All directadmin.conf values

This is a full list of configuration options available in directadmin.conf file. Each config option section will include default option value and description.

If the value does not exist in the directadmin.conf the default value will be used.

Adding a value to the directadmin.conf would override the internal default.

How to change the directadmin.conf values from CLI

Use the following steps:

/usr/local/directadmin/directadmin config-set variable value
systemctl restart directadmin

or

da config-set variable value
systemctl restart directadmin

Example:

/usr/local/directadmin/directadmin config-set letsencrypt 1
systemctl restart directadmin

All directadmin.conf variables and values

accept_cloudflare_proxy_requests

accept_cloudflare_proxy_requests=0

When this option is enabled DirectAdmin on start will load Cloudflare edge nodes IPv4open in new window and IPv6open in new window networks.

If incomming connection is from Cloudflare networks the header CF-Connecting-IPopen in new window will be used to determine end user IP address.

This option should be enabled if access to the DirectAdmin GUI is being proxied through Cloudflare. It will make sure real client IP instead of Cloudflare edge node is used.

Note: When using Cloudflare to proxy requests to DirectAdmin GUI please make sure DirectAdmin is using one of the ports supported by Cloudflareopen in new window, the default DirectAdmin port 2222 are not being proxyed by Cloudflare. We recommend changing it to port=2096 for HTTPS access.

Available since version 1.648.

access_control_allow_origin

access_control_allow_origin=

Ability to add Access-Control-Allow-Origin HTTP header to DirectAdmin. Comma/whitespace separated entries are trimmed, example usage:

access_control_allow_origin=http://www.domain.com, https://www.otherdomain.com:8080

acme_server_cert_account

acme_server_cert_account=

Email address of an ACME account used to issue server host name certificate. Empty value uses default admin user email address.

acme_server_cert_additional_domains

acme_server_cert_additional_domains=

A comma separated list of additional domain names to include in the server host name TLS certificate.

Example value: additional.example.com,*.example.net

Note: Server host name is always included in the certificate. If no additional domains are needed this configuration option should be set to an empty value.

acme_server_cert_dns_provider

acme_server_cert_dns_provider=

Name of custom DNS provider passed to lego tool when issuing server host name certificate.

Example value: cloudlflare

List of supported DNS providersopen in new window.

acme_server_cert_dns_provider_env_file

acme_server_cert_dns_provider_env_file=/usr/local/directadmin/conf/ca.dnsprovider

A file with additional environment variables that are passed to lego tool when issuing server host name certificate.

Example file contents:

CLOUDFLARE_DNS_API_TOKEN=...

List of supported DNS providersopen in new window.

acme_server_cert_enabled

acme_server_cert_enabled=0

When set to 1 ACME will be used to automatically acquire and renew server host name TLS certificate.

acme_server_cert_key_type

acme_server_cert_key_type=ec256

TLS key type and size to use for server host name certificate. Can be set to:

  • ec256 Elliptic Curve DSA Curve P-256 key
  • ec384 Elliptic Curve DSA Curve P-384 key
  • rsa2048 RSA 2048 bit key
  • rsa3072 RSA 3072 bit key
  • rsa4096 RSA 4096 bit key
  • rsa8196 RSA 8196 bit key

acme_server_cert_provider

acme_server_cert_provider=

Automatic certificate provider to use for issuing server host name TLS certificate. Can be set to:

add_apache_comments

add_apache_comments=1

Ability to disable adding comments to user httpd.conf files.

add_domain_to_domainips

add_domain_to_domainips=0

DirectAdmin can manage /etc/virtual/domainips and /etc/virtual/helo_data files for exim to use, to pick which IP should be used when sending email.

ValueComment
0DirectAdmin does not manage /etc/virtual/domainips and helo_data files, all domains are sending mails from server IP
1DirectAdmin sets user owned IP in files, domains on dedicated IP will use own IP as outgoing. If multiple owned IPs assigned to a domain, the first value added will have priority, when in question
2DirectAdmin use RDNS to form helo_data file for given IP, the /etc/virtual/domainips is unaffected

To disable the feature set add_domain_to_domainips to 0 and delete /etc/virtual/domainips /etc/virtual/helo_data files.

Related: How to manage domain IPS file

addip

addip=/usr/local/directadmin/scripts/addip

Scripts called by DA to add IPs to/from the nework device.

*Related: removeip *

add_non_readable_files_to_strict_backup

add_non_readable_files_to_strict_backup=1

If any file is non readable by user (chmod 0) the permissions for it will be set to 600 (directories to 700) during the backup creation time as the backup needs this as a minimum to read the file as a non-root backup. The restore will not reset these files/folders to chmod 0, they'll be left as 600 (700 for dirs).

The new data location for those files will be backup/domains/non_readable_files/.

Since this feature copies files to a 2nd location before backup, significant amounts of disk usage will be used if the files being backed up (eg: apache owned files) are not readable by the User.

The related backup_apache_files_list=1 will use the same tree parsing.

Related: backup_apache_files_list | strict_backup_permissions

add_userdb_quota

add_userdb_quota=1

To control adding quota value next to virtual user line in /etc/virtual/domain.com/passwd like this:

fred:$1$SdbJQZ6r$R5FmKrayU3FvPksLTd.7X0:501:12::/home/username/imap/domain.com/fred/bin/false:userdb_quota_rule=*:bytes=50M

Starting from version 1.59.5, the command used is as follows:

doveadm -f flow quota get -u 'email@domain.com'

Where the Type=STORAGE Value= (returns in in KB) is used for the internal ~/imap total.

Note: the doveadm return value only returns the size of data used, not actual disk space used. One block is always used, regardless of how small the file is, so the "Apparent Size" field will not be shown in the account hover-over usage. Also the indexes do take up space, but are not included in the actual message quota.

admindir

admindir=./data/admin

Path for admin data related to the serverpath. You're not likely going to want to change this.

Related: serverpath

admin_helper

admin_helper=admin.site-helper.com

The URL used for the help button in Admin panel.

Related: reseller_helper | user_helper

admin_ssl_check_retries

admin_ssl_check_retries=1

Tells DirectAdmin's check for the .ssl.next_retry file which is what the GUI would create during its requests. Shut this off temporarily if your server is making too many LetsEncrypt/ZeroSSL requests.

Related: admin_ssl_install_to_missing | admin_ssl_replace_all_expired_invalid | admin_ssl_poll_frequency | Automatic SSL Certificatesopen in new window

admin_ssl_install_to_missing

admin_ssl_install_to_missing=0

Install certificates to hosts which do not have any.

Related: admin_ssl_check_retries | admin_ssl_replace_all_expired_invalid | admin_ssl_poll_frequency

admin_ssl_poll_frequency

admin_ssl_poll_frequency=5m:15m:30m:1h:12h:1d

A frequency to poll certificates for hosts:

less than 30minutes: every 5 minutes
30m-1h: every 15 minutes
1h-4hrs: every 30 minutes
4h-1day: hourly
2nd,3rd days: every 12 hours
4th day onward: once per day

Time units will all be case specific: s,m,h,d,w,M,y where m is minute, M is Month. No units will be treated as seconds, since that's how they're intended to end up anyway. Note that there are no spaces after the numbers before the units (1 d will end up being one second).

When a trigger is done, it must save that NEXT window to the next_trigger file.

Related: admin_ssl_check_retries | admin_ssl_replace_all_expired_invalid | admin_ssl_install_to_missing

admin_ssl_replace_all_expired_invalid

admin_ssl_replace_all_expired_invalid=0

DirectAdmin can automatically fix the old/existing/expired/invalid certificates.

ValueComment
0Disabled
1Any fully expired/invalid LetsEncrypt certificate will automatically be brought back to life following the polling schedule
2Any fully expired/invalid certificates will automatically be brought back to life, following the polling schedule. This includes non-LetsEncrypt (Eg: EV) certs, so be careful if you use this option.

Does not poll for empty certs. It's not recommended to leave this feature turned on all the time due to it's higher-than-average resource requirements. Use it when needed, then turn it off (TODO: lower polling frequency).

Related: admin_ssl_check_retries | admin_ssl_poll_frequency | admin_ssl_poll_frequency

admin_ssl_default_wildcard

admin_ssl_default_wildcard=1

Default choice for the Admin SSL feature, if a zone should try a wildcard dns-01 based LetsEncrypt request (default), or a httpd-01 request. Applies to new domain, pointers and wildcard checkbox default value on the Admin SSL page.

ValueComment
0Web-based http-01 LetsEncrypt challenge will be used. Useful if most domains have external DNS not controlled by DirectAmdin.
1DNS-based dns-01 LetsEncrypt challenge. Recommended as it saves multiple requests for other subdomains on the system. Web-based http-01 is still attempted as a fallback if dns-01 fails.

Related: letsencrypt_multidomain_cert

admin_ssl_cert_per_vh

admin_ssl_cert_per_vh=1

For Admin SSL generated non-wildcard certificates, each Host will attempt to generate it's own certificate. Subdomains below a domain will each get their own cert, saving the need to generate a new multi-host master certificate for each new subdomain created. This saves the need to request a new multi-host SSL certificate for the entire domain and existing subdomains, for any new subdomain created. The new subdomain would get it's own certifiate.

ValueComment
0Admin SSL certificates for a domain will be geneated with all known subdomains/hosts in one multi-host certificate. Each host is checked/validated by the ACME provider.
1Admin SSL will create a new SSL certificate for each domain, for each subdomain, as well as a certificate for each domain pointer, and each subdomain on a pointer.

Related: admin_ssl_cert_per_vh

ajax

ajax=1

Enable ajax functions in DirectAdmin panel.

ajax_cache_max_time

ajax_cache_max_time=1800

Maximum time for ajax cache.

ajax_list_max

ajax_list_max=20

Maximum ajax list size.

ajax_search_max_time

ajax_search_max_time=2.000000

The maximum ajax search time.

allow_admin_login_as_to_reseller_skin

allow_admin_login_as_to_reseller_skin=1

Option to gives a notice, but allows the login using the Reseller skin in /home/reseller/skins/skinname. If you want to only ever login-as with global skin - set value to 0. The notice could be fully disabled setting variable to 2.

ValueComment
0Always use global skin with 'login as'
1Ability to user reseller skin with 'login as' but give a warning
2Ability to user reseller skin with 'login as' without a warning

allow_backup_encryption

allow_backup_encryption=0

Ability to password encrypt backups from all levels. To enable, change allow_backup_encryption to 1. This feature was implemented for backup storage to be GDPR compliant. The following files are used to encrypt/decrypt the data:

/usr/local/directadmin/scripts/encrypt_file.sh

/usr/local/directadmin/scripts/decrypt_file.sh

To customize them, use the standard DirectAdmin customization procedure, e.g., create the /usr/local/directadmin/scripts/custom/ directory, copy files into it, and modify the file there. DirectAdmin will detect the custom script and use it instead.

allow_backup_exclude_path

allow_backup_exclude_path=1

Allow users to control exclude list by creating a file /home/username/.backup_exclude_paths with paths to be skipped by backup task. The format of the file must be relative to /home/user and should not include a /home/user prefix, example:

domains/domain.com/awstats
presentation/video

This will add '--exclude-from=/home/username/.backup_exclude_paths' just after the '-C /home/username' option in the creation of BOTH the home.tar.gz and the user's backup .tar.gz (the option uses tar exclude-file option).

allow_backup_exit_code_one

allow_backup_exit_code_one=1

The option which controls a backup error depending on exit status after backup script finishes. Default is 1, which means 1 (and 256) is accepted an will not throw an error. If you change it to 0, then then the exit code 1 (and 256) are no longer ok, and DA will throw an error.

Example: When compressing a tar.gz file if a source file changes or goes missing during that creation, tar can throw either code 1 or 256.

allow_db_underscore

allow_db_underscore=1

Option to allow underscore character in MySQL databases and db users. Set to 0 if you want to prevent names like username_database_my.

allow_dns_underscore

allow_dns_underscore=1

Allow using underscore "_" character in NS records for domains.

allow_domain_special_characters

allow_domain_special_characters=1

Allow adding domains with special characters. Set to 0 to block special characters in domain names. Some versions of named do not like them.

Related: convert_to_punycode

allow_foreign_key

allow_foreign_key=0

By default, the session key login system is only permitted for 127.0.0.1 . Change to 1 to allow non-local IP addresses to login using the session key system.

allow_forwarder_pipe

allow_forwarder_pipe=1

Allow processing email through email pipes (usually used as mail forwarder to script).

allow_incoming_email_on_suspend

allow_incoming_email_on_suspend=0

Change to 1 to allow suspended domains to still receive emails. The pop/imap/smtp authentication will still be disabled.

If you turn this feature on, make sure that no accounts or domains are currently suspended, or they'll be stuck in limbo using the other suspension method.

Note: If the backup box has this option enabled, ensure that this option is also enabled on the box being restored to. Else, suspended email accounts won't be unsuspended on the new box when the User account is unsuspended.

allow_numeric_username

allow_numeric_username=0

Change to 1 to override checks to allow a username that starts with a number. Not recommended for most Operating Systems.

allow_ttl_override

allow_ttl_override=1

Allows users to control whether they can set per record TTL values. For example, if enabled, regular users can go to user level -> DNS Management -> Override TTL value.

