Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Darkroom

Pages: 1 ... 3 4 [5] 6
61
Suggestions / Re: Database selector, Mysql and MariaDB
« on: January 23, 2016, 04:55:43 AM »
Not Centos 7 yet, but it's in the works.

62
Suggestions / Cloud Storage module?
« on: January 16, 2016, 04:45:58 PM »
I was thinking that these days its possible to have TBs of storage on your server, even in RAID configs pretty easily. It'd be awesome to use/sell some of that as a cloud storage. I was looking around and it seems like SeaFile looks like a pretty legit OS player in this field. Maybe in a future CWP?
https://www.seafile.com/

63
How to / Re: about the size of hard disk please
« on: January 16, 2016, 06:53:19 AM »
To see if an account has backups enabled: n the CWP web interface, User Accounts -> List Accounts -> Edit Account see if Backup is checked. Backups are located in /backup

64
Apache / Re: Website server logs / wordpress etc
« on: January 15, 2016, 01:38:59 AM »
Here's my current default.vcl :
Code: [Select]
backend default { .host = "X.X.X.X"; .port = "8181";}
include "/etc/varnish/backends.vcl";
#set IP for apache logging
sub vcl_recv { include "/etc/varnish/sites.vcl";
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
# Setup grace mode.
  # Allow Varnish to serve up stale (kept around) content if the backend is
  #responding slowly or is down.
  # We accept serving 6h old object (plus its ttl)
  if (! req.backend.healthy) {
   set req.grace = 6h;
  } else {
   set req.grace = 15s;
  }
 
  # If our backend is down, unset all cookies and serve pages from cache.
  if (!req.backend.healthy) {
    unset req.http.Cookie;
  }

# Drop any cookies sent to Wordpress.
if(
        req.url ~ "^/administrator" ||
        req.url ~ "^/component/banners" ||
        req.url ~ "^/component/users" ||
        req.url ~ "^/wp-admin" ||
        req.url ~ "^/wp-login.php" ||
        req.url ~ "^/any-other-url-path"
        ) {
return (pass);
    } else if (
                req.url ~ "^/roundcube"
        ) {
return (pipe);
    } else {
unset req.http.cookie;
}
# As mentioned before, remove all cookies for static files, images etc
  # Varnish will always cache the following file types and serve them (during TTL).
  # Note that Drupal .htaccess sets max-age=1209600 (2 weeks) for static files.
  if (req.url ~ "(?i)\.(bmp|png|gif|jpeg|jpg|doc|pdf|txt|ico|swf|css|js|html|htm)(\?[a-z0-9]+)?$") {
    // Remove the query string from static files
    set req.url = regsub(req.url, "\?.*$", "");
 
    unset req.http.Cookie;
 
    # Remove extra headers
    # We remove Vary and user-agent headers that any backend app may set
    # If we don't do this, Varnish will cache a separate copy of the resource
    # for every different user-agent
    unset req.http.User-Agent;
    unset req.http.Vary;
 
    return (lookup);
  }


}
#####
#If something gets super popular, super cache it
sub vcl_hit {
        if (obj.hits == 500) {
                set obj.ttl = 3h;
        } elsif (obj.hits == 10000) {
                set obj.ttl = 2d;
        } elsif (obj.hits == 1000000) {
                set obj.ttl = 4w;
        }
}
#####
#shutdown backend connections so unprivileged users don’t get privileged content
sub vcl_pass { 
    set bereq.http.connection = "close";
    if (req.http.X-Forwarded-For) {
        set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
    }
    else {
        set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
    }
}
#####
#shutdown backend connections so unprivileged users don’t get privileged content
sub vcl_pipe { 
    set bereq.http.connection = "close";
    if (req.http.X-Forwarded-For) {
        set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
    }
    else {
        set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
    }
}

