Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
SSL / AutoSSL is a mess
« on: February 14, 2021, 12:00:36 PM »
* 1 Automatic SSL generation is ignored.
On Webserver Settings, Configure. I have "Automatic SSL generation, Active" _not_ checked.
However after installing a new domain, I received an email "Hello, the domains name below have an SSL certificate which was been created automatically". And indeed the new domain has got an Lets-Encrypt certificate (I don't want this an EV-certificate is in setup)
* 2 When the certficate of the host (/etc/pki/tls/certs/hostname.bundle) has been renewed, there is no restart of Dovecot so dovecot will stil use the old certificate.
* 3 If you use the host certificate for pureFTP (/etc/pki/tls/private/hostname.pem) you must build this file yourself: cat /etc/pki/tls/private/hostname.key /etc/pki/tls/certs/hostname.bundle > /etc/pki/tls/private/hostname.pem, and restart pure-ftpd.
* 4 If a zone has no A-record, CWP cannot renew the zone with www
* 5 CAA-records in DNS seemed to be ignored by CWP, resulting in acme-errors.
On Webserver Settings, Configure. I have "Automatic SSL generation, Active" _not_ checked.
However after installing a new domain, I received an email "Hello, the domains name below have an SSL certificate which was been created automatically". And indeed the new domain has got an Lets-Encrypt certificate (I don't want this an EV-certificate is in setup)
* 2 When the certficate of the host (/etc/pki/tls/certs/hostname.bundle) has been renewed, there is no restart of Dovecot so dovecot will stil use the old certificate.
* 3 If you use the host certificate for pureFTP (/etc/pki/tls/private/hostname.pem) you must build this file yourself: cat /etc/pki/tls/private/hostname.key /etc/pki/tls/certs/hostname.bundle > /etc/pki/tls/private/hostname.pem, and restart pure-ftpd.
* 4 If a zone has no A-record, CWP cannot renew the zone with www
* 5 CAA-records in DNS seemed to be ignored by CWP, resulting in acme-errors.
2
PHP / php-fpm not created
« on: May 31, 2020, 02:17:27 PM »
Last night we had a problem, all our http-sites where out.
In the logs:
May 31 03:27:18 web16 systemd: Stopping CentOS Web Panel service (daemon)...
May 31 03:27:18 web16 systemd: Stopped CentOS Web Panel service (daemon).
May 31 03:27:18 web16 systemd: Starting CentOS Web Panel service (daemon)...
May 31 03:27:18 web16 cwpsrv: cwpsrv: [warn] he "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/cwpsrv/conf.d/api.conf:8
May 31 03:27:18 web16 cwpsrv: cwpsrv:the configuration file /usr/local/cwpsrv/conf/cwpsrv.conf syntax is ok
May 31 03:27:18 web16 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test is successful
May 31 03:27:18 web16 cwpsrv: cwpsrv: [warn] he "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/cwpsrv/conf.d/api.conf:8
May 31 03:27:19 web16 systemd: Started CentOS Web Panel service (daemon).
May 31 03:27:19 web16 systemd: Stopping Web server Apache...
May 31 03:27:32 web16 systemd: Stopped Web server Apache.
May 31 03:27:32 web16 systemd: Starting Web server Apache...
May 31 03:27:33 web16 systemd: Started Web server Apache.
May 31 03:27:33 web16 systemd: Reloading Web server Apache.
May 31 03:27:33 web16 apachectl: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
May 31 03:27:33 web16 apachectl: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
May 31 03:27:33 web16 apachectl: no listening sockets available, shutting down
May 31 03:27:33 web16 apachectl: AH00015: Unable to open logs
May 31 03:27:33 web16 apachectl: httpd not running, trying to start
May 31 03:27:33 web16 systemd: httpd.service: control process exited, code=exited status=1
May 31 03:27:33 web16 systemd: Reload failed for Web server Apache.
May 31 03:27:33 web16 systemd: Reloading.
May 31 03:27:34 web16 systemd: Reloading Web server Apache.
May 31 03:27:34 web16 systemd: Reloaded Web server Apache.
