Tips/Tricks/Mods

Using ISPConfig as Reverse Proxy with Docker for Hosting Multiple Joomla Sites (Best Practice?)

invalid@example.com (Marcio Urakawa) — Fri, 17 Apr 2026 18:04:06 +0000

I’m currently working on a large-scale Joomla migration project at a university environment (around 500 websites), all currently managed through ISPConfig.

Our goal is to modernize the stack and standardize deployments, and I’m considering an architecture where:

ISPConfig continues to handle:
- Domain management
- DNS
- SSL (Let’s Encrypt)
- Storage quotas
While Docker is used to run the actual Joomla applications

The idea is to configure ISPConfig...

Using ISPConfig as Reverse Proxy with Docker for Hosting Multiple Joomla Sites (Best Practice?)

ISPConfig 3.3.1p1 + nginx + nextcloud

invalid@example.com (gammelobst) — Thu, 09 Apr 2026 16:41:48 +0000

Hi,
since i haven't found working code-snippets to get it working, i'll post mine here.
Add a new website and add to options:
in php.ini

Code:

memory_limit = 8G
upload_max_filesize=15G
post_max_size=15G
max_execution_time = 3600
max_input_time = 3600
opcache.enable_cli=1
opcache.save_comments=1
opcache.revalidate_freq=60
opcache.validate_timestamps = 0
opcache.interned_strings_buffer=256
opcache.memory_consumption=256
opcache.jit = 1255
opcache.jit_buffer_size = 128
output_buffering=0

...

ISPConfig 3.3.1p1 + nginx + nextcloud

Ioncube Loader Script for Multiple PHP Versions

invalid@example.com (ahrasis) — Tue, 24 Mar 2026 01:35:32 +0000

I thought of sharing this for those who need it, though one may found that this method is a little different than other tutorials available (or may be more) but I believe that this is how this php module should be managed, so enjoy.

Code:

# Donwload, extract & move respective Ioncube Loader .so file accordingly
cd /tmp
sudo  wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
sudo  tar xzf ioncube_loaders_lin_x86-64.tar.gz
cd ioncube
if [ -e...

Ioncube Loader Script for Multiple PHP Versions

Implement sender rewriting scheme in an ISPConfig mailserver part 2

invalid@example.com (remkoh) — Sun, 22 Mar 2026 09:13:20 +0000

Part 1 of this tutorial can be found here:
https://forum.howtoforge.com/thread...heme-in-an-ispconfig-mailserver-part-1.89827/
Where the basic installation of Postsrsd and implementation in Postfix is covered.

Part 2 covers the recovery of the broken functionality behind ISPConfig's ability to configure a relayhost per domain and entire host.

For this we need to setup a second Postfix instance.
I've called mine "postfix-relay" in...

Implement sender rewriting scheme in an ISPConfig mailserver part 2

dovecot 2.4 auth: Error: sql: Invalid password in passdb: Weak password scheme 'MD5-CRYPT'

invalid@example.com (fireba11) — Fri, 20 Mar 2026 03:53:31 +0000

After upgrading to debian 13 and now also upgrading dovecot (held it back untill the ispconfig release :-D) mail Login failed with
auth-worker(...)<2382351>: request [32]: Error: sql: Invalid password in passdb: Weak password scheme 'MD5-CRYPT' used and refused

Apparently the Mail logins (yes thos might be quite old :-D) are stored in an old somewhat insecure format in the database, making dovecot 2.4 unhapy.
Workaround is adding
auth_allow_weak_schemes = yes
to your dovecot config....

dovecot 2.4 auth: Error: sql: Invalid password in passdb: Weak password scheme 'MD5-CRYPT'

[Tool] ISPConfig DNS TTL Bulk Migration Script (Backup + Rollback) – useful for server migrations /

invalid@example.com (Andreas Friedrich) — Mon, 16 Mar 2026 22:15:54 +0000

Hello everyone,

while preparing a migration of my ISPConfig hosting environment to a new server infrastructure including an upgrade to Debian 13, I needed a reliable way to reduce the TTL of many DNS records at once.

