Leaderboard

CSF replacement tested in old Centos 7, AlmaLinux 8.10 and AlmaLinux 9.6The CSF project is continuing as Open Source project, the website is here: https://docs.configserver.dev/ Github: https://github.com/Aetherinox/csf-firewall And as it was suggested in article https://www.jaspreet.net/2025/09/06/3180/how-to-fix-csf-firewall-error-oops-unable-to-download-no-host-option-provided/ you have to update the content of /etc/csf/downloadserver Comment out (or delete) the old content of the file and set the new line of download server: download.configserver.dev Restart CSF and from the GUI of CWP update Firewall. The result will be appear in the screen, and the CFS/LFD will update to the current version: Status: csf: v15.01 (CentOS Web Panel) Or, you can use the solution suggested by @Starburst above.

Full tutorial with GUI integration, fixed OpenSSL support, external modules, and a working custom PHP builder. This guide explains how to properly add PHP 8.4 and PHP 8.5 to Control Web Panel (CWP) on EL9-based systems. Unlike older CWP releases, CWP does not provide official PHP 8.4/8.5 packages yet — but with the steps below you can fully integrate them into and you can also fix the PHP 8.3 OpenSSL problem based on this: ✔ the CWP PHP Selector GUI ✔ Apache / Nginx vhosts ✔ external PECL modules ✔ system services ✔ CSF/Monit integration This article provides everything: file paths, scripts, corrections, and the build steps. ⚙️ Step 1 — Extend the CWP GUI to Support PHP 8.4 and 8.5CWP reads available PHP versions from: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/versions.iniAdd the new PHP versions like: [8.3] version[]=8.3.28 version[]=8.3.27 version[]=8.3.25 version[]=8.3.21 version[]=8.3.20 version[]=8.3.19 version[]=8.3.17 version[]=8.3.16 version[]=8.3.15 version[]=8.3.14 version[]=8.3.13 version[]=8.3.12 version[]=8.3.11 version[]=8.3.10 version[]=8.3.9 version[]=8.3.8 version[]=8.3.7 version[]=8.3.6 version[]=8.3.4 version[]=8.3.3 version[]=8.3.2 version[]=8.3.1 version[]=8.3.0 [8.4] version[]=8.4.15 version[]=8.4.14 version[]=8.4.13 version[]=8.4.12 version[]=8.4.11 version[]=8.4.10 version[]=8.4.9 version[]=8.4.8 version[]=8.4.7 version[]=8.4.6 version[]=8.4.4 version[]=8.4.3 version[]=8.4.2 version[]=8.4.1 version[]=8.4.0 [8.5] version[]=8.5.0 This makes the versions selectable in the GUI. If you don't want to make previous PHP 8.4 versions optional under 8.4.14, you can leave them out of the list. ⚙️ Step 2 — Create 8.4.ini and 8.5.ini GUI TemplatesLocation: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/Create these files based on the sample and content of 8.3.ini: 8.4.ini 8.5.ini Both must contain a corrected OpenSSL section: [openssl] default=1 option="--with-openssl=/usr" info-file=openssl.txt (Older CWP templates use deprecated OpenSSL paths that break EL9 builds. The corrected version above is mandatory. And similarly, the OpenSSL section in the 8.3.ini file must be corrected.) These files provide the GUI-driven configure flags that our builder script will later use. ⚙️ Step 3 — Create External and Pre Run Modules for PHP 8.4 and 8.5Create these directories and update the content of 8.3 folder with the linked ZIP file: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/external_modules/8.3 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/external_modules/8.4 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/external_modules/8.5Populate each directory with the updated scripts: apcu.sh imagick.sh memcache.sh memcached.sh mailparse.sh mongodb.sh redis.sh ssh2.sh uploadprogress.sh xdebug.sh yaz.sh sodium.sh sourceguardian.sh sqlsrv.sh ioncube.sh (With proper loader URL handling: stable for 8.4, beta for 8.5.) 👉 Here is the ZIP file with all corrected module scripts to this post for download: External_Modules Create these directories and update the content of 8.3 folder with the linked ZIP file: /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/pre_run/8.3 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/pre_run/8.4 /usr/local/cwpsrv/htdocs/resources/conf/el9/php-fpm_selector/pre_run/8.5Pre Run Modules ⚙️ Step 4 — Install the Custom Builder ScriptPlace the builder script in: /root/build-php-fpm84-el9.sh This script: ✔ reads the GUI-generated configure template ✔ enforces OpenSSL 3.x for EL9 ✔ builds PHP cleanly under /opt/alt/php-fpm84/usr/ ✔ installs FPM service, ini files, sockets ✔ compiles all external modules ✔ integrates CSF and Monit ✔ logs every step You can rewrite this script to install PHP 8.3.28 or PHP 8.5.0 by changing just a few variables. Here is the corrected PHP compiler script located in /root/build-php-fpm84-el9.sh file: #!