set version to 2.0.9

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
correctly display config-services command in updater if manual commands are needed
2023-01-20 18:01:28 +01:00 · 2023-01-19 20:19:43 +01:00 · 2023-01-18 14:47:25 +01:00 · 2023-01-18 13:57:47 +01:00 · 2023-01-18 11:47:55 +01:00 · 2023-01-18 08:59:59 +01:00
57 changed files with 832 additions and 219 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ install/update.log
 install/*.json
 lib/userdata.inc.php
 lib/userdata.inc.php.bak
+lib/config.inc.php
 logs/*
 !logs/index.html
 .buildpath
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -269,7 +269,8 @@ return [
 						'traffic' => lng('menue.traffic.traffic'),
 						'traffic.http' => lng('menue.traffic.traffic') . " / HTTP",
 						'traffic.ftp' => lng('menue.traffic.traffic') . " / FTP",
-						'traffic.mail' => lng('menue.traffic.traffic') . " / Mail"
+						'traffic.mail' => lng('menue.traffic.traffic') . " / Mail",
+						'misc.documentation' => lng('admin.documentation'),
 					],
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -180,7 +180,9 @@ return [
 						'letsencrypt' => 'Let\'s Encrypt (Live)',
 						'buypass_test' => 'Buypass (Test / Staging)',
 						'buypass' => 'Buypass (Live)',
-						'zerossl' => 'ZeroSSL (Live)'
+						'zerossl' => 'ZeroSSL (Live)',
+						'google' => 'Google (Live)',
+						'google_test' => 'Google (Test / Staging)',
 					],
 					'save_method' => 'storeSettingField'
 				],
@@ -239,6 +241,16 @@ return [
 					'type' => 'checkbox',
 					'default' => true,
 					'save_method' => 'storeSettingField'
+				],
+				'system_le_domain_dnscheck_resolver' => [
+					'label' => lng('serversettings.le_domain_dnscheck_resolver'),
+					'settinggroup' => 'system',
+					'varname' => 'le_domain_dnscheck_resolver',
+					'type' => 'text',
+					'string_regexp' => '/^(([0-9]+ [a-z0-9\-\._]+, ?)*[0-9]+ [a-z0-9\-\._]+)?$/i',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
 				]
 			]
 		]
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -92,6 +92,7 @@ if ($userinfo['change_serversettings'] == '1') {

 	if ($distribution != "" && isset($_POST['finish'])) {
 		unset($_POST['finish']);
+		unset($_POST['csrf_token']);
 		$params = $_POST;
 		$params['distro'] = $distribution;
 		$params['system'] = [];
@@ -121,8 +122,6 @@ if ($userinfo['change_serversettings'] == '1') {
 				'distribution' => $distribution
 			]);
 		} else {
-			// @fixme check set distribution from settings
-
 			$cfg_formfield = [
 				'config' => [
 					'title' => lng('admin.configfiles.serverconfiguration'),
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -43,12 +43,6 @@ use PHPMailer\PHPMailer\PHPMailer;
 const AREA = 'admin';
 require __DIR__ . '/lib/init.php';

-// get sql-root access data
-Database::needRoot(true);
-Database::needSqlData();
-$sql_root = Database::getSqlData();
-Database::needRoot(false);
-
 if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	$settings_data = PhpHelper::loadConfigArrayDir('./actions/admin/settings/');
 	Settings::loadSettingsInto($settings_data);
--- a/bin/froxlor-cli
+++ b/bin/froxlor-cli
@@ -35,6 +35,7 @@ use Froxlor\Cli\UpdateCommand;
 use Froxlor\Cli\InstallCommand;
 use Froxlor\Cli\MasterCron;
 use Froxlor\Cli\UserCommand;
+use Froxlor\Cli\ValidateAcmeWebroot;
 use Froxlor\Froxlor;

 // validate correct php version
@@ -59,4 +60,5 @@ $application->add(new UpdateCommand());
 $application->add(new InstallCommand());
 $application->add(new MasterCron());
 $application->add(new UserCommand());
+$application->add(new ValidateAcmeWebroot());
 $application->run();
--- a/composer.json
+++ b/composer.json
@@ -52,7 +52,8 @@
 		"voku/anti-xss": "^4.1",
 		"twig/twig": "^3.3",
 		"erusev/parsedown": "^1.7",
-		"symfony/console": "^5.4"
+		"symfony/console": "^5.4",
+		"pear/net_dns2": "^1.5"
    },
 	"require-dev": {
 		"phpunit/phpunit": "^9",
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "f8370edea3c85bcb7b681926a1fff04e",
+    "content-hash": "41e7a3bc0e13b47c4f245334b113c3be",
    "packages": [
        {
            "name": "erusev/parsedown",
@@ -198,6 +198,57 @@
            ],
            "time": "2022-06-09T08:53:42+00:00"
        },
+        {
+            "name": "pear/net_dns2",
+            "version": "v1.5.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/mikepultz/netdns2.git",
+                "reference": "dc8053772132a855b8bb6193422a959995f3a773"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/mikepultz/netdns2/zipball/dc8053772132a855b8bb6193422a959995f3a773",
+                "reference": "dc8053772132a855b8bb6193422a959995f3a773",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.4"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^9"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-0": {
+                    "Net_DNS2": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-2-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Mike Pultz",
+                    "email": "mike@mikepultz.com",
+                    "homepage": "https://mikepultz.com/",
+                    "role": "lead"
+                }
+            ],
+            "description": "Native PHP DNS Resolver and Updater Library",
+            "homepage": "https://netdns2.com/",
+            "keywords": [
+                "PEAR",
+                "dns",
+                "network"
+            ],
+            "support": {
+                "issues": "https://github.com/mikepultz/netdns2/issues",
+                "source": "https://github.com/mikepultz/netdns2"
+            },
+            "time": "2022-11-28T19:16:31+00:00"
+        },
        {
            "name": "phpmailer/phpmailer",
            "version": "v6.6.3",
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -59,7 +59,6 @@ if ($page == 'overview' || $page == 'domains') {
 			$domain_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.domains.php';
 			$collection = (new Collection(SubDomains::class, $userinfo))
 				->withPagination($domain_list_data['domain_list']['columns'], $domain_list_data['domain_list']['default_sorting']);
-			$parentDomainCollection = (new Collection(SubDomains::class, $userinfo, ['sql_search' => ['d.parentdomainid' => 0]]));
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -40,7 +40,7 @@ use Froxlor\UI\Response;
 use Froxlor\CurrentUser;

 // redirect if this customer page is hidden via settings
-if (Settings::IsInList('panel.customer_hide_options', 'ftp') || $userinfo['ftps'] == 0) {
+if (Settings::IsInList('panel.customer_hide_options', 'ftp')) {
 	Response::redirectTo('customer_index.php');
 }

--- a/customer_index.php
+++ b/customer_index.php
@@ -115,10 +115,14 @@ if ($page == 'overview') {

 	if ($usages) {
 		$userinfo['diskspace_bytes_used'] = $usages['webspace'] * 1024;
+		$userinfo['mailspace_used']  = $usages['mail'] * 1024;
+		$userinfo['dbspace_used'] = $usages['mysql'] * 1024;
 		$userinfo['total_bytes_used'] = ($usages['webspace'] + $usages['mail'] + $usages['mysql']) * 1024;
 	} else {
 		$userinfo['diskspace_bytes_used'] = 0;
 		$userinfo['total_bytes_used'] = 0;
+		$userinfo['mailspace_used']  = 0;
+		$userinfo['dbspace_used'] = 0;
 	}

 	UI::twig()->addGlobal('userinfo', $userinfo);
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -92,7 +92,7 @@ if ($page == 'overview' || $page == 'mysqls') {
 		$result = json_decode($json_result, true)['data'];

 		if (isset($result['databasename']) && $result['databasename'] != '') {
-			Database::needRoot(true, $result['dbserver']);
+			Database::needRoot(true, $result['dbserver'], false);
 			Database::needSqlData();
 			$sql_root = Database::getSqlData();
 			Database::needRoot(false);
--- a/error_report.php
+++ b/error_report.php
@@ -67,6 +67,11 @@ if (!empty($errid)) {
 		$mail_body .= "User-Area: " . AREA . "\n";
 		$mail_body .= "Froxlor-version: " . Froxlor::VERSION . "\n";
 		$mail_body .= "DB-version: " . Froxlor::DBVERSION . "\n\n";
+		try {
+			$mail_body .= "Database: " . Database::getAttribute(PDO::ATTR_SERVER_VERSION);
+		} catch (\Exception $e) {
+			/* ignore */
+		}
 		$mail_body .= "End of report";
 		$mail_html = nl2br($mail_body);

--- a/install/froxlor.sql.php
+++ b/install/froxlor.sql.php
@@ -225,7 +225,7 @@ CREATE TABLE `panel_customers` (
  `allowed_mysqlserver` text NOT NULL,
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;


 DROP TABLE IF EXISTS `panel_databases`;
@@ -642,7 +642,7 @@ opcache.validate_timestamps'),
 	('system', 'leprivatekey', 'unset'),
 	('system', 'lepublickey', 'unset'),
 	('system', 'letsencryptca', 'letsencrypt'),
-	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
+	('system', 'letsencryptchallengepath', '/var/www/html/froxlor'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
 	('system', 'leenabled', '0'),
@@ -670,6 +670,7 @@ opcache.validate_timestamps'),
 	('system', 'leaccount', ''),
 	('system', 'nssextrausers', '1'),
 	('system', 'le_domain_dnscheck', '1'),
+	('system', 'le_domain_dnscheck_resolver', '1.1.1.1'),
 	('system', 'ssl_protocols', 'TLSv1.2'),
 	('system', 'tlsv13_cipher_list', ''),
 	('system', 'honorcipherorder', '0'),
@@ -696,7 +697,7 @@ opcache.validate_timestamps'),
 	('system', 'distribution', ''),
 	('system', 'update_channel', 'stable'),
 	('system', 'updatecheck_data', ''),
-	('system', 'update_notify_last', '2.0.2'),
+	('system', 'update_notify_last', '2.0.9'),
 	('system', 'traffictool', 'goaccess'),
 	('api', 'enabled', '0'),
 	('2fa', 'enabled', '1'),
@@ -740,8 +741,8 @@ opcache.validate_timestamps'),
 	('panel', 'logo_overridetheme', '0'),
 	('panel', 'logo_overridecustom', '0'),
 	('panel', 'settings_mode', '0'),
-	('panel', 'version', '2.0.2'),
-	('panel', 'db_version', '202212060');
+	('panel', 'version', '2.0.9'),
+	('panel', 'db_version', '202301180');


 DROP TABLE IF EXISTS `panel_tasks`;
--- a/install/updates/froxlor/update_2.x.inc.php
+++ b/install/updates/froxlor/update_2.x.inc.php
@@ -38,10 +38,9 @@ if (!defined('_CRON_UPDATE')) {

 // last 0.10.x release
 if (Froxlor::isFroxlorVersion('0.10.38.3')) {
-
 	$update_to = '2.0.0-beta1';

-	Update::showUpdateStep("Updating from 0.10.38.3 to ".$update_to, false);
+	Update::showUpdateStep("Updating from 0.10.38.3 to " . $update_to, false);

 	Update::showUpdateStep("Removing unused table");
 	Database::query("DROP TABLE IF EXISTS `panel_sessions`;");
@@ -67,9 +66,10 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;";
 	Database::query($sql);
 	// new customer allowed_mysqlserver field
-	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `allowed_mysqlserver` text NOT NULL;");
-	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` CHANGE COLUMN `allowed_phpconfigs` `allowed_phpconfigs` text NOT NULL;");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ROW_FORMAT=DYNAMIC;");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` CHANGE COLUMN `customernumber` `customernumber` varchar(100) NOT NULL default '';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` CHANGE COLUMN `allowed_phpconfigs` `allowed_phpconfigs` text NOT NULL;");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `allowed_mysqlserver` text NOT NULL;");
 	$has_customer_table_update_200 = true;
 	// ftp_users adjustments
 	Database::query("ALTER TABLE `" . TABLE_FTP_USERS . "` CHANGE COLUMN `password` `password` varchar(255) NOT NULL default '';");
@@ -145,7 +145,7 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	}

 	Update::showUpdateStep("Adding new settings");
-	$panel_settings_mode = isset($_POST['panel_settings_mode']) ? (int) $_POST['panel_settings_mode'] : 0;
+	$panel_settings_mode = isset($_POST['panel_settings_mode']) ? (int)$_POST['panel_settings_mode'] : 0;
 	Settings::AddNew("panel.settings_mode", $panel_settings_mode);
 	$system_distribution = isset($_POST['system_distribution']) ? $_POST['system_distribution'] : '';
 	Settings::AddNew("system.distribution", $system_distribution);
@@ -182,17 +182,16 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	Update::lastStepStatus(0);