Lowering the TTL before a migration is a common best practice because it ensures that DNS changes (for example switching services to new server IPs) propagate quickly when the actual migration happens.

Since I could not find a simple tool that performs this...

[Tool] ISPConfig DNS TTL Bulk Migration Script (Backup + Rollback) – useful for server migrations /

[Solution] Per-Domain Mail SSL/TLS SNI for Dovecot & Postfix on ISPConfig 3.x

invalid@example.com (haluk yildirim) — Wed, 04 Mar 2026 12:05:45 +0000

Hi everyone,

I've been running ISPConfig 3.3.0p3 with 38 mail domains on a single server and ran into the well-known issue where all mail clients receive the same SSL certificate regardless of which domain they connect to. If a client connects to mail.example.com but the server certificate is for mail.server.com, users see SSL hostname mismatch warnings.

This is tracked in the ISPConfig GitLab as:
- #3794 — Dovecot SNI support
- #6074 — Postfix 3.4 TLS SNI Mapping
- #6075 — Dovecot...

[Solution] Per-Domain Mail SSL/TLS SNI for Dovecot & Postfix on ISPConfig 3.x

Let’s Encrypt rate limits

invalid@example.com (Alex Mamatuik) — Fri, 06 Feb 2026 12:53:24 +0000

It would be nice to have an add-on for the ISP Config admin. panel to see real certificate issuance rate limits for domains, in case they are reached.

While configuring the reverse proxy, i discovered, that the SSL part had stopped interacting with the Let's Encrypt.

It turned out, that the domain was being blocked...

Let’s Encrypt rate limits

PHP 8.5 in ISPConfig 3.3.1

invalid@example.com (vjoon Support) — Wed, 04 Feb 2026 00:03:17 +0000

Hi there, this is just a question about a possible "don't do it" with PHP 8.5.
We are running an ISPConfig installation on Ubuntu 24.04.3 LTS with ISPConfig 3.3.0p3. We consider the installation well maintained. At some point we have previously added additional PHP versions following the HowTo https://www.howtoforge.com/ispconfig-php-ubuntu/ So far everything is working fine. We would want to add PHP 8.5 for some of the hosted sites (which is not yet part of the tutorial)....

PHP 8.5 in ISPConfig 3.3.1

Monitor OS Default Php In Multiple Php And Restore If Changed

invalid@example.com (ahrasis) — Sun, 25 Jan 2026 06:28:23 +0000

I found that default php for Ubuntu may be changed when updating php in multiple php environment or when new version of php is out and/or added, so I wrote this script to cover wider OS version as follows:

1. Create an executable bash script for checking and restoring OS default php. E.g. /usr/share/default-php/default-php.sh

Code:

#!/bin/sh
### BEGIN INIT INFO
# Provides: Check default OS php & restore if it was changed
# Required-Start:  $local_fs $network
# Required-Stop:  $local_fs
#...

Monitor OS Default Php In Multiple Php And Restore If Changed

Improving the security of PHPMyAdmin and rspamd (UI)

invalid@example.com (Th0m) — Wed, 10 Dec 2025 15:04:12 +0000

Disallow access for certain database users in PHPMyAdmin
Add this to the end of the PHPMyAdmin config (/usr/share/phpmyadmin/config.inc.php):

Code:

// Disallow login from root and ispconfig users
$cfg['Servers'][$i]['AllowRoot'] = FALSE;
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'] = array(
    'deny ispconfig from all',
    'deny debian-sys-maint from all',
);

(Thanks @Jesse Norell for this snippet)...

Improving the security of PHPMyAdmin and rspamd (UI)

change default dkim_select selector

invalid@example.com (Matteo Cisilino) — Tue, 04 Nov 2025 16:24:11 +0000

Hello ,
I would like to know if exists a way to customize the value of "dkim_selector" server wide .
in the database structure "default" is the value of the field . but if I change it ( on the master server ) it no retrived in the maildomain DKIM tab .

