e327a39eac
cron_tasks/bind: refactor zone creation DNS records for subdomains managed as main domains (i.e. have ismainbutsubto>1) get written to separate zone files for each subdomain. This does not play well with hidden-master setups, where a quering DNS server would only request a transfer of the topmost parent zone and ignore SOA records therein to initiate the potentially required transfers of subzones. This patch changes how zonefiles are created, so that DNS records of "ismainbutsubto>1"-domains end up within the zone of the topmost parent domain. Obviously this relies on correctly set ismainbutsubto-fields of all subdomains managed as main domain in Froxlor. Refactoring summary: - Previously _generateDomainConfig() would be called for each customer domain, handle writing the zone file and accumulate the bind config data. Now writing the zone files is decoupled and both _generateDomainConfig() and generateZone() get called from the main loop over the customer domains. - The main loop over customer domains only considers "ismainbutsubto==0"-domains, children are handled via recursion within walkDomainList() according to the previously collected relations of direct children. - The recursion accumulates the zone data, storing it in $_bind_conf_file (which is now a private member) until it gets written to a zone file. The resulting structure is written to the debugHandler. -- For "ismainbutsubto==0"-domains, generateZone() returns a SOA record and further applicable records as usual. -- For "ismainbutsubto>0"-domains, generateZone() returns a "$ORIGIN $domain"-line and further applicable records as usual. This now excludes NS records, since they're no longer required. - The boolean parameter $froxlorhost=true to _generateDomainConfig() and generateZone() was replaced by the additional field $hostname_arr['froxlorhost']
Froxlor
The server administration software for your needs. Developed by experienced server administrators, this panel simplifies the effort of managing your hosting platform.
Installation
Fast install
- Ensure that your webserver serves /var/www
- Extract froxlor into /var/www
- Point your browser to http://[ip-of-webserver]/froxlor
- Follow the installer
- Login as administrator
- Adjust "Server > Settings" according to your needs
- Choose your distribution under "Server > Configuration"
- Follow the steps for your services
- Have fun!
Detailed installation
http://redmine.froxlor.org/projects/froxlor/wiki/Installationtarball
Help
You may find help in the following places:
IRC
froxlor may be found on freenode.net, channel #froxlor: irc://chat.freenode.net/froxlor
Forum
The community is located on http://forum.froxlor.org
Wiki
More documentation may be found in the froxlor - wiki: http://redmine.froxlor.org/projects/froxlor/wiki
License
May be found in COPYING
Downloads
Tarball
http://files.froxlor.org/releases/froxlor-latest.tar.gz MD5 SHA1
Debian repository
/etc/apt/sources.list.d/froxlor.list
deb http://debian.froxlor.org {wheezy|jessie} main
Gentoo repository
http://files.froxlor.org/gentoo/repositories.xml
Let's Encrypt support
This version of Froxlor contains a test implementation of support for Let's Encrypt. This is (as Let's Encrypt is in itself) still a beta version and may break your system. The way it currently works is by creating a (sub-)domain with the default system - certificate, after which the Let's Encrypt cronjob orders the certificate for this (sub-)domain and inserts the certificates in the database. With the next run of the default cronjob, the certificates will be updated on the disk and the webserver reloaded.
This has 2 known side-effects at the moment:
- The basic ip/port combinations don't work with the Froxlor - integration of Let's Encrypt, since it needs a certificate for the very first creation
- After creating a domain, it will have the default certificate for a short time (by default 5 minutes until the cronjob runs the next time)
It may be possible to fix these issues, but they are not a priority at the moment
By default the testing environment of Let's Encrypt is used. This issues certificates which will not be signed by a known certificate authority.
To activate the production system, change the $ca in lib/classes/ssl/class.lescript.php to https://acme-v01.api.letsencrypt.org.