Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - dinho

Pages: [1] 2
1
CentOS 7 Problems / Re: After centos update, all sites go to test page
« on: February 07, 2022, 05:52:02 PM »
this is because you must have updated the templates. You must have never done a rebuild and probably edited the vhost files as well. so when cwp updates you must update the vhost templates and give a rebuild, so you lose everything.

edit the templates too. so when the rebuild is done the templates will contain the predefined settings

2
CentOS 7 Problems / Api rest CWP with error in CORS
« on: February 07, 2022, 05:06:48 PM »
I'm developing an interface that uses the Api rest of the CWP, however, even putting % in the origin of the Apimanager settings, it still has CORS errors.
Does anyone know how to disable cors for API?

3
SSL / how to enable nginx QUIC HTTP/3?
« on: December 05, 2021, 10:24:55 PM »
Would you like to know how to enable http2 + quic in nginx?

I tried to do an installation here and got it using https://copr.fedorainfracloud.org/coprs/ryoh/nginx-quic/

meu nginx

Code: [Select]
# nginx -V
nginx version: nginx/1.21.0 (nginx-quic-1.21.0-1.el8.ac0398da8f23.88df13d73d5a74505f046f0bf37fb2fb3e1f1a58)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --with-debug --with-cc-opt='-I../boringssl/include -O3 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -ftree-vectorize -flto=8 -ffat-lto-objects -fuse-ld=gold -fuse-linker-plugin -Wformat -Wno-strict-aliasing -Wno-stringop-truncation -DTCP_FASTOPEN=23' --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto -Wl,-z,relro -Wl,-E -lrt -ljemalloc -lpcre -flto=8 -fuse-ld=gold' --with-zlib=../cf-zlib --with-zlib-opt= --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_body_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --build=nginx-quic-1.21.0-1.el8.ac0398da8f23.88df13d73d5a74505f046f0bf37fb2fb3e1f1a58 --with-threads --with-file-aio --with-libatomic --with-compat --with-pcre --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_quic_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_geoip_module=dynamic --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module --with-stream_quic_module --add-dynamic-module=../njs/nginx --add-dynamic-module=../ngx_brotli --add-dynamic-module=../ngx_http_geoip2_module --add-dynamic-module=../nginx-module-vts --add-dynamic-module=../echo-nginx-module --add-dynamic-module=../headers-more-nginx-module

I did a first test and it seems to be working but it is getting the certificate from the panel and not from vhost nginx


is someone already using it?

4
CentOS 7 Problems / Re: Cant Install PHP All version CWP Pro
« on: March 23, 2021, 04:55:59 PM »
do not use cwp php, install cwp and docker, use only nginx as a reverse proxy pointing to your php container you want!

native cwp and php is a headache for sure!
you’ll have a problem at one time or another! it's a fact!

5
do not use cwp php, install cwp and docker, use only nginx as a reverse proxy pointing to your php container you want!

native cwp and php is a headache for sure!
you’ll have a problem at one time or another! it's a fact!

6
CentOS 7 Problems / Re: Wordpress is not working
« on: March 23, 2021, 04:49:25 PM »
you need to go to Select WebServers >>>> WebServers Domain Conf

and assign the php.
select apache> php or nginx -> php

if needed, you can edit the configuration in WebServers Conf Editor


then you need to upload your wordpress the way you set it up. In the configuration file for your domain you have the path.

If everything goes well there will be no mistakes.

If you have errors, paste the errors here.

7
CentOS 7 Problems / CWP SSL letsencrypt install errors
« on: March 23, 2021, 04:43:51 PM »
I am noticing that for a month now, cwp does not install SSL on the domain.
Has anyone else noticed this?

I installed centos 7 on a vps, installed the latest version of cwp and added a domain. until all is well. However when I install the ssl I get an error that is not possible to install.

I tested on 3 different VPS the 3 gave the same error that it is not possible to install SSl in the domain.

Only in new installations is this happening

Is anyone else going through this?

