Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: 1 [2]
16
CentOS-WebPanel Bugs / [BUG] Nginx + Apache Force HTTPS (Redirect Loop)
« on: August 12, 2018, 05:05:44 PM »
Hello,
If you force https in htaccess when you are using Apache+Nginx as reverse proxy you may end up with redirect loop.
Redirect code .htaccess
Using the above code will end up with redirect loop
Its because Vhost of nginx ssl is not passing correct parameter for proxy_pass
Right now what we have
We need to replace http with https and port 8181 with 8443
Restart Nginx
If you force https in htaccess when you are using Apache+Nginx as reverse proxy you may end up with redirect loop.
Redirect code .htaccess
Code: [Select]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]Using the above code will end up with redirect loop
Its because Vhost of nginx ssl is not passing correct parameter for proxy_pass
Right now what we have
Code: [Select]
proxy_pass http://xxx.xxx.xxx.xxx:8181;We need to replace http with https and port 8181 with 8443
Code: [Select]
proxy_pass https://xxx.xxx.xxx.xxx:8443;Restart Nginx
Code: [Select]
service nginx restart17
CentOS-WebPanel Bugs / [BUG] 2times DKIM Signing
« on: August 09, 2018, 03:32:51 AM »
Hello,
When you enable "AntiSpam/AntiVirus (recommended): ClamAV, Amavis & Spamassassin, Requires 1Gb+ RAM"
The mail send sign DKIM key two times. Below is log
Raw header of Gmail shows
When you enable "AntiSpam/AntiVirus (recommended): ClamAV, Amavis & Spamassassin, Requires 1Gb+ RAM"
The mail send sign DKIM key two times. Below is log
Code: [Select]
cat /var/log/maillogQuote
Aug 8 23:20:11 server1 postfix/smtpd[22593]: connect from localhost[127.0.0.1]
Aug 8 23:20:11 server1 postfix/smtpd[22593]: 72D88E07B0: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=email@yourdomain.com
Aug 8 23:20:11 server1 postfix/cleanup[22646]: 72D88E07B0: message-id=<ef240cb8f48b4c21dd3a3605d00c966b@yourdomain.com>
Aug 8 23:20:11 server1 opendkim[21907]: 72D88E07B0: DKIM-Signature field added (s=default, d=yourdomain.com)
Aug 8 23:20:11 server1 postfix/qmgr[21897]: 72D88E07B0: from=<email@yourdomain.com>, size=589, nrcpt=1 (queue active)
Aug 8 23:20:11 server1 postfix/smtpd[22593]: disconnect from localhost[127.0.0.1]
Aug 8 23:20:12 server1 postfix/smtpd[22696]: connect from unknown[127.0.0.1]
Aug 8 23:20:12 server1 postfix/smtpd[22696]: 18D6CE07C1: client=unknown[127.0.0.1]
Aug 8 23:20:12 server1 postfix/cleanup[22646]: 18D6CE07C1: message-id=<ef240cb8f48b4c21dd3a3605d00c966b@yourdomain.com>
Aug 8 23:20:12 server1 opendkim[21907]: 18D6CE07C1: DKIM-Signature field added (s=default, d=yourdomain.com)
Aug 8 23:20:12 server1 postfix/qmgr[21897]: 18D6CE07C1: from=<email@yourdomain.com>, size=1408, nrcpt=1 (queue active)
Aug 8 23:20:12 server1 amavis[21744]: (21744-01) Passed CLEAN {RelayedOutbound}, MYNETS LOCAL [127.0.0.1]:57904 <email@yourdomain.com> -> <test@gmail.com>, Message-ID: <ef240cb8f48b4c21dd3a3605d00c966b@yourdomain.com>, mail_id: 2a-USGxJx-nW, Hits: -1.099, size: 913, queued_as: 18D6CE07C1, dkim_sd=default:yourdomain.com, 591 ms
Aug 8 23:20:12 server1 postfix/smtp[22647]: 72D88E07B0: to=<test@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.71, delays=0.09/0/0.05/0.57, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 18D6CE07C1)
Aug 8 23:20:12 server1 postfix/qmgr[21897]: 72D88E07B0: removed
Aug 8 23:20:12 server1 postfix/smtp[22657]: 18D6CE07C1: to=<test@gmail.com>, relay=gmail-smtp-in.l.google.com[173.194.205.26]:25, delay=0.79, delays=0.05/0/0.56/0.18, dsn=2.0.0, status=sent (250 2.0.0 OK 1533784812 i3-v6si672583qkf.13 - gsmtp)
Aug 8 23:20:12 server1 postfix/qmgr[21897]: 18D6CE07C1: removed
Raw header of Gmail shows
18
CentOS-WebPanel Bugs / [BUG] RoundCube Failed Login After Upgrade
« on: August 09, 2018, 03:17:46 AM »
Hello,
The older version of roundcube was using table alias but newer version doesnt have that table. If anyone upgraded from older version to newer version may end up failing to login into roundcube with the error below.
