Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
76
Installation / CWP7 cwpsrv fails first on install, fix this breaks Apache
« on: January 21, 2019, 06:58:54 PM »
Third install with the same results - utter failure. Everything works fine until you set up your first username/root domain. When you generate an SSL certificate for your root domain (while creating the first user) it breaks the webpanel - cwpsrv service crashes with a hostname certificate conflict.
This is a copy of the log after I ran the only thing that resolves the hostname.crt mismatch. In order to get the panel back up, I had to run:
sh /scripts/generate_hostname_ssl
This allows cwpsrv.service to start and the panel is accessible. The problem comes thereafter as you can see from my log - generating a new certificate totally breaks Apache. I have been having this problem for 2 to 3 weeks and cannot get past the breakdown of Apache. I have rebuilt vhosts and done everything I can think of and Apache stays broken.
Do you as developers ever install this panel to make sure it works properly and does not crash after you push updates? This is incredibly aggravating and makes CWP7 utterly worthless as it can only host the panel while Apache is broken.
Please ask for any logs, but none are more interesting than what I posted above and below. I just want a developer to try and install the panel and create a username who's domain is secured with SSL and see what I am describing happen before your own eyes. I am totally sick of this!!! Three weeks with no working hosting is not acceptable and experimenting time and time again just uses all of my Let's Encrypt certs until I have to wait another week before starting over just to have it break again identically.
systemctl status httpd.service -l
journalctl -xe
There is nothing in the Apache error log that is helpful - I know the configuration has failed:
Code: [Select]
Jan 21 13:33:38 helium11 systemd: Stopped CentOS Web Panel service (daemon).
Jan 21 13:33:38 helium11 systemd: Starting CentOS Web Panel service (daemon)...
Jan 21 13:33:38 helium11 cwpsrv: cwpsrv: [emerg] SL_CTX_use_PrivateKey_file("/etc/pki/tls/private/hostname.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Jan 21 13:33:38 helium11 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test failed
Jan 21 13:33:38 helium11 systemd: cwpsrv.service: control process exited, code=exited status=1
Jan 21 13:33:38 helium11 systemd: Failed to start CentOS Web Panel service (daemon).
Jan 21 13:33:38 helium11 systemd: Unit cwpsrv.service entered failed state.
Jan 21 13:33:38 helium11 systemd: cwpsrv.service failed.
Jan 21 13:33:44 helium11 systemd: cwpsrv.service holdoff time over, scheduling restart.
Jan 21 13:33:44 helium11 systemd: Stopped CentOS Web Panel service (daemon).
Jan 21 13:33:44 helium11 systemd: Starting CentOS Web Panel service (daemon)...
Jan 21 13:33:44 helium11 cwpsrv: cwpsrv:the configuration file /usr/local/cwpsrv/conf/cwpsrv.conf syntax is ok
Jan 21 13:33:44 helium11 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test is successful
Jan 21 13:33:44 helium11 systemd: Started CentOS Web Panel service (daemon).
Jan 21 13:33:47 helium11 systemd: Stopping CentOS Web Panel service (daemon)...
Jan 21 13:33:47 helium11 systemd: Stopped CentOS Web Panel service (daemon).
Jan 21 13:33:47 helium11 systemd: Starting CentOS Web Panel service (daemon)...
Jan 21 13:33:47 helium11 cwpsrv: cwpsrv:the configuration file /usr/local/cwpsrv/conf/cwpsrv.conf syntax is ok
Jan 21 13:33:47 helium11 cwpsrv: cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test is successful
Jan 21 13:33:47 helium11 systemd: Started CentOS Web Panel service (daemon).
Jan 21 13:35:01 helium11 systemd: Started Session 9 of user root.
Jan 21 13:35:52 helium11 systemd: Stopping Web server Apache...
Jan 21 13:35:53 helium11 systemd: Stopped Web server Apache.
Jan 21 13:35:53 helium11 systemd: Starting Web server Apache...
