Recent Posts
1
CentOS-WebPanel Bugs / Missing Sock file for end user
« Last post by henrycoule on Today at 08:42:04 PM »I noticed that some of my user accounts are unable to login to the control panel and when I looked at the logs I saw there is a missing sock file as shown here
[crit] 16544#0: *8 connect() to unix:/usr/local/cwp/php71/var/sockets/testuser.sock failed (2: No such file or directory) while connecting to upstream, client: #.#.#.#, server: localhost, request: "GET /testuser/ HTTP/1.1", upstream: "fastcgi://unix:/usr/local/cwp/php71/var/sockets/testuser.sock:", host: "srv.domain.com:2083"
All users logging to the control panel have a sock file created here /usr/local/cwp/php71/var/sockets/ but I realized my user with the issue doesn't have a sock file there. Initially, since it was a test user, I deleted and re-created the account and the sock file was created but after a while, it was gone again. Now it is happening to real users and they cannot log in to the control panel. They are getting errors like "502 Bad Gateway"
[crit] 16544#0: *8 connect() to unix:/usr/local/cwp/php71/var/sockets/testuser.sock failed (2: No such file or directory) while connecting to upstream, client: #.#.#.#, server: localhost, request: "GET /testuser/ HTTP/1.1", upstream: "fastcgi://unix:/usr/local/cwp/php71/var/sockets/testuser.sock:", host: "srv.domain.com:2083"
All users logging to the control panel have a sock file created here /usr/local/cwp/php71/var/sockets/ but I realized my user with the issue doesn't have a sock file there. Initially, since it was a test user, I deleted and re-created the account and the sock file was created but after a while, it was gone again. Now it is happening to real users and they cannot log in to the control panel. They are getting errors like "502 Bad Gateway"
2
Apache / Re: CustomLog bytes
« Last post by Darkroom on Today at 07:02:14 PM »I think they intend to add the feature of logging bytes in/out for individual domains for http/https at some point. This does require mod_logio which isn't enabled by default right now. At the moment it just fills a log file with the word "bytes." It's been the better part of a year they should either complete the feature or comment out the CustomLog. No sense in making garbage files that grow.
3
E-Mail / Re: Security level low, need fix some configurations.
« Last post by peopleinside on Today at 05:16:09 PM »Seems no staff reply and support here.
I opened a ticket (also if I'm not currently a paid user) and received what i think is wrong replies where was told to me there are no security issues just compatibility configuration. Not need to edit postfix but only dovecot, etc.
You cannot fix security issue on port 465 and 993 by editing only dovecot.
On in /etc/postfix edit main.cf you need to add:
Need now generate the file /etc/postfix/dh2048.pem
Execute as root (prime group generation can take a few seconds to a few minutes):
For fix issue on port 993:
Have to disable TLS 1.0 /etc/dovecot/dovecot.conf
Than restart dovecot and postfix
I opened a ticket (also if I'm not currently a paid user) and received what i think is wrong replies where was told to me there are no security issues just compatibility configuration. Not need to edit postfix but only dovecot, etc.
You cannot fix security issue on port 465 and 993 by editing only dovecot.
On in /etc/postfix edit main.cf you need to add:
Code: [Select]
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
#smtpd_tls_cert_file = /etc/pki/tls/certs/centospanel-peopleinside.it.crt
#smtpd_tls_key_file = /etc/pki/tls/private/centospanel-peopleinside.it.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
smtpd_tls_eecdh_grade = strongNeed now generate the file /etc/postfix/dh2048.pem
Execute as root (prime group generation can take a few seconds to a few minutes):
Code: [Select]
# cd /etc/postfix
# umask 022
# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
# chmod 644 dh512.pem dh1024.pem dh2048.pemFor fix issue on port 993:
Have to disable TLS 1.0 /etc/dovecot/dovecot.conf
Code: [Select]
ssl_protocols = !SSLv2 !SSLv3 !TLSv1
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048Than restart dovecot and postfix
4
Information / Re: Ip change
« Last post by Martins-phpbb on Today at 05:09:19 PM »i set new ip but nothing went so ran this from another topic sh /scripts/update_cwp that did the job back on pro.
5
Information / Re: Plans to support CentOS 8?
« Last post by x1705 on Today at 04:30:56 PM »We should hear more from cwp when?
when Centos 9 is relased..
lol
X
when Centos 9 is relased..
lol
X
6
Information / Re: How to Submit CWP-Pro version Support Tickets
« Last post by x1705 on Today at 04:29:15 PM »always been there..
but, as far as cwp 'support' goes..
you'd be better off snail mailing a "Self-addressed" Stamped Envelope..
you might actually get a responce in a timely manner..
lol
Cheers.
X
but, as far as cwp 'support' goes..
you'd be better off snail mailing a "Self-addressed" Stamped Envelope..
you might actually get a responce in a timely manner..
lolCheers.
X
7
Information / Re: Ip change
« Last post by x1705 on Today at 04:26:59 PM »should be pretty instantaneous.. i think..
you might want to do it again, and then run
$ sh /scripts/update_cwp
see what/if it helps..
good luck.
X
you might want to do it again, and then run
$ sh /scripts/update_cwp
see what/if it helps..
good luck.
X
8
Information / Re: This forum no https
« Last post by x1705 on Today at 04:25:19 PM »+1
i often wonder if we will wake up one morning and there will be no 'cwp'.. website or server...
lol?
hmm.. kind of serious though..
:/
Cheers
X
i often wonder if we will wake up one morning and there will be no 'cwp'.. website or server...
lol?
hmm.. kind of serious though..
:/
Cheers
X
9
CentOS-WebPanel GUI / Re: Ioncube encryption is a DEAL-BREAKER
« Last post by ejsolutions on Today at 03:49:12 PM »A good while back, I suggested that ioncube be dropped for all but a few core files. Make it more open to modification/inspection whilst retaining control for CWP. I'm sure then, the community would find quick fixes for any bugs, reducing the burden on the developer(s).
Silence... as normal.
Silence... as normal.
10
Information / Ip change
« Last post by Martins-phpbb on Today at 03:26:04 PM »I'm a pro user but my ip has changed first time in 3 years i have set a new ip on this page https://support.centos-webpanel.com/clientarea.php?action=productdetails&id=17856 how long does it take to take my new ip ?