- Update cyberpanel_ols module URLs to use /binaries/ path structure
- Update SHA256 checksums for all platforms (rhel8, rhel9, ubuntu)
- Enable RHEL 8 module support (was previously disabled)
- Module version 2.2.0 with Phase 2 features
- Fix checkOwnership() to return explicit 0 instead of None when checking child domain ownership
This resolves permission failures for non-admin ACL users trying to manage child domains
- Improve fetchChildDomainsMain() with more robust child domain filtering
Changed from .filter(alais=0) to .all() with explicit check to prevent silent failures
- Add error logging with traceback to fetchChildDomainsMain() for better debugging
These changes allow non-admin users with proper ACL permissions to view and manage
child domains for websites they own.
The container health check was failing because Docker Compose v1 and v2
use different naming conventions:
- v1: project_service_1 (underscores)
- v2: project-service-1 (hyphens)
Changes:
1. Replaced hardcoded container name formatting with fuzzy matching
2. Added find_container_by_service() helper method for dynamic lookup
3. Updated monitor_deployment() to use dynamic container discovery
4. Container names are now found by normalizing and matching patterns
This fixes "Containers failed to reach healthy state" errors during
n8n deployment from CyberPanel UI.
Ticket References: XKTFREZUR, XCGF2HQUH
Features:
- Catch-All Email: Forward unmatched emails for a domain to a single address
- Plus-Addressing: Enable user+tag@domain.com delivery with configurable delimiter
- Pattern Forwarding: Wildcard and regex-based email forwarding rules
Implementation:
- New database models: CatchAllEmail, EmailServerSettings, PlusAddressingOverride, PatternForwarding
- New UI pages with AngularJS controllers
- Backend methods in mailserverManager.py with ACL permission checks
- Auto-generates /etc/postfix/virtual_regexp for pattern rules
- Menu items added under Email section
1. Set NODE_ENV=development for n8n Docker deployments to resolve Origin
header validation failures.
2. Remove ineffective "RequestHeader set Origin" from vhost configuration
since OpenLiteSpeed cannot override browser Origin headers anyway.
This is required due to an OpenLiteSpeed architectural limitation - OLS
cannot override browser Origin headers, which n8n v1.87.0+ strictly
validates in production mode. Apache and Nginx can override Origin headers
and work in production mode, but this is not possible with OpenLiteSpeed.
Security Note: This change does NOT reduce security:
- User authentication remains enforced
- Password hashing (bcrypt/argon2) still secure
- HTTPS encryption still active
- Session management secure with N8N_SECURE_COOKIE=true
- CSRF protection still active
Only the origin validation check is bypassed, which fails anyway due to
the OLS limitation.
Ticket References: XKTFREZUR, XCGF2HQUH
1. Move flag reset outside conditional blocks - flags now always reset
even if ModSecurity is not installed or AJAX fails
2. Reset flags in error handler (cantLoadInitialDatas) as well
3. Add showLoader parameter to getOWASPAndComodoStatus - loader only
shows when explicitly requested, not during initial status check
This fixes:
- Toggle not responding to clicks (flags were stuck as true)
- Spinner showing on initial page load (now only shows during install)
Fixes issues where toggle became unresponsive and triggered recursive calls:
1. Add flags (updatingOWASPStatus, updatingComodoStatus) to prevent change
event handlers from triggering when status check updates toggle state
2. Guard change event handlers to return early when flags are set
3. IMPORTANT: Still increment counters when returning early to maintain
correct counter state for subsequent user clicks
4. Set flags before updating toggle via prop('checked'), reset after 100ms
5. Use timeout delays (500ms) before status checks after install/uninstall
to allow operations to complete and prevent race conditions
This ensures:
- Toggle responds correctly to user clicks on first click
- Status updates don't trigger unwanted installations
- Counter state is maintained even when skipping automatic updates
- No recursive loops when updating toggle state
Fixes issues where toggle became unresponsive and triggered recursive calls:
1. Add flags (updatingOWASPStatus, updatingComodoStatus) to prevent change
event handlers from triggering when status check updates toggle state
2. Guard change event handlers to return early when flags are set
3. Set flags before updating toggle via prop('checked'), reset after 100ms
4. Use timeout delays (500ms) before status checks after install/uninstall
to allow operations to complete and prevent race conditions
This ensures:
- Toggle responds correctly to user clicks
- Status updates don't trigger unwanted installations
- No recursive loops when updating toggle state
- Clean separation between user actions and status updates
This commit resolves issues where the OWASP CRS toggle in ModSecurity settings
would appear to flip back to OFF even when installation succeeded, and improves
detection of manually installed OWASP CRS rules.