 	Update::showUpdateStep("Updating email account password-hashes");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password`, 1, 3) = '$1$'");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password`, 1, 3) = '$5$'");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password`, 1, 3) = '$6$'");
-	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = REPLACE(`password`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password`, 1, 4) = '$2y$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$1$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$5$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$6$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password_enc`, 1, 4) = '$2y$'");
 	Update::lastStepStatus(0);

 	Froxlor::updateToVersion($update_to);
 }

 if (Froxlor::isDatabaseVersion('202112310')) {
-
 	Update::showUpdateStep("Adjusting traffic tool settings");
 	$traffic_tool = Settings::Get('system.awstats_enabled') == 1 ? 'awstats' : 'webalizer';
 	Settings::AddNew("system.traffictool", $traffic_tool);
@@ -203,20 +202,30 @@ if (Froxlor::isDatabaseVersion('202112310')) {
 }

 if (Froxlor::isDatabaseVersion('202211030')) {
-
 	Update::showUpdateStep("Creating backward compatibility for cronjob");
-	$complete_filedir = Froxlor::getInstallDir() . '/scripts';
-	mkdir($complete_filedir, 0750, true);
-	$newCronBin = Froxlor::getInstallDir().'/bin/froxlor-cli';
-	$compCron = <<<EOF
+	$disabled = explode(',', ini_get('disable_functions'));
+	$exec_allowed = !in_array('exec', $disabled);
+	// check whether old files could be deleted in previous updates and if not,
+	// user should run cron to regenerate cron.d-file manually as he will run
+	// the other commands manually only after the update so this file would be deleted too
+	if ($exec_allowed) {
+		$complete_filedir = Froxlor::getInstallDir() . '/scripts';
+		mkdir($complete_filedir, 0750, true);
+		$newCronBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';
+		$compCron = <<<EOF
 <?php
-chmod($newCronBin, 0755);
+chmod('$newCronBin', 0755);
 // re-create cron.d configuration file
 exec('$newCronBin froxlor:cron -r 99');
 exit;
 EOF;
-	file_put_contents($complete_filedir.'/froxlor_master_cronjob.php', $compCron);
-	Update::lastStepStatus(0);
+		file_put_contents($complete_filedir . '/froxlor_master_cronjob.php', $compCron);
+		Update::lastStepStatus(0);
+	} else {
+		$cron_run_cmd = 'chmod +x ' . FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . PHP_EOL;
+		$cron_run_cmd .= FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . ' froxlor:cron -r 99';
+		Update::lastStepStatus(1, 'manual commands needed', 'Please run the following commands manually:<br><pre>' . $cron_run_cmd . '</pre>');
+	}

 	Froxlor::updateToDbVersion('202212060');
 }
@@ -245,3 +254,126 @@ if (Froxlor::isFroxlorVersion('2.0.1')) {
 	Update::showUpdateStep("Updating from 2.0.1 to 2.0.2", false);
 	Froxlor::updateToVersion('2.0.2');
 }
+
+if (Froxlor::isFroxlorVersion('2.0.2')) {
+	Update::showUpdateStep("Updating from 2.0.2 to 2.0.3", false);
+	Froxlor::updateToVersion('2.0.3');
+}
+
+if (Froxlor::isFroxlorVersion('2.0.3')) {
+	Update::showUpdateStep("Updating from 2.0.3 to 2.0.4", false);
+
+	$complete_filedir = Froxlor::getInstallDir() . '/scripts';
+	// check if compat. cronjob still exists (most likely didn't run successfully b/c of error from former 2.0 release)
+	if (@file_exists($complete_filedir . '/froxlor_master_cronjob.php')) {
+		Update::showUpdateStep("Adjusting backward compatibility for cronjob");
+		$disabled = explode(',', ini_get('disable_functions'));
+		$exec_allowed = !in_array('exec', $disabled);
+		if ($exec_allowed) {
+			$newCronBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';
+			$compCron = <<<EOF
+<?php
+chmod('$newCronBin', 0755);
+// re-create cron.d configuration file
+exec('$newCronBin froxlor:cron -r 99');
+exit;
+EOF;
+			file_put_contents($complete_filedir . '/froxlor_master_cronjob.php', $compCron);
+			Update::lastStepStatus(0);
+		} else {
+			$cron_run_cmd = 'chmod +x ' . FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . PHP_EOL;
+			$cron_run_cmd .= FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . ' froxlor:cron -r 99';
+			Update::lastStepStatus(1, 'manual commands needed', 'Please run the following commands manually:<br><pre>' . $cron_run_cmd . '</pre>');
+		}
+	}
+	Froxlor::updateToVersion('2.0.4');
+}
+
+if (Froxlor::isFroxlorVersion('2.0.4')) {
+	Update::showUpdateStep("Updating from 2.0.4 to 2.0.5", false);
+	Froxlor::updateToVersion('2.0.5');
+}
+
+if (Froxlor::isFroxlorVersion('2.0.5')) {
+	Update::showUpdateStep("Updating from 2.0.5 to 2.0.6", false);
+
+	Update::showUpdateStep("Updating possible missing email account password-hashes");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$1$', '{MD5-CRYPT}$1$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$1$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$5$', '{SHA256-CRYPT}$5$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$5$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$6$', '{SHA512-CRYPT}$6$') WHERE SUBSTRING(`password_enc`, 1, 3) = '$6$'");
+	Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password_enc` = REPLACE(`password_enc`, '$2y$', '{BLF-CRYPT}$2y$') WHERE SUBSTRING(`password_enc`, 1, 4) = '$2y$'");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToVersion('2.0.6');
+}
+
+if (Froxlor::isFroxlorVersion('2.0.6')) {
+	Update::showUpdateStep("Updating from 2.0.6 to 2.0.7", false);
+
+	Update::showUpdateStep("Correcting allowed_mysqlserver for customers");
+	Database::query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `allowed_mysqlserver` = '[0]' WHERE `allowed_mysqlserver` = ''");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToVersion('2.0.7');
+}
+
+if (Froxlor::isDatabaseVersion('202212060')) {
+	Update::showUpdateStep("Validating acme.sh challenge path");
+	$acmesh_challenge_dir = Settings::Get('system.letsencryptchallengepath');
+	$system_letsencryptchallengepath_upd = isset($_POST['system_letsencryptchallengepath_upd']) ? $_POST['system_letsencryptchallengepath_upd'] : $acmesh_challenge_dir;
+	if ($acmesh_challenge_dir != $system_letsencryptchallengepath_upd) {
+		Settings::Set('system.letsencryptchallengepath', $system_letsencryptchallengepath_upd);
+		if ((int) Settings::Get('system.leenabled') == 1) {
+			// create JSON string for --apply
+			$dist = Settings::Get('system.distribution');
+			$webserver = Settings::Get('system.webserver');
+			if ($webserver == 'apache2') {
+				$webserver = 'apache22';
+				if (Settings::Get('system.apache24')) {
+					$webserver = 'apache24';
+				}
+			}
+			$apply_json = '{"http":"' . $webserver . '","dns":"x","smtp":"x","mail":"x","ftp":"x","distro":"' . $dist . '","system":[]}';
+			Update::lastStepStatus(1, 'manual commands needed',
+				"Please reconfigure webserver service using <pre>bin/froxlor-cli froxlor:config-services --apply='" . $apply_json . "'</pre>" .
+				'<br>or adjust the path manually in <pre>' . Settings::Get('system.letsencryptacmeconf') . '</pre>' .
+				'<br><br>In case you already have certificates issued, run the following command to validate and correct the webroot used for renewal:<br>' .
+				'<pre>bin/froxlor-cli froxlor:validate-acme-webroot</pre><br>'
+			);
+		} else {
+			Update::lastStepStatus(0);
+		}
+	} else {
+		Update::lastStepStatus(0);
+	}
+
+	Froxlor::updateToDbVersion('202301120');
+}
+
+if (Froxlor::isFroxlorVersion('2.0.7')) {
+	Update::showUpdateStep("Updating from 2.0.7 to 2.0.8", false);
+
+	// adjust file-logging to be set to froxlor/logs/
+	$logtypes = explode(',', Settings::Get('logger.logtypes'));
+	if (in_array('file', $logtypes)) {
+		Update::showUpdateStep("Adjusting froxlor logfile for system-logging to be stored in logs/froxlor.log");
+		Settings::Set('logger.logfile', 'froxlor.log');
+		Update::lastStepStatus(0);
+	}
+
+	Froxlor::updateToVersion('2.0.8');
+}
+
+if (Froxlor::isDatabaseVersion('202301120')) {
+	Update::showUpdateStep("Adding new setting for DNS resolver when using Let's Encrypt");
+	$system_le_domain_dnscheck_resolver = isset($_POST['system_le_domain_dnscheck_resolver']) ? $_POST['system_le_domain_dnscheck_resolver'] : '1.1.1.1';
+	Settings::AddNew("system.le_domain_dnscheck_resolver", $system_le_domain_dnscheck_resolver);
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202301180');
+}
+
+if (Froxlor::isFroxlorVersion('2.0.8')) {
+	Update::showUpdateStep("Updating from 2.0.8 to 2.0.9", false);
+	Froxlor::updateToVersion('2.0.9');
+}
--- a/install/updates/preconfig/preconfig_0.10.inc.php
+++ b/install/updates/preconfig/preconfig_0.10.inc.php
@@ -34,9 +34,14 @@ $return = [];
 if (Update::versionInUpdate($current_db_version, '202004140')) {
 	$has_preconfig = true;
 	$description = 'Froxlor can now optionally validate the dns entries of domains that request Lets Encrypt certificates to reduce dns-related problems (e.g. freshly registered domain or updated a-record).';
-	$return['system_le_domain_dnscheck_note'] = ['type' => 'infotext', 'value' => $description];
 	$question = '<strong>Validate DNS of domains when using Lets Encrypt&nbsp;';
-	$return['system_le_domain_dnscheck'] = ['type' => 'checkbox', 'value' => 1, 'checked' => 1, 'label' => $question];
+	$return['system_le_domain_dnscheck'] = [
+		'type' => 'checkbox',
+		'value' => 1,
+		'checked' => 1,
+		'label' => $question,
+		'prior_infotext' => $description
+	];
 }

 $preconfig['fields'] = $return;
--- a/install/updates/preconfig/preconfig_2.x.inc.php
+++ b/install/updates/preconfig/preconfig_2.x.inc.php
@@ -27,6 +27,7 @@ use Froxlor\Froxlor;
 use Froxlor\FileDir;
 use Froxlor\Config\ConfigParser;
 use Froxlor\Install\Update;
+use Froxlor\Settings;

 $preconfig = [
 	'title' => '2.x updates',
@@ -36,7 +37,6 @@ $return = [];

 if (Update::versionInUpdate($current_version, '2.0.0-beta1')) {
 	$description = 'We have rearranged the settings and split them into basic and advanced categories. This makes it easier for users who do not need all the detailed or very specific settings and options and gives a better overview of the basic/mostly used settings.';
-	$return['panel_settings_mode_note'] = ['type' => 'infotext', 'value' => $description];
 	$question = '<strong>Chose settings mode (you can change that at any time)</strong>';
 	$return['panel_settings_mode'] = [
 		'type' => 'select',
@@ -45,11 +45,11 @@ if (Update::versionInUpdate($current_version, '2.0.0-beta1')) {
 			1 => 'Advanced'
 		],
 		'selected' => 1,
-		'label' => $question
+		'label' => $question,
+		'prior_infotext' => $description
 	];

 	$description = 'The configuration page now can preselect a distribution, please select your current distribution';
-	$return['system_distribution_note'] = ['type' => 'infotext', 'value' => $description];
 	$question = '<strong>Select distribution</strong>';
 	$config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/');
 	// show list of available distro's
@@ -68,9 +68,44 @@ if (Update::versionInUpdate($current_version, '2.0.0-beta1')) {
 		'type' => 'select',
 		'select_var' => $distributions_select,
 		'selected' => '',
-		'label' => $question
+		'label' => $question,
+		'prior_infotext' => $description
 	];
 }

