var/log/exim/mainlog /var/log/exim/paniclog /var/log/exim/processlog /var/log/exim/rejectlog
(On FreeBSD, these logs' names are prepended with "exim_".)
MariaDB and MySQL:
FreeBSD and Debian:
/usr/local/directadmin/custombuild/custombuild.log - contains all calls to ./build file
/usr/local/directadmin/data/users/[username]/login_keys/[keyname]/key.log - login key usage log, multiple per usernames and per key names.
/var/www/html/phpMyAdmin/log/auth.log - a phpMyAdmin failed auth log
/var/www/html/roundcube/logs - a directory containing RoundCube logs
To view a log file, run:
Where /var/log/filename is the path of the log you wish to view. If the log is too large, you can use the "tail" command:
tail -n 30 /var/log/filename
Where 30 is the number of lines from the end you wish to view.
If you know how to reproduce the issue, the common way is to open two consoles to a server, then tail with the follow option in console 1 and reproduce the issue in console 2. You may join several files in a single tail command:
tail -f /var/log/exim/mainlog /var/log/exim/paniclog /var/log/exim/rejectlog /var/log/messages
To exit, press CTRL+C (or COMMANDL+C on Mac).
Configuration paths quick list
Below is list of files and directories that DirectAdmin may use during its normal operation.
Note that some of these files belong to the system and must not be removed. Deleting them would likely destroy your system.
A list can be used if a manual server recovery is required, be careful with first three files.
/etc/passwd /etc/shadow /etc/group /etc/exim.conf /etc/exim.pl /etc/exim.dkim.conf /etc/exim.easy_spam_fighter/ /etc/exim.spamassassin.conf /etc/exim.srs.conf /etc/exim.strings.conf /etc/exim.variables.conf /etc/exim.variables.conf.custom /etc/httpd/conf/ /etc/my.cnf /etc/my.cnf.d/ /etc/system_filter.exim /etc/exim.cert /etc/exim.key /etc/exim.ca /etc/proftpd.conf /etc/proftpd.vhosts.conf /etc/proftpd.passwd /etc/hosts /etc/resolv.conf /etc/dovecot.conf /etc/ssh/sshd_config /etc/virtual/ /etc/httpd/conf/httpd.conf /etc/httpd/conf/ips.conf /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.crt/server.ca /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/extra/ /etc/pureftpd.pdb /var/spool/cron/ /var/spool/exim/ /var/www/ /var/log/ /usr/local/directadmin/ /usr/local/lib/php.ini /var/spool/cron/ /home/
OS dependent paths
/var/lib/mysql/ /home/mysql/ on Debian /var/db/mysql/ on FreeBSD
/etc/named.conf /etc/namedb/named.conf on FreeBSD /etc/bind/named.conf on Debian
Named zone files:
/var/named/ /etc/namedb/ on FreeBSD /etc/bind/ on Debian
3rd party services:
/etc/container /var/installatron/ /usr/local/installatron/
The following are the most commonly used files for CSF/LFD on DirectAdmin (note that there are many more files for CSF/LFD, especially in the
/etc/csf/csf.conf - configuration file
/etc/csf/csf.deny - permanent deny list
/etc/csf/csf.allow - permanent allow list (IPs in this list bypass closed ports, but can be blocked by LFD for login failures)
/etc/csf/csf.pignore - process ignore file (firewall alerts won't be sent regarding services in this list, for example: memcached is installed and legitimate on your server, so you would add it to this list to stop alerts regarding it)
/etc/csf/csf.ignore - ip/cidr ignore list (IPs in this list shouldn't be blocked even if they exceed the configured login failures for LFD blocking)
/var/lib/csf/csf.tempban - temporary deny list
/var/lib/csf/csf.tempallow - temporary allow list
/var/log/lfd.log - LFD log
/usr/local/directadmin/custombuild/configure/csf.pignore - This file is added & controlled by DirectAdmin, and used for DirectAdmin-specific services/processes to be ignored in the firewall if no
/etc/csf/csf.pignore file exists already. This was added as part of the direct CSF integration feature.