Posts by Jadawin


    If there's a single quote " ' " in the roundcube user passwoerd, then this plugin will break, because it doesn't escape the char in the configuration.
    imscp version: 1.2.0
    Roundcube Plugins version: 1.0.0

    I errorneously reported this as a Roundcube problem, sorry for the annoyance @Nuxwin :)


    When running the installer, it creates a random password for roundcube_user. This autogenerated password breaks Roundcube, because the special characters are not escaped.
    Example, in my case:
    The generated password was " g#"!/@ect|'*8SVi " which contains a single quote, and an @ sign
    The generated code looks like this:

    1. $config['db_dsnw'] = 'mysql://roundcube_user:g#"!/@ect|'*8SVi@localhost:3306/ispcp_roundcube';

    Which prints a PHP error, because of the single quote in the password. It would also break if there was just the @ sign.

    Those characters would need to be escaped (and maybe more). But I'd recommend to make things simple: just use alphanumeric passwords and make them a bit longer (30 characters or so).

    As I said, the IPs aren't a problem anymore. But you're probably right, if I'd do a normal installation I'd be up an running a long time ago. But I like to tinker and try new things, so...
    The reason why I don't want OpenVZ is that all other services are running fine with Docker and I don't want to have another tool to manage (maybe later ;) ).

    To this day none of my customers wanted custom DNS entries, most of them don't even know what it is.
    I think DNS should work, but I didn't test it. (Second reason: I have a dynamic DNS server with docker integration installed. I would need to integrate it in the bind/imscp config and again take care of the customisation)
    What I would like to have is API integration to the DNS providers. But this can wait^^

    Thanks for the link, but sadly it seems to be quite outdated. But it's ok, it's running fine^^

    Sure, there aren't many hiccups in getting the product running inside docker. But I would not see this as a correct docker install. A correct docker install would launch automatically, grab the configuration from a central server and would finally start processes based on the configuration. This would in the end mean to happen dynamically e.g. load based.

    When thinking about docker, I'd think about one central imscp panel server and many server hosting email and websites. A proxy director managing users to these different servers and reacting on traffic needs, launching service instances as website/mail traffic demands. For now this looks like a very long way to go still. The imscp services aren't split yet.

    As of now, I only have one physical server. So every container gets the configuration from the central server :) But yeah, I tought about running etcd in the future.
    Ya this is all possible. But I really want it mainly for the isolation. I think of all the other things when a website is actually that large and important.

    Don't get me wrong though, I welcome your efforts and future patches! For now the existing KVM, VZ (Proxmox in my case) tools are easier than (self hosted) cloud solutions (OpenStack and Amazon/Google/etc).

    Nah, I like Docker :D

    But thanks for all the feedback :)

    It's more intended to get a stable and separated environment, separate from other things on the server. Until now, when I did something there was a chance, that I got somehow disrupted by imscp, or I disrupted imscp. (e.g. I didn't want that imscp manages chkrootkit, so I disabled it in imscp, but I still have it installed. On every update imscp uninstalls it for me)

    Second part, if I decide I need a new machine, or a new test instance, I can just "docker export" it, copy the image and all data over to the new machine and do "docker import".

    Third, a new update comes by. I make a backup of the imscp database and install imscp in a new docker container. Deactivate the old container, activate the new. All good? OK normal operation resumes. All bad? OK deactivate new container, activate old container and normal operation resumes.

    Fourth, security: If a virus finds it's way inside somehow. I can now assume that only the docker container and it's data is infected. I can scan the data now from outside, where the virus has no power. If shit really hits the fan I just "docker stop" the container and investigate.

    Again, Docker seems to be to much overhead compared to the already existing VPSes... !?

    Docker has practically no overhead. It's more like a chroot than openVZ/Virtualbox.

    - NAT can work just fine. Only check the FTP server settings.

    Yeah I just need to look that there's nowhere a static IP entry. atm, Docker changes the container IP on every start. What I did for now is to attach the container on the host interface, where I have a static IP. (so no NAT or anything)

    - filesystem should go seperate in any way ( meaning /var/mail and /var/ww ), depends on your hoster

    I have a hardware root server. That's what I did. Those files are separate, and are just linked into the host.

    - Why disable DNS?

    To have more options if the container is down. I don't host DNS myself by principle. Too much of a hassle.

    - Generally I would think of using puppet or chef to control imscp configuration in the docker way

    I'd love to. But the interactive way of imscp doesn't allow me to fully automate it.
    The Docker Way™ is btw. build once, run anywhere and never update a container (deploy a new one instead)

    I managed to install it, with suprisingly few hiccups. If somebody's interested I can share my configuration and changes to imscp.

    Hello all

    Has anyone tried to install i-MSCP in a docker container?

    I know i-MSCP doesn't like to be behind a NAT, so there would have to be some manual adjustments to the installation.
    - Data and logs would be in a separate data container or directly on the host.
    - DNS Server would need to be disabled.
    - The way services are restarted should be changed to align it the docker way.

    What other things do I need to look for?

    Thank you for your suggestion.

    Ok @Nuxwin found the problem.

    The user was from a development account for another domain (production). The development database had some sql views, created ("defined") by this user. MySQL stores this information in it's information_schema database. It has a field for the view creater, the "definer" (works for procedures too, btw).
    On the go live I copied over all the tables and views from development to the production database. With it came the little information of the original definer, the development user. Years later I decided to delete the development account, with all it's sql databases and users. But apparently, MySQL didn't like this and threw errors everytime the views in the prodution database got backupped.

    A really strange problem, but I'm glad it got sorted :)

    I deleted the domain account over the imscp interface (which in turn should delete all mail accounts, MySQL users/dbs, etc. ). I discovered later, that the database was deleted, but not the related user. So I went ahead and deleted this user. I did not modify anything in the imscp database and the user isn't mentioned anywhere in there.
    - The sql user isn't in imscp nor MySQL anymore.
    - There is no database for this user.
    - I did this with about 10 to 15 other orphaned users, without errors.
    - Backups are created just fine.

    Btw proposal for the logs:
    Insted of this text:


    user scheduled deletion of the customer account with ID 1

    Put this text:


    user scheduled deletion of the customer account domain.tld with ID 1

    Would make searching for deleted domains a bit easier, since the id doesn't exist anymore :)