+if (Update::versionInUpdate($current_db_version, '202301120')) {
+	$acmesh_challenge_dir = rtrim(FileDir::makeCorrectDir(Settings::Get('system.letsencryptchallengepath')), "/");
+	$recommended = rtrim(FileDir::makeCorrectDir(Froxlor::getInstallDir()), "/");
+	if ((int) Settings::Get('system.leenabled') == 1 && $acmesh_challenge_dir != $recommended) {
+		$has_preconfig = true;
+		$description = 'ACME challenge docroot from settings differs from the current installation directory.';
+		$question = '<strong>Validate Let\'s Encrypt challenge path (recommended value: ' . $recommended . ')</strong>';
+		$return['system_letsencryptchallengepath_upd'] = [
+			'type' => 'text',
+			'value' => $recommended,
+			'placeholder' => $acmesh_challenge_dir,
+			'label' => $question,
+			'prior_infotext' => $description,
+			'mandatory' => true,
+		];
+	}
+}
+
+if (Update::versionInUpdate($current_db_version, '202301180')) {
+	if ((int) Settings::Get('system.leenabled') == 1) {
+		$has_preconfig = true;
+		$description = 'Froxlor now supports to set an external DNS resolver for the Let\'s Encrypt pre-check.';
+		$question = '<strong>Specify a DNS resolver IP (recommended value: 1.1.1.1 or similar)</strong>';
+		$return['system_le_domain_dnscheck_resolver'] = [
+			'type' => 'text',
+			'pattern' => '^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$|^\s*$',
+			'value' => '1.1.1.1',
+			'placeholder' => '1.1.1.1',
+			'label' => $question,
+			'prior_infotext' => $description,
+		];
+	}
+}
+
 $preconfig['fields'] = $return;
 return $preconfig;
--- a/lib/Froxlor/Api/Commands/Domains.php
+++ b/lib/Froxlor/Api/Commands/Domains.php
@@ -559,7 +559,7 @@ class Domains extends ApiCommand implements ResourceEntity

 				// validate dns if lets encrypt is enabled to check whether we can use it at all
 				if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
-					$domain_ips = PhpHelper::gethostbynamel6($domain);
+					$domain_ips = PhpHelper::gethostbynamel6($domain, true, Settings::Get('system.le_domain_dnscheck_resolver'));
 					$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
 					if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
 						Response::standardError('invaliddnsforletsencrypt', '', true);
@@ -1523,7 +1523,7 @@ class Domains extends ApiCommand implements ResourceEntity

 			// validate dns if lets encrypt is enabled to check whether we can use it at all
 			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
-				$domain_ips = PhpHelper::gethostbynamel6($result['domain']);
+				$domain_ips = PhpHelper::gethostbynamel6($result['domain'], true, Settings::Get('system.le_domain_dnscheck_resolver'));
 				$selected_ips = $this->getIpsFromIdArray($ssl_ipandports);
 				if ($domain_ips == false || count(array_intersect($selected_ips, $domain_ips)) <= 0) {
 					Response::standardError('invaliddnsforletsencrypt', '', true);
--- a/lib/Froxlor/Api/Commands/Mysqls.php
+++ b/lib/Froxlor/Api/Commands/Mysqls.php
@@ -73,12 +73,12 @@ class Mysqls extends ApiCommand implements ResourceEntity
 			$password = $this->getParam('mysql_password');

 			// parameters
-			$dbserver = $this->getParam('mysql_server', true, 0);
 			$databasedescription = $this->getParam('description', true, '');
 			$databasename = $this->getParam('custom_suffix', true, '');
 			$sendinfomail = $this->getBoolParam('sendinfomail', true, 0);
 			// get needed customer info to reduce the mysql-usage-counter by one
 			$customer = $this->getCustomerData('mysqls');
+			$dbserver = $this->getParam('mysql_server', true, $this->getDefaultMySqlServer($customer));

 			// validation
 			$password = Validate::validate($password, 'password', '', '', [], true);
@@ -90,7 +90,7 @@ class Mysqls extends ApiCommand implements ResourceEntity

 			// validate whether the dbserver exists
 			$dbserver = Validate::validate($dbserver, html_entity_decode(lng('mysql.mysql_server')), '/^[0-9]+$/', '', 0, true);
-			Database::needRoot(true, $dbserver);
+			Database::needRoot(true, $dbserver, false);
 			Database::needSqlData();
 			$sql_root = Database::getSqlData();
 			Database::needRoot(false);
@@ -150,7 +150,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 					$pma = Settings::Get('panel.phpmyadmin_url');
 				}

-				Database::needRoot(true, $dbserver);
+				Database::needRoot(true, $dbserver, false);
 				Database::needSqlData();
 				$sql_root = Database::getSqlData();
 				Database::needRoot(false);
@@ -287,7 +287,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		}
 		$result = Database::pexecute_first($result_stmt, $params, true, true);
 		if ($result) {
-			Database::needRoot(true, $result['dbserver']);
+			Database::needRoot(true, $result['dbserver'], false);
 			$mbdata_stmt = Database::prepare("
 				SELECT SUM(data_length + index_length) as MB FROM information_schema.TABLES
 				WHERE table_schema = :table_schema
@@ -364,7 +364,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 			}

 			// Begin root-session
-			Database::needRoot(true, $result['dbserver']);
+			Database::needRoot(true, $result['dbserver'], false);
 			$dbmgr = new DbManager($this->logger());
 			foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
 				$dbmgr->getManager()->grantPrivilegesTo($result['databasename'], $password, $mysql_access_host, false, true);
@@ -449,7 +449,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 					'dbserver' => $_dbserver['dbserver']
 				], $query_fields), true, true);
 				// Begin root-session
-				Database::needRoot(true, $_dbserver['dbserver']);
+				Database::needRoot(true, $_dbserver['dbserver'], false);
 				while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 					$mbdata_stmt = Database::prepare("
 						SELECT SUM(data_length + index_length) as MB FROM information_schema.TABLES
@@ -536,7 +536,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		$id = $result['id'];

 		// Begin root-session
-		Database::needRoot(true, $result['dbserver']);
+		Database::needRoot(true, $result['dbserver'], false);
 		$dbm = new DbManager($this->logger());
 		$dbm->getManager()->deleteDatabase($result['databasename']);
 		Database::needRoot(false);
@@ -558,4 +558,13 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] deleted database '" . $result['databasename'] . "'");
 		return $this->response($result);
 	}
+
+	private function getDefaultMySqlServer(array $customer) {
+		$allowed_mysqlservers = json_decode($customer['allowed_mysqlserver'] ?? '[]', true);
+		asort($allowed_mysqlservers, SORT_NUMERIC);
+		if (count($allowed_mysqlservers) == 1 && $allowed_mysqlservers[0] != 0) {
+			return (int) $allowed_mysqlservers[0];
+		}
+		return (int) array_shift($allowed_mysqlservers);
+	}
 }
--- a/lib/Froxlor/Api/Commands/SubDomains.php
+++ b/lib/Froxlor/Api/Commands/SubDomains.php
@@ -262,7 +262,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			// validate dns if lets encrypt is enabled to check whether we can use it at all
 			if ($letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
 				$our_ips = Domain::getIpsOfDomain($domain_check['id']);
-				$domain_ips = PhpHelper::gethostbynamel6($completedomain);
+				$domain_ips = PhpHelper::gethostbynamel6($completedomain, true, Settings::Get('system.le_domain_dnscheck_resolver'));
 				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 					Response::standardError('invaliddnsforletsencrypt', '', true);
 				}
@@ -701,10 +701,12 @@ class SubDomains extends ApiCommand implements ResourceEntity
 		$wwwserveralias = ($selectserveralias == '1') ? '1' : '0';

 		// if allowed, check for 'is email domain'-flag
-		if ($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') && $isemaildomain != $result['isemaildomain']) {
-			$isemaildomain = intval($isemaildomain);
-		} elseif ($result['parentdomainid'] != '0') {
-			$isemaildomain = $result['subcanemaildomain'] == '3' ? 1 : 0;
+		if ($isemaildomain != $result['isemaildomain']) {
+			if ($result['parentdomainid'] != '0' && ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2')) {
+				$isemaildomain = intval($isemaildomain);
+			} elseif ($result['parentdomainid'] != '0') {
+				$isemaildomain = $result['subcanemaildomain'] == '3' ? 1 : 0;
+			}
 		}

 		// check changes of openbasedir-path variable
@@ -736,7 +738,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 		// validate dns if lets encrypt is enabled to check whether we can use it at all
 		if ($result['letsencrypt'] != $letsencrypt && $letsencrypt == '1' && Settings::Get('system.le_domain_dnscheck') == '1') {
 			$our_ips = Domain::getIpsOfDomain($result['parentdomainid']);
-			$domain_ips = PhpHelper::gethostbynamel6($result['domain']);
+			$domain_ips = PhpHelper::gethostbynamel6($result['domain'], true, Settings::Get('system.le_domain_dnscheck_resolver'));
 			if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 				Response::standardError('invaliddnsforletsencrypt', '', true);
 			}
--- a/lib/Froxlor/Cli/CliCommand.php
+++ b/lib/Froxlor/Cli/CliCommand.php
@@ -37,7 +37,7 @@ use Symfony\Component\Console\Output\OutputInterface;
 class CliCommand extends Command
 {

