New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Actually I think it is creating less support load to be created that way as in DA I can claim that as companies that early adopted Free SSL using the https://letsencrypt-for-cpanel.com released months before cPanel launched their free SSL.... never switched to AutoSSL
(I can claim that for us and couple of other companies and I think SiteGround is the biggest one of them ... They are using it on Its cPanel servers (et least I think I saw it on their cPanel servers at 2018 when we were doing a migration )
If you wandering why creates less support and admin support load vs the Auto SSL way of doing things ?
Example support load with letsencrypt-for-cpanel.com
1 User ask for where is my Free SSL => Level 1 Support just point it to a help article how to add Let's Encrypt with 3 clicks for your site... In case of an issue Level 1 can Investigate plugin behavior
It is done even more intelligent in DA as you get the error like a message so the Level 1 can chust check that message whet he/she click on the small smtalk
in the top right corner 
without doing another request or check if the domain is pointed ... It is small time cut but that adds up....
VS Auto SSL Support Load
2 Well a lot of Users (with capital U) sites are still not SSL ready (have mixed content) or become not ssl ready when they test a theme ... - that happens almost on every one of the on servers which we tested with AutoSSL... When chrome redirected such User to ssl sites and broke the design they always opened a support request for a broken website on some ceases they even tried to restore sites with jetbackup before contacting us for broken site... (which also adds server load and make this User customers more angry/ unhappy in the tickets ) Adds time to tell to this client that he/ she do not have a broken site but mixed content that got to be fixed ...
So we stick with letsencrypt-for-cpanel on our cPanel servers and I we think DA did it right way
Have you tried to reproduce any of them on that version? Referer checks are in-effect long time before this report. More information: https://help.directadmin.com/item.php?id=619. Meaning reported of https://www.exploit-db.com/exploits/38110 had referer checks disabled in directadmin.conf and this poses a security risk.
not sure if posted before but regarding the DA themes, so here is cpanel basic boring theme, not responsive at all https://imgur.com/CkUrzFI , then we get to directadmin, same size window and https://imgur.com/DNdy9R6 only the widgets are showing sure its responsive but how much space it is using and doesnt even show the important stuff!!!! (it should collapse the widgets and not the main options), so I increase the size of window and you get this https://imgur.com/hR9EhwV , ahh better but still comparing we have 12 options on DA vs 22 options on Cpanel and Cpanel has lots of wasted space.
Beside that like i said DA is noticeably slower, its not well organized with various options that seem repeated like ftp options, the responsive design is clearly not well implemented, so yeah not good.
I've replied you on that other thread, but.. I'd appreciate reply here, if possible
Thanks!
@smtalk ohh sure
1) Did you try clicking top-right corner for navigation? If this is what you're looking for.
Oh i know its there, but that's not the point, this isn't a android app with hamburger menu, it should always show the most important stuff first, even in android some apps hide the most important stuff in the menu, if you go to a webpage on the mobile should it show the article and hide menu/sidebar or should it show the sidebar/menu and hide the article....
also why is the widget bar so huge with barely any info? its just small info doesn't need all that space, why widgets anyways, it should just be basic info and if you click a button show everything if its small it will all fit with spare space... if it was me designing on the first resize the widget bar would lose the bars and just show the text and on the last resize it would fold to the bottom/top as a bar with only the basic info, i would never put it into a hamburger menu...
2) "Beside that like i said DA is noticeably slower" may you name a specific page so that we could check it?
Humm pretty much all of it, it all feels slow, doesn't help with all those loading animations, shading and white layovers, all feel like a delay and since lots of the options and choices you need to do require a lot of clicks it just makes it even slower...
As a sidenote for instance adding multiple forwards e-mails on DA is way better than cpanel, so its not all bad.
I have a DA reseller account, but all the sites are mine, but i want a username for each domain and i want to jump from one account to another, with DA you have a reseller/user for the main domain, and then you have to go to a different user and login on that one and if you want to go to another account, you have to log out of the user account and login back... its quite painful to just quickly check 2 accounts and if i need to make a change on all accounts it will take a lot of time, o cpanel you have a quick dropdown of all the users while you are logged as reseller.
Also main page of the reseller has 2 search boxes on the main page, no need, confusing.
Ftp manager has same icon as file manager.
Catch all e-mail should be on the e-mail section.
