Topics

1

DNS Manager / DNSSEC - How-to & Sub-Domains

« on: March 17, 2023, 05:16:27 AM »

Greetings, I wish to share a tutorial on enabling/using DNSSEC in your CWP install. Now, this assumes that you are running your own dns server in CWP, I do not know how it would work with FreeDNS.

For those that would like more information on DNSSEC, please look https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

This builds on a previous thread from here: https://forum.centos-webpanel.com/index.php?topic=9052.msg41413#msg41413

I will add the steps from the above link here just for posterity's sake, in case the external link goes stale.

The following steps are for EL/centos/redhat

Note: In the examples below,  replace “domain.tld” with your domain name

Step 1:  First install haveged to generate keys

Code: [Select]

yum install -y haveged
systemctl enable haveged
Step 2: Change the Directory to /var/named

Code: [Select]

cd /var/named/
Step 3: Third generate ZSK Key

Code: [Select]

dnssec-keygen -L 3600 -a RSASHA256 -b 2048 -r /dev/urandom domain.tld
Step 4: Fourth generate KSK key

Code: [Select]

dnssec-keygen -L 3600 -r /dev/urandom -f KSK -a RSASHA256 -b 4096 domain.tld
Step 5: add keys to domain zone file

Code: [Select]

cat /var/named/Kdomain.tld.+008+*.key >> /var/named/domain.tld.db
Step 6: sign the zone file

Code: [Select]

dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o domain.tld -t domain.tld.db
Step 7: edit named configuration file /etc/named.conf and add this line

Code: [Select]

dnssec-lookaside auto;** find this line, "dnssec-enable yes; dnssec-validation yes;" add "dnssec-lookaside auto;" after it

Step 8: In the same file as the previous step, /etc/named.conf, rename the zone file for the domain being enabled
From

Code: [Select]

// zone domain.tld
zone "domain.tld" {type master; file "/var/named/domain.tld.db";};
// zone_end domain.tld
To

Code: [Select]

// zone domain.tld
zone "domain.tld" {type master; file "/var/named/domain.tld.db.signed";};
// zone_end domain.tld

Step 9: Centos/el/RHEL Reload/Restart the named service

Code: [Select]

service named reload
or
systemctl reload named
In Step 5, this created a file in /var/named called dsset-domain.tld. and in this file you will find the keys that you will add to your domain registrar.

Code: [Select]

domain.tld. IN DS 54216 8 1 927FCC021E55B89F279C9D8580CC6615398630747
domain.tld. IN DS 54216 8 2 D564958A48549F123B1E38AhhhE0CF9C73F5E8F4F2CE2A2442C1893C 7878666F
line 1 Description: 54216=Key Tag, 8=Algorithm, 1=Digest Type, long string=Digest
Online 2, the SHA-256 key will generate a space just before the end, when adding it to your registrar, you may have to remove that space.

Now, there is an issue with the current implementation of DNSSEC in CWP, once it is enabled, adding a subdomain will not work. The subdomain will be created in the /var/named/domain.tld.db but not in  in /var/named/domain.tld.db.signed record, so the sub-domain will never propagate.
The workaround is to run Step 5 and Step 9 after a subdomain is created and after it is deleted.


Hope this helps,

Joao

2

CentOS-WebPanel Bugs / User cPanel roundcube mail link bug

« on: November 18, 2021, 09:52:04 AM »

I just updated cwp to the latest version and there is a minor bug, when clicking the "Roundcube Webmail" the new window opens with a URL that ends with two slashes,   https://www.mydomain.com/webmail//

Currently this seems to only effect Password managers..

3

CentOS-WebPanel Bugs / Cpanel Statistics, no Monthly view

« on: August 13, 2021, 12:00:40 PM »

I have over three months worth of data on most of the domains.
The client goes to statistics  for a specific domain and sees data for Daily and Weekly but nothing for Monthly?

This is an issue with all domains on the server, not one has monthly data on the statistics.

Anyone have an idea?

4

CentOS-WebPanel Bugs / cpanel SSL login redirects to non-ssl

« on: July 19, 2021, 03:19:23 PM »

Recently, not really sure when, but when a user logs in to their cpanel account https://cpanel.domainxyz.com, they are redirected to non-SSL page. If you change the URL to https the session continues in SSL with no issues.

The server has been running great for weeks, nothing changed that I know of...

5

CentOS 7 Problems / Jailkit appears to be broken!

« on: May 25, 2021, 05:39:58 PM »

My server is up and running, running very well I may add. But I do have an issue with jailkit.

I have a user that needs shell access to run a Drupal site,  but he wants to use Composer.

I gave his account shell access through the Jailkit, and after setting up ssh keys, he is able to login with no issues.
The problem is that he cannot access many things, like nano gives the error: "Error opening terminal: unknown", and nano is listed in /home/jail/bobby/bin.

How can this be fixed properly?

6

CentOS 7 Problems / /home/<user> permissions

« on: May 03, 2021, 10:03:45 AM »

I recently moved my server from one region to another within my hosting provider and I noticed that I have one user  directory (/home/<user>) that has permissions set to 755 all of the others have permissions of 711, /home/jail is also set to 755.

Which should they be set at, 755 or 711?

7

E-Mail / Add SOGo (email, Calendar, Contacts, Tasks) as an option or replace RoundCube

« on: April 30, 2021, 11:55:29 PM »

Greetings, I hope I can get the attention of CentOS Webpanel people here!

