Configure PHP memory limit


Before we show you how you can individually set the PHP memory limit per customer and website on our full-managed servers, first a few informations:

Why do I need a PHP memory limit at all?

PHP always reserves a part of the RAM for executing scripts. How much RAM can be reserved for this is defined with the PHP memory limit.
If there would be no limit, a bad script could cause the memory to fill up slowly but surely, so that the speed of the web pages becomes much slower and in the end even the whole server can become unstable.

How high should the PHP memory limit be?

Unfortunately it is not possible to give a general answer.

It depends on which CMS you use and how many applications you have installed there. The values vary from 32 MB for a simple WordPress installation up to 512 MB for a complex shopware installation

For this reason we do not set such a high limit, so that any kind of CMS can get along with it (WordPress needs less than shopware).

Setting the PHP memory limit for a website

If you open the settings of a website ( similarly of course also for sub vhost and alias domain vhost), you can set the limit directly.

If you enter a 0 here, the limit is automatically set to the value of the server or to the value of the used webserver configuration, if you have also defined PHP settings here.

Please note that the “Individual php.ini settings” always have priority. If you have entered a different limit there, this value will be taken as long as it is not greater than the defined limit. The same applies to a memory limit that you have set in the direct (web server configuration).

Setting the PHP memory limit for a client

If you don’t want your customers to enter arbitrarily high values for their websites, you can also assign a limit to each customer. This limit behaves in the same way as the website memory limit: the customer can distribute “his” limit to all pages individually.


Set the compression for web pages


In the following we show you how you can set the compression of a website on our fully managed servers.

There are several options available to you:

  • Disabled
  • Gzip
  • Brotli
  • Brotli + Gzip

Compression with Brotli + Gzip is the default setting to compress smaller files directly when the website is delivered.Brotli is a newer type of compression developed by Google as an alternative to Gzip, Zopfli and Deflate. Google’s case study of Brotli has shown that the compression rates are up to 26% lower than other compressions and the CPU usage is also lower.
The server and the browser (visitor) must be compatible to Brotli and use an encrypted connection via https to benefit from compression.

If your website is delivered with Brotli compression, you can test on here.

You can see the compression levels of Gzip and Brotli for example here.

Set minimum TLS version


You can set the minimum TLS version for each website on our fully managed servers.

Various vulnerabilities have led to experts recommending long ago to disable all versions of SSL and TLS 1.0 (this has always been the default setting on our servers). Meanwhile, websites should no longer be reachable with TSL 1.1, but at least support TLS 1.2.

To set the minimum TLS version, you just have to go to ISPConfig and select the “Minimum TLS version”:


Every modern browser supports TLS v1.2, most also TLS v1.3, but since the latter version is still considered experimental, it is a good idea to set the pages to TLS v1.2. If you want to be absolutely sure that your site can be reached with an outdated browser, you must choose TLS v1.1.

To test the SSL settings of your site, you can use one of the two links:

Backup-Now for websites and database with ISPConfig


You can have automatic backups created on our fully managed servers. Now you also have the possibility to manually trigger a backup of a website or a database.


You can use it, for example, to back up the database before you make major changes to your project. If something goes wrong, you can restore the freshly created backup.

When you start a manual backup, the oldest backup is deleted afterwards.

Configuring Backups in ISPConfig

You can find the settings for the backups in the Backups tab of your website.

You can set the number of backups to be saved under “Number of backups” between 1 and 10.

You can set the interval to different values:

  • Automatic backups inactive
  • Daily
  • Weekly (every Sunday)
  • Monthly (on the 1st of each month)

If you choose “Automatic Backups inactive”, only manual backups are created via Backup-Now.

Start Backup-Now

To start a manual backup, you just have to click on the button “Backup website now” or “Backup database now” to switch from grey to blue and then save the settings:


Until a backup is complete, you cannot trigger another manual backup:

After the backup is complete, you will find the backup as usual under “Existing Backups”.

By the way, you can recognize a backup created by Backup-Now by -manual in its name.


Script to install Proxmox 5.x – 7.x on a Dedicated Hetzner Server

The Proxmox-Version depends on your OS: Proxmox 5.x on Debian Jessie, Proxmox 6.x on Debian Buster and Proxmox 7.x on Debian Bullseye.

  • Install Proxmox on your server
  • Let’s Encrypt Certificate for the Proxmox-Interface
  • Option to use Thin-Pool Storage
  • Read the Server-IPs (Single-IP and Subnet) from the Hetzner-Robot
  • Write the Network-Config
  • Option to create private IPs if you use a vSwitch


You can put your Robot-Credentials in the file robot.conf.php so the script will not ask your for the Robot-Login.

If you just want to generate the network config (even for a different server), see chapter Network-Setup at the end of this page


Boot your server into the Rescue-Mode, use installimage and choose the minimal Debian-Strech, Debian-Buster Version or Debian Bullseye Version.