Value that's set there will force all records to use that same value for the domain it is configured for.

Admin users can do the same in admin level -> DNS Administration.

allow_upper_case_username

allow_upper_case_username=0

Change to 1 to allow a username that has uppercase letters. Not recommended.

allow_user_exec

allow_user_exec=0

To give your Users the ability to use the API to run scripts (potentially dangerous, so use at your own risk).

  • API command: CMD_API_EXEC
  • method: POST
command=/path/to/program
options=your --list=of "options"

Command must be a simple filename. Don't include options in the command, just the command filename, that's it. The options will be placed after the command. Command must be the full path from top level /. No local commands allowed.

2>&1

will be added to the end of the command to catch the stderr output to stdin.

Output from DA on a successful run will look like this:

error=0&exit=12345&result=outputtext

If error=1, then there was a problem and the error message will be set in "text".

exit=1234 is the result number of the exec function. It's controlled by the return value of your script.

result=outputtext is the usual url encoded text that your script produces.

Note that there is a timeout (set in the Admin Settings). DA will kill the program with SIGTERM if it runs out of time.

Also, do not run any script/programs that require stdin unless you pipe it from a file with <.

always_load_all_script_env_vars

always_load_all_script_env_vars=0

This determines whether DA loads in the environmental variables from all_pre.sh and all_post.sh scripts for the session.

apacheca

apacheca=/etc/httpd/conf/ssl.crt/server.ca

Path to the Apache/Nginx Certificate Authority file. For nginx, the default will be: /etc/nginx/ssl.crt/server.ca

Related: SSL Certificate Locations

apachecert

apachecert=/etc/httpd/conf/ssl.crt/server.crt

Path to the Apache/Nginx Certificate file. For Nginx, the default will be: /etc/nginx/ssl.crt/server.crt

Related: SSL Certificate Locations

apacheconf

apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf

Location of the main httpd.conf where DA will add the User httpd.conf "Include" lines. For Nginx, the default will be: /etc/nginx/directadmin-vhosts.conf

apacheips

apacheips=/etc/httpd/conf/ips.conf

Location of the ips.conf used by DA for adding baseline Apache VirtualHosts for shared IPs. For Nginx, the default will be: /etc/nginx/directadmin-ips.conf

apachekey

apachekey=/etc/httpd/conf/ssl.key/server.key

Path to apache/nginx Certificate Key file. For Nginx, the default will be: /etc/nginx/ssl.key/server.key

Related: SSL Certificate Locations

apachelogdir

apachelogdir=/var/log/httpd/domains

Location where the domains' error, access, and bytes logs are stored. For Nginx, the default will be: /var/log/nginx/domains

apachemimetypes

apachemimetypes=/etc/mime.types

Mime.types file used to look up file extension types to include in HTTP header replies.

apache_pid

apache_pid=/var/run/httpd.pid

Location of the Apache pid file. Used to send a HUP right after rotation of the Apache logs in order to reopen them.

apache_public_html

apache_public_html=0

If set to 1, sets the public_html to chmod 750, chown to username:apache. This is a primitive version of the secure_access_group and is considered outdated.

apache_ver

apache_ver=2.0

Specifies the Apache version used for httpd.conf writing. The only 2 valid values are 1.3 and 2.0. If you're using Apache 2.2, you'd still use 2.0.

autoupdate

autoupdate=1

Controls whether Directadmin auto-updates featureopen in new window is enabled (1) or disabled (0).
Note: This differs from the admin.conf auto_update=yes|no settingopen in new window, which controls if an update request can be pushed to your server.

autopatch

autopatch=1

Controls whether Directadmin same version hot-fix updates is enabled (1) or disabled (0).

awstats

awstats=1

Set to 1 to enable Awstats for DirectAdmin.

Related: How to enable awstats

background_delete_if_num_db_users

background_delete_if_num_db_users=500

If the total number of MySQL Users being removed during DA User removal is greater than 500, all Users being deleted will be done in the background.
Related: background_delete_sizeopen in new window

background_delete_size

background_delete_size=10240

If account size is larger than this value (in megabytes) then DirectAdmin will push Account deletion to the background.
Related: background_delete_if_num_db_usersopen in new window

background_suspend_if_num_users

Meant for suspending/unsuspending in the background, internal default:

background_suspend_if_num_users=0

Related: suspend in the background

backup_apache_files_list

backup_apache_files_list=1

Option which controls if DirectAdmin will do a backup of apache owned files. It creates a list of apache owned files, and reset them as such after a backup is restored. Excessive checks for symbolic and hard links, and other trickery. This setting also applies to the restores.

Related: add_non_readable_files_to_strict_backup | strict_backup_permissions

backup_ftp_md5

backup_ftp_md5=0

Set to 1 to have backup job upload two files - backup itself and user.admin.fred.tar.gz.md5 containing the md5sum of the backup file. Used to verify the integrity of the backup on remove server to ensure backup was transferred correctly.

The restore does not currently download or check this file, but if you get an error message during the restore, you'll then be able to manually check the remote file to confirm it's intact, and try again if it is.

backup_ftp_pre_test

backup_ftp_pre_test=1

The backup job will test the listing of the FTP information before the ftp backups are created. It relies 100% on the exit value of the script(s):

/usr/local/directadmin/scripts/ftp_list.php

/usr/local/directadmin/scripts/custom/ftp_list.php

Set value to 0 to disable pre-test.

backup_gzip

backup_gzip=2

Option which controls what file type a backup archive will be (i.e., what type of compression will be used).

ValueComment
0.tar file will be created as a backup
1.tar.gz file will be created as a backup
2.zstd file will be created as a backup
backup_hard_link_check=1

Before all account backups are created by DA, a check will be done on the User's backup path. For any hard link found, DA will notify all Admins on the box, even if the backup is being created by the end-User. As well, the creation of that backup file will be aborted.

This reason this check is relevant is for when Users create a hard link to sensitive files on disk, like /etc/shadow.

If you find that this check increases the load of your system too much when backups are created, and you feel that your system will not be affected by hard-links (you trust all of your Users), then this check can be disabled (set to 0).

backup_nice

backup_nice=19

Default nice value for User backups.

backup_tmpdir

backup_tmpdir=/home/tmp

Location for backup data assembly.

backup_tmp_path_has_pid

backup_tmp_path_has_pid=1

Include a backup job PID in directory name next to username during backup assembly, e.g. /home/tmp/admin.1234/username

bind_address

bind_address=

A bind address to have DirectAdmin daemon to listen on (to listen on one IP address only).

Note it only listens on the IP you specify and this doesn't include 127.0.0.1 if you specify a public IP.

block_cracking_unblock

block_cracking_unblock=1

Setting that controls the ability to remove blocks against previously blocked mail accounts due to suspicious actions.

ValueComment
0Unblocking disabled
1Standard password change will unblock the account
2Password change will unblock the account, or automatic unblock after given amount of time which is set in block_cracking_unblock_minutes

Related: BlockCracking notices and unblocking

block_cracking_unblock_minutes

block_cracking_unblock_minutes=120

Number of minutes when automatic unblock will resume account if block_cracking_unblock is set to 2.

Related: BlockCracking notices and unblocking

block_cracking_variables_conf

block_cracking_variables_conf=/etc/exim.blockcracking/variables.conf

A path to config file for BlockCracking variables.

Related: Spamblocker install and extra modules.

block_ip_after_failed_security_questions

block_ip_after_failed_security_questions=0

Option to control if visitor IP address should be blocked after max_security_question_attempts reached on answering security questions.

ValueComment
0Blocking IP disabled
1Block IP and send a warning to user
2Block IP and do not send a warning to user

Related: Two-Step Authentication in details

block_ip_after_failed_twostep_auth

block_ip_after_failed_twostep_auth=0

Block IP address after failed two step authentication.

Related: Two-Step Authentication in details

block_token_chars

block_token_chars=$[]<>:#

Defines values that are not permitted to be passed between pages via GET for the tokens. There is a newline character in there as well, in the internal values. Can't add newline if you override it due to config file limitations.

brutecount

brutecount=20

Number of login attempts to DirectAdmin panel after which IP address will be blacklisted by BFM (Brute Force Monitor).

Related: Enabling and Configuring BFM

brute_dos_count

brute_dos_count=100

Number of attempts on loading DirectAdmin login page after which IP address will be blacklisted by BFM (Brute Force Monitor).

Related: Enabling and Configuring BFM

bruteforce

bruteforce=1

Global enable/disable switch for a Brute Force Monitor service.

Related: Enabling and Configuring BFM

brute_force_apache_log_list_update_interval

brute_force_apache_log_list_update_interval=10

Number of minutes between the refresh of apache log list, used if brute_force_scan_apache_logs set to 2. Missing logs are always removed from the list, but new logs won't start scanning for this amount of time.

Related: Enabling and Configuring BFM

brute_force_exim_log

brute_force_exim_log=/var/log/exim/mainlog

A path to exim mainlog file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_exim_reject_log

brute_force_exim_reject_log=/var/log/exim/rejectlog

A path to exim rejectlog file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_ignore_attempts_on_suspended

brute_force_ignore_attempts_on_suspended=1

To ignore all attempts on suspended accounts by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_log_scanner

brute_force_log_scanner=1

Turns ON ability to have DirectAdmin scan service logs for any brute force login attempts on a server (dovecot, exim, proftpd, sshd).

Related: Enabling and Configuring BFM

brute_force_mail_log

brute_force_mail_log=/var/log/maillog

A path to main dovecot log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_messages_log

brute_force_messages_log=/var/log/messages

A path to main system messages log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_mysql_log

brute_force_mysql_log=/var/lib/mysql/web1.example.com.err

A path to main mysql log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_notifications_email_only

brute_force_notifications_email_only=0

Ability to send email notifications only without flooding a DirectAdmin panel message system. The email will contain the details of the attack, with a link to server/BFM panel to react quickly.

ValueComment
0BFM will create a notification in DA Message System
1BFM will not create a ticket in DA Message System, but will only send an email notification to admin

Related: Enabling and Configuring BFM

brute_force_pma_log

brute_force_pma_log=/var/www/html/phpMyAdmin/log/auth.log

A path to PHPMyAdmin authentication log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_pureftpd_log

brute_force_pureftpd_log=/var/log/pureftpd.log

A path to pureftpd log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_roundcube_log

brute_force_roundcube_log=/var/www/html/roundcube/logs/errors

A path to RoundCube log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_scan_apache_logs

brute_force_scan_apache_logs=2

A Brute Force Monitor can scan apache domain logs for WordPress wp-login.php attacks.

ValueComment
0Disable scanning of apache logs by BFM
1Scan apache logs but only those specified in /usr/local/directadmin/data/admin/brute.conf file, the string should end with "equals" sign. Example adding procedure: echo "/var/log/httpd/domains/domain.com.log=" >> /usr/local/directadmin/data/admin/brute.conf
2DirectAdmin itself will create a list of all logs to form the /usr/local/directadmin/data/admin/brute.conf.

Related: Enabling and Configuring BFM

brute_force_secure_log

brute_force_secure_log=/var/log/secure

A path to OS secure log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_squirrelmail_log

brute_force_squirrelmail_log=/var/www/html/squirrelmail/data/squirrelmail_access_log

A path to SquirrelMail log file to be scanned by Brute Force Monitor.

Related: Enabling and Configuring BFM

brute_force_time_limit

brute_force_time_limit=1200

The time window for which the attempts (either failed logins or unauthorized connections) must pass with no activity before the count is reset.

Related: Enabling and Configuring BFM

cacert

cacert=

The path to certificate file to be used for DirectAdmin panel secure connection

Related: Setting up DA port 222 with a commercial SSL certificate

cache_time

cache_time=28800

A default cache time for static files ( images, css files, js) in DirectAdmin panel. The panel supports Etags, so the browser can ask DA if any file has changed, and DA will respond accordingly if it has or has not.

cakey

cakey=

The path to a key file to be used for DirectAdmin panel secure connection

Related: Setting up DA port 222 with a commercial SSL certificate

carootcert

carootcert=/usr/local/directadmin/conf/carootcert.pem

The path to caroot file which is for the ca root certificate used to prevent the SSL pop-up on a purchased SSL certificates.

Related: Setting up DA port 222 with a commercial SSL certificate

cb_version_check_odds_percent

cb_version_check_odds_percent=10

The chance as a percentage that any login will trigger the check of /usr/local/directadmin/custombuild/versions.txt file for possible package updates. It's important to keep your server up to date.

If you change this check to 0, then the check will never run for either the post-login trigger nor the reset.

certificate_common_name_with_www

certificate_common_name_with_www=0

The ability to control default domain used (domain.com or www.domain.com) in the certificate CommonName. If you change value to 1, the www subdomain will be used like so: CN = www.domain.com.

cgroup

cgroup=1

Enables cgroup support. If set to 0, features such as Resource limits and per user resource throttling won't be available in the panel.

check_group_on_user_create

check_group_on_user_create=1

Check if system group does not exist before creating a user.

check_home_path_on_user_create

check_home_path_on_user_create=1

A check to see if the User's home path /home/username already exists before creating a user. Can be disabled changing to 0 , would be useful should you need to setup some things in the folder prior to creating the account.

check_load

check_load=10

The threshold value after which the 'system load average' notification will be sent to admins.

