Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1111
SSL / Re: AutoSSL not working
« on: March 11, 2023, 04:39:20 PM »
Make sure your HTTP server doesn't have a 301 redirect from HTTP to HTTPS. To get an SSL cert, it needs to be negotiated via HTTP, so http://domain.com/.well-known/acme-challenge/ needs to be accessible. Forwarding to https:// means it won't work.
Also, on one server I had to use Cloudflare's DNS authenticator method with LetsEncrypt, instead of the normal HTTP challenge. Token based authentication with Cloudflare worked immediately and has renewed successfully for several years now.
Also, on one server I had to use Cloudflare's DNS authenticator method with LetsEncrypt, instead of the normal HTTP challenge. Token based authentication with Cloudflare worked immediately and has renewed successfully for several years now.
1112
Installation / Re: HOME SERVER QUESTION
« on: March 11, 2023, 04:34:35 PM »
Well shucks, you're going to make me blush!
Actually, home servers are a bit of a specialty of mine, since I've been running home mail servers & FTP servers going on 25 years now. I've run the gamut on lowly DSL, better cable connections, fiber to the home, then shifted over to business fiber with static IPs and now I'm in data centers mostly with co-located servers on symmetric gigabit connections -- unmetered, with network engineering and remote hands support. So yeah, been there right where you are! So I know it's doable, but I also know some pitfalls (one major ISP blocks port 25, other large cable companies block port 80 upstream). So it's a fun hobby, but I'd also consider pro-level co-location or make sure running servers is explicitly allowed in your ToS (terms of service).
Here's some serious food for thought: buy a 2012 Mac mini and get it hosted with MacStadium or MacMiniVault/CyberLynk -- $50/mo. This gets you a quad core i7 with 16GB of memory, space for 2 onboard SATA SSDs. You can plugin 4 USB3 SSDs or backup flash drives. You don't have to run macOS either -- you can bare metal CentOS or AlmaLinux on it, or ESXi and run VMs. I've found this to be a very viable solution and haven't gone back to self-hosting, apart from a disaster recovery box local mirror.
Actually, home servers are a bit of a specialty of mine, since I've been running home mail servers & FTP servers going on 25 years now. I've run the gamut on lowly DSL, better cable connections, fiber to the home, then shifted over to business fiber with static IPs and now I'm in data centers mostly with co-located servers on symmetric gigabit connections -- unmetered, with network engineering and remote hands support. So yeah, been there right where you are! So I know it's doable, but I also know some pitfalls (one major ISP blocks port 25, other large cable companies block port 80 upstream). So it's a fun hobby, but I'd also consider pro-level co-location or make sure running servers is explicitly allowed in your ToS (terms of service).
Here's some serious food for thought: buy a 2012 Mac mini and get it hosted with MacStadium or MacMiniVault/CyberLynk -- $50/mo. This gets you a quad core i7 with 16GB of memory, space for 2 onboard SATA SSDs. You can plugin 4 USB3 SSDs or backup flash drives. You don't have to run macOS either -- you can bare metal CentOS or AlmaLinux on it, or ESXi and run VMs. I've found this to be a very viable solution and haven't gone back to self-hosting, apart from a disaster recovery box local mirror.
1113
Updates / Re: warning: %post(cwp-httpd-2.4.55-1.x86_64) scriptlet failed, exit status 1
« on: March 11, 2023, 04:23:07 PM »
Try with Comodo ruleset for Mod Security. OWASP ruleset is a good bit more persnickety.
1114
Installation / Re: mail server only
« on: March 11, 2023, 10:35:24 AM »
Be aware that if you are using LetsEncrypt for SSL cert generation, AutoSSL defaults to HTTP authentication (/.well-known/acme-challenge/). So if you lock down HTTP/HTTPS, you would have to choose another authenticator. On one server, I am using authenticator = dns-cloudflare and it works flawlessly with their token authentication.
1115
DKIM / Re: How to implement 2048 bit DKIM keys on CWP servers.
« on: March 11, 2023, 10:26:56 AM »
Have you looked at OpenDKIM?
https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
https://www.linuxtechi.com/configure-domainkeys-with-postfix-on-centos-7/
1116
CentOS-WebPanel Bugs / Re: Emails screen not loading
« on: March 11, 2023, 10:17:17 AM »
Now that is truly bizarre... on one of my CWP Pro servers, the forwarder module is missing!
