Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - fafache

Pages: [1]
1
PHP Selector / Re: PHP-FPM Not Working (503 Service Unavailable)
« on: September 02, 2020, 03:09:27 PM »
hello

I have the same problem

when I config apache<-varnish<-nginx with php-fpm the website go down (with php-cgi it's ok)

finaly I try two things and now it's working (but I don't know why)

1) in "user accounts -> fix permissions" for user nobody, I fix permissions from 644 to 755 php files (maybe it's not that)

2) I think it's that, after compil all php-fpm in "php setting -> php selector 2" and also "php setting -> php-fpm selector" I compil the php x.x.x
and go back to "webserver setting -> select webserver" check about the good php-fpm for apache and nginx (select the version on down) and select "only apache

click on save & rebuild, check if your website go back, if ok, use a terminal with a "top" command and go back to click on your website to make the user working, here you can see if the user use php-cgi or php-fpm

let's go back to nginx->varnish->apache->php-fpm (check again with "top" command and clicks on your website, if it's all right) you have the best config

if that help you, a thank is good, if you find something else or the "why", say it here


hope that help you

2
Suggestions / Re: Who agrees with me ?
« on: September 28, 2017, 07:56:39 PM »
it's not the good business model, CWPanel is free license, and you can't ask for subscription fee just for license because it's ... free license

if you want to pay for something, you can create a company or group, mutualise the money of other people (who want to pay something) and hire a technician or developer to do the job you need, that is the business model for free license...


3
Suggestions / money for developers
« on: September 28, 2017, 07:44:55 PM »
hello

CWPanel have a problem to become better (and it's already really good)

OK but what is the problem?

CWPanel is free, it's not a company who make it great, it's some passionate peoples looking for a simple solution to have a server for not godlike user

it's not really the problem, Firefox also is free and don't have this type of problem.
the problem is, this type of product is for professionals (maybe not all)

for private software, the business-model is easy, the leader create a soft, and sale it, with money, he can hire some developers to make the soft better and sale it more expensive etc.

for free software ... it's not like that, everybody can brings something, and developer do the main donation of time (for the training, the pleasure, the glory, or other think) and the companies who use the free software can hire a developer to make the free software better (inside the GPL terms)
if you look, this model is better IF the companies play the game and give something (like developer time hired by a company for example)
like that the new code is better for ... everybody

OK (why not) now, how can we do that for CWPanel? (and kick out other private panels ... and conquer the world ... and ... oops sorry for this)

the problem is not the users don't want to pay something, but, if they pay it's for ... something, not for a license. And it's always possible to find professional developers if there is a project and money for it.

one way is to create an private company like CWP7pro (it's not really private, but it's not really free also) and ask for subscription fee ... to create a new private panel ... well ... why not, maybe for technicians (like red hat linux after all) well this solution is already doing, I think.

second way is to create a system (inside this forum for example) like a market where users (companies) and developers can exchange, the users ask for different desiderata, the developers estimate the price of a project and post a "donate button" for the budget and when the total price is inside the budget, the developer (or team) can makes the job and take the money. (yes! there is a difference about a free advice and a free beer, work need time and time is money, the developer don't live with love and clear water, they need money for life)


I take an example, some users want nginx main web server module, or translating CWPanel in Japanese . they ask for it, developer or cwpanel team estimates to do that for $ 1000 (maybe an other one say "you are crazy, I can make it for only $ 750" and when there is a consensus, a donate button is created for the total budget.
Here , the user give what they can, and when there is the money for the budget -> the developer make the job and after the result take the money.

if you are like me, thinking it's a good idea, just answer at this post to say "I'am an user (or developer) and i think also it's a good idea"

thank for your reading, and maybe we can make together CWPanel the best panel....

Fafache

4
Nginx / Re: running nginx w/o apache
« on: September 28, 2017, 03:42:09 PM »
hello

since most than 1 year, there is a project to run nginx in main web server (port 80 and 443) but ... there is also no news about it.

maybe it's a good idea to create a donation project to do that (like for cwp7)
you estimate a budget, create a donate button for it and ... when there is money there is solutions

I say that, I say nothing, but maybe you can think about it

5
Suggestions / Re: Nginx As The Main Webserver
« on: August 01, 2017, 06:07:22 AM »
yes there is a plan for that options also...but it will be with some latter version probably in the next few months

there is something new? (after 1 year)

6
Suggestions / Re: Nginx As The Main Webserver
« on: April 19, 2017, 07:09:03 PM »
hello

what about nginx all traffic main web server solution?
(for me the better is *nginx:80,443 varnish in the middle and apache to host website, but just nginx is already a better solution for all https website)

if it's a big job, maybe it's a good idea to create a ground founding project for this.

the difference between a dream and a goal is a date

can we have a date?  ;)

7
SSL / Re: why ssl when does not work with varnish?
« on: March 11, 2017, 09:18:11 PM »
because varnish developer don't think it's a good idea. ???

and it's visibly not a priority for centos web panel developers to have a solution really quick with ssl certificate,
well in fact, I think it's really hard to code something where certificates work with all possibles configurations (apache, apache and nginx, and others)

But there are working for a config just with nginx (faster than just apache and not so far to varnish performances)

I wait also...

