Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - karel

Pages: [1] 2
1
Apache / Re: HTTP2 / SPDY
« on: October 06, 2017, 10:30:09 AM »
+1
I would like to have http/2 as well. Most other control panels do have it all ready. :-X

2
CentOS-WebPanel Bugs / Re: Apache log (not true IP in logs)
« on: May 22, 2017, 01:04:19 PM »
+1
We need ip's to let CSF/LFD do something with it.
Code: [Select]
%a Client IP address of the request (see the mod_remoteip module).
%h Remote hostname. Will log the IP address if HostnameLookups is set to Off, which is the default. If it logs the hostname for only a few hosts, you probably have access control directives mentioning them by name. See the Require host documentation.
http://httpd.apache.org/docs/current/mod/mod_log_config.html

3
CentOS-WebPanel Bugs / Re: Issue with Enabling GZIP module on CWP
« on: May 10, 2017, 06:29:25 PM »
Some other issue must play here.
I noticed your examples are .css files. Most likely the are cached, and when cached no need to download them, therefore no gzip connection needed. <-- Just a guess.

I noticed your output had still ETag: something, where my empty.conf disables Etags.
Did you restart httpd after each configuration modification?

4
CentOS-WebPanel Bugs / Re: Issue with Enabling GZIP module on CWP
« on: May 09, 2017, 07:35:08 PM »
Have you tried all solutions posted there?
Yesterday I added my solution:
This thread got me thinking. The above solutions do work but I think \usr\local\apache\conf.d\empty.conf is a better place to add custom settings which will survive updates and rebuilds.

Directly edit as root: \usr\local\apache\conf.d\empty.conf
or go to your cwp and navigate to Apache Settings --> Apache Include conf --> select empty.conf
(admin/index.php?module=file_editor&file=/usr/local/apache/conf.d/empty.conf)

I added compressing (mod_deflate), caching and some security.

Code: [Select]
### file to edit \usr\local\apache\conf.d\empty.conf
### Caching, compress and some security added thanks to https://www.gebruikers.eu
# Load mod_deflate.so only if it is not previously enabled, check httpd.conf for this.
# In my case it wasn't enabled. I prefer this empty.conf to load mod_deflate so my config survives updates and rebuilds.
LoadModule deflate_module modules/mod_deflate.so

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# Don't compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
 \.(?:gif|jpe?g|png|rar|zip|exe|flv|swf|mov|wma|mp3|mp4|avi|mp?g)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

# BEGIN Compress text files
<ifModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
    AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
    AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
    AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
    AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
    AddOutputFilterByType DEFLATE font/truetype font/opentype
</ifModule>
# END Compress text files and caching

# BEGIN Expire headers https://samaxes.com/2011/05/improving-web-performance-with-apache-and-htaccess/
<ifModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 5 seconds"
    ExpiresByType text/html "access plus 1 second"
    ExpiresByType text/css "access plus 1 week"
    ExpiresByType text/javascript "access plus 1 week"
    ExpiresByType application/javascript "access plus 1 week"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 week"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType application/xhtml+xml "access plus 1 second"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 month"
</ifModule>
# END Expire headers

# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
    <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
        Header set Cache-Control "public"
    </filesMatch>
    <filesMatch "\.(css)$">
        Header set Cache-Control "public"
    </filesMatch>
    <filesMatch "\.(js)$">
        Header set Cache-Control "private"
    </filesMatch>
    <filesMatch "\.(x?html?|php)$">
        Header set Cache-Control "private, must-revalidate"
    </filesMatch>
    </ifModule>
# END Cache-Control Headers

# BEGIN Turn ETags Off
    FileETag None
# END Turn ETags Off

# Protection against malicious code in files imposing as images
#ForceType application/octet-stream
<FilesMatch "(?i).jpe?g$">
    ForceType image/jpeg
</FilesMatch>
<FilesMatch "(?i).gif$">
    ForceType image/gif
</FilesMatch>
<FilesMatch "(?i).png$">
    ForceType image/png
</FilesMatch>

5
This thread got me thinking. The above solutions do work but I think \usr\local\apache\conf.d\empty.conf is a better place to add custom settings which will survive updates and rebuilds.

Directly edit as root: \usr\local\apache\conf.d\empty.conf
or go to your cwp and navigate to Apache Settings --> Apache Include conf --> select empty.conf
(admin/index.php?module=file_editor&file=/usr/local/apache/conf.d/empty.conf)

I added compressing (mod_deflate), caching and some security.