?module=forwaders_email does not exit!
But this solves it:
http://forum.centos-webpanel.com/index.php?topic=12025.msg41471#msg41471
And since it was for the client that is basically 1:1 utilizing the whole server, I went ahead and gave them all access to everything under Features,Themes,Languages. Hopefully they don't shoot themselves in the foot with all their new toys!
?module=forwaders_email does not exit!
But this solves it:
http://forum.centos-webpanel.com/index.php?topic=12025.msg41471#msg41471
And since it was for the client that is basically 1:1 utilizing the whole server, I went ahead and gave them all access to everything under Features,Themes,Languages. Hopefully they don't shoot themselves in the foot with all their new toys!
1117
CentOS 7 Problems / Re: Error in trasnfer File
« on: March 11, 2023, 09:49:21 AM »
How much space do you have available and what is the size of the account you are transferring? Are you factoring in the mail in /var/vmail?
1118
Apache / Re: Apache MPM configuration
« on: March 09, 2023, 03:41:27 PM »
Yes, those comparisons are all well and good, but use whatever fits your use case. I have one server with 30+ customers on Apache, since it is normal and approachable to them and they can use .htaccess files. Another server is Nginx because it is about 5 sites under one customer and is heavily trafficked and tends to be PHP-heavy. Another server runs Apache for a single customer (1:1), running Magento. So use what fits best!
1119
How to / Re: Where is CWP login page html
« on: March 09, 2023, 03:35:26 PM »
Glad to help! I made that a practice on my tuned Nginx configs because some updates would overwrite my changes with unhelpful defaults. I would also suggest backing up any config directory like that Just In Case some *helpful* automated process rolls over your changes like a steamroller!
It just means you need to
It just means you need to
Code: [Select]
chattr -i <whatever>.confwhen you need to make changes. Then reset the immutable bit when done.
1120
Updates / Re: Update help support for CWP PRO
« on: March 09, 2023, 03:31:29 PM »
This post offers the solution to the ongoing error you are seeing:
https://forum.centos-webpanel.com/index.php?topic=9168.msg41658#msg41658
(FYI, the forum search is largely broken, so you should go to a search engine and search for your terms + site:forum.centos-webpanel.com ).
https://forum.centos-webpanel.com/index.php?topic=9168.msg41658#msg41658
(FYI, the forum search is largely broken, so you should go to a search engine and search for your terms + site:forum.centos-webpanel.com ).
1121
PHP / Re: ionCube Loader - Failed loading /usr/local/ioncube/ioncube_loader_lin_7.4.so
« on: March 09, 2023, 09:35:30 AM »GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subjectHave you seen the posts on this forum how to fix this error? Try it -- it's an effective fix and will get rid of this message.
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
1122
Installation / Re: Install CXS ( ConfigServer eXploit Scanner ) Rocky Linux 8 Fresh install fail!
« on: March 09, 2023, 09:31:48 AM »
Can you try it in an AlmaLinux VM? Or maybe someone with AlmaLinux 8 could test it and report back?
1123
E-Mail / Re: NewBackup backup vmail problem
« on: March 09, 2023, 09:29:24 AM »
Did you file a bug report? From what I gather, only a few staff members are active in this forum, so posting a problem here and expecting staff to act on it is a bit like shouting into the wind.
1124
How to / Re: Upgrade Roundcube in Running Versions of CWP
« on: March 09, 2023, 09:26:15 AM »
Can you post roundcube's relevant error log lines?
1125
Apache / Re: Apache MPM configuration
« on: March 09, 2023, 09:24:29 AM »
I hear it's a good estimate -- so at least a good starting point and you can fine-tune from there.
/usr/local/apache/conf/httpd.conf is the whole shebang or you could put it in /usr/local/apache/conf.d/limits.conf or create your own conf file in /usr/local/apache/conf.d/
/usr/local/apache/conf/httpd.conf is the whole shebang or you could put it in /usr/local/apache/conf.d/limits.conf or create your own conf file in /usr/local/apache/conf.d/