/bin/bash set -euo pipefail set -x # --- Basic variables --- PHPMAJOR="84" # php-fpm84 PHPVER="8.4.15" # PHP version FPMDIR="/opt/alt/php-fpm${PHPMAJOR}" CONFBASE="/usr/local/cwp/.conf/php-fpm_conf" arch=$(uname -m) if [[ "$arch" == "x86_64" ]]; then platform="x86-64" libdir="/usr/lib64" else platform="x86" libdir="/usr/lib" fi # --- Packages for Build (EL9) --- dnf -y install \ krb5-devel glibc-common gnutls-devel \ libargon2 libargon2-devel libbsd-devel \ perl libzip libzip-devel pcre2 pcre2-devel \ libavif libavif-devel \ uw-imap-devel \ openssl-devel # If there is any old CWP OpenSSL hack left, don't use it.: if [ -d /usr/local/opensslso ]; then echo "WARN: /usr/local/opensslso exists, but we DO NOT USE for compiling PHP (OpenSSL 1.1 hack)." fi # --- Force OpenSSL 3.x --- export PKG_CONFIG_PATH=/usr/lib64/pkgconfig export OPENSSL_CFLAGS="-I/usr/include" export OPENSSL_LIBS="-L/usr/lib64" export LDFLAGS="-lssl -lcrypto" # --- CWP pre-conf, if exists (e.g.: pcre2, & other libs) --- if [ -e "${CONFBASE}/php${PHPMAJOR}_pre.conf" ]; then bash "${CONFBASE}/php${PHPMAJOR}_pre.conf" fi # --- PHP SOURCE DOWNLOAD CHECK: CWP CDN → OFFICIAL php.net → GitHub fallback --- CWP_URL="http://static.cdn-cwp.com/files/php/php-${PHPVER}.tar.gz" PHPNET_URL="https://www.php.net/distributions/php-${PHPVER}.tar.gz" GITHUB_URL="https://codeload.github.com/php/php-src/tar.gz/refs/tags/php-${PHPVER}" # Function: check HTTP 200 + verify tar.gz content check_and_verify() { local url="$1" local testfile="/tmp/php-test-${PHPVER}.tar.gz" echo "Checking: $url" # First check HTTP status code if ! curl -I -L -s "$url" | grep -q "200"; then echo " → HTTP check failed" return 1 fi # Download temporary test file if ! wget -q "$url" -O "$testfile"; then echo " → Download failed" return 1 fi # Validate MIME type of tar.gz if file "$testfile" | grep -qiE "gzip compressed data|tar archive"; then rm -f "$testfile" echo " → Valid TAR.GZ" return 0 fi echo " → Invalid TAR.GZ (HTML or wrong file)" rm -f "$testfile" return 1 } # Check sources in order (CWP → php.net → GitHub) if check_and_verify "$CWP_URL"; then PHPSOURCE="$CWP_URL" elif check_and_verify "$PHPNET_URL"; then PHPSOURCE="$PHPNET_URL" elif check_and_verify "$GITHUB_URL"; then PHPSOURCE="$GITHUB_URL" else echo "ERROR: Could not download a valid PHP source for version ${PHPVER}" exit 1 fi echo "Using source: $PHPSOURCE" # --- Build directory --- rm -rf /usr/local/src/php-build mkdir -p /usr/local/src/php-build cd /usr/local/src/php-build wget -q "${PHPSOURCE}" -O "php-${PHPVER}.tar.gz" tar -xvf "php-${PHPVER}.tar.gz" cd "php-${PHPVER}" # --- Configure: CWP's own php84.conf, but already wired to OpenSSL 3.x from env --- if [ ! -x "${CONFBASE}/php${PHPMAJOR}.conf" ]; then chmod +x "${CONFBASE}/php${PHPMAJOR}.conf" 2>/dev/null || true fi # IMPORTANT: LDFLAGS + PKG_CONFIG_PATH already exported bash "${CONFBASE}/php${PHPMAJOR}.conf" # --- Compiling --- if command -v nproc >/dev/null 2>&1; then make -j"$(nproc)" else make fi make install # --- PHP.ini + FPM scaffolding --- mkdir -p "${FPMDIR}/usr/php/php.d" mkdir -p "${FPMDIR}/usr/var/sockets" mkdir -p "${FPMDIR}/usr/etc/php-fpm.d" mkdir -p "${FPMDIR}/usr/etc/php-fpm.d/users" rsync php.ini-production "${FPMDIR}/usr/php/php.ini" sed -i 's/^short_open_tag.*/short_open_tag = On/' "${FPMDIR}/usr/php/php.ini" sed -i 's/^;cgi.fix_pathinfo=.*/cgi.fix_pathinfo=1/' "${FPMDIR}/usr/php/php.ini" sed -i 's/.*mail.add_x_header.*/mail.add_x_header = On/' "${FPMDIR}/usr/php/php.ini" sed -i 's@.*mail.log.*@mail.log = /usr/local/apache/logs/phpmail.log@' "${FPMDIR}/usr/php/php.ini" echo "include=${FPMDIR}/usr/etc/php-fpm.d/users/*.conf" > "${FPMDIR}/usr/etc/php-fpm.d/users.conf" echo "include=${FPMDIR}/usr/etc/php-fpm.d/*.conf" > "${FPMDIR}/usr/etc/php-fpm.conf" cat > "${FPMDIR}/usr/etc/php-fpm.d/cwpsvc.conf" <<EOF [cwpsvc] listen = ${FPMDIR}/usr/var/sockets/cwpsvc.sock listen.owner = cwpsvc listen.group = cwpsvc listen.mode = 0640 user = cwpsvc group = cwpsvc pm = ondemand pm.max_children = 25 pm.process_idle_timeout = 15s request_terminate_timeout = 0 EOF # --- Systemd service --- cp sapi/fpm/php-fpm.service "/usr/lib/systemd/system/php-fpm${PHPMAJOR}.service" sed -i "s|\${exec_prefix}|${FPMDIR}/usr|g" "/usr/lib/systemd/system/php-fpm${PHPMAJOR}.service" sed -i "s|\${prefix}|${FPMDIR}/usr|g" "/usr/lib/systemd/system/php-fpm${PHPMAJOR}.service" systemctl daemon-reload systemctl enable "php-fpm${PHPMAJOR}" # --- Loading Apache FPM module if not already present --- if [ ! -e "/usr/local/apache/conf.d/php-fpm.conf" ]; then cat > /usr/local/apache/conf.d/php-fpm.conf <<EOF <IfModule !proxy_fcgi_module> LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so </IfModule> EOF fi # --- External modules (imagick, redis, imap, etc.) --- if [ -e "${CONFBASE}/php${PHPMAJOR}_external.conf" ]; then bash "${CONFBASE}/php${PHPMAJOR}_external.conf" || true fi # --- Monitor integration --- if [ -d "/etc/monit.d" ]; then if [ ! -e "/etc/monit.d/php-fpm${PHPMAJOR}" ]; then if [ -e "/usr/local/cwpsrv/htdocs/resources/conf/monit.d/php-fpm${PHPMAJOR}" ]; then cp "/usr/local/cwpsrv/htdocs/resources/conf/monit.d/php-fpm${PHPMAJOR}" /etc/monit.d/ 2>/dev/null || true monit reload || true fi fi fi systemctl restart "php-fpm${PHPMAJOR}" # --- CSF pignore --- if [ -e "/etc/csf/csf.pignore" ]; then # PHP-FPM + PHP binary if ! grep -q "${FPMDIR}/usr/sbin/php-fpm" /etc/csf/csf.pignore; then