-	protected function validateRequirements(InputInterface $input, OutputInterface $output): int
+	protected function validateRequirements(InputInterface $input, OutputInterface $output, bool $ignore_has_updates = false): int
 	{
 		if (!file_exists(Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
 			$output->writeln("<error>Could not find froxlor's userdata.inc.php file. You should use this script only with an installed froxlor system.</>");
@@ -51,7 +51,7 @@ class CliCommand extends Command
 			$output->writeln("<error>" . $e->getMessage() . "</>");
 			return self::INVALID;
 		}
-		if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
+		if (!$ignore_has_updates && (Froxlor::hasUpdates() || Froxlor::hasDbUpdates())) {
 			if ((int)Settings::Get('system.cron_allowautoupdate') == 1) {
 				return $this->runUpdate($output);
 			} else {
--- a/lib/Froxlor/Cli/ValidateAcmeWebroot.php
+++ b/lib/Froxlor/Cli/ValidateAcmeWebroot.php
@@ -0,0 +1,155 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <team@froxlor.org>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+namespace Froxlor\Cli;
+
+use Froxlor\Cron\TaskId;
+use Froxlor\Database\Database;
+use Froxlor\FileDir;
+use Froxlor\Froxlor;
+use Froxlor\Settings;
+use Froxlor\System\Cronjob;
+use PDO;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\ConfirmationQuestion;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+final class ValidateAcmeWebroot extends CliCommand
+{
+
+	protected function configure()
+	{
+		$this->setName('froxlor:validate-acme-webroot');
+		$this->setDescription('Validates the Le_Webroot value is correct for froxlor managed domains with Let\'s Encrypt certificate.');
+		$this->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Do not ask for confirmation, update files if necessary');
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output)
+	{
+		$result = self::SUCCESS;
+
+		$result = $this->validateRequirements($input, $output, true);
+
+		$io = new SymfonyStyle($input, $output);
+
+		if ((int) Settings::Get('system.leenabled') == 0) {
+			$io->info("Let's Encrypt not activated in froxlor settings.");
+			$result = self::INVALID;
+		}
+
+		if ($result == self::SUCCESS) {
+			$yestoall = $input->getOption('yes-to-all') !== false;
+			$helper = $this->getHelper('question');
+			$count_changes = 0;
+			// get all Let's Encrypt enabled domains
+			$sel_stmt = Database::prepare("SELECT id, domain FROM panel_domains WHERE `letsencrypt` = '1' AND aliasdomain IS NULL ORDER BY id ASC");
+			Database::pexecute($sel_stmt);
+			$domains = $sel_stmt->fetchAll(PDO::FETCH_ASSOC);
+			$upd_stmt = Database::prepare("UPDATE domain_ssl_settings SET expirationdate=NULL WHERE `domainid` = :did");
+			$acmesh_dir = dirname(Settings::Get('system.acmeshpath'));
+			$acmesh_challenge_dir = rtrim(FileDir::makeCorrectDir(Settings::Get('system.letsencryptchallengepath')), "/");
+			$recommended = rtrim(FileDir::makeCorrectDir(Froxlor::getInstallDir()), "/");
+
+			if ($acmesh_challenge_dir != $recommended) {
+				$io->warning([
+					"ACME challenge docroot from settings differs from the current installation directory.",
+					"Settings: '" . $acmesh_challenge_dir . "'",
+					"Default/recommended value: '" . $recommended . "'",
+				]);
+				$question = new ConfirmationQuestion('Fix ACME challenge docroot setting? [yes] ', true, '/^(y|j)/i');
+				if ($yestoall || $helper->ask($input, $output, $question)) {
+					Settings::Set('system.letsencryptchallengepath', $recommended);
+					$former_value = $acmesh_challenge_dir;
+					$acmesh_challenge_dir = $recommended;
+					// need to update the corresponding acme-alias config-file
+					$acme_alias_file = Settings::Get('system.letsencryptacmeconf');
+					$sed_params = "s@".$former_value."@" . $acmesh_challenge_dir . "@";
+					FileDir::safe_exec('sed -i -e "' . $sed_params . '" ' . escapeshellarg($acme_alias_file));
+					$count_changes++;
+				}
+			}
+
+			foreach ($domains as $domain_arr) {
+				$domain = $domain_arr['domain'];
+				$acme_domain_conf = FileDir::makeCorrectFile($acmesh_dir . '/' . $domain . '/' . $domain . '.conf');
+				if (file_exists($acme_domain_conf)) {
+					$io->text("Getting info from " . $acme_domain_conf);
+					$conf_content = file_get_contents($acme_domain_conf);
+				} else {
+					$acme_domain_conf = FileDir::makeCorrectFile($acmesh_dir . '/' . $domain . '_ecc/' . $domain . '.conf');
+					if (file_exists($acme_domain_conf)) {
+						$io->text("Getting info from " . $acme_domain_conf);
+						$conf_content = file_get_contents($acme_domain_conf);
+					} else {
+						$io->info("No domain configuration file found in '" . $acmesh_dir . "'");
+						continue;
+					}
+				}
+				if (!empty($conf_content)) {
+					$lines = explode("\n", $conf_content);
+					foreach ($lines as $line) {
+						$val_key = explode("=", $line);
+						if ($val_key[0] == 'Le_Webroot') {
+							$domain_webroot = trim(trim($val_key[1], "'"), '"');
+							if ($domain_webroot != $acmesh_challenge_dir) {
+								$io->warning("Domain '" . $domain . "' has old/wrong Le_Webroot setting: '" . $domain_webroot . ' <> ' . $acmesh_challenge_dir . "'");
+								$question = new ConfirmationQuestion('Fix Le_Webroot? [yes] ', true, '/^(y|j)/i');
+								if ($yestoall || $helper->ask($input, $output, $question)) {
+									$sed_params = "s@Le_Webroot=.*@Le_Webroot='" . $acmesh_challenge_dir . "'@";
+									FileDir::safe_exec('sed -i -e "' . $sed_params . '" ' . escapeshellarg($acme_domain_conf));
+									Database::pexecute($upd_stmt, ['did' => $domain_arr['id']]);
+									$io->success("Correction of Le_Webroot successful");
+									$count_changes++;
+								} else {
+									continue;
+								}
+							} else {
+								$io->info("Domain '" . $domain . "' Le_Webroot value is correct");
+							}
+							break;
+						} else {
+							continue;
+						}
+					}
+				}
+			}
+			if ($count_changes > 0) {
+				if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
+					Cronjob::inserttask(TaskId::REBUILD_VHOST);
+				} else {
+					$question = new ConfirmationQuestion('Changes detected. Force cronjob to refresh certificates? [yes] ', true, '/^(y|j)/i');
+					if ($yestoall || $helper->ask($input, $output, $question)) {
+						passthru(FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/bin/froxlor-cli') . ' froxlor:cron -f -d');
+					}
+				}
+			}
+		}
+
+		return $result;
+	}
+
+}
--- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
+++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -46,7 +46,9 @@ class AcmeSh extends FroxlorCron
 		'letsencrypt_test' => "https://acme-staging-v02.api.letsencrypt.org/directory",
 		'buypass' => "https://api.buypass.com/acme/directory",
 		'buypass_test' => "https://api.test4.buypass.no/acme/directory",
-		'zerossl' => "https://acme.zerossl.com/v2/DV90"
+		'zerossl' => "https://acme.zerossl.com/v2/DV90",
+		'google' => "https://dv.acme-v02.api.pki.goog/directory",
+		'google_test' => "https://dv.acme-v02.test-api.pki.goog/directory",
 	];
 	public static $no_inserttask = false;
 	private static $apiserver = "";
@@ -519,7 +521,7 @@ EOC;
 			foreach ($loop_domains as $idx => $domain) {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Validating DNS of " . $domain);
 				// ips according to NS
-				$domain_ips = PhpHelper::gethostbynamel6($domain);
+				$domain_ips = PhpHelper::gethostbynamel6($domain, true, Settings::Get('system.le_domain_dnscheck_resolver'));
 				if ($domain_ips == false || count(array_intersect($our_ips, $domain_ips)) <= 0) {
 					// no common ips...
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $domain . " due to no system known IP address via DNS check");
@@ -555,7 +557,7 @@ EOC;
 			if (Settings::Get('system.letsencryptreuseold') != '1') {
 				$acmesh_cmd .= " --always-force-new-domain-key";
 			}
-			if (Settings::Get('system.letsencryptca') == 'letsencrypt_test') {
+			if (substr(Settings::Get('system.letsencryptca'), -5) == '_test') {
 				$acmesh_cmd .= " --staging";
 			}
 			if ($force) {
--- a/lib/Froxlor/Cron/System/BackupCron.php
+++ b/lib/Froxlor/Cron/System/BackupCron.php
@@ -146,6 +146,7 @@ class BackupCron extends FroxlorCron
 			FileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mysql')));

 			// get all customer database-names
+			// @fixme respect multiple dbservers
 			$sel_stmt = Database::prepare("SELECT `databasename` FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :cid");
 			Database::pexecute($sel_stmt, [
 				'cid' => $data['customerid']
--- a/lib/Froxlor/Cron/Traffic/TrafficCron.php
+++ b/lib/Froxlor/Cron/Traffic/TrafficCron.php
@@ -127,7 +127,7 @@ class TrafficCron extends FroxlorCron

 		while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
 			if ($last_dbserver != $row_database['dbserver']) {
-				Database::needRoot(true, $row_database['dbserver']);
+				Database::needRoot(true, $row_database['dbserver'], true);
 				$last_dbserver = $row_database['dbserver'];

 				$databases_list = [];
--- a/lib/Froxlor/Database/Database.php
+++ b/lib/Froxlor/Database/Database.php
@@ -28,6 +28,7 @@ namespace Froxlor\Database;
 use Exception;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
+use Froxlor\PhpHelper;
 use Froxlor\Settings;
 use Froxlor\UI\Panel\UI;
 use PDO;
@@ -79,6 +80,8 @@ class Database

 	private static $sqldata = null;

+	private static $need_dbname = true;
+
 	/**
 	 * Wrapper for PDOStatement::execute so we can catch the PDOException
 	 * and display the error nicely on the panel - also fetches the
@@ -135,7 +138,7 @@ class Database
 		require Froxlor::getInstallDir() . "/lib/userdata.inc.php";

 		// le format
-		if (isset($sql['root_user']) && isset($sql['root_password']) && !is_array($sql_root)) {
+		if (isset($sql['root_user']) && isset($sql['root_password']) && empty($sql_root)) {
 			$sql_root = [
 				0 => [
 					'caption' => 'Default',
@@ -145,12 +148,20 @@ class Database
 					'password' => $sql['root_password']
 				]
 			];
+			unset($sql['root_user']);
+			unset($sql['root_password']);
+			// write new layout so this won't happen again
+			self::generateNewUserData($sql, $sql_root);
+			// re-read file
+			require Froxlor::getInstallDir() . "/lib/userdata.inc.php";
 		}

 		$substitutions = [
 			$sql['password'] => 'DB_UNPRIV_PWD',
-			$sql_root[0]['password'] => 'DB_ROOT_PWD'
 		];
+		foreach ($sql_root as $dbserver => $sql_root_data) {
+			$substitutions[$sql_root_data[$dbserver]]['password'] = 'DB_ROOT_PWD';
+		}

 		// hide username/password in messages
 		$error_message = $error->getMessage();
@@ -341,12 +352,13 @@ class Database
 	 * @param int $dbserver
 	 *            optional
 	 */
-	public static function needRoot($needroot = false, $dbserver = 0)
+	public static function needRoot(bool $needroot = false, int $dbserver = 0, bool $need_db = true)
 	{
 		// force re-connecting to the db with corresponding user
 		// and set the $dbserver (mostly to 0 = default)
 		self::setServer($dbserver);
 		self::$needroot = $needroot;
+		self::$need_dbname = $need_db;
 	}

 	/**
@@ -405,7 +417,7 @@ class Database
 		require Froxlor::getInstallDir() . "/lib/userdata.inc.php";

 		// le format
-		if (self::$needroot == true && isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root))) {
+		if (isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root))) {
 			$sql_root = [
 				0 => [
 					'caption' => 'Default',
@@ -417,6 +429,10 @@ class Database
 			];
 			unset($sql['root_user']);
 			unset($sql['root_password']);
+			// write new layout so this won't happen again
+			self::generateNewUserData($sql, $sql_root);
+			// re-read file
+			require Froxlor::getInstallDir() . "/lib/userdata.inc.php";
 		}

 		// either root or unprivileged user
@@ -465,10 +481,11 @@ class Database
 			'ATTR_ERRMODE' => 'ERRMODE_EXCEPTION'
 		];

-		$dbconf["dsn"] = [
-			'dbname' => $sql["db"],
-			'charset' => 'utf8'
-		];
+		$dbconf["dsn"] = ['charset' => 'utf8'];
+
+		if (self::$need_dbname) {
+			$dbconf["dsn"]['dbname'] = $sql["db"];
+		}

 		if ($socket != null) {
 			$dbconf["dsn"]['unix_socket'] = FileDir::makeCorrectFile($socket);
@@ -578,4 +595,22 @@ class Database
 		}
 		return $result;
 	}
+
+	/**
+	 * write new userdata.inc.php file
+	 */
+	private static function generateNewUserData(array $sql, array $sql_root)
+	{
+		$content = PhpHelper::parseArrayToPhpFile(
+			['sql' => $sql, 'sql_root' => $sql_root],
+			'automatically generated userdata.inc.php for froxlor'
+		);
+		chmod(Froxlor::getInstallDir() . "/lib/userdata.inc.php", 0700);
+		file_put_contents(Froxlor::getInstallDir() . "/lib/userdata.inc.php", $content);
+		chmod(Froxlor::getInstallDir() . "/lib/userdata.inc.php", 0400);
+		clearstatcache();
+		if (function_exists('opcache_invalidate')) {
+			@opcache_invalidate(Froxlor::getInstallDir() . "/lib/userdata.inc.php", true);
+		}
+	}
 }
--- a/lib/Froxlor/Database/DbManager.php
+++ b/lib/Froxlor/Database/DbManager.php
@@ -96,7 +96,7 @@ class DbManager
 		$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`");
 		while ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) {
 			// require privileged access for target db-server
-			Database::needRoot(true, $dbserver['dbserver']);
+			Database::needRoot(true, $dbserver['dbserver'], false);

 			$dbm = new DbManager(FroxlorLogger::getInstanceOf());
 			$users = $dbm->getManager()->getAllSqlUsers(false);
@@ -144,7 +144,7 @@ class DbManager
 	 */
 	public function createDatabase($loginname = null, $password = null, int $dbserver = 0, $last_accnumber = 0)
 	{
-		Database::needRoot(true, $dbserver);
+		Database::needRoot(true, $dbserver, false);

 		// check whether we shall create a random username
 		if (strtoupper(Settings::Get('customer.mysqlprefix')) == 'RANDOM') {
@@ -169,18 +169,17 @@ class DbManager

 		// now create the database itself
 		$this->getManager()->createDatabase($username);
-		$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "created database '" . $username . "'");

 		// and give permission to the user on every access-host we have
 		foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
 			$this->getManager()->grantPrivilegesTo($username, $password, $mysql_access_host);
-			$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "grant all privileges for '" . $username . "'@'" . $mysql_access_host . "'");
 		}

 		$this->getManager()->flushPrivileges();
-
 		Database::needRoot(false);

+		$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "created database '" . $username . "'");
+
 		return $username;
 	}

--- a/lib/Froxlor/Froxlor.php
+++ b/lib/Froxlor/Froxlor.php
@@ -31,10 +31,10 @@ final class Froxlor
 {

 	// Main version variable
-	const VERSION = '2.0.2';
+	const VERSION = '2.0.9';

 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202212060';
+	const DBVERSION = '202301180';

 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';
--- a/lib/Froxlor/FroxlorLogger.php
+++ b/lib/Froxlor/FroxlorLogger.php
@@ -100,11 +100,17 @@ class FroxlorLogger
 						self::$ml->pushHandler(new SyslogHandler('froxlor', LOG_USER, Logger::DEBUG));
 						break;
 					case 'file':
-						$logger_logfile = Settings::Get('logger.logfile');
+						$logger_logfile = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/logs/' . Settings::Get('logger.logfile'));
 						// is_writable needs an existing file to check if it's actually writable
 						@touch($logger_logfile);
 						if (empty($logger_logfile) || !is_writable($logger_logfile)) {
-							Settings::Set('logger.logfile', '/tmp/froxlor.log');
+							Settings::Set('logger.logfile', 'froxlor.log');
+							$logger_logfile = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/logs/froxlor.log');
+							@touch($logger_logfile);
+							if (empty($logger_logfile) || !is_writable($logger_logfile)) {
+								// not writable in our own directory? Skip
+								break;
+							}
 						}
 						self::$ml->pushHandler(new StreamHandler($logger_logfile, Logger::DEBUG));
 						break;
--- a/lib/Froxlor/Install/Preconfig.php
+++ b/lib/Froxlor/Install/Preconfig.php
@@ -101,7 +101,7 @@ class Preconfig
 			$agree = [
 				'title' => 'Check',
 				'fields' => [
-					'update_changesagreed' => ['type' => 'checkbox', 'value' => 1, 'label' => '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>'],
+					'update_changesagreed' => ['mandatory' => true, 'type' => 'checkrequired', 'value' => 1, 'label' => '<strong>I have read the update notifications above and I am aware of the changes made to my system.</strong>'],
 					'update_preconfig' => ['type' => 'hidden', 'value' => 1]
 				]
 			];
--- a/lib/Froxlor/PhpHelper.php
+++ b/lib/Froxlor/PhpHelper.php
@@ -27,6 +27,8 @@ namespace Froxlor;

 use Exception;
 use Froxlor\UI\Panel\UI;
+use Net_DNS2_Exception;
+use Net_DNS2_Resolver;
 use Throwable;
 use voku\helper\AntiXSS;

