Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - thenob

Pages: [1] 2
1
SSL / AutoSSL is a mess
« on: February 14, 2021, 12:00:36 PM »
* 1 Automatic SSL generation is ignored.
On Webserver Settings, Configure. I have "Automatic SSL generation, Active" _not_ checked.
However after installing a new domain, I received an email "Hello, the domains name below have an SSL certificate which was been created automatically". And indeed the new domain has got an Lets-Encrypt certificate (I don't want this an EV-certificate is in setup)

* 2 When the certficate of the host (/etc/pki/tls/certs/hostname.bundle) has been renewed, there is no restart of Dovecot so dovecot will stil use the old certificate.

* 3 If you use the host certificate for pureFTP (/etc/pki/tls/private/hostname.pem) you must build this file yourself: cat /etc/pki/tls/private/hostname.key /etc/pki/tls/certs/hostname.bundle > /etc/pki/tls/private/hostname.pem, and restart pure-ftpd.

* 4 If a zone has no A-record, CWP cannot renew the zone with www

* 5 CAA-records in DNS seemed to be ignored by CWP, resulting in acme-errors.

2
Updates / Re: Up to date changelog
« on: January 29, 2021, 08:21:36 AM »
I had the same experience, and finaly give up.

My advise is: don't try to fix something yourself, or make changes.
We put 2FA on our systems, have DNS-config on a seperate server, point php open_basedir to the users public path and I stripped the graph on the userpanel of projected traffic.
But after every update most off my changes where overriden or something else didn't work at all.
Right now we see that certificates are being created allthought "Automatic SSL generation" is off!

I've also tried to fix things myself but with encoded php-files it's hard to do.
Then I submitted broken items into the bug-system but this wasn't working as well.

So I ended up with a big cheat-file, and a cron on another server that checks if some things still work.

We had 10 Cpanel-servers, and after migration of the first 2 to CWP, we migrated the others to DirectAdmin (which works much better)

3
CentOS 7 Problems / Re: Apache not working
« on: November 27, 2020, 08:07:49 PM »
correction removing httpd did also removed my init-scripts.
This worked for me:
Code: [Select]
rpm -e httpd --nodeps --justdb
rpm -e httpd-tools --nodeps --justdb
yum reinstall cwp-httpd

4
CentOS 7 Problems / Re: PHP-FPM error
« on: November 27, 2020, 08:06:43 PM »
correction removing httpd did also removed my init-scripts.
This worked for me:
Code: [Select]
rpm -e httpd --nodeps --justdb
rpm -e httpd-tools --nodeps --justdb
yum reinstall cwp-httpd

5
CentOS-WebPanel GUI / Re: phpmyadmin auto login from client login
« on: September 28, 2020, 10:41:17 AM »
I've done some digging. It works only from our office (the only IP who can access port 2087)

This is the thing:
Link in user-CWP-panel: https://OURSERVERNAME:2083/cwp_258eec67f46c2275/USER/?module=pma
get redirected to https://OURSERVERNAME:2087/pma/index.php?token=67beb4cb5cded3e4b972266ac47b5bca

I want to change the redirect to this URL (works with me)
https://OURSERVERNAME/pma/index.php?token=67beb4cb5cded3e4b972266ac47b5bca

If someone can tell me where this redirect is set...

6
PHP / php-fpm not created
« on: May 31, 2020, 02:17:27 PM »
Last night we had a problem, all our http-sites where out.
In the logs:
May 31 03:27:18 web16 systemd: Stopping CentOS Web Panel service (daemon)...
May 31 03:27:18 web16 systemd: Stopped CentOS Web Panel service (daemon).
May 31 03:27:18 web16 systemd: Starting CentOS Web Panel service (daemon)...
May 31 03:27:18 web16 cwpsrv: cwpsrv: [warn] he "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/cwpsrv/conf.d/api.conf:8
May 31 03:27:18 web16 cwpsrv: cwpsrv:the configuration file /usr/local/cwpsrv/conf/cwpsrv.conf syntax is ok
May 31 03:27:18 web16 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test is successful
May 31 03:27:18 web16 cwpsrv: cwpsrv: [warn] he "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/cwpsrv/conf.d/api.conf:8
May 31 03:27:19 web16 systemd: Started CentOS Web Panel service (daemon).
May 31 03:27:19 web16 systemd: Stopping Web server Apache...
May 31 03:27:32 web16 systemd: Stopped Web server Apache.
May 31 03:27:32 web16 systemd: Starting Web server Apache...
May 31 03:27:33 web16 systemd: Started Web server Apache.
May 31 03:27:33 web16 systemd: Reloading Web server Apache.
May 31 03:27:33 web16 apachectl: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
May 31 03:27:33 web16 apachectl: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
May 31 03:27:33 web16 apachectl: no listening sockets available, shutting down
May 31 03:27:33 web16 apachectl: AH00015: Unable to open logs
May 31 03:27:33 web16 apachectl: httpd not running, trying to start
May 31 03:27:33 web16 systemd: httpd.service: control process exited, code=exited status=1
May 31 03:27:33 web16 systemd: Reload failed for Web server Apache.
May 31 03:27:33 web16 systemd: Reloading.
May 31 03:27:34 web16 systemd: Reloading Web server Apache.
May 31 03:27:34 web16 systemd: Reloaded Web server Apache.