Code: [Select]
### file to edit \usr\local\apache\conf.d\empty.conf
### Caching, compress and some security added thanks to https://www.gebruikers.eu
# Load mod_deflate.so only if it is not previously enabled, check httpd.conf for this.
# In my case it wasn't enabled. I prefer this empty.conf to load mod_deflate so my config survives updates and rebuilds.
LoadModule deflate_module modules/mod_deflate.so

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# Don't compress images and other uncompressible content
SetEnvIfNoCase Request_URI \
 \.(?:gif|jpe?g|png|rar|zip|exe|flv|swf|mov|wma|mp3|mp4|avi|mp?g)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

# BEGIN Compress text files
<ifModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
    AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
    AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
    AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
    AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
    AddOutputFilterByType DEFLATE font/truetype font/opentype
</ifModule>
# END Compress text files and caching

# BEGIN Expire headers https://samaxes.com/2011/05/improving-web-performance-with-apache-and-htaccess/
<ifModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 5 seconds"
    ExpiresByType text/html "access plus 1 second"
    ExpiresByType text/css "access plus 1 week"
    ExpiresByType text/javascript "access plus 1 week"
    ExpiresByType application/javascript "access plus 1 week"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 week"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType application/xhtml+xml "access plus 1 second"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 month"
</ifModule>
# END Expire headers

# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
    <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
        Header set Cache-Control "public"
    </filesMatch>
    <filesMatch "\.(css)$">
        Header set Cache-Control "public"
    </filesMatch>
    <filesMatch "\.(js)$">
        Header set Cache-Control "private"
    </filesMatch>
    <filesMatch "\.(x?html?|php)$">
        Header set Cache-Control "private, must-revalidate"
    </filesMatch>
    </ifModule>
# END Cache-Control Headers

# BEGIN Turn ETags Off
    FileETag None
# END Turn ETags Off

# Protection against malicious code in files imposing as images
#ForceType application/octet-stream
<FilesMatch "(?i).jpe?g$">
    ForceType image/jpeg
</FilesMatch>
<FilesMatch "(?i).gif$">
    ForceType image/gif
</FilesMatch>
<FilesMatch "(?i).png$">
    ForceType image/png
</FilesMatch>

6
CentOS 6 Problems / Re: CentOS6 Upgrade
« on: March 28, 2017, 07:31:44 PM »
Hi,

How to install CWP repo?
Found only this: http://repo.centos-webpanel.com/

just add file /etc/yum.repos.d/cwp.repo with:
Code: [Select]
[cwp]
name=CentOS Web Panel repo for Linux 6 - \$basearch
baseurl=http://repo.centos-webpanel.com/repo/6/\$basearch
failovermethod=priority
enabled=1
gpgcheck=0
Do not forget delete apr-util-ldap
Code: [Select]
yum erase apr-util-ldap

Thanks, got cwp.repo installed. Now I have latest apr. (from cwp.repo)

Ran into some trouble. apr-util-ldap was removed from httpd dependencies and caused httpd not to auto start at boot.
Fixed it with chkconfig httpd on

7
CentOS 6 Problems / Re: CentOS6 Upgrade
« on: March 27, 2017, 08:43:40 AM »
No fix for uploading the mysql db, problem also loading from local pc....  ::)

Hi, destroy your server and try to fresh install with centos 7 (CWP7).
CWP7 is updated and fixed mysql bugs.

I must use centos 6 on my old desktop, it won't let me install centos 7.


How to install CWP repo?
Found only this: http://repo.centos-webpanel.com/

This is my repolist:
Code: [Select]
repo id                        repo name                                  status
base                           CentOS-6 - Base                            6,696
centos-sclo-rh                 CentOS-6 - SCLo rh                         4,955
centos-sclo-sclo               CentOS-6 - SCLo sclo                         287
extras                         CentOS-6 - Extras                             64
mariadb                        MariaDB                                       17
midnight-commander             Midnight Commander (CentOS_6)                  5
rpmforge                       RHEL 6 - RPMforge.net - dag                4,718
updates                        CentOS-6 - Updates                           974

Code: [Select]
yum list installed|grep apr
apr.x86_64                           1.3.9-5.el6_2              @base
apr-devel.x86_64                     1.3.9-5.el6_2              @base
apr-util.x86_64                      1.3.9-3.el6_0.1            @base
apr-util-devel.x86_64                1.3.9-3.el6_0.1            @base
apr-util-ldap.x86_64                 1.3.9-3.el6_0.1            @base


Should I remove certain repo's?
Should I remove all apr related and install from CWP repo?

8
CentOS 6 Problems / Re: CentOS6 Upgrade
« on: March 23, 2017, 01:12:58 PM »
Try rebuild apache with mod_security please.
And check if apr and apr-util installed from CWP repo.

