Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kbro

Pages: [1]
1
CentOS 9 Problems / Re: Recommended for fresh install
« on: February 26, 2024, 07:16:59 AM »
What’s the Hive Mind’s feeling about Alma 8 vs Rocky 8?  I’m minded to go for Rocky because (a) it was set up by the cut who created CentOS and (b) its binary compatible with RHEL while Alma is only ABI compatible.

2
How to / Re: How to change database size quota?
« on: October 22, 2023, 08:12:49 PM »
The answer appears to be "Have patience, young padawan."  I went back to the user account dashboard page a few hours later and refreshed it.  Hey, presto!  All the low-level quotas (quoti?) were showing 5.0 GB, which is what I'd changed the default package limit to.

3
How to / How to change database size quota?
« on: October 22, 2023, 09:24:28 AM »
In the dashboard for a user account the "Disk Space Usage" section in the navigation panel on the left shows an overall "Usage" figure and then separate amounts for "Home directory", "Email Accounts", "Databases" and Backup".

I wanted to give the user more database space so I logged in as admin, went to Packages, edited the user's package (which happens to be "default"), updated "Disk Quota MB", ticked "Update Quota" and clicked the update button.

Going back to the user's dashboard, and refreshing the page, the "Disk Space Usage" section now shows the increased quota in the umbrella figure, but the individual items are still reporting the original amount.  How do I increase these lower-level quotas?

Many thanks

4
Installation / CentOS migration plan for 2024?
« on: March 05, 2023, 12:11:47 AM »
I'm currently running CWP Pro on CentOS 7 as recommended by https://control-webpanel.com/installation-instructions#step2.  I'm going to be building a new server later this year with a go-live date of April 2024, so what OS can I expect to be using then?  CentOS 7 goes EOL at the end of June 2024 and CentOS 8 Stream expires a month before that.

I'd be tempted to go for Rocky 8 which EOLs at the end of May 2029 but the installation guide says "Compatible but with possible issues, Recommended is to use CentOS 8 Stream or CentOS 7".  Same caveat for Alma 8 and Oracle 8.  Thanks.

5
Yeah, I know how DMZ works. All servers not hosted on local home routers (i.e. Blue Host), they are running on the same "DMZ" principle. So, saying that DMZ is dangerous is only true if you don't know what you are doing. A linux server's firewall should not be buggy or "not present" if configured correctly.
The use of a DMZ isn't dangerous, the practice of passing unfiltered traffic to a server when it isn't needed is dangerous.  Even if you've configured the server firewall perfectly, you're still wasting CPU cycles and internal network bandwidth carrying and processing all those probes and attack attempts from all the hackers across the face of the planet.  If you get your broadband/edge router to filter that stuff out by using selective port forwarding then everything inside your network will run a whole lot more smoothly.

But, you have a point regarding port forwarding other ports to other IP addresses. I've thought of this point while writing my previous post, but I thought it to be irrelevant since I understood from your first post that you were using a simple home router, but it seems like you have yourself a custom router/firewall setup. Are you running everything with just one public IP address?
Yes, I only have a single public IP address with my business broadband package so I have to multiplex services based on port.  Originally I just had the CWP server and, as you suggested, it was set as the DMZ host in my router.  But then I got a bit more sophisticated/paranoid and switched to using port forwarding from a security point of view.  And in the iteration I'm currently working on I'm hanging a second router off the broadband router, set as the DMZ host.  The reason for changing the CWP server IP address is that I wanted to plug it into the new DMZ router, requiring a change in the LAN subnet, and that's where you were so helpful!  This will give me a double-NAT on the way to the server, but it can't be helped as I can't switch the broadband router to Modem Mode - my public IP address is at the other end of a proprietary GRE tunnel and the broadband router is the only thing that knows how to talk to the PoP server, which it won't do if it's running as a dumb modem.  Pity.

