Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
SSL / Re: CWP support for TLSv1.3
« on: September 19, 2020, 09:24:35 AM »
OpenSSL Vulnerabilities page.
https://www.openssl.org/news/vulnerabilities.html
https://www.openssl.org/news/vulnerabilities.html
17
SSL / Re: CWP support for TLSv1.3
« on: September 19, 2020, 09:21:53 AM »
Requirements:
Apache version 2.4.37 or greater.
Nginx version 1.13.0 or greater.
OpenSSL version 1.1.1 or greater.
A valid domain name with correctly configured DNS records.
A valid TLS certificate.
Install OpenSSL
We downloaded the latest version of OpenSSL which is openssl-1.1.1f at the time of writing this post. After that decompress the file, rename the folder name and navigate to the OpenSSL folder. --prefix and --openssldir control the configuration of installed components. The behavior and interactions of --prefix and --openssldir are slightly different between OpenSSL 1.0.2 and below and OpenSSL 1.1.0 and above. Also set --prefix and --openssldir to the same location. shared will force creating shared libraries and Zlib means that compression will be performed by using zlib library. It is worth running the make test to see if there are any unexpected errors. If there are any, you need to fix them before installing the library.
Now rename the existing OpenSSL binary and add a new symlink.
Here, ldd showing dependencies of the binary OpenSSL.
Your newly installed OpenSSL should show TLSv1.3 like below.
We have completed the OpenSSL installation part. Now we have to recompile Nginx again to built from the newly installed OpenSSL.
Recompile Nginx
Download the installed Nginx version source code from the web. In my case Nginx version 1.16.1 is installed on my production server so I will download the same version and start compiling.
Update your Nginx configuration to enable TLS 1.3. Add below lines on your Nginx vhost configuration’s server block.
Apache version 2.4.37 or greater.
Nginx version 1.13.0 or greater.
OpenSSL version 1.1.1 or greater.
A valid domain name with correctly configured DNS records.
A valid TLS certificate.
Code: [Select]
# openssl version && nginx -vCode: [Select]
# yum install gcc gcc-c++ pcre-devel zlib-devel make unzip gd-devel perl-ExtUtils-Embed libxslt-devel openssl-devel perl-Test-Simple
# yum groupinstall 'Development Tools'Install OpenSSL
Code: [Select]
# cd /usr/src
# wget [https://www.openssl.org/source/old/1.1.1/openssl-1.1.1f.tar.gz](https://www.openssl.org/source/old/1.1.1/openssl-1.1.1f.tar.gz)
# tar xvf openssl-1.1.1f.tar.gz
# mv openssl-1.1.1f openssl
# cd openssl
# ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl --libdir=/lib64 shared zlib-dynamic
# make -j4
# make test
# make installWe downloaded the latest version of OpenSSL which is openssl-1.1.1f at the time of writing this post. After that decompress the file, rename the folder name and navigate to the OpenSSL folder. --prefix and --openssldir control the configuration of installed components. The behavior and interactions of --prefix and --openssldir are slightly different between OpenSSL 1.0.2 and below and OpenSSL 1.1.0 and above. Also set --prefix and --openssldir to the same location. shared will force creating shared libraries and Zlib means that compression will be performed by using zlib library. It is worth running the make test to see if there are any unexpected errors. If there are any, you need to fix them before installing the library.
Now rename the existing OpenSSL binary and add a new symlink.
Code: [Select]
# mv /usr/bin/openssl /usr/bin/openssl-backup
# ln -s /usr/local/openssl/bin/openssl /usr/bin/opensslHere, ldd showing dependencies of the binary OpenSSL.
Code: [Select]
# ldd opensslYour newly installed OpenSSL should show TLSv1.3 like below.
Code: [Select]
# openssl ciphers -v | awk '{print $2}' | sort | uniqWe have completed the OpenSSL installation part. Now we have to recompile Nginx again to built from the newly installed OpenSSL.
Recompile Nginx
Download the installed Nginx version source code from the web. In my case Nginx version 1.16.1 is installed on my production server so I will download the same version and start compiling.
Code: [Select]
cd /usr/src
wget [http://nginx.org/download/nginx-1.16.1.tar.gz](http://nginx.org/download/nginx-1.16.1.tar.gz)
tar xvf nginx-1.16.1.tar.gz
cd nginx-1.16.1Code: [Select]
./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body\ --http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx --user=nginx \
--group=nginx \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-stream_ssl_preread_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-http_auth_request_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-pcre \
--with-pcre-jit \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-openssl=/usr/src/opensslCode: [Select]
make -j4
make installUpdate your Nginx configuration to enable TLS 1.3. Add below lines on your Nginx vhost configuration’s server block.
Code: [Select]
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
18
Postfix / Re: Mail sending failed: CWP doesnot work with mailgun anymore?
« on: September 19, 2020, 08:25:35 AM »I installed CWP and connected with mailgun by updating DNS entries which worked for over an year. My server is sending emails to Defer list for more than 2 weeks (after few automatic updates of the panel). I purchase managed support, support team says
"when using 3rdparty email you can't use CWP server email service as it didn't control mailgun to send and receive emails, "
"i don't know what works before 2 weeks but you can't send email from cwp via mailgun"
and similar replies.
I opened the defere list, clicked details in front of a mail and tried to send it to some other mail id. I get the following error:
Warning: mail(): Multiple or malformed newlines found in additional_header in /usr/local/cwpsrv/htdocs/resources/admin/modules/mail_queue.php on line 0
Support team asks me to either forget mailgun, quit google cloud platform, or talk to mailgun regarding this issue.
Please tell me, does CWP no more work with mailgun and should I quit CWP and search for some other panel? Because Google CLoud denies port 25, CWP denies mailgun, why anyone in this world will host a website on a server that doesnot offer email facility?
Is there any way out or should I quit CWP? Please help. Its urgent.
Hi
This is not absolutely correct . You can use any relay with your CWP postfix . I am using multi provider relay including mailgun for multi domain.
Need help , Let us know , I will post the details on this Forum.
19
Postfix / Re: Can't connect to smtp (postfix) via SSL from sites on the VPS
« on: September 18, 2020, 05:38:21 PM »
Hi
I have missed lots of incoming mail due to this error. This error is on your own server .
Need to fix openssl Library !
Tools for checking problem:
https://www.checktls.com/TestReceiver
https://ssl-tools.net/mailservers
I have missed lots of incoming mail due to this error. This error is on your own server .
Code: [Select]
# openssl ciphers -tls1_2
Error in cipher list
139895335331728:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383:Code: [Select]
# openssl version -a
OpenSSL 1.0.2k-fips 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(8x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamicCode: [Select]
# openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1.2Code: [Select]
# openssl s_client -starttls smtp -connect alpha.glorency.com:465Need to fix openssl Library !
Tools for checking problem:
https://www.checktls.com/TestReceiver
https://ssl-tools.net/mailservers
20
MySQL / DB Connection error
« on: September 15, 2020, 06:33:16 AM »
Hello
I am using WordPress Kuteshop Theme on Nginx+Apche+PHP-CGI (7.3 Latest) ,
Where my VPS Details :
1 CPU
1 GB RAM
25 GB SSD
But The issue is that I am getting error on Fronted
error establishing a database connection
Error Log:
No huge traffic / visitors .
Any idea ?
I am using WordPress Kuteshop Theme on Nginx+Apche+PHP-CGI (7.3 Latest) ,
Where my VPS Details :
1 CPU
1 GB RAM
25 GB SSD
But The issue is that I am getting error on Fronted
error establishing a database connection
Error Log:
Code: [Select]
# tail -f /usr/local/apache/domlogs/biponialoy.com.error.log
[Tue Sep 15 11:25:52.211453 2020] [:error] [pid 32464:tid 139915227748096] [client 103.134.42.11:48084] PHP Warning: mysqli_query(): Error reading result set's header in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/
[Tue Sep 15 11:25:52.209797 2020] [:error] [pid 32464:tid 139915010443008] [client 103.134.42.11:48072] PHP Warning: mysqli_query(): MySQL server has gone away in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.212245 2020] [:error] [pid 32464:tid 139915010443008] [client 103.134.42.11:48072] PHP Warning: mysqli_query(): Error reading result set's header in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.209807 2020] [:error] [pid 32464:tid 139915261318912] [client 103.134.42.11:48064] PHP Warning: mysqli_query(): MySQL server has gone away in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.212366 2020] [:error] [pid 32464:tid 139915261318912] [client 103.134.42.11:48064] PHP Warning: mysqli_query(): Error reading result set's header in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.209802 2020] [:error] [pid 32464:tid 139915035621120] [client 103.134.42.11:48080] PHP Warning: mysqli_query(): MySQL server has gone away in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.212425 2020] [:error] [pid 32464:tid 139915035621120] [client 103.134.42.11:48080] PHP Warning: mysqli_query(): Error reading result set's header in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.209811 2020] [:error] [pid 32464:tid 139915069191936] [client 103.134.42.11:48076] PHP Warning: mysqli_query(): MySQL server has gone away in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.212867 2020] [:error] [pid 32464:tid 139915069191936] [client 103.134.42.11:48076] PHP Warning: mysqli_query(): Error reading result set's header in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=edit
[Tue Sep 15 11:25:52.215043 2020] [:error] [pid 32464:tid 139914993657600] [client 103.134.42.11:48060] PHP Warning: Error while sending QUERY packet. PID=3806 in /home/paikari/biponialoy.com/wp-includes/wp-db.php on line 2033, referer: https://www.biponialoy.com/wp-admin/post.php?post=7311&action=editNo huge traffic / visitors .
Any idea ?
21
CSF Firewall / How to DIsable this Alert?
« on: September 13, 2020, 04:04:04 AM »
Hello Community Support Team,
I am getting below flooding message from CSF & LFD
I just define the below code to stop receiving alert .
I don't want to receive any alert like above example . Please assist .
Thanks
I am getting below flooding message from CSF & LFD
Code: [Select]
lfd on mail.domain.com: Excessive resource usage: deeponsale (18766 (Parent PID:11293))
Time: Sat Sep 12 23:39:27 2020 +0000
Account: deeponsale
Resource: Virtual Memory Size
Exceeded: 645 > 512 (MB)
Executable: /usr/sbin/php-fpm7.2
Command Line: php-fpm: pool deeponsale.com
PID: 18766 (Parent PID:11293)
Killed: NoI just define the below code to stop receiving alert .
Code: [Select]
# vi /etc/csf/csf.pignore
exe:/usr/sbin/php-fpm7.2
exe:/usr/sbin/php-fpm7.2 php-fpm: pool deeponsale.com
user:deeponsale
cmd:php-fpm: php-fpm: pool deeponsale.com
# csf -r I don't want to receive any alert like above example . Please assist .
Thanks
22
Dovecot / Re: Dovecot SNI Support
« on: August 28, 2020, 12:11:31 PM »
Hi
Yes , I have the latest version, but the SNI support configuration are missing on postfix and dovecot .
Yes , I have the latest version, but the SNI support configuration are missing on postfix and dovecot .
23
Dovecot / Dovecot SNI Support
« on: August 28, 2020, 10:04:52 AM »
Hello
Why The Postfix and dovecot SNI support stooped by CWP ? OR is it Bug for new version ?
/etc/postfix/vmail_ssl.map
/etc/dovecot/sni.conf
I am using CWP Pro
Why The Postfix and dovecot SNI support stooped by CWP ? OR is it Bug for new version ?
/etc/postfix/vmail_ssl.map
/etc/dovecot/sni.conf
I am using CWP Pro
24
Updates / Re: BUG on CWP version: 0.9.8.1002
« on: August 23, 2020, 04:02:25 PM »
Hello CWP Expert ,
is there any Update regarding this issues ?
is there any Update regarding this issues ?
25
Updates / Re: BUG on CWP version: 0.9.8.1002
« on: August 21, 2020, 05:13:43 AM »
Hi Narin
They will not share the details because they are doing business . BTW i have enable varnish repo , then try to reinstall Nginx & Varnish & Apache But It is not installed because they have changed their backend template . If you use pro version then it will active . But it can create negative impact where is Vesta is Free
They will not share the details because they are doing business . BTW i have enable varnish repo , then try to reinstall Nginx & Varnish & Apache But It is not installed because they have changed their backend template . If you use pro version then it will active . But it can create negative impact where is Vesta is Free
26
Updates / BUG on CWP version: 0.9.8.1002
« on: August 19, 2020, 06:28:05 PM »
Hi EveryBody
I am using CWP Open Source.
Web Server Below:
I have installed Nginx & Varnish & Apache. When i select Nginx & Varnish & Apache for any domain , It is not working . I have checked that varnish is not installed .
Dear CWP Team,
Are you removing this option from open source edition ?
Or is this bug ?
I am using CWP Open Source.
Web Server Below:
I have installed Nginx & Varnish & Apache. When i select Nginx & Varnish & Apache for any domain , It is not working . I have checked that varnish is not installed .
Dear CWP Team,
Are you removing this option from open source edition ?
Or is this bug ?
27
CentOS 7 Problems / Re: PHP-CGI Killing Server Resources | CWP
« on: July 17, 2020, 07:55:18 PM »..and? I can't tell you what values to use. Read some documentation and reduce gradually, restarting Apache/nginx each time.
That deals with only one aspect of my initial response.
Hi
Problem is fixed when i used Laravel session to Database instead of file. And Found Redis is better than Database for Laravel Session management.
28
CentOS 7 Problems / Re: PHP-CGI Killing Server Resources | CWP
« on: July 10, 2020, 05:41:24 PM »29
CentOS 7 Problems / PHP-CGI Killing Server Resources | CWP
« on: July 10, 2020, 01:43:32 PM »
Hi
I am using CWP7.Admin , WebServer : Nginx + Apache + PHP-CGI , Php version: 7.3
My Website is on laravel . visitor 100 per day . It's killing my resources and server Load average is very high . Please check snapshop and any idea to fix .
It was smoothly running on Cpanel VPS with 1GB RAM. After transfer to CWP , it's can handle PHP request .
I am using CWP7.Admin , WebServer : Nginx + Apache + PHP-CGI , Php version: 7.3
My Website is on laravel . visitor 100 per day . It's killing my resources and server Load average is very high . Please check snapshop and any idea to fix .
It was smoothly running on Cpanel VPS with 1GB RAM. After transfer to CWP , it's can handle PHP request .
30
PHP / Re: CWP7.Pro Error | Unable to Login Admin Panel
« on: April 30, 2020, 07:44:02 PM »
hi
It is working and solved after disabling it but Website loading speed dramatically decreases
It is working and solved after disabling it but Website loading speed dramatically decreases