Jan 21 13:35:53 helium11 systemd: httpd.service: control process exited, code=exited status=1
Jan 21 13:35:53 helium11 systemd: Failed to start Web server Apache.
Jan 21 13:35:53 helium11 systemd: Unit httpd.service entered failed state.
Jan 21 13:35:53 helium11 systemd: httpd.service failed.
Jan 21 13:36:25 helium11 dbus[4436]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
Jan 21 13:36:25 helium11 systemd: Starting Hostname Service...
Jan 21 13:36:25 helium11 dbus[4436]: [system] Successfully activated service 'org.freedesktop.hostname1'
Jan 21 13:36:25 helium11 systemd: Started Hostname Service.
Jan 21 13:36:31 helium11 systemd: Unit httpd.service cannot be reloaded because it is inactive.
Jan 21 13:36:32 helium11 systemd: Unit httpd.service cannot be reloaded because it is inactive.
Jan 21 13:36:42 helium11 systemd: Starting Web server Apache...
Jan 21 13:36:43 helium11 systemd: httpd.service: control process exited, code=exited status=1
Jan 21 13:36:43 helium11 systemd: Failed to start Web server Apache.
Jan 21 13:36:43 helium11 systemd: Unit httpd.service entered failed state.
Jan 21 13:36:43 helium11 systemd: httpd.service failed.
Jan 21 13:38:14 helium11 systemd: Unit httpd.service cannot be reloaded because it is inactive.
Jan 21 13:38:23 helium11 systemd: Starting Web server Apache...
Jan 21 13:38:24 helium11 systemd: httpd.service: control process exited, code=exited status=1
Jan 21 13:38:24 helium11 systemd: Failed to start Web server Apache.
Jan 21 13:38:24 helium11 systemd: Unit httpd.service entered failed state.
Jan 21 13:38:24 helium11 systemd: httpd.service failed.This is a copy of the log after I ran the only thing that resolves the hostname.crt mismatch. In order to get the panel back up, I had to run:
sh /scripts/generate_hostname_ssl
This allows cwpsrv.service to start and the panel is accessible. The problem comes thereafter as you can see from my log - generating a new certificate totally breaks Apache. I have been having this problem for 2 to 3 weeks and cannot get past the breakdown of Apache. I have rebuilt vhosts and done everything I can think of and Apache stays broken.
Do you as developers ever install this panel to make sure it works properly and does not crash after you push updates? This is incredibly aggravating and makes CWP7 utterly worthless as it can only host the panel while Apache is broken.
Please ask for any logs, but none are more interesting than what I posted above and below. I just want a developer to try and install the panel and create a username who's domain is secured with SSL and see what I am describing happen before your own eyes. I am totally sick of this!!! Three weeks with no working hosting is not acceptable and experimenting time and time again just uses all of my Let's Encrypt certs until I have to wait another week before starting over just to have it break again identically.
systemctl status httpd.service -l
Code: [Select]
[root@helium11 ~]# systemctl status httpd.service -l
● httpd.service - Web server Apache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2019-01-21 14:16:27 EST; 20s ago
Process: 20981 ExecStop=/usr/local/apache/bin/apachectl graceful-stop (code=exited, status=0/SUCCESS)
Process: 18562 ExecReload=/usr/local/apache/bin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 2013 ExecStart=/usr/local/apache/bin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 18977 (code=exited, status=0/SUCCESS)
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Starting Web server Apache...
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Failed to start Web server Apache.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Unit httpd.service entered failed state.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service failed.journalctl -xe
Code: [Select]
-- Unit httpd.service has begun starting up.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service: control process exited, code=exited status=1
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Failed to start Web server Apache.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: Unit httpd.service entered failed state.
Jan 21 14:16:27 srv1.mydomain.com systemd[1]: httpd.service failed.
Jan 21 14:17:01 srv1.mydomain.com run-parts(/etc/cron.daily)[2648]: finished maldet
Jan 21 14:17:01 srv1.mydomain.com run-parts(/etc/cron.daily)[2654]: starting man-db.cron
Jan 21 14:17:11 srv1.mydomain.com run-parts(/etc/cron.daily)[18276]: finished man-db.cron
Jan 21 14:17:11 srv1.mydomain.com run-parts(/etc/cron.daily)[18278]: starting mlocate
Jan 21 14:17:12 srv1.mydomain.com run-parts(/etc/cron.daily)[18287]: finished mlocate
Jan 21 14:17:12 srv1.mydomain.com run-parts(/etc/cron.daily)[18289]: starting rkhunter
Jan 21 14:17:34 srv1.mydomain.com kernel: perf: interrupt took too long (2521 > 2500), lowering kernel.perf_event_max_sample_rate to 79000There is nothing in the Apache error log that is helpful - I know the configuration has failed:
Code: [Select]
[Mon Jan 21 13:20:27.891310 2019] [mpm_event:notice] [pid 18977:tid 140169689966464] AH00489: Apache/2.4.34 (Unix) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Mon Jan 21 13:20:27.891371 2019] [core:notice] [pid 18977:tid 140169689966464] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Mon Jan 21 13:35:52.999279 2019] [mpm_event:notice] [pid 18977:tid 140169689966464] AH00492: caught SIGWINCH, shutting down gracefully
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration Failed
AH00016: Configuration FailedCode: [Select]
[root@helium11 ~]# /usr/local/apache/bin/apachectl -t
Syntax OK
77
Apache / Re: Apache Compiler does not install ssl_module (shared) on rebuild
« on: January 19, 2019, 01:21:13 AM »
The Apache installer should check first to see if you have any SSL certs and properly install the module if you do...
78
Apache / Re: Apache Compiler does not install ssl_module (shared) on rebuild
« on: January 19, 2019, 01:19:56 AM »
Yes, but if you already have SSL certificates and you rebuild Apache, SSL fails unless you add a new certificate according to you.
What happens when you rebuild Apache and you already have SSL certs installed and don't need to or have no domain to install a certificate on. As I mentioned, it breaks SSL.
You could have tested this before replying...
What happens when you rebuild Apache and you already have SSL certs installed and don't need to or have no domain to install a certificate on. As I mentioned, it breaks SSL.
You could have tested this before replying...
79
Apache / Apache Compiler does not install ssl_module (shared) on rebuild
« on: January 16, 2019, 08:04:28 PM »
When rebuilding even the same version of Apache, the module "ssl_module (shared)" is not installed despite it being set as a conditional flag in the "Additional options available:" box. (--enable-ssl=shared)
Please fix or clarify why your Apache compiler refuses to install the "ssl_module (shared)." It would seem this would break all SSL sites.
Please fix or clarify why your Apache compiler refuses to install the "ssl_module (shared)." It would seem this would break all SSL sites.
80
Mod_Security / How to disable a rule by ID
« on: January 08, 2019, 12:01:01 PM »
I cannot seem to get modsecurity to disable ID 211190 for a website. The edit rules section is not clear on how to disable a rule by ID. I know how not to do it as it crashes Apache. Also saying, "For instructions please use our forum." when there are no instructions here is pretty silly.
Like so many things documented here on the forums and in the wiki are outdated. At least I cannot find anything on the new modsecurity interface. I don't want to have to entirely disable modsecurity just because I cannot figure out how to remove rules by ID.
Like so many things documented here on the forums and in the wiki are outdated. At least I cannot find anything on the new modsecurity interface. I don't want to have to entirely disable modsecurity just because I cannot figure out how to remove rules by ID.
81
CentOS-WebPanel Bugs / Top five processes only lists four processes.
« on: December 31, 2018, 06:24:21 PM »
The title pretty well nails it. The process list on the dashboard only shows the top four rather than five processes.
82
Installation / CWP does not use the full subdomain of the hostname address on install
« on: December 31, 2018, 05:36:35 PM »
When installing CWP7 on CentOS 7, despite the hostname already being set, the panel uses only the domain name only (ie, install authorizes "domain.com" rather than the set domain of for instance "panel.domain.com").
This is an issue the way you have Let's Encrypt SSL certificates because it fails on initial install. I know changing the hostname to what it should have been to begin with using "Change Hostname" will change the hostname (even though it reads out properly on the dashboard...) and generates a new certificate. The problem is with all of the bugs and quirks in CWP, after a couple of failed installs, the certificate maximum is reached and Let's Encrypt will no longer issue certificates for a one week period due to their rate limit.
Please make CWP actually use the entire subdomain name upon install. In fact you can only see it is incorrect in the "Change Hostname" dialogue as it reads out properly on the panel dashboard despite being set wrong in CWP.
This is an issue the way you have Let's Encrypt SSL certificates because it fails on initial install. I know changing the hostname to what it should have been to begin with using "Change Hostname" will change the hostname (even though it reads out properly on the dashboard...) and generates a new certificate. The problem is with all of the bugs and quirks in CWP, after a couple of failed installs, the certificate maximum is reached and Let's Encrypt will no longer issue certificates for a one week period due to their rate limit.
Please make CWP actually use the entire subdomain name upon install. In fact you can only see it is incorrect in the "Change Hostname" dialogue as it reads out properly on the panel dashboard despite being set wrong in CWP.
83
Installation / Re: New account domain not pointing to /home/USERNAME/public_html
« on: December 15, 2018, 08:53:04 AM »
The problem seems to have occurred because I was using NGINX instead of Apache. Changing to Apache allowed the replaced index.html in the directory /home/USERNAME/public_html to be loaded properly.
...so there must be some issue with NGINX perhaps the vhosts file? I am baffled.
...so there must be some issue with NGINX perhaps the vhosts file? I am baffled.
84
Installation / Re: New account domain not pointing to /home/USERNAME/public_html
« on: December 15, 2018, 08:23:38 AM »
Already did this - doing it again did not resolve the issue. Any other suggestions?
85
Installation / New account domain not pointing to /home/USERNAME/public_html
« on: December 15, 2018, 07:50:55 AM »
I have installed CWP and everything seemed to have gone well. The problem I am having is that the root domain created when creating the first user account at /home/USERNAME/public_html, the index.html is not what is getting read. I replaced it and continue to get the default CWP banner page rather than my index.html.
Server is set up properly and NAT'ed.
It just acts as if it is loading the banner page from someplace other than at /home/USERNAME/public_html/index.html.
Server is set up properly and NAT'ed.
It just acts as if it is loading the banner page from someplace other than at /home/USERNAME/public_html/index.html.
86
Information / Re: CWP version 0.9.8.744 totally broken.
« on: December 05, 2018, 08:10:40 PM »
The issues only occur in Chrome. It happens when the Live Processes load and the blue border on the bottom of the page that has been added loads... Chrome was working yesterday with no issues.
88
Information / Re: CWP version 0.9.8.744 totally broken.
« on: December 05, 2018, 07:34:04 PM »
I posted a pic of the panel, but probably due to spam precautions here it is not showing up. I will try adding it again here...
89
Information / Re: CWP version 0.9.8.744 totally broken.
« on: December 05, 2018, 07:08:54 PM »
Acts like it is somehow tied to the live processes as the panel looks normal until the live processes should show up then it ends up imprinting a bunch of login boxes all over the panel. Don;t you guys test this stuff before pushing an update like this???
90
Information / CWP version 0.9.8.744 totally broken.
« on: December 05, 2018, 07:01:28 PM »
There is a login issue with the new version of the panel. You cannot access anything on the page and it redirects you to the standard login when (if) you try to click on anything. This is a terminal problem for the panel.
