Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
76
SSL / Just a proposal to the developers
« on: October 09, 2017, 11:20:29 AM »
How about to try something like this:
Code: [Select]
ip=`dig +short myip.opendns.com @resolver1.opendns.com`
rev=`dig -x $ip | grep PTR | awk '{print $4}'`
if [ ! $rev == "" ]; then
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
/usr/local/src/certbot-auto certonly --agree-tos --renew-by-default -d $rev && cp -f /etc/letsencrypt/live/$rev/fullchain.pem /etc/pki/tls/certs/$rev.crt && cp -f /etc/letsencrypt/live/$rev/privkey.pem /etc/pki/tls/private/$rev.key && cp -f /etc/letsencrypt/live/$rev/chain.pem /etc/pki/tls/certs/$rev.bundle
else
standart cert creation from CWP
fi
If the IP of the user resolves to a domain (which is less likely to happen) the installer to create a green certificate for CWP:2031, if not - create standart CWP certificate.
77
CentOS-WebPanel GUI / Re: Adding a domain with special characters
« on: October 09, 2017, 06:15:02 AM »
Try. Should be ok.
78
CentOS 7 Problems / Re: give error bind
« on: October 09, 2017, 06:12:02 AM »
As I see in your named.conf you have:
Code: [Select]
zone "ns1.prwdl.ir" {type master;file "/var/named/ns1.prwdl.ir.db";};
zone "ns2.prwdl.ir" {type master;file "/var/named/ns2.prwdl.ir.db";};
// zone ns1.prwdl.ir
zone "ns1.prwdl.ir" {
type master;
file "/var/named/ns1.prwdl.ir.db";};
// zone_end ns1.prwdl.ir
// zone ns2.prwdl.ir
zone "ns2.prwdl.ir" {
type master;
file "/var/named/ns2.prwdl.ir.db";};
// zone_end ns2.prwdl.ir
Remove from named.conf:Code: [Select]
zone "ns1.prwdl.ir" {type master;file "/var/named/ns1.prwdl.ir.db";};
zone "ns2.prwdl.ir" {type master;file "/var/named/ns2.prwdl.ir.db";};
Or:Code: [Select]
// zone ns1.prwdl.ir
zone "ns1.prwdl.ir" {
type master;
file "/var/named/ns1.prwdl.ir.db";};
// zone_end ns1.prwdl.ir
// zone ns2.prwdl.ir
zone "ns2.prwdl.ir" {
type master;
file "/var/named/ns2.prwdl.ir.db";};
// zone_end ns2.prwdl.ir
The one you choose. Save it and:Code: [Select]
service named restart
Have fun and sorry for my late reply.
79
SSL / Re: Why user can't add / generate its own SSL Certificate ?
« on: October 09, 2017, 06:00:30 AM »
Users can`t add/generate their own SSL Certificate. The apache process and all apache files are owned by root so even if the user create his/her own SSL Certificate they can`t write it down in the config file. It is possible to be done with a little bit server side scripting but in the same time it`s becoming a security risk. Let`s get into this movie:
The root is going for a holiday. The user is allowed to generate SSL Certificate and put it in the config file. So the user have rights to edit apache configs. The USER is USER, he`s not ROOT. 99.95% of the users are and will remain users with the will to try something new if it works and how it works. The user generates the SSL Certificate and puts it into the config file. He breaks the apache server and apache is down. All other users are suffering without web server and mourning why the f**k they payed for this hosting or if it`s free why they trusted it to put important files there and they can`t access it until the root comes back from holiday and fix the problem.
Personally for me, as less rights the user has is as better. Let the user be user and the root to be root. Personal opinion.
The root is going for a holiday. The user is allowed to generate SSL Certificate and put it in the config file. So the user have rights to edit apache configs. The USER is USER, he`s not ROOT. 99.95% of the users are and will remain users with the will to try something new if it works and how it works. The user generates the SSL Certificate and puts it into the config file. He breaks the apache server and apache is down. All other users are suffering without web server and mourning why the f**k they payed for this hosting or if it`s free why they trusted it to put important files there and they can`t access it until the root comes back from holiday and fix the problem.
