Recent Posts
91
Updates / Re: [SECURITY] What should we update after a fresh CWP install?
« Last post by overseer on May 14, 2026, 11:55:34 AM »Apache, Nginx, Roundcube, MariaDB, CSF, ModSecurity
Tutorials available at:
https://www.alphagnu.com
https://starburst.help
Tutorials available at:
https://www.alphagnu.com
https://starburst.help
92
CentOS-WebPanel Bugs / Re: NodeJS cannot auto start after rebooting the server
« Last post by 6Sense on May 14, 2026, 11:00:08 AM »Mmm I don't use PM2 so it might be your issue.
CWP restarts the node.js server as long as you use the manager so you probably don't need it.
CWP restarts the node.js server as long as you use the manager so you probably don't need it.
93
Updates / [SECURITY] What should we update after a fresh CWP install?
« Last post by kandalf on May 14, 2026, 10:55:23 AM »After installing a new AlmaLinux server with CWP, what components should we really update manually to keep the server secure?
I know Apache currently has a serious security issue, and the default Nginx version installed with CWP also seems quite old. But it is not fully clear which components are handled by the OS, which ones are handled by CWP, and which ones we need to update manually.
For example, should we update Apache, Nginx, PHP versions, Roundcube, MariaDB, OpenSSL, OpenSSH, Postfix, Dovecot, CSF, ModSecurity, etc.?
Also, shouldn’t this be one of the main priorities of the CWP team? One of the reasons to use a control panel is to avoid having to manually inspect every component and guess what is outdated or vulnerable.
Can the community please share useful links, tutorials, or checklists explaining what really needs to be updated after installing CWP and the safest way to keep everything updated over time?
This would make life easier for everyone using CWP.
I know Apache currently has a serious security issue, and the default Nginx version installed with CWP also seems quite old. But it is not fully clear which components are handled by the OS, which ones are handled by CWP, and which ones we need to update manually.
For example, should we update Apache, Nginx, PHP versions, Roundcube, MariaDB, OpenSSL, OpenSSH, Postfix, Dovecot, CSF, ModSecurity, etc.?
Also, shouldn’t this be one of the main priorities of the CWP team? One of the reasons to use a control panel is to avoid having to manually inspect every component and guess what is outdated or vulnerable.
Can the community please share useful links, tutorials, or checklists explaining what really needs to be updated after installing CWP and the safest way to keep everything updated over time?
This would make life easier for everyone using CWP.
94
CentOS-WebPanel GUI / Re: Bug in GUI for New Backup (beta)
« Last post by Martins-phpbb on May 14, 2026, 08:19:43 AM »Same issue on alma 8/9
95
CentOS 9 Problems / Request for Flexible Account Naming and Domain Changes in CWP (> than 8 Chars)
« Last post by Andrew C on May 14, 2026, 04:49:55 AM »Hello,
One major limitation with multi-tenant web setups is the CWP 8-character account name restriction. When managing multiple subdomains and tenant environments, it quickly becomes very difficult to create meaningful and distinguishable account names within such a small limit. We are using domains that have three or four or more sub levels which is perfectly normal for enterprise solutions.
What makes this even more frustrating is that Linux systems have supported longer account names for years, so this restriction feels unnecessarily outdated in modern hosting environments. There are historic forum requests to increase this limit however it has never been implemented.
It would be extremely useful to have the ability to rename account names after creation, as well as change the associated account domain. While it is technically possible to create a new account and migrate everything over, that process feels unnecessarily time-consuming and wasteful for what should be a simple administrative task. And it involves website downtime and engineer resources.
I’ve also read in the forum that CWP UI is getting a major redesign. If that is the case, it would be great to know whether improvements like longer account names, account renaming, and domain reassignment are being considered as part of that update. These kinds of changes would make a significant difference for anyone managing multi-tenant or multi-subdomain environments at scale.
Greater flexibility around account naming and domain management would significantly improve usability for agencies, developers, and hosting providers alike. And for those that are security conscious I'm not talking about making the account name the same as the domain name which is usually considered a security risk.
Thanks
One major limitation with multi-tenant web setups is the CWP 8-character account name restriction. When managing multiple subdomains and tenant environments, it quickly becomes very difficult to create meaningful and distinguishable account names within such a small limit. We are using domains that have three or four or more sub levels which is perfectly normal for enterprise solutions.
What makes this even more frustrating is that Linux systems have supported longer account names for years, so this restriction feels unnecessarily outdated in modern hosting environments. There are historic forum requests to increase this limit however it has never been implemented.
It would be extremely useful to have the ability to rename account names after creation, as well as change the associated account domain. While it is technically possible to create a new account and migrate everything over, that process feels unnecessarily time-consuming and wasteful for what should be a simple administrative task. And it involves website downtime and engineer resources.
I’ve also read in the forum that CWP UI is getting a major redesign. If that is the case, it would be great to know whether improvements like longer account names, account renaming, and domain reassignment are being considered as part of that update. These kinds of changes would make a significant difference for anyone managing multi-tenant or multi-subdomain environments at scale.
Greater flexibility around account naming and domain management would significantly improve usability for agencies, developers, and hosting providers alike. And for those that are security conscious I'm not talking about making the account name the same as the domain name which is usually considered a security risk.
Thanks
96
CentOS-WebPanel GUI / Bug in GUI for New Backup (beta)
« Last post by adrianofnatal on May 14, 2026, 01:56:47 AM »Hi!
I would like to describe some bugs happening with New Backup (beta).
I know it is beta version, but something went wrong after last updated included S3 backups and other options, what was great!
1. The date in log is wrong, for my configuration. It's 1 day ahead;
2. When using destination to FTP of SFTP, the login failed. See logs:
2026-05-13 06:00:02 >> ionice -c 3 nice -n +19
2026-05-13 06:00:02 0
2026-05-13 06:00:02 TYPE FTP --> 1
2026-05-13 06:00:02 Type conection Back SFTP
2026-05-13 06:00:06 Login Failed
2026-05-13 06:00:06 xxxxx/ (here I change with x, but output was equal ftp login or initial directory, in my case, are the same)
2026-05-13 06:00:09 Backup Finished
2026-05-13 06:00:09 I have nothing to do..!
3. When modifying a FTP backup already created, the interface does not update fields when click in pencil icon to edit. When saving, creates another backup item;
4. Using destination S3, when saved, connection test works. If back to edit the connection, password field is not loaded correctly and connection test or backup fail;
5. Some errors occurs in browser console logs. Including a missing file (404 error).
The panel is updated in latest version, I think, 0.9.8.1226.
Distro Name: CentOS Stream release 8
Thanks!
I would like to describe some bugs happening with New Backup (beta).
I know it is beta version, but something went wrong after last updated included S3 backups and other options, what was great!
1. The date in log is wrong, for my configuration. It's 1 day ahead;
2. When using destination to FTP of SFTP, the login failed. See logs:
2026-05-13 06:00:02 >> ionice -c 3 nice -n +19
2026-05-13 06:00:02 0
2026-05-13 06:00:02 TYPE FTP --> 1
2026-05-13 06:00:02 Type conection Back SFTP
2026-05-13 06:00:06 Login Failed
2026-05-13 06:00:06 xxxxx/ (here I change with x, but output was equal ftp login or initial directory, in my case, are the same)
2026-05-13 06:00:09 Backup Finished
2026-05-13 06:00:09 I have nothing to do..!
3. When modifying a FTP backup already created, the interface does not update fields when click in pencil icon to edit. When saving, creates another backup item;
4. Using destination S3, when saved, connection test works. If back to edit the connection, password field is not loaded correctly and connection test or backup fail;
5. Some errors occurs in browser console logs. Including a missing file (404 error).
The panel is updated in latest version, I think, 0.9.8.1226.
Distro Name: CentOS Stream release 8
Thanks!
97
CentOS-WebPanel Bugs / Re: NodeJS cannot auto start after rebooting the server
« Last post by adrianofnatal on May 13, 2026, 02:02:38 PM »Hi!
For me, seems to be a problem with PM2.
We have 3 versions of NodeJS installed and for some reason the PM2 losts some configurations. No apps showed in apps list.
When server reboots, PM2 try to restart all apps, but not find any.
I'm not sure how to solve it.
For me, seems to be a problem with PM2.
We have 3 versions of NodeJS installed and for some reason the PM2 losts some configurations. No apps showed in apps list.
When server reboots, PM2 try to restart all apps, but not find any.
I'm not sure how to solve it.
98
MySQL / Re: Remove MariaDB root user password
« Last post by overseer on May 13, 2026, 02:46:02 AM »Reset your MariaDB root password as per this article:
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
Then make sure the current MariaDB root password is set in these two files, so all are in agreement:
/usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
/root/.my.cnf
Restart the server. See if you can get on to the CWP Admin panel.
https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
Then make sure the current MariaDB root password is set in these two files, so all are in agreement:
/usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
/root/.my.cnf
Restart the server. See if you can get on to the CWP Admin panel.
99
MySQL / Remove MariaDB root user password
« Last post by Dangerousdave26 on May 12, 2026, 08:33:00 PM »MariaDB Version 10.11.16-MariaDB-log MariaDB Server
I had an issue with one of the servers I manage and things broke hard. I contact the CWP help desk and they bailed me out to a point.
Well just searching online for what I wanted to do is what got me in this mess in the first place.
How do I delete the root user password?
To be honest with you I know there was a root user password on the server from the beginning. Even so I also know I could
mysqldump -u root {database} > /home/{user}/myFolder/backup.sql
And that would run with out the password.
So how do I fix this issue
Note they also changed the root user password so now I can't get into MariaDB without resetting it.
And ultimately what I am trying to fix is the control panel on port 2031 does not work it can't connect to mysql.
And Roundcube can't connect to the database.
Control Panel error message
As always any help is appricated
I had an issue with one of the servers I manage and things broke hard. I contact the CWP help desk and they bailed me out to a point.
Quote
You have secured the MySQL root account with password which is not required on CWP, kindly reverse the changs and the issue will be fixed.
Well just searching online for what I wanted to do is what got me in this mess in the first place.
How do I delete the root user password?
To be honest with you I know there was a root user password on the server from the beginning. Even so I also know I could
mysqldump -u root {database} > /home/{user}/myFolder/backup.sql
And that would run with out the password.
So how do I fix this issue
Note they also changed the root user password so now I can't get into MariaDB without resetting it.
And ultimately what I am trying to fix is the control panel on port 2031 does not work it can't connect to mysql.
And Roundcube can't connect to the database.
Control Panel error message
Quote
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php on line 0
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0
Trying to start mysql server, please wait!
Try to restart Control Web Panel with command: sh /scripts/restart_cwpsrv
**Check your MySQL root password in: /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php and /root/.my.cnf
You can reset the MySQL root password fast with this command: /scripts/mysql_pwd_reset -q
Warning: mysqli_error() expects exactly 1 parameter, 0 given in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0
Could not connect:
As always any help is appricated
100
Updates / Re: Vulnerabilities in Apache 2.4.66 and older versions
« Last post by overseer on May 11, 2026, 01:56:08 PM »I have one AL8 server configured that way -- verified working in that use case as well.