Related: load_spike_notice

check_load_minute

check_load_minute=5

The value of system load average which is checked for 'system load average' notification to be sent. Valid options are 1, 5 or 15 (same as OS load average values means). With above settings if the 5 minute load average is higher than 10 (check_load) - DirectAdmin will sent a warning.

Related: load_spike_notice

check_partitions

check_partitions=2

How often to check the partitions for high usage. Partitions are: / , /var , /home , /usr . /tmp . Actual list is set with /usr/local/directadmin/data/templates/partition_check.list file which can be copied to custom and modified as needed.

ValueComment
0Never check
1Every minute
2Every day

Related: partition_usage_threshold

check_referer

check_referer=1

A check for a referer of http header passed to DA for all requests. The value in the Referer must match the Host value that was passed during the initial login. The host value will be stored in the session file.

check_subdomain_owner

check_subdomain_owner=1

Option to prevent a User from** creating a subdomain of a domain belonging to some other user**. This will also check any number of sub.sub.sub.sub.domain.com lengths, and covers domains with any number of extensions, eg sub.domain.co.uk.

Can be overridden over user.conf of a given user account.

check_subdomain_owner_in_cluster_domainowners

check_subdomain_owner_in_cluster_domainowners=0

Option to prevent a User from** creating a subdomain of a domain belonging to some other user** in a Multi Server Setup.

ValueComment
0Disable checking if domain exists in Multi Server Setup
1Enable checking if domain exists in Multi Server Setup
2Enable checking if domain exists in Multi Server Setup and uses strict mode - connected DA servers MUST provide the hostname in the request (recommended option)

check_task_queue

check_task_queue=2048

A size in bytes of /usr/local/directadmin/task.queue file after which a warning to admins will be generated about possible task queue processing issues. The DirectAdmin does check for file age also, must be older than 5 minutes + defined size. Change to 0 to disable the check.

clear_blacklist_ip_time

clear_blacklist_ip_time=86400

Number of minutes after which the blacklisted IP address will be removed automatically.

clear_brute_log_entry_time

clear_brute_log_entry_time=4

A number of days how long to keep brute-force incidents (in /usr/local/directadmin/data/admin/brute_log_entries.list file).

clear_brute_log_time

clear_brute_log_time=48

Number of hours the failed login attempts to be checked within. If ip_brutecount is set to 100 then an IP can have 100 failed attempts within 48 hours before all Admins are notified. If the IP has 99 failed attempts, waits 24 hours, then makes 99 more attempts, no notifications will be sent.

cloud_cache

cloud_cache=0

File used by CloudLinux for quick access to uid numbers and package names. Same update times as for the show_all_users.cache. If set to 1 then /usr/local/directadmin/data/admin/cloud.cache is used.

cluster

cluster=0

A global switch for Multi Server Setup.

cluster_ip_bind

cluster_ip_bind=

If not empty it will force outgoing cluster connections (to other DirectAdmin instances) to bind to the specified source IP address.

It is recommended to keep this value not set, then OS will be responsible for picking correct source IP address, which is the expected behaviour most of the time.

Note: The IP address specified in this config option should be available locally on the system. It is used as source IP address not destination IP address.

cluster_user_sync

cluster_user_sync=0

An ability to sync user accounts across multiple DirectAdmin servers.

commands_force_deny

commands_force_deny=CMD_LOGIN_KEYS:CMD_API_LOGIN_KEYS

A set of commands that will override the command being in the commands.allow file.

compress_rotated_logs

compress_rotated_logs=1

Option to to rotate compressed apache logs. If set to 1 (default) the files will be /home/user/domains/domain.com/logs/Aug-2019.tar.gz, if changed to 0 they will be logs/Aug-2019.log and logs/Aug-2019.error.log.

*Related: logs_to_keep *

convert_to_punycode

convert_to_punycode=0

Recognize IDN domains, and add required values to handle them. Evolution skin does the conversion automatically, so, it does not need this option.

Note, your skin must be using UTF-8, else you'll run into issues. By default, the Enhanced skin does NOT use UTF-8.

The Evolution skin doesn't need this feature, as it converts to punycode before passing any domain to DA.

Related: allow_domain_special_characters

count_email_usage

count_email_usage=0

Deprecated. Ability to override DA's manual email counting vs using system quotas (really only applies to mbox).

count_other_disk_usage

count_other_disk_usage=0

If you have data that should be counted in the total disk usage for a User, but does not fall under the standard usage areas (eg: data on a remote server), then you can use this option to create a hook, which lets you add extra bytes into the disk usage under "Other Usage". If you set count_other_disk_usage to 1, then directadmin will call /usr/local/directadmin/scripts/custom/other_disk_usage.sh script for data. The script must exit with code 0, if non-zero code is exited, the output is logged to the errortaskq.log.

The output on exit 0 must be URL encoded and for now, it will basically just be:

other_quota=12345

where 12345 bytes will be added to the user.usage file. The value must be a positive integer.

count_pop_usage

count_pop_usage=1

Ability to shut off email quota reporting on the email accounts page to speed up loading. If you have thousands of email accounts, this can cause slowness. Change to 0 to disable. Can be overridden via the user.conf on a per-User basis.

cpu_in_system_info

cpu_in_system_info=2

Ability to hide CPU information on the Server Info page.

ValueComment
0Hide CPU information completely
1Show a Thread Count only, without information about CPU itself
2Show full information

create_user_home_override

create_user_home_override=

A value to use for home directory during creating the user. This will override the useradd internal default and /etc/default/useradd HOME default. Applies to any OS.

You can now also specify a desired /home directory, settable in the skins, if you add something like:

home_override_list=/home:/home2:/home3

where all paths must exist before DA is restarted, else none will be set. Once set, the package will be able to have, eg:

create_user_home_override=/home2

allowing that account to be created into that path.

Note: Since there are no Admin packages, the directadmin.conf method is the only way to alter the admin home directory. (but you can post the desired create_user_home_override=/home2 with the creation, which would be accepted even though it's not in the form)

At this time, changing the create_user_home_override value in a package will not move a User to a different home directory. Same for editing a User's settings.. the user cannot be moved to a /home2 (for example) through DA.

Related: home_override_list | ext_quota_partitions

crypt_method

crypt_method=6

Ability to set the crypt type for passwords. Value 1 means DA will issue $1$ type for the MD5 crypt command. Value 6 means sha-512 mode, giving** $6$**.

custom_httpd_syntax_check

custom_httpd_syntax_check=1

Ability to disable Custom Httpd syntax checking. Useful on servers with OpenLiteSpeed with huge number of domains (>7000) where the syntax check is rather slow.

custom_mysql_conf

custom_mysql_conf=0

Ability to set per-user mysql.conf file. If you enabled it setting to 1 the database class in DA will then read in the user.conf for given user. To override the default you would add own mysql.conf into user.conf like:

mysql_conf=/usr/local/directadmin/conf/othermysql.conf

The path you set can be anything, but the read of the file only has "diradmin" access, so for simplicity, you might want to keep it in the same path, same permissions, like the mysql.conf. The othermysql.conf has 100% the same functionality as the mysql.conf, so you can specify different mysql.sock files, or different host or access_host values.

Also, because mysqldump and mysql restores make use of /usr/local/directadmin/conf/my.cnf any action that typically rebuilds that file, will now rebuild one for each User that has a customized mysql.conf, eg: /usr/local/directadmin/conf/my.cnf.username , so that there are no conflict with running backups at the same time using different values.

custom_stats_path

custom_stats_path=

A path to custom statistic engine. Null by default, if you set for example:

custom_stats_path=/some/path/%s/index.html

then DA will swap the href="value" with your custom_stats_path value on the CMD_USER_STATS page (webalizer and awstats table, left column). For example: custom_stats_path=/CMD_FILE_MANAGER/domains/%s/stats/index.html Would essentially do the exact same thing the normal webalizer link.

NOTE you must provide exactly one instance of %s else DA will fill the href with:

javascript:alert('check custom_stats_path setting');

so when clicked, Users will see a pop-up. If this option is set, it will override any webalizer/awstats setting, enabled or not.

damycnf

damycnf=/usr/local/directadmin/conf/my.cnf

Path used for the my.cnf file which is given to the mysqldump script to hide user/passwords from ps output.

database_extended_user_privileges

database_extended_user_privileges=1

Add all remaining mysql user privileges option.

dataskq_max_instances

dataskq_max_instances=0

Sets a limit to maximum number of concurrently running dataskq instances started by main directadmin service.

Main directadmin service executes dataskq once every minute (configurable via dataskq_run_interval option) to process pending tasks. New dataskq instances will be started even if previous instances have not finished running. Setting this value to a non zero value will stop starting new dataskq processes if there is already configured number of processes running.

This limit does not include dataskq instances started manually.

Default value of 0 means there is no limit.

dataskq_run_interval

dataskq_run_interval=1m

Controls how often main directadmin service starts task queue processor. Value can use the m suffix for minutes and s suffix for seconds.

If value is set to 0 will disable periodic dataskq execution. This might be useful for debugging or if dataskq is started by other means.

da_website

da_website=http://www.directadmin.com/

An URL to DirectAdmin website, mostly used for templates, for example message_footer.txt.

db_grant_escape_db

db_grant_escape_db=1

The _ character is a wildcard in MySQL. However, we've found some instances (eg: DigitalOcean MySQL 8.0 droplet) where it does not respect this wildcard), causing access hosts not to match, thus blocking MySQL logins.

This option, defaultly enabled, continues to escape the DB name (e.g.,user\_db) during User grants:

db_grant_escape_db=1

For the special case, you may need to disable it, eg:

./directadmin set db_grant_escape_db 0
service directadmin restart

We do not recommend disabling this unless you're 100% sure the absence of this feature is causing the login issue.

db_hosts_per_user

db_hosts_per_user=30

Controls maximum number of hosts database users can have. It is recommended to keep this value at least 2.

Zero value disables the limit.

debug_only_cmd

debug_only_cmd=0

If set to 1 the debug output will show CMD_* class only in the output.

debug_user_locking

debug_user_locking=0

default_acme_provider

default_acme_provider=letsencrypt

Internal default acme provider used for SSL Certificate requests, in absence of User selection. Set to letsencrypt or zerossl.

default_email_notify_limit

default_email_notify_limit=1000

The default limit of sent emails after which DirectAdmin will send a notification to admin. Set to 0 to make unlimited.

default_mailing_list_max

default_mailing_list_max=100000

A default max majordomo list message size in bytes.

default_mysqldump_options

default_mysqldump_options=--single-transaction

Ability to pass additional command-line options to the mysqldump call, which is used to backup MySQL databases.

default_pop_quota

default_pop_quota=50

The default quota for mailboxes in megabytes.

default_ttl

default_ttl=14400

Sets the default value used for zone TTL values. Changing this setting alters what all TTL values have for all records, zone TTL, etc. You can still override the TTL of a User domain, regardless of this setting.

delete_messages_days

delete_messages_days=0

The option that controls the number of days after which messages are removed from the data/tickets/0000*/* directory.

delete_tickets_days

delete_tickets_days=0

The option that controls the number of days after which tickets are removed from data/tickets/0000*/* directory.

delete_vacation_on_end

delete_vacation_on_end=0

Option not to delete vacation message after expiry.

difficult_password_length_min

difficult_password_length_min=6

Passwords shorter than the set value will be refused.

Note that auto-generated passwords (more specifically passwords consisting of at least 20 symbols) will always be accepted.

diradmin_envelope

diradmin_envelope=

Allows you to override the default "diradmin@host.name.com" in the Return-Path, and set something else, eg:

/usr/local/directadmin/directadmin set diradmin_envelope your@email.com
service directadmin restart

By default, this is disabled and relies on your hostname being setup/resolving correctly.

direct_crons

direct_crons=1

With this option enabled, DirectAdmin does not use /usr/local/directadmin/data/users/username/crontab.conf anymore for user cronjob configuration, and takes cronjobs directly from /usr/sbin/crontab -u username -l.

direct_imap_backup

direct_imap_backup=1

With this option enabled, the imap folder is included directly into the final tar.gz file. Greatly improves the speed of backups.

disable_php_script_at_limit_minimum

disable_php_script_at_limit_minimum=100

The minimum number of emails that script must send to be chmod to 0. The minimum number is useful in the case where an account might have a limit of 1.. obviously, this wouldn't warrant the disabling of the script for sending 1 email.

So, for example script.php sends 900 emails, and the limit is 1000. The total number of emails leaving the account would have been 1000 (since the limit was triggered) but 900... aka 90% of the emails sent, were from the script.

  1. This passes the threshold of 80%.

  2. Also, 900 emails are more than 100 email, so it will also pass.

If parse_php_mail_log_at_limit=2 is set the script.php will be chmod to 0, and everyone notified. If any one is not true, the script will not be chmod to 0.