System Info should be in the end with Support & Help, mostly because having Advance Features and then Extra Features with System Info in the middle is confusing or let me move the sections, that's fine too or better yet hide some sections.
There are usability issues, like when you go into like Mysql Management, i know it says Password / Change Password and Privileges / Modify Privileges, but that organization looks like its showing info and not giving you options, you need a arrow/icon or at least the text must have underscore so people know its a link with options, also it cant be that spaced out, its a option, move it all to the left, spaced out like that it looks like information, not options, or change the links into buttons, again on the left! and remove the Password and Privileges headings
It doesn't need a lot information but it needs to supply the basics, if you make a new e-mail account it needs to tell you or have available on the page the mail domains to connect and the ports that are open to use, if i make a account on DA i need to figure out whats the port for smtp with ssl... unknown....
On the software side cpanel has sftp available with ssh disable, on DA it seems that you need ssh enable to be able to use sftp that's a pain as well.
Uhh i think thats enough for now, overall performance with my sites with DA has been great and thats whats most important, but yeah the panel needs a bit more love, thank you.
(Apologies for the lack of formatting vague identifiers... apparently CloudFlare on this forum won't let you use some terms in a post)
Well, probably 9 times out of 10 when customers write in to us to ask where their free certificate is we simply point them to https://theirdomain.com - which is already working. People seem more willing to complain than to actually check an issue first (and hey! I'm guilty of this one!).
Other times theirdomain.com isn't resolving to the server or they literally just set up the theirdomain.com addon domain 2 minutes ago and the automatic issuance cron hasn't had an opportunity to run.
Still other times and this is where I'm going to get on my soapbox comes from the fact that they have domain aliases (parked domains) setup on the same VirtualHost.
cPanel (I believe) now calls these Domain Aliases. I think they used to call them parked domains. Alabanza (way back when) called them pointers. Essentially what I'm talking about with a Domain Alias is when that domain gets added to the ServerAlias line of the VirtualHost entry of it's parent, i.e.:
Original:
VirtualHost xx.xx.xx.xx:80
ServerName mydomain1.com
ServerAlias www.mydomain1.com
DocumentRoot %docroot%
Add a Domain Alias (mydomain2.com) and this becomes:
VirtualHost xx.xx.xx.xx:80
ServerName mydomain1.com
ServerAlias www.mydomain1.com mydomain2.com www.mydomain2.com
DocumentRoot %docroot%
This works fine for non-TLS environments and before a few years ago - whenever the SSL/TLS Everywhere movement started - this was the standard and it worked.
But when the world started go to SSL/TLS Everywhere this started to present a problem.
So you issue a free Let's Encrypt to cover this entire VirtualHost with Domain Aliases. This means you have to issue a certificate with a CN of mydomain1.com and SANs of www.mydomain1.com mydomain2.com www.mydomain2.com that's all fine and good.
Now 90 days later, this certificate needs to be renewed. Uh-Oh! the user let mydomain2.com's registration lapse this certificate cannot be renewed a new certificate has to be issued with just CN mydomain1.com and SANs of www.mydomain1.com OK, that works I guess.
Now 10 days pass, the user decides to renew mydomain2.com but then complains when mydomain2.com and www.mydomain2.com do not work securely because the certificate was reissued 10 days earlier to just include mydomain1.com and www.mydomain1.com, so now the whole certificate has to be reissued again to include all 4 domains once again.
Now imagine this situation when there's 10 Domain Aliases included and some resolve and some don't. 20 Domain Aliases 50 you start to see how complex and damning this becomes.
Also, consider a situation where the user purchases a secure certificate (for whatever reason) for mydomain1.com but not for mydomain2.com how are you going to secure both domains now? Or maybe they purchase a secure certificate for mydomain1.com AND another certificate for mydomain2.com how are you going to install both certificates onto a single VirtualHost?
The solution?
Don't allow Domain Aliases.
Use Addon Domains (that's what cPanel calls them DirectAdmin just calls these Domains?)
Have an original VirtualHost:
VirtualHost xx.xx.xx.xx:80
ServerName mydomain1.com
ServerAlias www.mydomain1.com
DocumentRoot %docroot%
Want to add another domain to show the same content?
