Version 6 to 7 Changes

System Wide

  • updated to Debian 10 Buster

  • iptables replace by nftables

  • file based external backup replaced by a snapshot based one

  • maximum diskspace raised to 10TB


  • nginx 1.16

  • support for TLS 1.3, see SSL/HTTPS Access

  • ModSecurity 3/OWASP CRS 3.2, see Web Application Firewall

  • MariaDB 10.3, default charset set to utf8mb4

  • PHP version selector for versions 5.6, 7.0, 7.2, 7.4 per website

  • updated name restrictions: Length up to 32 characters, support for digits, underscore and dash

  • uniform profile between interactive and non-interactive, login and non-login zsh & bash shells

  • type related cronjobs will run each 15min with a randomly spread offset calculated from the website name

  • Docker type: enabled user namespace mappnig, see Getting Started with Docker

  • removed outdated types and added new ones, see Type

  • removed the ~/cnf/nginx-redirect.conf configuration file which was not nowhere correctly in use

  • override for all type specific presets: preview auth, phpinfo, sendmail (Cockpit website Advanced tab)

  • installed goaccess, see GoAccess

  • custom error page is taken out of error.html within the default webroot

  • custom error page can distinguish between WAF and non-WAF 403 errors

  • added WEBSITE_CONTEXT variable, see Environment Variables

  • added WEBSITE_SERVER_NAME variable, see Environment Variables

See Website.


  • switched from iptables to nftables

See Firewall Rules.


  • added the smtp_sasl_password_maps option

See Outgoing Mail Server.



  • switched from iptables to nftables which also concerns Docker (See Firewall Rules)

  • enabled user namespace isolation

See Getting Started with Docker.