echo "exe:${FPMDIR}/usr/sbin/php-fpm" >> /etc/csf/csf.pignore fi if ! grep -q "${FPMDIR}/usr/bin/php" /etc/csf/csf.pignore; then echo "exe:${FPMDIR}/usr/bin/php" >> /etc/csf/csf.pignore fi # memcached daemon if command -v memcached >/dev/null 2>&1; then if ! grep -q "exe:/usr/bin/memcached" /etc/csf/csf.pignore; then echo "exe:/usr/bin/memcached" >> /etc/csf/csf.pignore fi fi # redis-server daemon if command -v redis-server >/dev/null 2>&1; then if ! grep -q "exe:/usr/bin/redis-server" /etc/csf/csf.pignore; then echo "exe:/usr/bin/redis-server" >> /etc/csf/csf.pignore fi fi # Restart CSF/LFD to apply changes csf -r fi rm -rf /usr/local/src/php-build rm -rf /usr/local/src/build-dir echo "PHP ${PHPVER} (php-fpm${PHPMAJOR}) build finished successfully." It is for sample, you can modify it by your needs. ⚙️ Step 5 — Trigger the GUI Build OnceFrom the CWP Admin Panel: PHP-FPM Selector → PHP 8.4 → Choose desired version of PHP → Build CWP will: generate the build configuration files stop early because no packages exist (expected!) but now the config files are ready The GUI selector (Image on the shared link) This step must be done once so the GUI produces: /usr/local/cwp/.conf/php-fpm_conf/php84.conf /usr/local/cwp/.conf/php-fpm_conf/php84_pre.conf /usr/local/cwp/.conf/php-fpm_conf/php84_external.conf Our builder script depends on them. ⚙️ Step 6 — Build PHP 8.4 With LoggingRun the custom builder script manually: bash /root/build-php-fpm84-el9.sh 2>&1 | tee /root/php84-build.log This: logs all output compiles PHP 8.4.14 installs extensions - e.g. IonCube loader if it was selected reloads FPM integrates CSF pignore entries exe:/usr/bin/redis-server exe:/usr/bin/memcached After the build: Test PHP:/opt/alt/php-fpm84/usr/bin/php -v /opt/alt/php-fpm84/usr/sbin/php-fpm -t Verify IonCube:grep -Ri ioncube /opt/alt/php-fpm84/usr/php/php.d/ Verify Imagick:/opt/alt/php-fpm84/usr/bin/php -r "print_r(Imagick::getVersion());"⚙️ Repeat the Process for PHP 8.5The steps are identical, except: PHP version is different ionCube loader uses the beta build ioncube_loaders_lin_x86-64_beta.tar.gz Here is the IonCube documentation. The PHP 8.4 is fully supported, PHP 8.5 is Beta in the moment. 🎉 ResultAfter completing these steps you will have: ✔ Fully working PHP 8.4 or 8.5 ✔ 100% GUI-compatible (PHP Selector, vhost handler, extension manager) ✔ Proper OpenSSL 3.x integration ✔ All external PECL modules working ✔ Systemd FPM services ✔ Clean, isolated alt-PHP folders under /opt/alt ✔ No conflict with AlmaLinux REMI PHP packages And most importantly: You can now run PHP 8.4 / 8.5 safely in production on CWP EL9. I also fixed the PHP - OpenSSL compilation issue in AlmaLinux 9.x with PHP 8.3.28 version of the script. PHP now uses OpenSSL 3.x. Checking the compiled PHP versions (e.g. 8.4.14 and 8.3.28): [root@vps ~]# /opt/alt/php-fpm84/usr/bin/php -v PHP 8.4.14 (cli) (built: Dec 1 2025 22:53:34) (NTS) Copyright (c) The PHP Group Zend Engine v4.4.14, Copyright (c) Zend Technologies with the ionCube PHP Loader v15.0.0, Copyright (c) 2002-2025, by ionCube Ltd. with Zend OPcache v8.4.14, Copyright (c), by Zend Technologies [root@vps ~]# /opt/alt/php-fpm83/usr/bin/php -v PHP 8.3.28 (cli) (built: Dec 1 2025 16:39:53) (NTS) Copyright (c) The PHP Group Zend Engine v4.3.28, Copyright (c) Zend Technologies with Zend OPcache v8.3.28, Copyright (c), by Zend Technologies [root@vps ~]# Checking OpenSSL: [root@vps ~]# /opt/alt/php-fpm84/usr/bin/php -i | grep -i "openssl" Configure Command => './configure' '--prefix=/opt/alt/php-fpm84/usr' '--with-config-file-path=/opt/alt/php-fpm84/usr/php' '--with-config-file-scan-dir=/opt/alt/php-fpm84/usr/php/php.d' '--with-zlib=/usr' '--enable-mbstring' '--with-zip' '--enable-bcmath' '--enable-pcntl' '--enable-ftp' '--enable-exif' '--enable-calendar' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-tidy' '--with-curl' '--with-iconv' '--with-gmp' '--with-pspell' '--enable-gd' '--with-jpeg' '--with-freetype' '--enable-gd-jis-conv' '--with-webp' '--with-avif' '--with-zlib-dir=/usr' '--with-xpm' '--with-openssl=/usr' '--with-pdo-mysql=mysqlnd' '--with-gettext=/usr' '--with-bz2=/usr' '--with-mysqli' '--enable-soap' '--enable-phar' '--with-xsl' '--with-kerberos' '--enable-posix' '--enable-sockets' '--with-external-pcre' '--with-libdir=lib64' '--with-mysql-sock=/var/lib/mysql/mysql.sock' '--enable-intl' '--with-imap' '--with-imap-ssl' '--enable-fpm' '--enable-opcache' '--with-password-argon2' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig' 'OPENSSL_CFLAGS=-I/usr/include' 'OPENSSL_LIBS=-L/usr/lib64' SSL Version => OpenSSL/3.5.1 libSSH Version => libssh/0.10.4/openssl/zlib openssl OpenSSL support => enabled OpenSSL Library Version => OpenSSL 3.5.1 1 Jul 2025 OpenSSL Header Version => OpenSSL 3.5.1 1 Jul 2025 Openssl default config => /etc/pki/tls/openssl.cnf openssl.cafile => no value => no value openssl.capath => no value => no value OpenSSL support => enabled [root@vps ~]# If you have any suggestions, please feel free to write to me.

