Messages

31

CentOS-WebPanel GUI / Re: How to do so all servers have gzip compression?

« on: January 12, 2018, 04:05:29 AM »

add these lines to your httpd.conf
/usr/local/apache/conf/httpd.conf

LoadModule deflate_module modules/mod_deflate.so

#set compression level
DeflateCompressionLevel 9
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/opentype

# For Olders Browsers Which Can't Handle Compression
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>

# Cache 480 weeks
    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|mp4|mp3|eot|woff|ttf|svg|iefix)$">
    Header set Cache-Control "max-age=290304000, public"
    </FilesMatch>

<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
ExpiresDefault "access plus 1 month"
# My favicon
ExpiresByType image/x-icon "access plus 1 year"
# Media: images, video, audio
  ExpiresByType image/gif                 "access plus 1 year"
  ExpiresByType image/png                 "access plus 1 year"
  ExpiresByType image/jpg                 "access plus 1 year"
  ExpiresByType image/jpeg                "access plus 1 year"
  ExpiresByType video/ogg                 "access plus 1 year"
  ExpiresByType audio/ogg                 "access plus 1 year"
  ExpiresByType video/mp4                 "access plus 1 year"
  ExpiresByType video/webm                "access plus 1 year"
# Webfonts
  ExpiresByType font/truetype             "access plus 1 year"
  ExpiresByType font/opentype             "access plus 1 year"
  ExpiresByType application/x-font-woff   "access plus 1 year"
  ExpiresByType image/svg+xml             "access plus 1 year"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
# CSS and JavaScript
  ExpiresByType text/css                  "access plus 1 year"
  ExpiresByType application/javascript    "access plus 1 year"
  ExpiresByType text/javascript           "access plus 1 year"
</IfModule>
<IfModule mod_headers.c>
    Header append Cache-Control "public"
</IfModule>

# Disable Folder Files Listing
Options -Indexes
#Prevent acess to php.ini
<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

explanation:
- mod_deflate.so is disabled by default, you should enable it
- all media files(images, css, js...) will be cached and have a long expiration. no worry, this is based on last modified date of a file and if you replace those images on server, new file will be loaded on client.

32

CentOS-WebPanel GUI / Re: what is purpose of Add a New Domain function

« on: January 12, 2018, 04:02:31 AM »

One user can have many domains and those domain's public_html should be inside the username folder
example a user named john, he has  3 domains, those public_html folders should under a folder named john/domain1
So that when a user login using his SFTP, he is restricted to access other folders which are belong to other users

33

CentOS 7 Problems / Re: Can't Install on Dedicated Server

« on: January 12, 2018, 03:58:25 AM »

I have not failed on any fresh installation on CWP, maybe you should follow these steps:
1. Install latest 64 bits Centos 7
2. yum update -y
3. reboot
4. Run these commands
cd /usr/local/src
wget http://centos-webpanel.com/cwp-latest
sh cwp-latest

Note: don't change hostname before installing CWP, change it after you finish the setup process (change hostname on browser)

34

CentOS 7 Problems / Re: Centos Web Panel nginx problem

« on: January 12, 2018, 03:51:06 AM »

Try to rebuild it
Apache settings > Select Webservers

Then choose the third option
Apache & Nginx Reverse Proxy
HTTP: Nginx (80) --> Apache (8181)
HTTPS: Nginx (443) --> Apache (8181)

35

CentOS 7 Problems / Re: SSL Problem

« on: January 12, 2018, 03:47:24 AM »

You don't actually need to purchase a certificate for your CWP.
1. Just simply change your hostname (Server settings>Change hostname)
2. Make sure your hostname in CWP must be matched with your actual hostname of your server (to verify , login SSH and type hostname), or you can do simple check:
nano /etc/hosts
3. reboot

To access your secured CWP:  https://YOUR_SERVER_IP:2013

36

MySQL / Re: Nothing showing in MySQL Manager

« on: January 11, 2018, 11:01:45 AM »

Sounds like you are using an outdated CWP, maybe try to install centos 7 and use latest CWP

37

MySQL / Re: Warning: [obfuscated](): (HY000/2002): Connection refused

« on: January 11, 2018, 10:56:40 AM »

I guess two reasons:
- Your app has problem, try to check it
- your server's spec is too low (under 1 GB RAM, not recommended)

If you are unable to upgrade your server, maybe try to extend swap memory
https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-centos-7

Note: I have tested, only work on KVM, does not work on openVZ

38

MySQL / Re: Remote Access Problem

« on: January 11, 2018, 10:43:33 AM »

Add port 3306 to your firewall rules (both IN and OUT), then you can connect to your mysql outside of the server

Grant remote access to specific IP All Database
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'@'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Revoke permision:
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'USERNAME'@'1.2.3.4';
Check permission
SELECT * from information_schema.user_privileges where grantee like "'USERNAME'%";

39

MySQL / Re: Hide/block remote connection phpmyadmin

« on: January 11, 2018, 10:40:26 AM »

Why should you worry about it? The phpmyadmin itself has a login form !
Anyway, maybe you add another secured layer, example only authorize for a certain IP or certain country to access phpmyadmin URL, otherwise, die();
Tips: search google for htaccess and geo IP, or 'how to check IP using PHP'

40

MySQL / Re: Install CWB only with MySQL instead of MariaDB

« on: January 11, 2018, 10:33:52 AM »

Not recommend
I have tried when it first moved from  mysql to mariadb. However, the core panel (the control panel loaded in browser) is no longer supported Mysql queries, many bugs.
Better stick with Mariadb

41

Installation / Re: need advice to install intl (extension php)

« on: September 07, 2017, 02:02:06 PM »

- Login your CWP on browser
- Re compile PHP (use PHP switcher)
- Tick to the check box "intl" to enable this extension

Wait for php to be recompiled then you are good to go

42

CSF Firewall / Re: Firewall Disabled

« on: August 26, 2017, 11:48:41 AM »

Base on your error log
*Error* Invalid configuration line [PORTS_sshd = "29] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/GetIPs.pm line 22.

Have a look on it, then some extra steps:




In Centos 7 you must disable firewalld

systemctl disable firewalld
systemctl stop firewalld

Restart csf

csf -x
csf -e

if you can't restart csf, delete the error log, then everything will be fine

rm /etc/csf/csf.error
csf -x
csf -e

43

E-Mail / Re: All email going to reciver spam folder.

« on: May 16, 2017, 04:51:11 PM »

- you need to setup hostname correctly (both sides: Domain DNS and CWP settings)
- You need to add rDNS to your server/VPS (if the hosting provider allows you to do this, otherwise you need to ask them for help)
- You need to add SPF, DKIM to your server and your domain TXT records
- You need to generate, install, verify SSL on your server properly.

All these steps you can search google for tutorials, it's a long process. You might try to open email account at zoho.com (it is similar to Gmail for Work but allows you to add your own domain on free plan), then you will be able to read step by step on how to setup and verify DKIM + SPF

44

Installation / Re: Connection to storage server failed

« on: May 16, 2017, 04:07:55 PM »

http://forum.centos-webpanel.com/e-mail/roundcube-connection-to-storage-server-failed/

45

CSF Firewall / Re: DDoS Protection script

« on: May 15, 2017, 04:43:20 PM »

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

Thank you for this information, however I found a syntax error, it should be

CONNLIMIT = "80;150 21;50 443;150"

I added port 21, you might add more rules
150 connections per IP is fine to detect attacking