Archive for the ‘Control panels’ Category
Monday, February 6th, 2012
When you install SolusVM it generates a self signed SSL certificate for use with the end user control panel and admin interface, however it would be wise to purchase a certificate from a commercial certificate authority to prevent man in the middle attacks (and get rid of annoying browser warning messages).
There are two different methods of installing SSL certificates in SoluSVM depending on if you are using the original Lighttpd web-server or the new Nginx option.
For Lighttpd, you need to place the Base64 encoded DER form of both the private key and the x509 certificate in /usr/local/solusvm/ssl/solusvm.pem and then restart the Lighttpd web-server.
You may need to edit /etc/lighttpd/lighttpd.conf and set “ssl.ca-file” to be the path to the Base64 encoded DER form of the x509 certificate intermediate certificate for your Certificate Authority.
For Nginx, you place the Base64 encoded DER form of both the private key in /usr/local/solusvm/ssl/nginxcert.key and the Base64 encoded DER form of x509 certificate in /usr/local/solusvm/ssl/nginxcert.pem then restart the Nginx web-server.
If you need to include an intermediate certificate for your Certificate Authority, then this also goes in the /usr/local/solusvm/ssl/nginxcert.pem file in Base64 encoded DER form.
Tags: CA, Certificate Authority, DER, Lighttpd, Nginx, PEM, SolusLabs, SolusVM, SSL, SSL certificate, x509
Posted in SolusVM | No Comments »
Saturday, February 4th, 2012
Historically the brilliant SolusVM VPS control panel have used the Lighttpd web server on their master and slave nodes, however it is now possible to use the popular Nginx as an alternative web-server.
I’m a big fan of the performance and flexibly of Nginx, not to mention that in my opinion the Nginx configuration files are just much easier to write and maintain than Lighttpd.
Thanks to a nice, easy to use installation script, the process of converting the SolusVM master server/node from Lighttpd to Nginx, just requires running the following commands:
wget http://files.soluslabs.com/solusvm/nginx/nginx-master-el5-x86_64
chmod 755 nginx-master-el5-x86_64
./nginx-master-el5-x86_64
And to convert each of your SolusVM slave servers/nodes from Lighttpd to Nginx, it’s just as simple:
wget http://files.soluslabs.com/solusvm/nginx/nginx-slave-el5-x86_64
chmod 755 nginx-slave-el5-x86_64
./nginx-slave-el5-x86_64
Both of these examples assume that you are running your SolusVM master and slave servers/nodes on a 64-bit CentOS 5.x system, however if you are using CentOS 6.x then just substitute “el6″ for “el5″ in each of these commands.
As part of the installation process, a new self signed SSL certificate will be generated for Nginx, leaving the original SSL certificate used by Lighttpd in it’s place in case you need to roll back for any reason. The roll back is simply a case of stopping and disabling the Nginx and Spawn-FCGI services before re-enabling and starting the Lighttpd service:
chkconfig nginx off
chkconfig spawn-fcgi off
chkconfig lighttpd on
service nginx stop
service lighttpd start
Tags: Lighttpd, Nginx, SolusLabs, SolusVM
Posted in SolusVM | No Comments »
Thursday, September 29th, 2011
I recently came across a bizzare issue in the version of Horde webmail shipped with Parallels Plesk 9.5.2 where it would allow you to attach files to an e-mail you are composing, but when you send the e-mail the attachment never arrives. Sending the same attachment via the Atmail webmail client or a traditional SMTP client wasn’t a problem and the mail server logs didn’t indicate that the attachment was getting stripped, so it was eveidently never getting attached to the e-mail in the first place.
For some reason Parallels Plesk doesn’t specify a seperate ErrorLog for the Horde webmail.domain.com vhost in /etc/httpd/conf.d/zzz_horde_vhost.conf so all of the logs from Horde end up in the main Apachce HTTPD error log at /var/log/httpd/error_log.
