Directories and locations

This article will explain the structure of DirectAdmin and related services. Some of them could be overwritten so we'll start with the default locations as of now.

Main directories and configs

/usr/local/directadmin/ - main server path for the DirectAdmin panel itself.

/usr/local/directadmin/conf/directadmin.conf - main config file for the directadmin service.

/usr/local/directadmin/custombuild/ - the directory for the CustomBuild service.

/usr/local/directadmin/conf/my.cnf - default mysql connection details for the directadmin service. Commonly used commands utilizing these details include the following:

mysql --defaults-extra-file=/usr/local/directadmin/conf/my.cnf
mysqldump --defaults-extra-file=/usr/local/directadmin/conf/my.cnf anydatabase > anydatabase.sql
mysql_upgrade --defaults-extra-file=/usr/local/directadmin/conf/my.cnf --force 

conf/ - the directory containing the main config file, certificates, mysql config, and license

data/admin - the main directory for the admin account

data/session - the directory which stores open sessions of logged-in users

data/skins - the directory containing skins

data/templates - the directory for system templates (used to form configuration files for apache/nginx, dns zones, mails etc.)

data/tickets - the directory containing all tickets from the DirectAdmin Message System

data/users - the directory where all user configs are stored


crontab.conf - the config file for user cronjobs

domains - the directory containing per-domain configs and certificates

domains/domain.com.conf - the main config file for a single domain

domains/domain.com.cust_apache or .cust_nginx - the customized part of a domain's VirtualHost

domains.list - a list of domains belonging to a user

httpd.conf - the main apache config used for all user domains

nginx.conf - the main nginx config used for all user domains

nginx_php.conf - the nginx_php config

php - a directory for PHP-FPM configs

skin_customizations - a directory containing customizations done to skins by that user

user.conf - the main user config file, many global values from directadmin.conf could be overwritten by adding them here.

user_ip.list - a list of IPs assigned to this user

user.usage - usage statistics per user


Used templates

Every single file can be customized after you copy it to the /usr/local/directadmin/data/templates/custom/ directory.

adult.list - the file containing stop words for spam detection filters

block_cracking_notice_denied_path.txt
block_cracking_notice_script.txt
block_cracking_notice.txt
edit_files.txt
email_limit_message.txt
load_check_message.txt
lost_password_email.txt
message_footer.txt
message_tech.txt
message_user.txt
partition_check_message.txt
per_email_limit_email_message.txt
per_email_limit_message.txt
reply_headers.txt
reseller_limit.txt
suspension_reason.txt
user_limit.txt
user_suspension.txt

The above are templates used to send messages or notifications (with the exception of the suspension_reason.txt file, which exists just for customizingopen in new window).

directadmin.conf - the main template for directadmin.conf

dns_aaaa.conf
dns_a.conf
dns_caa.conf
dns_cname.conf
dns_mx.conf
dns_ns.conf
dns_spf.conf
dns_srv.conf
dns_tlsa.conf
dns_txt.conf

The templates used to generate DNS record of a desired type ( A, MX, AAAA, TXT).

named.db - the main template which forms full DNS zone files from the above templates.

nginx_blank.conf
nginx_ips.conf
nginx_php.conf
nginx_protected_directory.conf

The templates used to generate Nginx main config files.

nginx_redirect.conf - a redirection template

nginx_server.conf - nginx section for non-secure domains

nginx_server_redirect.conf - a redirection template for "Redirect to SSL or www" option in DA panel

nginx_server_secure.conf - nginx section for secure domains

nginx_server_secure_sub.conf - nginx section for secure subdomains

nginx_server_sub.conf - nginx section for non-secure subdomains

openlitespeed_context_protected.conf
openlitespeed_ips.conf
openlitespeed_listener.conf
openlitespeed_redirect_vhost.conf
openlitespeed_vhost.conf

The templates used to generate OpenLiteSpeed sections.

virtual_host2.conf - the apache2 section for non-secure domains

virtual_host2_secure.conf - the apache2 section for secure domains

virtual_host2_secure_sub.conf - the apache2 section for secure subdomains

virtual_host2_sub.conf - the apache2 section for non-secure subdomains

zone.conf a zone include syntax to be used in main named.conf


CustomBuild

build - an alias to the da build command

cache/ - the directory for a cache of software packages downloaded form the internet. Cached files are used when reinstalling same software version. Can be removed manually or with the da build clean command.

tmp/ - directory used for storing temporary files during software installations. Usually cleaned-up automatically, however when CustomBuild is running in debug mode (using da build --debug ...) temporary files are not cleaned up and requires to be deleted manually. It is safe to remove the contents of this directory.

configure/ - the directory containing configuration files that are used during software installation

custom/ - the directory where you can copy configuration directories/files from configure/ to customize them for one's own needs

options.conf - the main configuration file for the CustomBuild service. Do not edit directly, but use ./build set option value instead.

custom_versions.txt - the file used to customize any software versions to be installed

versions.txt - the file containing all maintained packages and their latest versions


Log files

The first place you should go when trying to debug a problem is the log file for that program. The list of Log Files are as follows:

/var/log/directadmin/ - a directory with main logs, like:

YYYY-MM-DD.log - the access_log for the directadmin service
Will be deprecated in favor of access.log with the upcoming updates.

access.log - access log for the directadmin service.
Provides information concerning directadmin service access including timestamp, processing time, method, path, referer/origin, authenticated user and authentication type.
Note that, for the time being, it is not fully compatible with all the requests, making some appear as unauthenticated. Despite that a combination of access.log and YYYY-MM-DD.log will provide all the necessary information until full compatibility in the upcoming updates.

error.log - the error log for the directadmin service

errortaskq.log - contains errors resulting from running the dataskq processor

login.log - contains all login attempts (both successful and failed logins)

security.log - contains suspicious incidents across the directadmin service (failed login attempts, abnormal amount of mails sent, attempts at using disabled commands, etc.)

system.log - logs all valuable actions done in the DirectAdmin panel (creating/removing users and domains, renewing certificates, restoring a user, tally details, etc.)