8
thank you very much for this tutorial

it help me and it's working better now  :)

9
Suggestions / Re: fail2ban
« on: December 12, 2016, 08:05:12 AM »
oh ... well, what is that again?

after looking for other informations there is something already working now

it's something working with lfd?

Login Failure Demon

OK I understand now what is this lfd

thank for information, I don't cancel the topic, maybe someone else asking about this

 :)

10
Suggestions / fail2ban
« on: December 09, 2016, 09:03:01 AM »
hello

When I choose CWPanel to host my websites I noticed there is not fail2ban service

since this time, I just think "just a time problem, it's coming"

but ... no

maybe it's possible to create a fail2ban module (or something like that) to make security better

thanks

best regards

Fafache

11
Suggestions / ssl everywhere with apache varnish nginx
« on: December 09, 2016, 08:52:31 AM »
hello

in the past, it's possible to have configuration with nginx-varnish-apache
now it's finish, there is varnish-nginx-apache (in test version ...   :-\) I don't really understand this choice (why nginx in the middle ??? but ok, no matters)

the problem with this solution is work really good but only with clear web pages

when you put ssl there is a redirection directly for apache (port 443 -> httpd) loosing all the benefits of varnish cache and compressed files by nginx


it's a suggestion to have a possibility:

*nginx (ports 80 and 443) for compress files, encrypt with ssl, and quick send result
*varnish (port 82) to cache all web pages, and maybe put all in RAM (speed up the site answer)
*apache (port 8181) to have all use comfort for all specifics utilizations for a lot of type of websites

with this solution you have all the benefits for all tools and make a really great total fast job

all the traffic pass by the same way and have the same quick answer  :)

best regards
Fafache

12
SSL / Re: How to install multiple SSL certificates on shared IP
« on: November 08, 2015, 11:43:11 AM »
Maybe you need a better tutorial

in summary:
you need 5 files:
  • /etc/pki/tls/certs/yourdomain.tld.csr (generate with SSL generator)
  • /etc/pki/tls/private/yourdomain.tld.key (generate with SSL generator)
  • /etc/pki/tls/certs/yourdomain.tld.crt (by your SSL dealer, the web server certificate inside, you adapt)
  • /etc/pki/tls/certs/yourdomain.tld.bundle (by your SSL dealer, the CA intermediate inside, you adapt)
  • a symbolic link /etc/pki/tls/certs/yourdomain.tld.cert pointing on yourdomai.tld.crt
in CWPanel → apache settings → SSL Cert Manager → Install SSL Certificate:
choose yourdomain.tld.crt, the domain user, the domain (yourdomain.tld) and click install SSL, it's possible httpd don't restart, in this case reboot server

note: if you have some www.yourdomain.tld 5 files (.csr .key etc.) you must correct the "serverAlias www.www.yourdomain.tld" for "serverAlias yourdomain.tld" in /usr/local/apache/conf.d/vhosts-ssl.conf after Install SSL

 
OK, for humans now, maybe you can follow this one more detailed:

1) First of all, buy the SSL certificate
To buy a SSL certificate, you need:
  • a public key (with all yours informations inside) named "yourdomain.tld.csr"
  • a private key named "yourdomain.tld.key"

To create its, go in your CWPanel → Apache settings → SSL cert Manager.
In SSL vHost Manager, you go on SSL generator and fill all informations request, (an advice: in your domain case, put www.yourdomain.tld, and not yourdomain.tld, without the "www" in csr file, there is no certificate for "www.yourdomain.tld", oops).
CWPanel generate now two files: www.yourdomain.tld.csr and www.yourdomain.tld.key. (I explain like if you fill www.yourdomain.tld in SSL generator)

OK, now you can buy a certificate, in the certificate generation process, you need to give the .CSR (key inside www.yourdomain.tld.csr) to your SSL Dealer.

Well, now, you receive two other files by your SSL dealer, a web server certificate and a CA intermediate certificate

2)Next step: adapt files or config and setup
At this point you have inside your CWPanel the .csr and .key files, inside your e-mail box web certificate and CA certification.

Now, it's time to make a choice: the clean way or the easy way.
The clean way consist to rename correctly all the certificate files to make a standard SSL setup, the easy way consist to make a standard SSL setup and correct inside the vhosts-ssl.conf the little mistakes.