We also stumbled on another problem:
May 30 01:08:01 web16 systemd: Reloading The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Can't open PID file /opt/alt/php-fpm72/usr/var/run/php-fpm.pid (yet?) after reload: No such file or directory
May 30 01:08:01 web16 systemd: Reloaded The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Reloading The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Can't open PID file /opt/alt/php-fpm73/usr/var/run/php-fpm.pid (yet?) after reload: No such file or directory
May 30 01:08:01 web16 systemd: Reloaded The PHP FastCGI Process Manager.
This lost one is because the defaulf pid in php-fpm is "none", and it is not configured in the php-fpm config,
however there's an pid configured in the systemd-service.
Fixed it by adding 2 config-files
/opt/alt/php-fpm72/usr/etc/php-fpm.d/global.conf:
[global]
pid = /opt/alt/php-fpm72/usr/var/run/php-fpm.pid
/opt/alt/php-fpm73/usr/etc/php-fpm.d/global.conf:
[global]
pid = /opt/alt/php-fpm73/usr/var/run/php-fpm.pid
@CWP: please fix this in your configuration
In the logs:
May 31 03:27:18 web16 systemd: Stopping CentOS Web Panel service (daemon)...
May 31 03:27:18 web16 systemd: Stopped CentOS Web Panel service (daemon).
May 31 03:27:18 web16 systemd: Starting CentOS Web Panel service (daemon)...
May 31 03:27:18 web16 cwpsrv: cwpsrv: [warn] he "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/cwpsrv/conf.d/api.conf:8
May 31 03:27:18 web16 cwpsrv: cwpsrv:the configuration file /usr/local/cwpsrv/conf/cwpsrv.conf syntax is ok
May 31 03:27:18 web16 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test is successful
May 31 03:27:18 web16 cwpsrv: cwpsrv: [warn] he "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/cwpsrv/conf.d/api.conf:8
May 31 03:27:19 web16 systemd: Started CentOS Web Panel service (daemon).
May 31 03:27:19 web16 systemd: Stopping Web server Apache...
May 31 03:27:32 web16 systemd: Stopped Web server Apache.
May 31 03:27:32 web16 systemd: Starting Web server Apache...
May 31 03:27:33 web16 systemd: Started Web server Apache.
May 31 03:27:33 web16 systemd: Reloading Web server Apache.
May 31 03:27:33 web16 apachectl: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
May 31 03:27:33 web16 apachectl: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
May 31 03:27:33 web16 apachectl: no listening sockets available, shutting down
May 31 03:27:33 web16 apachectl: AH00015: Unable to open logs
May 31 03:27:33 web16 apachectl: httpd not running, trying to start
May 31 03:27:33 web16 systemd: httpd.service: control process exited, code=exited status=1
May 31 03:27:33 web16 systemd: Reload failed for Web server Apache.
May 31 03:27:33 web16 systemd: Reloading.
May 31 03:27:34 web16 systemd: Reloading Web server Apache.
May 31 03:27:34 web16 systemd: Reloaded Web server Apache.
We also stumbled on another problem:
May 30 01:08:01 web16 systemd: Reloading The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Can't open PID file /opt/alt/php-fpm72/usr/var/run/php-fpm.pid (yet?) after reload: No such file or directory
May 30 01:08:01 web16 systemd: Reloaded The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Reloading The PHP FastCGI Process Manager.
May 30 01:08:01 web16 systemd: Can't open PID file /opt/alt/php-fpm73/usr/var/run/php-fpm.pid (yet?) after reload: No such file or directory
May 30 01:08:01 web16 systemd: Reloaded The PHP FastCGI Process Manager.
This lost one is because the defaulf pid in php-fpm is "none", and it is not configured in the php-fpm config,
however there's an pid configured in the systemd-service.
Fixed it by adding 2 config-files
/opt/alt/php-fpm72/usr/etc/php-fpm.d/global.conf:
[global]
pid = /opt/alt/php-fpm72/usr/var/run/php-fpm.pid
/opt/alt/php-fpm73/usr/etc/php-fpm.d/global.conf:
[global]
pid = /opt/alt/php-fpm73/usr/var/run/php-fpm.pid
@CWP: please fix this in your configuration
3
CentOS-WebPanel Bugs / Default theme/language not respected
« on: May 08, 2020, 01:14:03 PM »
When the file ~/.conf/cwp.ini does not exist (pe if you restore from a Cpanel account), there is a file created:
LANG="en"
THEME="original"
... even if your default-theme and default-language is set to another one.