I have found CWP7 to be a great product but I have found Roundcube to be underwhelming at best. It looks nice and all, but no Calendar, no Tasks, no Contact, Calendar & Task syncing. Even paying for additional plugins only gives you a Calendar with RoundCube.

I motion to officially request CWP7 to implement either as an option or direct replacement of Roundcube with SOGo

it offers all of the above and is open source and free.

MainPage: https://www.sogo.nu
Demolink at bottom of homepage.

Installation wiki: https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#_smtp_server_configuration

8

Migration from other control panels / "There is an error, please check that the account no longer exists"

« on: April 22, 2021, 09:29:09 AM »

I would like to post a quick note on migrating cPanel accounts to CWP7 and the occasional error "There is an error, please check that the account no longer exists".

This issue is related to the user account character length in cPanel vs. CWP7. Here is a scenario let's say you have three accounts on a cPanel server;

cPanel account name: mydomain for mydomain.com
cPanel account name: mydomainnet  for mydomain.net
cPanel account name: mydomainorg  for mydomain.org

When you go and import the first account, mydomain it will import just fine. But if you try to import any of the other two accounts they will fail at the account creation with the error "There is an error, please check that the account no longer exists"

The reason is because CWP7 has a character limit of 8 for the user name, the system tries to truncate the characters after the first 8, but if the account already exists it will fail. So trying to import mydomainnet, it will truncate "net" but "mydomain" already exists.

The workaround is to change the user account name in cPanel, if you do not have access to this feature, you may ask your hosting provider to do so.  The drawback is that doing so will also edit the prefix for any database. So the three steps are:

• Change user name in cPanel to only 8 characters
• Note the new database prefix and fix any sites that use that database, for example, if you have a WordPress site, edit the wp-config.php file to reflect the new database name.
• Once site is back up and running, export/transfer site to CWP server.
• Import cpanel account as normal.

9

SSL / CWPSRV SSL not working - Missing /etc/letsencrypt?

« on: April 22, 2021, 04:37:28 AM »

I have setup my server and it was all working perfectly, then all of the sudden, my hostname ssl stopped working. The rest of the domains work just fine. only  port 2087 and port 2031 revert to the self signed certificates. Now, it was working, then yesterday it just stopped. The wierd part is that /etc/letsencrypt directory is missing altogether?

See for yourself
server: https://srvr.acoreano.com:2031
domain: https://www.acoreano.com
cpanel: https://cpanel.acoreano.com
webmail: https://webmail.acoreano.com

Any help/ideas would be greatly appreciated..

10

Installation / CentOS Web Panel is a disaster!!!!!!!!!

« on: March 28, 2017, 02:09:50 PM »

When I first found this site, I was so excited, after being a long term cPanel user, I thought  what a great idea! But the execution of this software is horrible. I have spent three days trying to set this up, even paid $10.00 for CWP Pro, server still has not been updated 36 hours later.

Setting up basic SSL on CWP services is a no go, btu hey, I can buy support! Why would I spend 20.00, 30.00, 40.00 for support on something that does not even install and setup correctly to begin with?

A cPanel license is $20 per month for a VPS, and it works!

Get the product working for free, ask for donations instead. Once the product is functional, then add features for a fee.

Wasted three days and $10.00!

11

CentOS 7 Problems / Let's Encrypt SSL on admin for CWP7 - cwpsrv.service restar error

« on: March 27, 2017, 08:44:40 PM »

I am adding this question here since this seems to be a CWP7 specific issue, this was originally posted here: http://forum.centos-webpanel.com/ssl/can't-install-let's-encrypt-ssl-on-admin-for-cwp7-need-assistance/

've been attempting to install a Let's Encrypt certificate for the admin panel for CWP7 and here's the steps I've followed:

First I attempted to follow this guide:
http://wiki.centos-webpanel.com/hostname-ssl-with-letsencrypt

(Including the YouTube video)

It appears that a few file names might be wrong, because the video wants the file /usr/local/apache/conf.d/vhosts-hostname.conf edited, but in the Video, it's showing the edit of /usr/local/apache/conf.d/vhosts.conf through the admin page.

So as a test I setup my admin virtual host through the admin page (i.e. vhosts.conf) per the video with proper host.hostname.com entries/IP and then I installed the Let's Encrypt Cert, followed by checking my admin panel server page for SSL and that appeared functional on port 443.   The next stage was to add the ability to use the cert on port 2031.

The guide indicates to make changes to: /usr/local/cwpsrv/conf.d/cwp-ssl.conf

The file cwp-ssl.conf didn't exist, so I created the file with the proper entries and then attempted to restart CWP, that lead this error:

Redirecting to /bin/systemctl restart  cwpsrv.service
Job for cwpsrv.service failed because the control process exited with error code. See "systemctl status cwpsrv.service" and "journalctl -xe" for details.

After searching, making adjustments based on other attempts discovered online and so forth, it appeared this wasn't going work and then I noticed ALL the guides and videos I've been reading/viewing were related to CWP (v6) and not CWP7 - does anyone have a guide and/or advice on setting up the admin page (port 2031) using the Let's Encrypt certs.

FWIW, it seems that any changes made to cwp-ssl.conf lead to a restart error.

Has anyone