Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - vradova

Pages: [1]
1
CentOS Configuration / Re: monit alert -- Upload bytes exceeded public
« on: February 12, 2024, 08:41:20 AM »
Hi!

Do you figure out why you get this error?

Thanks!

2
CSF Firewall / CSF would not block custom port for SSH
« on: May 21, 2023, 08:19:27 PM »
Hello!

When I create a new server I changed my SSH port from 22 to another one. I have added that port to the list -> Allow incoming TCP ports and that worked OK.

Later today, I try to configure CSF to get access to this port for only two countries and make the change in CSF. When I try to test, that does not work. Then I decided to check and remove my custom SSH port from the list -> Allow incoming TCP ports. I did that, restart CSF, firewall... But that custom port was and is opened even though it was not on the list in ->  Allow incoming TCP ports.

What could be the problem?

I have 3 more servers with CWP Pro and all of them have the same problem...

If someone has the same issue please advice.

Thanks, Vlade.!

3
Varnish / Re: Drupal VCL tpl file for Varnish
« on: January 09, 2023, 09:34:52 PM »
You are welcome!

Vlade.

4
CentOS-WebPanel Bugs / Re: CPU 100% clamd
« on: January 06, 2022, 09:47:28 AM »
I have faced the same issue yesterday with my server...

My server details:

CPU Model: Intel Xeon Processor (Skylake, IBRS)
CPU Details: 1 Core (2100 MHz)
Distro Name: CentOS Linux release 7.9.2009 (Core)
Kernel Version: 3.10.0-1160.49.1.el7.x86_64
Memory: 2GB

The only solution that made my server go back again and work normally with ClamAV and AmAvis up and running was to create a swap image. I add a 4GB swap image and after a server reboot, both ClamAV and AmAvis started normally and did not take CPU time abnormally.

Here is a tutorial on how to create a swap image on Centos 7 CWP -> https://www.mysterydata.com/create-and-add-swap-on-linux-os-cwp-centos-webpanel-and-vesta-cp/

The main problem that I have faced is that AmAvis could not find a socket and connect to ClamAV. This is an error I found in maillog: "host amavis[1975]: (01975-01) (!)connect to /run/clamd.amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /run/clamd.amavisd/clamd.sock: No such file or directory"

The clamd.sock file was not created after restarting ClamAV service or server reboot. After swap image creating and activating, that file was created automatically when I start the ClamAV service.

Hope that this would help someone with the same issue.

5
Varnish / Re: Drupal VCL tpl file for Varnish
« on: December 09, 2021, 10:58:02 AM »
I found an issue with webmail access, so I did a change on the vcl template.

Here it is.
Code: [Select]
backend %backend_domain% {
.host = "%proxy_ip%";
.port = "%proxy_port%";
}

sub vcl_recv {
if (req.http.host ~ "%domain%") {
set req.backend_hint = %backend_domain%;

# Do not cache these paths.
if (req.url ~ "^/status\.php$" ||
req.url ~ "^/update\.php" ||
req.url ~ "^/install\.php" ||
req.url ~ "^/apc\.php$" ||
req.url ~ "^/admin" ||
req.url ~ "^/admin/.*$" ||
req.url ~ "^/user" ||
req.url ~ "^/user/.*$" ||
req.url ~ "^/users/.*$" ||
req.url ~ "^/info/.*$" ||
req.url ~ "^/flag/.*$" ||
req.url ~ "^.*/ajax/.*$" ||
req.url ~ "^.*/ahah/.*$" ||
req.url ~ "^/system/files/.*$" ||
# roundcube issue
req.url ~ "^.*/webmail/.*$") {

return (pass);
}

# Always cache the following file types for all users. This list of extensions
# appears twice, once here and again in vcl_backend_response so make sure you edit both
# and keep them equal.
if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") {
unset req.http.Cookie;
}

# Remove any Google Analytics based cookies
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");

# Remove all cookies that Drupal doesn't need to know about. We explicitly
# list the ones that Drupal does need, the SESS and NO_CACHE. If, after
# running this code we find that either of these two cookies remains, we
# will pass as the page cannot be cached.
if (req.http.Cookie) {
# 1. Append a semi-colon to the front of the cookie string.
# 2. Remove all spaces that appear after semi-colons.
# 3. Match the cookies we want to keep, adding the space we removed
#    previously back. (\1) is first matching group in the regsuball.
# 4. Remove all other cookies, identifying them by the fact that they have
#    no space after the preceding semi-colon.
# 5. Remove all spaces and semi-colons from the beginning and end of the
#    cookie string.
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");

if (req.http.Cookie == "") {
# If there are no remaining cookies, remove the cookie header. If there
# aren't any cookie headers, Varnish's default behavior will be to cache
# the page.
unset req.http.Cookie;
}
else {
# If there is any cookies left (a session or NO_CACHE cookie), do not
# cache the page. Pass it on to Apache directly.
return (pass);
}
}

# Do not cache AJAX requests.
if (req.http.X-Requested-With == "XMLHttpRequest") {
return(pass);
}

# Post requests will not be cached
if (req.http.Authorization || req.method == "POST") {
return (pass);
}
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}

# Do not cache Authorized requests.
if (req.http.Authorization) {
return(pass);
}

# LetsEncrypt Certbot passthrough
if (req.url ~ "^/\.well-known/acme-challenge/") {
return (pass);
}

if (req.url ~ "^/\.well-known/pki-validation/") {
return (pass);
}

# Forward client's IP to the backend
if (req.restarts == 0) {
if (req.http.X-Real-IP) {
set req.http.X-Forwarded-For = req.http.X-Real-IP;
} else if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}

return (hash);
}
}

6
Varnish / Drupal VCL tpl file for Varnish
« on: December 08, 2021, 10:26:13 AM »
Hello!

If someone needs a Drupal Varnish VCL template here it is. I have been testing and it is working fine on my Drupal 7 and Drupal 9 installations.