Issues Fixed:
1. Toggle not updating immediately after installation/uninstallation
2. Manual OWASP installations to rules.conf not detected by toggle
3. Silent installation failures without detailed error logging
Changes:
firewall/static/firewall/firewall.js:
- Update toggle state immediately after successful installation (getOWASPAndComodoStatus(true))
- Update toggle state after failed installation to show correct OFF state
- Provides instant visual feedback instead of requiring page refresh
firewall/firewallManager.py (getOWASPAndComodoStatus):
- Expand detection logic to check both httpd_config.conf AND rules.conf
- Detect manual OWASP installations (Include/modsecurity_rules_file with owasp/crs-setup)
- Case-insensitive pattern matching for better compatibility
plogical/modSec.py (setupOWASPRules):
- Add specific error logging for each installation step failure
- Log detailed messages: directory creation, download, extraction, configuration
- Helps diagnose: network issues, missing tools (wget/unzip), permission problems
Impact:
- Toggle correctly reflects OWASP CRS state after enable/disable operations
- Manual installations following external tutorials now detected correctly
- Installation failures are logged with specific error messages for debugging
- Improves UX by eliminating perception that "toggle keeps flipping back"
Fixes: OWASP CRS toggle UI bug
Related: Community thread https://community.cyberpanel.net/t/4-mod-security-rules-packages/133/8
Related: Ticket #GTPDPO7EV
This commit resolves the issue where CyberPanel attempts to configure email/DKIM settings
even when email services were explicitly disabled during custom installation, causing
hostname SSL setup and website creation to fail with "No such file or directory: '/etc/postfix/main.cf'" errors.
Changes:
- Added emailServicesInstalled() utility function to check for /home/cyberpanel/postfix marker
- OnBoardingHostName(): Wrap email operations (issueSSLForMailServer, postfix commands) with checks
- OnBoardingHostName(): Allow hostname setup to complete without email services
- issueSSLForMailServer(): Add early return if email services not installed
- issueSSLForMailServer(): Verify /etc/postfix directory exists before operations
- issueSSLForMailServer(): Check /etc/postfix/main.cf exists before reading
- setupAutoDiscover(): Add early return if email services not installed
- setupAutoDiscover(): Check /etc/postfix/main.cf exists before accessing
- mailUtilities.configureOpenDKIM(): Verify main.cf exists before configuration
Impact:
- Hostname SSL setup now completes successfully without email components
- Website creation works correctly on custom installs without email
- No more file not found errors for /etc/postfix/main.cf
- Graceful degradation: operations skip email setup with log messages
Fixes: Custom installation hostname SSL 404 error
Fixes: Website creation DKIM failure on custom installs
Related: Ticket #RMKRFFGKC
- Verify lscgctl works after running lssetup
- Retry with more slices (-c 10) if first attempt fails
- Add detailed logging to debug setup issues
- Add time.sleep() to give lssetup time to initialize
- Provide clear error messages if setup fails
- Fetch actual resource limits from lscgctl command in loadDomainHome
- Parse JSON output and extract CPU, Memory, I/O, Tasks values
- Display resource limits in dedicated section on website detail page
- Only show limits if they actually exist on the site
- Use modern card design with gradients matching the rest of the UI
- Pass --io parameter to lscgctl with bytes/sec value
- Convert ioLimitMBPS from MB/s to bytes/s for lscgctl
- Update log message to include I/O limit information
- Add note about systemd io controller delegation requirement
- Change all addon purchase links to https://cyberpanel.net/cyberpanel-addons