#####
sub vcl_fetch {
# Don't allow static files to set cookies. Cache static content for a long time
  if (req.url ~ "(?i)\.(bmp|png|gif|jpeg|jpg|doc|pdf|txt|ico|swf|css|js|html|htm)(\?[a-z0-9]+)?$") {
    unset beresp.http.set-cookie;
    # default in Drupal, you may comment out to apply for other cms as well
    set beresp.ttl = 2w;
  }
#Cache stuff you shouldn’t for a min, just bout everything else an hour
if (beresp.ttl < 1h) {
            if (beresp.http.Cache-Control ~ "(private|no-cache|no-store)") {
                set beresp.ttl = 60s;
            }
            else {
                set beresp.ttl = 1h;
}
}
 if (beresp.status == 301) {
    set beresp.ttl = 1h;
    return(deliver);
  }
  # Allow items to be stale if backend goes down. This means we keep around all objects for 6 hours beyond their TTL which is 2 minutes
  # So after 6h + 2 minutes each object is definitely removed from cache
  set beresp.grace = 6h;
 
  # If you need to explicitly set default TTL, do it below.
  # Otherwise, Varnish will set the default TTL by looking-up
  # the Cache-Control headers returned by the backend
  # set beresp.ttl = 6h;

  # if you have misbehaving sites (i.e Drupal6 or cookie-setters)
  # and you have forced Varnish to cache them in vcl_recv,
  # here you can instruct Varnish about their ttl, and
  # force Varnish to strip any cookies send from backend
  #if (req.http.host ~ "(?i)^(www.)?yourURL.com") {
  # unset beresp.http.set-cookie;
  # set beresp.http.Cache-Control = "public,max-age=602";
  # set beresp.ttl = 120s;
  #}

}

There's a lot here but the part you're most interest in is at the top. Varnish out of the box doesn't really do much, you really need to tune it to your needs. This works with wordpress, phpmyAdmin, roundcube, and joomla and gives me approx 50% hit rate. Down at the bottom you may notice that I set the cache time for php files to 1hr, that means it may take that long to see changes to to see a post appear on your main page though the post page is perfectly visible. It's a trade off, less time = fewer cache hits.  While on the varnish topic, if you have the RAM I highly recommend switching the path in /etc/sysconfig/varnish where it says DAEMON_OPTS where there's a path for where to keep cache files, switch it to: -s malloc,1G" This tells varnish to save cached content in memory and serve it from there. You can change the size from 1G to 256M, 4G, 1247M, etc whatever you need/can spare. Any changes to either of these files only take effect when you restart the service (service varnish restart).

In /usr/local/conf/httpd.conf
change your logging format to:
LogFormat "%{X-Forwarded-For}i %l %u %t %v \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
and make sure it says "combined" after your logging path:
CustomLog "/usr/local/apache/logs/access_log" combined
restart apache (service http restart) and viola! Logging with IPs through varnish. Still stuck on the error log that all looks like it's coming from my server.

Oh and as always make sure you back up your config files before modifying them!

65
Apache / Re: Website server logs / wordpress etc
« on: January 14, 2016, 04:29:47 AM »
By default CWP's apache web server logs access and errors to /usr/local/apache/logs/
If you're running varnish (or some other caching server) in front of apache then out of the box it will look like all the hits are coming from the server's IP unless you set up:
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip

sub vcl_recv section of default.vcl (for varnish anyways).

You can change what apache logs and where it writes them in  /usr/local/apache/conf/httpd.conf and you can also setup individual domain logging in the vhost configuration.

66
Postfix / Re: How do you remove DKIM and ClamD?
« on: January 13, 2016, 05:23:21 AM »
Well I finally figured it out so I figured I'd post it here in case anyone else just clicks the recommended check boxes and breaks everything.

yum remove opendkim
yum remove clamav

-- rebuild postfix from web panel --
/etc/init.d/saslauthd start
-- re/start amavis from panel --
W00t mail works again!

