Archive

Archive for the ‘Vesta’ Category

CentOS 7, VestaCP and the Irritating clamd

July 9, 2016 1 comment

Here is the step by step guide in getting clamav to work in CentOS 7 for a VestaCP setup

Install Updated ClamAV components
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y

Link scan.conf to the default VestaCP clamd config file
rm -f /etc/clamd.d/scan.conf
ln -s /etc/clamd.conf /etc/clamd.d/scan.conf

Create freshclam service (Running it as a service will automatically update your AV definitions)
vi /usr/lib/systemd/system/clam-freshclam.service

[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStartPre=/usr/bin/mkdir -p /var/lib/clamav/
ExecStartPre=/usr/bin/chown -R clam.clam /var/lib/clamav
ExecStartPre=/usr/bin/chmod 755 /var/lib/clamav
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target

Register and start freshclam service
systemctl enable clam-freshclam.service
systemctl restart clam-freshclam.service
systemctl status clam-freshclam.service -l

Update clamd@ service to create the neccessary folders
vi /usr/lib/systemd/system/clamd@.service
[Unit]
Description = clamd scanner (%i) daemon
After = syslog.target nss-lookup.target network.target

[Service]
Type = simple
***ADD these 2 lines below, they must be before ExecStart
ExecStartPre = /usr/bin/mkdir -p /var/log/clamav/
ExecStartPre = /usr/bin/chown -R clam:clam /var/log/clamav/
ExecStart = …

Update startup to use the new clamd service
cd /usr/lib/systemd/system

systemctl disable clamd.service

systemctl enable clamd@scan.service
systemctl restart clamd@scan.service
systemctl status clamd@scan.service
image

Test scan, make sure it is successful
clamdscan -c /etc/clamd.d/scan.conf –fdpass

image

Advertisements
Categories: CentOS, Vesta

Enable Roundcube filters in Vesta 0.98 on CentOS 6.6

November 23, 2015 2 comments

#Install Dovecot Manage Sieve
yum install dovecot-pigeonhole

#edit 20-managesieve.conf
vi /etc/dovecot/conf.d/20-managesieve.conf

#Uncomment protocols
protocols = $protocols sieve

#Edit 10-master.conf
#add in section listed in blue

vi /etc/dovecot/conf.d/10-master.conf

service auth {
  unix_listener auth-client {
    group = mail
    mode = 0660
    user = dovecot
  }
  unix_listener auth-master {
    group = mail
    mode = 0660
    user = dovecot
  }

  user = dovecot
}

#Append this to the end of 10-master.conf
service managesieve-login {
  inet_listener sieve {
  port = 4190
  }
}
service managesieve {
}
protocol sieve {
    managesieve_max_line_length = 65536
    managesieve_implementation_string = dovecot
    log_path = /var/log/dovecot-sieve-errors.log
    info_log_path = /var/log/dovecot-sieve.log
}
plugin {
    sieve = ~/.dovecot.sieve
    sieve_global_path = /etc/dovecot/sieve/default.sieve
    sieve_dir = ~/sieve
    sieve_global_dir = /etc/dovecot/sieve/global/
}
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
    mail_plugins = $mail_plugins autocreate sieve quota
    postmaster_address = postmaster@testdomain.com
    hostname = srv.testdomain.com
    auth_socket_path = /var/run/dovecot/auth-master
    log_path = /var/log/dovecot-lda-errors.log
    info_log_path = /var/log/dovecot-lda.log
}
protocol lmtp {
    mail_plugins = $mail_plugins autocreate sieve quota
    log_path = /var/log/dovecot-lmtp-errors.log
    info_log_path = /var/log/dovecot-lmtp.log
}

#touch and set the permissions on the log files, else you will get permission errors
touch /var/log/dovecot-lda-errors.log
chmod 660 /var/log/dovecot-lda-errors.log
chown dovecot.mail /var/log/dovecot-lda-errors.log

touch /var/log/dovecot-lda.log
chmod 660 /var/log/dovecot-lda.log
chown dovecot.mail /var/log/dovecot-lda.log

touch /var/log/dovecot-lmtp-errors.log
chmod 660 /var/log/dovecot-lmtp-errors.log
chown dovecot.mail /var/log/dovecot-lmtp-errors.log

touch /var/log/dovecot-lmtp.log
chmod 660 /var/log/dovecot-lmtp.log
chown dovecot.mail /var/log/dovecot-lmtp.log

#Create default sieve rule

mkdir /etc/dovecot/sieve
vi /etc/dovecot/sieve/default.sieve
require ["fileinto"];
# rule:[SPAM]
if header :contains "X-Spam-Flag" "YES" {
        fileinto "Spam";
}

touch /etc/dovecot/sieve/default.sieve
chmod +w /etc/dovecot/sieve/default.sieve
chown dovecot.mail /etc/dovecot/sieve/default.sieve

#Restart dovecot, if service starts, means configuration is successful
service dovecot restart

#Configure roundcube

vi /etc/roundcubemail/main.inc.php
$rcmail_config[‘plugins’] = array(‘managesieve’);

vi /usr/share/roundcubemail/plugins/managesieve/config.inc.php.dist

// default contents of filters script (eg. default spam filter)
$config[‘managesieve_default’] = ‘/etc/dovecot/sieve/default.sieve’;

#Configure Exim, modify part in purple
vi /etc/exim/exim.conf
localuser:
  driver = accept
  #transport = local_delivery
  transport = dovecot
  condition = ${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}{true}{false}}

 

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
begin transports

dovecot:
    driver = pipe
    command = /usr/libexec/dovecot/dovecot-lda -e -d $local_part@$domain -f $sender_address -a $original_local_part@$original_domain
    return_path_add
    log_output = true
    delivery_date_add
    envelope_to_add
    user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim/domains/$domain/passwd}}}}
    group = mail
    return_output

#Restart exim, if service starts, means configuration is successful
service exim restart

Categories: CentOS, Vesta

Vesta Control Panel 0.9x, WordPress and Allowed memory size of 33554432 bytes exhausted

November 20, 2015 Leave a comment

PHP has a memory limit of 128MB in a default install of Vesta Control Panel.

