Messages

16

SSL / Re: "Multilib version problems found" when installing Letsenycrpt SSL certificate

« on: March 01, 2017, 09:09:51 PM »

did u do what was written there?

else remove all open-ssl packages and reinstall

17

DNS / Re: Create a dns cluster

« on: March 01, 2017, 09:06:44 PM »

okok

first explain what u want to achieve exactly please.
u want to have two dns servers, or fifty?

If u want a primary and secondary:

primary
https://www.howtoforge.com/bind-installation-on-centos

secondary
https://www.howtoforge.com/installation-of-bind-as-a-secondary-slave-dns-server-on-centos

18

Postfix / Re: Hello, please guide me how to setting smtp with CWP

« on: March 01, 2017, 11:07:23 AM »

create a user with email account and u will find the info then yourself ))

I promise that cwp shows it to you

please note that mail on a vpa sometimes does not work as many providers block port 25

19

DNS / Re: Adding cloudflare name servers

« on: March 01, 2017, 11:04:41 AM »

http://forum.centos-webpanel.com/dns/how-to-setup-dns-(bind)-on-server/

20

DNS / Re: Adding cloudflare name servers

« on: March 01, 2017, 11:03:06 AM »

1. log in at cloudflare and create your account + domain
2. make the proper dns entries in cloudfare so that your cwp address is used here
3. login to the place where u registered your domain
4. Create or set the new nameservers there or set the new nameservers there the nameservers at cloudflare per example cody.dns.cloudflare.com)

in cwp u dont need to change anything however i suggest for cleanness u change the dns templates and remove the nameserver listed there now and add the cloudflare ones

21

DNS / Re: Create a dns cluster

« on: March 01, 2017, 10:54:55 AM »

manually add the changes to the  Bind config is the solution right now, its not in the gui.

22

E-Mail / Re: Rebuilding e-mail

« on: March 01, 2017, 10:53:10 AM »

I tried your suggestion but no luck I'm afraid. A rebuild of Postfix gives same message 'Something wrong in postfix'. Reminds me of the Windows 10 roll out bug 'Something went wrong' lol.

[root@mail ~]# yum install epel-release -y
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00
cwp                                                      | 2.9 kB     00:00
extras                                                   | 3.4 kB     00:00
mariadb                                                  | 2.9 kB     00:00
updates                                                  | 3.4 kB     00:00
Loading mirror speeds from cached hostfile
 * base: centos.sonn.com
 * extras: centos.sonn.com
 * updates: centos.sonn.com
Package epel-release-7-9.noarch already installed and latest version
Nothing to do
[root@mail ~]# yum install clamav clamd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.sonn.com
 * extras: centos.sonn.com
 * updates: centos.sonn.com
No package clamd available.
Nothing to do

Open /etc/yum.repos.d/epel.repo and set any instance of ‘enabled=0’ to ‘enabled=1’

then

yum update

and then install again

23

E-Mail / Re: Rebuilding e-mail

« on: February 26, 2017, 05:33:18 PM »

please follow this:


The EPEL (Extra Packages for Enterprise Linux) yum repository is an excellent source for additional packages for CentOS. Instead of having to compile applications that aren’t included in CentOS’ built-in repositories from source, EPEL can be used.

# Install/enable the EPEL repo:

yum install epel-release -y



# Install required ClamAV packages

yum install clamav clamd

#Start the clamd service and set it to auto-start

/etc/init.d/clamd on

chkconfig clamd on

/etc/init.d/clamd start

24

Installation / Re: How to make Nginx to listen to https port 443?

« on: February 25, 2017, 02:53:24 PM »

Thanks, so in my NAT'ed case using cwp-el7-latest, under /etc/nginx/conf.d, there are two Nginx config files: one with domain name and the other is ip address number.  Which one or how should I change?

1. Public_IP_number.conf pointing to local IP address, such as 172.217.6.46.conf:

Code: [Select]

server {
listen 192.168.0.1:80;
....
server_name 172.217.6.46;
root /usr/local/apache/htdocs;
.....
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
...
}

2. my.domain.name.conf, such as google.com.conf

Code: [Select]

server {
listen 192.168.0.1:80;
..
server_name google.com www.google.com;
root /home/user/public_html;
...
proxy_pass http://192.168.0.1:8181;
include proxy.inc;
}

I need to add the following lines to Nginx config, but what is my IP?  the local one or the public one?
source: http://forum.centos-webpanel.com/ssl/if-i-force-ssl-across-my-domain-will-i-loose-the-benfits-of-varnishnginx

Code: [Select]

listen YOUR_IP:443 ssl;
ssl_certificate path_to/cert.pem;
ssl_certificate_key path_to/privkey.pem;

Will the Nginx change above alter mod_security?  Really appreciate your comments and have a great weekend!