A) the clean way:
  • in your CWPanel → Apache settings → SSL cert Manager
  • follow the /etc/pki/tls/cert web-link for File Manager in this directory
  • rename the www.yourdomain.tld.csr for yourdomain.tld.csr
  • on your computer, create a file yourdomain.tld.crt and put the web certificate key inside
  • create an other file  yourdomain.tld.bundle and put the CA certificate key inside
  • upload this two files in your /etc/pki/tls/certs directory (with file manager or .. like you want)
  • with file manager go to /etc/pki/tls/private/ (put in directory case, or follow .. web-link and private web-link)
  • rename the www.yourdomain.tld.key for  yourdomain.tld.key
  • at this point, you have five files: .key .csr .crt .bundle files and a false symbolic link www.yourdomain.tld.cert pointing on www.yourdomain.tld.crt (in /etc/pki/tls/certs) we must correct this point
  • in your CWPanel → Service SSH → Send shell command send this two commands:
    • rm /etc/pki/tls/certs/www.yourdomain.tld.cert (of course you replace "yourdomain.tld")
    • ln -s /etc/pki/tls/certs/yourdomain.tld.crt /etc/pki/tls/certs/yourdomain.tld.cert (you replace "yourdomain.tld" two times the command goal is "ln -s target link")
  • now, we have the 5 correct files (.key .csr .crt .bundle and .cert link) to make the standard SSL setup
  • OK, wait a moment to ask yourself if it's a good time for reboot your server, if no, restart here when it's a good time, if yes, go back in  CWPanel → Apache settings → SSL cert Manager
  • in  Install SSL certificate, choose the "yourdomain.tld.crt", the correct user for yourdomain.tld, fill the domain case with "yourdomain.tld" and finally click on "Install SSL" button. CWPanel work and don't restart correctly httpd (apache is fall, bad new), all is correct, just reboot the server in CWPanel → CWP Setting → Reboot Server → Reboot Server now button.
  • When the server is restarted, in CWPanel → dashboard, check if httpd is running, if it's work correctly, it's all right, if it isn't, there is a big problem (not solved in this tutorial), go back in  CWPanel → Apache settings → SSL cert Manager and delete the SSL and reboot server to come back at the original situation (without SSL).

B) the easy way
  • on your computer, create a file www.yourdomain.tld.crt and put the web certificate key inside
  • create an other file  www.yourdomain.tld.bundle and put the CA certificate key inside
  • upload this two files in your /etc/pki/tls/certs directory (with file manager or .. like you want)
  • at this point, you have five files: www.yourdomain.tld.key (in /etc/pki/tls/private/ directory) www.yourdomain.tld.csr www.yourdomain.tld.crt www.yourdomain.tld.bundle files and a symbolic link www.yourdomain.tld.cert pointing on www.yourdomain.tld.crt .
  • OK, wait a moment to ask yourself if it's a good time for reboot your server, if no, restart here when it's a good time, if yes, go back in  CWPanel → Apache settings → SSL cert Manager
  • in  Install SSL certificate, choose the "www.yourdomain.tld.crt", the correct user for www.yourdomain.tld, fill the domain case with "www.yourdomain.tld" and finally click on "Install SSL" button. CWPanel work and don't restart correctly httpd (apache is fall, bad new), all is correct.
  • In CWPanel → Apache settings → SSL cert Manager, click on "/usr/local/apache/conf.d/vhosts-ssl.conf" web-link
  • look after " serverAlias www.www.yourdomain.tld", replace by  "serverAlias yourdomain.tld" (suppress the www.www.) and click on "save change" button.
  • Now, just reboot the server in CWPanel → CWP Setting → Reboot Server → Reboot Server now button.
  • When the server is restarted, in CWPanel → dashboard, check if httpd is running, if it's work correctly, it's all right, if it isn't, there is a big problem (not solved in this tutorial), go back in  CWPanel → Apache settings → SSL cert Manager and delete the SSL and reboot server to come back at the original situation (without SSL, sorry).

3)some verifications and other tasks
good, at this point, normally you have https for www.yourdomain.tld and yourdomain.tld (check yourself in your web browser)

for a better check, in  CWPanel → Apache settings → SSL cert Manager, click on Check SSL Certificate and test the two way  www.yourdomain.tld and yourdomain.tld.

If you have a problem with chain it's the .bundle file not correct, if you have a problem with certificate, it's the .crt file the problem. it's possible the file .csr in your server is not the same one who SSL dealer have (if you have restart all but in the middle).

If it's all OK, you can do something else now:
like make a backup of the .csr .key .crt and .bundle, files
or like make a donate for CentOS Web Panel
(maybe I can suggest you to give +10% of your project price: server+hostname+certificate, you know a free advice is not the same price of a free beer, copy of CentOSWebPanel is free, server and work to create and maintain this project is not)

note: sorry if there are some English mistakes, I'm French, English is really not my native language

Pages: [1]