Directories and locations
This article will explain the structure of DirectAdmin and related services. Some of them could be overwritten so we'll start with the default locations as of now.
Main directories and configs
/usr/local/directadmin/
- main server path for the DirectAdmin panel itself.
/usr/local/directadmin/conf/directadmin.conf
- main config file for the directadmin service.
/usr/local/directadmin/custombuild/
- the directory for the CustomBuild service.
/usr/local/directadmin/conf/my.cnf
- default mysql connection details for the directadmin service. Commonly used commands utilizing these details include the following:
mysql --defaults-extra-file=/usr/local/directadmin/conf/my.cnf
mysqldump --defaults-extra-file=/usr/local/directadmin/conf/my.cnf anydatabase > anydatabase.sql
mysql_upgrade --defaults-extra-file=/usr/local/directadmin/conf/my.cnf --force
/usr/local/directadmin/
:
Related to conf/
- the directory containing the main config file, certificates, mysql config, and license
data/admin
- the main directory for the admin account
data/session
- the directory which stores open sessions of logged-in users
data/skins
- the directory containing skins
data/templates
- the directory for system templates (used to form configuration files for apache/nginx, dns zones, mails etc.)
data/tickets
- the directory containing all tickets from the DirectAdmin Message System
data/users
- the directory where all user configs are stored
/usr/local/directadmin/data/users/[USERNAME]
:
Related to crontab.conf
- the config file for user cronjobs
domains
- the directory containing per-domain configs and certificates
domains/domain.com.conf
- the main config file for a single domain
domains/domain.com.cust_apache
or .cust_nginx
- the customized part of a domain's VirtualHost
domains.list
- a list of domains belonging to a user
httpd.conf
- the main apache config used for all user domains
nginx.conf
- the main nginx config used for all user domains
nginx_php.conf
- the nginx_php config
php
- a directory for PHP-FPM configs
skin_customizations
- a directory containing customizations done to skins by that user
user.conf
- the main user config file, many global values from directadmin.conf could be overwritten by adding them here.
user_ip.list
- a list of IPs assigned to this user
user.usage
- usage statistics per user
Used templates
/usr/local/directadmin/date/templates
:
Related to Every single file can be customized after you copy it to the /usr/local/directadmin/data/templates/custom/
directory.
adult.list
- the file containing stop words for spam detection filters
block_cracking_notice_denied_path.txt
block_cracking_notice_script.txt
block_cracking_notice.txt
edit_files.txt
email_limit_message.txt
load_check_message.txt
lost_password_email.txt
message_footer.txt
message_tech.txt
message_user.txt
partition_check_message.txt
per_email_limit_email_message.txt
per_email_limit_message.txt
reply_headers.txt
reseller_limit.txt
suspension_reason.txt
user_limit.txt
user_suspension.txt
The above are templates used to send messages or notifications (with the exception of the suspension_reason.txt file, which exists just for customizing).
directadmin.conf
- the main template for directadmin.conf
dns_aaaa.conf
dns_a.conf
dns_caa.conf
dns_cname.conf
dns_mx.conf
dns_ns.conf
dns_spf.conf
dns_srv.conf
dns_tlsa.conf
dns_txt.conf
The templates used to generate DNS record of a desired type ( A, MX, AAAA, TXT).
named.db
- the main template which forms full DNS zone files from the above templates.
nginx_blank.conf
nginx_ips.conf
nginx_php.conf
nginx_protected_directory.conf
The templates used to generate Nginx main config files.
nginx_redirect.conf
- a redirection template
nginx_server.conf
- nginx section for non-secure domains
nginx_server_redirect.conf
- a redirection template for "Redirect to SSL or www" option in DA panel
nginx_server_secure.conf
- nginx section for secure domains
nginx_server_secure_sub.conf
- nginx section for secure subdomains
nginx_server_sub.conf
- nginx section for non-secure subdomains
openlitespeed_context_protected.conf
openlitespeed_ips.conf
openlitespeed_listener.conf
openlitespeed_redirect_vhost.conf
openlitespeed_vhost.conf
The templates used to generate OpenLiteSpeed sections.
virtual_host2.conf
- the apache2 section for non-secure domains
virtual_host2_secure.conf
- the apache2 section for secure domains
virtual_host2_secure_sub.conf
- the apache2 section for secure subdomains
virtual_host2_sub.conf
- the apache2 section for non-secure subdomains
zone.conf
a zone include syntax to be used in main named.conf
CustomBuild
/usr/local/directadmin/custombuild
:
Related to build
- an alias to the da build
command
cache/
- the directory for a cache of software packages downloaded form the internet. Cached files are used when reinstalling same software version. Can be removed manually or with the da build clean
command.
tmp/
- directory used for storing temporary files during software installations. Usually cleaned-up automatically, however when CustomBuild is running in debug mode (using da build --debug ...
) temporary files are not cleaned up and requires to be deleted manually. It is safe to remove the contents of this directory.
configure/
- the directory containing configuration files that are used during software installation
custom/
- the directory where you can copy configuration directories/files from configure/
to customize them for one's own needs
options.conf
- the main configuration file for the CustomBuild service. Do not edit directly, but use ./build set option value
instead.
custom_versions.txt
- the file used to customize any software versions to be installed
versions.txt
- the file containing all maintained packages and their latest versions
Log files
The first place you should go when trying to debug a problem is the log file for that program. The list of Log Files are as follows:
/var/log/directadmin/
- a directory with main logs, like:
YYYY-MM-DD.log
- the access_log for the directadmin service
Will be deprecated in favor of access.log
with the upcoming updates.
access.log
- access log for the directadmin service.
Provides information concerning directadmin service access including timestamp, processing time, method, path, referer/origin, authenticated user and authentication type.