8
CentOS 7 Problems / Re: TLSv1.3
« on: March 22, 2021, 07:48:46 PM »
Confirmed works perfect with CWP centos 7 and OpenSSL 1.1.1h

here solution:
https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727


nginx -V
nginx version: nginx/1.19.6
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1h  22 Sep 2020
TLS SNI support enabled


intructions:
download all files from https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727
up to server and change permission execute: chmod +x openssl-1.1-compile.sh
execute with: ./openssl-1.1-compile.sh

execute: sudo systemctl reload

and all works perfect!

9
SSL / CWP Erro ssl domain
« on: March 22, 2021, 04:23:08 PM »
I'm having trouble installing ssl.
every time I try to make the same mistake
even deleting everything and reinstalling the cwp always gives the same error for all domains that I enter

Do not install ssl and always give the same error.

[Mon Mar 22 14:10:32 -02 2021] Running cmd: issue
[Mon Mar 22 14:10:32 -02 2021] _main_domain='xxxx.com.br'
[Mon Mar 22 14:10:32 -02 2021] _alt_domains='no'
[Mon Mar 22 14:10:32 -02 2021] Using config home:/root/.acme.sh
[Mon Mar 22 14:10:32 -02 2021] default_acme_server
[Mon Mar 22 14:10:32 -02 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 22 14:10:32 -02 2021] DOMAIN_PATH='/root/.acme.sh/cwp_certs/xxxx.com.br'
[Mon Mar 22 14:10:32 -02 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:32 -02 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:32 -02 2021] GET
[Mon Mar 22 14:10:32 -02 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 22 14:10:32 -02 2021] timeout=
[Mon Mar 22 14:10:32 -02 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mon Mar 22 14:10:32 -02 2021] ret='0'
[Mon Mar 22 14:10:32 -02 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon Mar 22 14:10:32 -02 2021] ACME_NEW_AUTHZ
[Mon Mar 22 14:10:33 -02 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 22 14:10:33 -02 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon Mar 22 14:10:33 -02 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Mar 22 14:10:33 -02 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Mar 22 14:10:33 -02 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Mar 22 14:10:33 -02 2021] ACME_VERSION='2'
[Mon Mar 22 14:10:33 -02 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:33 -02 2021] _on_before_issue
[Mon Mar 22 14:10:33 -02 2021] _chk_main_domain='xxxx.com.br'
[Mon Mar 22 14:10:33 -02 2021] _chk_alt_domains
[Mon Mar 22 14:10:33 -02 2021] Le_LocalAddress
[Mon Mar 22 14:10:33 -02 2021] d='xxxx.com.br'
[Mon Mar 22 14:10:33 -02 2021] Check for domain='xxxx.com.br'
[Mon Mar 22 14:10:33 -02 2021] _currentRoot='/usr/local/apache/autossl_tmp/'
[Mon Mar 22 14:10:33 -02 2021] d
[Mon Mar 22 14:10:33 -02 2021] config file is empty, can not read CA_KEY_HASH
[Mon Mar 22 14:10:33 -02 2021] Using config home:/root/.acme.sh
[Mon Mar 22 14:10:33 -02 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 22 14:10:33 -02 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:33 -02 2021] Only RSA or EC key is supported. keyfile=/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Mon Mar 22 14:10:33 -02 2021] _on_issue_err
[Mon Mar 22 14:10:33 -02 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log

10
SSL / Re: AutoSSL not working on Centos7
« on: March 22, 2021, 04:20:17 PM »
a have same problem!
it is not just to delete the certificate!

