Enabling wildcard support in Cpanel shared hosting

My requirement is I need to enable wildcard sudomains on one of my add-on domain. My add-on domain is “test.com” and I want all the sub-domain requests to be managed my this domain like

test1.test.com --> test.com
test2.test.com --> test.com
xxx.test.com --> test.com

Click on sub-domain menu from the cpanel home. Then add the ‘Subdomain ” name is set to “*” and choose the domain name to which wildcards to be enabled. Pls do remember that “document root” is set to where the domains files were copied. Obviously it should be public_html.

Cheers.

How do I install UCC SSL certificate on Cpanel servers

I have purchased a UCC ssl certificate from Godaddy which is support to used for 5 domains. I can installed my primary domain ssl easily by reading Godaddy’s cpanel installation instructions. But I couldn’t see they anywhere for ssl implemention of other domain.

I have tried to install this ssl from the WHM–> ssl manager. But every time the primary ssl domain name certificate is re-installing. There is no any errors showing up during the installation and it’s still using self-signed certificate on browsing. After spending with 30 minutes I feel there is noting we can do with cpanel.

Then I directly checked the http.conf settings and copy my primary domain ssl settings to the other virtualhost which is included on the SAN list of that SSL certificate.

SSLCertificateFile /etc/ssl/certs/www.sites.com.crt
SSLCertificateKeyFile /etc/ssl/private/www.sites.com.key
SSLCACertificateFile /etc/ssl/certs/www.sites.com.cabundle

Pls note that we can use the same certificate and private key for all the domains included on the UCC certificate. Then I restarted the Apache and found that it’s working correctly. I have verified it by viewing the certificate file also.

Now we need to fix the custom modification on httpd.conf saved on cpanel settings. for doing this,
root@server81-28-25-12 [~]# /usr/local/cpanel/bin/apache_conf_distiller --update

Usermin not starting

How do I start usermin ?

-

sh-3.2# /etc/usermin/start
Starting Usermin server in /usr/libexec/usermin

Then try to check it by

-sh-3.2# netstat -tulpn | grep 20000
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 6468/perl
udp 0 0 0.0.0.0:20000 0.0.0.0:* 6468/perl

It’s running and we can test it by open the address https://domain.com:20000 on browser.

How do I disable Http authentication on WHM/Cpanel ?

The design of HTTP Authentication does not allow for logging out of an authenticated session. Once a HTTP Authentication
session is established, the credentials are cached by the browser until the browser application is terminated. Some
browsers allow a method to flush the credentials, but this method is not reliable nor available in all browsers. Because the
authetication credentials are cached they are a likely target for cross-site request forgery attacks, often known as XSRF
or CSRF.

Due to the inherit weaknesses of HTTP Authenitcation cPanel recommends disabling its use with the product. This is
done by checking the box of the Tweak Setting labeled. Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials.

Login to your WHM/Cpanel server
Main >> Server Configuration >> Tweak Settings

You can find a entry ” Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication.) This will help prevent certain types of XSRF attacks that rely on cached Http Auth credentials” . under security settings.

Make sure the check box is ticked and save the settings. Eventhough it was shown ticked with my default WHM installation, but not worked. After I am saving the settings I got a messages like

” Updating “Skip HTTP Authentication” from “” to “1″.
“Skip HTTP Authentication” was updated.”

After that everything will showing up correctly.

Installing Nagios on WHM/Cpanel servers

How do I install nagios on WHM/Cpanel loaded with Centos ?

I spent about 5 hours to find a solution for viewing nagios web interface since cpanel is using SuPhp bind with Apache. I’ve done the nagios installation so quickly but cpanel apache config. didn’t allow to include “conf.d” folders in “include” list. obviously this command wont work.
#make install-webconf
When I’m trying to access the nagios after adding it on the include file which cpanel says, I got an error like this and page doesn’t visible.
root@server8-28-25-132 [~]# vi /usr/local/apache/logs/suphp_log

[Mon Mar 15 09:48:18 2010] [warn] File “/usr/local/nagios/share/index.php” is writeable by group
[Mon Mar 15 09:53:30 2010] [warn] Mismatch between target UID (99) and UID (32007) of file “/usr/local/nagios/share/index.php”

So neither of my attempts were note worked yet. It’s something caused suphp. After Googling I didn’t get a scenario exact same like this but causd me to have get some tweeks .

The idea is I create a new subdomain ( nagios.test.com) on Cpanel and modified the values written by the Cpanel on Apache.

My new value is,

ServerName nagios.test.com
ServerAlias www.nagios.test.com
DocumentRoot /home/test/public_html/nagios
ServerAdmin webmaster@test.com
UseCanonicalName On
CustomLog /usr/local/apache/domlogs/nagios.test.com combined
CustomLog /usr/local/apache/domlogs/nagios.test.com-bytes_log “%{%s}t %I .\n%{%s}t %O .”
## User test # Needed for Cpanel::ApacheConf

suPHP_UserGroup nagios nagios

SuexecUserGroup nagios nagios

ScriptAlias /nagios/cgi-bin “/usr/local/nagios/sbin”

Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

Alias /nagios “/usr/local/nagios/share”

Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName “Nagios Access”
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

Pls note the line ” suPHP_UserGroup nagios nagios”.

Then restart the webserver
#apachectl restart


Now I can see the Nagios web interface nicely at last. The url is http://nagios.test.com/nagios. That’s worked

I have tweaked my previous post again. There is another easier method to done. Basic idea is create a conf file and add the nagios Apache entries on and include it on Apache main file rather than editing that file itself.

