Knowledge Base

Details

Parent Category: Knowledge base

Category: Servers

When transferring files to or from your ftp server you will need to have passive ports defined in pure-ftpd and allowed in the firewall.
These are often not defined correctly by pure-ftpd or your firewall, even though you may be using CWP.

First define the Passive Port Range in the pure-ftpd config file

nano /etc/pure-ftpd/pure-ftpd.conf

 Uncomment (remove # at beginning of the line) PassivePortRange and specify the passive port range:

PassivePortRange 30000 50000

 * If this line is missing then simply add it at the end of the file.

Restart pure-ftpd to load the new configuration

service pure-ftpd restart

 Then define the port range in the CSF firewall configuration (if you're using CWP)
In the file /etc/csf/csf.conf add the same port range under TCP_IN and TCP_OUT

nano /etc/csf/csf.conf

In lines TCP_IN and TCP_OUT add 30000:50000, example

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,30000:50000,6666"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,30000:50000,993,995"

 Finally reload csf firewall configuration

csf -r

Details

Parent Category: Knowledge base

Category: Servers

• SSL

Install the latest certbot for your system.

Debian:
sudo apt-get install certbot

Windows:
Download and install the latest certbot application and run CMD or Powershell as administrator
https://certbot.eff.org/lets-encrypt/windows-other Broken 2022

https://certbot.eff.org/instructions?ws=other&os=windows New Link 2022

In your terminal or cmd window:

certbot -d mydomain.com,www.mydomain.com,othersub.mydomain.com --manual certonly

 Then follow the prompts and answer yes to IP logging.

By default certbot will validate the domain against an HTTP challenge.
The http challenge will ask you to place 'Keys' in a file with a specific name and specific content in the /.well-known/acme-challenge/ directory directly in the top-level directory (“web root”) containing the files served by your webserver, for the domain you're specifying.
You'll know what file name and key content is required from the terminal/cmd prompts.

If you want to use the DNS challenge, simply specify in the certbot command:

certbot -d mydomain.com,www.mydomain.com,othersub.mydomain.com --manual --preferred-challenges dns certonly

 If you want to use a CSR generated by your server, specify this instead of domain in the commandr:

certbot --csr my_csr.csr --manual --preferred-challenges dns certonly

 More information can be found here
https://certbot.eff.org/docs/using.html#manual

Details

Parent Category: Servers

Category: CentOS

At first grub boot prompt, you have 4sec to pres: [e]

Does not matter which grub kernel you choose as we are not really modifying the kernel.

With your [e] key just choose to edit the first one

add at the end the word "single", like so:

<YTABLE=us crashkernel=auto rhgb quiet single

and press [enter]

Back at the Grub menu press [b] to boot.
When the prompt comes up we are in single user mode

In this mode we are not required to authenticate and we can go ahead and reset the password by typing at the prompt:

[root@localhost /]# passwd

retype the password to confirm and the root password has been changed,

do a shutdown by typing:

shutdown -r now

Details

Parent Category: Servers

Category: CentOS

Fixing the original problem

So we want to serve our files at /var/www/html and enable writing to log files and file uploads as well? Let’s play nice with SELinux.

First, copy the files as usual to /var/www/html, then set the proper ownership and permissions.

httpd_sys_content_t – for allowing Apache to serve these contents and httpd_sys_rw_content_t – for allowing Apache to write to those path.

You may use the 'sestatus' command to view the current SELinux status:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

The 'setenforce' command may be used to switch between Enforcing and Permissive modes on the fly but note that these changes do not persist through a system reboot.

To make changes persistent through a system reboot, edit the 'SELINUX=' line in  /etc/selinux/config  for either 'enforcing', 'permissive', or 'disabled'. For example: 'SELINUX=permissive'

Read more: CentOS 7.5 + SELinux web folder writable by php/apache?

Details

Parent Category: Servers

Category: Ubuntu

Boot up the machine, and after the BIOS screen, hold down the left Shift key. You will then be prompted by a menu that looks something like this:

I've noticed on some systems that timing when to hit the left Shift key can be tricky, sometimes I miss it and need to try it again.

Hit the down arrow until you select the 2nd entry from the top (the one with the recovery mode in the description) and then hit Enter.

Now you should see this menu:

Using the arrow keys scroll down to root and then hit Enter.

You should now see a root prompt, something like this:

root@ubuntu:~#

 At this stage you should have a read-only filesystem. You have to remount it with write permissions:

mount -o remount,rw /

 Now we can set the user's password with the passwd command. (In this example I will use jorge as the example, you need to substitute whatever the user's username is):

root@ubuntu:~# passwd techadmin
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@ubuntu:~#

Alternate Root Shell Method

If you don’t have the recovery mode option, this is the alternate way to manually edit the grub options to allow for a root shell.

First you’ll want to make sure to choose the regular boot kernel that you use (typically just the default one), and then use the “e” key to choose to edit that boot option.

Now just hit the down arrow key over to the “kernel” option, and then use the “e” key to switch to edit mode for the kernel option.

