Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
CentOS-WebPanel GUI / Re: force webpanel:2087 to server hostname
« on: May 17, 2025, 01:37:50 PM »I wouldn't run the non-SSL version of the admin port (be it 2030 or 2086).
Alternately, you could firewall your connection to limit incoming access with CSF. Do you connect to it via static IP so you could lock it down to allow only a handful of chosen access IPs?
Yes, thanks overseer. Agreed on the non-SSL ports - I had already disabled them.
Limiting IP access to the port would be the simplest solution! Doh! Why didn't I think of that :-(
Appreciate your assist.
2
CentOS-WebPanel GUI / Re: force webpanel:2087 to server hostname
« on: May 16, 2025, 11:43:04 PM »You just can redirect the user to hostname.com if the user accesses the panel over the own domain name. To do this you need to add the rewerite rule into the files located in:
/usr/local/cwpsrv/conf.d/
I've tried all the versions of the rewrite rules to achieve that in there without success. Will go back to it and try again. Thanks
3
CentOS-WebPanel GUI / Re: force webpanel:2087 to server hostname
« on: May 16, 2025, 11:38:01 PM »Admin panel is 2087; user panel is 2083 (to match cPanel port assignments). Do you mean the admin or user panel?
Yes, the admin panel.
The 'issue' is this: the server, correctly, responds on that port to any call via IP or virtual host DNS name;
It returns the usual 'not secured' SSL response in browsers;
click through and the header maintains the 'virtualhostname:2087';
They obviously don't have credentials to go further.
I've had enquiries relating around that from organisations who are taking out cyber insurance! Their insurance companies seemingly scan all ports of their web site address and have come back with seeing 2086 and 2087 not secured on the vhost name and identify that as a threat to the insured's assets!
We've had to explain realities of IP and DNS a few times now and I would just like to circumvent having to do that.
4
CentOS-WebPanel GUI / force webpanel:2087 to server hostname
« on: May 16, 2025, 07:41:32 AM »
I've been attempting to force the user web panel access on port 2087 to redirect or only respond to the server hostname - ie not <virtualhost>:2087
All the standard nginx ssl module redirect/rewrite tricks have failed me. Has anyone achieved this?
Thanks,
Klaus
All the standard nginx ssl module redirect/rewrite tricks have failed me. Has anyone achieved this?
Thanks,
Klaus
5
SSL / LetsEncrypt cron job failing
« on: May 14, 2022, 12:15:13 AM »
Just recently, the LE Certs update cron job has started to fail renewals - manual LE renewal via the WebPanel works just fine.
The error being:
config file is empty, can not read CA_EAB_KEY_ID
config file is empty, can not read CA_EAB_HMAC_KEY
config file is empty, can not read CA_EMAIL
No EAB credentials found for ZeroSSL, let's get one
It appears to be using the correct CA: Using CA: https://acme.zerossl.com/v2/DV90
and the email is already registered via acme.sh --register-account -m <email>
As mentioned, the manual update (Renew Now) via the ssl_certificate module works correctly, it is the acme.sh --cron --home "/root/.acme.sh/cwp_certs" which fails.
Thanks, Klaus
The error being:
config file is empty, can not read CA_EAB_KEY_ID
config file is empty, can not read CA_EAB_HMAC_KEY
config file is empty, can not read CA_EMAIL
No EAB credentials found for ZeroSSL, let's get one
It appears to be using the correct CA: Using CA: https://acme.zerossl.com/v2/DV90
and the email is already registered via acme.sh --register-account -m <email>
As mentioned, the manual update (Renew Now) via the ssl_certificate module works correctly, it is the acme.sh --cron --home "/root/.acme.sh/cwp_certs" which fails.
Thanks, Klaus
6
Apache / Re: Conf files reset problem
« on: January 03, 2022, 01:54:31 PM »
Not going to solve your problems but could help your sleep:
I have adjusted /etc/anacrontab to have:
START_HOURS_RANGE=9-22
That way it won't run in the middle of the night with surprise alarms or errors before you are in the office! I think the standard is hours "3-22" thus your 3-4am wake up call.
I have adjusted /etc/anacrontab to have:
START_HOURS_RANGE=9-22
That way it won't run in the middle of the night with surprise alarms or errors before you are in the office! I think the standard is hours "3-22" thus your 3-4am wake up call.
7
CentOS-WebPanel Bugs / Re: all my websites Account Suspended
« on: December 29, 2021, 05:34:49 AM »
I don't think that the bandwidth quota / suspend action starting to work is the problem - unless the bandwidth reading is wrong.
The issue would appear to be that the .bandwidth files in /usr/local/cwp/users/suspended/ would not delete under associated actions -eg change limits, change packages, suspend/unsuspend. They need to be removed manually.
The issue would appear to be that the .bandwidth files in /usr/local/cwp/users/suspended/ would not delete under associated actions -eg change limits, change packages, suspend/unsuspend. They need to be removed manually.
8
CentOS-WebPanel Bugs / Re: all my websites Account Suspended
« on: December 29, 2021, 04:15:01 AM »
I too woke up with a number of accounts suspended on different servers.
I attempted to change packages; change webservers; and a number of other fixes but found that it wouldn't remove .bandwidth listings from: /usr/local/cwp/users/suspended/
Several were in there even though they were within their quota limits.
After removing those *.bandwidth files, I had to manually rebuild the VHOSTs Conf. I did so by adding/editing/changing the domain config file and selecting 'rebuild configuration' - I couldn't find a way to force rebuild all Vhosts so had to do each effected one manually.
On a few occasions I also had to restart the Apache/NGinx servers
Hope that helps and I'm not hit with that again after the next cronjob run!