@@ -244,45 +246,60 @@ class PhpHelper
 	 * ipv6 aware gethostbynamel function
 	 *
 	 * @param string $host
-	 * @param boolean $try_a
-	 *            default true
+	 * @param boolean $try_a default true
+	 * @param string|null $nameserver set additional resolver nameserver to use (e.g. 1.1.1.1)
 	 * @return boolean|array
 	 */
-	public static function gethostbynamel6($host, $try_a = true)
+	public static function gethostbynamel6(string $host, bool $try_a = true, string $nameserver = null)
 	{
-		$dns6 = @dns_get_record($host, DNS_AAAA);
-		if (!is_array($dns6)) {
-			// no record or failed to check
-			$dns6 = [];
-		}
-		if ($try_a == true) {
-			$dns4 = @dns_get_record($host, DNS_A);
-			if (!is_array($dns4)) {
-				// no record or failed to check
-				$dns4 = [];
-			}
-			$dns = array_merge($dns4, $dns6);
-		} else {
-			$dns = $dns6;
-		}
 		$ips = [];
-		foreach ($dns as $record) {
-			if ($record["type"] == "A") {
-				// always use compressed ipv6 format
-				$ip = inet_ntop(inet_pton($record["ip"]));
-				$ips[] = $ip;
+
+		try {
+			// set the default nameservers to use, use the system default if none are provided
+			$resolver = new Net_DNS2_Resolver($nameserver ? ['nameservers' => [$nameserver]] : []);
+
+			// get all ip addresses from the A record
+			if ($try_a) {
+				try {
+					$answer = $resolver->query($host, 'A')->answer;
+					foreach ($answer as $rr) {
+						$ips[] = $rr->address;
+					}
+				} catch (Net_DNS2_Exception $e) {
+					// we can't do anything here, just continue
+				}
 			}
-			if ($record["type"] == "AAAA") {
-				// always use compressed ipv6 format
-				$ip = inet_ntop(inet_pton($record["ipv6"]));
-				$ips[] = $ip;
+
+			// get all ip addresses from the AAAA record
+			try {
+				$answer = $resolver->query($host, 'AAAA')->answer;
+				foreach ($answer as $rr) {
+					$ips[] = $rr->address;
+				}
+			} catch (Net_DNS2_Exception $e) {
+				// we can't do anything here, just continue
+			}
+		} catch (Net_DNS2_Exception $e) {
+			// fallback to php's dns_get_record if Net_DNS2 has no resolver available, but this may cause
+			// problems if the system's dns is not configured correctly; for example, the acme pre-check
+			// will fail because some providers put a local ip in /etc/hosts
+
+			// get all ip addresses from the A record
+			if ($try_a) {
+				$answer = @dns_get_record($host, DNS_A);
+				foreach ($answer as $rr) {
+					$ips[] = $rr['ip'];
+				}
+			}
+
+			// get all ip addresses from the AAAA record
+			$answer = @dns_get_record($host, DNS_AAAA);
+			foreach ($answer as $rr) {
+				$ips[] = $rr['ipv6'];
 			}
 		}
-		if (count($ips) < 1) {
-			return false;
-		} else {
-			return $ips;
-		}
+
+		return count($ips) > 0 ? $ips : false;
 	}

 	/**
--- a/lib/Froxlor/UI/Callbacks/Mysql.php
+++ b/lib/Froxlor/UI/Callbacks/Mysql.php
@@ -32,7 +32,7 @@ class Mysql
 	public static function dbserver(array $attributes): string
 	{
 		// get sql-root access data
-		Database::needRoot(true, (int)$attributes['data']);
+		Database::needRoot(true, (int)$attributes['data'], false);
 		Database::needSqlData();
 		$sql_root = Database::getSqlData();
 		Database::needRoot(false);
--- a/lib/Froxlor/UI/Panel/FroxlorTwig.php
+++ b/lib/Froxlor/UI/Panel/FroxlorTwig.php
@@ -87,6 +87,10 @@ class FroxlorTwig extends AbstractExtension
 			new TwigFunction('linker', [
 				$this,
 				'getLink'
+			]),
+			new TwigFunction('mix', [
+				$this,
+				'getMix'
 			])
 		];
 	}
@@ -158,4 +162,9 @@ class FroxlorTwig extends AbstractExtension
 	{
 		return 'froxlortwig';
 	}
+
+	public function getMix($mix = '')
+	{
+		return mix($mix);
+	}
 }
--- a/lib/Froxlor/UI/Panel/UI.php
+++ b/lib/Froxlor/UI/Panel/UI.php
@@ -95,7 +95,7 @@ class UI
 		session_set_cookie_params([
 			'lifetime' => self::$install_mode ? 7200 : 600, // will be renewed based on settings in lib/init.php
 			'path' => '/',
-			'domain' => $_SERVER['HTTP_HOST'],
+			'domain' => $_SERVER['SERVER_NAME'],
 			'secure' => self::requestIsHttps(),
 			'httponly' => true,
 			'samesite' => 'Strict'
@@ -260,8 +260,17 @@ class UI
 	 */
 	public static function twigBuffer($name, array $context = [])
 	{
+		$template_file = self::getTheme() . '/' . $name;
+		if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) {
+			PhpHelper::phpErrHandler(E_USER_WARNING, "Template '" . $template_file . "' could not be found, trying fallback theme", __FILE__, __LINE__);
+			$template_file = self::$default_theme . '/'. $name;
+			if (!file_exists(Froxlor::getInstallDir() . '/templates/' . $template_file)) {
+				PhpHelper::phpErrHandler(E_USER_ERROR, "Unknown template '" . $template_file . "'", __FILE__, __LINE__);
+			}
+		}
+
 		self::$twigbuf[] = [
-			self::getTheme() . '/' . $name => $context
+			$template_file => $context
 		];
 	}

--- a/lib/config.example.inc.php
+++ b/lib/config.example.inc.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * change the options below to either true or false
+ */
+return [
+	/**
+	 * enable/disable the possibility to update froxlor from within the web-interface,
+	 * recommended value for debian/ubuntu package users is false to rely on apt and not have version mixup.
+	 * This is also useful for providers that manage the servers but give admin access to froxlor to handle
+	 * updates the way the providers does it (e.g. automation, etc.)
+	 */
+	'enable_webupdate' => false,
+];
--- a/lib/config.inc.php
+++ b/lib/config.inc.php
@@ -1,8 +0,0 @@
-<?php
-
-/**
- * change the options below to either true or false
- */
-return [
-	'enable_webupdate' => false
-];
--- a/lib/configfiles/bionic.xml
+++ b/lib/configfiles/bionic.xml
@@ -3458,11 +3458,7 @@ ssl_key = <<SSL_KEY_FILE>
 # auth_ssl_username_from_cert=yes.
 #ssl_cert_username_field = commonName

-# SSL DH parameters
-# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
-# Or migrate from old ssl-parameters.dat file with the command dovecot
-# gives on startup when ssl_dh is unset.
-ssl_dh = </usr/share/dovecot/dh.pem
+ssl_dh_parameters_length = 2048

 # SSL protocols to use
 #ssl_protocols = !SSLv3
@@ -4678,7 +4674,7 @@ aliases:     files
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_configdir}}]]></command>
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
 						<command><![CDATA[chmod 1777 {{settings.system.mod_fcgid_tmpdir}}]]></command>
-						<command><![CDATA[a2dismod php7.2]]></command>
+						<command><![CDATA[a2dismod php7.4]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
@@ -4711,7 +4707,7 @@ aliases:     files
 						</visibility>
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<command><![CDATA[a2dismod php7.2]]></command>
+						<command><![CDATA[a2dismod php7.4]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -30,6 +30,7 @@ return [
 		'title' => lng('admin.domain_add'),
 		'image' => 'fa-solid fa-globe',
 		'self_overview' => ['section' => 'domains', 'page' => 'domains'],
+		'id' => 'domain_add',
 		'sections' => [
 			'section_a' => [
 				'title' => lng('domains.domainsettings'),
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -30,6 +30,7 @@ return [
 		'title' => lng('admin.domain_edit'),
 		'image' => 'fa-solid fa-globe',
 		'self_overview' => ['section' => 'domains', 'page' => 'domains'],
+		'id' => 'domain_edit',
 		'sections' => [
 			'section_a' => [
 				'title' => lng('domains.domainsettings'),
--- a/lib/formfields/customer/mysql/formfield.mysql_edit.php
+++ b/lib/formfields/customer/mysql/formfield.mysql_edit.php
@@ -33,10 +33,16 @@ return [
 						'value' => $result['databasename']
 					],
 					'mysql_server' => [
+						'visible' => count($mysql_servers) > 1,
+						'type' => 'hidden',
+						'value' => $result['dbserver'] ?? 0,
+					],
+					'mysql_server_info' => [
 						'visible' => count($mysql_servers) > 1,
 						'label' => lng('mysql.mysql_server'),
 						'type' => 'label',
-						'value' => $mysql_servers[$result['dbserver']] ?? 'unknown db server'
+						'disabled' => true,
+						'value' => $mysql_servers[$result['dbserver']] ?? 'unknown db server',
 					],
 					'description' => [
 						'label' => lng('mysql.databasedescription'),
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -26,6 +26,14 @@
 use Froxlor\Language;
 use Froxlor\UI\Request;

+/**
+ * Render a template with the given data.
+ * Mostly used if we have no template-engine (twig).
+ *
+ * @param $template
+ * @param $attributes
+ * @return array|false|string|string[]
+ */
 function view($template, $attributes)
 {
 	$view = file_get_contents(dirname(__DIR__) . '/templates/' . $template);
@@ -33,11 +41,26 @@ function view($template, $attributes)
 	return str_replace(array_keys($attributes), array_values($attributes), $view);
 }

+/**
+ * Get the current translation for a given string.
+ *
+ * @param string $identifier
+ * @param array $arguments
+ * @return array|string
+ */
 function lng(string $identifier, array $arguments = [])
 {
 	return Language::getTranslation($identifier, $arguments);
 }