67
Postfix / How do you remove DKIM and ClamD?
« on: January 09, 2016, 08:42:41 PM »
I had to rebuild my postfix and followed the recommendations and it broke my mail service. Unchecking the boxes and rebuilding doesn't do anything and postfix still tries to use DKIM even if the service is stopped. While I suppose yum can uninstall both are there any postfix settings that would need to be changed?

68
CentOS 6 Problems / Re: Virtualhost lost control
« on: January 05, 2016, 11:04:20 PM »
/usr/local/apache/conf.d/vhosts.conf

You can also edit it from the CWP Panel under Apache -> Edit Apache vHosts

69
How to / Re: Disable root ssh?
« on: January 05, 2016, 05:59:24 PM »
edit /etc/ssh/sshd_config and add/change/uncomment the following line to:
PermitRootLogin no

70
Postfix / Re: Postfix Won't Start
« on: January 05, 2016, 03:03:23 AM »
Fixed! it was an issue with not enough open files allowed. Had to do the sysctl stuff here:

http://www.cyberciti.biz/faq/linux-increase-the-maximum-number-of-open-files/

and also this:

Edit the /etc/pam.d/system-auth, and add this entry:
session required /lib/security/$ISA/pam_limits.so



Still don't know what's eating up the RAM.

71
Information / Re: CentOS Configuration File Locations (CWP)
« on: January 05, 2016, 03:01:02 AM »
I figured it out. Had to read through the comments, this one fixed it:
Edit the /etc/pam.d/system-auth, and add this entry:
session required /lib/security/$ISA/pam_limits.so

72
Information / Re: CentOS Configuration File Locations (CWP)
« on: January 05, 2016, 02:44:17 AM »
How do you increase the number of open files a user (CWP or system)?  Editing /etc/security/limit.conf and /etc/sysctl.conf and then # sysctl -p doesn't do it.

73
Postfix / Postfix Won't Start
« on: January 04, 2016, 04:51:12 PM »
Or perhaps more accurately thinks it starts with an [ ok ] but dies right away. Maillot says:
Jan  4 11:30:53 localhost postfix/postfix-script[18726]: starting the Postfix mail system
Jan  4 11:30:53 localhost postfix/master[18727]: warning: could allocate space for only 100 open files
Jan  4 11:30:53 localhost postfix/master[18727]: warning: inet_addr_host: skipping address family 2: Too many open files
Jan  4 11:30:53 localhost postfix/master[18727]: fatal: /etc/postfix/master.cf: line 90: bad hostname or network address: 127.0.0.1:10025


A little back story. My server is using waaaaay too much RAM, 13.5GB not including cache and I don't think I have that much on the server including the OS and backups! (DF -h says I've got about 5GB on the drives total :o ) So I restarted cwpsrv, httpd, and postfix to see if one of them was hoarding memory for some dumb reason, that's when postfix got uncooperative. I have CWP  0.9.8.10, Apache 2.2.27, PHP 5.5.30, mysql 5.1.73 on a Xeon quad core 2.6ghz with 24gb of RAM. I'm running 2 wordpress sites, a joomla site, and a static site. I'm am running varnish from memory but that's only reporting about 160MB right now. A ps aux doesn't show who's hogging the RAM, clamd is the biggest pig at only 1.2%.

I've tried rebuilding postfix which didn't help I still get the same error message. I've tried changing it to my server's IP, localhost, and my server's hostname, all still threw the same error. I searched the error message and tried creating a /var/spool/postfix/etc/ with a few necessary files that the Gentoo forums recommend and it didn't help so I undid that "fix".

A bug I think I've found is that if you select anti spam, rDNS, DKIM, in the rebuild, then try and rebuild postfix again without them later, it won't let you even if you've unchecked the boxes.

My server is about a 2hr drive away and I have to work this afternoon so I was going to try and restart it tomorrow morning just in case I have to pay it a visit. In the mean time if anyone has any suggestions I'd appreciate it greatly.

