Setting up DA with an SSL certificate

You can switch DirectAdmin to use SSL instead of plain text. -> https instead of http on port 2222.
Note that this is for the DirectAdmin connection on port 2222, *not* for apache.
If you’re tryting to setup a certificate for your domain through apache, use this guide.

If you do not have your own certificates, you’ll need to create your own:/usr/bin/openssl req -x509 -newkey rsa:2048 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes

chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem


This is the old method, use either the one above, or this one.  The end result is the same, but takes more steps.
openssl req -new -x509 -keyout /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cacert.pem -days 3653

openssl rsa -in /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cakey.pem

rm -f /usr/local/directadmin/conf/cakey.pem.tmp
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

(Paste these one at a time as the first 2 require user input)


If you already have your own certificate and key, then paste them into the following files:

certificate:  /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1  (default is 0).  This tells DA to load the certificate and key and to use an SSL connection.
Ensure your directadmin.conf has the values set:cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem

but can be changed as needed.

DirectAdmin needs to be restarted after any changes to the directadmin.conf.

If you also have a CA Root Certificate, this can be specified by adding:carootcert=/usr/local/directadmin/conf/carootcert.pem

into the /usr/local/directadmin/conf/directadmin.conf file (won’t exist by default) and by pasting the contents of the caroot cert into that file.

Note, as of 1.30.2, you can set the value of the SSL redirect should a User connect to an https connection with plaintext http.
http://www.directadmin.com/features.php?id=801

For 1.33.0, you can force DA to redirect to a specific hostname if you wish the host to match the cert installed:
http://www.directadmin.com/features.php?id=917
However, if they connect to https on a different host, they’ll first get the ssl warning (since ssl is established before the host is passed), then they’ll be redirected to the correct host, where the error would not appear (assuming you’ve got a valid cert setup)

As of 1.33.3, you can enable a ssl cipher to force SSLv3, and disable SSLv2:
http://www.directadmin.com/features.php?id=957

How to upgrade mysql with custombuild

To upgrade mysql using the custombuild script, do the following:

cd /usr/local/directadmin/custombuild
./build set mysql 5.1
./build set mysql_inst yes
./build set mysql_backup yes
./build update
./build mysql

Where mysql can be 5.0, 5.1 or 5.5.

A full raw sql backup will be run prior to the upgrade if you have mysql_backup=yes set.  It goes without saying, always make backups, either with this tool, or with other means.

After the mysql update, always recompile php.

./build php n

Why do I need an owned IP for my own SSL certificate?

The reason you must have your own dedicated IP address when you want to use your own SSL certificate (when you don’t want the server wide shared certificate) is because of the way SSL and Apache (httpd) works.

For name based web-hosting (when many domains are on one IP) the web browser will pass the name of the domain being requested inside the httpd headers along with the request.  This way, Apache knows which domain you are trying to access even though there are many domains on that one IP address.

When you do the same thing through an SSL connection, the connection has to be made *before* the request can be sent.  In this connection, the certificate is passed.  The only information that Apache knows before the request is made is which IP the connection is being made to.  It has to be able to know which certificate to send before the request is made, thus you can’t use multiple certificates on the same IP (if you do, Apache will use the first certificate listed which DA will always set to the server shared certificate for shared IPs).

If you want to use your own certificate, it must be the first certificate listed.  This wouldn’t work for a shared IP, because there would multiple domain wanting this status, and the first certificate would the one shown.  For this reason the shared certificate is always used on a shared IP.  For your certificate, DA will acknowledge the IP as being ‘owned’ and will remove the server shared certificate as the first cert to be loaded, thus your certificate will be loaded instead.

How To Clear Your DNS Cache

Windows® 8

 

  1. Press Win+X to open the WinX Menu.
  2. Right-click on Command Prompt and select Run as Administrator.
  3. Type the following command and press Enteripconfig /flushdns
  4. If the command was successful, you will see the following message:
    Windows IP configuration successfully flushed the DNS Resolver Cache.

 

Windows 7

 

  1. Click the Start button.
  2. Enter cmd in the Start menu search field.
  3. Right-click on Command Prompt and select Run as Administrator.
  4. Type the following command and press Enteripconfig /flushdns
  5. If the command was successful, you will see the following message:
    Windows IP configuration successfully flushed the DNS Resolver Cache.

 

Windows XP, 2000, or Vista®

 

  1. Click the Start button.
  2. On the Start menu, click Run….
    • If you do not see the Run command in Vista, enter run in the Search bar.
  3. Type the following command in the Run text box: ipconfig /flushdns

 

MacOS® 10.7 and 10.8

 

  1. Click Applications.
  2. Click Utilities.
  3. Double-click the Terminal application.
  4. Type the following command:
    sudo killall -HUP mDNSResponder

    Warning: To run this command, you will need to know the computer’s Admin account password.