LANG="en"
THEME="original"
... even if your default-theme and default-language is set to another one.
4
CentOS-WebPanel Bugs / Resellers cant jump to their sub-account
« on: May 08, 2020, 10:30:15 AM »
In the gui click on Reseller Manage, tab Accounts.
There is a link "Autologin User".
On hovering you'll see the correct link (https://<servername>:2083/cwp_....
But when you click on it, you end up at https://<IP-addres server>:2083/login.
This gives an SSL-error and you cant login.
I also see in the source see this:
form id="autologinuser" name="autologinuser" action="https://79.137.25.231:2083/pepe/" method="post"
Does this mean this autologin goes through your servers?
So you can see the users? and you can't login if your server is down?
There is a link "Autologin User".
On hovering you'll see the correct link (https://<servername>:2083/cwp_....
But when you click on it, you end up at https://<IP-addres server>:2083/login.
This gives an SSL-error and you cant login.
I also see in the source see this:
form id="autologinuser" name="autologinuser" action="https://79.137.25.231:2083/pepe/" method="post"
Does this mean this autologin goes through your servers?
So you can see the users? and you can't login if your server is down?
5
CentOS-WebPanel Bugs / cron_autossl_all_domains.php gives error
« on: May 08, 2020, 10:23:55 AM »
Output of
/usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_all_domains.php:
Generating RSA private key, 2048 bit long modulus
.+++
...................................+++
e is 65537 (0x10001)
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
Generating RSA private key, 2048 bit long modulus
......+++
................................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...........................................+++
..............+++
e is 65537 (0x10001)
sh: postmap: command not found
sh: service: command not found
sh: service: command not found
sh: service: command not found
CREATION FAILEDS: 0
CREATEDS: 6
RENEWAL FAILEDS: 0
RENEWEDS: 0
/usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_all_domains.php:
Generating RSA private key, 2048 bit long modulus
.+++
...................................+++
e is 65537 (0x10001)
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file
Generating RSA private key, 2048 bit long modulus
......+++
................................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...........................................+++
..............+++
e is 65537 (0x10001)
sh: postmap: command not found
sh: service: command not found
sh: service: command not found
sh: service: command not found
CREATION FAILEDS: 0
CREATEDS: 6
RENEWAL FAILEDS: 0
RENEWEDS: 0
6
CentOS-WebPanel Bugs / Set redirect in user GUI doesn't always work
« on: May 08, 2020, 10:21:57 AM »
If you make a rewrite, and there's already a .htaccess-file available,
the rewrite-rules are appended.
They should be inserted at the top because otherwise is will problably not work.
Most existing .htaccess-files are used to rewrite URL's (p.e. Wordpress)
the rewrite-rules are appended.
They should be inserted at the top because otherwise is will problably not work.
Most existing .htaccess-files are used to rewrite URL's (p.e. Wordpress)
7
CentOS-WebPanel Bugs / Redirects are stick in GUI
« on: May 08, 2020, 10:20:07 AM »
When a user adds a redirect in the GUI, and afterwards deletes the domain or point the domain to another subfolder,
the redirect stays visible in the GUI and you can't delete it
the redirect stays visible in the GUI and you can't delete it
8
CentOS-WebPanel Bugs / Addon Domains fail to restore from Account Migration from cPanel
« on: May 08, 2020, 10:17:55 AM »
- the documentroot of the add-on domains is not read, so it is in CWP the addon domains are mapped to the homedir of the master-account.
The documentroot can be read in the backup-zipfile in /userdata/<addon-domain>
- the content of this dir (in the zipfile in /homedir/) is also skipped. The directory is created, but the content is skipped completely and the blank index.html of cwp is placed there.
The documentroot can be read in the backup-zipfile in /userdata/<addon-domain>
- the content of this dir (in the zipfile in /homedir/) is also skipped. The directory is created, but the content is skipped completely and the blank index.html of cwp is placed there.
