Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
796
Tomcat / Re: Tomcat Server
« on: March 11, 2023, 05:28:56 PM »
You mean it installs and works in the admin panel, but isn't available in the user panel (:2083)?
Have you looked under User Accounts > Features,Themes,Languages (under the section Domains > Tomcat Manager) ?
Have you looked under User Accounts > Features,Themes,Languages (under the section Domains > Tomcat Manager) ?
797
How to / Re: [Tutorial] How to install SSL on hostname?
« on: March 11, 2023, 05:16:39 PM »1 - Check that you should have an A record for the hostname. For example if your server hostname is cp.hostinpk.com, then you should have an A record for "cp" pointing to server IPI think this is the "secret sauce" of this method. For whatever reason, LE or CWP seems to prefer actual A records. CNAME records tend to fail. So for instance, the "service" hostnames such as mail, ftp, cpanel, webmail need to be A records in your DNS setup, NOT CNAME alias records.
798
CentOS 7 Problems / Re: Unable to load dynamic library 'sodium.so'
« on: March 11, 2023, 05:12:02 PM »
Is it enabled in the build config for php74?
I have sodium.so in 3 places on a CWP server:
I have sodium.so in 3 places on a CWP server:
Code: [Select]
/opt/alt/php-fpm81/usr/lib/php/extensions/no-debug-non-zts-20210902/sodium.so
/usr/local/lib/php/extensions/no-debug-non-zts-20180731/sodium.so
/usr/local/lib/php/extensions/no-debug-non-zts-20190902/sodium.so
799
Varnish / Re: Varnish Cache Age 0
« on: March 11, 2023, 05:08:02 PM »
Are you checking HTTP reply headers?
Quote
What is the purpose of the X-Varnish HTTP header?
The X-Varnish HTTP header allows you to find the correct log-entries for the transaction. For a cache hit, X-Varnish will contain both the ID of the current request and the ID of the request that populated the cache. It makes debugging Varnish a lot easier.
800
E-Mail / Re: Cannot Reply To Messages - RoundCube
« on: March 11, 2023, 05:03:52 PM »
Standard advice applies: use Comodo rules for Mod Security. OWASP ruleset is to persnickety and requires a lot of manual tuning. Otherwise you will see odd glitches like this!
801
SSL / Re: Nginx, Varnish, Apache + WordPress SSL
« on: March 11, 2023, 04:52:03 PM »
I'll just say that's a complex chain to troubleshoot. Cloudflare is easy to bypass in Developer mode for testing, so you can remove it temporarily while troubleshooting. I would consider omitting either Nginx or Varnish out of the chain, unless you really, really need to milk every last drop of performance out of your server. But if that's the case, it's probably a better proposition to upgrade your service or hardware. You could also drop Apache and just have Nginx as your HTTP server for better performance. I have WP sites running under Nginx just fine, very performant.
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
802
Other / Re: I am not sure if Varnish is working or not.
« on: March 11, 2023, 04:43:09 PM »
Did you look at the HTTP headers in the source view?
Quote
The X-Varnish HTTP header allows you to find the correct log-entries for the transaction. For a cache hit, X-Varnish will contain both the ID of the current request and the ID of the request that populated the cache. It makes debugging Varnish a lot easier.
803
SSL / Re: AutoSSL not working
« on: March 11, 2023, 04:39:20 PM »
Make sure your HTTP server doesn't have a 301 redirect from HTTP to HTTPS. To get an SSL cert, it needs to be negotiated via HTTP, so http://domain.com/.well-known/acme-challenge/ needs to be accessible. Forwarding to https:// means it won't work.
Also, on one server I had to use Cloudflare's DNS authenticator method with LetsEncrypt, instead of the normal HTTP challenge. Token based authentication with Cloudflare worked immediately and has renewed successfully for several years now.
Also, on one server I had to use Cloudflare's DNS authenticator method with LetsEncrypt, instead of the normal HTTP challenge. Token based authentication with Cloudflare worked immediately and has renewed successfully for several years now.
804
Installation / Re: HOME SERVER QUESTION
« on: March 11, 2023, 04:34:35 PM »
Well shucks, you're going to make me blush!
