Through the web interface (domain Apache directives) I have already seen that it cannot be done (apache_directive_blocked_error) for security reasons. If I add LogFormat and CustomLog to vhost.conf.master it works, but for all domains. Is adding them to vhost.conf.master safe and permanent? (if there was no way to do it on a single domain, this option would work for me). Thanks!
Adding it to the vhost.conf.master is the way to do it. Just make sure that you save your changes to the vhost.conf.master in conf-custom folder instead in the conf/ folder, otherwise your changes get overwritten by the next ISPConfig update.
Would the following be the proper way to do this? 1. Now: # cp -ar /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/vhost.conf.master # nano /usr/local/ispconfig/server/conf-custom/vhost.conf.master Add my customizations. # systemctl restart apache2 2. After the next ISPConfig 3 update: # rm /usr/local/ispconfig/server/conf-custom/vhost.conf.master # cp -ar /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/vhost.conf.master # nano /usr/local/ispconfig/server/conf-custom/vhost.conf.master Add again my customizations. # systemctl restart apache2 Thanks!
There is no need to re-add customizations after an update as all changes in /usr/local/ispconfig/server/conf-custom/ are update safe. So all you do is: cp -pf /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/vhost.conf.master nano /usr/local/ispconfig/server/conf-custom/vhost.conf.master That's all, no apache restart as the template gets applied on config change by ISPConfig, it has no effect on existing sites until you change them or until you use Tools > resync to force an update on existing sites.
From what I have read in another thread, the sites should be resynchronized before restarting Apache (ISPConfig 3 -> Tools -> Resync): # rm /usr/local/ispconfig/server/conf-custom/vhost.conf.master # cp -ar /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/vhost.conf.master # nano /usr/local/ispconfig/server/conf-custom/vhost.conf.master Add again my customizations. Resync the sites via ISPConfig 3 (Tools -> Resync). # systemctl restart apache2 Would this be the correct way? Thanks!
Will the default host.conf.master file always be the same? Will I never have changes that would interfere with the copy I make today in conf-custom? Noted. Thank you!
Of course, there might be changes in future that need to be incorporated into the config, but not every update changes the file. The updater will ask you what to do with your custom config during update and you have to decide then if you want your custom config or the new one from ISPConfig.
Thank you very much! \ ;-) I have a few more questions (sorry for my ignorance): 1. About the option above (conf-custom/vhost.conf.master): The following is working correctly: LogFormat "%h %l %u %t \"%r\" %>s %b \"%{SSL_CLIENT_S_DN}x\" \"%{SSL_PROTOCOL}x\" \"%{SSL_CIPHER}x\"" ssl_custom CustomLog /var/log/ispconfig/httpd/{tmpl_var name='domain'}/ssl_access.log ssl_custom The ssl_access.log files are being created automatically: will they also rotate automatically so they don't grow too large? 2. About the option of getting this only on one domain: 2.1. Would it be advisable to use a script that automatically adds the LogFormat and CustomLog lines to the domain.tld.vhost file after each update of the file by ISPConfig 3? 2.2. Would it be advisable to use a domain.tld.vhost file independent of ISPConfig 3 on a server managed with ISPConfig 3? Thanks!
No, you must write your own scripts for that. ISPConfig rotates only its own logs. Sure, you can do that if you prefer it this way. You can add custom apache config files as long as they are not for websites managed in ISPConfig.
1. I will look into record rotations. 2. I like option 2.1 better than 2.2, if only for the convenience of having ISPConfig handle Let's Encrypt renewals. Thank you very much!
Does this resync also work for changes in postfix and/or dovecot templates, or is an update --force reconfigure required?
Tools > Resync is for runtime config only. For global configs like postfix config files, you must do an ISPConfig update.