9
Updates / Error on yum update python conflict
« on: May 06, 2020, 11:26:27 PM »
On yum update, I see yum is trying to install the following packages because of dependency:
python3 x86_64 3.6.8-13.el7 base 69 k
python3-libs x86_64 3.6.8-13.el7 base 7.0 M
python3-pip noarch 9.0.3-7.el7_7 updates 1.8 M
python3-setuptools noarch 39.2.0-10.el7 base 629 k
but on running transaction test, I got lot of errors like this one:
file /usr/lib64/python3.6/xml/sax/__pycache__/handler.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/saxutils.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/saxutils.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/xmlreader.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/xmlreader.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
It seems cwp installed python36u.x86_64 3.6.8-1.el7.ius which is in conflict with the regulare centos update.
# yum list python34* python35* python36* python34u* python35u* python36u* -q | tr -s ' ' | column -t
Installed packages
python36u.x86_64 3.6.8-1.el7.ius @cwp
python36u-libs.x86_64 3.6.8-1.el7.ius @cwp
Available packages
python34.x86_64 3.4.10-4.el7 epel
python34-Cython.x86_64 0.28.5-1.el7 epel
python34-HepMC3.x86_64 3.2.1-2.el7 epel
python34-HepMC3-rootIO.x86_64 3.2.1-2.el7 epel
python34-HepMC3-search.x86_64 3.2.1-2.el7 epel
python34-PyYAML.x86_64 3.12-1.el7 epel
python34-apsw.x86_64 3.7.17.r1-3.el7 epel
python34-argcomplete.noarch 1.7.0-4.el7 epel
python34-asn1crypto.noarch 0.24.0-7.el7 epel
python34-backports-ssl_match_hostname.noarch
3.5.0.1-1.el7 epel
python34-blosc.x86_64 1.2.8-5.el7 epel
python34-bottle.noarch 0.12.13-3.el7 epel
python34-bsddb3.x86_64 6.2.6-4.el7 epel
python34-certifi.noarch 2018.10.15-5.el7 epel
python34-chardet.noarch 3.0.4-1.el7 epel
python34-click.noarch 6.7-8.el7 epel
python34-coverage.x86_64 4.0.3-5.el7 epel
python34-cups.x86_64 1.9.74-4.el7 epel
python34-dateutil.noarch 1:2.4.2-5.el7 epel
python34-debug.x86_64 3.4.10-4.el7 epel
python34-devel.x86_64 3.4.10-4.el7 epel
python34-docutils.noarch 0.14-1.el7 epel
python34-empy.noarch 3.3.3-2.el7 epel
python34-httmock.noarch 1.2.6-2.el7 epel
python34-idna.noarch 2.7-2.el7 epel
python34-iso3166.noarch 1.0.1-1.el7 epel
python34-jinja2.noarch 2.11.1-1.el7 epel
python34-jsmva.noarch 6.20.04-1.el7 epel
python34-jupyroot.x86_64 6.20.04-1.el7 epel
python34-lark-parser.noarch 0.7.1-1.el7 epel
python34-leveldb.x86_64 0.194-2.el7 epel
python34-lhapdf.x86_64 6.2.1-6.el7 epel
python34-libs.x86_64 3.4.10-4.el7 epel
python34-markdown.noarch 2.4.1-4.el7 epel
python34-markupsafe.x86_64 0.23-3.el7 epel
python34-mock.noarch 2.0.0-2.el7 epel
python34-nose.noarch 1.3.7-4.el7 epel
python34-numpy.x86_64 1.12.1-3.el7 epel
python34-numpy-f2py.x86_64 1.12.1-3.el7 epel
python34-parso.noarch 0.3.1-2.el7 epel
python34-pbr.noarch 4.2.0-3.el7 epel
python34-pip.noarch 8.1.2-12.el7 epel
python34-prelude.x86_64 5.1.1-1.el7 epel
python34-preludedb.x86_64 5.1.0-2.el7 epel