Related: parse_php_mail_log_at_limit

disable_php_script_at_limit_threshold

disable_php_script_at_limit_threshold=80

The percentage of total emails sent, of the hit limit, which must be exceeded by that script, in order to be chmod to 0.

Related: parse_php_mail_log_at_limit

disk_usage_suspend

disk_usage_suspend=0

Option to suspend based on disk usage.

dkim

dkim=2

Ability to enable DKIM for domains (requires manual changes for existing accounts).

ValueComment
0DKIM is disabled by default for the new domains
1DKIM is enforced by default for the new domains
2DKIM functionality is enabled, but not enforced for the new domains

dkim_selector

dkim_selector=x

The selector to be used for dkim records. You must update the dkim settings in the /etc/exim.dkim.conf by running:

da build exim_conf

Related: DKIM: ability to use selector instead of x

dns_affect_pointers_default

dns_affect_pointers_default=1

If you have main User domain domain.com, and it has Domain Pointer domain.net below it, this feature would mean that any record added to domain.com through the API or GUI would be added to domain.net.

It does control a checkbox both at the top of the "Add Domain Records" table, as well as at the bottom of the "Delete Selected" table.

Setting dns_affect_pointers_default=0 will make the default checkboxes be unselected but still visible in GUI.

dns_add_spf_ipv6

dns_add_spf_ipv6=1

Adds server IPv6 to SPF records by default. Requires IPv6 to be enabled (ipv6=1 in the directadmin.conf). Set to 0 to disable.

dns_caa

dns_caa=1

Enables support for CAA dns records.

dns_ns

dns_ns=2

Option to control if NS records are shown in User or Admin panel. Changing to 0 will hide completely, changing to 1 will hide for User panel only.

ValueComment
0Hide NS records completely
1Show NS records only in admin panel only
2Show NS records in admin and user panel

dns_ptr

dns_ptr=2

Option to control if PTR records are shown in User or Admin panel. Changing to 0 will hide completely, changing to 1 will hide for User panel only.

dnssec

dnssec=0
ValueComment
0DNSSEC disabled
1Enable DNSSEC
2Enable DNSSEC (enable DS records) however do not sign the current domain

dnssec_add_subdomain_ds_to_parent

dnssec_add_subdomain_ds_to_parent=1

Sign subdomains with dnssec automatically.

1) If you're creating sub.domain.com has domain.com is already signed, sub.domain.com will be immediately keyed & signed.

2) If you've just signed the DNSSEC sub.domain.com zone, and domain.com exists on the server, if enabled DA will add the DS and NS records from sub.domain.com to domain.com

dnssec_add_subdomain_ds_to_remote_parent

dnssec_add_subdomain_ds_to_remote_parent=1

Add DNSSEC records to remote server if Multi Server Setup enabled and zone is not local.

dnssec_mss_use_signed_zone

dnssec_mss_use_signed_zone=1

To have DirectAdmin send the signed zone to the remote box if Multi Server Setup enabled.

dns_spf

dns_spf=0

Enables support for SPF dns records. Deprecated as SPF records themselves.

dns_tlsa

dns_tlsa=0

Enables support for TLSA dns records.

dns_ttl

dns_ttl=0

Enables per-record DNS TTL management.

docsroot (unavailable since 1.664)

docsroot=./data/skins/enhanced

Path of the default skin to be used. Used for CMD_SKINS?reset=yes resets if your custom skin has gone bad.

system_skin

system_skin=enhanced

Name of the default skin to be used. Used for login page and for CMD_SKINS?reset=yes resets if your custom skin has gone bad.

domainips_default_ip

domainips_default_ip=

The default IP address that could be used as a sending IP for /etc/virtual/domainips.

dovecot

dovecot=1

If you have Dovecot, this will be set to 1.

dovecot_proxy

dovecot_proxy=0

Used to setup IMAP/POP3/SMTP proxy.

When this is enabled, anytime a value is changed on the master server, it will locally save a dovecot proxy line to the local /etc/virtual/domain.com/passwd file. With regards to the sync, this will push the info to the remote box, as before, but with dovecot_proxy=1 enabled remotely, it will also add the proxy into to the remote passwd file on the slave box, pointing to the master server's IP.

This has the effect, such that you can in theory have the remote slave box as mail.domain.com, with all emails arriving there with smtp. On that slave box, when exim tries to save the email with lmtp, it will be redirected back to the master server to be saved, so email is saved locally. Clients can connect to either the master or slave box to check their imap.

This task.queue option has been updated to rewrite the master data on the master box: echo "action=rewrite&value=email_passwd" >> /usr/local/directadmin/data/task.queue

or: echo "action=rewrite&value=email_passwd&user=fred" >> /usr/local/directadmin/data/task.queue

This means all of the hook scripts are used, so the remote box can still use email_create_pre.sh, or email_change_pass_pre.sh normally (and post scripts)

NOTE: the "passwd" field will be the crypted value, and not the plaintext password. If you rely on this, only the master will know the plaintext. But you'll know it's crypted because passwd_is_crypted=1 will be set in your .sh scripts.

dovecot_proxy_override

dovecot_proxy_override=

Ability to override the /etc/virtual/domain.com/passwd if dovecot_proxy is in use.

ecc_certificates

ecc_certificates=1

Ability to disable support of ECDSA (Elliptic Curve Digital Signature Algorithm) certificates.

email_ftp_password_change

email_ftp_password_change=1

Allow ability to change email and ftp passwords separately per /CMD_CHANGE_EMAIL_PASSWORD and /CMD_CHANGE_FTP_PASSWORD, respectively.

email_show_last_login

email_show_last_login=0

To save and show email last login.

email_show_last_password_change

email_show_last_password_change=1

To save and show last password change time. Where anytime an email password is changed, either through DirectAdmin GUI (CMD_EMAIL_POP, CMD_API_EMAIL_POP, CMD_CHANGE_EMAIL_PASSWORD, etc), the time and IP will be saved into: /etc/virtual/domain.com/last_password_change/user

in the format:

ip=1.2.3.4&when=1535140911

If the above setting is set to 1, then for Enhanced, the hover-over usage will include this information. If no password change has been made after this feature is present, no info will be shown.

emailspoolvirtual

emailspoolvirtual=/var/spool/virtual

Path to the email data for when mbox used (actual emails).

emailvirtual

emailvirtual=/etc/virtual

Path to the email data (virtual account names).

enable_threads

enable_threads=0

Enables** threads for Multi Server Setup**. As with any MSS feature where you have multiple remote servers setup (lets use 3 for example), doing 3 sequential requests will take 3 times as long as doing 3 parallel calls all at the same time. The enable_threads=1 directadmin.conf option creates currently works for options: User Check, User Accounts, with plans to add support for Zone Transfer/Domain Check for faster MSS syncs when more than one B slave exists on the MSS page of A.

enforce_difficult_passwords

enforce_difficult_passwords=0

If set to 1, new passwords without at least one number, lowercase and uppercase letter will be refused.

If you want to customize password checking, see password_check_script.

Note that this password check is independent of difficult_password_length_min and password_check_script.

ensure_root_awstats_link=1

A workaround used on accounts restore to make sure internal links in awstats are working.

errorlog

errorlog=/var/log/directadmin/error.log

A path to **DirectAdmin error log **file

ethernet_dev

ethernet_dev=eth0

The network device name that holds the licensed IP. Other common values: eth1, eth0:0, venet0:0

exempt_local_block

exempt_local_block=1

If set to 1 will prevent 127.0.0.1 from being blacklisted.

exim_paniclog

exim_paniclog=0

To let DirectAdmin check the exim/paniclog file . Disabled by default. If you set it to real location like:

exim_paniclog=/var/log/exim/paniclog

Then DirectAdmin will check the file every minute and if the file exists and has a size greater than 0, then a notice will be sent to all Admins in the message system.

DA will note the time of this send in the file /usr/local/directadmin/data/admin/admin.conf with setting and timestamp, eg:

exim_paniclog_last_sent=1513064965

So the next minute, when DA sees that the paniclog is still greater than 0, the send won't occur again until 24 hours has passed. If the size is still more than 0 bytes, it will send again. The nightly full tally will check the admin.conf and if the exim_paniclog_last_sent value is not set to 0, it will reset it to 0.

ext_quota_partitions

ext_quota_partitions=

If you have another partition you want DA to count, specify that partition here.

Related: create_user_home_override | home_override_list

How to enable quota checking on a 2nd /home partition

extra_backup_option

extra_backup_option=

Set if you want to insert extra commands for tar to use when creating user backups.

extract_list_max_files

extract_list_max_files=5000

The maximum number of files to be looked for within a compressed file by DirectAdmin.
DA basically just looks for the 5000'th newline character and nulls it with a comma (,), ending the string. If this is hit, this string is added to the end of the listing:

Maximum number of files listed (5000).  Suppressing further output.

This should prevent hangups if a very large zip/tar.gz is being extracted.

extra_mysqldump_options

extra_mysqldump_options=

Ability to override mysqldump options on backup time.

extra_mysql_restore_options

extra_mysql_restore_options=

Ability to override MySQL options on restore time (for example character-set).

extra_spf_value

extra_spf_value=

Value to be added for SPF value for new domains. Valid example to use, just a single IP:

extra_spf_value= ip6:1080::8:800:200C:417A

** Note the space after the = character **. This is required, else the text you insert here will end up being appended to the server IP. DA isn't adding a space for you to allow for the use of the token in other creative manners, like netmasks, or like if-then-else statements on it or other template/tokenizer things.

extra_unzip_option

extra_unzip_option=

The usual way DA unzips a file is unzip -qo file.zip', so the extra_unzip_option value is inserted after the -qo flag.
This could be useful to unzip names in special characters like so:

path/blaåŒÅtest.jpg: mismatching "local" filename (path/bla├åœâ”¼å°test.jpg), continuing with "central" filename version

So set value to -O cp396 :

extra_unzip_option=-O cp396

favicon_ico

favicon_ico=favicon.ico

A file to be used as favicon.ico. Taken relatively to the docsroot directadmin.conf variable + /images/. Usually, /usr/local/directadmin/data/skins/evolution/images/favicon.ico. If any request is made to DA for 1.2.3.4:2222/favicon.ico DA will send them the file at |DOCSROOT|/images/favicon.ico.

filemanager_disable_features

filemanager_disable_features=0

Ability to shut off certain features of the File Manager. Configured over own bits. For any feature you wish to disable, simply add that bit to the decimal number.

Defines are as follows:

#define FM_F_PROTECTABLE 1
#define FM_F_RENAME 2
#define FM_F_COPY 4
#define FM_F_RESET_OWNER 16
#define FM_F_RESET_OWNER_RECURSIVE 32
#define FM_F_HIDE_CHECKBOX 64
#define FM_F_EDITABLE 128
#define FM_F_EXTRACTABLE 256
#define FM_F_DELETE 512
#define FM_F_CHMOD 1024
#define FM_F_MKDIR 2048
#define FM_F_CLIPBOARD 4096
#define FM_F_UPLOAD 8192
#define FM_F_DOWNLOAD 16384
#define FM_F_DOWNLOAD_AND_COMPRESS 32768

For example, to fully disable directory protection, set filemanager_disable_features to 1 .

To disable rename and copy, add them together and set filemanager_disable_features to 6 .

If you only want "protectable" enabled, then add everything, less 1, & set filemanager_disable_features to 8182 .

To disable the moving of files to Trash upon removal, set filemanager_disable_features to 65536 .

filemanager_du

filemanager_du=1

Used to do recursive folder disk usage counting in File Manager. The calculated usage value will replace the usual 4.0k you see for all directories, but this feature is expected to slow down the File Manager. Can be overridden via the user.conf.

filemanager_show_directory_count

filemanager_show_directory_count=1

Ability to hide directory disk usage in the "Size" column to improve performance.

fm_allow_binary_edit

fm_allow_binary_edit=0

Whether or not File Manager will permit editing of binary files. Set to 1 to allow binary files editing, but also to enable editing of nonexistent files (related to editing of 404.shtml when it does not exist).

fm_dir_permissons

fm_dir_permissons=755

Default permissions for directories created by File Manager.

fm_file_permissions

fm_file_permissions=644

Default permissions for files created by File Manager.

fm_hour_offset

fm_hour_offset=0.000000

Ability to correct displayed timestamps on files in File Manager in case time is wrong. Because the File Manager is chrooted, it cannot read the /etc/localtime file and in some cases, can show wrong dates.

fm_owners

fm_owners=|USER|:|GROUP|

Default ownership for files or directories created by File Manager.

fm_purge_trash_days

fm_purge_trash_days=30

Indicates the age of days a file before being deleted from .Trash folder. For folders, the last modified time of a folder must be >= 30 days old for it to be traversed. -1 means never auto-purge, 0 - immediately purge if found. Up to a max of 10000 days before being purged.

force_hostname

force_hostname=

By default DA allows people to connect to any IP, domain name, subdomain, etc.. that lives on port 2222. Setting force_hostname to any value force a browser to use a specific value when connecting.

force_pipe_post

force_pipe_post=

Option to forcefully use POST requests. Example set is a colon separated list of scripts you want POST to be piped through:

force_pipe_post=filemanager_pre.sh,all_pre.sh

Related: pipe_post

force_ssl

force_ssl=0

Force SSL with https redirect for all websites.

forwarder_loop_check

forwarder_loop_check=1

Enabled by default - DirectAdmin will abort the creation of the forwarder if local forwarders end up pointing back to the original. The process is recursive with max recursion depth of 20.

fs_in_system_info

fs_in_system_info=1

When enabled shows file system information and disk usage in the System Information page.

ftpconfig

ftpconfig=/etc/proftpd.conf

The path to the ftp config file.

ftppasswd_db

ftppasswd_db=/etc/pureftpd.pdb

The path to the pureftpd database file.

ftppasswd

ftppasswd=/etc/proftpd.passwd

The path to the proftpd passwd file.

ftpsep

ftpsep=@

The character used after usernames and before the domain name. An example of an ftp login would be: fred@domain.com .