The resolution to it is
Dropping the table 'alias' under 'roundcube --> users'
The older version of roundcube was using table alias but newer version doesnt have that table. If anyone upgraded from older version to newer version may end up failing to login into roundcube with the error below.
Code: [Select]
tail -f /usr/local/cwpsrv/var/services/roundcube/logs/errorsQuote
[09-Aug-2018 02:56:32 +0000]: <janbsfca> DB Error: [1364] Field 'alias' doesn't have a default value (SQL Query: INSERT INTO `users` (`created`, `last_login`, `username`, `mail_host`, `language`) VALUES (now(), now(), 'email@domain.com', 'localhost', 'en_US')) in /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/rcube_db.php on line 539 (POST /roundcube/?_task=login&_action=login)
[09-Aug-2018 02:56:32 +0000]: <janbsfca> PHP Error: Failed to create new user in /usr/local/cwpsrv/var/services/roundcube/program/lib/Roundcube/rcube_user.php on line 684 (POST /roundcube/?_task=login&_action=login)
[09-Aug-2018 02:56:32 +0000]: <janbsfca> PHP Error: Failed to create a user record. Maybe aborted by a plugin? in /usr/local/cwpsrv/var/services/roundcube/program/include/rcmail.php on line 641 (POST /roundcube/?_task=login&_action=login)
The resolution to it is
Dropping the table 'alias' under 'roundcube --> users'
19
SSL / [BUG] AutoSSL Centos 6
« on: August 07, 2018, 05:36:07 AM »
admin/index.php?module=ssl_certificate
Clicking renew
Produces error
[Tue Aug 7 01:33:27 EDT 2018] Renew: 'domain.com'
[Tue Aug 7 01:33:27 EDT 2018] 'domain.com' is not a issued domain, skip.
As this command is trying to run
sh /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --renew -d domain.com --force --debug
but it should run
sh /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --renew -d www.domain.com --force --debug
www is missing in front of domain.
Clicking renew
Produces error
[Tue Aug 7 01:33:27 EDT 2018] Renew: 'domain.com'
[Tue Aug 7 01:33:27 EDT 2018] 'domain.com' is not a issued domain, skip.
As this command is trying to run
sh /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --renew -d domain.com --force --debug
but it should run
sh /root/.acme.sh/acme.sh --home /root/.acme.sh/cwp_certs --renew -d www.domain.com --force --debug
www is missing in front of domain.