python34-prettytable.noarch 0.7.2-19.el7 epel
python34-process-tests.noarch 1.0.0-11.el7 epel
python34-psutil.x86_64 5.6.7-1.el7 epel
python34-psycopg2.x86_64 2.7.7-2.el7 epel
python34-psycopg2-tests.x86_64 2.7.7-2.el7 epel
python34-py.noarch 1.4.32-2.el7 epel
python34-py4j.noarch 0.10.7-4.el7 epel
python34-pycryptodomex.x86_64 3.9.7-1.el7 epel
python34-pycurl.x86_64 7.43.0-7.el7 epel
python34-pygments.noarch 2.2.0-3.el7 epel
python34-pygraphviz.x86_64 1.3-2.rc2.el7.2 epel
python34-pyscard.x86_64 1.9.7-1.el7 epel
python34-pysocks.noarch 1.6.8-7.el7 epel
python34-pytest.noarch 2.9.2-4.el7 epel
python34-pytest-cov.noarch 2.5.1-3.el7 epel
python34-pythia8.x86_64 8.2.43-1.el7 epel
python34-pyvirtualize.noarch 0.10-2.20191018gitdc2d971.el7 epel
python34-pyvmomi.noarch 6.7.3-4.el7 epel
python34-requests.noarch 2.14.2-2.el7 epel
python34-rfc3986.noarch 1.3.0-1.el7 epel
python34-root.x86_64 6.20.04-1.el7 epel
python34-setuptools.noarch 39.2.0-4.el7 epel
python34-setuptools_scm.noarch 1.17.0-3.el7 epel
python34-slack_cleaner.noarch 0.5.0-2.el7 epel
python34-slacker.noarch 0.12.0-4.el7 epel
python34-snowballstemmer.noarch 1.2.1-9.el7 epel
python34-sphinx.noarch 1.2.3-6.el7 epel
python34-sphinx-latex.noarch 1.2.3-6.el7 epel
python34-sqlalchemy.x86_64 1.1.3-3.el7 epel
python34-tabulate.noarch 0.8.3-8.el7 epel
python34-test.x86_64 3.4.10-4.el7 epel
python34-tkinter.x86_64 3.4.10-4.el7 epel
python34-tools.x86_64 3.4.10-4.el7 epel
python34-urllib3.noarch 1.25.6-1.el7 epel
python34-uwsgidecorators.x86_64 2.0.17.1-2.el7 epel
python34-virtualenv.noarch 15.1.0-5.el7 epel
python34-whoosh.noarch 2.7.4-5.el7 epel
python34-xrootd.x86_64 1:4.11.3-1.el7 epel
python36-Cython.x86_64 0.28.5-1.el7 epel
python36-GitPython.noarch 1.0.1-8.el7 epel
python36-HepMC3.x86_64 3.2.1-2.el7 epel
python36-HepMC3-rootIO.x86_64 3.2.1-2.el7 epel
python36-HepMC3-search.x86_64 3.2.1-2.el7 epel
python36-PyMySQL.noarch 0.9.3-1.el7 epel
python36-PyYAML.x86_64 3.12-1.el7 epel
python36-SecretStorage.noarch 2.1.1-2.el7 epel
python36-abimap.noarch 0.3.1-3.el7 epel
<cut the rest of the python36 package>
python3 x86_64 3.6.8-13.el7 base 69 k
python3-libs x86_64 3.6.8-13.el7 base 7.0 M
python3-pip noarch 9.0.3-7.el7_7 updates 1.8 M
python3-setuptools noarch 39.2.0-10.el7 base 629 k
but on running transaction test, I got lot of errors like this one:
file /usr/lib64/python3.6/xml/sax/__pycache__/handler.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/saxutils.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/saxutils.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/xmlreader.cpython-36.opt-1.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
file /usr/lib64/python3.6/xml/sax/__pycache__/xmlreader.cpython-36.pyc from install of python3-libs-3.6.8-13.el7.x86_64 conflicts with file from package python36u-libs-3.6.8-1.el7.ius.x86_64
It seems cwp installed python36u.x86_64 3.6.8-1.el7.ius which is in conflict with the regulare centos update.
