This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
91
PHP / CWP linking to wrong directory for php.ini when changing to php-FPM
« on: June 07, 2019, 08:26:43 AM »
Hi guys,
I had not realised this before however, on my server:
If i change to php-fpm,
Dashboard>PHP settings>PHP Simple Editor/PHP.ini configuration are both incorrectly still displaying and using /usr/local/php/php.ini
If i add info.php file into one of the usr/public_html directories and run the file in the web browser, the following is the correct location for php.ini
/opt/alt/php-fpm73/usr/php/php.ini
So in order to edit the correct php.ini file, one has to access it via Dashboard>PHP Settings>PHP Seclector> PHP-FPM x.x >Edit php.ini
I just spent an hour trying to figure out what the hell was going on on a wordpress website because of this bug in my system.
Is there a way of manually fixing this in CWP so that PHP Simple Editor, and PHP.ini Configuration both point at the correct FPM directory?
I had not realised this before however, on my server:
If i change to php-fpm,
Dashboard>PHP settings>PHP Simple Editor/PHP.ini configuration are both incorrectly still displaying and using /usr/local/php/php.ini
If i add info.php file into one of the usr/public_html directories and run the file in the web browser, the following is the correct location for php.ini
/opt/alt/php-fpm73/usr/php/php.ini
So in order to edit the correct php.ini file, one has to access it via Dashboard>PHP Settings>PHP Seclector> PHP-FPM x.x >Edit php.ini
I just spent an hour trying to figure out what the hell was going on on a wordpress website because of this bug in my system.
Is there a way of manually fixing this in CWP so that PHP Simple Editor, and PHP.ini Configuration both point at the correct FPM directory?
92
Information / TCP SYN queue of the kernel was full and sent SYN cookies
« on: June 06, 2019, 08:09:52 PM »
I got the following error from Netdata...
And i note the following in /usr/lib/netdata/conf.d/health.d/tcp_listen.conf...
So do i need to enable "fall back to SYN cookies"?
Can i add the following in /etc/sysctl.d/99-sysctl.conf
net.ipv4.tcp_syncookies = 1
Then i have done the following...
sysctl.d]# sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.eth0.accept_ra = 2
net.ipv4.tcp_syncookies = 1
Is this the right place to add this?
Will it work against possible dos flood attack on CWP?
How do i tell if it is in fact that kind of attack...ie how do i test this?
Quote
netdata notification
host1.fqdn recovered
ip.tcp_syn_queue CHART
1m tcp syn queue cookies (was warning for 1 minute and 10 seconds)
the number of times the TCP SYN queue of the kernel was full and sent SYN cookies, during the last minute ALARM
tcp FAMILY
Recovered from WARNING SEVERITY
Fri Jun 7 02:59:12 ST 2019
(was warning for 1 minute and 10 seconds) TIME
$this > 0 EVALUATED EXPRESSION
[ $this = 0 ] EXPRESSION VARIABLES
The host has 0 WARNING and 0 CRITICAL alarm(s) raised.
View Netdata
The source of this alarm is line 70@/usr/lib/netdata/conf.d/health.d/tcp_listen.conf
(alarms are configurable, edit this file to adapt the alarm to your needs)
Sent by netdata, the real-time performance and health monitoring, on host.fqdn.
And i note the following in /usr/lib/netdata/conf.d/health.d/tcp_listen.conf...
Quote
# SYN queue
# The SYN queue tracks TCP handshakes until connections are fully established.
# It overflows when too many incoming TCP connection requests hang in the
# half-open state and the server is not configured to fall back to SYN cookies.
# Overflows are usually caused by SYN flood DoS attacks (i.e. someone sends
# lots of SYN packets and never completes the handshakes).
So do i need to enable "fall back to SYN cookies"?
Can i add the following in /etc/sysctl.d/99-sysctl.conf
net.ipv4.tcp_syncookies = 1
Then i have done the following...
sysctl.d]# sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.eth0.accept_ra = 2
net.ipv4.tcp_syncookies = 1
Is this the right place to add this?
Will it work against possible dos flood attack on CWP?
How do i tell if it is in fact that kind of attack...ie how do i test this?