 

MacOS 10.5 and 10.6

 

  1. Click Applications.
  2. Click Utilities.
  3. Double-click the Terminal application.
  4. Type the following command: sudo dscacheutil -flushcache

How to adjust the time zone of your webmail client (Roundcube, SquirrelMail, Horde)

SquirrelMail

To change time zones in SquirrelMail:

  1. Access SquirrelMail.
  2. Click Options link at the top of the page.
  3. Click the Personal Information link.
  4. Under Timezone Options, from the Your Current Timezone drop-down, select your preferred time zone.
  5. Click Submit.

Horde

To change time zones in Horde:

  1. Access Horde.
  2. Click the Options icon at the top of the page.
  3. Under Your Information, click the Locale and Time link.
  4. Under Your current time zone, select your preferred time zone from the drop-down menu.
  5. Click Save Options.

RoundCube

To change time zones in RoundCube:

  1. Access RoundCube.
  2. Click the Settings icon in the top-right corner of the page.
  3. Select Preferences tab.
  4. Under the Section column, select User Interface.
  5. Select your preferred time zone from the Time zone drop-down menu.
  6. Click Save.

How to change the max file upload size for phpMyAdmin in Plesk

You need to edit the correct php.ini file and increase the value of the following variables to the desired size:

memory_limit, upload_max_filesize and post_max_size

The  php.ini file is located at:

On Linux server:

/usr/local/psa/admin/conf/php.ini

On Windows server:

C:\Program Files (x86)\Parallels\Plesk\admin\php.ini

 

Then you will need to restart your webserver & PSA.

 

 

Change email password without logging in on DirectAdmin

If you would like your pop users to be able to change their own email passwords without having to login to the control panel, simply give them this link:

http://www.domain.com:2222/CMD_CHANGE_EMAIL_PASSWORD

Where www.domain.com is either your domain, hostname, or IP address.

More information on this function and how you can use it via API can be found Here.

There is also a DA plugin that also gives email users the ability to change their passwords, and vacation messages, and show them their email stats, all in once place:
http://www.directadmin.com/forum/showthread.php?t=22715

For automated vacation messages changes by email users, it can be implemented via API here, or just use the plugin above:http://www.directadmin.com/forum/showthread.php?t=13112

A squirrelmail plugin has been created which allows interaction with DirectAdmin showing usage, as well as the ability to change the password and vacation message:
http://www.directadmin.com/forum/showthread.php?t=31050

How to forward a website to another url

There are several ways to accomplish this task, but the simplest to understand is to use php.

To do this, you need to create the page that will do the forwarding.  This can be any page, as long as it ends in “.php”.  If you are trying to redirect a domain, you’d create “index.php” inside the public_html directory.

Once you decide which page you will use, then create the file and enter the following text:

<?php
header(“Location: http://whereyouwant.com/to/go.html“);
?>

Where http://whereyouwant.com/to/go.html is the location that you want the page to forward to.  You can use local values, ie: /page.html, or full urls as in the above example (http://..etc.)


Another way to accomplish this is to use an .htaccess file in the public_html directory.  Sample contents:

Redirect 301 / http://whereyouwant.com/to/go.html

Redirect domain.com to www.domain.com

If you want to force clients to use www.domain.com, you can redirect them from domain.com to the www version with an .htaccess file.

In your public_html folder, create a file called .htaccess and add the code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent]

where you’d need to replace domain\.com and domain.com with your actual domain name.  Note the \ character must be present to escapce the . character.

Other versions of the same thing do a negation check to see if the domain is not www.domain.com, but that doesn’t work if you have subdomains.. hence the need for the explicit check for the value we don’t want.

Adding custom modules to apache for custombuild – DirectAdmin

If you want to add any extra modules to apache in custombuild, they’ll need to be compiled in. Any module that needs to be compiled in will have a –with-module type flag which will need to be used. To add this flag, run the following:

 

cd /usr/local/directadmin/custombuild
mkdir -p custom/ap2
cp configure/ap2/configure.apache custom/ap2/configure.apache
vi custom/ap2/configure.apache

#add your –with-module line to the end of the file,
# and make sure the  character exists at the end of all lines except the last one../build clean
./build apache
Then restart apache:
RedHat:/sbin/service httpd restart
FreeBSD:/usr/local/etc/rc.d/httpd restart
Debian:/etc/init.d/httpd restart

If you run into problems, you may also need to recompile php as well:./build php

Then restart apache again.