VirtualHost xx.xx.xx.xx:80
ServerName mydomain1.com
ServerAlias www.mydomain1.com
DocumentRoot %docroot%
VirtualHost xx.xx.xx.xx:80
ServerName mydomain2.com
ServerAlias www.mydomain2.com
DocumentRoot %docroot%
Now want to issue a certificate for mydomain1.com that's easy, issue one for mydomain1.com and www.mydomain1.com. Want to issue one for mydomain2.com? Issue one for mydomain2.com and www.mydomain2.com. 90 days, they both come up for renewal mydomain2.com not resolving to the server? It doesn't get renewed. 10 days later mydomain2.com gets renewed and wants a certificate? Issue one for mydomain2.com and www.mydomain2.com.
This is a much, much, much simplier process than issuing and reissuing certificates based on multiple SANs that may or may not always resolve to the server. Are there disadvantages to splitting these up into multiple VirtualHost containers vs. using the ServerAlias? Not that I'm really aware of, I'm sure there would be a slight memory hit due to having to load extra VirtualHosts, but how much does this really matter? If there is a specific reason for utilizing ServerAlias instead of multiple VirtualHosts I'm certainly open to that - I'm not saying there isn't want, I'm saying I don't know what the reason is.
With my Let's Encrypt issuing system on cPanel, if a VirtualHost container has a ServerAlias that isn't a subdomain of the ServerName, then the system kicks it out of issuing a certificate. This is just the way I designed it, rather than have to deal with all of this. I do have a script that will take a Domain Alias (ServerAlias) and convert it into an Addon Domain (separate VirtualHost) so that certificates can be issued - but I don't have this script set to run automatically.
On DirectAdmin, since we're still not officially using it in production yet, my plan is to just not allow Domain Aliases - nip it in the bud before it even starts.
If a DirectAdmin user wants to create a "Domain Alias" instead they will create a Domain (Addon Domain? this title might need some work in DirectAdmin a "non-default domain name") which will create a VirtualHost container:
VirtualHost xx.xx.xx.xx:80
ServerName mydomain2.com
ServerAlias www.mydomain2.com
DocumentRoot %docroot%
And I will simply symlink /home/user/domains/mydomain2.com to /home/user/domains/mydomain1.com
At least that's my plan.
Regarding how DirectAdmin is setup to accomplish all of this I do actually think DirectAdmin is setup a lot better to accomplish this than cPanel is/was.
For starters, DirectAdmin's decision to create a global Alias
(the one that's in httpd-alias ... which I don't think I can mention here)
was ingenious.
I had actually already done this on our cPanel servers after reading all of the horror stories on the cPanel forums about how users .htaccess files were interfering with the DCV process.
The cPanel way meant that they had to start including mail.mydomain1.com in the ServerAlias for that VirtualHost in order to get mail.mydomain1.com to DCV on the certificate. This also meant that when mydomain1.com bought a secure certificate (which typically does not include mail.mydomain1.com in the SANs) that mail.mydomain1.com got left out.
DirectAdmin's way of doing this is much, much, much more simple. By using that single Alias line and controlling where the DCV content is stored, you don't have the .htaccess problem and you don't have the mail.mydomain1.com problem (since mail.mydomain1.com can be independently issued).
Unfortunately the system I designed used a different acme-challenge directory and this Alias line interfered with it, so I had to remove it in favor of my own. But the principle is still the same.
So the way my system for DirectAdmin (should) work - without any Domain Aliases (non ServerName matching ServerAliases):
1 - Read through all of the httpd.conf files looking for VirtualHosts.
2 - Grab the ServerName and ServerAliases for all of the VirtualHosts.
3 - Check to see if ServerName needs a secure certificate - if no, then take it out of the list.
4 - Check to see if ServerName and ServerAlias all resolve to the server, if one does not, then take it out of the list.
5 - At this point you should have a list of ServerNames and attached ServerAliases that need a secure certificate and can be issued one
6 - Issue those certificates with CN being the ServerName and SANs being any attached ServerAliases (usually just www.ServerName)
7 - Install that certificate on that ServerName
Then I do the same thing for mail - it's a bit simplier - looking through the file /etc/virtual/domains and adding mail. to those domains.
1 - Check to see if those mail.domains need a secure certificate - if not then take it out of the list.
2 - Check to see if mail.domains resolves to the server, if not then take it out
3 - Issue certificates for those mail.domains
4 - Install those certificates for that mail.domain into a special directory.
5 - Rebuild the dovecot configuration include file to match these certificates
This also means that the Exim and Dovecot configurations have to be updated to look for certificates in those directories. For dovecot this means the configuration file that includes this SNI data has to be rebuilt. For exim, since the configuration can be written to match based on the connection's SNI connect name and look specifically for that file, then the configuration does not have to be rebuilt every time.