93
Apache / How to Change MPM to Worker or Event
« on: June 04, 2019, 02:48:07 AM »
In Centos Web Panel running Centos 7,
1. What command do we use in CWP for determining which MPM is active?
( httpd -V doesnt work as expected...throws a "-bash :httpd command not found" error)
2. What is the procedure to change MPM from Pre Fork to Worker or Event?
1. What command do we use in CWP for determining which MPM is active?
( httpd -V doesnt work as expected...throws a "-bash :httpd command not found" error)
2. What is the procedure to change MPM from Pre Fork to Worker or Event?
94
Addons / what generic settings should be used in whmcs for new products?
« on: June 02, 2019, 07:50:46 PM »
hi guys,
on small VPS systems (1-2CPU, 2-4GB RAM)
If i am setting up a variety of packages in whmcs for different webhosting plans (ie storage = 2GB, 4GB, 8Gb etc) and no email, no addons of any kind, and only 1 database
in whmcs module for cwp,
1. what are the recommended settings with a shared hosting server for
Inode (Max of Inode)
Nofile (Max of Nofile)
Nproc (NoProc limit-40 recommended)
2. If i decided the enable email functionality what defaults should i consider using
Inode
Nofile
Nproc
3. What happens with regard to user accounts if i dont apply anything to these fields?
I know Norpoc says 40 is recommended, however, i have read other forums posts stating this should be 100 or higher?
I have also read that none of these has any bearing on shared hosting because other factors are more important and provide a means of control anyway (such as ulimits)?
4. Are these limits per directory or per user account? (my understanding is they are per directory)
on small VPS systems (1-2CPU, 2-4GB RAM)
If i am setting up a variety of packages in whmcs for different webhosting plans (ie storage = 2GB, 4GB, 8Gb etc) and no email, no addons of any kind, and only 1 database
in whmcs module for cwp,
1. what are the recommended settings with a shared hosting server for
Inode (Max of Inode)
Nofile (Max of Nofile)
Nproc (NoProc limit-40 recommended)
2. If i decided the enable email functionality what defaults should i consider using
Inode
Nofile
Nproc
3. What happens with regard to user accounts if i dont apply anything to these fields?
I know Norpoc says 40 is recommended, however, i have read other forums posts stating this should be 100 or higher?
I have also read that none of these has any bearing on shared hosting because other factors are more important and provide a means of control anyway (such as ulimits)?
4. Are these limits per directory or per user account? (my understanding is they are per directory)
95
CentOS 7 Problems / Re: PHP-FPM high CPU and Mysqld
« on: May 31, 2019, 05:37:22 PM »
Why are you still running php 5.6 and not upgrading to php 7.3?
That memcached plugin I note had php7 in its url.
That memcached plugin I note had php7 in its url.
96
CentOS 7 Problems / Re: Can you help me plzz
« on: May 31, 2019, 05:32:36 PM »
Here is a post on stack exchange about doing this to regain access to root user account...
How to re-take control of the root user in MySQL.
DANGER: RISKY OPERATTION
Start session ssh (using root if possible).
Edit my.cnf file using.
sudo vi /etc/my.cnf
Add line to mysqld block.*
skip-grant-tables
Save and exit.
Restart MySQL service.
service mysql restart
Check service status.
service mysql status
Connect to mysql.
mysql
Using main database.
use mysql;
Redefine user root password.
UPDATE user SET `authentication_string` = PASSWORD('myNuevoPassword') WHERE `User` = 'root';
Edit file my.cnf.
sudo vi /etc/my.cnf
Erase line.
skip-grant-tables
Save and exit.
Restart MySQL service.
service mysqld restart
Check service status.
service mysql status
Connect to database.
mysql -u root -p
Type new password when prompted.
This action is very dangerous, it allows anyone to connect to all databases with no restriction without a user and password. It must be used carefully and must be reverted quickly to avoid risks.
How to re-take control of the root user in MySQL.
DANGER: RISKY OPERATTION
Start session ssh (using root if possible).
Edit my.cnf file using.
sudo vi /etc/my.cnf
Add line to mysqld block.*
skip-grant-tables
Save and exit.
Restart MySQL service.
service mysql restart
Check service status.
service mysql status
Connect to mysql.
mysql
Using main database.
use mysql;
Redefine user root password.