# yum list python34* python35* python36* python34u* python35u* python36u* -q | tr -s ' ' | column -t
Installed packages
python36u.x86_64 3.6.8-1.el7.ius @cwp
python36u-libs.x86_64 3.6.8-1.el7.ius @cwp
Available packages
python34.x86_64 3.4.10-4.el7 epel
python34-Cython.x86_64 0.28.5-1.el7 epel
python34-HepMC3.x86_64 3.2.1-2.el7 epel
python34-HepMC3-rootIO.x86_64 3.2.1-2.el7 epel
python34-HepMC3-search.x86_64 3.2.1-2.el7 epel
python34-PyYAML.x86_64 3.12-1.el7 epel
python34-apsw.x86_64 3.7.17.r1-3.el7 epel
python34-argcomplete.noarch 1.7.0-4.el7 epel
python34-asn1crypto.noarch 0.24.0-7.el7 epel
python34-backports-ssl_match_hostname.noarch
3.5.0.1-1.el7 epel
python34-blosc.x86_64 1.2.8-5.el7 epel
python34-bottle.noarch 0.12.13-3.el7 epel
python34-bsddb3.x86_64 6.2.6-4.el7 epel
python34-certifi.noarch 2018.10.15-5.el7 epel
python34-chardet.noarch 3.0.4-1.el7 epel
python34-click.noarch 6.7-8.el7 epel
python34-coverage.x86_64 4.0.3-5.el7 epel
python34-cups.x86_64 1.9.74-4.el7 epel
python34-dateutil.noarch 1:2.4.2-5.el7 epel
python34-debug.x86_64 3.4.10-4.el7 epel
python34-devel.x86_64 3.4.10-4.el7 epel
python34-docutils.noarch 0.14-1.el7 epel
python34-empy.noarch 3.3.3-2.el7 epel
python34-httmock.noarch 1.2.6-2.el7 epel
python34-idna.noarch 2.7-2.el7 epel
python34-iso3166.noarch 1.0.1-1.el7 epel
python34-jinja2.noarch 2.11.1-1.el7 epel
python34-jsmva.noarch 6.20.04-1.el7 epel
python34-jupyroot.x86_64 6.20.04-1.el7 epel
python34-lark-parser.noarch 0.7.1-1.el7 epel
python34-leveldb.x86_64 0.194-2.el7 epel
python34-lhapdf.x86_64 6.2.1-6.el7 epel
python34-libs.x86_64 3.4.10-4.el7 epel
python34-markdown.noarch 2.4.1-4.el7 epel
python34-markupsafe.x86_64 0.23-3.el7 epel
python34-mock.noarch 2.0.0-2.el7 epel
python34-nose.noarch 1.3.7-4.el7 epel
python34-numpy.x86_64 1.12.1-3.el7 epel
python34-numpy-f2py.x86_64 1.12.1-3.el7 epel
python34-parso.noarch 0.3.1-2.el7 epel
python34-pbr.noarch 4.2.0-3.el7 epel
python34-pip.noarch 8.1.2-12.el7 epel
python34-prelude.x86_64 5.1.1-1.el7 epel
python34-preludedb.x86_64 5.1.0-2.el7 epel
python34-prettytable.noarch 0.7.2-19.el7 epel
python34-process-tests.noarch 1.0.0-11.el7 epel
python34-psutil.x86_64 5.6.7-1.el7 epel
python34-psycopg2.x86_64 2.7.7-2.el7 epel
python34-psycopg2-tests.x86_64 2.7.7-2.el7 epel
python34-py.noarch 1.4.32-2.el7 epel
python34-py4j.noarch 0.10.7-4.el7 epel
python34-pycryptodomex.x86_64 3.9.7-1.el7 epel
python34-pycurl.x86_64 7.43.0-7.el7 epel
python34-pygments.noarch 2.2.0-3.el7 epel
python34-pygraphviz.x86_64 1.3-2.rc2.el7.2 epel
python34-pyscard.x86_64 1.9.7-1.el7 epel
python34-pysocks.noarch 1.6.8-7.el7 epel
python34-pytest.noarch 2.9.2-4.el7 epel
python34-pytest-cov.noarch 2.5.1-3.el7 epel
python34-pythia8.x86_64 8.2.43-1.el7 epel
python34-pyvirtualize.noarch 0.10-2.20191018gitdc2d971.el7 epel
python34-pyvmomi.noarch 6.7.3-4.el7 epel
python34-requests.noarch 2.14.2-2.el7 epel
python34-rfc3986.noarch 1.3.0-1.el7 epel
python34-root.x86_64 6.20.04-1.el7 epel
python34-setuptools.noarch 39.2.0-4.el7 epel
python34-setuptools_scm.noarch 1.17.0-3.el7 epel
