Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
271
How to / Re: reverse proxy on cwp hostname
« on: March 15, 2022, 01:47:55 PM »
take a look at the following files for how to setup the proxy.
Apache:
/usr/local/apache/conf.d/hostname.conf and hostname-ssl.conf
Nginx:
/etc/nginx/conf.d/hostname.conf and hostname-ssl.conf
Please remember that if you edit these files directly, there is always the possibility that they can be overwritten during an upgrade.
Apache:
/usr/local/apache/conf.d/hostname.conf and hostname-ssl.conf
Nginx:
/etc/nginx/conf.d/hostname.conf and hostname-ssl.conf
Please remember that if you edit these files directly, there is always the possibility that they can be overwritten during an upgrade.
272
CSF Firewall / Re: How to make WireGuard work?
« on: March 15, 2022, 01:42:36 PM »
that line is in the script /etc/csf/csfpost.sh . It's going to throw an error because the variable $port is not set. But it should work
273
How to / Re: reverse proxy on cwp hostname
« on: March 15, 2022, 12:59:53 AM »
cpanel.(hostname) should work so long as your have an A record set up in the dns for it
274
DKIM / Re: DKIM record not generated
« on: March 15, 2022, 12:47:44 AM »
Please post the results of the following command.
journalctl -xeu opendkim
journalctl -xeu opendkim
275
DKIM / Re: DKIM record not generated
« on: March 14, 2022, 07:53:57 PM »
Is the opendkim service running?
systemctl status opendkim
systemctl status opendkim
276
CSF Firewall / Re: How to make WireGuard work?
« on: March 14, 2022, 05:00:39 AM »
CSF firewall uses it's configuration file to write the iptables rules. But it does not have the ability to do masquarading built in. So they have a call in their program to look for 2 files. csfpre.sh, and csfpost.sh where you can customize rules for the firewall that it cannot do itself. If you read the script, line by line:
This get's the "Global" Ip's for 6 and 4. It makes sure that they are not the loopback or private ip's
These two lines are what allows you to communicate with the server itself, and completely bypass the firewall, giving you full access to all ports.
Similar to the ipv4 block, but makes sure that we have a global ipv6 address. If not, does not execute.
Code: [Select]
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | sed -n "$ip6_number"p)This get's the "Global" Ip's for 6 and 4. It makes sure that they are not the loopback or private ip's
Code: [Select]
/usr/sbin/iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ipThis line is what allows your VPN ip's access to the internetCode: [Select]
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPTActually. Delete this line. It's redundant to opening the port in csf.confCode: [Select]
/usr/sbin/iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT
/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPTThese two lines are what allows you to communicate with the server itself, and completely bypass the firewall, giving you full access to all ports.
Code: [Select]
if [[ -n "$ip6" ]]; then
/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
/usr/sbin/ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
fiSimilar to the ipv4 block, but makes sure that we have a global ipv6 address. If not, does not execute.
277
CSF Firewall / Re: How to make WireGuard work?
« on: March 14, 2022, 04:12:25 AM »
And there is your problem. CWP removes firewalld, and installs CSF firewall. Please do the following:
yum remove firewalld
nano /etc/csf/csfpost.sh (and add the following script)
chmod 700 /etc/csf/csfpost.sh
csf -r
Then you should have wireguard working
yum remove firewalld
nano /etc/csf/csfpost.sh (and add the following script)
Code: [Select]
ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | sed -n "$ip6_number"p)
/usr/sbin/iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ip
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPT
/usr/sbin/iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT
/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
if [[ -n "$ip6" ]]; then
/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
/usr/sbin/ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
fichmod 700 /etc/csf/csfpost.sh
csf -r
Then you should have wireguard working
278
CSF Firewall / Re: How to make WireGuard work?
« on: March 12, 2022, 05:42:29 PM »
If you want to utilize it as a "proxy" server, you need to configure the firewall to allow wireguard to access the internet through masquarading. I'm not sure what guide you used, but here is a good example:
https://www.smarthomebeginner.com/linux-wireguard-vpn-server-setup/
https://www.smarthomebeginner.com/linux-wireguard-vpn-server-setup/
279
CentOS-WebPanel Bugs / Re: Error Too Many Redirects - Varnish Cache Issue
« on: March 12, 2022, 07:16:15 AM »
Did you try this in your wp-config.php
Don't forget to purge the cache after making any changes.
Code: [Select]
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS'] = 'on';
}
if ( !isset( $_SERVER['HTTPS'] ) ) {
$_SERVER['HTTPS'] = 'on';
}Don't forget to purge the cache after making any changes.
280
CSF Firewall / Re: How to make WireGuard work?
« on: March 12, 2022, 06:43:12 AM »
If you are able to connect to it, then it is indeed working. What exactly are you trying to accomplish. BTW, you can put ports 1:65530 in both TCP_OUT and UDP_OUT to not block any outgoing connections from your server (NOt advised, but good for troubleshooting).
281
CentOS-WebPanel Bugs / Re: Error Too Many Redirects - Varnish Cache Issue
« on: March 12, 2022, 05:59:21 AM »
Please take a look at the following article:
https://saadhost.com/solved-err_too_many_redirects-varnishnginx/
https://saadhost.com/solved-err_too_many_redirects-varnishnginx/
282
DNS / Re: my dns do not resolve
« on: March 12, 2022, 03:14:39 AM »
Contact your registar, and tell them you need Glue Records for your domain to point to your server. They will know what to do from there if they are worth anything.
283
DNS / Re: DNS/NS Set up
« on: March 12, 2022, 03:05:04 AM »https://prnt.sc/meYGp-z8gxYy
If your nameserver are set to ns1.mifm.online and ns2.mifm.online, then it should be working. The only thing I can think of, is that the .online extension does not have the capability of being used as nameservers. Some extensions do not support Glue Records, and it's quite possible .online is one of them. Which is why most people use .com/.net as nameserver domains.
284
PHP / Re: 502 Bad Gateway
« on: March 11, 2022, 12:57:28 PM »
Nginx cannot run without php-fpm. Apache uses built in modules to connect to php. Nginx does not have those, so it requires a standalone version of php such as php-cgi or php-fpm
285
PHP / Re: 502 Bad Gateway
« on: March 11, 2022, 04:01:06 AM »
you should also check the /usr/local/apache/domlogs/ for both the access and error logs. They should give some insight as to why you are receiving 403 errors.