For doing this first I made the “include” file entry on main config. file.
#vi /etc/httpd/conf/httpd.conf and include the line on my domain virtual host part.
Include “/home/myuser/conf/nagios.conf”

#vi /home/myuser/conf/nagios.conf and add the following line in it.
suPHP_UserGroup nagios nagios
SuexecUserGroup nagios nagios
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

Alias /nagios "/usr/local/nagios/share"

Options None
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

Then restart the apache
#apachectl restart

Making chages permently on httpd.conf in an WHM Apache server
#/usr/local/cpanel/bin/apache_conf_distiller -–update
root@server88-20-25-12 [~]# /usr/local/cpanel/bin/apache_conf_distiller –update
Distilled successfully
root@server88-20-25-12 [~]#

Installing CSF on WHM/Cpanel for Centos

CSF (ConfigServer Security & Firewall) is a excellent and easily configurable firewall solution for WHM/Cpanel servers. But I would recomend to use APF is possible but there is no any GUI to manage it.

Here are the quick steps to install it,
# mkdir /home/installation && cd /home/installation
#tar -zxvf csf.tgz
-bash-3.2# cd csf
-bash-3.2# iptables -L
-bash-3.2# service iptables stop
-bash-3.2# sh install.sh
-bash-3.2# csf -s
-bash-3.2# vi /etc/csf/csf.conf
Specify which ports you want to allow. Find the lines as shown below and add the port you want to open.

Here is showing standard Cpanel port list.

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2087″
# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703″
# Allow incoming UDP ports
UDP_IN = “20,21,53,953″
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,873,953,6277″

Now you need to make the CSF rule to become active rather than testing,
Disable the Testing Mode and Start the Firewall.
a. Edit csf config file /etc/csf/csf.conf and update the following lines.
TESTING = “0″

Now restart the CSF service,
-bash-3.2# csf -r
-bash-3.2# chkconfig iptables off

That’s it.

Now you can see and Option ” ConfigServer Security&Firewall ” enabled on the WHM under ‘plugins” tree at the bottom of the right side panel.

Feel free to make the changes/updates over web interface on whm

-njoy

"open_basedir restriction in effect" on Plesk

Question,

I can’t upload images to the web even that folder was given full access to the webserver. Server is Centos5 with Plesk loaded

My error messages should like this,

Wed Jan 27 08:55:57 2010] [error] [client 122.166.23.96] PHP Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/vhosts/mydomain.com/httpdocs/PrdImages/1517face.gif) is not within the allowed path(s): (/var/www/vhosts/mydomain.com/httpdocs:/tmp)

Solution,

1. create a conf. file on /var/www/vhosts/mydomain.com/conf/vhost.conf and added the following entries on it.

php_admin_flag engine on
php_admin_flag safe_mode off
php_admin_value open_basedir “none”

php_admin_flag engine on
php_admin_flag safe_mode off
php_admin_value open_basedir “none”

then include this file entry on domain.conf file
vi /var/www/vhosts/mydomain.com/conf/httpd.include
then added the following entry at the end of the file inside the virtualhost entry.
Include /var/www/vhosts/mydomain.com/conf/vhost.conf

then, restart apache . I do also disable the running php on safe mode ( webhosting settings) from Plesk control panel for the domain.
[root@mydomain.com ~]# vi /var/www/vhosts/mydomain.com/conf/httpd.include
[root@mydomain.com ~]# vi /var/www/vhosts/mydomain.com/conf/vhost.conf
[root@mydomain.com ~]# /usr/local/psa/admin/sbin/websrvmng -a -v
[root@mydomain.com ~]# service httpd configtest
Syntax OK
[root@mydomain.com ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

After the Apache restart, check the php variables should same as shown below,
open_basedir no value no value
safe_mode Off Off


-njoy

Plesk – qmail sending the mails from localhost.localdomain

Yesterday I have issue with plesk mail.
During the nagios setup on a pleask installed server, I noticed that all the mails which generated from the console showing the suffix localhost.localdomain. Hence it caught moved to spam mail.

My trails are,

1. First checking the mx records properly point to the server
2. Check the /etc/hosts and hostname ( etc/sysconfig/network) whether it’s correctly resolve the hostname
3. Make sure that mx record point to the “mail.myserver.com“. It must have a FQDN.
4. Verifying reverse dns lookup. I created a “PTR’ record of the server ip pointing to the “mail” host record and the server domain.
5. Verifying that smtp server is listening the port 25. Actually Plesk uses qmail smtp to send out the mail and SMTP server (Postfix) was not started during the setup time. So that I can send the mail but not receive any mails.

Finally I found a solution from thread is.

Just change the ” /var/qmail/control/me” file entry to mydomain which was set to localhost.localdomain.com
# echo "mydomain.com" > /var/qmail/control/me

restart qmail and nagios
[root@rc-042 php-5.2.9]# /etc/init.d/qmail restart
[root@rc-042 php-5.2.9]# /etc/init.d/nagios restart

How to verify qmail configured to use my domain.
# /var/qmail/bin/qmail-showctl | less press the key “q” quit from window which must shows
defaulthost: (Default.) Default host name is mydomain.com.

It’s working charm after that. -:)

Note: I have spent few hours to find how the email was send out. I stopped the posfix and verified the port 25 is not listening. But it’s still sending out the mail. Lately I found Plesk is using qmail to send the mail.