In regards to Auto DHCP; That's not true. I said that if you tell your router to manually assign a specific IP address (which in your case is 192.168.1.202) to your server and lock it, then the router wont have a whim to change it. I'm afraid with your way, the router may try to assign a new IP address to the server when the Lease Time has expired, but the server won't accept it because you told the server to not use anything else.
Yes, you're right.  I misunderstood what you meant by "auto".  You could certainly set the server to accept an IP from the router using DHCP, then use Address Reservation in the router to tie a fixed IP address to the server's MAC address.  That wouldn't help with the CWP configuration, though - you'd still need to go into the CWP Settings screen, change the IP and rebuild the vhost files.

My configuration is fine, though - I don't use DHCP, just a fixed address in the /etc/sysconfig/network-scripts/ifcfg-p7p1 file, so there is no lease to expire and no danger that the router will attempt to override my static assignment.

Thanks again for your help - my network is now much better because of you.

6
Hi @iraqiboy90, many thanks for the pointer - the Navigation > CWP Settings > Edit Settings page was the place I needed to be - not sure how I missed it as it's at the very top of the list after Dashboard!

It wasn't entirely straightforward to correct the vhost configurations.  The "NAT Local IP" setting was already showing 192.168.1.202 (I guess it picked it up from the "ifconfig" info for the active ethernet port) so rebuilding the web server configs still had no effect.  In the end I unticked "Activate NAT-ed network configuration", rebuilt the config files (so they now had my external public IP address), then re-ticked the box and rebuilt the configs again.  This time they had the correct IP address - 192.168.1.202.  Many thanks!!

To answer you're question about using Port Forwarding instead of DMZ, the latter is essentially a NAT rule that redirects ALL incoming requests arriving at the public interface of your broadband router (other than the ones explicitly Port-Forwarded) to a nominated server on your LAN, so really it's a massive catch-all Port-Forward rule.  It's dangerous to redirect all external requests to a server because that leaves it wide open to attack from outside, protected only by its own internal firewalls rules, which might be buggy or not present at all.  It's much safer to forward just the requests you're expecting the server to receive as there's less scope for surprises.  Furthermore, selective redirection means you can redirect other traffic to other servers on your LAN - for example, you could have separate machines running email, video conferencing, etc.  The DMZ setting is only really safe to use when you point it at a dedicated firewall/router, which it how my own LAN is set up.

As for setting the server to auto-DHCP its address from the router, this is a very bad idea.  It means your server could be allocated a new IP address at the whim of the router, moving it away from the DMZ or Port-Forward address configured in your router and totally breaking your CWP's ability to receive incoming requests.  No, you must fix the local address in the server configuration and use that fixed address in your router's Port-Forward settings (and not the DMZ settings because that's unsafe).

7
My server is currently 192.168.0.202 on my LAN, with my gateway router doing a bunch of port forwards to map my public IP address to the private one.  This has been working very happily for years.  But now I want to move the server to a different LAN segment and give it address 192.168.1.202, so I edited /etc/sysconfig/network-scripts/ifcfg-p7p1, changed the IPADDR and GATEWAY settings and did ifdown p7p1; ifup p7p1.  All good, I could ssh to the server on the new address and access the CWP console through https://192.168.1.202:2031.  BUT ... none of my hosted domain web servers were accessible.

Digging around in the Dashboard, I went to the Navigation panel on the left and selected Webserver Settings > Webservers Conf Editor and selected /usr/local/apache/conf.d/vhosts and had a look at a few.  The all began "<VirtualHost 192.168.0.202:80>" (okay, the HTTPS ones had port 443).

Digging some more, Webserver Settings > Webservers Template Editor > Httpd has default.tpl and default.stpl which begin "<VirtualHost %ip%:%apache_port%>".  This looked promising - the IP address was picked up from a template generator variable.

Going into Webserver Settings > Webservers Main Conf, at the bottom of the page is a checkbox "Rebuild all vhosts on save" so I checked that and clicked Save Changes.  The timestamp on all my vhost config files changed so I guess something happened, but they still contained the old address.

Going back to the Dashboard, the CWP Info panel shows "Your IP: 192.168.1.202" so it definitely knows what the address is.

So what do I need to do to change the address properly and get CWP to autogenerate the vhost config files with the new address?  And are there other files that I didn't find?

