Recent Posts

1

PHP Selector / Re: Temporary downgrade of CWP pro to free version (emergency!)

« Last post by WISTFUL on Today at 06:20:09 AM »

I wouldn't trust AI to be your guiding light.

What do you think about this?!

Background and forum research

Based on a detailed review of the CWP forum (using related topics extracted from searches on forum.centos-webpanel.com), I considered user challenges and real-world experiences, prioritizing senior users such as overseer, studio4host, unlim, pedromidiasf, adamjedgar, and admins.

The main topic (installing alt-php on the Free version without PHP Selector and fixing 503 errors) is covered in threads such as:
• “Temporary downgrade of CWP pro to free version”
• “PHP-FPM Not Working (503 Service Unavailable)”
• “503 Service Unavailable”
• “CWP PHP Selector [CWPpro required]”


Summary of user challenges and experiences

• Common challenges:

* 503 errors caused by missing sockets (e.g. `/opt/alt/php-fpmXX/usr/var/sockets/username.sock`), quota/security limits (such as `process limit=0` or low open files), and permission changes on php-fpm executables (e.g. `/opt/alt/php-fpmXX/usr/sbin/php-fpm`) after updates or downgrades.
  Users reported that CWP automatically stops services and changes permissions (logged in `/var/log/cwp/webservers.log`).
* In Free version, PHP Selector is disabled and all sites must use a single fixed PHP version (per-site selector is Pro-only).
* Permission issues: incorrect ownership (e.g. `cwpsrv:cwpsrv` instead of `root:nobody`) causes service failures.
* EOL versions like PHP 7.4 are insecure; senior users (e.g. overseer) recommend upgrading to 8.1 or 8.3 if sites are compatible.
* Without access to global repositories, installing alt-php is harder (local mirror only).

• Successful experiences:

* Senior users such as overseer and idugeni strongly recommend creating manual per-user config files in the correct path:
  `/opt/alt/php-fpmXX/usr/etc/php-fpm.d/users/username.conf`
  (not `/etc/php-fpm.d/`).
* Increasing limits via CWP → User Accounts → Edit User:

  * Process limit: minimum 20
  * Open files: minimum 1024
* Recompiling PHP-FPM and rebuilding configs using:
 

Code: [Select]

/usr/local/cwp/php-fpm-rebuild* In Free version, unchecking “Force Apache to use PHP-FPM Selector” in Web Servers Settings to prevent auto-disable.
* Smooth return to Pro if configs follow standard structure; just activate license and enable selector.
* Varnish works in Free but without advanced tuning; simple restart is sufficient.

• Warnings:

* Many AI-generated guides are incorrect (e.g. wrong socket ownership).
* Users like carlosES and adamjedgar criticized CWP for lack of warnings during changes and suggested alternatives like ISPConfig; however, for CWP, Pro is inexpensive (~$1.5/month).


Corrections and improvements applied to the guide

The previous guide was generally good but needed adjustments based on real user experience (accurate conf paths, correct ownership, limits, and preference for newer PHP versions).

Recommended fixed version:
• PHP 8.1 (secure and compatible with most sites) if possible
• PHP 7.4 only as a temporary migration option

Returning to Pro works without issues if standard structure is maintained.


Updated steps to resolve the issue (maximum compatibility with CWP)

Before doing anything:
Uncheck “Force Apache to use PHP-FPM Selector” in
CWP → Web Servers Settings → Select Web Servers, then Save/Rebuild to prevent auto-disable.
Take a full backup (same as previous step).


Step 1: Increase user limits (to avoid quota errors)

In CWP → User Accounts → Edit User, for each user:
• Process limit: at least 20
• Open files: at least 1024

Then click Update Webservers and check:

Code: [Select]

/var/log/cwp/webservers.log

Step 2: Install a fixed PHP version (recommended: PHP 8.1)

1. Check installed versions:
   

Code: [Select]

rpm -qa | grep alt-php
2. Install PHP 8.1:
   

Code: [Select]

yum install alt-php81 alt-php81-php-fpm alt-php81-php-cli -y
For PHP 7.4, replace `alt-php81` with `alt-php74`.
If the global repo is unavailable, use a local mirror.


Step 3: Enable and start PHP-FPM

Code: [Select]

systemctl enable --now php-fpm81
systemctl status php-fpm81
If quota-related errors appear, recheck user limits.