will create the tutorial soon

And all of the hacker's they have and allow on their network...

typo above --nopdeps

In this tutorial I’ll explain and provide solution script upon how you can clear all log files including old logs from CWP server. This tutorial is specially dedicated to the blog visitors who have emailed me to provide such solution. This script will clean all possible logs without affecting any service. Ensure you’ve logged in as root ssh user Solution 1 : Run CWP script to clean logs : /scripts/clean_all_server_logs Solution 2: To clear the log instantly you can run this bash script as i already created for your to make the task faster or else if you want to create by your own go to solution 3. curl -s -L https://www.alphagnu.com/upload/clear-sh.sh | bash Solution 3: First create a file in /root dir : cd /root nano clearlog.sh Then paste this Bash script and save it: #!/bin/bash truncate -s 0 /usr/local/apache/logs/*bytes truncate -s 0 /usr/local/apache/logs/*log truncate -s 0 /usr/local/apache/domlogs/*bytes truncate -s 0 /usr/local/apache/domlogs/*log truncate -s 0 /var/log/messages truncate -s 0 /var/log/maillog truncate -s 0 /var/log/*log truncate -s 0 /opt/alt/*/usr/var/log/php-fpm.log truncate -s 0 /usr/local/cwpsrv/logs/access_log truncate -s 0 /usr/local/cwpsrv/logs/error_log truncate -s 0 /var/log/cron truncate -s 0 /var/log/secure truncate -s 0 /var/log/cwp/services_action.log truncate -s 0 /var/log/cwp/cwp_sslmod.log truncate -s 0 /var/log/cwp/cwp_cron.log truncate -s 0 /var/log/cwpsecure/reject_003.log truncate -s 0 /var/log/cwp/cwp_backup.log truncate -s 0 /var/log/cwp/activity.log truncate -s 0 /usr/local/cwpsrv/var/services/roundcube/logs/errors truncate -s 0 /var/spool/amavisd/.razor/razor-agent.log truncate -s 0 /usr/local/cwp/php71/var/log/php-fpm.log truncate -s 0 /root/.acme.sh/cwp_certs/acme.sh.log rm -rf /var/log/maillog-* rm -rf /var/log/monit.log-* rm -rf /var/log/spooler-* rm -rf /var/log/messages-* rm -rf /var/log/secure-* rm -rf /var/log/pureftpd.log-* rm -rf /var/log/yum.log-* rm -rf /var/log/cron-* rm -rf /var/lib/clamav/tmp.* find /tmp/ -type f -name "sess_*" -exec rm {} \; rm -f /tmp/202*request_body-* echo "" > /var/spool/mail/root Change the permission : chmod 755 /root/clearlog.sh Now run this command to run the clear log script: sh /root/clearlog.sh Thats it the logs will be cleared you can go and check to the respected locations of the log. Cron Job : You can also create cron job like below by following solution 2 and create this cron job task according to your needs : TO run DAILY : 0 0 * * * /usr/bin/sh /root/clearlog.sh TO run Weekly : 0 0 * * 0 /usr/bin/sh /root/clearlog.sh TO run Monthly: 0 0 1 * * /usr/bin/sh /root/clearlog.sh

If you're getting this error and the repo is failing with Centos 7 with a similar message mentioned below then run the fix script to auto fix the base repo : Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Name or service not known" Due to EOL the mirrorlist.centos.org doesn't exist anymore and removed you need to change the repo to vault.centos.org you need to run the below script on your server : curl -s -L https://www.alphagnu.com/upload/centos7-repo-fix.sh | bash

I updated an old module and improved it a bit. https://github.com/leisegang/cwp-users-quota I added bandwidth and adjusted the percent view. changed sorting

The problem was not caused by MPM itself. I solved the problem by activating the KEEPALIVE feature and setting the keepalivetimeout value to a low number; it works fine now.

Apache 2.4.60 just got released today. 🙂

You can try to remove the galera and then reinstall rpm -e --nodeps galera-4-26.4.16-1.el8.x86_64

Thank you Sandeep! I see 3 time CWP in your answer and thinks this is normal, is not bad panel i like it so much BUT have some things in last times: don't work the technical support - very slow answer and many time is not competent or fix one but stop work another; don't have updates and patches in last time (over a very long time interval); have a features that don't work currectrly like custom SSL (lost it or chage it with Let's encript), API (don't find it) and etc.; don't have information what happened after the rest 2 months to life end of CentOS 7 how will it continue; etc. Honest answer: good thing it's you because I would move to another panel a long time ago! Now i see many changes in another panel like DirectAdmin - yes i understand that is very complex, but if is stable ... one time that is ready you don't make changes, right?! The new design, with all features and the price with support i think is a nice choose ... or sPanel don't have many features but it's stable with very, very nice support and price. I ask everyone to share experiences, impressions or opinions, thanks!

