Fidolas

On 5/12/2024 at 10:52 PM, Sandeep B. said:

hi you can't disable it as it is built with cwp 

you can remove the proxy from Apache config :

/usr/local/apache/conf.d/system-redirects.conf

restart apache service

Ok. Thanks a lot. I'll try this way. What I want is to forbid access to phpMyAdmin from outside, not to uninstall it.

I want to disable the phpMyAdmin interface but I can't see any easy way to do so. Is there any way to easily enable and disable this?

Thanks in advance,

Now that nginx 1.26 adds http3 experimental support, it could be useful to update this guide to also enable http3 when building nginx from sources

On 1/3/2024 at 7:51 PM, Navid said:

HI, thank you very much dear Sandeep for you nice comprehensive answer

 

just I would to ask about this line: 

/usr/local/cwp/php71/var/log/*.log

 

incase using php 8.1 instead of the php 7.1, it's nee to change: /usr/local/cwp/php81/var/log/*.log  or it's not necessary 

 

 

thanks

CWP only uses PHP 7.1 and not 8.1. You can use any PHP version you want on your server but CWP will use always the 7.1 version. 

It looks promising. Is there any other but for Centos 8 Stream? Or do you recommend Almalinux 8 over Centos 8 Stream?

I want to mean that I can go with snapshots of the whole drive. And if there are serious issues then I can rollback into the previous system. That's why I want a method more or less reliable to upgrade and try it. 

Well, I can experiment, no worries. What kind of problems are they?

Just now, Sandeep B. said:

you will be stuck in that version 

Until the end of your life...

But now seriously. There is no way to upgrade a server from Centos 7 to Centos 8 Stream?

1 minute ago, Sandeep B. said:

you can check it here https://docs.control-webpanel.com/docs/admin-guide/user-accounts/cwp-to-cwp-migration

I see. But that was when you have two servers with two different IP address. But what if you only have a single server?

2 minutes ago, Sandeep B. said:

it is not recommended this will cause many issues you need a fresh server to do the migration via cwp-cwp migration module 

What is "cwp-cwp migration module"?

Thanks for answer about this issue. Is there any script to ease the upgrade from Centos 7 to Centos 8 Stream? Is there any tutorial published? There are issues?

Hi,

Due to the end of life of Centos 7, my question is aimed at knowing what the recommendations may be to migrate the system. As I understand it, Centos 8 has an even worse situation than Centos 7 and therefore other alternatives will have to be evaluated.

I would like to know if there are already some proven working scripts that facilitate the migration, allowing the CWP configurations to be preserved when moving them to a new operating system. Is there a tutorial posted here that makes this task easier? What is the recommendation regarding this matter? Of all the possibilities, which one is the closest in terms of stability and security to what Centos 7 offered until now?

I want to mean that from my point of view (and may be I'm totally wrong) it depends on the webserver settings selected. It's not the same for a single apache on front than when it's nginx + apache or litespeed or whatever. In cases where it's apache only or nginx only then it has sense to have the public ip into the vhosts. So CWP should use a different setup for each case. I'm not sure at all and that's why I'm asking. I believe that it could be more secure to use localhost/127.0.0.1 when the webserver is not on the front. That way this also avoids the firewall setups to keep the upstream server blocked to direct access to the listening ports.

shouldn't it be added as a template to let the user select the best for the case? For example, when apache is behind a nginx local reverse proxy or other configurations. In that cases is the proxy on the front that manages the ip for the domains. Isn't it?

Can't understand why CWP configures apache vhosts listening on the public IP and not in localhost/127.0.0.1. Why is this setup if it's behind a nginx proxy and not serving pages outside? It shouldn't be better to use 127.0.0.1? 

1 hour ago, Sandeep B. said:

DNSSEC is nothing to do with DKIM double records, to solve the issue you need to delete the keys from /etc/opendkim for that domains and from the dns manager and then regenerate the key 

or edit /etc/opendkim.conf

and add this lines at last :

RemoveOldSignatures  yes

and restart dkim service

This doesn't solve the issue. Into the DKIM manager there is a line with domain.tld with all the green dots, and under that line there is another one with domain.tld.db.sig with all dots in red.

I've added the "RemoveOldSignatures  yes" into opendkim.conf then restarted opendkim service but in CWP there is already the issue.

Ok. Forget about my previous message. I had to run this:

curl -s -L https://www.alphagnu.com/upload/tmp/cwp_rc_fix.sh | bash

but AFTER the installation. Not sure why. Now it works and no "Server error!" messages anymore.

I'm also having "Server error!" into the Roundcube interface after updating. Not sure if there are necessary changes into the config.inc.php in roundcube installation folder. Do I need to change anything there?