even deleting everything and reinstalling the cwp always gives the same error for all domains that I enter

my log


[Mon Mar 22 14:10:32 -02 2021] Running cmd: issue
[Mon Mar 22 14:10:32 -02 2021] _main_domain='xxxx.com.br'
[Mon Mar 22 14:10:32 -02 2021] _alt_domains='no'
[Mon Mar 22 14:10:32 -02 2021] Using config home:/root/.acme.sh
[Mon Mar 22 14:10:32 -02 2021] default_acme_server
[Mon Mar 22 14:10:32 -02 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 22 14:10:32 -02 2021] DOMAIN_PATH='/root/.acme.sh/cwp_certs/xxxx.com.br'
[Mon Mar 22 14:10:32 -02 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:32 -02 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:32 -02 2021] GET
[Mon Mar 22 14:10:32 -02 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 22 14:10:32 -02 2021] timeout=
[Mon Mar 22 14:10:32 -02 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mon Mar 22 14:10:32 -02 2021] ret='0'
[Mon Mar 22 14:10:32 -02 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Mon Mar 22 14:10:32 -02 2021] ACME_NEW_AUTHZ
[Mon Mar 22 14:10:33 -02 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Mar 22 14:10:33 -02 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Mon Mar 22 14:10:33 -02 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Mon Mar 22 14:10:33 -02 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Mon Mar 22 14:10:33 -02 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Mon Mar 22 14:10:33 -02 2021] ACME_VERSION='2'
[Mon Mar 22 14:10:33 -02 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:33 -02 2021] _on_before_issue
[Mon Mar 22 14:10:33 -02 2021] _chk_main_domain='xxxx.com.br'
[Mon Mar 22 14:10:33 -02 2021] _chk_alt_domains
[Mon Mar 22 14:10:33 -02 2021] Le_LocalAddress
[Mon Mar 22 14:10:33 -02 2021] d='xxxx.com.br'
[Mon Mar 22 14:10:33 -02 2021] Check for domain='xxxx.com.br'
[Mon Mar 22 14:10:33 -02 2021] _currentRoot='/usr/local/apache/autossl_tmp/'
[Mon Mar 22 14:10:33 -02 2021] d
[Mon Mar 22 14:10:33 -02 2021] config file is empty, can not read CA_KEY_HASH
[Mon Mar 22 14:10:33 -02 2021] Using config home:/root/.acme.sh
[Mon Mar 22 14:10:33 -02 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon Mar 22 14:10:33 -02 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 22 14:10:33 -02 2021] Only RSA or EC key is supported. keyfile=/root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Mon Mar 22 14:10:33 -02 2021] _on_issue_err
[Mon Mar 22 14:10:33 -02 2021] Please check log file for more details: /root/.acme.sh/acme.sh.log

11
CentOS 7 Problems / Re: TLSv1.3
« on: February 11, 2021, 03:57:44 PM »
here solution:
https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727


I test with cwp on virtual machine and the nginx of the cwp kept working

12
CentOS 7 Problems / Re: CWP pro not work with recompile nginx and tls 1.3
« on: February 11, 2021, 03:56:37 PM »
A clean solution for cwp, I tested it and nginx worked perfectly with cwp. I just need to do the tests now.
https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727
only execute:  ./openssl-1.1-compile.sh

13
SSL / Re: CWP support for TLSv1.3
« on: February 11, 2021, 12:01:09 PM »
DNA your explanation about the compilation of nginx and tls 1.3 does not work, I tested it as you explained and simply nginx breaks


please can someone help with cwp-pro centos 7 nginx and tls1.3?

14
CentOS 7 Problems / Re: TLSv1.3
« on: February 11, 2021, 11:57:55 AM »

I have the same problem.
I tried to compile nginx with support for tls1.3 but it doesn't work.
I pay for the pro version but we don't even have an answer on the forum.

15
updates from cwp pro are manual here.

what I’ve noticed has something to do with security. because I'm doing the security of some sites and I noticed that this happens in the days that these same sites receive a lot of attacks.

I can see through the waf implanting.
but I still haven't found the connection between the attacks and the reset in the settings of the sites on nginx.

in addition to but this error only occurs precisely on the sites that are being attacked.

so i'm investigating the relationship between the attacks and the reset in the settings of 2 sites only. the rest is not changed. so discard upgrades completely.

Pages: [1] 2