Set the HOSTNAME to a FQDN

If you want to use Thin-Pool, use something like:

PART lvm pve all
LV   pve root / ext4 10G

Reboot the server and run the following commands to download the script:

apt -y update
apt -y install php-cli php-curl wget
cd /root
tar xfz hetzner-proxmox.tgz
cd proxmox

Install Proxmox

To install Proxmox, please read the following notes before running the script.

The directory custom contains several files that are used during the installation.

In the custom directory you will find:

  • etc/aliases
  • etc/cron.d/trim.example
  • etc/sysctl.d/pve.conf
  • root/
  • root/
  • ssh (empty)

If you want to install your ssh-key, just put your public-key into ssh/authorized_keys. The installer will copy this file to /root/.ssh/authorized_keys

The files from etc/cron.d calls the responding scripts from root. If you want to use them, rename the file in etc/cron.d and root.

You can also put your own files into the custom-dir and / or change the files. For more informations see the file custom/README.txt.

To finally install proxmox, just run

php install-proxmox.php

The script shows you the detected OS and the Proxmox-Version, that will be installed:

Detected OS: Debian Buster
Install Proxmox-Version: 6.x

You will be asked the following questions:

Full qualified hostname (FQDN) of the server [server]:

Add the full name here (i.e. Otherwise you can not use Let’s Encrypt.

IP of the server []:

Make sure that the recognized ip is also the one from your server

Network Card [enp0s31f6]:

Usually, you don’t have to change the detected value.

Do you want to autoconfigure the network? (y,n) [y]:

Choose y to let the script generate the network-config.

Enter your credentials for the Hetzner-API
robot_url []:
robot_user []: 
robot_password []:

Enter your robot-credentials if you did not already stored them in robot.conf.php.

Enabled Thin-Pool for Proxmox? (y,n) [n]:

With y the installer will generate a Thin-Pool:

Only one LV found - using pve
Use LV Name for Proxmox Thin-Pool - 'none' to skip [data]:
SSH Port [22]:
SSH PremitRootLogin [yes]:

You you should use the defaults for a Cluster-Setup.

Use Let's Encrypt for the Interface (y,n) [y]:

Choose y if you want a free ssl-cert from Let’s Encrypt for the Backend.

Email to use with Let's Encrypt and in scripts [admin@local]:

Starting with Promox 7 the script does not installs for Let’s Encrypt. At the of the installation, you will see a note to run a script after the final reboot.

For more informations read

Start Proxmox Install? (y,n) [y]:

Finally run the setup.

If your server is connected to a vSwicth:

This server is connected to the vswitch with the ID 4868 [4001]
Add the vswitch to the network-config? (y,n) [y]:
Use Private IP []:
Use Private IP []: 
Netmask [24]:

Choose a private IP like for this server and set the netmask.

copy /etc/network/interfaces to /root/
writing new /etc/network/interfaces

Check the network-confg and reboot your server
Updating /etc/aliases
Adding your authorized_keys

Install finished. You can reboot the server now.


You can also use network-manual.php to generate a network-config on an existing server.

This will not overwrite your current setup.


php network-manual.php

and answer the questions. You find the generated config in /root/interfaces.generated


Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.


Visit our issue tracker.

Datalog History


On our Managed Mail Servers and the Full-Managed Servers you can track and undo changes made in ISPConfig.

However, only the settings are written back and not the contents of websites or similar. For example, if you have deleted a website you can only restore the “basic structure” – the contents of the website have to be restored from backups.

Show Datalog History

You will find the menu item “Show Datalog History” under “Monitor”.


The history then looks something like this:

When you select an entry, the corresponding activities are displayed and you have the possibility to undo the change:



Enhanced spam check for mailboxes


On our managed mail servers and full-managed servers you can not only set greylistening for each mailbox to on and off for the spam check, but also for RBL, SPF and spoofing.

SPF and RBL are automatically activated for new mailboxes, greylistening and spoofing are disabled by default.

What do these spam checks do in detail?


The owner of a domain can specify which servers are allowed to send mails. If delivery via another server is attempted, the mail can be rejected directly. This happens in particular with spam mails if the sender in a mail is forged. Unfortunately, there are also postmasters who define these specifications incorrectly or simply forget to add a new server.

It can also lead to problems with the SPF check if mails are sent via an external mail gateway beforehand.


Our mail servers check incoming mail across one or more lists of servers that have recently sent spam. Connections from “spam spinners” are rejected directly.


At the first connection the sending mail server gets a message that it should try again in a few minutes. This can reduce spam, but is not always optimal for mailboxes that are used for direct communication with customers. Otherwise it can happen that the customer sends a mail and then you have to explain that the reception can take up to 5 minutes.

If a mail server has passed the other checks on the second attempt, its IP is on a whitelist and mails sent later arrive without greylistening.


Email spoofing refers to the forgery of the email header so that the message gives the impression that it has a different origin or source. Spam distributors often use spoofing to get the recipients of the email to open the message so that they respond to its content.

Set individual checks

Log on to your server in ISPConfig and select the mailbox for which you want to customize the SPF, spoofing, or RBL check.