python34-slack_cleaner.noarch 0.5.0-2.el7 epel
python34-slacker.noarch 0.12.0-4.el7 epel
python34-snowballstemmer.noarch 1.2.1-9.el7 epel
python34-sphinx.noarch 1.2.3-6.el7 epel
python34-sphinx-latex.noarch 1.2.3-6.el7 epel
python34-sqlalchemy.x86_64 1.1.3-3.el7 epel
python34-tabulate.noarch 0.8.3-8.el7 epel
python34-test.x86_64 3.4.10-4.el7 epel
python34-tkinter.x86_64 3.4.10-4.el7 epel
python34-tools.x86_64 3.4.10-4.el7 epel
python34-urllib3.noarch 1.25.6-1.el7 epel
python34-uwsgidecorators.x86_64 2.0.17.1-2.el7 epel
python34-virtualenv.noarch 15.1.0-5.el7 epel
python34-whoosh.noarch 2.7.4-5.el7 epel
python34-xrootd.x86_64 1:4.11.3-1.el7 epel
python36-Cython.x86_64 0.28.5-1.el7 epel
python36-GitPython.noarch 1.0.1-8.el7 epel
python36-HepMC3.x86_64 3.2.1-2.el7 epel
python36-HepMC3-rootIO.x86_64 3.2.1-2.el7 epel
python36-HepMC3-search.x86_64 3.2.1-2.el7 epel
python36-PyMySQL.noarch 0.9.3-1.el7 epel
python36-PyYAML.x86_64 3.12-1.el7 epel
python36-SecretStorage.noarch 2.1.1-2.el7 epel
python36-abimap.noarch 0.3.1-3.el7 epel
<cut the rest of the python36 package>
10
CentOS Configuration / diskspace on account reseller not shown correctly
« on: March 23, 2020, 10:09:53 AM »
The Disk Usage from accounts that are under Reseller, Manage are not shown correctly.
In the admin-panel and the accounts itself it's all OK, but if the reseller looks at his accounts it's wrong.
Example of 2 accounts from a reseller with the same-package
Package <reseller>_500 has a diskquota of 500 MB.
# repquota -a -s
joselar -- 172K 500M 500M 44 0 0
katwie -- 78100K 500M 500M 3701 0 0
# du -h --max-depth=0 /home/joselar
208K /home/joselar
# du -h --max-depth=0 /home/katwie
83M /home/katwie
In the root-admin panel I see:
joselar 172 KB / 500 MB
katwie 76.27 MB / 500 MB
If I login into the accounts itself, I also see the above quota, so far so good.
If I login in the reseller-account, and go to Reseller - Manage, I see:
joselar - 500 - 1.00 MB / ∞ MB
katwie - 500 - 0.01 GB / 76.00 GB
.... this is definitly wrong.
/scripts/cwp_api account update_diskquota_all
doesn't make any difference.
In the admin-panel and the accounts itself it's all OK, but if the reseller looks at his accounts it's wrong.
Example of 2 accounts from a reseller with the same-package
Package <reseller>_500 has a diskquota of 500 MB.
# repquota -a -s
joselar -- 172K 500M 500M 44 0 0
katwie -- 78100K 500M 500M 3701 0 0
# du -h --max-depth=0 /home/joselar
208K /home/joselar
# du -h --max-depth=0 /home/katwie
83M /home/katwie
In the root-admin panel I see:
joselar 172 KB / 500 MB
katwie 76.27 MB / 500 MB
If I login into the accounts itself, I also see the above quota, so far so good.
If I login in the reseller-account, and go to Reseller - Manage, I see:
joselar - 500 - 1.00 MB / ∞ MB
katwie - 500 - 0.01 GB / 76.00 GB
.... this is definitly wrong.
/scripts/cwp_api account update_diskquota_all
doesn't make any difference.
11
PHP / Make php safe again
« on: February 11, 2020, 09:00:44 AM »
For those who are intrested (and maybe a good thing to build into CWP).