Personally for me, as less rights the user has is as better. Let the user be user and the root to be root. Personal opinion.
80
SSL / Re: Secure CWP Admin Panel Port 2031
« on: October 09, 2017, 05:39:38 AM »
If you have a domain.com which is assigned to your IP(DNS: A Record) you can use:
For CentOS 6:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/
For CentOS 7:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/
Create SSL Certificate and Key with one of this manuals and replace in /usr/local/cwpsrv/conf/cwpsrv.conf:
Something like this:
Have fun. Hope it helps.
For CentOS 6:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-6)/
For CentOS 7:
http://forum.centos-webpanel.com/ssl/certbot-installation-and-requesting-certificate-(centos-7)/
Create SSL Certificate and Key with one of this manuals and replace in /usr/local/cwpsrv/conf/cwpsrv.conf:
Code: [Select]
ssl_certificate /etc/pki/tls/certs/hostname.crt;
ssl_certificate_key /etc/pki/tls/private/hostname.key;
with this:Code: [Select]
ssl_certificate /etc/letsencrypt/live/YOUR-DOMAIN.COM/fullchain.pem;;
ssl_certificate_key /etc/letsencrypt/live/YOUR-DOMAIN.COM/privkey.pem;
Once done, don`t forget to restart cwpsrv with:Code: [Select]
service cwpsrv restart
You are done. Now navigate to https://YOUR-DOMAIN.COM:2031 and you are supposed to have a GREEN bar and secured site.Something like this:
Have fun. Hope it helps.
81
SSL / Re: Certbot installation and requesting certificate (CentOS 6)
« on: October 09, 2017, 05:25:31 AM »
Note: If you are using Python 2.6.x, every time when you execute certbot-auto you will see a warning that Python 2.6 is outdated or going to it`s end of life and in the next version of certbot-auto it will be not supported. Or blah blah blah blah. Don`t worry. It`s just a warning, not an error. It`s going to show you /path/to/file/__init__.py:26 Warning: ..... If you want you can open this file and comment the last lines where is the warning. The whole function for warning.warn(as I remember) and you will not see this warning again. Or if you want you can Google how to update Python from 2.6.x to 2.7.x or 3.6.x on CentOS 6. A little bit long and annoying process but if it`s gonna make you feel safe - do it. Have fun.
82
SSL / Certbot installation and requesting certificate (CentOS 6)
« on: October 08, 2017, 11:30:15 AM »
Ok. Let`s make our life more easy with GREEN status bar in most web browsers for FREE with Certbot from https://www.eff.org
First of all let`s get Certbot for CentOS 6 in root directory.
Change current directory to /root:
your-domain.com -> replace with your domain
you can create your-domain.com, www.your-domain.com, mail.your-domain.com, ftp.your-domain.com, whatever.your-domain.com certificate BUT ...
DOMAIN OR SUBDOMAIN MUST BE POINTED TO A RECORD IN DNS SERVER!!! SUBDOMAINS POINTED TO CNAME RECORD WILL RETURN ERROR AND THE SSL CERTIFICATE WILL NOT BE CREATED!!!
Once your SSL Certificate is created with the key, they will be placed as it follows:
SSL Certificate:
Let`s add Certbot renew to crontab:
First of all let`s get Certbot for CentOS 6 in root directory.
Change current directory to /root:
Code: [Select]
cd /root
Download Certbot from the official website:Code: [Select]
wget https://dl.eff.org/certbot-auto
Now let`s make the file executable:Code: [Select]
chmod a+x certbot-autoNow let`s create our first SSL Certificate:Code: [Select]
./certbot-auto certonly --email youremail@server.com --agree-tos --renew-by-default -d your-domain.comyouremail@server.com -> replace by real emailyour-domain.com -> replace with your domain
you can create your-domain.com, www.your-domain.com, mail.your-domain.com, ftp.your-domain.com, whatever.your-domain.com certificate BUT ...