+/**
+ * Get the value of a request variable.
+ *
+ * @param string $identifier
+ * @param string|null $default
+ * @param string|null $session
+ * @return mixed|string|null
+ */
 function old(string $identifier, string $default = null, string $session = null)
 {
 	if ($session && isset($_SESSION[$session])) {
@@ -45,3 +68,26 @@ function old(string $identifier, string $default = null, string $session = null)
 	}
 	return Request::any($identifier, $default);
 }
+
+/**
+ * Loading the mix manifest file from given theme.
+ * This file contains the hashed filenames of the assets.
+ * It must be always placed in the theme assets folder.
+ *
+ * @param $filename
+ * @return mixed|string
+ */
+function mix($filename)
+{
+	if (preg_match('/templates\/(.+)\/assets\/(.+)\/(.+)/', $filename, $matches)) {
+		$mixManifest = dirname(__DIR__) . '/templates/' . $matches[1] . '/assets/mix-manifest.json';
+		if (file_exists($mixManifest)) {
+			$manifest = json_decode(file_get_contents($mixManifest), true);
+			$key = '/' . $matches[2] . '/' . $matches[3];
+			if ($manifest && !empty($manifest[$key])) {
+				$filename = 'templates/' . $matches[1] . '/assets' . $manifest[$key];
+			}
+		}
+	}
+	return $filename;
+}
--- a/lib/init.php
+++ b/lib/init.php
@@ -277,14 +277,14 @@ if (is_array($_themeoptions) && array_key_exists('js', $_themeoptions['variants'
 	if (is_array($_themeoptions['variants'][$themevariant]['js'])) {
 		foreach ($_themeoptions['variants'][$themevariant]['js'] as $jsfile) {
 			if (file_exists('templates/' . $theme . '/assets/js/' . $jsfile)) {
-				$js .= '<script type="text/javascript" src="templates/' . $theme . '/assets/js/' . $jsfile . '"></script>' . "\n";
+				$js .= '<script type="text/javascript" src="' . mix('templates/' . $theme . '/assets/js/' . $jsfile) . '"></script>' . "\n";
 			}
 		}
 	}
 	if (is_array($_themeoptions['variants'][$themevariant]['css'])) {
 		foreach ($_themeoptions['variants'][$themevariant]['css'] as $cssfile) {
 			if (file_exists('templates/' . $theme . '/assets/css/' . $cssfile)) {
-				$css .= '<link href="templates/' . $theme . '/assets/css/' . $cssfile . '" rel="stylesheet" type="text/css" />' . "\n";
+				$css .= '<link href="' . mix('templates/' . $theme . '/assets/css/' . $cssfile) . '" rel="stylesheet" type="text/css" />' . "\n";
 			}
 		}
 	}
@@ -332,7 +332,7 @@ if (CurrentUser::hasSession()) {
 	$cookie_params = [
 		'expires' => time() + Settings::Get('session.sessiontimeout'),
 		'path' => '/',
-		'domain' => $_SERVER['HTTP_HOST'],
+		'domain' => $_SERVER['SERVER_NAME'],
 		'secure' => UI::requestIsHttps(),
 		'httponly' => true,
 		'samesite' => 'Strict'
--- a/lib/navigation/00.froxlor.main.php
+++ b/lib/navigation/00.froxlor.main.php
@@ -158,6 +158,7 @@ return [
 		'docs' => [
 			'label' => lng('admin.documentation'),
 			'icon' => 'fa-solid fa-circle-info',
+			'show_element' => (!Settings::IsInList('panel.customer_hide_options', 'misc.documentation')),
 			'elements' => [
 				[
 					'url' => 'https://docs.froxlor.org/v2/user-guide/',
--- a/lng/de.lng.php
+++ b/lng/de.lng.php
@@ -1494,7 +1494,10 @@ Vielen Dank, Ihr Administrator',
 				'title' => 'Log-Art(en)',
 				'description' => 'Wählen Sie hier die gewünschten Logtypen. Für Mehrfachauswahl, halten Sie während der Auswahl STRG gedrückt<br />Mögliche Logtypen sind: syslog, file, mysql',
 			],
-			'logfile' => 'Log-Datei Pfad inklusive Dateinamen',
+			'logfile' => [
+				'title' => 'Dateiname der Logdatei',
+				'description' => 'Wird nur verwendet, wenn die Log-Art "file" ausgewählt ist. Diese Datei wird unter froxlor/logs/ geschrieben. Dieser Ordner ist vor Webzugriff geschützt.',
+			],
 			'logcron' => 'Logge Cronjobs',
 			'logcronoption' => [
 				'never' => 'Nie',
@@ -1962,6 +1965,10 @@ Vielen Dank, Ihr Administrator',
 			'title' => 'Validiere DNS der Domains wenn Let\'s Encrypt genutzt wird',
 			'description' => 'Wenn aktiviert wird froxlor überprüfen ob die DNS Einträge der Domains, welche ein Let\'s Encrypt Zertifikat beantragt, mindestens auf eine der System IP Adressen auflöst.',
 		],
+		'le_domain_dnscheck_resolver' => [
+			'title' => 'DNS Resolver für die DNS Überprüfung',
+			'description' => 'IP Adresse des DNS Servers, welcher für die DNS Überprüfung genutzt werden soll. Wenn leer, wird der Standard DNS Resolver des Systems genutzt.',
+		],
 		'phpsettingsforsubdomains' => [
 			'description' => 'Wenn ja, wird die gewählte PHP-Config für alle Subdomains übernommen',
 		],
@@ -2124,17 +2131,31 @@ Vielen Dank, Ihr Administrator',
 		],
 		'mb' => 'Traffic',
 		'day' => 'Tag',
-		'distribution' => '<span color="#019522">FTP</span> | <span color="#0000FF">HTTP</span> | <span color="#800000">Mail</span>',
-		'sumhttp' => 'Gesamt HTTP-Traffic',
-		'sumftp' => 'Gesamt FTP-Traffic',
-		'summail' => 'Gesamt Mail-Traffic',
+		'sumtotal' => 'Gesamt Traffic',
+		'sumhttp' => 'HTTP-Traffic',
+		'sumftp' => 'FTP-Traffic',
+		'summail' => 'Mail-Traffic',
 		'customer' => 'Kunde',
-		'trafficoverview' => 'Übersicht Traffic je',
+		'trafficoverview' => 'Übersicht Traffic',
+		'bycustomers' => 'Traffic nach Kunden',
 		'details' => 'Details',
 		'http' => 'HTTP',
 		'ftp' => 'FTP',
 		'mail' => 'Mail',
 		'nocustomers' => 'Es wird mindestens ein Kunde benötigt um die Traffic Statistiken anzuzeigen.',
+		'top5customers' => 'Top 5 Kunden',
+		'nodata' => 'Keine Daten im angegebenen Zeitraum.',
+		'ranges' => [
+			'last24h' => 'die letzten 24 Std',
+			'last7d' => 'die letzten 7 Tage',
+			'last30d' => 'die letzten  30 Tage',
+			'cm' => 'Aktueller Monat',
+			'last3m' => 'die letzten 3 Monate',
+			'last6m' => 'die letzten 6 Monate',
+			'last12m' => 'die letzten 12 Monate',
+			'cy' => 'Aktuelles Jahr',
+		],
+		'byrange' => 'Nach angegebenem Zeitraum',
 	],
 	'translator' => '',
 	'update' => [
--- a/lng/en.lng.php
+++ b/lng/en.lng.php
@@ -1613,7 +1613,10 @@ Yours sincerely, your administrator',
 				'title' => 'Log-type(s)',
 				'description' => 'Specify logtypes. To select multiple types, hold down CTRL while selecting.<br />Available logtypes are: syslog, file, mysql',
 			],
-			'logfile' => 'Logfile path including filename',
+			'logfile' => [
+				'title' => 'Filename for log',
+				'description' => 'Only used if log-type includes "file". This file will be created in froxlor/logs/. This folder is protected against public access.',
+			],
 			'logcron' => 'Log cronjobs',
 			'logcronoption' => [
 				'never' => 'Never',
@@ -2081,6 +2084,10 @@ Yours sincerely, your administrator',
 			'title' => 'Validate DNS of domains when using Let\'s Encrypt',
 			'description' => 'If activated, froxlor will validate whether the domain which requests a Let\'s Encrypt certificate resolves to at least one of the system ip addresses.',
 		],
+		'le_domain_dnscheck_resolver' => [
+			'title' => 'Use a external nameserver for DNS validation',
+			'description' => 'If set, froxlor will use this DNS to validate the DNS of domains when using Let\'s Encrypt. If empty, the system\'s default DNS resolver will be used.',
+		],
 		'phpsettingsforsubdomains' => [
 			'description' => 'If yes the chosen php-config will be updated to all subdomains',
 		],
@@ -2254,18 +2261,32 @@ Yours sincerely, your administrator',
 			'total' => 'Total',
 		],
 		'mb' => 'Traffic',
-		'distribution' => '<font color="#019522">FTP</font> | <font color="#0000FF">HTTP</font> | <font color="#800000">Mail</font>',
-		'sumhttp' => 'Total HTTP-Traffic',
-		'sumftp' => 'Total FTP-Traffic',
-		'summail' => 'Total Mail-Traffic',
+		'sumtotal' => 'Total traffic',
+		'sumhttp' => 'HTTP traffic',
+		'sumftp' => 'FTP traffic',
+		'summail' => 'Mail traffic',
 		'customer' => 'Customer',
 		'domain' => 'Domain',
-		'trafficoverview' => 'Traffic summary by',
+		'trafficoverview' => 'Traffic summary',
+		'bycustomers' => 'Traffic by customers',
 		'details' => 'Details',
 		'http' => 'HTTP',
 		'ftp' => 'FTP',
 		'mail' => 'Mail',
 		'nocustomers' => 'You need at least one customer to view the traffic reports.',
+		'top5customers' => 'Top 5 customers',
+		'nodata' => 'No data for given range found.',
+		'ranges' => [
+			'last24h' => 'last 24 hours',
+			'last7d' => 'last 7 days',
+			'last30d' => 'last 30 days',
+			'cm' => 'Current month',
+			'last3m' => 'last 3 months',
+			'last6m' => 'last 6 months',
+			'last12m' => 'last 12 months',
+			'cy' => 'Current year',
+		],
+		'byrange' => 'Specified by range',
 	],
 	'translator' => '',
 	'update' => [
--- a/package-lock.json
+++ b/package-lock.json
@@ -5103,9 +5103,9 @@
 			}
 		},
 		"node_modules/img-loader/node_modules/json5": {
-			"version": "1.0.1",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
-			"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+			"version": "1.0.2",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
+			"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 			"dev": true,
 			"dependencies": {
 				"minimist": "^1.2.0"
@@ -5437,9 +5437,9 @@
 			"dev": true
 		},
 		"node_modules/json5": {
-			"version": "2.2.1",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz",
-			"integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==",
+			"version": "2.2.3",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+			"integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
 			"dev": true,
 			"bin": {
 				"json5": "lib/cli.js"
@@ -8448,9 +8448,9 @@
 			}
 		},
 		"node_modules/vue-style-loader/node_modules/json5": {
-			"version": "1.0.1",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
-			"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+			"version": "1.0.2",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
+			"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 			"dev": true,
 			"dependencies": {
 				"minimist": "^1.2.0"
@@ -12919,9 +12919,9 @@
 			},
 			"dependencies": {
 				"json5": {
-					"version": "1.0.1",
-					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
-					"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+					"version": "1.0.2",
+					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
+					"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 					"dev": true,
 					"requires": {
 						"minimist": "^1.2.0"
@@ -13165,9 +13165,9 @@
 			"dev": true
 		},
 		"json5": {
-			"version": "2.2.1",
-			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz",
-			"integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==",
+			"version": "2.2.3",
+			"resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+			"integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
 			"dev": true
 		},
 		"jsonfile": {
@@ -15379,9 +15379,9 @@
 			},
 			"dependencies": {
 				"json5": {
-					"version": "1.0.1",
-					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.1.tgz",
-					"integrity": "sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow==",
+					"version": "1.0.2",
+					"resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz",
+					"integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==",
 					"dev": true,
 					"requires": {
 						"minimist": "^1.2.0"
--- a/templates/Froxlor/base.html.twig
+++ b/templates/Froxlor/base.html.twig
@@ -11,7 +11,7 @@

 	<!-- CSS -->
 	{% if theme_css is empty %}
-		<link href="{{ basehref|default('') }}templates/Froxlor/assets/css/main.css" rel="stylesheet" type="text/css" />
+		<link href="{{ basehref|default('') }}{{ mix('templates/Froxlor/assets/css/main.css') }}" rel="stylesheet" type="text/css" />
 	{% else %}
 		{{ theme_css|raw }}
 	{% endif %}
@@ -19,7 +19,7 @@

 	<!-- Scripts -->
 	{% if theme_js is empty %}
-		<script type="text/javascript" src="{{ basehref|default('') }}templates/Froxlor/assets/js/main.js"></script>
+		<script type="text/javascript" src="{{ basehref|default('') }}{{ mix('templates/Froxlor/assets/js/main.js') }}"></script>
 	{% else %}
 		{{ theme_js|raw }}
 	{% endif %}
--- a/templates/Froxlor/form/form.html.twig
+++ b/templates/Froxlor/form/form.html.twig
@@ -50,7 +50,7 @@
 	</form>

 	{# add translation for custom validations #}
-	{% if form_data.id is defined and form_data.id in ['customer_add', 'customer_edit'] %}
+	{% if form_data.id is defined and form_data.id in ['customer_add', 'customer_edit', 'domain_add', 'domain_edit'] %}
 		<script>$(function() { $.extend($.validator.messages, {required: "{{ lng('error.requiredfield') }}"}) });</script>
 	{% endif %}
 {% endmacro %}
--- a/templates/Froxlor/form/formfields.html.twig
+++ b/templates/Froxlor/form/formfields.html.twig
@@ -2,6 +2,9 @@
 	{% if field.visible is not defined or (field.visible is defined and field.visible) or nohide == true %}
 		{% if norow == false and (field.type != 'hidden' or (field.type == 'hidden' and field.display is defined and field.display is not empty)) %}
 			<div class="row g-0 formfield d-flex align-items-center">
+				{% if field.prior_infotext is defined and field.prior_infotext|length > 0 %}
+					<h5>{{ field.prior_infotext }}</h5>
+				{% endif %}
 				{% if field.label is iterable %}
 					<label for="{{ id }}" class="col-sm-6 col-form-label pe-3">
 						{% if em %}
@@ -51,6 +54,8 @@
 					{{ _self.input_ul(id, field) }}
 				{% elseif field.type == 'checkbox' %}
 					{{ _self.bool(id, field) }}
+				{% elseif field.type == 'checkrequired' %}
+					{{ _self.chk_required(id, field) }}
 				{% elseif field.type == 'select' %}
 					{{ _self.select(id, field) }}
 				{% elseif field.type == 'textarea' %}
@@ -116,6 +121,12 @@
 	{% endif %}
 {% endmacro %}