Quick tip : One line command to clear wp-rocket cache on all sites on server : test it first (dry run) : find /home -type d -name "wp-rocket" | while read -r dir; do cache_dir=$(dirname "$dir")/cache/wp-rocket; [ -d "$cache_dir" ] || cache_dir=$(dirname "$(dirname "$dir")")/cache/wp-rocket; [ -d "$cache_dir" ] && echo "Clearing cache in $cache_dir" || echo "Cache directory not found in $dir"; done run it live (clear the cache files ) : find /home -type d -name "wp-rocket" | while read -r dir; do cache_dir=$(dirname "$dir")/cache/wp-rocket; [ -d "$cache_dir" ] || cache_dir=$(dirname "$(dirname "$dir")")/cache/wp-rocket; [ -d "$cache_dir" ] && echo "Clearing cache in $cache_dir" && rm -rf "$cache_dir"/* || echo "Cache directory not found in $dir"; done

In this tutorial we’ll learn how you can install CXS in CWP -Control Web Panel wiht below simple steps. CSX is paid Program and you need license to install and use it : ConfigServer eXploit Scanner (cxs) is a server malware, exploit and antivirus scanner that performs active scanning of files as they are uploaded to the server For dedicated or virtual servers – protects all domains, IP addresses and users on the server Active (realtime), manual, and scheduled scanning can be performed Scans for suspected exploits, viruses, suspicious resources Quarantine or delete suspicious files Provides an easy to use interface within the root or admin control panel. Licensed on a per server basis, no limit on users or accounts. One time purchase price, includes software updates for the life of the product. No monthly fees. Buy the license here : LINK Install CXS in CWP steps : STEP 1 : cd /usr/src yum install sqlite perl-DBI perl-DBD-SQLite perl-Linux-Inotify2 -y rm -f cxs* wget https://download.configserver.com/cxsinstaller.tgz tar -xzf cxsinstaller.tgz chattr -i -R /usr/local/cwpsrv/htdocs/admin/ perl cxsinstaller.pl 1.1.1.1 rm -fv cxsinstaller.* ** replace the 1.1.1.1 with your licensed server IP STEP 2 : Now got wo cwp admin dashboard and navigate : CWP.admin > Configserver Scripts >> ConfigServer Exploit Scanner >> cxs Command Wizard Choose all default settings and save it after run this command to use custom CLAM AV : sed -i '$ a clamdsock=/var/run/clamd.amavisd/clamd.sock' /etc/cxs/cxs.defaults Then Restart CXS service : service cxswatch restart STEP 3 : Make Directory Permission to 755 : in order to scanner to work you need to change the DIRECORY permission to 755, to do this all at once for all users run the below command: chmod 755 /home/*/public_html If you’ve domain/subdomains directory outside of public_html run below command to fix permission : chmod 755 /home/*/* Also you can create custom cron job to run every 15 minutes to fix the permission for new added users or domain/subdomain Add this cron job : */15 * * * * /usr/bin/chmod 755 /home/*/*

You can delete this line and check depends on mariadb_init

In this tutorial we’ll learn how to disable php mail() function in CWP to block the users to be able to send spam emails or infected emails from php mail function. This will force users to use SMTP based email sending structure which is more secure and easily controllable upon the amount of mails they are sending i.e. you can add quota hourly basis in packages. Run this below commands to disable php mail function completely :- PHP switcher : echo "disable_functions = mail" > /usr/local/php/php.d/disabled_function.ini PHP-CGI selector : echo "disable_functions = mail" > /opt/alt/php53/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php54/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php55/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php56/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php70/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php71/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php72/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php73/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php74/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php80/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php81/usr/php/php.d/disabled_function.ini echo "disable_functions = mail" > /opt/alt/php82/usr/php/php.d/disabled_function.ini PHP_FPM Selector : echo "disable_functions = mail" > /opt/alt/php-fpm53/usr/php/php.d/disabled_function.ini && service php-fpm53 restart echo "disable_functions = mail" > /opt/alt/php-fpm54/usr/php/php.d/disabled_function.ini && service php-fpm54 restart echo "disable_functions = mail" > /opt/alt/php-fpm55/usr/php/php.d/disabled_function.ini && service php-fpm55 restart echo "disable_functions = mail" > /opt/alt/php-fpm56/usr/php/php.d/disabled_function.ini && service php-fpm56 restart echo "disable_functions = mail" > /opt/alt/php-fpm70/usr/php/php.d/disabled_function.ini && service php-fpm70 restart echo "disable_functions = mail" > /opt/alt/php-fpm71/usr/php/php.d/disabled_function.ini && service php-fpm71 restart echo "disable_functions = mail" > /opt/alt/php-fpm72/usr/php/php.d/disabled_function.ini && service php-fpm72 restart echo "disable_functions = mail" > /opt/alt/php-fpm73/usr/php/php.d/disabled_function.ini && service php-fpm73 restart echo "disable_functions = mail" > /opt/alt/php-fpm74/usr/php/php.d/disabled_function.ini && service php-fpm74 restart echo "disable_functions = mail" > /opt/alt/php-fpm80/usr/php/php.d/disabled_function.ini && service php-fpm80 restart echo "disable_functions = mail" > /opt/alt/php-fpm81/usr/php/php.d/disabled_function.ini && service php-fpm81 restart echo "disable_functions = mail" > /opt/alt/php-fpm82/usr/php/php.d/disabled_function.ini && service php-fpm82 restart

i cant wait 4 years more for that Also i reported an error in reseller 1 year ago, and it has not been fixed yet

Hi Sandeep, Followed your instructions and it worked almost flawless. the version numbers do not mach in some command lines.. After i changed it it worked as expected. I marked the errors. thanks

I have used these hetzner i have the Intel® Core™ i9-13900 with 64 GB DDR5 ECC and 2tb nvme ssd. IT is FAST and i can have a good amount of customers on this server. i have had like 6 months with 8TB monthly traffic and it has no problem with that. i really like the storagebox backup that hetzner has. if i will need more servers i would go for one at hetzner. i also have a VPS at hetzner. ovh The server i got was probably a few years old when i got it and i had several incidents where disk or RAM failed. Causing downtime, Also they were relatively pricy if you look at hetzner digital ocean good for small vps if you want something small and cointained to its own "server" Not bad prices vps.net good support ok prices. scalability is really good.