20
CentOS-WebPanel GUI / Broken admin/index.php?module=change_hostname
« on: July 11, 2018, 09:09:57 AM »
Hello,
Changing hostname doesnt show original hostname created. It still shows hostname as localhost.localdomain
Changing hostname doesnt show original hostname created. It still shows hostname as localhost.localdomain
21
PHP / Install php 7.2.4 and php-fpm on centos web panel
« on: March 30, 2018, 10:47:33 AM »Quote
mkdir bullten
cd bullten
wget http://am1.php.net/distributions/php-7.2.4.tar.gz
tar zxvf php-7.2.4.tar.gz
cd php-7.2.4
Quote
./configure --with-bz2 \
--prefix=/usr/local/php \
--with-apxs2=/usr/local/apache/bin/apxs \
--with-curl \
--with-libdir=/usr/lib64 \
--with-config-file-path=/usr/local/php \
--with-config-file-scan-dir=/usr/local/php/php.d \
--with-iconv \
--with-gd \
--with-jpeg-dir=/usr/local/php \
--with-png-dir \
--with-freetype-dir=/usr/local/php \
--with-kerberos \
--enable-fpm \
--enable-mbstring \
--with-mhash \
--with-mysqli \
--with-sqlite3 \
--with-mysqli=mysqlnd \
--with-mysql-sock=/var/lib/mysql/mysql.sock \
--with-xsl \
--with-pspell \
--with-openssl \
--with-gettext \
--with-pcre-regex \
--with-libxml-dir=/usr/local/php \
--with-pdo-mysql \
--with-pic \
--with-pear=/usr/local/php/pear \
--with-gmp \
--enable-zip \
--with-zlib \
--enable-inline-optimization \
--enable-mbregex \
--enable-opcache \
--enable-fpm \
--enable-posix \
--enable-calendar \
--enable-bcmath \
--enable-exif \
--enable-phar \
--enable-ftp \
--enable-pdo \
--enable-soap \
--enable-sockets \
--enable-intl \
--with-xmlrpc \
--without-pdo-sqlite
Quote
make && make install
Quote
rm -rf /usr/local/php/php.d/ioncube.ini
rm -rf /usr/local/php/php.ini
cp php.ini-production /usr/local/php/php.ini
rm -rf /usr/local/bin/php
ln -s /usr/local/php/bin/php /usr/local/bin/php
cp /root/bullten/php-7.2.4/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
Quote
cd /usr/local/php/etc
cp php-fpm.conf.default php-fpm.conf
nano php-fpm.conf
uncomment below lines
Quote
pid = run/php-fpm.pid
error_log = log/php-fpm.log
Quote
cd php-fpm.d
cp www.conf.default yourdomain.com.conf
nano yourdomain.com.conf
change to yourusername and edit other lines as needed.
Quote
user = yourusername
group = yourusername
Quote
mkdir -p /usr/local/php/log/
edit your vhost file and add the below lines just below scripalias
Quote
<LocationMatch "^/(.*\.php(/.*)?)$">
ProxyPass fcgi://127.0.0.1:9000/home/yourusername/public_html/$1
</LocationMatch>
nano /usr/local/apache/conf/httpd.conf
uncomment the below line
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
service php-fpm start
service php-fpm restart
service php-fpm status
service php-fpm stop
22
Other / Denying Installation Upon Invalid Hostname
« on: February 06, 2018, 05:33:40 PM »
Hello,
The script developers should not allow installation of CWP upon invalid hostname like domain.com.
FQDN should be followed.
https://en.wikipedia.org/wiki/Fully_qualified_domain_name
The script developers should not allow installation of CWP upon invalid hostname like domain.com.
FQDN should be followed.