Apache:

/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/httpd/suexec_log
/var/log/httpd/fpexec_log
/var/log/httpd/domains/domain.com.error.log
/var/log/httpd/domains/domain.com.log
/var/log/messages (generic errors)

Nginx:

/var/log/nginx/error_log
/var/log/nginx/access_log
/var/log/nginx/domains/domain.com.error.log
/var/log/nginx/domains/domain.com.log

ProFTPD:

/var/log/proftpd/access.log
/var/log/proftpd/auth.log
/var/log/proftpd/proftpd.tls.log
/var/log/messages (generic errors)

PureFTPd:

/var/log/pureftpd.log

Dovecot and vm-pop3d:

/var/log/maillog
/var/log/messages
/var/log/dovecot-lmtp-errors.log
/var/log/dovecot-lmtp.log

Named (Bind):

/var/log/messages

Exim:

/var/log/exim/mainlog
/var/log/exim/paniclog
/var/log/exim/processlog
/var/log/exim/rejectlog

MariaDB and MySQL:

RedHat:

/var/lib/mysql/server.hostname.com.err

Debian:

/usr/local/mysql/data/server.hostname.com.err

Cron:

/var/log/cron

RSpamd:

/var/log/rspamd/rspamd.log

Other logs

/usr/local/directadmin/custombuild/custombuild.log - contains all calls to ./build file

/usr/local/directadmin/data/users/[username]/login_keys/[keyname]/key.log - login key usage log, multiple per usernames and per key names.

/var/www/html/phpMyAdmin/log/auth.log - a phpMyAdmin failed auth log

/var/www/html/roundcube/logs - a directory containing RoundCube logs


To view a log file, run:

less /var/log/filename

Where /var/log/filename is the path of the log you wish to view. If the log is too large, you can use the "tail" command:

tail -n 30 /var/log/filename

Where 30 is the number of lines from the end you wish to view.

If you know how to reproduce the issue, the common way is to open two consoles to a server, then tail with the follow option in console 1 and reproduce the issue in console 2. You may join several files in a single tail command:

tail -f /var/log/exim/mainlog /var/log/exim/paniclog /var/log/exim/rejectlog /var/log/messages

To exit, press CTRL+C (or COMMANDL+C on Mac).

Configuration paths quick list

Below is list of files and directories that DirectAdmin may use during its normal operation.

Note that some of these files belong to the system and must not be removed. Deleting them would likely destroy your system.

A list can be used if a manual server recovery is required, be careful with first three files.

/etc/passwd
/etc/shadow
/etc/group
/etc/exim.conf
/etc/exim.pl
/etc/exim.dkim.conf
/etc/exim.easy_spam_fighter/
/etc/exim.spamassassin.conf
/etc/exim.srs.conf
/etc/exim.strings.conf
/etc/exim.variables.conf
/etc/exim.variables.conf.custom
/etc/httpd/conf/
/etc/my.cnf
/etc/my.cnf.d/
/etc/system_filter.exim
/etc/exim.cert
/etc/exim.key
/etc/exim.ca
/etc/proftpd.conf
/etc/proftpd.vhosts.conf
/etc/proftpd.passwd
/etc/hosts
/etc/resolv.conf
/etc/dovecot.conf
/etc/ssh/sshd_config
/etc/virtual/
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/ips.conf
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.crt/server.ca
/etc/httpd/conf/ssl.key/server.key
/etc/httpd/conf/extra/
/etc/pureftpd.pdb
/var/spool/cron/
/var/spool/exim/
/var/www/
/var/log/
/usr/local/directadmin/
/usr/local/lib/php.ini
/var/spool/cron/
/home/

OS dependent paths

MySQL databases:

/var/lib/mysql/ 

/home/mysql/ on Debian

Named config:

/etc/named.conf

/etc/bind/named.conf on Debian

Named zone files:

/var/named/

/etc/bind/ on Debian

3rd party services:

/etc/container
/var/installatron/
/usr/local/installatron/
CSF

The following are the most commonly used files for CSF/LFD on DirectAdmin (note that there are many more files for CSF/LFD, especially in the /etc/csf and /var/lib/csf directories):

/etc/csf/csf.conf - configuration file

/etc/csf/csf.deny - permanent deny list

/etc/csf/csf.allow - permanent allow list (IPs in this list bypass closed ports, but can be blocked by LFD for login failures)

/etc/csf/csf.pignore - process ignore file (firewall alerts won't be sent regarding services in this list, for example: memcached is installed and legitimate on your server, so you would add it to this list to stop alerts regarding it)

/etc/csf/csf.ignore - ip/cidr ignore list (IPs in this list shouldn't be blocked even if they exceed the configured login failures for LFD blocking)

/var/lib/csf/csf.tempban - temporary deny list

/var/lib/csf/csf.tempallow - temporary allow list

/var/log/lfd.log - LFD log

/usr/local/directadmin/custombuild/configure/csf.pignore - This file is added & controlled by DirectAdmin, and used for DirectAdmin-specific services/processes to be ignored in the firewall if no /etc/csf/csf.pignore file exists already. This was added as part of the direct CSF integration feature.

Last Updated: