Hi, I checked out ISPConfig 3.3 Beta 1 on the following environment: Single VPS server with Apache, PHP 8.3 (default) and PHP 8.4 (sury). Running Ubuntu 24.04 LTS, upgraded to every LTS release since 16.04 LTS. Browser used: Firefox 137.0. I thought I would give some feedback. It might not be specific to 3.3. Feel free to reach out if I can help you narrowing down any of this. Thank you for the free software! 1) PHP Priority ---------------- To me it seems impossible to have PHP 8.4 as the default choice in Websites. In System -> Additional PHP versions -> PHP 8.4 -> Priority -> Tooltip, it says: "Default PHP has priority of 0 if enabled. Lower value has higher proirity." To me, that means that I should put a lower number than 0 in this field. If I put in "-84" (minus 84), it gets accepted but does not work as expected. In fact it causes the default PHP 8.3 to not show up in the list on websites, even though Server Config -> Web -> PHP Settings -> Hide Default PHP-Version is unchecked. 2) PostgreSQL database backup fails ----------------------------------- Both as a backup interval and manual backup, an error occurs: "Failed to make backup of database sub_domain_tld, because mysqldump failed". I do have the mysqldump command available. The command I used to install PostgreSQL is "apt install postgresql" which installs postgresql-17. I think there should be some documentation on which packages to install. 3) Amount of Reseller Database users ------------------------------------ Create a reseller limit template with the following: Max Database users: -1 Apply the reseller template to the reseller. Log in as a reseller, create a database and save. Resulting error: The max. number of databases is reached. I'm not 100% sure if other steps are involved. 4) Client Address etc. ---------------------- If I'm not wrong, in the past there were both a "contact firstname" and "contact lastname" field. Now, there's just a "contact firstname". If I fill it out, like this example: Contact name: Peter Hansen, Contact firstname: Peter When logging in (as a reseller at least) it says Welcome "Peter Peter Hansen" which seems odd. By the way, it would be very convenient if the requied fields were the top ones. 5) Offensive terms ------------------ A lot of software projects has mitigated from offensive term in their software. For example, master/slave, blacklist/whitelist has been replaced by blocklist/allowlist or denylist/acceptlist or exclude/include. Just for your info. 6) Columns and sorting etc. --------------------------- Sites -> Subdomains/Aliasdomains: Missing "Domain" text in column. Sites -> Backup Stats: Cannot be sorted. Email -> Alias/Forward/Cachall: Lowercase "source" text. Help -> FAQ: Cannot be sorted. System -> Extension: Cannot be sorted. System -> Languages : Cannot be sorted. Dashboard -> All those cannot be sorted. 7) Other small observations ---------------------------- I implemented the "top menu home fix" from the issue tracker and it worked. I cannot get the top menu exactly as I want it. I've changed in the database to dashboard,client,sites,mail,dns,admin,tools,help,monitor (admin = system) and it mostly works, except the last four which shows as monitor,help,tools,admin. Most often, the system shows fx. 1024 as 1024 MB but on the home page it shows it as 1 GB. Apache Directives has a monospace font as apparently the only input box in the system. 8) Problems with Jailkit/SSH/SSH User -------------------------------------- This is probably an issue with my specific system only. I might create another thread for this with more details. I did not event try to set this up before upgrading to 3.3 Beta 1. I put in these settings: System -> Additional PHP versions -> PHP 8.4 -> PHP-CLI Settings -> -> Path to the PHP CLI binary: /usr/bin/php8.4 -> PHP Jailkit section: php8_4 After creating a SSH user, I get the following: ISPConfig Error Log: Error executing jk_init command: ERROR: jail directory basicshell is not safe. I also got an email: Subject: *** SECURITY information for sub.domain.tld *** Date: Wed, 2 Apr 2025 04:17:01 +0200 (CEST) sub.domain.tld : Apr 2 04:17:01 : webX : user NOT in sudoers ; TTY=pts/1 ; PWD=/var/www/clients/clientX/webX/home/sub.domain.tld ; USER=root ; COMMAND=/usr/bin/su Again, I might create another thread for this with more details and such. X) That's it ------------ I will add a new post if I find more I think is worth mentioning. Thanks again!
I haven't tested it myself but I don't think that negative values will work here. Use something in between the range of 1 and 100. That's something that we should check though, wether it's possible to set negative values or not. Imho it should not be possible. If you want to hide the default PHP version in the website settings (which I would highly recommend) then "Server Config -> Web -> PHP Settings -> Hide Default PHP-Version" must be checked. How did you install MySQL/MariaDB? The mysql command must be accessible and executable by the ISPConfig user. Regarding postgresql: Till wrote something about the steps somewhere in the forum recently, but I generally agree that there should be some sort of documentation. I guess that this topic will be also covered in the future by the installer and maybe by a Perfect Server tutorial. Here is the link: https://forum.howtoforge.com/threads/postgres-configuration-with-3-3-0b1.94091/#post-465134 Haven't had any problems with that yet. It would be interesting to see the jk_init.ini that you use. Do you use some sort of Apparmor/Selinux for server security? What the PHP version have you set as default? PHP 8.3 or PHP 8.4? Some of your problems could be related to the PHP version you are using.
Regarding Postgresql, there is no support for postgresql database backups in ISPConfig yet. We might implement that in future.
Sorry if I sound harsh, I'm not, English is not my first language As I wrote, this system was installed with 16.04 - way before the autoinstaller. I've always looked at the tutorials and the autoinstaller source code for missing packages etc. after each OS and ISPConfig release. 1) PHP versions and priority If the default system PHP version is 0 and lower values has higher priority, then it's not possible to give higher priority to other PHP versions if negative values are not allowed. I prefer to have the latest and the next-latest version available in the website list with the latest as default. I had a Nextcloud site that didn't support 8.4 until a few weeks ago so I had to use 8.3. My point was more that, if a negative value is set in that proirity field, the default system PHP version (8.3) does not show up as a select option for a website in my case. Only 8.4 version shows up. I only have 8.3 and 8.4 installed. All --update-alternatives are all php8.3. Handlers are PHP-FPM and Fast-CGI only. To my knowledge there are no place to set the default version in the interface. That's what priorities are for? 2) How did I install MySQL/MariaDB? I guess I was following a perfect server tutorial for Ubuntu 16.04. I've never had an issue with MySQL/MariaDB backups and those backs up daily as expected. It's just happening to a PostgreSQL database I created for testing. I did check that PostgreSQL checkbox and also saw Tills answer yesterday. Thanks Till for the info that PostgreSQL backups are not supported. I guess it's a bug that the system tries to back them up then. 8) Jailkit My /etc/jailkit/jk_init.ini is exactly the one from the 3.3 beta 1. When creating a shell user with jail and logging in with that with putty for example, the window closes immediatly after successful login. Server Config -> Jailkit: Jailkit chroot home: /home/[username] Jailkit chroot app sections: basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh php Jailkit chrooted applications: /usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico /usr/bin/mysql /usr/bin/mysqldump /usr/bin/git /usr/bin/git-receive-pack /usr/bin/git-upload-pack /usr/bin/unzip /usr/bin/zip /bin/tar /bin/rm /usr/bin/patch Jailkit cron chrooted applications: /usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php /usr/bin/php8.3 /usr/bin/php8.4 Jailkit authorized_keys template: /root/.ssh/authorized_keys I now see that older website symlinks in /var/www is root:root and newer ones are root:www-data. I'm not sure if it can have anything to do with it. While testing this, creating a few different SSH users, SSH to the system locks up and becomes unresponsive. I don't know if the system is generating SSH keys or something in the background that could cause that issue. Yes, I just found out that I did in fact have AppArmor installed. I would prefer not to but I just disabled it. I will investigate further. Thanks!
If you just want PHP 8.3 and PHP 8.4 to show up then disable the default PHP version and use positive numbers for 8.3 and 8.4 Like 5 for 8.4 to show at first position and 10 for PHP 8.3 at second position (and so on). Yes, that's correct that you can't set the default version for the OS in the interface. PHP 8.3 should be fine and should work with ISPConfig. Only PHP 8.4 isn't - afaik - compatible with ISPConfig yet. You are missing coreutils in the app sections and with the new PHP shell version implementation you don't need to specify anymore the PHP application in "Jailkit cron chrooted applications" as long as the PHP Jailkit section was specified for the PHP version. In that case you can safely remove /usr/bin/php8.3 and /usr/bin/php8.4 from "Jailkit cron chrooted applications"! Another culprit could be the Jailkit configuration of the webspace itself. Under the options tab of the webspace you can override the Jailkit configuration and if that configuration is incomplete, the jail will eventually end up unusable. Did you configure any settings there in the options tab? If you did so, remove them. I dunno about the symlinks and AppArmor. I don't use Ubuntu. Maybe someone else who knows Ubuntu better can say something about AppArmor, if it could be the cause of the problem you are experiencing. I know that Selinux, which is default on RHEL, can cause trouble if it is set to enforcing mode. That's why I asked if either of both is enabled. Did you already have a look at the ISPConfig log files and does it contain any PHP warnings or errors? It may also help to enable the debug mode in ISPConfig to see more details about what is going on.
I was about to post the following, a few seconds before your last answer: I disabled AppArmor and rebooted. I does not seem to have made a difference. Here are some output from tail: Code: ==> /var/log/auth.log <== 2025-04-04T17:51:01.396857+02:00 mail useradd[15583] new user: name=testuser2083, UID=5037, GID=5022, home=/var/www/clients/client20/web47/home/testuser2083, shell=/bin/false, from=none 2025-04-04T17:51:01.478319+02:00 mail usermod[15602] lock user 'testuser2083' password ==> /var/log/ispconfig/cron.log <== fre 4 apr 17:51:01 CEST 2025 PHP Warning: Array to string conversion in /usr/local/ispconfig/server/plugins-available/shelluser_jailkit_plugin.inc.php on line 389 ==> /var/log/ispconfig/ispconfig.log <== 04.04.2025-17:51 - ERROR - Error executing jk_init command: ERROR: jail directory basicshell is not safe Usage: /sbin/jk_init [OPTIONS] Usage: /sbin/jk_init [OPTIONS] -j jaildir sections... -h --help : this help screen -c, --configfile=FILE : specify configfile location -l, --list : list all available sections in the configfile -j, --jail= : specify the jail to use. For backwards compatibility, if no jail is specified, the first argument after the options will be used as jail -v, --verbose : show what is being done -f, --force : force overwriting of existing files -k, --hardlink : use hardlinks if possible ==> /var/log/ispconfig/cron.log <== fre 4 apr 17:51:01 CEST 2025 ERROR: /var/www is writable by group or others!04.04.2025-17:51 - ERROR - Error executing jk_init command: fre 4 apr 17:51:01 CEST 2025 ERROR: jail directory basicshell is not safe fre 4 apr 17:51:01 CEST 2025 fre 4 apr 17:51:01 CEST 2025 Usage: /sbin/jk_init [OPTIONS] fre 4 apr 17:51:01 CEST 2025 Usage: /sbin/jk_init [OPTIONS] -j jaildir sections... fre 4 apr 17:51:01 CEST 2025 fre 4 apr 17:51:01 CEST 2025 -h --help : this help screen fre 4 apr 17:51:01 CEST 2025 -c, --configfile=FILE : specify configfile location fre 4 apr 17:51:01 CEST 2025 -l, --list : list all available sections in the configfile fre 4 apr 17:51:01 CEST 2025 -j, --jail= : specify the jail to use. fre 4 apr 17:51:01 CEST 2025 For backwards compatibility, if no jail is specified, the first fre 4 apr 17:51:01 CEST 2025 argument after the options will be used as jail fre 4 apr 17:51:01 CEST 2025 -v, --verbose : show what is being done fre 4 apr 17:51:01 CEST 2025 -f, --force : force overwriting of existing files fre 4 apr 17:51:01 CEST 2025 -k, --hardlink : use hardlinks if possible fre 4 apr 17:51:01 CEST 2025 fre 4 apr 17:51:02 CEST 2025 ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!ERROR: /var/www is writable by group or others!PHP Warning: file_put_contents(/var/www/clients/client20/web47/var/run/motd): Failed to open stream: No such file or directory in /usr/local/ispconfig/server/lib/classes/system.inc.php on line 866 ==> /var/log/auth.log <== 2025-04-04T17:51:02.734737+02:00 mail usermod[15675] change user 'testuser2083' home from '/var/www/clients/client20/web47/home/testuser2083' to '/var/www/clients/client20/web47/./home/testuser2083' ==> /var/log/ispconfig/cron.log <== fre 4 apr 17:51:02 CEST 2025 invalid shell, /var/www/clients/client20/web47/bin/bash does not exist fre 4 apr 17:51:02 CEST 2025 PHP Warning: opendir(/var/www/clients/client20/web47/usr/bin): Failed to open directory: No such file or directory in /usr/local/ispconfig/server/lib/classes/system.inc.php on line 3147 ==> /var/log/auth.log <== 2025-04-04T17:51:02.831385+02:00 mail usermod[15695] unlock user 'testuser2083' password And ls -la /var/www Code: drwxrwsr-x 8 root root 4096 apr 1 20:46 . drwxr-xr-x 17 root root 4096 sep 21 2024 .. lrwxrwxrwx 1 root www-data 31 mar 20 20:39 website -> /var/www/clients/client7/web69/ drwxr-xr-x 2 ispapps ispapps 4096 jan 21 2023 apps lrwxrwxrwx 1 root root 31 apr 15 2018 website -> /var/www/clients/client7/web44/ lrwxrwxrwx 1 root root 32 dec 16 2019 website -> /var/www/clients/client26/web57/ lrwxrwxrwx 1 root root 31 sep 30 2019 website -> /var/www/clients/client7/web15/ drwxr-xr-x 12 root root 4096 apr 1 03:59 clients lrwxrwxrwx 1 root root 32 sep 30 2019 website -> /var/www/clients/client21/web55/ drwxr-xr-x 8 root root 4096 apr 2 05:35 conf lrwxrwxrwx 1 root root 31 apr 29 2017 website -> /var/www/clients/client7/web23/ lrwxrwxrwx 1 root root 31 apr 29 2017 website -> /var/www/clients/client7/web24/ lrwxrwxrwx 1 root www-data 32 apr 1 06:08 website -> /var/www/clients/client36/web70/ lrwxrwxrwx 1 root www-data 32 apr 1 20:43 website -> /var/www/clients/client36/web71/ drwxr-xr-x 6 root www-data 4096 mar 29 09:49 html lrwxrwxrwx 1 root root 31 mar 2 2017 website -> /var/www/clients/client7/web17/ lrwxrwxrwx 1 root root 34 apr 26 2016 ispconfig -> /usr/local/ispconfig/interface/web lrwxrwxrwx 1 root root 31 apr 29 2017 website -> /var/www/clients/client7/web20/ drwxr-xr-x 4 root root 4096 jun 11 2018 php-fcgi-scripts lrwxrwxrwx 1 root root 32 jul 22 2018 website -> /var/www/clients/client20/web47/ lrwxrwxrwx 1 root root 31 okt 3 2020 website -> /var/www/clients/client7/web61/ lrwxrwxrwx 1 root www-data 32 apr 1 20:46 website -> /var/www/clients/client36/web72/ lrwxrwxrwx 1 root root 32 sep 21 2020 website -> /var/www/clients/client27/web48/ lrwxrwxrwx 1 root root 32 sep 21 2020 websitek -> /var/www/clients/client27/web49/ drwxr-xr-x 2 root root 20480 mar 21 06:32 webalizer
PHP 8.3 IS the PHP version that Ubuntu 24.04 ships with. I only have one additional version installed, PHP 8.4. I added coreutils to Jailkit chroot app sections and removed /usr/bin/php8.{3,4} from Jailkit cron chrooted applications. I will test it later. I have nothing configured in any of the two jailkit fields on the options tab on any website.
