Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Information / Re: Roundcube big security issue.
« on: Today at 05:38:20 AM »
✅ SOLVED – Roundcube logs publicly accessible via /logs/errors.log (CWPpro 0.9.8.1201)
If you're seeing this issue:
🛠️ Solution: Disable Logging from Within Roundcube
This will stop Roundcube from writing to `errors.log` entirely.
Step-by-step instructions:
[olist]
[li]Add the following at the bottom:[/li][/list]
[li]Save and exit (Ctrl+O, Enter, Ctrl+X)[/li][/list]
[/olist]
✅ No restart needed — changes are applied immediately.
🧱 Why this works:
Disabling logging at the application level ensures nothing is written to disk, eliminating the exposure even if `.htaccess` is ignored.
🔍 Tested On:
Hope this helps others secure their Roundcube installs on CWP.
Let me know if you need a web server rule version as well.
Jaspreet Singh
If you're seeing this issue:
Code: [Select]
https://domain.com/webmail/logs/errors.log
https://domain.com/roundcube/logs/errors.log
...and `.htaccess` isn’t being respected by `cwpsrv` or your webmail backend, here's a permanent fix that works regardless of web server behavior.🛠️ Solution: Disable Logging from Within Roundcube
This will stop Roundcube from writing to `errors.log` entirely.
Step-by-step instructions:
[olist]
- SSH into your server
- Edit the Roundcube config file:
Code: [Select]
nano /usr/local/cwpsrv/var/services/roundcube/config/config.inc.php
[/li][li]Add the following at the bottom:[/li][/list]
Code: (php) [Select]
// Disable all Roundcube logging
$config['log_driver'] = 'null'; // Prevent writing logs
$config['syslog_id'] = null; // Disable syslog output
$config['log_logins'] = false; // Do not log logins
$config['log_session'] = false; // Do not log sessions
$config['log_authfail'] = false; // Do not log failed logins
$config['smtp_log'] = false; // Disable SMTP log
$config['imap_log'] = false; // Disable IMAP log
[/li][li]Save and exit (Ctrl+O, Enter, Ctrl+X)[/li][/list]
[/olist]
✅ No restart needed — changes are applied immediately.
🧱 Why this works:
Disabling logging at the application level ensures nothing is written to disk, eliminating the exposure even if `.htaccess` is ignored.
🔍 Tested On:
Code: [Select]
CWPpro: 0.9.8.1201
Roundcube: 1.4.11 & 1.5.6
Apache: 2.4.62
PHP-FPM: 8.2.28
MariaDB: 10.11.11
OS: Rocky Linux 8.10
Stack: Nginx → Apache (forced PHP-FPM)
Hope this helps others secure their Roundcube installs on CWP.
Let me know if you need a web server rule version as well.
Jaspreet Singh
2
Nginx / Re: How to update NGINX version to version 1.26.2
« on: March 22, 2025, 05:17:49 AM »
My Approach to Upgrading Nginx Without a Full Reinstallation
In my experience, the optimal strategy is to update Nginx directly using the official stable repository, rather than removing it entirely. This approach helps maintain your current configuration and avoids the hassle of extensive reconfiguration.
Step 1: Backup Existing Configurations
Instead of removing your existing Nginx installation, add the new stable repository. This is crucial for accessing the latest version without disrupting your current setup.
Step 3: Direct Update
Execute a direct update using:
Step 4: Apply Configuration Adjustments
Navigate to WebServer Settings > WebServers Main Conf. Verify and adjust the necessary settings, and enable the "rebuild all vhost on save" option to ensure all virtual host configurations are updated seamlessly.
Step 5: Restart Services
Restart both Apache and Nginx to finalize the update.
This method emphasizes stability and preserves your existing configuration, avoiding the unnecessary overhead and risks associated with a full reinstallation.
In my experience, the optimal strategy is to update Nginx directly using the official stable repository, rather than removing it entirely. This approach helps maintain your current configuration and avoids the hassle of extensive reconfiguration.
Step 1: Backup Existing Configurations
- Backup the conf.d directory.
- Backup the nginx.conf file.
Instead of removing your existing Nginx installation, add the new stable repository. This is crucial for accessing the latest version without disrupting your current setup.
Step 3: Direct Update
Execute a direct update using:
Code: [Select]
dnf update nginx
This command updates Nginx in place, preserving your configuration and significantly reducing the risk of introducing new issues.Step 4: Apply Configuration Adjustments
Navigate to WebServer Settings > WebServers Main Conf. Verify and adjust the necessary settings, and enable the "rebuild all vhost on save" option to ensure all virtual host configurations are updated seamlessly.
Step 5: Restart Services
Restart both Apache and Nginx to finalize the update.
This method emphasizes stability and preserves your existing configuration, avoiding the unnecessary overhead and risks associated with a full reinstallation.
3
Information / Re: Changelogs
« on: November 12, 2024, 03:02:53 PM »
Version CWP7: 0.9.8.1188 release, yet no changelogs.
4
DNS / Re: DNS Slave
« on: April 03, 2024, 01:43:37 PM »
I appreciate the insights shared in this discussion.
I took a different approach to setting up DNS slave servers for CWP and it works flawlessly, even without the CWPpro version.
Although I do recommend the pro version for its added features, my method provides a robust solution, For a complete tutorial on how to set up high-availability DNS slave servers for the CWP panel, you can check out my post at
https://www.jaspreet.net/2211/2024/02/22/how-to-setup-high-availability-dns-slave-servers-for-cwp-panel-complete-tutorial/
It’s a comprehensive guide that I believe will be beneficial for many users here.
I took a different approach to setting up DNS slave servers for CWP and it works flawlessly, even without the CWPpro version.
Although I do recommend the pro version for its added features, my method provides a robust solution, For a complete tutorial on how to set up high-availability DNS slave servers for the CWP panel, you can check out my post at
https://www.jaspreet.net/2211/2024/02/22/how-to-setup-high-availability-dns-slave-servers-for-cwp-panel-complete-tutorial/
It’s a comprehensive guide that I believe will be beneficial for many users here.
5
Installation / CWP Host SSL with Cockpit?
« on: February 01, 2023, 05:47:12 AM »
Hello,
I am using Rocky 8.7 with CWP Pro. I have also got Cockpit running to monitor the Physical Server. I noticed that Cockpit is using unsigned or self signed certificates.
My Question: Is there a way we can configure CWP or Cockpit to use Lets encrypt ssl certs already present on CWP server. (In my case i al talking about hostname certs to be shared with Cockpit.)
Any Advise will be highly appreciated. If I have posted this post in wrong category, I apologies for the same in advise.
Cheers!
I am using Rocky 8.7 with CWP Pro. I have also got Cockpit running to monitor the Physical Server. I noticed that Cockpit is using unsigned or self signed certificates.
My Question: Is there a way we can configure CWP or Cockpit to use Lets encrypt ssl certs already present on CWP server. (In my case i al talking about hostname certs to be shared with Cockpit.)
Any Advise will be highly appreciated. If I have posted this post in wrong category, I apologies for the same in advise.
Cheers!
Pages: [1]