Note that, for the time being, it is not fully compatible with all the requests, making some appear as unauthenticated. Despite that a combination of access.log
and YYYY-MM-DD.log
will provide all the necessary information until full compatibility in the upcoming updates.
error.log
- the error log for the directadmin service
errortaskq.log
- contains errors resulting from running the dataskq processor
login.log
- contains all login attempts (both successful and failed logins)
security.log
- contains suspicious incidents across the directadmin service (failed login attempts, abnormal amount of mails sent, attempts at using disabled commands, etc.)
system.log
- logs all valuable actions done in the DirectAdmin panel (creating/removing users and domains, renewing certificates, restoring a user, tally details, etc.)
Apache:
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/httpd/suexec_log
/var/log/httpd/fpexec_log
/var/log/httpd/domains/domain.com.error.log
/var/log/httpd/domains/domain.com.log
/var/log/messages (generic errors)
Nginx:
/var/log/nginx/error_log
/var/log/nginx/access_log
/var/log/nginx/domains/domain.com.error.log
/var/log/nginx/domains/domain.com.log
ProFTPD:
/var/log/proftpd/access.log
/var/log/proftpd/auth.log
/var/log/proftpd/proftpd.tls.log
/var/log/messages (generic errors)
PureFTPd:
/var/log/pureftpd.log
Dovecot and vm-pop3d:
/var/log/maillog
/var/log/messages
/var/log/dovecot-lmtp-errors.log
/var/log/dovecot-lmtp.log
Named (Bind):
/var/log/messages
Exim:
/var/log/exim/mainlog
/var/log/exim/paniclog
/var/log/exim/processlog
/var/log/exim/rejectlog
MariaDB and MySQL:
RedHat:
/var/lib/mysql/server.hostname.com.err
Debian:
/usr/local/mysql/data/server.hostname.com.err
Cron:
/var/log/cron
RSpamd:
/var/log/rspamd/rspamd.log
Other logs
/usr/local/directadmin/custombuild/custombuild.log
- contains all calls to ./build file
/usr/local/directadmin/data/users/[username]/login_keys/[keyname]/key.log
- login key usage log, multiple per usernames and per key names.
/var/www/html/phpMyAdmin/log/auth.log
- a phpMyAdmin failed auth log
/var/www/html/roundcube/logs
- a directory containing RoundCube logs
To view a log file, run:
less /var/log/filename
Where /var/log/filename is the path of the log you wish to view. If the log is too large, you can use the "tail" command:
tail -n 30 /var/log/filename
Where 30 is the number of lines from the end you wish to view.
If you know how to reproduce the issue, the common way is to open two consoles to a server, then tail with the follow option in console 1 and reproduce the issue in console 2. You may join several files in a single tail command:
tail -f /var/log/exim/mainlog /var/log/exim/paniclog /var/log/exim/rejectlog /var/log/messages
To exit, press CTRL+C (or COMMANDL+C on Mac).
Configuration paths quick list
Below is list of files and directories that DirectAdmin may use during its normal operation.
Note that some of these files belong to the system and must not be removed. Deleting them would likely destroy your system.
A list can be used if a manual server recovery is required, be careful with first three files.
/etc/passwd
/etc/shadow
/etc/group
/etc/exim.conf
/etc/exim.pl
/etc/exim.dkim.conf
/etc/exim.easy_spam_fighter/
/etc/exim.spamassassin.conf
/etc/exim.srs.conf
/etc/exim.strings.conf
/etc/exim.variables.conf
/etc/exim.variables.conf.custom
/etc/httpd/conf/
/etc/my.cnf
/etc/my.cnf.d/
/etc/system_filter.exim
/etc/exim.cert
/etc/exim.key
/etc/exim.ca
/etc/proftpd.conf
/etc/proftpd.vhosts.conf
/etc/proftpd.passwd
/etc/hosts
/etc/resolv.conf
/etc/dovecot.conf
/etc/ssh/sshd_config
/etc/virtual/
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/ips.conf
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.crt/server.ca
/etc/httpd/conf/ssl.key/server.key
/etc/httpd/conf/extra/
/etc/pureftpd.pdb
/var/spool/cron/
/var/spool/exim/
/var/www/
/var/log/
/usr/local/directadmin/
/usr/local/lib/php.ini
/var/spool/cron/
/home/
OS dependent paths
MySQL databases:
/var/lib/mysql/
/home/mysql/ on Debian
Named config:
/etc/named.conf
/etc/bind/named.conf on Debian
Named zone files:
/var/named/
/etc/bind/ on Debian
3rd party services:
/etc/container
/var/installatron/
/usr/local/installatron/
CSF
The following are the most commonly used files for CSF/LFD on DirectAdmin (note that there are many more files for CSF/LFD, especially in the /etc/csf
and /var/lib/csf
directories):
/etc/csf/csf.conf
- configuration file
/etc/csf/csf.deny
- permanent deny list
/etc/csf/csf.allow
- permanent allow list (IPs in this list bypass closed ports, but can be blocked by LFD for login failures)
/etc/csf/csf.pignore
- process ignore file (firewall alerts won't be sent regarding services in this list, for example: memcached is installed and legitimate on your server, so you would add it to this list to stop alerts regarding it)
/etc/csf/csf.ignore
- ip/cidr ignore list (IPs in this list shouldn't be blocked even if they exceed the configured login failures for LFD blocking)
/var/lib/csf/csf.tempban
- temporary deny list
/var/lib/csf/csf.tempallow
- temporary allow list
/var/log/lfd.log
- LFD log
/usr/local/directadmin/custombuild/configure/csf.pignore
- This file is added & controlled by DirectAdmin, and used for DirectAdmin-specific services/processes to be ignored in the firewall if no /etc/csf/csf.pignore
file exists already. This was added as part of the direct CSF integration feature.