Thanks for your help

8
I'm using CWPpro version 0.9.8.312 pretty much out of the box.  I installed the regular version on a VPS last week the paid for the Pro update, and this is what I got.

The problem I had is that cgi-bin scripts weren't working on any of my hosted domains.  I checked the vhosts.conf and the ScriptAlias directives were there (okay, the path was missing a closing quote but that didn't matter and anyway has already been reported), but I kept getting the contents of my script files served rather than the output from executing them.

After entirely too long reading around about the ScriptAlias directive I thought to check for mod_cgi, and it wasn't loaded.  The fix was to edit httpd.conf and uncomment
Code: [Select]
LoadModule cgid_module modules/mod_cgid.so
After restarting the Apache server, CGI scripts started to work.

9
DNS / Re: How to Setup DNS (BIND) on server
« on: April 20, 2017, 08:11:53 AM »
I think I've set up DNS correctly, but when I go to the registrar for my hosted domain broadey.co.uk I get an unhelpful message "error setting nameservers" when I try to set them to ns1.breit.co.uk and ns2.breit.co.uk (breit.co.uk is my CWP hosting domain name, which is on a PlanetHippo.co.uk VPS) at the registrar for that domain (which is 123-reg.co.uk).

If I do "nslookup broadey.co.uk ns1.breit.co.uk" then I get the right answer, so I must be doing something right.

The tutorials and other info are really poor.  The examples talk about setting your CWP nameservers to "n1.centos-webpanel.com" but that seems plain wrong - surely you need to be using the domain name of your CWP host (which in my case is webpanel.breit.co.uk, though I've added A records for ns1 and ns2 at the registrar for that domain).

I used CWP -> DNS Functions -> Edit Nameservers IPs to set them to ns1.breit.co.uk and ns2.breit.co.uk using the public IP address of my VPS.  In CWP -> DNS Function -> List DNS Zones this gives me zones for ns1.breit.co.uk and ns2.breit.co.uk.

I then created an account for broadey.co.uk.  This gives me a zone file broadey.co.uk.db containing
Code: [Select]
broadey.co.uk.      86400      IN      NS      ns1.breit.co.uk.
broadey.co.uk.      86400      IN      NS      ns2.breit.co.uk.
but in line with the instructions in this post I added
Code: [Select]
ns1     14400   IN      A       78.129.139.89
ns2     14400   IN      A       78.129.139.89
and restarted BIND.  None of this has helped.  I still can't set ns1.breit.co.uk as the nameserver for broadey.co.uk at the registrar 123-reg.co.uk.  What is it that the registrar is looking for that I am failing to provide?

10
Yes, setting the nameservers is easy, but what should I set it TO?  The default in my config is
Code: [Select]
ns1.centos-webpanel.com, ns2.centos-webpanel.com which matches what's in http://wiki.centos-webpanel.com/how-to-setup-name-servers, but are they the RIGHT values?  If I'm hosting domains then presumably I need to point to DNS servers that I can update, so can I update these?

11
Installation / Re: How to set up SSL for admin dashboard?
« on: April 18, 2017, 02:25:26 PM »
Okay, so now I feel quite foolish - I re-ran the installer (my first attempt had been on a virtual machine in case anything went wrong) and right at the end it says
Quote
go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/

http://aa.bb.cc.dd:2030
SSL: https://aa.bb.cc.dd:2031
right before it says
Quote
Press ENTER for server reboot!
The first installer paused for a while so I hit RETURN a few times to check whether the terminal was still alive.  It's obvious now that these keypresses were queued until the installer script got to the end, at which point the server rebooted immediately and cleared the screen before I saw this vital information!  Good job it was on a test machine.

12
Installation / How to set up SSL for admin dashboard?
« on: April 18, 2017, 03:59:53 AM »
I've just installed Web Panel for the very first time - very straightforward, thanks!  I'm bothered that the admin dashboard is at http://my-server:2030/ - I'd like it to be https://my-server:2030/ instead.  Obviously I need to acquire and install an SSL certificate, but the only instructions I can find about that appear to relate to the hosted sites, not the dashboard itself.  Can someone please point a total noob in the right direction?  Thanks.

Pages: [1]