+{% macro chk_required(id, field) %}
+	<div class="form-check form-switch">
+		<input type="checkbox" value="{{ field.value }}" id="{{ id }}" name="{{ id }}" class="form-check-input" {% if field.mandatory is defined and field.mandatory == 1 %} required {% endif %} />
+	</div>
+{% endmacro %}
+
 {% macro infotext(id, field) %}
 	{% if field.next_to is defined %}
 		<div class="input-group">
@@ -148,7 +159,7 @@
 	{% if field.next_to is defined %}
 		<div class="input-group">
 		{% endif %}
-		<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %}/>
+		<input type="{{ field.type }}" {% if field.visible is defined and field.visible == false %} disabled {% endif %} {% if field.type == 'number' and field.min is defined %} min="{{ field.min }}" {% endif %} {% if field.type == 'number' and field.max is defined %} max="{{ field.max }}" {% endif %} {% if field.type != 'number' and field.maxlength is defined %} maxlength="{{ field.maxlength }}" {% endif %} id="{{ id }}" name="{{ id }}" value="{{ field.value|raw }}" class="form-control {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.readonly is defined and field.readonly %} readonly {% endif %} {% if field.autocomplete is defined %} autocomplete="{{ field.autocomplete }}" {% endif %} {% if field.placeholder is defined %} placeholder="{{ field.placeholder }}" {% endif %} {% if field.type == 'file' and field.accept is defined %} accept="{{ field.accept }}" {% endif %} {% if field.pattern is defined %} pattern="{{ field.pattern }}" {% endif %}/>
 		{% if field.type == 'hidden' and field.display is defined %}
 			<input type="text" readonly class="form-control-plaintext" value="{{ field.display|raw }}">
 		{% endif %}
@@ -165,7 +176,7 @@

 {% macro image(id, field) %}
 	{% if field.value is not empty %}
-		<img src="/{{ field.value }}" alt="Current Image" class="field-image-preview"><br>
+		<img src="{{ field.value }}" alt="Current Image" class="field-image-preview"><br>
 		<div class="form-check form-switch mb-2">
 			<input type="checkbox" value="1" name="{{ id }}_delete" class="form-check-input">
 			<label class="form-check-label">
@@ -197,7 +208,7 @@
 	{% if field.next_to is defined %}
 		<div class="input-group">
 		{% endif %}
-		<select {% if field.visible is defined and field.visible == false %} disabled {% endif %} class="form-select {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" name="{{ id }}{% if field.select_mode is defined and field.select_mode == 'multiple' %}[]{% endif %}" id="{{ id }}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.select_mode is defined and field.select_mode == 'multiple' %} multiple="multiple" {% endif %}>
+		<select {% if field.visible is defined and field.visible == false %} disabled {% endif %} class="form-select {% if field.valid is defined and field.valid == false %}is-invalid{% endif %}" name="{{ id }}{% if field.select_mode is defined and field.select_mode == 'multiple' %}[]{% endif %}" id="{{ id }}" {% if field.mandatory is defined and field.mandatory %} required {% endif %} {% if field.select_mode is defined and field.select_mode == 'multiple' %} multiple="multiple" {% endif %}{% if field.readonly is defined and field.readonly %} readonly {% endif %}>
 			{% for val,txt in field.select_var %}
 				<option value="{{ val }}" {% if field.selected is defined and ((field.selected is not iterable and field.selected == val) or (field.selected is iterable and val in field.selected|keys)) %} selected="selected" {% endif %}>{{ txt|raw }}</option>
 			{% endfor %}
--- a/templates/Froxlor/settings/configuration.html.twig
+++ b/templates/Froxlor/settings/configuration.html.twig
@@ -45,7 +45,7 @@
 									{% if stype == 'system' %}
 										<div class="form-check">
 											{% set recommended = false %}
-											{% if 
+											{% if
 												(dtype == get_setting('system.traffictool')) or
 												(dtype == 'libnssextrausers' and (get_setting('system.mod_fcgid') == '1' or get_setting('phpfpm.enabled') == '1' or get_setting('system.apacheitksupport') == '1')) or
 												(dtype == 'logrotate') or
@@ -72,7 +72,7 @@
 										<div class="form-check">
 											{% set recommended = false %}
 											{% if
-												(dtype == 'apache22' and get_setting('system.webserver') == 'apache2' and get_setting('system.apache24') == '0') or 
+												(dtype == 'apache22' and get_setting('system.webserver') == 'apache2' and get_setting('system.apache24') == '0') or
 												(dtype == 'apache24' and get_setting('system.webserver') == 'apache2' and get_setting('system.apache24') == '1') or
 												(dtype == 'lighttpd' and get_setting('system.webserver') == 'lighttpd') or
 												(dtype == 'nginx' and get_setting('system.webserver') == 'nginx') or
@@ -112,7 +112,6 @@
 				{{ lng('admin.configfiles.recommendednote') }}
 			</div>
 			<div class="col-12 col-md-6 text-end">
-				<input type="hidden" name="dist" value="{{ distribution }}"/>
 				<button type="button" class="btn btn-outline-secondary" id="selectRecommendedConfig">{{ lng('admin.configfiles.selectrecommended') }}</button>
 				<button type="button" class="btn btn-outline-secondary" id="downloadSelectionAsJson">
 					<i class="fa-solid fa-download"></i>
--- a/templates/Froxlor/src/js/components/validation.js
+++ b/templates/Froxlor/src/js/components/validation.js
@@ -1,19 +1,19 @@
-$(document).ready(function() {
-	$('#customer_add,#customer_edit').each(function(){
+$(document).ready(function () {
+	$('#customer_add,#customer_edit').each(function () {
 		$(this).validate({
-			rules:{
-				'name':{
-					required:function(){
+			rules: {
+				'name': {
+					required: function () {
 						return $('#company').val().length === 0 || $('#firstname').val().length > 0;
 					}
 				},
-				'firstname':{
-					required:function(){
+				'firstname': {
+					required: function () {
 						return $('#company').val().length === 0 || $('#name').val().length > 0;
 					}
 				},
-				'company':{
-					required:function(){
+				'company': {
+					required: function () {
 						return $('#name').val().length === 0
 							&& $('#firstname').val().length === 0;
 					}
@@ -21,4 +21,17 @@ $(document).ready(function() {
 			},
 		});
 	});
+	$('#domain_add,#domain_edit').each(function () {
+		$(this).validate({
+			rules: {
+				'ipandport[]': {
+					required: true,
+					minlength: 1
+				}
+			},
+			errorPlacement: function(error, element) {
+				$(error).prependTo($(element).parent().parent());
+			}
+		});
+	});
 });
--- a/templates/Froxlor/src/scss/components/_generic.scss
+++ b/templates/Froxlor/src/scss/components/_generic.scss
@@ -3,6 +3,10 @@
@import "~@fortawesome/fontawesome-free/css/all";

 // Generic
+.header-logo {
+	height: 24px;
+}
+
 .form-control-plaintext {
 	outline: none;
 }
--- a/templates/Froxlor/user/dashboard-item.html.twig
+++ b/templates/Froxlor/user/dashboard-item.html.twig
@@ -1,7 +1,7 @@
-{% macro ditem(lngstr, available, used, assigned = null, formatbytes = false) %}
+{% macro ditem(lngstr, available, used, assigned = null, formatbytes = false, byte_usage  = null) %}
    <div class="col border-end border-bottom p-3">
        <div class="row mb-1">
-            <div class="col text-truncate">{{ lng(lngstr) }}</div>
+			<div class="col text-truncate">{{ lng(lngstr) }}{% if byte_usage %} <small>({{ byte_usage|formatBytes }})</small>{% endif %}</div>
            <div class="col-auto">
                <small>{% if formatbytes %}{{ used|formatBytes }}{% else %}{{ used }}{% endif %}/{% if available < 0 %}{{ lng('panel.unlimited') }}{% else %}{% if formatbytes %}{{ available|formatBytes }}{% else %}{{ available }}{% endif %}{% endif %}</small>
            </div>
--- a/templates/Froxlor/user/index.html.twig
+++ b/templates/Froxlor/user/index.html.twig
@@ -33,12 +33,13 @@
 		{% else %}
 			{# customer-resources #}
 			<div class="row row-cols-1 row-cols-sm-2 row-cols-xl-4 g-0">
+				{{ dashboard.ditem('customer.total_diskspace', userinfo.diskspace_bytes, userinfo.total_bytes_used, null, true) }}
 				{{ dashboard.ditem('customer.diskspace', userinfo.diskspace_bytes, userinfo.diskspace_bytes_used, null, true) }}
 				{{ dashboard.ditem('customer.traffic', userinfo.traffic_bytes, userinfo.traffic_bytes_used, null, true) }}
 				{{ dashboard.ditem('customer.subdomains', userinfo.subdomains, userinfo.subdomains_used) }}
-				{{ dashboard.ditem('customer.mysqls', userinfo.mysqls, userinfo.mysqls_used) }}
+				{{ dashboard.ditem('customer.mysqls', userinfo.mysqls, userinfo.mysqls_used, null, false, userinfo.dbspace_used) }}
 				{{ dashboard.ditem('customer.emails', userinfo.emails, userinfo.emails_used) }}
-				{{ dashboard.ditem('customer.accounts', userinfo.email_accounts, userinfo.email_accounts_used) }}
+				{{ dashboard.ditem('customer.accounts', userinfo.email_accounts, userinfo.email_accounts_used, null, false, userinfo.mailspace_used) }}
 				{{ dashboard.ditem('customer.forwarders', userinfo.email_forwarders, userinfo.email_forwarders_used) }}
 				{{ dashboard.ditem('customer.ftps', userinfo.ftps, userinfo.ftps_used) }}
 			</div>
--- a/templates/Froxlor/user/traffic.html.twig
+++ b/templates/Froxlor/user/traffic.html.twig
@@ -18,14 +18,14 @@
 	<!-- TODO: set url on change. e.g.: ?param=days:7 -->
 	<div class="d-flex justify-content-center justify-content-md-end">
 		<select class="form-select mb-3 mb-md-4 w-auto mt-md-n4" aria-label="select the traffic range" name="range" data-baseref="{{ linker({'section':'traffic'}) }}">
-			<option value="hours:24" {% if range == 'hours:24' %}selected{% endif %}>last 24 hours</option>
-			<option value="days:7" {% if range == 'days:7' %}selected{% endif %}>last 7 days</option>
-			<option value="days:30" {% if range == 'days:30' %}selected{% endif %}>last 30 days</option>
-			<option value="currentmonth" {% if range == 'currentmonth' %}selected{% endif %}>current month</option>
-			<option value="months:3" {% if range == 'months:3' %}selected{% endif %}>last 3 months</option>
-			<option value="months:6" {% if range == 'months:6' %}selected{% endif %}>last 6 months</option>
-			<option value="months:12" {% if range == 'months:12' %}selected{% endif %}>last 12 months</option>
-			<option value="currentyear" {% if range == 'currentyear' %}selected{% endif %}>current year</option>
+			<option value="hours:24" {% if range == 'hours:24' %}selected{% endif %}>{{ lng('traffic.ranges.last24h') }}</option>
+			<option value="days:7" {% if range == 'days:7' %}selected{% endif %}>{{ lng('traffic.ranges.last7d') }}</option>
+			<option value="days:30" {% if range == 'days:30' %}selected{% endif %}>{{ lng('traffic.ranges.last30d') }}</option>
+			<option value="currentmonth" {% if range == 'currentmonth' %}selected{% endif %}>{{ lng('traffic.ranges.cm') }}</option>
+			<option value="months:3" {% if range == 'months:3' %}selected{% endif %}>{{ lng('traffic.ranges.last3m') }}</option>
+			<option value="months:6" {% if range == 'months:6' %}selected{% endif %}>{{ lng('traffic.ranges.last6m') }}</option>
+			<option value="months:12" {% if range == 'months:12' %}selected{% endif %}>{{ lng('traffic.ranges.last12m') }}</option>
+			<option value="currentyear" {% if range == 'currentyear' %}selected{% endif %}>{{ lng('traffic.ranges.cy') }}</option>
 			{% for yd in years_avail %}
 				{% if yd.year != "now"|date('Y') %}
 					<option value="year:{{ yd.year }}" {% if range == 'year:' ~ yd.year %}selected{% endif %}>{{ yd.year }}</option>
@@ -50,37 +50,36 @@
 		<div class="row row-cols-2 row-cols-md-4 g-0">
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.total|formatBytes }}</h3>
-				<span>Total</span>
+				<span>{{ lng('traffic.months.total') }}</span>
 			</div>
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.http|formatBytes }}</h3>
-				<span>HTTP</span>
+				<span>{{ lng('traffic.http') }}</span>
 			</div>
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.ftp|formatBytes }}</h3>
-				<span>FTP</span>
+				<span>{{ lng('traffic.ftp') }}</span>
 			</div>
 			<div class="col p-3 border-end">
 				<h3>{{ metrics.mail|formatBytes }}</h3>
-				<span>Mail</span>
+				<span>{{ lng('traffic.mail') }}</span>
 			</div>
 		</div>
 	</div>