https://en.wikipedia.org/wiki/Fully_qualified_domain_name
23
How to / Disable SuPHP And Use DSO with Apache 2.4.28 and PHP 5.6.33
« on: January 25, 2018, 07:39:35 PM »Quote
rm -rf /tmp/apache-build
mkdir -p /tmp/apache-build
cd /tmp/apache-build
Quote
wget http://www.eu.apache.org/dist//httpd/httpd-2.4.28.tar.gz
wget http://www.eu.apache.org/dist//apr/apr-1.6.3.tar.gz
wget http://www.eu.apache.org/dist//apr/apr-util-1.6.1.tar.gz
Quote
tar zxvf httpd-2.4.28.tar.gz
tar zxvf apr-1.6.3.tar.gz
tar zxvf apr-util-1.6.1.tar.gz
Quote
cd /tmp/apache-build/apr-1.6.3
make distclean
./configure
make
make install
Quote
cd /tmp/apache-build/apr-util-1.6.1
make distclean
./configure --with-apr=/usr/local/apr/
make
make install
Quote
cd /tmp/apache-build/httpd-2.4.28
rm -rf /usr/local/apache/conf/httpd.conf
make distclean
./configure --enable-so --prefix=/usr/local/apache --with-mpm=prefork --enable-ssl --enable-unique-id --enable-ssl=/usr/include/openssl --enable-rewrite --enable-deflate --enable-suexec --with-suexec-docroot="/home" --with-suexec-caller="nobody" --with-suexec-logfile="/usr/local/apache/logs/suexec_log" --enable-asis --enable-filter --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr --enable-headers --enable-expires --enable-proxy --enable-cgi --enable-rewrite --enable-speling
make && make install
echo "Include /usr/local/apache/conf/sharedip.conf" >> /usr/local/apache/conf/httpd.conf
echo "Include /usr/local/apache/conf.d/*.conf" >> /usr/local/apache/conf/httpd.conf
sed -i "s|DirectoryIndex index.html|DirectoryIndex index.php index.html|g" /usr/local/apache/conf/httpd.conf
mv /usr/local/apache/conf.d/suphp.conf /usr/local/apache/conf/suphp.conf
Quote
cd /tmp/php-build/
wget http://fr2.php.net/distributions/php-5.6.33.tar.gz
tar zxvf php-5.6.33.tar.gz
cd php-5.6.33
make distclean
./configure --with-apxs2=/usr/local/apache/bin/apxs --with-zlib --enable-soap --enable-exif --with-config-file-path=/usr/local/php --with-config-file-scan-dir=/usr/local/php/php.d --enable-phar --enable-bcmath --enable-calendar --with-curl --with-iconv --with-mysql --with-mysqli --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-mcrypt --with-gettext --with-xsl --with-xmlrpc --with-pdo-mysql=mysqlnd --enable-posix --enable-ftp --with-openssl --enable-mbstring --with-jpeg-dir=/usr --with-freetype-dir=/usr --with-kerberos --with-xsl --with-bz2 --enable-sockets --enable-zip --with-gd --enable-sockets --with-pcre-regex --libdir=/usr/lib64 --disable-cgi --with-mysql-sock=/var/lib/mysql/mysql.sock
make && make install
rm -rf /usr/local/php/php.ini
cp php.ini-production /usr/local/php/php.ini
sed -i "s|.*modules/libphp5.so.*||g" /usr/local/apache/conf/httpd.conf
Quote
wget --output-document="/usr/local/apache/conf.d/php.conf" http://dl-package.bullten.in/cwp/files/dso/php.txt
uncomment
Quote
LoadModule proxy_module modules/mod_proxy.so
LoadModule rewrite_module modules/mod_rewrite.so
Quote
ln -s /usr/local/apache/bin/httpd /usr/sbin/httpd
service httpd restart
Quote
chmod 755 /home/user/public_html
24
Apache / Protect Your Server Against Symlink Attack
« on: January 15, 2018, 09:15:43 PM »
Hello,
Cloudlinux released kernel based patch for free to protect server against symlink attack
https://www.cloudlinux.com/kernelcare-blog/entry/symlink-protection-patchset-centos-6-7-kernelcare
[root@localhost ~]# kcarectl --info
kpatch-state: patch is applied
kpatch-for: Linux version 3.10.0-514.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016
kpatch-build-time: Fri Dec 8 11:14:03 2017
kpatch-description: 223-free;
Cloudlinux released kernel based patch for free to protect server against symlink attack
https://www.cloudlinux.com/kernelcare-blog/entry/symlink-protection-patchset-centos-6-7-kernelcare
[root@localhost ~]# kcarectl --info
kpatch-state: patch is applied
kpatch-for: Linux version 3.10.0-514.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016
kpatch-build-time: Fri Dec 8 11:14:03 2017
kpatch-description: 223-free;
Pages: 1 [2]
