Back to Changelog
v1.0.250
PHP Legacy Runtimes management (curated presets, custom Dockerfile, build history), Mail SSL primary hostname unification, environment classification, plus reliability fixes across PHP-FPM systemd handling and cron scheduling.
New Features
2- PHP Legacy Runtimes management — new feature. Apply 10 curated extension presets in one click for Docker-isolated PHP 5.6 through 7.4: WordPress, WordPress + WooCommerce, OpenCart 3, Magento 2, PrestaShop, Drupal, Joomla, Laravel, Nextcloud, WHMCS. Includes a 45-extension custom catalog with PHP-version-aware Dockerfile generation, a raw Dockerfile editor with FROM whitelist, build history with one-click rollback, and WebSocket build progress with automatic polling fallback.
- Environment classification and build provenance. panelica.conf supports a [panel] environment field (production / staging / development); the binary embeds BuildMode, BuildHost and the git commit via -ldflags. Update checks are skipped when environment=development so Central tarballs no longer overwrite locally-built binaries on developer machines. New GET /api/v1/server/environment endpoint exposes runtime provenance for auditing and UI gating.
Improvements
5- Preset catalog is CI-verified for PHP 7.3 and 7.4: all 10 presets pass end-to-end docker build and php -m extension verification on both versions (20 of 20 combinations). Redis PECL extension is pinned to redis-5.3.7 so PHP 7.0-7.3 builds do not pull redis-6.x which requires PHP 7.4+.
- Apply Preset now restarts the running PHP-FPM container instead of sending SIGUSR2 so newly built extensions actually load. Post-build verification runs the new image and asserts every expected extension is present before any shim swap. A 30-second per-pool health gate watches for the pool socket to reappear; if the majority of pools fail, the shim is automatically rolled back to the previously applied image. Superseded image tags are pruned automatically (last 3 retained for rollback).
- Every legacy-runtime function (Restore, rewriteShimImage, restartAllUserFPM, syncImageConfD, pruneSupersededImages) refuses non-legacy PHP version parameters at the door. All related API endpoints (manage, apply-preset, apply-extensions, apply-dockerfile, restore) reject any version path parameter outside the docker-isolated set with HTTP 400, so a crafted request targeting native PHP 8.x can never trigger a build, restart, shim rewrite or conf.d sync.
- PHP-FPM TimeoutStopSec raised to 15 seconds with orphan listening socket recovery on startup.
- Recent Errors Detected badge now requires 3 or more failures within the last 24 hours before marking a row as problematic.
Bug Fixes
5- docker-php-ext-*.ini files from the new image are mirrored into the host conf.d directory before pool restart. The legacy shim bind-mounts host conf.d read-only over the container directory, which previously hid every extension .ini shipped by the image. Custom operator .ini files (anything not matching docker-php-ext-*.ini) are preserved across preset switches.
- PHP-FPM systemd unit templates now trigger daemon-reload immediately when the unit file changes on disk, and ensureServiceTemplate skips the write entirely when content already matches. The rolling restart in the legacy runtime apply pipeline also issues a defensive daemon-reload first. Eliminates the "unit file changed on disk" error that surfaced as HTTP 500 on the domain php-version endpoint after a fresh deploy.
- PHP-FPM recovery scheduler no longer races against an intentional stop. When a domain handler switches PHP versions the unit briefly enters the deactivating state; the scheduler used to read that as stuck and force-cycle, colliding with systemd and producing Job canceled errors. A 60-second threshold via StateChangeTimestampMonotonic now protects in-flight stops while still recovering genuinely stuck units.
- Mail SSL: the primary mail hostname no longer receives two separate Let's Encrypt certificates (per-domain SNI + server-wide default). The certificate issued for the primary hostname now syncs to mail.crt and mail.key automatically via atomic copy, eliminating manual post-issuance steps. Non-primary hostnames are unaffected. detectPrimaryMailHostname precedence matches the UI: panel_settings.mail_hostname first, then postfix myhostname, then server hostname.
- Cron reliability. Binlog cleanup command uses /usr/local/bin/db-wrapper which reads credentials from /root/.my.cnf — the previous command searched for a non-existent root_password key in panelica.conf and exited 1 on every run. User cron job error badge now requires 3 or more failures within the last 24 hours; system cron job error badge expires 24 hours after last_run. Cron-scheduler polls the system_cron_jobs table so entries created in the System Jobs tab finally run on schedule. System cron executor PATH includes /usr/local/bin so database utilities resolve on Execute Now.