On 6/4/2023 at 3:29 PM, Sandeep B. said:

Step 3
Update the Roundcube installation :

cd  roundcubemail-1.5.6
sed -i "s@\/usr\/bin\/env php@\/usr\/bin\/env \/usr\/local\/cwp\/php71\/bin\/php@g" /usr/local/src/roundcubemail-1.5.4/bin/installto.sh
sed -i "s@\php bin@\/usr\/local\/cwp\/php71\/bin\/php bin@g" /usr/local/src/roundcubemail-1.5.4/bin/installto.sh
bin/installto.sh /usr/local/cwpsrv/var/services/roundcube

I believe that there is an error in these lines. It should say: 

cd  roundcubemail-1.5.6
sed -i "s@\/usr\/bin\/env php@\/usr\/bin\/env \/usr\/local\/cwp\/php71\/bin\/php@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.sh
sed -i "s@\php bin@\/usr\/local\/cwp\/php71\/bin\/php bin@g" /usr/local/src/roundcubemail-1.5.6/bin/installto.sh
bin/installto.sh /usr/local/cwpsrv/var/services/roundcube

So the example is about 1.5.6 version.

I'm trying to follow these steps but using the latest one to date https://github.com/roundcube/roundcubemail/releases/download/1.6.5/roundcubemail-1.6.5-complete.tar.gz

But it complains that "Unsupported PHP version. Required PHP >= 7.3"

I suppose that there is no solution until CWP gets updated to use PHP > 7.3

Anyway, thanks a lot, as always, for detailed instructions.

On 6/3/2023 at 7:23 PM, Sandeep B. said:

// zone domain.tld
zone "domain.tld" {type master; file "/var/named/domain.tld.db.signed";};
// zone_end domain.tld

I've a question about this step. After doing this there is a problem on CWP -> DKIM Manager where the zone appears duplicated and the signed one is not recognized.

How can it be solved for CWP? What are the additional steps to get it working?

Thanks a lot for all the tips. Finally I got it working after dealing with the clamd service. Initially there was a problem with a very high CPU usage, but fortunately I solved it with:

 sh /scripts/clamd_fix_100_cpu_usage

Now it seems that all goes fine. Fingers crossed 🙂

5 minutes ago, Sandeep B. said:

Then you need to install base version of curl from centos 7 seems latest curl is not supported by old clamav.

Remove this lines "exclude=curl* libcurl*" from /etc/yum.conf

And install curl

yum install curl libcurl libcurl-devel

 

Now I was able to install it and also amavis. Problem is that now clamd service reports error status. Can't start it

2 minutes ago, Sandeep B. said:

Remove the clamav

rpm -e --nodeps clamav 

and install via yum  :

yum install clamav --skip-broken

 

it gives:

Packages skipped because of dependency problems:
    clamav-0.103.11-1.el7.x86_64 from epel
    clamav-filesystem-0.103.11-1.el7.noarch from epel
    clamav-lib-0.103.11-1.el7.x86_64 from epel
    clamav-update-0.103.11-1.el7.x86_64 from epel
    libprelude-5.2.0-2.el7.x86_64 from epel

systemctl start clamd

systemctl start clamd

systemctl status clamd

● clamd.service - clamd scanner () daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd.service; static; vendor preset: disabled)
   Active: failed (Result: start-limit) since Mon 2023-11-27 00:10:59 CET; 4s ago
  Process: 4240 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/amavisd.conf --foreground=yes (code=exited, status=203/EXEC)
 Main PID: 4240 (code=exited, status=203/EXEC)

Nov 27 00:10:59 **edited** systemd[1]: clamd.service: main process exited, code=exited, status=203/EXEC
Nov 27 00:10:59 **edited** systemd[1]: Unit clamd.service entered failed state.
Nov 27 00:10:59 **edited** systemd[1]: clamd.service failed.
Nov 27 00:10:59 **edited** systemd[1]: clamd.service holdoff time over, scheduling restart.
Nov 27 00:10:59 **edited** systemd[1]: Stopped clamd scanner () daemon.
Nov 27 00:10:59 **edited** systemd[1]: start request repeated too quickly for clamd.service
Nov 27 00:10:59 **edited** systemd[1]: Failed to start clamd scanner () daemon.
Nov 27 00:10:59 **edited** systemd[1]: Unit clamd.service entered failed state.
Nov 27 00:10:59 **edited** systemd[1]: clamd.service failed.

1 minute ago, Sandeep B. said:

also try

yum install clamav --skip-broken

also you can install latest clamav via this command : 
 

rpm -ivh https://www.clamav.net/downloads/production/clamav-1.0.4.linux.x86_64.rpm 

 

This way there is no complains

rpm -ivh https://www.clamav.net/downloads/production/clamav-1.0.4.linux.x86_64.rpm

But now. How can I setup clamav? (service and so on)