In the logs there should be PHP errors where Horde is unable to load one of it’s shared libraries that is used for processing attachments:
PHP Fatal error: Can’t load Horde/Serialize.php, open_basedir restriction. in /usr/share/psa-horde/lib/Horde/SessionObjects.php on line 134,
The easiest way to fix this is to change the relative path to the file (Horde/Serialize.php) to an asbolute path, so take a copy of /usr/share/psa-horde/lib/Horde/SessionObjects.php as a backup then open the file up and
look for two lines that say:
require_once ‘Horde/Serialize.php’;
And edit these two lines to have the full path:
require_once ‘/usr/share/psa-horde/lib/Horde/Serialize.php’;
Now all you have to do is save the file and test that Horde has started working as expected. Remember that future updates to Horde from Parallels will overwrite this file and you will have to re-apply your change.
Tags: attachments, Horde, Parallels, Parallels Plesk, Plesk, PSA, webmail
Posted in Plesk | No Comments »
Monday, June 27th, 2011
If you are experiencing HTTP 500 Internal Server Error messages from the license management part of the Parallels Plesk control panel when running on Atomic Secured Linux, then you are probably running into some buggy anti-reverse engineering code that Parallels have built into the Plesk software.
It seems that Parallels are using ptrace to determine if someone has attached a debugger to Plesk in order to reverse engineer it. The problem is that AtomiCorp have implemented GRSecurity ptrace protection in the Atomic Secured Linux kernel in order to prevent malicious software such as TTY sniffers and Parallels Plesk is incorrectly interpreting it’s inability to ptrace as suspicious debugging behaviour.
Until Parallels fix this behaviour in Plesk (and there is no sign that they will, given that it has been a known issue for many months), then the only thing that you can to is disable the GRSecurity ptrace feature in the Atomic Secured Linux kernel. This can be done whilst the system is running using sysctl:
sysctl -w kernel.grsecurity.harden_ptrace=0
In order to make this change permanent so that it doesn’t disappear every time you reboot your server, you will need to edit /etc/sysctl.conf and add the following line:
kernel.grsecurity.harden_ptrace = 0
Now restart the Parallels Plesk service and enjoy your error free license management 
Tags: ASL, Atomic Secured Linux, GRSecurity, Parallels Plesk, Plesk, PSA
Posted in Plesk | 1 Comment »
Sunday, June 19th, 2011
A handy feature of R1Soft CDP Server 2.0 (now known as Enterprise Edition) is that it can integrate with cPanel so that your users can restore their own files from your backups using a self service interface. If you want to remove this integration for any reason, then R1Soft provide a BASH shell script to do this for you:
/usr/lib/buagent/control-panels/cpanel/remove-cpanel-integration.sh
This script doesn’t always work for one reason or another, so the other way of doing this is to manually call the cPanel plugin uninstaller:
/usr/local/cpanel/bin/unregister_cpanelplugin /var/cpanel/registered_cpanelplugins/righteousbackup
This is particularly helpful if you forgot to uninstall the cPanel integration before upgrading to R1Soft CDP 3.0 or thought that the r1soft-uninstall-buagent utility would do it for you when removing the R1Soft CDP 2.0 agent (unfortunately it doesn’t, but it does helpfully remove the remove-cpanel-integration.sh script).
Unfortunately the cPanel integration in R1Soft CDP 3.0 is severely lacking compared to R1Soft CDP 2.0 and in my opinion is virtually useless in it’s current form.
As the control panel integration system is a pretty new feature in R1Soft CDP 3.0 (it was missing entirely from the initial release), hopefully it will be bolstered in subsequent R1Soft CDP 3.0 releases to restore it to the same level of functionality as was formerly available in R1Soft CDP 2.0.
Tags: CDP, CDP 2.0, CDP 3.0, CDP Advanced Edition, CDP Enterprise Edition, CDP Server, CDP Standard Edition, CDP2, CDP2.0, CDP3, CDP3.0, Continuous Data Protection, cPanel, R1Soft, R1Soft CDP, WHM
Posted in cPanel/WHM, R1Soft CDP | No Comments »
Thursday, April 28th, 2011
If for any reason your /boot/solus-vmlinuz symlink as well the /boot/solus-initrd.img initial RAM disk are missing or incorrect in Dom0 on one of your SolusVM Xen slaves, then you can force SolusVM to regenerate them using the latest Xen enabled copy of the kernel installed on the server using the following command in Dom0 on the slave:
php /usr/local/solusvm/includes/xenkernel.php
This not only re-creates the /boot/solus-vmlinuz symlink to the appropriate vmlinuz file, but also builds the necessary /boot/solus-initrd.img initial RAM disk to boot your DomU machines.
