Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
CSF Firewall / Re: How to make WireGuard work?
« on: March 17, 2022, 03:40:58 PM »that line is in the script /etc/csf/csfpost.sh . It's going to throw an error because the variable $port is not set. But it should work$port=51820; <--- is this right? actually it still does not work.
I tried dnf remove firewalld -y and dnf install firewalld -y; then wireguard script then add the lines and csf -r but it still does not work.
17
CSF Firewall / Re: How to make WireGuard work?
« on: March 17, 2022, 11:37:46 AM »that line is in the script /etc/csf/csfpost.sh . It's going to throw an error because the variable $port is not set. But it should workEither I put $port = [enter port number] or directly put the port 5108?
18
CSF Firewall / Re: How to make WireGuard work?
« on: March 17, 2022, 08:14:55 AM »what he's saying is $ip needs to be replaced with your actual Global IPcan we tweak it to work with the csfpost.sh script?
$port needs to be your wireguard port
$ip6 needs to be your global ip for ip6
19
CSF Firewall / Re: How to make WireGuard work?
« on: March 17, 2022, 06:19:19 AM »that line is in the script /etc/csf/csfpost.sh . It's going to throw an error because the variable $port is not set. But it should workHello, apparently it does not work, sorry.
I asked helped from the maker of the WireGuard script, and this is what he said:
I am not familiar with CSF, but the following are indeed relevant rules for OpenVPN:
Code: [Select]
/usr/sbin/iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ip
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPT
/usr/sbin/iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT
/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPTIf your server has IPv6, the following are also required:
Code: [Select]
/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
/usr/sbin/ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPTYou need to replace the words starting with $. For example, $ip should be your public IPv4 address, and $port the port you selected during setup.
As I said I am not familiar with CSF, but a tiny bit of research indicates that you can likely add the commands above to /etc/csf/csfpost.sh and then restart CSF with csf -r
I have no idea what he was saying although I think it is something important?
Or, is there a way to install CWP and not to remove the firewalld thing?
20
CSF Firewall / Re: How to make WireGuard work?
« on: March 15, 2022, 08:14:03 AM »
I am sorry, it's confusing which files to edit. Do I just edit out the csf.conf or csfpost.sh
I added all of the lines in the /etc/csf/csfpost.sh <-- by the way this path does not work. I edited the file using the CWP Control Panel.
And I tried to remove this:
...and apparently, it still does not work.
I added all of the lines in the /etc/csf/csfpost.sh <-- by the way this path does not work. I edited the file using the CWP Control Panel.
And I tried to remove this:
Code: [Select]
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPT...and apparently, it still does not work.
21
PHP / Re: 502 Bad Gateway
« on: March 14, 2022, 01:03:55 PM »nginx + varnish can be used only if you proxy varnish to the custom app, like nodejs, tomcat....
if you want to use php then you can use only the option where the last server is nginx or apache.
However, you can also set per domain to use nginx + php-fpm if you have selected nginx/varnish webserver setup.
Oh wait. I can't use Varnish for WordPress?
How to proxy it or something?
You can check our wiki how to use Varnish,
http://wiki.centos-webpanel.com/how-to-install-varnish
Thanks for this!
22
PHP / Re: 502 Bad Gateway
« on: March 14, 2022, 12:33:50 PM »Why don't you make your life easier by switching to Nginx & Varnish & Apache and then assign "Nginx -> php-fpm" to those sites you insist on having it "nginx - php-fpm"?I tried to make my life easier too. However, I prefer to avoid Apache because it is completely unstable. I have seen the performance of nginx and it seems that completely utilizing nginx is the way to go...
Basically, make your wordpress run with Nginx - Varnish - Apache.
Varnish needs to be manually enabled by re-selecting this webserver configuration through the WebServer Domain Conf.
There you can choose a varnish template made for wordpress.
My wordpress site is running like this with varnish.
23
PHP / Re: 502 Bad Gateway
« on: March 14, 2022, 09:00:10 AM »nginx + varnish can be used only if you proxy varnish to the custom app, like nodejs, tomcat....
if you want to use php then you can use only the option where the last server is nginx or apache.
However, you can also set per domain to use nginx + php-fpm if you have selected nginx/varnish webserver setup.
Oh wait. I can't use Varnish for WordPress?
How to proxy it or something?
24
CSF Firewall / Re: How to make WireGuard work?