I've hardened php so:
- open_basedir is the users home-dir
- all executables are disabled by default
- users can NOT overwrite this options with their own php user.ini-files.
This is how it works:
*1 create a file /home/zz_make with this code:
<?php
$excluded = array ( "tmpback",
"lost+found"
);
$filename = "/home/zz_ini";
if ($DIR = opendir("/home/")){
while (($dirfile = readdir($DIR)) !== false){
if (preg_match('/\./',$dirfile))
continue;
if (in_array(trim($dirfile),$excluded))
continue;
if (is_dir("/home/$dirfile/")){
$out .= "[PATH=/home/".$dirfile."/]\n";
$out .= "open_basedir = \"/home/".$dirfile."/:/tmp:/var/tmp:/usr/local/lib/php\"\n";
$out .= "disable_functions = exec, passthru, shell_exec, system, popen, pcntl_exec, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg\n\n";
}
}
}
$handle = fopen($filename, 'w');
if (!$handle) {
echo "Cannot open file ($filename)"; exit;
}else{
if (fwrite($handle, $out) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
}
fclose($handle);
*2 run: php /home/zz_make and check for errors and look if /home/zz_ini is created
*3 make softlinks in your php-dir's
ln -s /home/zz_ini /opt/alt/php72/usr/php/php.d/zz.ini
ln -s /home/zz_ini /opt/alt/php73/usr/php/php.d/zz.ini
ln -s /home/zz_ini /opt/alt/php-fpm72/usr/php/php.d/zz.ini
ln -s /home/zz_ini /opt/alt/php-fpm73/usr/php/php.d/zz.ini
(depends on what versions of php you are running)
*4 make a cron-file /etc/cron.daily/make_php-ini with this into it
#!/bin/bash
/usr/local/bin/php /home/zz_make
/bin/systemctl reload php-fpm72.service
/bin/systemctl reload php-fpm73.service
(you only have to reload php-fpm, normal fpm doesn't need to be reloaded)
*5 chmod 755 /etc/cron.daily/make_php-ini
And your done!
Check phpfinfo() in some websites to see if it works.
I've hardened php so:
- open_basedir is the users home-dir
- all executables are disabled by default
- users can NOT overwrite this options with their own php user.ini-files.
This is how it works:
*1 create a file /home/zz_make with this code:
<?php
$excluded = array ( "tmpback",
"lost+found"
);
$filename = "/home/zz_ini";
if ($DIR = opendir("/home/")){
while (($dirfile = readdir($DIR)) !== false){
if (preg_match('/\./',$dirfile))
continue;
if (in_array(trim($dirfile),$excluded))
continue;
if (is_dir("/home/$dirfile/")){
$out .= "[PATH=/home/".$dirfile."/]\n";
$out .= "open_basedir = \"/home/".$dirfile."/:/tmp:/var/tmp:/usr/local/lib/php\"\n";
$out .= "disable_functions = exec, passthru, shell_exec, system, popen, pcntl_exec, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg\n\n";
}
}
}
$handle = fopen($filename, 'w');
if (!$handle) {
echo "Cannot open file ($filename)"; exit;
}else{
if (fwrite($handle, $out) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
}
fclose($handle);
*2 run: php /home/zz_make and check for errors and look if /home/zz_ini is created
*3 make softlinks in your php-dir's
ln -s /home/zz_ini /opt/alt/php72/usr/php/php.d/zz.ini
ln -s /home/zz_ini /opt/alt/php73/usr/php/php.d/zz.ini
ln -s /home/zz_ini /opt/alt/php-fpm72/usr/php/php.d/zz.ini
ln -s /home/zz_ini /opt/alt/php-fpm73/usr/php/php.d/zz.ini
(depends on what versions of php you are running)
*4 make a cron-file /etc/cron.daily/make_php-ini with this into it
#!/bin/bash
/usr/local/bin/php /home/zz_make
/bin/systemctl reload php-fpm72.service
/bin/systemctl reload php-fpm73.service
(you only have to reload php-fpm, normal fpm doesn't need to be reloaded)
*5 chmod 755 /etc/cron.daily/make_php-ini
And your done!
Check phpfinfo() in some websites to see if it works.
Pages: [1]