We also stumbled on another problem:
May 30 01:08:01 web16 systemd: Reloading The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Can't open PID file /opt/alt/php-fpm72/usr/var/run/php-fpm.pid (yet?) after reload: No such file or directory
May 30 01:08:01 web16 systemd: Reloaded The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Reloading The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Can't open PID file /opt/alt/php-fpm73/usr/var/run/php-fpm.pid (yet?) after reload: No such file or directory
May 30 01:08:01 web16 systemd: Reloaded The PHP FastCGI Process Manager.


This lost one is because the defaulf pid in php-fpm is "none", and it is not configured in the php-fpm config,
however there's an pid configured in the systemd-service.

Fixed it by adding 2 config-files
/opt/alt/php-fpm72/usr/etc/php-fpm.d/global.conf:
[global]
pid = /opt/alt/php-fpm72/usr/var/run/php-fpm.pid


/opt/alt/php-fpm73/usr/etc/php-fpm.d/global.conf:
[global]
pid = /opt/alt/php-fpm73/usr/var/run/php-fpm.pid



@CWP: please fix this in your configuration

7
CentOS-WebPanel GUI / Re: Stuck on email account creation
« on: May 23, 2020, 12:59:36 PM »
I can confirm this.

Error_log

Code: [Select]
PHP message: PHP Fatal error:  Uncaught ArgumentCountError: Too few arguments to function EmailManager::listaccounts(), 0 passed in /usr/local/cwpsrv/var/services/user_files/modules/email_accounts/index.php on line 0 and exactly 1 expected in /usr/local/cwpsrv/var/services/user_files/modules/email_accounts/index.php:0
Stack trace:
#0 /usr/local/cwpsrv/var/services/user_files/modules/email_accounts/index.php(0): EmailManager->listaccounts()
#1 /usr/local/cwpsrv/var/services/user_files/modules/email_accounts/index.php(0): EmailManager->addEmailAccount()
#2 /usr/local/cwpsrv/var/services/user_files/modules/email_accounts.php(0): EmailManager->router()
#3 /usr/local/cwpsrv/var/services/users/index.php(0): unknown()
#4 {main}
  thrown in /usr/local/cwpsrv/var/services/user_files/modules/email_accounts/index.php on line 0" while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: localhost, request: "POST /cwp_be367d128c2eeff6/srv120/srv120/index.php?module=email_accounts&acc=addemail HTTP/1.1", upstream: "fastcgi://unix:/usr/local/cwp/php71/var/sockets/srv120.sock:", host: "xxx.net:2083", referrer: "https://xxx.net:2083/cwp_be367d128c2eeff6/srv120/?module=email_accounts"

8
Updates / Re: CWPpro version: 0.9.8.928
« on: May 18, 2020, 01:40:32 PM »
Agreed with Ibanez.

I'm new on CWP (coming from CPanel), and had 3 outages in 1 month.
2 times from 2FA-plugin (which is really needed for some customers) and 1 time because of our own theme.

Maybe disable the practice of plugins/own-themes all together. If you only notice something has changed when users start complaining, then it's to late.

9
Apache / Re: Apache Ultimate Bad Bot Blocker for CWP and CWP PRO !
« on: May 15, 2020, 02:37:39 PM »
Quote
Can you explain why this is any better than CSF blocking via modsecurity rules?

I'm not telling it's better, but off all the solutions it's surely one off the most simple to use.
Add the frequent updates and its light CPU/MEM-foot makes it a good tool for me.

On other (non-CWP) servers we use our own IP-blocks, Fail2ban and for all ngix proxy-servers we use Rate Limiting.
Keeping track of the bots that come and go is impossible to do.
On the server where I installed this blocker the Comodo WAF modsec-rules where active. However the load of the server simply dropped by half after installing this blocker.