Of course, I use CWP 7 and the Nginx+Varnish+Apache version of the webserver.

Code: [Select]
backend %backend_domain% {
.host = "%proxy_ip%";
.port = "%proxy_port%";
}

sub vcl_recv {
if (req.http.host ~ "%domain%") {
set req.backend_hint = %backend_domain%;

# Do not cache these paths.
if (req.url ~ "^/status\.php$" ||
req.url ~ "^/update\.php" ||
req.url ~ "^/install\.php" ||
req.url ~ "^/apc\.php$" ||
req.url ~ "^/admin" ||
req.url ~ "^/admin/.*$" ||
req.url ~ "^/user" ||
req.url ~ "^/user/.*$" ||
req.url ~ "^/users/.*$" ||
req.url ~ "^/info/.*$" ||
req.url ~ "^/flag/.*$" ||
req.url ~ "^.*/ajax/.*$" ||
req.url ~ "^.*/ahah/.*$" ||
req.url ~ "^/system/files/.*$") {

return (pass);
}

# Always cache the following file types for all users. This list of extensions
# appears twice, once here and again in vcl_backend_response so make sure you edit both
# and keep them equal.
if (req.url ~ "(?i)\.(pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") {
unset req.http.Cookie;
}

# Remove any Google Analytics based cookies
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");

# Remove all cookies that Drupal doesn't need to know about. We explicitly
# list the ones that Drupal does need, the SESS and NO_CACHE. If, after
# running this code we find that either of these two cookies remains, we
# will pass as the page cannot be cached.
if (req.http.Cookie) {
# 1. Append a semi-colon to the front of the cookie string.
# 2. Remove all spaces that appear after semi-colons.
# 3. Match the cookies we want to keep, adding the space we removed
#    previously back. (\1) is first matching group in the regsuball.
# 4. Remove all other cookies, identifying them by the fact that they have
#    no space after the preceding semi-colon.
# 5. Remove all spaces and semi-colons from the beginning and end of the
#    cookie string.
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");

if (req.http.Cookie == "") {
# If there are no remaining cookies, remove the cookie header. If there
# aren't any cookie headers, Varnish's default behavior will be to cache
# the page.
unset req.http.Cookie;
}
else {
# If there is any cookies left (a session or NO_CACHE cookie), do not
# cache the page. Pass it on to Apache directly.
return (pass);
}
}

# Do not cache AJAX requests.
if (req.http.X-Requested-With == "XMLHttpRequest") {
return(pass);
}

# Post requests will not be cached
if (req.http.Authorization || req.method == "POST") {
return (pass);
}
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}

# Do not cache Authorized requests.
if (req.http.Authorization) {
return(pass);
}

# LetsEncrypt Certbot passthrough
if (req.url ~ "^/\.well-known/acme-challenge/") {
return (pass);
}

if (req.url ~ "^/\.well-known/pki-validation/") {
return (pass);
}

# Forward client's IP to the backend
if (req.restarts == 0) {
if (req.http.X-Real-IP) {
set req.http.X-Forwarded-For = req.http.X-Real-IP;
} else if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}

return (hash);
}
}


7
Installation / Update manualy Git version on CWP controled server
« on: May 20, 2021, 10:16:24 AM »
Hello!

I would like to upgrade the Git version on my server controlled by CWP.

Now it has the latest Centos 7 Git version 1.8.3.1. I would like to remove this version and manually build the newest version from a tarball. Would this process break anything in CWP core or make some issues with CWP functionality?

Thanks!

8
Functions / Re: WebServers Vhost Template
« on: March 12, 2021, 02:05:13 PM »
Hi!

You were right... Issue was the code for redirection in .tpl file.

Thanks!


9
Functions / WebServers Vhost Template
« on: January 22, 2021, 10:25:25 AM »
Hello!

I have created two custom templates and add my custom code. I did an https redirection in .tpl file and in .stpl (SSL) template I did a change to the docroot path for a domain name.

When I do a change through CWP WHM for the domain name it creates new vhosts files for a domain name, but for .tpl file, system adds suffix .disabled and after that when you open a domain name in web browser I have an error. Fix for this is just to rename .tpl file and remove .disabled suffix. Restart Apache server and domain is up and running with settings I put in a custom template file.

My main issue is when I add this template as the default, main webservers configuration. Option, Apache default PHP-FPM template, and when SSL expires and system automatically renews it site became forbidden for access because .tpl file has suffix .disabled. The solution is, rename and remove a suffix, restart Apache and get the domain up and running.

Where do I get wrong and why CWP add suffix .disabled to a custom template?

Thanks, Vlade.

Pages: [1]