The + character would be a good alternative if you are looking for change.

ftpvhosts

ftpvhosts=/etc/proftpd.vhosts.conf

Deprecated. The path to the proftpd vhosts file.

ftp_list_run_as

ftp_list_run_as=nobody

If using the default option, when /usr/local/directadmin/scripts/ftp_list.php is executed from the GUI (using the admin backup/transfer feature), it'll be run by user "nobody".

full_mx_records

full_mx_records=1

Ability to specify a subdomain for an MX name.

global_httpd_tokens

global_httpd_tokens=/usr/local/directadmin/data/admin/global_httpd_tokens.conf

The file that contains global tokens to be used in Apache/Nginx templates.

handshake_timeout

handshake_timeout=12

A handshake timeout for https calls to DirectAdmin panel over port 2222.

hard_quota_multiplier

hard_quota_multiplier=1.1

Ratio for the soft-limit to hard-limit for quotas. Allows a grace period for Users to go over their quotas up to the hard-limit. After the grace period, they can only delete files until below the soft-limit again.

hide_brute_force_notifications

hide_brute_force_notifications=1

Change to 1 to prevent sending brute-force notifications by email.

hide_ip_user_numbers

hide_ip_user_numbers=0

If you're sharing an IP among many Resellers, hide the number of Users on that IP.

hide_webmail_links=1

Ability to hide or change the webmail links and webmail button.

home_override_list

home_override_list=

A list of paths where to create users, to be used with create_user_home_override . Example set:

home_override_list=/home:/home2:/home3

Related: create_user_home_override | ext_quota_partitions

hook_custom_vars

hook_custom_vars=0

Ability to pass custom variables to pre/post.sh scripts from GET/POST. Set it to 1 to enable and then you can use any GET/POST variable name you want from these characters: a-zA-Z0-9_-.

It must start with the prefix custom_var_

So, a sample variable passed with GET or POST might be:

custom_var_do_something=yes

which would let you access:

$custom_var_do_something

in any hook script that is called with that request.

Note the maximum length of an environmental value is 125749 bytes. Anything greater than or equal to that length will be ignored, and its env variable will be unset if it was present already.

hsts

hsts=-1

The option to enable HTTP Strict-Transport-Security for the DirectAdmin login page. If SSL=1 and hsts>0 the hsts value is in seconds, and will form the header: Strict-Transport-Security: max-age=5184000

To disable the header, you must set it to -1 in the directadmin.conf or delete the hsts value from the directadmin.conf, reverting to the internal -1 default. Because browsers will remember the setting, if you are going from a large value (5184000), to make the browser "forget", you must set it to 0 for a while (hsts=0) so that the header is sent to clients set to 0 shutting it off. After all browsers/clients have received the change, then you can set it to -1.

If you consider enabling it, we recommend using:

force_hostname=server.domain.com

htm_all_scripts

htm_all_scripts=0

Lets you run all_pre.sh and all_post.sh scripts on HTM files. Handy for creating your own scripted areas in DA that are not plugins.

include_directadmin_port_in_brute_firewall

include_directadmin_port_in_brute_firewall=0

Option to include port 2222 failed login attempts in BFM blocks (CSF).

incremental_ftp

incremental_ftp=1

When uploading backups, the finished backup will be uploaded before the subsequent backup's creation to lower total disk usage.

inode

inode=1

Support for counting and displaying of inode limits for Users. Can be set in packages. Uses the hard limit multiplier, just like the disk usage, meaning, the value you set will be the soft limit, and the hard limit will be 1.1x that value.

internal_lang

internal_lang=/usr/local/directadmin/data/skins/enhanced/lang

Location for the fallback internal language files if other skins don't have them.

ionice_string

ionice_string=

Default ionice value for User backups.
If you add a string, it would look something like this:

ionice_string=/usr/bin/ionice -c2 -n7

This would make the resulting tar backup call look like:

/usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 /bin/tar cvf .... etc.,

ip_blacklist

ip_blacklist=/usr/local/directadmin/data/admin/ip_blacklist

A path of blacklisted IPs to be used in Brute Force Monitor.

ip_brutecount

ip_brutecount=30

Number of bruteforce attempts per IP required to trigger sending a notification to admins.

ipv6

ipv6=1

Basic support for IPv6

ip_whitelist

ip_whitelist=/usr/local/directadmin/data/admin/ip_whitelist

A path of whitelisted IPs to be used in Brute Force Monitor.

jail

jail=0

Use bubblewrap to jail users (cronjobs, shell and PHP-FastCGI). Use CustomBuild to install bubblewrap, it sets the DirectAdmin value automatically.

ValueComment
0jail disabled completely
1jail is enabled by default, but can be personally disabled per package, reseller.conf or user.conf
2jail is enabled forcefully for all

language

language=en

Default language for the system, and also for the demos.

language_list

language_list=

List of languages (separated with : symbol) that should be available in DirectAdmin language selection. Used to minimize the number of languages offered for end-customers.

When empty all default languages that comes with pre-installed will be available.

For example setting:

language_list=en:nl

Will limit supported languages to English and Dutch.

lan_ip

lan_ip=

Local IP address if LAN setup was done.

letsencrypt

letsencrypt=1

Ability to disable Let's Encrypt in DirectAdmin interface. If enabled globally you might want to deny access to LetsEncrypt for specific Users adding "letsencrypt=0" to user.conf file.

Note that this only applies to the interface, and does not affect background/dataskq actions. So this will not work to globally have it shut off, if you're trying to enable it for 1 User, for example. The background checks must have it enabled globally to work.

letsencrypt_disable_renew_after_renew_failure

letsencrypt_disable_renew_after_renew_failure=0

Disable Let's Encrypt certificate auto-renew after X failed attempts, with failure message.

letsencrypt_foreground_http_max

letsencrypt_foreground_http_max=10

Number of requests (checkboxes selected) after which the letsencrypt generation will be sent to background and processed by dataskq.

letsencrypt_list_selected

letsencrypt_list_selected=www

Ability to specify which DNS records will be automatically selected on the Let's Encrypt page.

letsencrypt_list

letsencrypt_list=www:mail:ftp:pop:smtp

Ability to select which DNS records to include in Let's Encrypt certificate.

letsencrypt_max_requests_per_week

letsencrypt_max_requests_per_week=200

Set the weekly max Let's Encrypt requests limit shown in the interface.

letsencrypt_multidomain_cert

letsencrypt_multidomain_cert=3

Ability to select which DNS records to include in Let's Encrypt certificate.

letsencrypt_renewal_days

letsencrypt_renewal_days=60

Ability to set time in days when DA tries to renew issues Let's Encrypt certificates.

letsencrypt_renewal_error_to_users

letsencrypt_renewal_error_to_users=1

Ability to control and send notifications to users on failure renewals.

letsencrypt_renewal_failure_notice_after_attempt

letsencrypt_renewal_failure_notice_after_attempt=5

Max failed Let's Encrypt certificate renewal attempts before sending a failure notice.

letsencrypt_renewal_notice_to_admins

letsencrypt_renewal_notice_to_admins=1

Ability to control and send notifications to admins on failure renewals.

letsencrypt_renewal_success_notice

letsencrypt_renewal_success_notice=0

Ability to receive Let's Encrypt successful renewal notices.

letsencrypt_success_full_output

letsencrypt_success_full_output=0

Ability for the full output to be shown again upon success.

listen_backlog

listen_backlog=8

Sets the listen() backlog size for DirectAdmin.

litespeed

litespeed=0

A flag used to indicate if LiteSpeed is in use.

load_in_system_info

load_in_system_info=1

Calls to the System Information can now support load averageopen in new window, enabled by default. Set to 0 to disable:

/usr/local/directadmin/directadmin set load_in_system_info 0
service directadmin restart

load_iotop_string

load_iotop_string=/usr/sbin/iotop

The iotop command and keys to be included in a notice sent to all admins when 'server load average' notice will be generated. Defaults differ for varying OS's:

CentOS 6/7 + Debian

load_iotop_string=/usr/sbin/iotop -b -n 1

load_notice_interval

load_notice_interval=10

A time in minutes how often the load-average critical notifications are sent to admin, defaults to 10 minutes.

load_top_string

load_top_string=/usr/bin/top

The command which is used to gather the data for load average notifications.

load_top_string=/usr/bin/top -c -b -n 1

local_mailserver_without_dnscontrol

local_mailserver_without_dnscontrol=0

If set to 1 the "MX Records" URL will show up when viewing a domain, and you can make changes to the "Local Mail Server" option, where you might have dnscontrol=OFF in your account.

Some Users might have external DNS, hence they shouldn't change their dns settings, but still need to change their Local Email Server settings.

lock_debug

lock_debug=0

logdir

logdir=/var/log/directadmin

A path where DirectAdmin will save own logs.

loghostname

loghostname=0

Option used to do reverse IP lookups in logs. Not recommended as slows things down quite a bit.

login_hash_expiry_minutes

login_hash_expiry_minutes=4320

New internal option simply that lets you alter the internal default time of the ./directadmin --create-login-url user=fred call.

login_history

login_history=10

Number of login attempts to store.

login_history_include_login_as

login_history_include_login_as=0

Option to hide login-as in login history.

login_keys

login_keys=1

login_keys_notify_on_creation

login_keys_notify_on_creation=1

Enables Login Keys functionality in DirectAdmin.

loginlog

loginlog=/var/log/directadmin/login.log

A path to login.log file.

logs_history_as_nobody

logs_history_as_nobody=0

Save User's logs folder and contents as "nobody", preventing them from deleting them from /home/user/domains/domain.com/logs/.

logs_to_keep

logs_to_keep=5

Number of rotated logs to keep in a user's home location.

logs_to_keep_days

logs_to_keep_days=0

Relating to logs_to_keep=5.

When set to a positive integer (in days), specifies a secondary log rotation limiter based on age, not just count.

lost_password

lost_password=0

Feature to let users reset their passwords without bugging the Admin.

maildir_with_new

maildir_with_new=1

This was for a template change. It's not recommend you go back. Set to 0 to disable using Maildir/new/ Maildir/.INBOX.spam/new/ etc.

mail_autoconfig

mail_autoconfig=1

Controls whether web server's configs include routing for email auto configuration feature for Thunderbird and MS Outlook (pro-pack).

mail_partition

mail_partition=

Custom partition location for email.

mail_sni

mail_sni=1

Setting for Dovecot and exim SSL SNI certificate support. Manages the /etc/virtual/snidomains file required for DirectAdmin and Pure-FTPd SNI support, too.

maxfilesize

maxfilesize=10485760

The maximum size, in bytes, that a POST can be. This is mainly used for file uploads but applies to all POSTs. Do not set this value to a very small number, as it would block normal POSTs as well (User creation, etc) if it's too small.

max_per_email_send_limit

max_per_email_send_limit=-1

Option to control the number of messages sent per email.

If you wish to allow the Users to set values higher than the default 200, but leave 200 as the default, then change the max_per_email_send_limit to be, for example, max_per_email_send_limit=500.

A value of -1 (default) tells DirectAdmin to rely on the /etc/virtual/user_limit file. A value of **0 ** is unlimited. A value above 0 is the max number a User can set.

Can be overridden via the user.conf file. This can be done by editing the user.conf file directly, or via DirectAdmin's GUI when viewing the details for a given User.
For enhanced, the page:

CMD_SHOW_USER?user=fred

will show an extra row, just below "Received Emails", called "Max limit User can set per E-Mail". If you're an Admin, you'll be able to modify this value. Setting a number saves max_per_email_send_limit into the User's user.conf file and setting it as a blank value deletes the max_per_email_send_limit from the user.conf.

max_read_to_memory_size

max_read_to_memory_size=524288000

Sets an upper limit as to the max size of file that can be stored in DirectAdmin memory, when DA uses a function to read the contents of a file to memory so it can be worked on.

max_security_question_attempts

max_security_question_attempts=5

Maximum number of attempts to try answering security questions.

max_twostep_auth_attempts

max_twostep_auth_attempts=5

Maximum number of two step authentication attempts.

max_username_length

max_username_length=10

The max length a username can be. Max is 30. It is limited to a max of 14 with MySQL 5.5/5.6 and MariaDB 5.5 because of the 16 character MySQL database name limit and the username naming prefix.

max_user_send_limit

max_user_send_limit=-1

The upper limit that can be set by a Reseller.