The absolute easiest way is to mount the storage box as a volume and then backup to that location. Then use the NEW backup solution in CWP to backup to that location, or you can use rsync to backup to that location. I have one volume at Path: /mnt/backup-server/backup

i have a intel i9 server there, works great, i have about 60 accounts on it the storage box is good for backup, relatively cheap backup

I have now integrated it into CWP, so for the benefit of others. 1. Create /usr/local/cwpsrv/htdocs/resources/admin/modules/apache_status.php with the following contents: <?php // Apache Status - Accesses v0.4 $url = "http://localhost/server-status"; $ch_session = curl_init(); curl_setopt($ch_session, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch_session, CURLOPT_URL, $url); $result_url = curl_exec($ch_session); echo $result_url; ?> To Add under webservers instead of Developer Options /usr/local/cwpsrv/htdocs/resources/admin/include/3rdparty.php <script type="text/javascript"> $(document).ready(function() { var newButtons = '' +' <li>' +' <a href="?module=apache_status"><span aria-hidden="true" class="icon16 icomoon-icon-arrow-right-3"></span>Apache Status - Accesses</span></a>' +'</li>'; $("ul#mn-15-sub").prepend(newButtons); }); </script> and that's all you need to do to get the full apache status

I got a message saying that i dont have access/rights to view this plugin. I Tried to remove it manually and installed it again with this command and then it worked

Work perfect, thank you!

Hello Navid, the cron work fine - tested from me and confirm this! Have only one problem if you make it daily and wаnt to monitoring mail logs (for reason of SPAM and etc.) in this case is neccesere to remove this lines: truncate -s 0 /var/log/maillog truncate -s 0 /usr/local/cwpsrv/var/services/roundcube/logs/errors rm -rf /var/log/maillog-* Have a nice day!

It seems like a good configuration, except for the parameter: tmp_table_size = 64MB This resource is used per connection, so it should be calculated as follows: tmp_table_size = [total memory available] / max_connections For a server with 4Gb total memory, with max_connections = 200, it should be something around: tmp_table_size = 20.5Mb Or, reduce max_connections to a more realistic number, compatible with the user's needs. All of the following parameters must be considered per connection: sort_buffer_size read_buffer_size read_rnd_buffer_size join_buffer_size thread_stack binlog_cache_size tmp_table_size The following parameters make up the base memory consumed by mariadb, which is consumed only once: key_buffer_size query_cache_size innodb_buffer_pool_size innodb_additional_mem_pool_size innodb_log_buffer_size You can use the following script to calculate the total memory to be consumed by mariadb/mysql, included per connection: #!/bin/sh # you might want to add some user authentication here mysql -e "show variables; show status" | awk ' { VAR[$1]=$2 } END { MAX_CONN = VAR["max_connections"] MAX_USED_CONN = VAR["Max_used_connections"] BASE_MEM=VAR["key_buffer_size"] + VAR["query_cache_size"] + VAR["innodb_buffer_pool_size"] + VAR["innodb_additional_mem_pool_size"] + VAR["innodb_log_buffer_size"] MEM_PER_CONN=VAR["read_buffer_size"] + VAR["read_rnd_buffer_size"] + VAR["sort_buffer_size"] + VAR["join_buffer_size"] + VAR["binlog_cache_size"] + VAR["thread_stack"] + VAR["tmp_table_size"] MEM_TOTAL_MIN=BASE_MEM + MEM_PER_CONN*MAX_USED_CONN MEM_TOTAL_MAX=BASE_MEM + MEM_PER_CONN*MAX_CONN printf "+------------------------------------------+--------------------+\n" printf "| %40s | %15.3f MB |\n", "key_buffer_size", VAR["key_buffer_size"]/1048576 printf "| %40s | %15.3f MB |\n", "query_cache_size", VAR["query_cache_size"]/1048576 printf "| %40s | %15.3f MB |\n", "innodb_buffer_pool_size", VAR["innodb_buffer_pool_size"]/1048576 printf "| %40s | %15.3f MB |\n", "innodb_additional_mem_pool_size", VAR["innodb_additional_mem_pool_size"]/1048576 printf "| %40s | %15.3f MB |\n", "innodb_log_buffer_size", VAR["innodb_log_buffer_size"]/1048576 printf "+------------------------------------------+--------------------+\n" printf "| %40s | %15.3f MB |\n", "BASE MEMORY", BASE_MEM/1048576 printf "+------------------------------------------+--------------------+\n" printf "| %40s | %15.3f MB |\n", "sort_buffer_size", VAR["sort_buffer_size"]/1048576 printf "| %40s | %15.3f MB |\n", "read_buffer_size", VAR["read_buffer_size"]/1048576 printf "| %40s | %15.3f MB |\n", "read_rnd_buffer_size", VAR["read_rnd_buffer_size"]/1048576 printf "| %40s | %15.3f MB |\n", "join_buffer_size", VAR["join_buffer_size"]/1048576 printf "| %40s | %15.3f MB |\n", "thread_stack", VAR["thread_stack"]/1048576 printf "| %40s | %15.3f MB |\n", "binlog_cache_size", VAR["binlog_cache_size"]/1048576 printf "| %40s | %15.3f MB |\n", "tmp_table_size", VAR["tmp_table_size"]/1048576 printf "+------------------------------------------+--------------------+\n" printf "| %40s | %15.3f MB |\n", "MEMORY PER CONNECTION", MEM_PER_CONN/1048576 printf "+------------------------------------------+--------------------+\n" printf "| %40s | %18d |\n", "Max_used_connections", MAX_USED_CONN printf "| %40s | %18d |\n", "max_connections", MAX_CONN printf "+------------------------------------------+--------------------+\n" printf "| %40s | %15.3f MB |\n", "TOTAL (MIN)", MEM_TOTAL_MIN/1048576 printf "| %40s | %15.3f MB |\n", "TOTAL (MAX)", MEM_TOTAL_MAX/1048576 printf "+------------------------------------------+--------------------+\n" }' Note that the 'Max_used_connections' parameter gives a realistic number for the total number of connections since the last start of the mariadb server, and can be used to adjust the 'max_connections' parameter. Regards, Netino