« on: March 14, 2022, 04:39:24 AM »And there is your problem. CWP removes firewalld, and installs CSF firewall. Please do the following:
yum remove firewalld
nano /etc/csf/csfpost.sh (and add the following script)Code: [Select]ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | sed -n "$ip6_number"p)
/usr/sbin/iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ip
/usr/sbin/iptables -I INPUT -p udp --dport $port -j ACCEPT
/usr/sbin/iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT
/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
if [[ -n "$ip6" ]]; then
/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
/usr/sbin/ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
fi
chmod 700 /etc/csf/csfpost.sh
csf -r
Then you should have wireguard working
You know what, I honestly appreciate what you did, man!
However, I am still a noob. May you please explain what is happening with the code you wrote?
25
PHP / Re: 502 Bad Gateway
« on: March 14, 2022, 04:35:25 AM »Nginx cannot run without php-fpm. Apache uses built-in modules to connect to php. Nginx does not have those, so it requires a standalone version of php such as php-cgi or php-fpm
Yes, I agree. That is why I purchased and subscribed to the CWP Pro version to support its development.
However, I noticed I could not use nginx alone. I would need to use something that has Apache for it to work.
Is it because it is incompatible with the latest version of 7.4 of PHP? Or do I need to use the last 5.6 version?
My current configuration is nginx > varnish > apache.
I prefer either nginx alone or nginx > varnish.
I accidentally solved it.
I pressed fixed permission when user nobody is selected.
nginx alone works now.
and nginx > varnish still doesn't work though.
Also, I don't understand this:
Code: [Select]
Nginx & Varnish
Additional Options: nginx/php-fpm, proxy
HTTP: Nginx (80) --> Varnish (82)
HTTPS: Nginx (443) --> Varnish (82)
Info: Useful as nginx/varnish proxy cache for NodeJS, Ruby, Tomcat
** Requires custom configuration per domain, as default behavior is proxy to varnish.
** Varnish you can enable additionally for domains you need.What does it require and what do I need to do?
26
CSF Firewall / Re: How to make WireGuard work?
« on: March 14, 2022, 03:41:23 AM »If you want to utilize it as a "proxy" server, you need to configure the firewall to allow wireguard to access the internet through masquarading. I'm not sure what guide you used, but here is a good example:
https://www.smarthomebeginner.com/linux-wireguard-vpn-server-setup/
This is the script that I used. https://github.com/Nyr/wireguard-install
And the author replied to me, this is what he said.
27
CSF Firewall / Re: How to make WireGuard work?
« on: March 12, 2022, 05:20:39 PM »If you are able to connect to it, then it is indeed working. What exactly are you trying to accomplish. BTW, you can put ports 1:65530 in both TCP_OUT and UDP_OUT to not block any outgoing connections from your server (NOt advised, but good for troubleshooting).
I would like to utilize the VPS server that I am renting by hosting my website and using that machine to encrypt my connection when I am connected through public WiFi networks using a VPN.
I was not aware it is possible to put a range of ports.
I could "send" data but not "receive" data.
28
CSF Firewall / Re: How to make WireGuard work?
« on: March 12, 2022, 06:21:20 AM »- You cant have php-fpm without a pro license.
- To open port in firewall; Edit /etc/csf/csf.conf
Find TCP_IN, TCP_OUT, UDP_IN, UDP_OUT and put the port there depending on if the port is TCP/UDP or if it should be in input or output, then restart the firewall.
- Check in Admin CP if the scripts are getting blocked by Mod_security:
Security - Security Center - Security incidents tab.
UDP_IN and UDP_OUT should have port 51194 added to start, then restart the firewall with csf -r
Thank you for your replies. I have carefully followed your instructions.
I have opened the port 5180 by editing the file.
I have edited the file, and restarted the whole server just to be sure.
Apparently, it still does not work. I noticed every time I connect on my phone to the VPN, the listening port changes.
Now, I have tried to use this script and switch over to OpenVPN, I opened UDP 1194 and it still does not work.
I'm thinking of installing the script first then installing CWP after. Do you think that would work?
29
PHP / Re: 502 Bad Gateway
« on: March 11, 2022, 09:43:08 AM »
I have removed the AutoSSL thing, and it still says 403 Forbidden. The website would work if I tried using simply Apache or nginx + Varnish + Apache. I decided to use CWP Pro to install php-fpm[/] and avoid Apache altogether. Any thoughts about why making nginx the primary server does not work? Thanks.
30
PHP / Re: 502 Bad Gateway
« on: March 11, 2022, 06:13:11 AM »you should also check the /usr/local/apache/domlogs/ for both the access and error logs. They should give some insight as to why you are receiving 403 errors.
I am mainly using nginx.