Here's a real nice blog about this topic:
https://blog.sqreen.com/detect-block-bad-bots/

10
Apache / Re: Apache Ultimate Bad Bot Blocker for CWP and CWP PRO !
« on: May 14, 2020, 03:13:33 PM »
I've got this working on CWP

WARNING: this works ONLY on Apache-2.4, not if you have Nginx (as a proxy)

mkdir /usr/local/apache/custom.d/badbot
wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/globalblacklist.conf -O /usr/local/apache/custom.d/globalblacklist.conf
wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/blacklist-ips.conf -O /usr/local/apache/custom.d/blacklist-ips.conf
wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/bad-referrer-words.conf -O /usr/local/apache/custom.d/bad-referrer-words.conf
wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/blacklist-user-agents.conf -O /usr/local/apache/custom.d/blacklist-user-agents.conf
hostname|sed 's/\-/\\-/g'|sed 's/\./\\./g'|sed 's/$/ good_ref/'|sed 's/^/SetEnvIfNoCase Referer ~*/' > /usr/local/apache/custom.d/whitelist-domains.conf
for i in /usr/local/apache/conf.d/vhosts/*conf; do echo $i|sed '/\.ssl\.conf/d'|sed 's/\/usr\/local\/apache\/conf.d\/vhosts\//SetEnvIfNoCase Referer ~*/'|sed 's/\.conf$/ good_ref/'|sed 's/\-/\\-/g'|sed 's/\./\\./g' >> /usr/local/apache/custom.d/whitelist-domains.conf; done

/scripts/list_users|awk '{print $3}'|uniq|grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}"|sed 's/^/Require ip /' > /usr/local/apache/custom.d/whitelist-ips.conf

When this is done you have to add the following lines to the bottom of /usr/local/apache/conf/httpd.conf.
You can edit the file directly or in your Panel (WebServers Conf Editor)
Important: this have to be at the bottom, AFTER all the virtualhosts are loaded.


<Location "/">
    AuthMerging And
    Include custom.d/globalblacklist.conf
</Location>


Then restart apache, and check the httpd-logs
I've made a cron-file you can download here: https://www.webservice.be/update-apacheblocker.sh
CAVEAT: after adding a domain you must run the cron-file.
Don't know if theres a way you can do this auto in CWP, so run the script at least once a day.
Or create a cron that checks if something in usr/local/apache/conf.d/vhosts is changed.

11
CentOS-WebPanel Bugs / Default theme/language not respected
« on: May 08, 2020, 01:14:03 PM »
When the file ~/.conf/cwp.ini does not exist (pe if you restore from a Cpanel account), there is a file created:
LANG="en"
    THEME="original"

... even if your default-theme and default-language is set to another one.


12
CentOS-WebPanel Bugs / Resellers cant jump to their sub-account
« on: May 08, 2020, 10:30:15 AM »
In the gui click on Reseller Manage, tab Accounts.
There is a link "Autologin User".

On hovering you'll see the correct link (https://<servername>:2083/cwp_....
But when you click on it, you end up at https://<IP-addres server>:2083/login.
This gives an SSL-error and you cant login.

I also see in the source see this:
form id="autologinuser" name="autologinuser" action="https://79.137.25.231:2083/pepe/" method="post"
Does this mean this autologin goes through your servers?
So you can see the users? and you can't login if your server is down?


13
CentOS-WebPanel Bugs / cron_autossl_all_domains.php gives error
« on: May 08, 2020, 10:23:55 AM »
Output of
/usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_all_domains.php:

Generating RSA private key, 2048 bit long modulus
.+++
...................................+++
e is 65537 (0x10001)
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
Generating RSA private key, 2048 bit long modulus
......+++
................................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...........................................+++
..............+++
e is 65537 (0x10001)
sh: postmap: command not found
sh: service: command not found
sh: service: command not found
sh: service: command not found
CREATION FAILEDS: 0
CREATEDS: 6
RENEWAL FAILEDS: 0
RENEWEDS: 0

14
CentOS-WebPanel Bugs / Set redirect in user GUI doesn't always work
« on: May 08, 2020, 10:21:57 AM »
If you make a rewrite, and there's already a .htaccess-file available,
the rewrite-rules are appended.
They should be inserted at the top because otherwise is will problably not work.

Most existing .htaccess-files are used to rewrite URL's (p.e. Wordpress)

15
CentOS-WebPanel Bugs / Redirects are stick in GUI
« on: May 08, 2020, 10:20:07 AM »
When a user adds a redirect in the GUI, and afterwards deletes the domain or point the domain to another subfolder,
the redirect stays visible in the GUI and you can't delete it

Pages: [1] 2