Actually, home servers are a bit of a specialty of mine, since I've been running home mail servers & FTP servers going on 25 years now. I've run the gamut on lowly DSL, better cable connections, fiber to the home, then shifted over to business fiber with static IPs and now I'm in data centers mostly with co-located servers on symmetric gigabit connections -- unmetered, with network engineering and remote hands support. So yeah, been there right where you are! So I know it's doable, but I also know some pitfalls (one major ISP blocks port 25, other large cable companies block port 80 upstream). So it's a fun hobby, but I'd also consider pro-level co-location or make sure running servers is explicitly allowed in your ToS (terms of service).
Here's some serious food for thought: buy a 2012 Mac mini and get it hosted with MacStadium or MacMiniVault/CyberLynk -- $50/mo. This gets you a quad core i7 with 16GB of memory, space for 2 onboard SATA SSDs. You can plugin 4 USB3 SSDs or backup flash drives. You don't have to run macOS either -- you can bare metal CentOS or AlmaLinux on it, or ESXi and run VMs. I've found this to be a very viable solution and haven't gone back to self-hosting, apart from a disaster recovery box local mirror.
Actually, home servers are a bit of a specialty of mine, since I've been running home mail servers & FTP servers going on 25 years now. I've run the gamut on lowly DSL, better cable connections, fiber to the home, then shifted over to business fiber with static IPs and now I'm in data centers mostly with co-located servers on symmetric gigabit connections -- unmetered, with network engineering and remote hands support. So yeah, been there right where you are! So I know it's doable, but I also know some pitfalls (one major ISP blocks port 25, other large cable companies block port 80 upstream). So it's a fun hobby, but I'd also consider pro-level co-location or make sure running servers is explicitly allowed in your ToS (terms of service).
Here's some serious food for thought: buy a 2012 Mac mini and get it hosted with MacStadium or MacMiniVault/CyberLynk -- $50/mo. This gets you a quad core i7 with 16GB of memory, space for 2 onboard SATA SSDs. You can plugin 4 USB3 SSDs or backup flash drives. You don't have to run macOS either -- you can bare metal CentOS or AlmaLinux on it, or ESXi and run VMs. I've found this to be a very viable solution and haven't gone back to self-hosting, apart from a disaster recovery box local mirror.
805
Updates / Re: warning: %post(cwp-httpd-2.4.55-1.x86_64) scriptlet failed, exit status 1
« on: March 11, 2023, 04:23:07 PM »
Try with Comodo ruleset for Mod Security. OWASP ruleset is a good bit more persnickety.
806
Installation / Re: mail server only
« on: March 11, 2023, 10:35:24 AM »
Be aware that if you are using LetsEncrypt for SSL cert generation, AutoSSL defaults to HTTP authentication (/.well-known/acme-challenge/). So if you lock down HTTP/HTTPS, you would have to choose another authenticator. On one server, I am using authenticator = dns-cloudflare and it works flawlessly with their token authentication.
807
DKIM / Re: How to implement 2048 bit DKIM keys on CWP servers.
« on: March 11, 2023, 10:26:56 AM »
Have you looked at OpenDKIM?
https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
808
CentOS-WebPanel Bugs / Re: Emails screen not loading
« on: March 11, 2023, 10:17:17 AM »
Now that is truly bizarre... on one of my CWP Pro servers, the forwarder module is missing!
?module=forwaders_email does not exit!
But this solves it:
http://forum.centos-webpanel.com/index.php?topic=12025.msg41471#msg41471
And since it was for the client that is basically 1:1 utilizing the whole server, I went ahead and gave them all access to everything under Features,Themes,Languages. Hopefully they don't shoot themselves in the foot with all their new toys!
?module=forwaders_email does not exit!
But this solves it:
http://forum.centos-webpanel.com/index.php?topic=12025.msg41471#msg41471
And since it was for the client that is basically 1:1 utilizing the whole server, I went ahead and gave them all access to everything under Features,Themes,Languages. Hopefully they don't shoot themselves in the foot with all their new toys!
809
CentOS 7 Problems / Re: Error in trasnfer File
« on: March 11, 2023, 09:49:21 AM »
How much space do you have available and what is the size of the account you are transferring? Are you factoring in the mail in /var/vmail?
810
Apache / Re: Apache MPM configuration
« on: March 09, 2023, 03:41:27 PM »
Yes, those comparisons are all well and good, but use whatever fits your use case. I have one server with 30+ customers on Apache, since it is normal and approachable to them and they can use .htaccess files. Another server is Nginx because it is about 5 sites under one customer and is heavily trafficked and tends to be PHP-heavy. Another server runs Apache for a single customer (1:1), running Magento. So use what fits best!