ValueComment
-1Upper limit is taken from the /etc/virtual/limit file
0No limit
>0A value higher than 0 becomes the limit

modsec_audit_dir

modsec_audit_dir=/var/log/modsec_audit

The directory for modsecurity audit logs.

mq_exim_bin

mq_exim_bin=/usr/sbin/exim

Where Exim is located. Use for the mail spool query calls in Admin Level -> Mail Queue Admin.

mq_exim_max_load_size

mq_exim_max_load_size=2000

When accessing CMD_MAIL_QUEUE to view the mail queue via the DirectAdmin panel, it will call exim -bpc before trying to load the queue. If the number of mails in the queue is higher than mq_exim_max_load_size, then an intermediate warning page is shown with a button to try anyway. This will add the GET value of force=yes to the request, telling DA not to worry about it and show it anyway.

When forced, the initial exim -bpc call is not done, in case that call itself is slow, where it's not needed since we're going to jump straight into loading the queue no matter what.

msg_sys

msg_sys=Message System

If you want to name your hosting company in the message system emails, this lets you specify the "name" part of the "From" header.

mx_templates

mx_templates=1

This variable controls the user's ability to select google/zoho from a list in User panel -> Modify MX Records. Enabled by default. Actual list is taken from two files in /usr/local/directadmin/data/templates/mx directory and can be customized if copied to templates/mx/custom directory.

mysql

mysql=1

Ability to disable all database functions at once.

mysqlconf

mysqlconf=/usr/local/directadmin/conf/mysql.conf

Path to the user/pass that DA will use for the connection to mysql.

mysqldump_routines

mysqldump_routines=1

Allow an admin to do a full backup/restore with routines and functions.

named_checkzone

named_checkzone=1

Whether to run DNS zone files through a check before saving zone to disk.

named_checkzone_level

named_checkzone_level=fail

Is used with the named-checkzone query -k option. It was found that some warnings returned by named-checkzone would actually cause a full failure in named, so the strictness level of this call was increased to the current default fail.

Valid options values are:

  • fail
  • warn
  • ignore

If you find this to be too strict, set it back to level "warn" by adding:

named_checkzone_level=warn

namedconfig

namedconfig=/etc/named.conf

The path to main named config file (depends on OS used).

nameddir

nameddir=/var/named

The path to the named directory.

named_rename_hostname_zone

named_rename_hostname_zone=1

If you rename a hostname from the DirectAdmin panel, the process will rename the hostname zone. If set to 0, then DirectAdmin will not change zone associated with the hostname.

named_rndc

named_rndc=0

Allows for immediate DNS changes using rndc without any delay.

named_rndc_addzone

named_rndc_addzone=0

Allows for immediate DNS changes using rndc without any delay.

named_service_override

named_service_override=

On some OSs for named/bind, it's simpler to have DA use some different script name, rather than trying to force the specific boot script names. Specifically on Debian, apt-get provides bind9.service, but DA would still be looking for named.service.

To have DA call bind9.service, set: named_service_override=bind9

Note, if you add named_service_override to the directadmin.conf, ensure it has a value.
If it's present but blank, this means DA would call systemctl reload .service instead of systemctl reload bind9.service.

never_commands

never_commands=

Global commands to never be executed by the DirectAdmin panel. An example set would be: never_commands=CMD_ACCOUNT_ADMIN:CMD_API_ACCOUNT_ADMIN

nginx

nginx=0

When using webserver=nginx_apache, the option is used to enable/disable the per-domain Nginx templatesopen in new window and the ability to process a domain with Nginx only when using Nginx reverse proxyopen in new window.
Related: nginx_proxy

nginx_proxy

nginx_proxy=1

This setting is used in conjunction with nginx= in the directadmin.conf and in the domain's .conf file for per-domain Nginx configurations.
Related: nginx

nginx_ca

nginx_ca=/etc/nginx/ssl.crt/server.ca

A path to the Nginx Certificate Authority file.

nginx_cert

nginx_cert=/etc/nginx/ssl.crt/server.crt

A path to the Nginx certificate file.

nginxconf

nginxconf=/etc/nginx/directadmin-vhosts.conf

The main Nginx config file with users' VirtualHosts.

nginx_fpm_always_set

nginx_fpm_always_set=0

Ability to always load all php-fpm settings into the User nginx.conf.

nginxips

nginxips=/etc/nginx/directadmin-ips.conf

The path to the file containing the Nginx configuration for server IPs.

nginx_key

nginx_key=/etc/nginx/ssl.key/server.key

The path to the Nginx key file.

nginxlogdir

nginxlogdir=/var/log/nginx/domains

The path to the directory where Nginx stores domain logs.

nginx_pid

nginx_pid=/var/run/nginx.pid

The path to the Nginx PID file.

nginx_proxy

nginx_proxy=0

The flag used to indicate if nginx proxy is used.

nginx_proxy_buffering

nginx_proxy_buffering=0

The option to control flow between Nginx and Apache. If set to 0, the Apache server sends through Nginx, byte by byte, making the connection faster. If you have many slow clients, setting nginx_proxy_buffering to 1 will mean that Apache sends all data to Nginx, which stores it in a buffer, which can then disconnect from Apache to let it do other things.

The catch with setting this to 1 is that Nginx doesn't start to send all of the data until Apache has finished sending it to Nginx... meaning the first byte is not sent until Nginx receives the last byte from Apache.

notify_admins_on_all_account_creation

notify_admins_on_all_account_creation=0

Option to notify all Admins about the creation of any account type.

notify_admins_on_mass_emailings

notify_admins_on_mass_emailings=1

Notify admins on mass emailing.

notify_admins_on_per_email_mass_emailings

notify_admins_on_per_email_mass_emailings=1

Notify admins on mass emailing.

notify_email_on_per_email_limit

notify_email_on_per_email_limit=1

Send an email to an email account if their** per-email limit is reached** (not referring to the per-DA-User limit).

notify_on_autoupdate

notify_on_autoupdate=1

Notify admins on DirectAdmin auto updates.

notify_on_autopatch

notify_on_autopatch=0

Notify admins on DirectAdmin auto updates (hotfixes).

notify_on_mass_emailing

notify_on_mass_emailing=1

Notify admins of a mass emailing by user.

notify_reseller_on_mass_emailing

notify_reseller_on_mass_emailing=1

Notify resellers of a mass emailing by his user.

notify_user_at_full_quota

notify_user_at_full_quota=1

To send notification to user if his quota is full.

notify_user_on_mass_emailing

notify_user_on_mass_emailing=1

Notify user on mass emailing.

ns1

ns1=ns1.hostname.com

The primary, default, Admin NameServers, values as set at Admin Level -> Admin Settings -> ns1.

ns2

ns2=ns2.hostname.com

The primary, default, Admin NameServers, values as set at Admin Level -> Admin Settings -> ns2.

numservers_waiting

numservers_waiting=10

Number of directadmin processes started to wait for new incoming HTTP requests. It does not include the processes that are already processing a request. Total number of processes can be controlled with numservers parameter.

numservers

numservers=50

Limits total number of directadmin processes dedicated for handling incoming HTTP requests. It includes both types or processes - waiting for new request to arrive and processes already processing a request.

old_public_html_link=1

Ability to change ~username to be ~username/domain.com, thus allowing use of all domains before they resolve.
Feature was disabled by default due to mass confusion and complaints, but can still be enabled if you want it.

one_click_pma_login

one_click_pma_login=0

A one-click login to phpMyAdmin.

one_click_webmail_link=/roundcube

The single sign-on (SSO) tool for the URL path /roundcube can be changed via this option. So if you've got your /roundcube setup with /webmail, this lets you have the button within DA to redirect the specified link.

one_click_webmail_login

one_click_webmail_login=0

A one-click login to RoundCube

one_click_webmail_timeout

one_click_webmail_timeout=10

Ability to wait longer for the "One Click Login" webmail tool, in case there is two-factor authentication, or the login needs more time.

open_basedir

open_basedir=ON

Default values for safemode and open_basedir. Configured over Admin Level -> Php Safemode Config.

parse_php_mail_log_at_limit

parse_php_mail_log_at_limit=1
ValueComment
0Disabled
1To display a path to the script on the "E-Mail Usage" page in the User panel
2To block the script with chmod 000. Further control can be achieved via the disable_php_script_at_limit_threshold and disable_php_script_at_limit_minimum values.

Related: disable_php_script_at_limit_minimum | disable_php_script_at_limit_threshold

partition_usage_threshold

partition_usage_threshold=95

If the usage of a given partition exceeds this threshold value, an email is sent to all admins. This email is only sent once per day if the usage is not reduced or settings changed (the message time history is stored in the admin.conf).

password_check_script

password_check_script=

If non-empty, defines a script (or any binary) to be executed for checking password.

If script returns non-zero exit code, password is refused and output is reported to the user (both stdout and stderr).

Script is executed as diradmin user with the following environment variables:

Environment variableValueNote
passwordPassword to check-
languagelanguage-
difficult_password_length_mindifficult_password_length_min⚠️ DEPRECATED: difficult_password_length_min is always checked before the script.
random_password_length20⚠️ DEPRECATED: passwords consisting of at least 20 symbols are always accepted.
random_password_length_max20⚠️ DEPRECATED: passwords consisting of at least 20 symbols are always accepted.
special_characters_in_random_passwords0⚠️ DEPRECATED.

password_placeholder

password_placeholder=XXXXXXXXXX

A character to be used to replace visible password within DA panel.

Anytime the form is saved, either creation of a new cron, ftp listing update.. or modification of a cron, the existing back-end password will be loaded into DA internally, decrypted, and will replace the XXXX string with the actual value.

This should improve security, as the passwords are no longer saved in the html as plaintext.

You may change the value to something else other than X.

The reason for making a password_placeholder variable is in case someone actually wants to use a password value of XXXXXXXXX, they could then set password_placeholder=YYYYYYYYY for example. Of course, using XXXXXXXXX for a password is a terrible idea anyway, so don't do it.

php_fpm_max_children_default

php_fpm_max_children_default=10

Ability to set default PHP-FPM max children limit.
./build rewrite_confs is required after the change for the setting to be applied.

php_fpm_restarts

php_fpm_restarts=0

Option that controls how a PHP-FPM restart is performed. By default, it uses a graceful restart. If you're having issues with php-fpm not executing the above command properly for your system, you can set this value to 1, so that it calls a full "restart" for the php-fpmXX service(s).

php_home_tmp_session_save_path

php_home_tmp_session_save_path=0

Set /home/tmp as the PHP temporary files save path.
./build rewrite_confs is required after the change for the setting to be applied.

php_mail_log

php_mail_log=1

Option which** enables logging all calls to mail() function by PHP files** and stores results in the /home/username/.php/php-mail.log file. The log will be rotated by the tally.

The number of logs is the same as for Apache and set in: Admin Level -> Admin Settings -> Number of logs to keep.

php_mail_log_dir

php_mail_log_dir=

This feature allows you to override the /home/user/.php PHP mail() log folder to use some other location, in the event your clients have a habit of deleting their logs, e.g.: php_mail_log_dir=|HOME|/.php, which would be the same as the default we already have now. If you add any string, even an empty value like php_mail_log_dir= this will be used (don't add an empty value).

php_version_selector

php_version_selector=1

Enables selecting different PHP versions from DirectAdmin user panel. The additional PHP versions should be installed separately .

pid_to_logs

pid_to_logs=0

To control if the PID should be written to each log, which is useful to enable if you are trying to step through the logs while multiple processes are logging at the same time.

pigz

pigz=0

If set to higher than 0 then DirectAdmin backup jobs will use pigz instead of gzip with tar. Actual value set (lets say 4) would mean to use that, about of cores (4 threads in our example). This speeds up the backup job.

pipe_log

pipe_log=/dev/null

The main directadmin process is redirecting stdout/sdterr to /dev/null. You may actually see more details if it uses a real file. For example, set: pipe_log=/var/log/directadmin/pipe.log .

plugin_max_hooks

plugin_max_hooks=16

The number of default plugin tokens that will be set to "". Note that this never restricted the upper limit of plugins used, it did prevent the auto-filling of the blank plugin token values.. So if you had 20 tokens, and 8 plugins, the last 4 wouldn't be filled with "", and would end up showing "none".

plugins_allowed_run_as

plugins_allowed_run_as=1

Ability to run plugin as other than logged-in user.

pop_disk_usage_cache

pop_disk_usage_cache=0

Alternative to disabling pop usage is to generate a cache instead.

pop_disk_usage_dovecot_quota

pop_disk_usage_dovecot_quota=0

Use doveadm for faster email quota loads.

pop_disk_usage_true_bytes

pop_disk_usage_true_bytes=0

By default the E-Mail accounts page will show the usage of each account, in terms of how much disk space the account is using up: how many blocks are used.

This may cause confusion because quota reporting for dovecot uses the file's size, rather than block usage, so the two numbers could vary by a large degree. When you set it to 1 the E-Mail usage page will instead show the sum of the file sizes, rather than the block usage.