Of course, if you are using PyGrub then you don’t use these files in Dom0
Tags: Dom0, Domain-0, DomU, initial RAM disk, initrd, kvm, OpenVZ, SolusLabs, SolusVM, vmlinuz, Xen
Posted in SolusVM | No Comments »
Wednesday, February 9th, 2011
Parallels Plesk 9 doesn’t seem to like installing certificates signed by an intermediate Certificate Authority (which is becoming more and more common and will be all certificates in the next year or two) through the SSL certificates part of the Plesk interface available to both administrators and end users.
A work around to this seems to be to install the CA bundle (both the root CA and the intermediate CA certificates) together and then install your certificate separately, otherwise you will just receive an error saying that the certificate was not signed by the certificate authority.
Tags: CA, Certificate Authority, intermediate Certificate Authority, Parallels Plesk, Plesk, SSL, SSL certificate
Posted in Plesk | No Comments »
Thursday, February 3rd, 2011
If you manage to accidentally fill up the root partition on your cPanel/WHM server, then WHM helpfully disables some features such as creating and terminating (deleting) accounts so that you don’t end up with half of an account. You will see a message something along the lines of this in WHM when attempting a restricted function:
The / partition on this server is running out of disk space. WHM operation has been temporarily suspended to prevent something bad from happening. Please ask your system admin to remove any files not in use on that partition.
Annoyingly, WHM doesn’t notice as soon as you free up some disk space, so not only can you not carry out some essential maintenance tasks until WHM next checks the free disk space but any of your customers with access to WHM (such as resellers) might come across this potentially embarrassing message!
cPanel stores a cache of it’s disk space calculation (basically the output of df) in “/root/.cpanel/datastore/_bin_df_-P_-k_-l” so you can either regenerate this file with the /usr/local/cpanel/bin/build_global_cache script, or alternatively just move/delete this file to get WHM back to normal operation.
Tags: cPanel, WHM
Posted in cPanel/WHM | No Comments »
Friday, December 31st, 2010
If your cPanel/WHM install randomly sends you an e-mail one day along the lines of:
Native SSL support failed to pass the startup test. stunnel was started instead.
The exact error was: [linktest=/usr/local/cpanel/bin/linktest-ssl: error while loading shared libraries: /usr/local/cpanel/perl/Net/SSLeay/SSLeay.so: cannot open shared object file: No such file or directory
] [binary=/usr/local/cpanel/cpsrvd-ssl] [cpsrvd=/usr/local/cpanel/cpsrvd-ssl: error while loading shared libraries: /usr/local/cpanel/perl/Net/SSLeay/SSLeay.so: cannot open shared object file: No such file or directory
]
You should attempt run /usr/local/cpanel/bin/nativessl-install or submit a support request at https://tickets.cpanel.net/submit/
Then hopefully the following will restore it to it’s previous working state:
perl -MCPAN -e ‘install ExtUtils::Install’
/usr/local/cpanel/bin/nativessl-install
I have no idea what causes this or why /scripts/checkperlmodules doesn’t flag the ExtUtils::Install Perl module as missing, but it seems to fix the problem even when using perl588installer.tar.gz from layer1.cpanel.net to re-install the cPanel provided version of Perl and associated CPAN modules doesn’t.
Tags: CPAN, cPanel, ExtUtils, perl, SSL, WHM
Posted in cPanel/WHM | No Comments »
Monday, December 27th, 2010
Be careful when running the Parallels Plesk update utility on Windows servers if you have a large number of files in “C:\Program Files (x86)\Parallels\Plesk\admin\sessions” as once it has finished the upgrade the utility will try and clear this directory before letting you do anything else, including the mandatory reboot. It seems that it is quite easy for there to be hundreds of thousands of files in this folder, which in turn means that this part of the upgrade process can take well over an hour even on a decent machine!
Tags: Parallels Plesk, Plesk, Windows, Windows Server
Posted in Plesk, Windows | No Comments »