DOMAIN OR SUBDOMAIN MUST BE POINTED TO A RECORD IN DNS SERVER!!! SUBDOMAINS POINTED TO CNAME RECORD WILL RETURN ERROR AND THE SSL CERTIFICATE WILL NOT BE CREATED!!!
Once your SSL Certificate is created with the key, they will be placed as it follows:
SSL Certificate:
Code: [Select]
/etc/letsencrypt/live/your-domain.com/fullchain.pemSSL Key:Code: [Select]
/etc/letsencrypt/live/your-domain.com/privkey.pemNow let`s check your SSL Certificate:Code: [Select]
https://www.ssllabs.com/ssltest/analyze.html?d=your-site.com&latestLet`s try the renew:Code: [Select]
./certbot-auto renewIf you get something like this:Code: [Select]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/your-domain.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
The following certs are not due for renewal yet:
/etc/letsencrypt/live/your-domain.com/fullchain.pem (skipped)
No renewals were attempted.Than you are ok.Let`s add Certbot renew to crontab:
Code: [Select]
crontab -eLet`s set it to try the renew twice a day:Code: [Select]
0 0,12 * * * /root/certbot-auto renew >> /var/log/le-renew.log
Close and save the crontab. You are done. Have fun with your new SSL Certificate and GREEN bar in your browser for FREE.83
Installation / Re: ipv6 errors while setting up
« on: October 07, 2017, 06:44:04 AM »
As much as I know CWP still don`t support IPv6. May be in future releases will be added. For the moment it`s pointless. You can count on the fingers of your both hands the people here asking about and using IPv6. For most of the people (mostly the people who just started to use Linux) it`s hard to figure out with 1-2 IPs v4 settings, not to talk to give them 18 trillion IPs v6. The people who wants and uses IPv6 already have basic skills how to add it to the system and to enable it for web server. May be more skills ... 
84
I can build it / Re: SSH access block
« on: October 06, 2017, 08:35:18 PM »
In /root edit .bash_cwp with your favourite editor, delete all the lines, write there what you want, save it and relog. Have fun.
85
CentOS 7 Problems / Re: ssl On Port 2031
« on: October 06, 2017, 08:28:39 PM »
What you mean you can`t secure it? It`s giving you a red status bar on the browser and asking you to proceed unsafety?
86
CentOS 7 Problems / Re: give error bind
« on: October 06, 2017, 08:27:22 PM »
Can you paste please your named.conf because from what I see you declare ns1 and ns2 two times.
87
CentOS 7 Problems / Re: hello my freinds please help me
« on: October 06, 2017, 08:25:29 PM »
Are you sure you are on RAID 0? Did you checked the configuration of the RAID? Did you added the 2nd HDD after the install of the CentOS?
If both of them was connected on before the installation and you was on RAID 0, then CentOS installation should see them and use both of them. (I`m sure about it because before I was using RAID 0 on my server (now RAID 1+0 and it sees only 1 HDD(second one is for backups))).
If you added the 2nd HDD after the installation you need to add it manually to CentOS (partitions, fs, fstab, ...). A bit annoying job, but nothing special.
Please check and give me answers of the questions I asked so I know how to help you.
If both of them was connected on before the installation and you was on RAID 0, then CentOS installation should see them and use both of them. (I`m sure about it because before I was using RAID 0 on my server (now RAID 1+0 and it sees only 1 HDD(second one is for backups))).
If you added the 2nd HDD after the installation you need to add it manually to CentOS (partitions, fs, fstab, ...). A bit annoying job, but nothing special.
Please check and give me answers of the questions I asked so I know how to help you.
88
Scripts / Re: StingRay's Dark Theme for CWP
« on: October 02, 2017, 07:01:32 AM »
Nah. Didn`t work for me on CWP6. Added in the script chattr -i after cd to custom.css and chattr +i at the end of the script. I run the script, it insert everything in the custom.css - nothing. Moved custom.css to /root and run the script - nothing. Logged out, logged in - same. Am I doing something wrong?