UPDATE user SET `authentication_string` = PASSWORD('myNuevoPassword') WHERE `User` = 'root';
Edit file my.cnf.
sudo vi /etc/my.cnf
Erase line.
skip-grant-tables
Save and exit.
Restart MySQL service.
service mysqld restart
Check service status.
service mysql status
Connect to database.
mysql -u root -p
Type new password when prompted.
This action is very dangerous, it allows anyone to connect to all databases with no restriction without a user and password. It must be used carefully and must be reverted quickly to avoid risks.
97
DNS / Re: DNS or Nameserver
« on: May 25, 2019, 07:23:48 PM »
I may be misunderstanding...
When you setup nameserver you also need to do the following
1. Setup a record at nameserver registrar pointing to each nameserver IP address
2. Register each nameserver with a glue record that identifies it as a nameserver on the worldwide dns network
You must fulfill both of the requirement above or nameserver dns won't work.
Do a Google search for glue records...your domain registrar should also have documentation on setting up glue records.
When you setup nameserver you also need to do the following
1. Setup a record at nameserver registrar pointing to each nameserver IP address
2. Register each nameserver with a glue record that identifies it as a nameserver on the worldwide dns network
You must fulfill both of the requirement above or nameserver dns won't work.
Do a Google search for glue records...your domain registrar should also have documentation on setting up glue records.
99
CentOS-WebPanel Bugs / Re: dovecot can't start: error in unknown setting : managesieve_max_line_length
« on: May 24, 2019, 09:29:27 PM »
As a matter of interest, you say you removed then reinstalled dovecot. How did you go about that exactly? (It appears that it did not actually reinstall?)
100
I can build it / Re: Boxbilling Integration
« on: May 23, 2019, 08:12:05 PM »
Not that I am aware of that actually works. I did try hope billing but gave up on that. In all honesty the best option....the only option is to pay for whmcs. It is a brilliant program with great support.
101
CentOS-WebPanel GUI / Re: CWP Directory Structure Not Alphabetical
« on: May 23, 2019, 08:02:34 PM »
I have never been able to understand why no one else complains about this? It's a basic requirement for any control panel file manager...the mere fact alphabetic file sorting in file manager is non functional in cwp is hard to comprehend.
Trying to manually scroll through pages of non alphabetically listed files and folders annoys the shit out of anyone (the search function is not an acceptable alternative to common sense).
Surely the fix to this would be a relatively simple one?
Trying to manually scroll through pages of non alphabetically listed files and folders annoys the shit out of anyone (the search function is not an acceptable alternative to common sense).
Surely the fix to this would be a relatively simple one?
102
Installation / Re: Configuration help
« on: May 23, 2019, 07:49:30 PM »
You say you are trialling cwp, so you are using free version?
Doesn't mod security only come with pro version?
Doesn't mod security only come with pro version?
103
Varnish / Re: Varnish won't work
« on: May 22, 2019, 10:59:11 AM »
I don't use varnish...I took a warning from another user about it literally. I might be using different language, but my interpretation of what user said was something like..."varnish is crap, don't use it" ...so I don't use it.
104
CentOS-WebPanel Bugs / Re: DocumentRoot fail if I use Generate AutoSSL option during subdomain creation
« on: May 22, 2019, 10:45:34 AM »
I get confused with this, other control panels I use put additonal domains for each user account outside public html...
/home/username/domains/
Are you talking subdomains or addon domain?
Can't subdomain use primary domain ssl?
Otherwise perhaps you need to setup as addon domain...I do it that way in virtualmin and can then use independent ssl for each. I don't have much success doing this in cwp...hence My using Virtualmin instead for more complicated hosting needs.
/home/username/domains/
Are you talking subdomains or addon domain?
Can't subdomain use primary domain ssl?
Otherwise perhaps you need to setup as addon domain...I do it that way in virtualmin and can then use independent ssl for each. I don't have much success doing this in cwp...hence My using Virtualmin instead for more complicated hosting needs.
105
CentOS-WebPanel Bugs / Re: dovecot can't start: error in unknown setting : managesieve_max_line_length
« on: May 22, 2019, 10:39:54 AM »
And also post
/etc/dovecot/dovecot.conf
/etc/dovecot/dovecot.conf