I attempted to change packages; change webservers; and a number of other fixes but found that it wouldn't remove .bandwidth listings from: /usr/local/cwp/users/suspended/
Several were in there even though they were within their quota limits.
After removing those *.bandwidth files, I had to manually rebuild the VHOSTs Conf. I did so by adding/editing/changing the domain config file and selecting 'rebuild configuration' - I couldn't find a way to force rebuild all Vhosts so had to do each effected one manually.
On a few occasions I also had to restart the Apache/NGinx servers
Hope that helps and I'm not hit with that again after the next cronjob run!
9
Information / Re: CWP Pro on NAT LAN
« on: June 21, 2021, 12:02:50 AM »
Thanks Igor
Will it work on an IP-NAT config if the Public IP is NAT'd on ports 80/443?
Klaus
Will it work on an IP-NAT config if the Public IP is NAT'd on ports 80/443?
Klaus
10
Information / CWP Pro on NAT LAN
« on: June 16, 2021, 01:16:09 AM »
I'm setting up a Dev machine on a LAN but NOT exposing ports 80/443.
Is it possible to upgrade to the Pro version? Does it need these ports open or is there another port to expose?
Thanks, Klaus.
Is it possible to upgrade to the Pro version? Does it need these ports open or is there another port to expose?
Thanks, Klaus.
11
E-Mail / policyd - website emails
« on: October 20, 2020, 10:03:05 AM »
I am making the assumption that policyd control only relates to user emails (via client or webmail etc) and not emails emanating from the user's website.
I base that on not being able to rate limit emails from a website user.
Is it possible to include site generated emails into this module? Or am I perhaps missing something?
Thanks
Klaus
I base that on not being able to rate limit emails from a website user.
Is it possible to include site generated emails into this module? Or am I perhaps missing something?
Thanks
Klaus
12
SSL / Re: FTP SSL issue
« on: April 18, 2020, 02:11:52 AM »
The two servers I did the 'change hostname' on failed after the daily cron this morning! Apache wouldn't restart because of missing key/bundle files. I had to manually copy and symlink to get it back up. I think it has to do with the 'hostname.bundle' not updating in the latest scripts. I might move this to bugs when I gather more data.
13
SSL / Re: FTP SSL issue
« on: April 17, 2020, 01:22:33 AM »
Thanks ejsolutions, that did the trick.
I assume it is a glitch in the system (as it is the same on all of my cwp servers) and having to manually force won't be a 3 monthly event.
Cheers, Klaus
I assume it is a glitch in the system (as it is the same on all of my cwp servers) and having to manually force won't be a 3 monthly event.
Cheers, Klaus
14
SSL / FTP SSL issue
« on: April 17, 2020, 12:56:09 AM »
I note that the "hostname.pem" in /etc/pki/tls/private/ is not updating and thus showing an expired certificate for FTP sessions:
-rw------- 1 root root 1679 Feb 28 00:05 hostname.key
-rw------- 1 root root 5234 Sep 1 2019 hostname.pem
Any suggestions on how to rebuild and deploy that?
Thanks. Klaus
-rw------- 1 root root 1679 Feb 28 00:05 hostname.key
-rw------- 1 root root 5234 Sep 1 2019 hostname.pem
Any suggestions on how to rebuild and deploy that?
Thanks. Klaus
15
Updates / cwp-httpd update fails
« on: August 11, 2019, 12:28:54 AM »
I have a couple of Pro servers where the cwp-httpd 2.4.39-3 update is failing with the following messages (from command line):
--> Running transaction check
---> Package cwp-httpd.x86_64 0:2.4.34-1 will be updated
---> Package cwp-httpd.x86_64 0:2.4.39-3 will be an update
--> Finished Dependency Resolution
Running transaction
Updating : cwp-httpd-2.4.39-3.x86_64 1/2
Error unpacking rpm package cwp-httpd-2.4.39-3.x86_64
warning: /usr/local/apache/conf.d/autossl_proxy.conf created as /usr/local/apache/conf.d/autossl_proxy.conf.rpmnew
error: unpacking of archive failed on file /usr/local/apache/conf/extra/httpd-userdir.conf: cpio: rename
cwp-httpd-2.4.34-1.x86_64 was supposed to be removed but is not!
Verifying : cwp-httpd-2.4.34-1.x86_64 1/2
Verifying : cwp-httpd-2.4.39-3.x86_64 2/2
Failed:
cwp-httpd.x86_64 0:2.4.34-1 cwp-httpd.x86_64 0:2.4.39-3
----------------
Any suggestions to resolve that?
Thanks.
--> Running transaction check
---> Package cwp-httpd.x86_64 0:2.4.34-1 will be updated
---> Package cwp-httpd.x86_64 0:2.4.39-3 will be an update
--> Finished Dependency Resolution
Running transaction
Updating : cwp-httpd-2.4.39-3.x86_64 1/2
Error unpacking rpm package cwp-httpd-2.4.39-3.x86_64
warning: /usr/local/apache/conf.d/autossl_proxy.conf created as /usr/local/apache/conf.d/autossl_proxy.conf.rpmnew
error: unpacking of archive failed on file /usr/local/apache/conf/extra/httpd-userdir.conf: cpio: rename
cwp-httpd-2.4.34-1.x86_64 was supposed to be removed but is not!
Verifying : cwp-httpd-2.4.34-1.x86_64 1/2
Verifying : cwp-httpd-2.4.39-3.x86_64 2/2
Failed:
cwp-httpd.x86_64 0:2.4.34-1 cwp-httpd.x86_64 0:2.4.39-3
----------------
Any suggestions to resolve that?
Thanks.
Pages: [1] 2