Step 4: Create socket directory and set correct ownership (fixed: root:nobody)

Code: [Select]

mkdir -p /opt/alt/php-fpm81/usr/var/sockets
chown root:nobody /opt/alt/php-fpm81/usr/var/sockets
systemctl restart php-fpm81

Step 5: Configure PHP-FPM pool per user (correct path and full settings)

For each user (`username`), create or edit:

Code: [Select]

/opt/alt/php-fpm81/usr/etc/php-fpm.d/users/username.conf

Code: [Select]

[username]
listen = /opt/alt/php-fpm81/usr/var/sockets/username.sock
listen.allowed_clients = 127.0.0.1
listen.owner = username
listen.group = nobody
listen.mode = 0660
user = username
group = username
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 500
php_admin_value[disable_functions] = passthru,exec,system,popen,proc_open,shell_exec
php_admin_flag[allow_url_fopen] = off
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes
env[HOSTNAME] = $HOSTNAME
env[TMP] = /home/username/tmp
env[TMPDIR] = /home/username/tmp
env[TEMP] = /home/username/tmp
env[PATH] = /usr/local/bin:/usr/bin:/bin
Then:

Code: [Select]

chown root:nobody /opt/alt/php-fpm81/usr/var/sockets/username.sock
chmod 0660 /opt/alt/php-fpm81/usr/var/sockets/username.sock
systemctl restart php-fpm81

Step 6: Rebuild configs and update web services

Recompile PHP-FPM:

Code: [Select]

/usr/local/cwp/php-fpm-rebuild
Check Nginx vhost (e.g. `/etc/nginx/conf.d/vhosts/username.conf`):

Code: [Select]

fastcgi_pass unix:/opt/alt/php-fpm81/usr/var/sockets/username.sock;
Restart services:

Code: [Select]

systemctl restart php-fpm81 httpd nginx varnish
Run Fix Permissions in CWP for each site (PHP files to 755).


Step 7: Testing and monitoring

• Create `info.php` and test in browser
• Check logs:

* `/var/log/httpd/error_log`
* `/var/log/nginx/error.log`
* `/var/log/cwp/webservers.log`

If 503 persists:
• Verify socket exists:

Code: [Select]

ls /opt/alt/php-fpm81/usr/var/sockets/• Increase limits if needed.


Returning to Pro version

After obtaining a license:

1. Upgrade:
   

Code: [Select]

/usr/local/cwp/upgrade_to_pro   or activate via panel.
2. Enable PHP Selector (in Free all sites used one version; in Pro you can switch per-site safely).
3. Recompile and restart services (same as Step 6).

These changes are fully compatible and safe as long as standard configuration structure is preserved.

2

CentOS 9 Problems / Re: ClamAV issue in user panel

« Last post by overseer on Today at 01:57:55 AM »

In earlier posts detailing his adventures installing CWP under AlmaLinux 9, he specifically noted that you have to install ClamAV BEFORE you install CWP:
https://forum.centos-webpanel.com/informations/tested-almalinux-9-4-beta-1-with-cwp-9-beta-0-9-8-1177/msg47238/#msg47238

3

CentOS 9 Problems / Re: ClamAV issue in user panel

« Last post by zeejdeej on February 03, 2026, 08:00:39 PM »

https://ibb.co/YB9WZTWH

4

CentOS 9 Problems / Re: ClamAV issue in user panel

« Last post by zeejdeej on February 03, 2026, 08:00:00 PM »

nothing in the error logs . see the snapshot of user panel for reference.

5

CentOS 9 Problems / Re: ClamAV issue in user panel

« Last post by cyberspace on February 02, 2026, 11:59:10 PM »

Do you see some errors in:

/usr/local/cwpsrv/logs/error_log

when you open "File Management" -> "Antivirus scan" in the user level panel ?

6

CentOS 9 Problems / Re: ClamAV issue in user panel

« Last post by zeejdeej on February 02, 2026, 10:21:03 PM »

yes already with no luck  :'(

7

CentOS 9 Problems / Re: ClamAV issue in user panel

« Last post by 6Sense on February 02, 2026, 10:17:41 PM »

Did you try the Fix Permissions option in CWP UI?

User Accounts > Fix Permissions

8

CentOS 9 Problems / ClamAV issue in user panel

« Last post by zeejdeej on February 02, 2026, 01:58:47 PM »

clamAV is installed and running in cwp admin panel and successfully running scan but under user panel it shows clamav not installed contact administrator. this happened after i migrated my cwp panel from centos 7 to almalinux 9 . it seems like some permission issue for user panel after restoring from cwp complete backup to almalinux 9 server.

does any one know how to fix this issue?

i already tried to rebuild mail server by selecting clamav/amavis option but it says already installed and running.

9

Mod_Security / Re: atomic crop. free waf rules set

« Last post by overseer on February 01, 2026, 06:27:58 PM »

OWASP ruleset is updated manually under this setup. There is a script available to update, streamlining the process.

10

Mod_Security / Re: atomic crop. free waf rules set

« Last post by zeejdeej on February 01, 2026, 05:37:59 PM »

thanks a lot i will give it a try.

once i update mod security to v2.9.12 , will it automatically update OWASP Latest rules within cwp panel itself or do i have to do it manually everytime as we are updating it manually