The "hover-over" pop-up will show the "other" size

port

port=2222

Port Used for DirectAdmin to run on.

preserve_html_sequences

preserve_html_sequences=0

Disabled by default, DirectAdmin will keep charsets as typed. Set it to 1 If you are using different charsets and want DirectAdmin to swap any typed occurrences of & with &#38; so it gets displayed exactly as typed.

Such that message/ticket system will respect any html characters set in the file as long as they use the format:

&#xxxx;

where xxxx is a string of 1 or more numbers 0-9.

process_list_debug

process_list_debug=0

Debug option to be used with the dataskq to list processes from the /bin/ps aux output if a program isn't seen to be running by the dataskq (and likely gets restarted repeatedly).

proxy_ip

proxy_ip=

You can set proxy_ip=1.2.3.4 into the directadmin.conf, and it will add that value: |PROXY_IP| available in the apache and nginx templates (including proxy). If you don't set it in the directadmin.conf, it will be set to the default |IP|.

If value is an ipv6, the token will be wrapped with square brackets, eg:

proxy_ip=::1 will load in the token: PROXY_IP=[::1]

purge_spam_days

purge_spam_days=0

If you have Maildir, this option tells DA to remove all emails in the spambox and trash older than this number of days.

quota_partition

quota_partition=/home

The value of the partition you want DA to use for user quotas.

Related: ext_quota_partitions

quota_update_interval

quota_update_interval=10

Frequency a User is allowed to update his disk usage via the button. Real-time quotas are recommended to use for the disk-space usage.

Related: realtime_quota

ram_in_system_info

ram_in_system_info=1

To show a memory information on a System Information page. Set to 0 to hide.

realtime_quota

realtime_quota=2

Make use of the live system quotas to let Users see their usage in realtime.

ValueComment
0Disable realtime quota, quota stats would be updated by dataskq
1Use slow "quota -v username" calls to take quota value for user
2Use kernel-level quotactl function calls. [RECOMMENDED]

reload_apache_after_rotation

reload_apache_after_rotation=1

Control if DA sends an HUP signal to the pid file set in the directadmin.conf setting apache_pid=/var/run/httpd.pid , or if nginx=1 DA internally sets it to apache_pid=/var/run/nginx.pid .

If you do not wish to have the post-rotation send the HUP, you can set:

reload_apache_after_rotation=0

*** HOWEVER *** the HUP is sent for a reason.

This is used to re-open all rotated logs and bytes logs. So if apache/nginx does not get the HUP, you may have logging issues.

If needed, immediately after that HUP is sent, the hook script tally_rotation_post.sh is called if it exists. So if you disable the HUP, you can take any other desired actions with that script.

remote_dns_retries

remote_dns_retries=0

Number of retries by DA if the cluster sync fails.

remove_clipboard_on_logout

remove_clipboard_on_logout=1

If user logout from DirectAdmin the FileManager temporary file /home/user/.clipboard will be removed. If the client just closes his or her browser, the event will not be triggered.

removeip

removeip=/usr/local/directadmin/scripts/removeip

A script used to remove server IP address.

renew_letsencrypt_on_suspended_domain

renew_letsencrypt_on_suspended_domain=0

Option to skip LetsEncrypt auto-renew if domain is suspended.

request_timeout

request_timeout=20

A timeout for requests to DirectAdmin panel.

reseller_allocation_include_self

reseller_allocation_include_self=0

Option for Reseller's own User limits to be included in their own allocation total.

reseller_backup_bandwidth

reseller_backup_bandwidth=1

Include Reseller backup bandwidth in their usage.

reseller_can_customize_config_json

reseller_can_customize_config_json=1

Allow resellers to customize or rebrand skins. If set to 0, resellers will not be able to change the design.

reseller_can_reset_email_count

reseller_can_reset_email_count=0

reseller_can_set_email_limit

reseller_can_set_email_limit=0

The option that controls whether a Reseller has the ability to reset the sent email limit.

reseller_helper

reseller_helper=reseller.site-helper.com

The URL used as the help page for the Reseller panel.

Related: admin_helper | user_helper

reseller_warning_thresh

reseller_warning_thresh=75

A threshold of sent mails when email warning will be sent to reseller.

Related: send_usage_message

reserved_env_vars

reserved_env_vars=PATH:SHELL:_:LD_LIBRARY_PATH:LD_PRELOAD:LD_DEBUG:LD_DEBUG_OUTPUT:LD_DYNAMIC_WEAK:LD_SHOW_AUXV:GETCONF_DIR:NLSPATH:NIS_PATH:IFS:LD_AUDIT:LD_AOUT_LIBRARY_PATH:LD_AOUT_PRELOAD:LD_ORIGIN_PATH:LD_PROFILE:GCONV_PATH:HOSTALIASES:LOCPATH:MALLOC_TRACE:RESOLV_HOST_CONF:RES_OPTIONS:TMPDIR:TZDIR:LD_USE_LOAD_BIAS:MALLOC_CHECK_:ORIGIN:LC_ALL

restart_apache_after_tally

restart_apache_after_tally=1

After a tally is run, Apache is restarted. Set this to 0 if you don't want it to restart.

rotate_httpd_error_log_global

rotate_httpd_error_log_global=0

rotate_httpd_error_log_meg

rotate_httpd_error_log_meg=0

A size in megabytes when apache error_log for any domains will be rotated. Prevents webserver error logs from getting too large in a run-away case, variables that let the dataskq check the size of these logs, and rotate/truncate them if needed.

rotate_httpd_error_log_notify

rotate_httpd_error_log_notify=3

rotate_httpd_error_log_truncate

rotate_httpd_error_log_truncate=1

Method to truncate error_log on rotation if rotate_httpd_error_log_meg was triggered. Value of 1 means truncation will create a new log 1/2 the size of the original (half of rotate_httpd_error_log_meg).

Truncating to a specific size requires:

  • fseek to location at 1/2 the size of the log
  • go forwards byte by byte until you hit the first newline character, then go 1 more.
  • read each line from the current position, and write to a new log.
  • re-open the current log from where the end used to be, and continue read/writing, because new data might have been added
  • delete the old log, rename the new one to the old name, and HUP apache/nginx.

rotation

rotation=1

Enable rotation of apache logs.

safemode

safemode=OFF

Default values for safemode. Configured over Admin Level -> Php Safemode Config.

secure_access_group

secure_access_group=access

A security permissions state where the group ownership of a home directory is set to this value, allowing only that group visible access to the folder and thus blocking other users. If variable changed the rewrite should be issued:

echo "action=rewrite&value=secure_access_group" >> /usr/local/directadmin/data/task.queue

And related services should be restarted.

secure_disposal

secure_disposal=/home/.disposal

A directory used to process awstats temporary files under certain conditions.

securitylog

securitylog=/var/log/directadmin/security.log

A main DirectAdmin security log file.

security_questions

security_questions=1

Turns On Security Questions for additional layer of protection during login to DirectAdmin.

send_usage_message

send_usage_message=1

Global switch which controls the sending of usage warning emails to users, resellers, and admins. Can be added to a given User's user.conf and/or a given Reseller's reseller.conf, which will override the global setting.

servername

servername=web1.domain.com

The hostname of your system used by DirectAdmin. It should match the actual hostname of your system and must comply with mail system rules.

serverpath

serverpath=/usr/local/directadmin

Main path for all DirectAdmin data. Don't change this unless you know what you're doing (you'd need a very good reason to do so).

session_cookie_multiplier=24

A multiplier used for cookie expire time related to the duration of session itself. Used to workaround possible issues when server or client desktop times are out of sync.

session_minutes

session_minutes=60

Number of minutes an inactive DirectAdmin session will remain logged in. After that time, the User must authenticate again. After every page load of DA, the counter resets to 0.

sessions_dir

sessions_dir=/usr/local/directadmin/data/sessions

Location on disk for DA login sessions.

set_php_bin_path_in_crons

set_php_bin_path_in_crons=1

Ability to add the php binary path to cron PATH variable. Enabled by default. Can be disabled like so:

/usr/local/directadmin/directadmin set set_php_bin_path_in_crons 0
service directadmin restart

You can remove duplicate /usr/local/phpXX/bin entries from the crontab's PATH value by setting set_php_bin_path_in_crons=2. Eg, if you have:

crontab -u fred -l | grep PATH
PATH=/usr/local/php70/bin:/usr/local/php74/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/fred/bin

where there are 2 entries for php 7.0 and 7.4, you can clear out the 2nd entry, regardless of the version set, by setting set_php_bin_path_in_crons=2, and issuing a rewrite:

cd /usr/local/directadmin
echo "action=rewrite&value=httpd&user=fred" > data/task.queue.cb; ./dataskq d1000 --custombuild

and it will reduce the path in the crontab to the following:

PATH=/usr/local/php70/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/fred/bin

If you need to do this for all accounts, issue the aforementioned command without &user=fred.

NOTE: This setting should only be used temporarily, and we would recommend setting it back to 1 once you're done clearing any duplicates.

set_php_bin_path_in_shell

set_php_bin_path_in_shell=1

Ability to add the php binary path to PATH variable in .bash_profile. Enabled by default. Can be disabled like so:

/usr/local/directadmin/directadmin set set_php_bin_path_in_shell 0
service directadmin restart

set_php_ini_scan_dir_in_crons

set_php_ini_scan_dir_in_crons=0

Ability to add PHP_INI_SCAN_DIR for per-User php.ini in cronjobs.

show_all_users_cache_extra_vars

show_all_users_cache_extra_vars=date_created

Ability to add extra variable columns to Show All Users or List Users pages. More fields could be added like: "date_created:mysql" . Be sure to force a cache update with:

cd /usr/local/directadmin
echo "action=cache&value=showallusers" >> /usr/local/directadmin/data/task.queue; ./dataskq d2000

BEHAVIOR

When adding a variable to the show_all_users_cache_extra_vars list, how it's shown depends on if it's in the user.conf, user.usage, or both.

If it's only in one or the other, then that value is simply taken from the given file and place into the cache.

If the variable is in BOTH user.conf and user.usage files, then the value is stored in the show_all_users.cache with the usage/limit format, eg:

mysql=1 / unlimited

show_custom_script_path

show_custom_script_path=1

Ability to hide "Script Output /path/to/script.sh" for custom scripts if set to 0. If you have custom scripts in /usr/local/directadmin/scripts/custom/*.sh on non-zero result, before echoing your echo'd data they will usually display:

Script Output: /usr/local/directadmin/scripts/custom/script_name.sh

This is typically done to avoid confusion as to what's throwing the error. But if you're fully aware of it, and are sure you're echoing data on non-zero output, then you should be able to use this.

show_info_in_title

show_info_in_title=1

Ability to hide DirectAdmin version title for logged-in users.

show_main_spambox

show_main_spambox=1

Ability to hide the main spam folder, e.g. /home/user/Maildir/.INBOX.spam/new/ from the skin.

By default, there are 4 choices as to where to redirect spam messages to.

  • Inbox (no redirect)
  • Main imap spambox
  • per-account spambox
  • drop the email

The "Main imap spambox" option, aka "Redirect it to the catch-all spam folder in your main imap account."

show_php_version

show_php_version=1

To control if the PHP version will be shown on the System Information page.

show_pointers_in_list

show_pointers_in_list=1

Option that shows domain pointers on the "List Users" and "Show All Users" pages.

simple_disk_usage

simple_disk_usage=0

For systems where disk access needs to be kept to a minimum, enabling this option relies only on the system quotas. Stats will not be completely correct as a result (tally will not do manual directory traversing for usage).

skin_domain_redirect

skin_domain_redirect=1

Ability to disable the User Level domain redirect on Enhanced skin.

skinsdir

skinsdir=./data/skins

Location where the skins are to be found.

skip_databases_in_backups

skip_databases_in_backups=0

Enabling this option will exclude databases from all backups. This will skip everything, including DB settings, DB Users, and the sql data for the databases themselves.

skip_domains_in_backups

skip_domains_in_backups=0

To be selective with backup data, this will skip /home/user/domains for all Users. You'd really only use this if you have other means, like rsync, for backing up that data. Handy if you just want to restore the User with all of his settings, but without his web data.

skip_ftp_on_backup_fail

skip_ftp_on_backup_fail=0

Option to skip uploading backup to ftp if some portion of the .tar.gz was created incorrectly. Set to 1 if you do not want to upload incomplete backups. This only works if incremental_ftp is set to 1.

skip_hometargz_in_backups

skip_hometargz_in_backups=0

To speed up the User backup process, one may enable this to skip the home.tar.gz file, which omits some email data amongst other things.

skip_imap_in_backups

skip_imap_in_backups=0

Similar to skip_domains_in_backups, when this option is enabled, it will skip the folder: /home/user/imap when generating backups. Enabling this will only skip the email data itself (email messages), but does not skip the email accounts/passwords.

skip_roundcube_in_backups

skip_roundcube_in_backups=0

The option that controls the ability to skip roundcube webmail client settings when backups are generated.

skip_trash_in_backups

skip_trash_in_backups=0

The option that controls the ability to skip the File Manager trash folder when backups are generated.

skip_uebimiau_in_backups

skip_uebimiau_in_backups=0

The option that controls the ability to skip uebimiau webmail client settings when backups are generated.

spam_inbox_prefix

spam_inbox_prefix=1

Ability to set Spam folder from INBOX.spam to Junk.

spam_inbox_prefix_name

spam_inbox_prefix_name=INBOX.spam

Ability to set a new value for INBOX.spam in the directadmin.conf. It's only used when spam_inbox_prefix=1 is set, which is when INBOX.spam applied.