How to install CWP repo?
Found only this: http://repo.centos-webpanel.com/

This is my repolist:
Code: [Select]
repo id                        repo name                                  status
base                           CentOS-6 - Base                            6,696
centos-sclo-rh                 CentOS-6 - SCLo rh                         4,955
centos-sclo-sclo               CentOS-6 - SCLo sclo                         287
extras                         CentOS-6 - Extras                             64
mariadb                        MariaDB                                       17
midnight-commander             Midnight Commander (CentOS_6)                  5
rpmforge                       RHEL 6 - RPMforge.net - dag                4,718
updates                        CentOS-6 - Updates                           974

Code: [Select]
yum list installed|grep apr
apr.x86_64                           1.3.9-5.el6_2              @base
apr-devel.x86_64                     1.3.9-5.el6_2              @base
apr-util.x86_64                      1.3.9-3.el6_0.1            @base
apr-util-devel.x86_64                1.3.9-3.el6_0.1            @base
apr-util-ldap.x86_64                 1.3.9-3.el6_0.1            @base

Should I remove certain repo's?
Should I remove all apr related and install from CWP repo?

9
CentOS 6 Problems / Re: Missing packages for CentOS 6
« on: March 05, 2017, 10:43:50 AM »
Well it solved the problem, but created a new one.

Code: [Select]
DBI connect(';;mysql_read_default_group=client','',...) failed: Access denied for user 'root'@'localhost' (using password: NO) at /usr/bin/pt-show-grants line 1338
Searching cwp forum for answers, but found no answers only that more users have this problem.

Checked permissions on pt-show-grants file (755), that looks ok to me.
Executing pt-show-grants as root is showing no error.

10
CentOS 6 Problems / Re: Missing packages for CentOS 6
« on: March 04, 2017, 09:23:56 AM »
Can't seem to find an edit button to add to my previous post. :-\

In the log report (send by mail) I found in the section "Daily MySQL Backup":
Code: [Select]
warning: /var/tmp/rpm-tmp.xxxxxx: Header V4 DSA/SHA1 Signature, key ID xxxxxx: NOKEY
error: Failed dependencies:
perl(DBD::mysql) >= 1.0 is needed by percona-toolkit-2.2.16-1.noarch

I hope
Code: [Select]
yum install perl-DBD-MySQL solves this problem. I'll know more tomorrow.

11
CentOS Configuration / [FR] exclude some directories from backup
« on: February 26, 2017, 09:38:49 AM »
I've set up an extra ftp account for a user to receive backups from external servers in a separate directory.
The backup feature also backs up this backup directory. That is unwanted.

It would be nice if you can add multiple directories to exclude from backup in the CWP web gui.

In the meantime, where (which file) can I add such an exclusion manually?

12
CentOS 6 Problems / Missing packages for CentOS 6
« on: February 22, 2017, 10:02:59 PM »
I'm new to CWP and learning to find my way.

In an other topic,Error Denied Php Switcher, I received a tip from "TheRavenKing" to install additional packages and scrutenize my logs for errors.

Code: [Select]
yum install ed re2c
Additionally I found this one shtool:
Code: [Select]
yum install shtool --enablerepo epel
When I find more I'll update this post.

I hope you, more experienced CWP users, have additions and perhaps tips and tricks to share.
Any way I hope this thread could become a good starting point for other newbies.


Edit: Please advise. Would installing php-soap fix this?
Code: [Select]
configure: WARNING: unrecognized options: --enable-soapsI suppose it would, but for all php versions?
Confusion!! Shouldn't it be --enable-soap instead of enable-soaps. Bug in setup script?

13
PHP / Re: Error Denied Php Switcher
« on: February 22, 2017, 01:18:33 PM »
Quote
CWP has not that intelligence ;-) lol
I hoped the developers would be. :) But seriously, I'm impressed with CWP.

Will dig trough all the logfiles to see if I need to install some more with yum.  :'(

I have made some adjustments to fstab according to your suggestions and will consider the proposed security measures. I'm the only user and just use it to host a few simple domains and as an ftp backup server for 2 external servers. Only port 80 and 21 are exposed to the outside world.

Thanks for your help and suggestions!  :)


14
PHP / Re: Error Denied Php Switcher
« on: February 22, 2017, 11:23:24 AM »
That could well be the case. The /tmp folder has these permissions 555. Only read and execute and owned by root, but no write permissions.

I used a CentOS 6.8 minimal install, updated it and installed CWP. The permissions were not altered by me. Shouldn't the CWP install script check this?

15
For the simple php.ini you could use chattr.

Quote
Write protecting a file using chattr command

Let say you want to write protect the file called data.txt so that no other users can change it including root user, enter (you must login as the root user to use chattr command):
# chattr +i data.txt

To remove i attribute, enter:
# chattr -i data.txt
Source: https://www.cyberciti.biz/faq/linux-write-protecting-a-file/

I'm new to CWP but it would be nice to have custom conf and ini files that survive updates and version switches.

Pages: [1] 2