For the part - Check to see if ServerName and ServerAlias (mail.domains) all resolve to the server - you do a similar DCV call generate a random string in a random file, place it in the well-known directory visit the http://domain/random_file_name - does the content of that link equal the randomly generated string you generated? If yes it resolves! If not, then it doesn't.
Do all of this and you (should) have a pretty slick and well-oiled machine that automatically issues certificate. True, you do have to concern yourself with rate-limiting some what. But for the most part, certificate issuance is going to be staggered enough to get around this or maybe we just don't have as many resolving domains on our servers as some others do?
Consider using ProFtpd with mod_sftp - that's what I'm doing and have been doing on cPanel for years.
This way you can differentiate your SSH port from your SFTP port.
You can make it work with sub (virtual) FTP users.
It ties the user into their home directory (or whatever root directory they are locked into in the passwd file that that Proftpd configuration is reading from), so they don't even have the chance to escape out and view files outside their home directory.
It just downloads some bytes when you navigate to new page. It's a single-page-application. Meaning you only do 1 HTTP request, get small JSON answer, that's it. It's weird that subsequent requests are slow. May I ask you to send a screenshot of 'network' tab to see just a subsequent request? Load the app, clean everything in network tab, select some menu item and click it, when loaded - send a screenshot with the timing.
Known one, going to be fine in 1.58.2 which should be out shortly
To update just the skin now (which has the icon fixed):
cd /usr/local/directadmin/data/skins
mkdir -p evolution
cd evolution
wget -O evolution.tar.gz https://demo.directadmin.com/download/evolution.tar.gz
tar xvzf evolution.tar.gz
cd ..
chown -R diradmin:diradmin evolution
We'll definitely look to all of your other text pasted, thank you for this! Really appreciated
Fixed it for you
Thank you for the report. It'll be included into 1.58.2, but you can update just the skin with the bugfix now:
cd /usr/local/directadmin/data/skins
mkdir -p evolution
cd evolution
wget -O evolution.tar.gz https://demo.directadmin.com/download/evolution.tar.gz
tar xvzf evolution.tar.gz
cd ..
chown -R diradmin:diradmin evolution
Thank you!
Directadmin.com is DOWN for everyone. oh
Yep. DC is thinking some kind of network hardware failure and physically moving our machine to a different rack. Hopefully it will be up soon.
i am just trying my first vps for installing DA, then i will transfer all servers from cPanel to DA soon, but installation guide is not easy like cpanel. i would like to install it in centos 7.
Make sure CentOS 7 is in your license of course, but the installation itself is just running ./setup.sh and answering the questions after that. When our box boots up again, of course.
Everything is back up. Faulty switch at the DC confirmed.
Thanks, i am installing it first time
is (open)litespeed configurable via DA GUI?
i dont know why my DA admin works so slow. always complain about network, and white page issue.
Firewall?
Francisco
csf firewall is installed.
He is asking if your firewall might be the problem. Check it out and see if something is restricting your install.
V.1.58.2 released.
https://forum.directadmin.com/showthread.php?t=58730
Updated to 1.58.2 and enabled one click webmail login. Worked a treat, although @DA_Mark would like it to open in a new tab.
Also setup webmail.domain.com from the forum as well which is working well.
Heh. Btw.
Any of you experiencing:
Sometimes WHMCS isnt able to create accounts in DA. Eg, a login with dashes, or complex passwords.
Not able to delete accounts. I need to remove the directory from /home manually.
Happened couple of times.
What sucks is, there won’t be any error message most of the times and everything shows perfect on whmcs (aka successful message ).
I see the left over /home/ directories a good bit.
It can funk up restores at times.
Francisco
We faced same issue couple of times.
Also pushed BuyShared's nodes to 1.58.2, seems awesome.
Love love love the SSO for Webmail.
Great job @DA_Mark and team.
...PMA SSO when?
Francisco
@DA_Mark : in WHM after list accounts we were able to login to cpanel account via single click.
Implement this feature in DA. Admin should be able to login to all users and resellers should me able to do so for user accounts under that particular reseller.
As in DirectAdmin > Show All Users ... then click on the + at righ end of the line
i am also facing the same issue and also some time service suspending also not work in DA it shows the account is suspended but still the websites are working