Monitor your server


You always have full access to the monitoring of your managed server and can view the data directly in your browser, via your smartphone or an add-on from Firefox / Chrome.

Depending on the monitoring value there are two limit values Warn and Crit. If yours is exceeded, the display changes to orange (Warn) or red (Crit). You can adjust the limits directly in ISPConfig on your managed server..

If the state changes, you will receive a mail after a certain time. You will get the notification if the status changes to OK, Warn or Crit.


Set limit values


Log into ISPConfig on your Managed Server and open the “Tools” in the upper right corner. Under Managed Server on the left side you can set the monitoring.

To adjust the values, select one of the checks and then define the limits. For the mail queue it looks like this:

If there are 20 to 29 mails not yet sent on your server, the status changes to Warning. If 30 or more mails have not yet been sent, the status changes to Critical.



Just open the URL for monitoring in your browser and log in with your access data.

Smartphone APPs

aNag for Android


Grab aNag from the the playstore and start the App.

You can freely choose the name – it only serves to distinguish between different instances.

The other data are:
Instance type: Icinga/Nagios (HTML)
Username: Your Username
Password: Your Password

easyNag for iPhone & iPad


You can download and install easyNag here.

You can use the settings for Android for the individual values.

Add-On for Firefox and Chrome

For Firefox you can use the current version of imoin.



Install the add-on in Firefox via Add-Ons or in Chrome via this Link and set up access:

Version: Nagios Core 4.0.7+
Username: Your Username
Password: Your Passwort

Update PHP versions (automatically)


On our managed servers you can view the versions of the additional PHP version directly in ISPConfig. If a new version is available, you can update the PHP version or use the “Auto-Update” function. With Auto-Update” enabled, the PHP version will be updated as soon as a newer version is released.

additional PHP versions

Additional PHP versions can be installed in addition to the PHP version of the operating system and then used for individual web pages. PHP versions 5.6, 7.0, 7.1, 7.2 and 7.3 are available on our managed servers. The ionCube loader is always installed with all versions.

Which versions are additionally installed always depends on the operating system of the respective server. For Debian Jessie PHP 5.6 is not an additional version, while for Ubuntu 18 PHP 7.2 is not an additional version. Which versions you see on your server for updates depends on the respective server – the screenshots may look different for you.

show additional PHP versions

Log in to ISPConfig on your server and click on “Tools” in the upper right corner and then “Manage PHP Versions” in the lower left corner. You will be shown the installed versions:


You can see at a glance which versions are not updated or whether an installation is currently being updated.



If an update is available, you will be shown the button “Update” and can immediately start the update. You also have the option to automatically update a version. All you have to do is check the box “Auto-Update” and save the settings.


GDPR Plugin for ISPConfig


With our ISPConfig GDPR Plugin we have developed an enhancement that allows you and your customers to sign online contracts for data processing.

As an admin, you also have the option of generating agreements or other contracts directly and send them to the client.

You can also export all data stored for a customer in ISPConfig to generate information about the stored data. Of course, every client can also do this himself.

Try the GDPR Plugin for free

You can download the plugin here and test it for 14 days for free. As a license you simply use “TRIAL”.

If you want to use the GDPR Plugin afterwards, you need a license.


Download the plugin to your server, unpack the archive and change to the directory ispconfig-gdpr.

If you haven’t installed the ionCube load yet, you can do it either with the script install_ioncube.php or manually for all PHP versions and modes.

php -q install_ioncube.php

We have only tested the script on Debian 7-9 and Ubuntu 14-18 so far. If you are using CentOS for example, you may have to install the ionCube-Loader manually

For the manual installation we recommend to use

If the ionCube-Loader is installed, you start the installation:

php -q install.php

After that you only have to log in to ISPConfig as admin and activate the module GDPR for the user admin (under System / CP User / Edit User). Then log off once and log on again.


Just start


You can also download the current version, unpack the archive, change to the ispconfig-gdpr directory and then call php -q update.php.

Features of the GDPR Plugin:

  • Automatic generation of order processing (GDPR) contracts by a client
  • Automatic generation of order processing (GDPR) contracts by the admin for a client
  • Generated order processing (GDPR) contracts are saved directly as PDF files
  • Ability for the client to revoke an existing agreement
  • Upload option for the admin to provide additional contracts / data for a client
  • Support of several companies
  • Individual templates for generating contracts
  • Individual templates for sending email
  • Ability to store contracts and other data on the hard disk or directly in the database
  • Export function for the data stored for a client (PDF or XML)
  • The GDPR Plugin is integrated in ISPConfig and can be accessed via the ISPConfig Admin/Client Login
  • Standard PDF templates for companies


The ISPConfig GDPR Plugin is an extension to ISPConfig and is not subject to the BSD license.

One license costs 80,00 EUR (95,20 EUR incl. 19% Tax) and includes updates for one year after activation of the license.

Customers who already have a license and want to receive further updates after one year can extend the “update time” for another year for 40.00 (47.60 EUR incl. 19% Tax).


You can download the manual for free here.