However should you run wordpress in HTTPS, you will find yourself at the mercy of the allowed memory size error and all the fixes in the world does not fix this.

These solutions include

  • Create a php.ini in the public_html folder and add memory_limit = 128M
  • Edit wp-settings.php and add define("WP_MEMORY_LIMIT", “128M”);
  • Create a .htaccess file in the public_html folder and add php_value memory_limit 128M

This is because for HTTPS, vesta uses another file which overrides all of these settings.

You can find this file inside /home/[user]/conf/web/shttpd.conf

Inside this file, search for php_admin_value memory_limit 32M and either remove it or put it a value that is acceptable to you.

Categories: Vesta

Vesta–Changing default DNS SOA settings

July 17, 2015 2 comments

vi $VESTA/func/domain.sh

search for SOA

image

 

Change to values that you want, typically it is

3600, //refres

1800, //retry

604800, //expire

600 //ttl

Categories: Vesta

Enabling SSL for Vesta VSFTPD

July 15, 2015 Leave a comment
  1. Copy the certificate files to /etc/ssl/certs
  2. Edit the VSFTPD config: vi /etc/vsftpd/vsftpd.conf
  3. rsa_cert_file=/etc/ssl/certs/certificate.crt
    rsa_private_key_file=/etc/ssl/certs/certificate.key
    ssl_enable=YES
    allow_anon_ssl=NO
    force_local_data_ssl=NO #set this to yes to force SSL
    force_local_logins_ssl=NO #set this to yes to force SSL
    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
    require_ssl_reuse=NO
    ssl_ciphers=HIGH
  4. service vsftpd restart

Then in order to test, run FileZilla with the following connection settings

image

Once connected, look at the log and confirm that TLS/SSL connection is established

 

image

Categories: Vesta

Updating the Vesta Control SSL Certificate

July 14, 2015 Leave a comment

The Vesta Control Panel SSL certificates is contained in the following 2 files

  1. /usr/local/vesta/ssl/certificate.key and
  2. /usr/local/vesta/ssl/certificate.crt

One easy way to generate SSL certs for Vesta, is to goto https://www.digicert.com/easy-csr/openssl.htm and fill in the blanks, after which it will generate the necessary openssl command to run to generate the CSR as well as the key file

image

 

Once you send this CSR to digicert and complete the validation process, you can then download the pem file from digicert

image

Now replace the .key file with that generated by openssl and the crt file with the contents from the downloaded PEM file

and finally issue the following command to restart vesta

service vesta restart

Categories: Digicert, Vesta

Creating a Master, Slave, Slave Nameserver setup using Vesta Control Panel

July 14, 2015 5 comments

You can easily setup a master, slave DNS using Vesta CP with a single command line found at

https://vestacp.com/docs/#how-to-setup-dns-cluser

However should you bring this to the next level and use it for your “enterprise” web hosting, there are a few things you need to do

 

You might be tempted to setup Vesta in the following way, where all the webhosts will sync to NS01 and then have NS01 sync the dns config over to NS02.

image

Unfortunately Vesta does not allow you to do this, BUT it does allow the setup as shown below, where each of the web servers will send the dns updates to each of the named servers.

image

 

Setting up the NameServers (NS01, NS02)

Now given that Vesta will install and setup different components depending on the amount of ram of the machine, for NS01 and NS02, it would be wise to go with 512MB ram so that it will install the bare minimum.

Once you have installed Vesta on the servers, its time for some clean up

  1. Delete the unused packages
  2. cd $VESTA/bin
    ./v-delete-user-package palegreen
    ./v-delete-user-package gainsboro
    ./v-delete-user-package slategrey

  3. Create the dns-cluster user, who will own all the domains that was synchronized over

    ./v-add-user dns-cluster [password] [email] default [firstname] [lastname]

  4. Stop all the unnecessary services

    ./v-stop-service httpd
    ./v-stop-service nginx
    ./v-stop-service exim
    ./v-stop-service dovecot
    ./v-stop-service vsftpd

  5. Login to Vesta using your web browser, and disable the necessary services at the Firewall section
    1. Accepted services: SSH, DNS, Vesta, Ping
    2. Blocked services: Web, FTP, SMTP, POP3, IMAP, DB

Setting up the Master > Slave DNS (Web01, Web02 > NS01, NS02)

Remember that Vesta allows you to add an unlimited number of slave DNS for each master server

So for web01, and web02, run the following commands:

cd $VESTA/bin
./v-add-remote-dns-host ns01 8083 admin [ns01 admin password]
./v-add-remote-dns-host ns02 8083 admin [ns02 admin password]

 

You can verify that this is done by doing to server setup and ensuring that DNS is set to cluster and confirm that the following cron job exists

image

 

Testing the setup

Now goto web01 and/or web02 and create a few domains, on ANY accounts and at for the 6th minute of the hour, goto ns01 and ns02 to confirm that the changes are synchronized

 

Now what about URGENT cases

If there are cases where you urgently need to sync over, you can run this command on all of your web servers for each named server that you have: v-sync-dns-cluster [target host]

e.g
v-sync-dns-cluster ns01
v-sync-dns-cluster ns02

Categories: HyperV, Vesta