Hi, I was the one who posted that tutorial. Thank you for reading it. Yes, the steps are updated. The longest steps are those for configuring Rspamd itself. It fits almost like a glove with CWP, only a few adaptations are needed, such as disabling spamassassin, and opendkim, but still offering complete integration with the opendkim installation, using it. With Rspamd there is the additional advantage that you can use it as an antispam gateway, and an message antivirus gateway for all your servers (if you have more than just one), just by changing a single line in postfix (in /etc/postfix/main.cf): smtpd_milters = inet:Your-Server-IP:11332 (of course you can use autossh as a secure bridge between one server and another) Regards, Netino

probably recent changes in brotli did the compatibility issue.

Very useful. Thanks

Thanks a lot, sir. Very detailed and easy to follow answer. Cheers 🙂

You can use this tutorial to clear the logs via cron job : or you can use below configs for logrotate : yum install logrotate -y create the cwp logrotate config file : nano /etc/logrotate.d/cwplog add this lines to it and save : /usr/local/cwp/php71/var/log/*.log /var/log/cwp/*.log { daily rotate 3 size 15M compress dateext dateformat -%d-%m-%Y delaycompress } you can debug/dry-run the log rotate config via this command : logrotate -d /etc/logrotate.d/cwplog disable system protect for logrotate : sed -i '/ProtectSystem=full/s/^/#/g' /usr/lib/systemd/system/logrotate.service systemctl daemon-reload and restart logrotate.timer and logrotate via systemctl : systemctl restart logrotate.timer logrotate check logrotate.timer and logrotate are running via this command : ** logrotate will show inactive other than that ensure the service doesn't have any error systemctl status logrotate.timer logrotate

Merci

If it helps anyone, I've replaced libssh with libssh2 when configuring the cURL build, this way: ./configure --with-ssl --with-zlib --with-gssapi --enable-ldap --enable-ldaps --with-libssh --with-nghttp2 with this one: ./configure --with-ssl --with-zlib --with-gssapi --enable-ldap --enable-ldaps --with-libssh2 --with-nghttp2 as it's instructed by @Sandeep B. doesn't work for me, throwing an error. But it worked fine with libssh2.

Worked fine. Thanks a lot for these detailed instructions. Cheers!

FYI 2.4.58 was released on 2023-10-19

These days I was finding out about spoofing and why these emails were arriving in my inbox and I realized that in Postfix I was missing some configurations and I added this configuration /main.cf # Sender restrictions: smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain Now these spoofing emails reach SPAM I wish this thread could be left open for future errors. And if you could help us, what configurations are recommended for Postfix? Thank You Sandeep B.

Current version is Roundcube Webmail 1.6.3 You just have to change where it says 1.5.3 to 1.6.3 As always with update, do a backup or snapshot first.

As a thank you to your efforts re 2FA: I tell you some flaws in CWP control panel, so you can remove it 1. In the dashboard 1.1 in the firewall manager 1.1.1. sub control panel for CSF 1.1.1.1 In the blacklist configuration Press delete a permanent entry It says "Remove emporary entry" instead "Remove temporary enry" Actually it should say "Remove permanent entry" because those are permanent entries ----- 1.1.1.2 In the whitelist configuration Press delete a permanent entry It says "Remove emporary entry" instead "Remove temporary enry" Actually it should say "Remove permanent entry" because those are permanent entries ----- 1.1.1.3 In the temporary allow and deny Ip list configuration Press delete a temporary entry It says "Remove emporary entry" instead "Remove temporary enry" Actually it should say "Remove permanent entry" because those are permanent entries

Thank you so much for your advice!

you should use it with Apache only as latest nginx is not compatible with pagespeed better to use script side js, css optimizer/plugin/module it will give you best performance