- Update error messages in package creation and modification
- Update UI links in create and modify package templates
- Improve link text to 'Purchase CyberPanel Addons'
- Add addon access check via platform.cyberpersons.com API
- Validate addon access in package creation and modification
- Prevent enabling enforceDiskLimits without addons
- Reset resource limits to defaults if addons not available
- Hide resource limits UI for non-addon users
- Show informative message directing users to enable addons
- Apply same restrictions to both create and modify package flows
- Complete documentation for using resource limits in CyberPanel
- Prerequisites and system requirements
- Step-by-step setup instructions
- Verification and testing procedures
- Troubleshooting guide
- Package recommendations for different hosting tiers
- FAQ section
- Add test to verify LiteSpeed Containers is actually configured
- Check for 'You must configure LiteSpeed' error in lscgctl output
- Run lssetup with proper flags when configuration is needed
- Fixes issue where lscgctl exists but LiteSpeed Containers not configured
Detect RHEL 8, AlmaLinux 8, Rocky Linux 8, and CloudLinux 8 systems and provide
clear instructions when cgroups v2 needs manual enablement.
These systems have cgroups v2 backported to kernel 4.18 but it's disabled by
default. When detected without cgroups v2 enabled, the system now:
1. Detects RHEL 8 family by checking /etc/redhat-release
2. Verifies if cgroups v2 is mounted (checks 'mount' output for 'cgroup2')
3. If not enabled, logs detailed instructions:
- grubby command to add kernel parameter
- Reboot instruction
- Verification command
- Clear step-by-step guide
Changes:
- _check_rhel8_cgroups_v2(): New method for RHEL 8 family detection
- _ensure_cgroups_enabled(): Calls RHEL 8 check before general checks
- check_cgroup_support(): Returns RHEL 8 status in support dict
- rhel8_family: bool (detected RHEL 8 family)
- rhel8_needs_enablement: bool (cgroups v2 not mounted)
- os_name: str (full OS name from release file)
OS Support Status:
✅ Ubuntu 20.04+ - Native cgroups v2 (kernel 5.4+)
✅ RHEL/Alma/Rocky 9+ - Native cgroups v2 (kernel 5.14+)
⚠️ RHEL/Alma/Rocky/CloudLinux 8 - Needs manual enable (kernel 4.18 backported)
- Add green gradient banner with modern design and animations
- Display text: Full .htaccess support • PHP configuration now works • Zero rule rewrites needed
- Link to https://cyberpanel.net/cyberpanel-htaccess-module
- Include ripple effect on button hover and rotation on close
- Add smart dismissal logic with localStorage persistence
- Show banner once per day with staggered delay for better UX
- Support mobile responsive design with flexible layout
- Position banner properly when multiple notifications are shown
Reduce minimum file size from 1MB to 10KB to allow the module file
(~35KB) to pass validation. The 1MB threshold was too strict and only
appropriate for the main OLS binary. Now displays size in KB or MB
appropriately.
Change download verification to check file existence and size instead of
relying on return code. The wget command succeeds but install_utils.call()
may not return 0. Now verifies downloaded file exists and is at least 1MB.
Integrate custom OLS binaries during installation to enable Apache-style
php_value/php_flag directives in .htaccess files. The installer now:
- Downloads custom OLS binary and module from cyberpanel.net
- Creates backup of existing binaries before replacement
- Installs custom binaries with enhanced .htaccess support
- Configures CyberPanel module in OpenLiteSpeed config
- Gracefully falls back to standard OLS if download fails
- Only installs on x86_64 architecture
Features enabled by custom binaries:
- Apache-style .htaccess support
- php_value and php_flag directives
- Enhanced header control
- Better Apache compatibility