 	{% if userinfo.adminsession == 1 %}
 		<!-- Overview for given range by user -->
-		<h4 class="page-header">Traffic by customers</h4>
+		<h4 class="page-header">{{ lng('traffic.bycustomers') }}</h4>
 		{% if users is not empty %}
 			<div class="card table-responsive">
 				<table class="table table-borderless table-striped align-middle mb-0 px-3">
 					<thead>
 						<tr>
 							<th scope="col">{{ lng('login.username') }}</th>
-							<th scope="col">Total</th>
-							<th scope="col">HTTP</th>
-							<th scope="col">FTP</th>
-							<th scope="col">Mail
-							</th>
+							<th scope="col">{{ lng('traffic.months.total') }}</th>
+							<th scope="col">{{ lng('traffic.http') }}</th>
+							<th scope="col">{{ lng('traffic.ftp') }}</th>
+							<th scope="col">{{ lng('traffic.mail') }}</th>
 						</tr>
 					</thead>
 					<tbody>
@@ -101,19 +100,19 @@
 		{% else %}
 			<div class="card">
 				<div class="card-body">
-					<p>No data for given range found.</p>
+					<p>{{ lng('traffic.nodata') }}</p>
 				</div>
 			</div>
 		{% endif %}
 	{% endif %}

 	<script>
-		const labelsS = ['HTTP', 'FTP', 'Mail'];
+		const labelsS = ['{{ lng('traffic.http') }}', '{{ lng('traffic.ftp') }}', '{{ lng('traffic.mail') }}'];

 		const dataS = {
 			labels: labelsS,
 			datasets: [{
-				label: 'Traffic summary',
+				label: '{{ lng('traffic.trafficoverview') }}',
 				backgroundColor: ['rgb(255, 99, 132)', 'rgb(200, 199, 132)', 'rgb(255, 99, 0)'],
 				data: [{value: '{{ metrics.http|default(0) }}', formatted: '{{ metrics.http|formatBytes }}'}, {value: '{{ metrics.ftp|default(0) }}', formatted: '{{ metrics.ftp|formatBytes }}'}, {value: '{{ metrics.mail|default(0) }}', formatted: '{{ metrics.mail|formatBytes }}'}]
 			}]
@@ -130,7 +129,7 @@
 				plugins: {
 					title: {
 						display: true,
-						text: 'Total traffic'
+						text: '{{ lng('traffic.sumtotal') }}'
 					},
 					legend: {
 						position: 'right'
@@ -161,7 +160,7 @@
 			const dataC = {
 				labels: labelsC,
 				datasets: [{
-					label: 'Top 5 customers',
+					label: '{{ lng('traffic.top5customers') }}',
 					backgroundColor: ['rgb(255, 99, 132)', 'rgb(200, 199, 132)', 'rgb(255, 99, 0)', 'rgb(100, 100, 132)', 'rgb(240, 150, 232)'],
 					data: dataValues
 				}]
@@ -178,7 +177,7 @@
 					plugins: {
 						title: {
 							display: true,
-							text: 'Top 5 customers'
+							text: '{{ lng('traffic.top5customers') }}'
 						},
 						legend: {
 							position: 'right'
@@ -220,7 +219,7 @@
 				labels: labelsC,
 				datasets: [
 					{
-					label: 'HTTP traffic',
+					label: '{{ lng('traffic.sumhttp') }}',
 					backgroundColor: 'rgb(255, 99, 132)',
 					{% if range starts with 'days' or range == 'currentmonth' %}
 						data: [{% for d,dd in days %}{value: '{{ dd.http|default(0) }}', formatted: '{{ dd.http|formatBytes }}', axisv: '{{ d }}'},{% endfor %}],
@@ -234,7 +233,7 @@
 					}
 				},
 				{
-					label: 'FTP traffic',
+					label: '{{ lng('traffic.sumftp') }}',
 					backgroundColor: 'rgb(200, 199, 132)',
 					{% if range starts with 'days' or range == 'currentmonth' %}
 						data: [{% for d,dd in days %}{value: '{{ dd.ftp|default(0) }}', formatted: '{{ dd.ftp|formatBytes }}', axisv: '{{ d }}'},{% endfor %}],
@@ -248,7 +247,7 @@
 					}
 				},
 				{
-					label: 'Mail traffic',
+					label: '{{ lng('traffic.summail') }}',
 					backgroundColor: 'rgb(255, 99, 0)',
 					{% if range starts with 'days' or range == 'currentmonth' %}
 						data: [{% for d,dd in days %}{value: '{{ dd.mail|default(0) }}', formatted: '{{ dd.mail|formatBytes }}', axisv: '{{ d }}'},{% endfor %}],
@@ -283,7 +282,7 @@
 					plugins: {
 						title: {
 							display: true,
-							text: 'Specified by range'
+							text: '{{ lng('traffic.byrange') }}'
 						},
 						tooltip: {
 							enabled: true,
--- a/templates/Froxlor/userarea.html.twig
+++ b/templates/Froxlor/userarea.html.twig
@@ -25,7 +25,7 @@
 				</button>
 			</div>
 			<a class="navbar-brand me-0 {% if block('heading') %}shadow-sm{% endif %}" href="{{ linker({'section': 'index'}) }}">
-				<img src="{{ header_logo }}" alt="" width="auto" height="24" class="d-inline-block align-text-top ms-md-3">
+				<img src="{{ header_logo }}" alt="logo" class="header-logo d-inline-block align-text-top ms-md-3">
 			</a>
 			<div class="order-0 order-md-1 d-flex flex-grow-0 flex-md-grow-1" id="navbar">
 				<ul class="navbar-nav ms-md-auto me-3 me-lg-5">
--- a/webpack.mix.js
+++ b/webpack.mix.js
@@ -10,4 +10,5 @@ mix
 	.copyDirectory('node_modules/@fortawesome/fontawesome-free/webfonts', 'templates/Froxlor/assets/webfonts')
 	.js('templates/Froxlor/src/js/main.js', 'js')
 	.sass('templates/Froxlor/src/scss/main.scss', 'css')
-	.sass('templates/Froxlor/src/scss/dark.scss', 'css');
+	.sass('templates/Froxlor/src/scss/dark.scss', 'css')
+	.version();
Author	SHA1	Message	Date
Michael Kaufmann	42b3f1e59d	set version to 2.0.9 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-20 18:01:28 +01:00
Michael Kaufmann	1b77632fa8	correctly display config-services command in updater if manual commands are needed Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-19 20:19:43 +01:00
Maurice Preuß (envoyr)	867b7b1390	fix domain variable for gethostbynamel6 function Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-18 14:47:25 +01:00
Maurice Preuß (envoyr)	4c6ebde58c	adding new dns resolver setting for let's encrypt Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org> Co-authored-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-18 13:57:47 +01:00
Michael Kaufmann	1e013d9e9a	enhance information on updater regarding acme-challenge (if lets encrypt is enabled and applicable) Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-18 11:47:55 +01:00
Michael Kaufmann	c56bc651b9	allow hiding documentation menu for customers via customers-hide-option; use --staging for acme.sh for every test-CA Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-18 08:59:59 +01:00
aPollO2k	6cbdf45a7c	Typo fixed in update_2.x.inc.php (#1082 ) PHO_EOL => PHP_EOL	2023-01-16 21:32:56 +01:00
Michael Kaufmann	715667e227	Merge branch 'main' of github.com:Froxlor/Froxlor	2023-01-15 23:49:09 +01:00
Michael Kaufmann	41de161555	show exact froxlor:config-services parameter for updater; better checks for changed acme-challenge paths; fix typo in PHP_EOL statement; remove crsf token from config-apply-parameter generation from within the ui Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-15 23:48:37 +01:00
Maurice Preuß (envoyr)	1f1ea370c0	add version to mix-manifest.json and add mix function Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-14 21:14:55 +01:00
Michael Kaufmann	090cfc26f2	set file-log (if enabled) to be in froxlor/logs/ folder; fix ssl param directive for dovecot in Ubuntu Bionic; set version to 2.0.8 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-14 13:09:42 +01:00
Michael Kaufmann	529890b5d2	fix typo in langauge-definition Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 22:27:45 +01:00
Michael Kaufmann	d4a6ab146d	re-add total-disspace dashboard-display on customer dashboard Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 16:52:14 +01:00
Michael Kaufmann	e3f02879cf	restore mandatory field on domain-formfields; add translated require message and correct error-placement of the message Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 15:16:42 +01:00
Michael Kaufmann	b52d6df777	[UI] change require of ipandport field in domains.add and domains.delete to one-of instead of all; fixes #1078 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 14:53:05 +01:00
Michael Kaufmann	9e671100ae	acme-challenge path adjustments if docroot changed after update from 0.10.x (via apt) Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 14:21:14 +01:00
Michael Kaufmann	7e801ea502	Merge branch 'main' of github.com:Froxlor/Froxlor	2023-01-12 12:20:23 +01:00
Daniel	b68522f7d5	Fix formfield image preview path (#1077 )	2023-01-12 12:19:31 +01:00
Michael Kaufmann	86852942e0	add missing language-strings for traffic page Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 11:30:52 +01:00
Michael Kaufmann	ec05c84f4d	check whether let's encrypt is enabled at all and correct acme-alias configuration file if necessary/selected Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 09:40:35 +01:00
Michael Kaufmann	9e13c077e9	show command to regenerate cron.d-file if previous deletion of old files could not be done automatically, fixes #1076 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-12 08:33:19 +01:00
Maurice Preuß (envoyr)	da8d315e77	remove hardcoded logo height Signed-off-by: Maurice Preuß (envoyr) <envoyr@froxlor.org>	2023-01-11 22:43:00 +01:00
Michael Kaufmann	cb67e3ae63	continue checking domains even if no config was found, thx knox Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 21:07:00 +01:00
Michael Kaufmann	82d15c4dc2	fixes for ValidateAcmeWebroot command Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 20:47:07 +01:00
Michael Kaufmann	6d048e2cee	fix default mysql-dbserver for customers if not allowed to use the default (id=0) one; fixes #1075 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 19:41:24 +01:00
Michael Kaufmann	87bd80eea1	reenable access to ftp view for customers with ftps=0 because the main account is always being created Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-11 14:58:18 +01:00
Michael Kaufmann	80e442e396	set version to 2.0.7 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 22:15:57 +01:00
Michael Kaufmann	489ad375bd	ensure latest userdata.inc.php layout for updaters/users of old format Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 16:54:20 +01:00
Michael Kaufmann	c420196e73	check explicitly for template existence and try to use default theme as fallback; fixes #1071 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 16:53:36 +01:00
Michael Kaufmann	cc6d8d5f8b	fix login if non-standard ports are used for froxlor vhost Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-10 12:43:04 +01:00
Michael Kaufmann	24f47bc58b	set version to 2.0.6 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 10:09:15 +01:00
Michael Kaufmann	c769c074e0	add Google CA to available acme.sh providers; fixes #1065 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 10:00:08 +01:00
dependabot[bot]	2ecb8eb034	Bump json5 from 1.0.1 to 1.0.2 (#1069 ) Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-09 09:51:52 +01:00
Michael Kaufmann	6827c100c3	fix updating email account password-hashes in updater Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 09:50:51 +01:00
Michael Kaufmann	c402acd1bd	disable correct mod_php in bionic-config-templates when fcgid/php-fpm is selected Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 09:25:29 +01:00
Michael Kaufmann	c4ec2509fa	fix resetting of isemaildomain-flag of subdomains when nothing changed; fixes #1067 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-09 09:24:22 +01:00
Michael Kaufmann	0f382586ce	set version to 2.0.5 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 23:24:43 +01:00
Michael Kaufmann	9c2f12ecb1	mysql-remote-server fixes Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 23:20:31 +01:00
Michael Kaufmann	12da117cab	fix chmod() command in compatibility cronjob for updaters Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 20:20:44 +01:00
Michael Kaufmann	ef48f4b48e	set version to 2.0.3 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 19:44:07 +01:00
Michael Kaufmann	aae6db52b5	temporarily change innodb_strict_mode to run table updates (shorten fields) Signed-off-by: Michael Kaufmann <d00p@froxlor.org>	2023-01-08 19:36:05 +01:00