In the ip and my domain conf change the port to 443 so that that server listens to that port

listen YOUR_IP:443 ssl;

public ip

wha u just did (more for my brains then yours)

u came from nginx on port 80 passing to proxy apache port8181
Now u changed nginx to listen to port 443

only need to rewrite requests from port 80 to 443


server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000";

       [....]
}

25

SSL / Re: Error letsencrypt new domain on new server

« on: February 24, 2017, 10:43:57 PM »

im looking at the link datlaocai.com and see its centos apache default page.
so.. its not an added domain, is this the domain u use for yourself?

Anyway.. what u could try is to install the custom one, and use the path of the apache install that is now serving u this page, but i think u have other problem.

To me it seems strange that i see a centos apache default page where i expect a cwp default apache page.

perhaps Dandeep knows if that is true

26

E-Mail / Re: Using sendgrid,mailgun,sparkpost as default smtp

« on: February 24, 2017, 10:37:51 PM »

I have the solution for u:

http://lmgtfy.com/?q=Use+sendgrid+as+default+in+centos

https://sendgrid.com/docs/Integrate/Mail_Servers/postfix.html

and so on

27

CSF Firewall / csf issues

« on: February 24, 2017, 09:45:06 PM »

the default install of csf seems to lack the regex.pm file and thus does not filter imap, pop 3 and such.
I posted this on the configserver forum already

But that means that we are not secure by default

i also notices that the regex used by cwp in regex.custom.pm to block failed login to cwp is not correct anymore.
On an updated system the regex does not catch the failed logins for as far as i can see
(maybe my problem ))

28

I can build it / Re: Vhost ssl template

« on: February 24, 2017, 09:35:07 PM »

Hi

Im not a developer ((

But thanks for the info

29

I can build it / Re: Vhost ssl template

« on: February 24, 2017, 01:58:18 PM »

i ran into the same nasty situation, too bad it is not fixed ((

I was also under the impression that it was open source.
It uses a lot of open source software, if not open source itself then it will never be big as its untrusted, especially if its free ))

If its free then u are the product is the saying, i rather pay and feel confident, or use open source and know whats up

DO you know open-source have much larger varieties of vulnerability ?

That seems non sense. If smth is open source u can check it out and thus identify a vulnerability, closed source can be reverse enginered by hacker, meaning he know the vulnerability but we dont.

if we dont know then we cant defend ourself.

cwp uses a lot of opensource software, are u claiming that that is unsafe then?

I did not mean to attack you or to be rude, in general knowing if u are safe or not is more safe then not knowing it.
That was my point. I dont feel ur product is unsecure, but the parts that are encoded are not visible to us, so we dont know what they do or if they are safe.

per example your installer sents log files to your systems when smth goes wrong is that not so?
I dont mind that, but i can imagine that if u was really concerned about privacy i would not want that.

But i could see it and remove it if needed, if its closed source i could not and u cols sent my login details to your systems without me knowing it.

not saying u do that, but u get my point.

Thanks for a nice panel btw

30

Information / redirect all requests and non www to http://www.

« on: February 24, 2017, 01:41:33 PM »

In 2017 someone may require secure connections as its good, and especially for SEO

There is now visual way to achieve this in cwp

lets asume u use apache

disable any redirect u may have right now as they will interfere with the lets encrypt module
so in vhost.conf or .htaccess remove any redirects

But only for the domain u dont use or want to change
delete the folders in
 /etc/letsencrypt/live
 /etc/letsencrypt/archive
 /etc/letsencrypt/renewal

Then via the cwp gui create the certificates again with the www alias checked

Now add in  /usr/local/apache/conf.d/vhosts-ssl-letsencrypt.conf (per domain)
or in .htaccess in webroot of domain (per domain)

Or add
RewriteOptions InheritDown
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

to httpd.conf (then all domains will redirect to https://www.