ISPConfig kamikaze installation on Rocky Linux 9.4

invalid@example.com (Stanislav Panayotov) — Sat, 25 Oct 2025 08:22:48 +0000

I'm using this tutorial "The Perfect Server CentOS 8 with Apache, PHP, Postfix, Dovecot, Pure-FTPD, BIND and ISPConfig 3.2" to point 5 with no problems. After that I install Remi repository for PHP and some other repositories:
dnf repolist
repo id repo name
appstream Rocky Linux 9 - AppStream
baseos Rocky Linux 9 - BaseOS
epel...

ISPConfig kamikaze installation on Rocky Linux 9.4

HOWTO: Add Time To Serve to GoAccess (Debian 12 Perfect Server setup)

invalid@example.com (Mark P) — Mon, 13 Oct 2025 15:35:12 +0000

Introduction
I recently installed my first Debian 12 Perfect Server and wanted to include the %D metric in GoAccess so I could spot potential performance issues on specific web pages. There wasn't really a clear guide on how to implement this so I am writing up this quick tip/trick/mod post for anyone trying to add this functionality to their GoAccess statistics...

HOWTO: Add Time To Serve to GoAccess (Debian 12 Perfect Server setup)

Custom Login For elFinder Web FTP Filemanager

invalid@example.com (ahrasis) — Sun, 12 Oct 2025 10:19:08 +0000

Just one you could try on your own if you are using elFinder Web FTP Filemanager, that you may have installed using the ISPConfig tool (https://forum.howtoforge.com/thread...install-auto-update-tool-for-ispconfig.91151/)

Like always, backup your elfinder.html and index.html, and then delete both files. Create and fill in the new index.php as follows:

Code:

Custom Login For elFinder Web FTP Filemanager

Rspamd - Filter for Google Groups Spam

invalid@example.com (pyte) — Fri, 10 Oct 2025 07:15:39 +0000

Explanation of the Problem

We received a lot of spam from Google Groups in the past year due to technical design of Google Groups, spammers have an easy option to distribute large amount of spam from valid Google mail servers. There are a few key issues with Google Groups:

Victims don't need to opt-in for Google Groups. Spammers can just add E-Mailadresses as they like
Unsubscribing is not possible, because in most cases the spammers set the group to private which makes...

Rspamd - Filter for Google Groups Spam

Disable two factor authentication for admin user in ISPConfig

invalid@example.com (Gordon Fielden) — Wed, 20 Aug 2025 19:19:34 +0000

Help !!! after asking for this to added to ispconfig, I've rushed in and enabled it (email) but didn't check the email address, is there a way to disable it ?

Nginx FastCGI cache directory permissions problem

invalid@example.com (Sergio W.) — Wed, 13 Aug 2025 11:14:30 +0000

Hi everyone,
I'm really struggling with a persistent file permission issue with Nginx's fastcgi_cache, and I'm hoping someone can spot what I'm doing wrong.
I need Nginx to create its cache files with 664 permissions. This is so WordPress can purge the cache files created by Nginx. The core of the conflict is that Nginx creates the cache files as www-data:www-data, but the PHP-FPM process that needs to purge them runs as web1:client1.

The problem is that no matter what I try, Nginx creates...

Nginx FastCGI cache directory permissions problem

Uninstall Automail

invalid@example.com (Wade John Beckett) — Sun, 10 Aug 2025 14:58:50 +0000

Hiya,
I trust you are well.

I'm not getting this automail setup by schall @it right: https://schaal-it.dev/en/blog/ispconfig-automail/

How do I delete the config and uninstall the plugin?

Also, I am getting a "CSRF attempt blocked." when deleting the Automail entry.

making cron get the real username for a ssh only client

invalid@example.com (pannet1) — Wed, 23 Jul 2025 20:03:25 +0000

Apologies if i am not posting in the correct forum/thread.

i want to run a common shell script for all my python ssh clients, from cron. it looks like the below roughly

Code:

#!/bin/env bash
ACTUAL_HOME="$HOME/home/"

export PATH="$ACTUAL_HOME/.local/bin:$PATH"
export PYTHONPATH="$ACTUAL_HOME/.local/lib/python3.11/site-packages"

PROJECT="$ACTUAL_HOME/no_venv/my_python_project"

sess="tmux-session"
if tmux has-session -t "$sess" 2>/dev/null; then
  echo "[$(date)] Session...

making cron get the real username for a ssh only client