Simply swaps all INBOX.spam strings with the new value.

special_exit_code

special_exit_code=42

Forcefully display hook output, even when no errors occur.

You can diable the feature by setting it to 0, eg:

./directadmin set special_exit_code 0
service directadmin restart

List of supported hooks:

  • dns_write_post.sh
    More available upon request, assuming reasonable need.

sshdconfig

sshdconfig=/etc/ssh/sshd_config

Path to the sshd_config. Will rarely be changed. One case where you might change it is to set a placebo file for DA.

ssl

ssl=1

Turn on/off SSL for DirectAdmin panel.

ssl_allow_signed_sha1

ssl_allow_signed_sha1=0

Forces DirectAdmin to do a check at update time to look for older SHA1 certificates and report back if any are found. Related: SSL warning about older SHA1 certificates

ssl_port

ssl_port=0

Allows DirectAdmin to run on 2 ports at the same time, where the port value specified in the ssl_port option will use SSL. Commonly used as port 2223 .

strict_backup_permissions

strict_backup_permissions=1

Enabled by default - the backup process will go through all data in /home/username/domains and will do check to see which ones the username (DA account) cannot read. A second data list is created backup/non_readable_files.list which is used as '--exclude-from' tar key.

Related option:

add_non_readable_files_to_strict_backup=1

The option is used by backup process to actually copy these files to a new data location non_readable_files which sits next to "backup" and "domains" at the top level.

If any file is chmod to 0, when the file is copied, it will be set to 600 (directories to 700).. as the backup needs this as a minimum to read the file as a non-root backup. The restore will not reset these files/folders to chmod 0. They'll be left as 600 (700 for dirs).

Since this feature copies files to a 2nd location before backup, significant amounts of disk usage will be used if the files being backed up (eg: apache owned files) are not readable by the User.

This related option will use the same tree parsing:

backup_apache_files_list=1

so either add_non_readable_files_to_strict_backup or backup_apache_files_list will cause a full /home/user/domains directory traversal.

Related: add_non_readable_files_to_strict_backup | backup_apache_files_list

subdomain_force_redirect

subdomain_force_redirect=0

Relating to the User Level feature that allows forcing domain.com » to www.domain.com (or vice versa)open in new window, this option excludes subdomains from this redirection since we rarely intend for the redirection to affect subdomains. For example, the following is rarely desired:

sub.domain.com » www.sub.domain.com

So, with subdomain_force_redirect=0, any www or non-www redirection for domains or pointers will no longer affect subdomains (where a subdomain in this context is one that is created under a domain, and not subdomains created as "full domains").

If you do need subdomains to redirect to www, then enable the setting globally:

/usr/local/directadmin/directadmin set subdomain_force_redirect 1
service directadmin restart

And the next rewrite of the User httpd.conf (or other server User config) will be updated with the change.

To update all User configs, type:

/usr/local/directadmin/custombuild/build rewrite_confs

sysbk_conf

sysbk_conf=/usr/local/sysbk/conf.sysbk

Config file for the "sysbk" script (Admin Level -> System Backup).

systemlog

systemlog=/var/log/directadmin/system.log

A path to main system.log file.

system_user_to_virtual_passwd

system_user_to_virtual_passwd=0

Include the system account in the virtual passwd file at /etc/virtual/domain.com/passwd so you can login with systemuser@domain.com and Dovecot LMTP would be used for delivery (supports compression, Sieve filters).

table_case_sensitive_search=1

Ability to perform case sensitive search in table class inside DirectAdmin.

This can be useful if you might have a filename or some value in a table cell that shouldn't be case sensitively matched. Or to fight with mobile phones that decide upper case is always the best, when: autocapitalize='none' has not been added to the input field.

You can also add the following flag to any table search/sort (including "starts with", "contains" or the "equals" options)

&case_sensitive_search=1

or

&case_sensitive_search=0

to override whatever might be set in the directadmin.conf.

Because we do not want to affect searching performance of the table class, we've implemented this using function pointers. Case sensitivity choice is known ahead of time, so the function pointer for the actual string comparison is set once, and the function pointer is called directly per comparison. This is as opposed to the slower method which would need an "if" statement check on the choice for every cell/search, which would be slower ("in theory").

table_default_ipp

table_default_ipp=50

Ability set default items per page in tables. skin.conf option default_ipp=20 overrides this setting.

table_highlighting

table_highlighting=1

Enables the highlighting table row when you hover the mouse over it (changes to a darker background, to more easily track which value you're about to select).

tally_after_restore

tally_after_restore=2

If you wish to not run the tally after you restore data, set to this to 0. This will lower your CPU time, but make your usage stats out of sync until the next tally.

If you do want to run the tally, but want to get the restore message before the tally, you can now use tally_after_restore=2 . The only "downside" is the slight lag in stats being updated, though they will be updated after the tally finishes (which time can vary depending on the amount of data to be processed).

Which will call a tally for that Reseller to the task.queue (to be run later), so the result message will arrive much more quickly.

To run the tally immediately following any restore, seet this to 1. Note that the notice about the restore being successful doesn't get sent out until after the tally finishes (in the same thread).

taskqueue

taskqueue=/usr/local/directadmin/data/task.queue

Location of the task.queue file used for background tasks run by the dataskq. You'll probably never change this.

templates

templates=/usr/local/directadmin/data/templates

Location on disk for all templates.

ticketsdir

ticketsdir=/usr/local/directadmin/data/tickets

Location where the tickets and messages for the internal messaging system live.

timeout

timeout=60

Number of seconds a DirectAdmin process is allowed to run before generating a timeout signal and aborting. Note that some of the more time-consuming processes use a multiplier on this value.

tls_min_version

tls_min_version=tls12

Controls minimum allowed TLS version for HTTPS connections. Valid values include tls12 (default) or tls13.

TLS 1.2 is configured to only use strong cipher suites:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA

But for even stronger security, TLS 1.3 can be used.

tmpdir

tmpdir=/home/tmp

Location for temporary data.

tokenizer_clear_env

tokenizer_clear_env=1

When set to the default (1), the Tokenizer will wipe the environment before adding new values, but then restore it afterwards. So the env vars from before the tokenizer runs a script, will be restored after the script is done.

You can set this value to 0 if desired, though the only benefit is to pass any pre-script env vars to the script (aside from anything that is set/ovewritten for the script, as before, which will still be set).

track_task_queue_processes

track_task_queue_processes=1

Ability to track backup progress.

ValueComment
0Disable task queue tracking
1Enable simple task queue tracking
2Verbose task queue tracking

twostep_auth

twostep_auth=1

twostep_auth_discrepancy

twostep_auth_discrepancy=1

Enable two step authentication

twostep_auth_trust_days

twostep_auth_trust_days=30

Number of days to trust device after two step authentication done.

unblock_brute_ip_time

unblock_brute_ip_time=2880

A number of minutes after which the IP is automatically unblocked by Brute Force Monitoring.

unified_ftp_password_file

unified_ftp_password_file=1

The option for the proftpd password files to be unified (/etc/proftpd.passwd used as single config for ftp accounts).

user_action_locking

user_action_locking=30

A number of minutes the** actions under account are prohibited** after the backup process starts.

user_brutecount

user_brutecount=30

The BruteForceMonitor can scan how many times a specific IP attacks a server, but also how many times a specific User is attacked from any IP. Sometimes the Admin might not want to bother with the number of attacks on a specific User, so you can set the option user_brutecount=0 to 0, which will disable DA's count on specific Users. Setting to 0 will likely improve the loading time of the Brute Force Monitor page.

user_can_select_skin

user_can_select_skin=0

If set to 1 then users will be able to pick whatever skin they want.

user_can_set_email_limit

user_can_set_email_limit=0

Disabled by default, if enabled users will be able to set send email limit via the interface. Note that regardless of the limit set, all email account sends are still limited by the DA-User limit, one of /etc/virtual/limit or /etc/virtual/limit_username .

If user_can_set_email_limit=1 is set, then on the "E-Mail Accounts" page, you'll see a new column called Sent which will show the number of emails sent today. If a limit is set for that User, the limit is then displayed, eg: 2 / 5 . If no per-email limit is set, but a global per-email is set in /etc/virtual/user_limit file then that limit will be shown, eg 2 / 50 . If no limit is set... and no user_limit is set, then no limit will be shown, eg: 2 . Feature will save send/limit into the usage.cache, if that feature is enabled.

user_dnssec_control

user_dnssec_control=0

Ability to make "Generate Keys" and "Sign" buttons visible in DirectAdmin panel for users for DNSSEC records.

user_email_quota_max

user_email_quota_max=0

Ability to set maximum value for email quotas.

user_email_smtp_logs

user_email_smtp_logs=1

Option to disable User access to per-email smtp logs. Value of 2 enables the use of exigrep to parse the logs.

user_helper

user_helper=www.site-helper.com

A URL used for help button in user panel.

Related: admin_helper | user_helper

update_channel

update_channel=current

Used to change what channel to receive updates from (current, stable, alpha or beta)

users_can_add_remove_domains

users_can_add_remove_domains=0

Option to control whether users can add or remove domains.

ValueComment
0Allows deleting and removing domains by users
1Allows only adding domains by user (no delete)
2Block ability to add or delete domain

Can be overridden via the user.conf file.

users_can_rename_domains

users_can_rename_domains=1

Allow renaming of domains from user panel.

user_warning_thresh

user_warning_thresh=80

The threshold on bandwidth when user will be notified.

user_warning_thresh_disk

user_warning_thresh_disk=95

The threshold on disk usage when user will be notified.

user_warning_thresh_inode

user_warning_thresh_inode=95

Option to control of when user will be notified on inode usage.

use_syslogd

use_syslogd=0

For use with the syslogd logging facility, which allows for more logging options including remote logs.

use_uid_counting

use_uid_counting=1

To **prevent ever reusing the same uid/gid **again. The DirectAdmin manages 2 files /usr/local/directadmin/data/admin/high_uid.number and high_gid.number which contains the last highest uid/gid values created through DA. Upon creating new user, DA will check those files as well as the /etc/passwd and /etc/group, and check to see what the current high uid/gid values are, and use that value+1 for the next User. If your system is doing a lot of adding/removing of users you may allow reusing same uid/gid setting the value to 0.

utf8_encode_from_to

utf8_encode_from_to=0

UTF-8 Encoded To/From/Reply-To fields in DA emails.

utf8_encode_subject

utf8_encode_subject=0

Ability to automatically encode subjects to UTF-8 for emails generated by DA.

webalizer

webalizer=0

To enable webalizer statistics.

webapps_ssl

webapps_ssl=1

Option to control whether web applications (webmail, phpmyadmin) are forced to use SSL. Default is taken from the setting ssl=0|1 in the directadmin.conf. Can be overridden via config files or .htaccess.

webmail_backup_is_email_data

webmail_backup_is_email_data=1

Is used to include webmail data if the 'email_data' backup checkbox was selected. This could be disabled by setting to 0 for cases where you want your RoundCube database backed up and restored, but want to exclude email Maildir data, as Maildir can be easily transferred with rsync.

webmail_link=roundcube

Ability to change the webmail links and webmail button.

wrap_long_dns_values

wrap_long_dns_values=1

Long records, like DKIM TXT records are broken into multiple shorter lines for cleaner viewing.

x_forwarded_from_ip

x_forwarded_from_ip=

Set X-Forwarded-For header for proxy or load balancers accessing DirectAdmin.

x_frame_options

x_frame_options=sameorigin

Adds HTTP header to all iframe requests in DirectAdmin: X-Frame-Options: sameorigin.

xfs_on_domains

xfs_on_domains=0

Disable if you don't want quotas enabled for your domains. When enabled, this will create a project called domain.com with the path /home/user/domains/domain.com and the xfs system will limit the files uploaded to that location for any file ownership, including apache/root as per the limit specified by the User on that domain at: User Level -> Domain Setup -> domain.com.

This is useful for cases where:

  • the User has many domains, and does not want any one domain to use up too much space.
  • there are files uploaded under some different username, as the xfs domain quotas are enforced by path, not file ownership.

zip

zip=1

Ability to zip and unzip files in the File Manager.

zip_bin

zip_bin=

If the values are set to null (aka: not in the directadmin.conf at all), then DA will look for /usr/bin/zip else /usr/local/bin/zip to use for compression.

The purpose of this is to allow an override if in case you need to add a wrapper to unzip, in such cases as extraction of UTF-8 files, eg:

unzip_bin=/usr/bin/unzip2

With unzip2 containing:

#!/bin/bash
export LANG=en_US.UTF-8
exec /usr/bin/unzip $@
exit $?

zstd

zstd=1

Allows zstd compression for backups.

zstd_bin

zstd_bin=/usr/bin/zstdmt

Path to the zstd binary.

Last Updated: