Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
811
CentOS 7 Problems / Re: Unable to load dynamic library 'sodium.so'
« on: March 11, 2023, 05:12:02 PM »
Is it enabled in the build config for php74?
I have sodium.so in 3 places on a CWP server:
I have sodium.so in 3 places on a CWP server:
Code: [Select]
/opt/alt/php-fpm81/usr/lib/php/extensions/no-debug-non-zts-20210902/sodium.so
/usr/local/lib/php/extensions/no-debug-non-zts-20180731/sodium.so
/usr/local/lib/php/extensions/no-debug-non-zts-20190902/sodium.so
812
Varnish / Re: Varnish Cache Age 0
« on: March 11, 2023, 05:08:02 PM »
Are you checking HTTP reply headers?
Quote
What is the purpose of the X-Varnish HTTP header?
The X-Varnish HTTP header allows you to find the correct log-entries for the transaction. For a cache hit, X-Varnish will contain both the ID of the current request and the ID of the request that populated the cache. It makes debugging Varnish a lot easier.
813
E-Mail / Re: Cannot Reply To Messages - RoundCube
« on: March 11, 2023, 05:03:52 PM »
Standard advice applies: use Comodo rules for Mod Security. OWASP ruleset is to persnickety and requires a lot of manual tuning. Otherwise you will see odd glitches like this!
814
SSL / Re: Nginx, Varnish, Apache + WordPress SSL
« on: March 11, 2023, 04:52:03 PM »
I'll just say that's a complex chain to troubleshoot. Cloudflare is easy to bypass in Developer mode for testing, so you can remove it temporarily while troubleshooting. I would consider omitting either Nginx or Varnish out of the chain, unless you really, really need to milk every last drop of performance out of your server. But if that's the case, it's probably a better proposition to upgrade your service or hardware. You could also drop Apache and just have Nginx as your HTTP server for better performance. I have WP sites running under Nginx just fine, very performant.
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
815
Other / Re: I am not sure if Varnish is working or not.
« on: March 11, 2023, 04:43:09 PM »
Did you look at the HTTP headers in the source view?
Quote
The X-Varnish HTTP header allows you to find the correct log-entries for the transaction. For a cache hit, X-Varnish will contain both the ID of the current request and the ID of the request that populated the cache. It makes debugging Varnish a lot easier.
816
SSL / Re: AutoSSL not working
« on: March 11, 2023, 04:39:20 PM »
Make sure your HTTP server doesn't have a 301 redirect from HTTP to HTTPS. To get an SSL cert, it needs to be negotiated via HTTP, so http://domain.com/.well-known/acme-challenge/ needs to be accessible. Forwarding to https:// means it won't work.
Also, on one server I had to use Cloudflare's DNS authenticator method with LetsEncrypt, instead of the normal HTTP challenge. Token based authentication with Cloudflare worked immediately and has renewed successfully for several years now.
Also, on one server I had to use Cloudflare's DNS authenticator method with LetsEncrypt, instead of the normal HTTP challenge. Token based authentication with Cloudflare worked immediately and has renewed successfully for several years now.
817
Installation / Re: HOME SERVER QUESTION
« on: March 11, 2023, 04:34:35 PM »
Well shucks, you're going to make me blush!
Actually, home servers are a bit of a specialty of mine, since I've been running home mail servers & FTP servers going on 25 years now. I've run the gamut on lowly DSL, better cable connections, fiber to the home, then shifted over to business fiber with static IPs and now I'm in data centers mostly with co-located servers on symmetric gigabit connections -- unmetered, with network engineering and remote hands support. So yeah, been there right where you are! So I know it's doable, but I also know some pitfalls (one major ISP blocks port 25, other large cable companies block port 80 upstream). So it's a fun hobby, but I'd also consider pro-level co-location or make sure running servers is explicitly allowed in your ToS (terms of service).
Here's some serious food for thought: buy a 2012 Mac mini and get it hosted with MacStadium or MacMiniVault/CyberLynk -- $50/mo. This gets you a quad core i7 with 16GB of memory, space for 2 onboard SATA SSDs. You can plugin 4 USB3 SSDs or backup flash drives. You don't have to run macOS either -- you can bare metal CentOS or AlmaLinux on it, or ESXi and run VMs. I've found this to be a very viable solution and haven't gone back to self-hosting, apart from a disaster recovery box local mirror.
Actually, home servers are a bit of a specialty of mine, since I've been running home mail servers & FTP servers going on 25 years now. I've run the gamut on lowly DSL, better cable connections, fiber to the home, then shifted over to business fiber with static IPs and now I'm in data centers mostly with co-located servers on symmetric gigabit connections -- unmetered, with network engineering and remote hands support. So yeah, been there right where you are! So I know it's doable, but I also know some pitfalls (one major ISP blocks port 25, other large cable companies block port 80 upstream). So it's a fun hobby, but I'd also consider pro-level co-location or make sure running servers is explicitly allowed in your ToS (terms of service).
Here's some serious food for thought: buy a 2012 Mac mini and get it hosted with MacStadium or MacMiniVault/CyberLynk -- $50/mo. This gets you a quad core i7 with 16GB of memory, space for 2 onboard SATA SSDs. You can plugin 4 USB3 SSDs or backup flash drives. You don't have to run macOS either -- you can bare metal CentOS or AlmaLinux on it, or ESXi and run VMs. I've found this to be a very viable solution and haven't gone back to self-hosting, apart from a disaster recovery box local mirror.
818
Updates / Re: warning: %post(cwp-httpd-2.4.55-1.x86_64) scriptlet failed, exit status 1
« on: March 11, 2023, 04:23:07 PM »
Try with Comodo ruleset for Mod Security. OWASP ruleset is a good bit more persnickety.
819
Installation / Re: mail server only
« on: March 11, 2023, 10:35:24 AM »
Be aware that if you are using LetsEncrypt for SSL cert generation, AutoSSL defaults to HTTP authentication (/.well-known/acme-challenge/). So if you lock down HTTP/HTTPS, you would have to choose another authenticator. On one server, I am using authenticator = dns-cloudflare and it works flawlessly with their token authentication.
820
DKIM / Re: How to implement 2048 bit DKIM keys on CWP servers.
« on: March 11, 2023, 10:26:56 AM »
Have you looked at OpenDKIM?
https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
821
CentOS-WebPanel Bugs / Re: Emails screen not loading
« on: March 11, 2023, 10:17:17 AM »
Now that is truly bizarre... on one of my CWP Pro servers, the forwarder module is missing!
?module=forwaders_email does not exit!
But this solves it:
http://forum.centos-webpanel.com/index.php?topic=12025.msg41471#msg41471
And since it was for the client that is basically 1:1 utilizing the whole server, I went ahead and gave them all access to everything under Features,Themes,Languages. Hopefully they don't shoot themselves in the foot with all their new toys!
?module=forwaders_email does not exit!
But this solves it:
http://forum.centos-webpanel.com/index.php?topic=12025.msg41471#msg41471
And since it was for the client that is basically 1:1 utilizing the whole server, I went ahead and gave them all access to everything under Features,Themes,Languages. Hopefully they don't shoot themselves in the foot with all their new toys!
822
CentOS 7 Problems / Re: Error in trasnfer File
« on: March 11, 2023, 09:49:21 AM »
How much space do you have available and what is the size of the account you are transferring? Are you factoring in the mail in /var/vmail?
823
Apache / Re: Apache MPM configuration
« on: March 09, 2023, 03:41:27 PM »
Yes, those comparisons are all well and good, but use whatever fits your use case. I have one server with 30+ customers on Apache, since it is normal and approachable to them and they can use .htaccess files. Another server is Nginx because it is about 5 sites under one customer and is heavily trafficked and tends to be PHP-heavy. Another server runs Apache for a single customer (1:1), running Magento. So use what fits best!
824
How to / Re: Where is CWP login page html
« on: March 09, 2023, 03:35:26 PM »
Glad to help! I made that a practice on my tuned Nginx configs because some updates would overwrite my changes with unhelpful defaults. I would also suggest backing up any config directory like that Just In Case some *helpful* automated process rolls over your changes like a steamroller!
It just means you need to
It just means you need to
Code: [Select]
chattr -i <whatever>.confwhen you need to make changes. Then reset the immutable bit when done.
825
Updates / Re: Update help support for CWP PRO
« on: March 09, 2023, 03:31:29 PM »
This post offers the solution to the ongoing error you are seeing:
https://forum.centos-webpanel.com/index.php?topic=9168.msg41658#msg41658
(FYI, the forum search is largely broken, so you should go to a search engine and search for your terms + site:forum.centos-webpanel.com ).
https://forum.centos-webpanel.com/index.php?topic=9168.msg41658#msg41658
(FYI, the forum search is largely broken, so you should go to a search engine and search for your terms + site:forum.centos-webpanel.com ).