89
New Modules / Re: Real User Used Quota
« on: September 29, 2017, 04:57:45 AM »
Just replace:
Your error was coming from the comments I put here:
<- Added for no warnings
<- Added for no warnings
<- Added for "Division by zero" error
It was my bad assuming that people know that they need to remove that comments. Anyway, replace the code like I put it now and it will be ok.
Code: [Select]
<?php
$packageMaxQuotaBytes = $result[$i]['disk_quota'] * 1024 * 1024;
$usedQuotaPercent = round($allQuota * 100 / $packageMaxQuotaBytes, 2);
$usedQuotaProgress = round($allQuota * 100 / $packageMaxQuotaBytes, 0);
echo "[$usedQuotaPercent %]";
$progressBarClass = 'progressBarGreen';
if ($usedQuotaProgress > 50) {
$progressBarClass = 'progressBarOrange';
}
if ($usedQuotaProgress > 90) {
$progressBarClass = 'progressBarRed';
}
?>
With:Code: [Select]
<?php
$usedQuotaPercent = null;
$usedQuotaProgress = null;
$packageMaxQuotaBytes = $result[$i]['disk_quota'] * 1024 * 1024;
if ($packageMaxQuotaBytes == "0") {
echo "Unlimited";
} else {
$usedQuotaPercent = round($allQuota * 100 / $packageMaxQuotaBytes, 2);
$usedQuotaProgress = round($allQuota * 100 / $packageMaxQuotaBytes, 0);
}
echo "[$usedQuotaPercent %]";
$progressBarClass = 'progressBarGreen';
if ($usedQuotaProgress > 50) {
$progressBarClass = 'progressBarOrange';
}
if ($usedQuotaProgress > 90) {
$progressBarClass = 'progressBarRed';
}
?>
Your error was coming from the comments I put here:
<- Added for no warnings
<- Added for no warnings
<- Added for "Division by zero" error
It was my bad assuming that people know that they need to remove that comments. Anyway, replace the code like I put it now and it will be ok.
90
CentOS 7 Problems / Re: Can`t install CentOS7
« on: September 21, 2017, 06:04:55 PM »
Question to studio4host:
I`m planning to buy a bit better rig than this old HP ProLiant DL380 G5 with the plan to host just an online shop and a WHMCS. The future rig is:
FUJITSU PRIMERGY RX600 S5
CPU: 4 x Intel Xeon Octa-Core X7560 (2.27GHz, Up to 2.67GHz, 24MB L3 Cache)
RAM: 131072MB (128GB) DDR3 ECC Registered (Up to 1024GB)
RAID: 8 Port SAS RAID 0/1 or RAID 5/6 Controller
LAN: 4 x 10/100/1000 Gigabit Ethernet
USB/RJ: 6xUSB 2.0, VGA, 4xRJ-45, Serial Port
PSU: 4 x 850W
Do you think that CentOS 7 and future CentOS 8 will install on this stuff without problems and having to do stuff in the installer? And also do you think that this rig will be enough for an online shop and WHMCS?
I`m planning to buy a bit better rig than this old HP ProLiant DL380 G5 with the plan to host just an online shop and a WHMCS. The future rig is:
FUJITSU PRIMERGY RX600 S5
CPU: 4 x Intel Xeon Octa-Core X7560 (2.27GHz, Up to 2.67GHz, 24MB L3 Cache)
RAM: 131072MB (128GB) DDR3 ECC Registered (Up to 1024GB)
RAID: 8 Port SAS RAID 0/1 or RAID 5/6 Controller
LAN: 4 x 10/100/1000 Gigabit Ethernet
USB/RJ: 6xUSB 2.0, VGA, 4xRJ-45, Serial Port
PSU: 4 x 850W
Do you think that CentOS 7 and future CentOS 8 will install on this stuff without problems and having to do stuff in the installer? And also do you think that this rig will be enough for an online shop and WHMCS?