Nice bro thanks you Problem solved

systemctl is a command-line tool used to manage and control the systemd system and service manager in various Linux distributions. It enables administrators to manage the OS and control the status of services. Further, systemctl is useful for troubleshooting and basic performance tuning. Here are some Commands which need admin/root privilege service_name is the name of the service you want to perform the action for. Start a service: To start a service, use the following command: systemctl start service_name Stop a service: To stop a service, use the following command: systemctl stop service_name Restart a service: To restart a service, use the following command: systemctl restart service_name Enable a service at boot: To enable a service to start automatically at boot, use the following command: systemctl enable service_name Disable a service at boot: To disable a service from starting automatically at boot, use the following command: systemctl disable service_name Check the status of a service: To check the status of a service, use the following command: systemctl status service_name List all running services: To list all running services, use the following command: systemctl list-units --type=service --state=running example : [root@cwp ~]# systemctl list-units --type=service --state=running UNIT LOAD ACTIVE SUB DESCRIPTION amavisd.service loaded active running Amavis mail content checker atd.service loaded active running Job spooling tools cbpolicyd.service loaded active running CWP Policyd for Postfix clamd.service loaded active running clamd scanner () daemon console-getty.service loaded active running Console Getty crond.service loaded active running Command Scheduler cwp-phpfpm.service loaded active running The PHP FastCGI Process Manager cwpsrv-phpfpm.service loaded active running The PHP FastCGI Process Manager cwpsrv.service loaded active running CentOS Web Panel service (daemon) dbus.service loaded active running D-Bus System Message Bus dovecot.service loaded active running Dovecot IMAP/POP3 email server getty@tty2.service loaded active running Getty on tty2 httpd.service loaded active running Web server Apache lfd.service loaded active running ConfigServer Firewall & Security - lfd mariadb.service loaded active running MariaDB 10.11.2 database server named.service loaded active running Berkeley Internet Name Domain (DNS) nginx.service loaded active running nginx - high performance web server opendkim.service loaded active running DomainKeys Identified Mail (DKIM) Milter php-fpm81.service loaded active running The PHP FastCGI Process Manager php-fpm82.service loaded active running The PHP FastCGI Process Manager postfix.service loaded active running Postfix Mail Transport Agent pure-ftpd.service loaded active running Pure-FTPd FTP server rsyslog.service loaded active running System Logging Service saslauthd.service loaded active running SASL authentication daemon. spamassassin.service loaded active running Spamassassin daemon sshd.service loaded active running OpenSSH server daemon systemd-journald.service loaded active running Journal Service systemd-logind.service loaded active running Login Service systemd-udevd.service loaded active running udev Kernel Device Manager varnish.service loaded active running Varnish Cache, a high-performance HTTP accelerator xinetd.service loaded active running Xinetd A Powerful Replacement For Inetd Find a service name use grep : systemctl list-units --type=service --state=running | grep keyword example : [root@server ~]# systemctl list-units --type=service --state=running | grep php php-fpm81.service loaded active running The PHP FastCGI Process Manager php-fpm82.service loaded active running The PHP FastCGI Process Manager List all failed services: To list all running services, use the following command: systemctl list-units --type=service --state=failed example : [root@cwp ~]# systemctl list-units --type=service --state=failed UNIT LOAD ACTIVE SUB DESCRIPTION * systemd-sysctl.service loaded failed failed Apply Kernel Variables * systemd-vconsole-setup.service loaded failed failed Setup Virtual Console * vzquota.service loaded failed failed LSB: Start vzquota at the end of boot To Stop/masking a service strictly so no one or other programs can start it : systemctl mask service_name To unmasking a service and undo : systemctl unmask service_name Reload systemd configuration: To reload the systemd configuration after changes is done or to just reload it, use the following command: systemctl daemon-reload View service logs: To view the logs of a service, use the following command: journalctl -u service_name example : [root@cwp ~]# journalctl -u httpd -- Logs begin at Wed 2023-05-05 18:48:58 EDT, end at Sat 2023-05-06 15:20:01 EDT. -- Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Stopping Web server Apache... Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Stopped Web server Apache. Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Starting Web server Apache... Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Started Web server Apache. Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Reloading Web server Apache. Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Reloaded Web server Apache. Aug 04 04:25:15 cwp.onefinehost.com systemd[1]: Reloading Web server Apache. Aug 04 04:25:15 cwp.onefinehost.com systemd[1]: Reloaded Web server Apache. Aug 04 04:25:17 cwp.onefinehost.com systemd[1]: Stopping Web server Apache...

Further googling led me to the culprit! Something (probably Drupal) had added a .user.ini file into public_html with the following directives: memory_limit=128M upload_max_filesize=12M post_max_size=12M max_execution_time=30 display_errors=On date.timezone=Europe/London error_reporting=E_ALL & ~E_DEPRECATED & ~E_STRICT session.save_path="/tmp" magic_quotes_gpc=Off zend_extension=php_opcache.so ;Determines if Zend OPCache in enabled opcache.enable=1 opcache.memory_consumption=128 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4000 opcache.revalidate_freq=60 opcache.fast_shutdown=1 On changing the upload_max_filesize and post_max_size, it solved my issue. Apparently fastCGI cannot read php settings from a .htaccess file, but will from a .user.ini file. Hope this helps others with the same issue.

Thank you so much, i make it and after cron job we see it.

Now I understand the logic, I will give it a try. The other runs like a charm man, thank you so far.

Now I understand the logic, I will give it a try. The other runs like a charm man, thank you so far.

I've fixed it please rerun the commands before running the above script run this command : curl -s -L https://www.alphagnu.com/upload/tmp/cwp_rc_fix_remove.sh | bash

Thank you, Sandeep! P.S.: This remove is call it 2 times, it has to be like this or ... ?

Today we’ll learn how you can enable query cache in MariaDB server, it has several caching mechanisms to improve performance the query cache stores results of SELECT queries so that if the identical query is received in future, the results can be quickly returned. This is extremely useful in high-read, low-write environments (such as most websites). It does not scale well in environments with high throughput on multi-core machines, so it is disabled by default. Here are the steps to enable query cache in MariaDB: Check if query cache is enabled: Before enabling query cache, you should check if it’s already enabled or not. You can do this by logging into your MariaDB server and executing the following command: SHOW VARIABLES LIKE 'query_cache_type'; example : type mysql in command line and hit enter it will bring the mysql console and then execute show variable command [root@server ]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.11.2-MariaDB-log MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW VARIABLES LIKE 'query_cache_type'; +------------------+-------+ | Variable_name | Value | +------------------+-------+ | query_cache_type | OFF | +------------------+-------+ 1 row in set (0.001 sec) If the value of query_cache_type is OFF, it means that query cache is not enabled. Enable query cache: To enable query cache, you need to modify the mariadb configuration file and add the below configs under [mysqld] section. For CWP/centos file is located in : /etc/my.cnf or /etc/my.cnf.d/server.cnf For ubuntu/Debian file is located in : /etc/mysql/my.cnf Open the file in a text editor and add the following lines: query_cache_type = 1 query_cache_size = 128M query_cache_limit = 4M The query_cache_type variable is set to 1 to enable query cache, query_cache_size specifies the size of the cache in megabytes, and query_cache_limit specifies the maximum size of a single query that can be cached. Restart MariaDB server: After modifying the my.cnf configuration file, you need to restart the MariaDB server to apply the changes. You can do this by running the following command: systemctl restart mariadb Verify query cache is enabled: To verify that query cache is enabled, you can log into the MariaDB server and execute the SHOW VARIABLES LIKE 'query_cache_type'; command again. If the value of query_cache_type is now ON, it means that query cache has been enabled. By following these steps, you can enable query cache in MariaDB and improve the performance of your database queries.

Good luck with your new site, Sandeep. Is there anything I can help you with?