74
Aplications / Re: How to install wordpress to linux server
« on: January 03, 2016, 07:36:34 PM »
You can auto start http by going to Services Cofig -> ChkConfig and make sure http is set to on for run levels 2 through 5.

Yes you often have to disable rules 1 by 1. I did this an wound up with the following mod_sec Disabled rules (works with Jetpack and W3 total Cache and some other plugins):

Code: [Select]
## Rules for the CWP ##
SecRuleRemoveById 910006
SecRuleRemoveById 950000
SecRuleRemoveById 950001
SecRuleRemoveById 950005
SecRuleRemoveById 950006
SecRuleRemoveById 950117
SecRuleRemoveById 950907
SecRuleRemoveById 958039
SecRuleRemoveById 958051
SecRuleRemoveById 958291
SecRuleRemoveById 959006
SecRuleRemoveById 959151
SecRuleRemoveById 960008
SecRuleRemoveById 960010
SecRuleRemoveById 960011
SecRuleRemoveById 960012
SecRuleRemoveById 960035
SecRuleRemoveById 960335
SecRuleRemoveById 960904
SecRuleRemoveById 960915
SecRuleRemoveById 970003
SecRuleRemoveById 970015
SecRuleRemoveById 970903
SecRuleRemoveById 973301
SecRuleRemoveById 973302
SecRuleRemoveById 973306
SecRuleRemoveById 973316
SecRuleRemoveById 973330
SecRuleRemoveById 973331
SecRuleRemoveById 973332
SecRuleRemoveById 973334
SecRuleRemoveById 973335
SecRuleRemoveById 973336
SecRuleRemoveById 973344
SecRuleRemoveById 973347
SecRuleRemoveById 981172
SecRuleRemoveById 981240
SecRuleRemoveById 981241
SecRuleRemoveById 981244
SecRuleRemoveById 981248
SecRuleRemoveById 981249
SecRuleRemoveById 981255
SecRuleRemoveById 981256
SecRuleRemoveById 981260
SecRuleRemoveById 981317
SecRuleRemoveById 981318
SecRuleRemoveById 981319
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
## Rules for the CWP ##
SecRuleRemoveById 960017
SecRuleRemoveById 960015
SecRuleRemoveById 960009
########################################
## Removed Rules for Joomla, WordPress and Drupal CMSs ## ########################################
## Joomla ##
SecRuleRemoveById 950120
SecRuleRemoveById 950901
SecRuleRemoveById 960024
SecRuleRemoveById 973300
SecRuleRemoveById 973304
SecRuleRemoveById 973333
SecRuleRemoveById 973338
SecRuleRemoveById 981173
SecRuleRemoveById 981245
SecRuleRemoveById 981257
## Wordpress ##
SecRuleRemoveById 950007
SecRuleRemoveById 950010
SecRuleRemoveById 950911
SecRuleRemoveById 958005
SecRuleRemoveById 958006
SecRuleRemoveById 958030
SecRuleRemoveById 958049
SecRuleRemoveById 958056
SecRuleRemoveById 958057
SecRuleRemoveById 959070
SecRuleRemoveById 959073
SecRuleRemoveById 960020
SecRuleRemoveById 973308
SecRuleRemoveById 973309
SecRuleRemoveById 973314
SecRuleRemoveById 973327
SecRuleRemoveById 959071
SecRuleRemoveById 959072
SecRuleRemoveById 981004
SecRuleRemoveById 981242
SecRuleRemoveById 981243
SecRuleRemoveById 981246
SecRuleRemoveById 981320
## Drupal ##
SecRuleRemoveById 981231
## Removed rules for the webftp_simple ##
SecRuleRemoveById 950109
SecRuleRemoveById 950922
SecRuleRemoveById 981000
## phpMyAdmin ##
SecRuleRemoveById 981205
SecRuleRemoveById 970901

75
Aplications / Re: How to install wordpress to linux server
« on: January 02, 2016, 05:28:49 PM »
are you running mod_security in apache?

Pages: 1 ... 3 4 [5] 6