You’ll first be presented with a screen that looks very similar to this one:

You’ll want to remove the “ro quiet splash” part with the backspace key, and then add this onto the end:

rw init=/bin/bash

Once you hit enter after adjusting the kernel line, you’ll need to use the 'B' key to choose to boot with that option.

At this point the system should boot up very quickly to a command prompt.

Should you have forgotten to add the'rw' option at the kernel, the root file system is still mounted read-only, so enter the following command:

mount -n -o remount,rw /

You can use the following command to reset your password:

passwd <username>

For example root just use this command:

passwd 

After changing your password, use the following commands to reboot your system. (The sync command makes sure to write out data to the disk before rebooting)

sync
reboot –f

In some instances –f parameter is necessary to get the reboot command to work for some reason. You could always hardware reset instead, but make sure to use the sync command first.

And now we are be able to login without any issues.

Details

Parent Category: Servers

Category: Cpanel

Find the default httpd config

/etc/httpd/conf/httpd.conf

Find the userdata folder 

/usr/local/apache/conf/userdata

IPut the same directive in httpd.conf under and it work:
<VirtualHost 162.210.xxx.xxx:80>
ServerName example.com
</VirtualHost>

You'll need to run /usr/local/cpanel/scripts/ensure_vhost_includes after the modifications, as documented here Modify Virtualhost Containers With Include Files - EasyApache - cPanel Documentation

or do the following:
/var/cpanel/userdata/USERNAME/DOMAIN.COM
1. Once you have opened the file, look for the following line:

documentroot: /home/USERNAME/public_html
2. Modify the location according to your needs. Save it and exit.

3. Rebuild the Apache conf and restart Apache:

/scripts/rebuildhttpdconf
service httpd restart
The change will be immediate. Simply clear your browser cache and force refresh the page!

Details

Parent Category: Servers

Category: Cpanel

The cPanel accounts are created using a primary domain. All primary domains on the hosting account use “public_html” directory for all its website files and data. The sub-directories inside the public_html directory is occupied by the addon domains. The primary domain can also be setup to use a sub-directory inside public_html directory instead of public_html itself. Follow the below steps to change the document root of your primary domain in cPanel account. Please note that, you will need to have root SSH access to perform these steps.

1) Connect to your server via SSH as root user. You may follow the tutorial below, if you are using a Windows system to connect to your server via SSH. This tutorial explains how to use “Putty”, SSH client software to access server.

https://www.interserver.net/tips/kb/using-putty-to-ssh-to-server/

2) Using your favorite text editor (say vim) edit the following file.

$ vim /cpanel/userdata/username/domain.com

Replace the “username” with your cPanel account username and “domain.com” with your primary domain name and “subdir” with your new directory. Find the following two lines in this file.

documentroot: /home/username/public_html

path: /home/username/public_html/cgi-bin

Modify these two lines to change the document root of your primary domain to a sub-directory inside “public_html” directory.

documentroot: /home/username/public_html/subdir

path: /home/username/public_html/subdir/cgi-bin

Save the file after changes are made and then delete the cache file for your primary domain.

$ rm -vf /var/cpanel/userdata/username/domain.com.cache

3) If the primary domain has an SSL certificate installed, edit the following file the same way as above.

$ vim /var/cpanel/userdata/username/domain.com_SSL

Save the file after changes are made and then delete the cache file for your primary domain.

$ rm -vf /var/cpanel/userdata/username/domain.com_SSL.cache

4) Run the following scripts to update the user data cache and rebuild apache configuration file.

/scripts/updateuserdatacache

/scripts/rebuildhttpdconf

5) Restart Apache server to load changes.

$ service httpd restart

Details

Parent Category: Servers

Category: Cpanel

/etc/cpanel/ea4/profiles/cpanel

or

/etc/cpanel/ea4/profiles/custom

/usr/local/bin/ea_install_profile [--install] profile_file

EasyApache4 Profile list example:

[root@server cpane]]$

allphp.json allphp-opcache.json default.json mpm_itk.json nophp.json rubypassenger.json worker.json

Example profile provisioning/install:

/usr/local/bin/ea_install_profile --install /etc/cpanel/ea4/profiles/custom/joomla_php_7-72.json

Details

Parent Category: Servers

Category: Cpanel

sudo su root

Run the rpm -qa | grep -i package command, where package (eg. ea-php72-mb) represents part of the name of the package that you wish to install, to determine if the package is already installed.

Run this to determine if package is available:

yum list ea-*

ea-php70-php-mbstring.x86_64

ea-php70-php-zip.x86_64

To Install the available package run the command with exact package name found in list:

yum install ea-php70-php-mbstring.x86_64

Now that you have completed installing the fileinfo PHP extension from the CLI, you can confirm it is enabled by running the following command :

scl enable ea-php70 'php -i' | grep 'mbstring'
Configure Command => './configure' ...'--enable-mbstring=shared'...'
/opt/cpanel/ea-php70/root/etc/php.d/mbstring.ini,
mbstring
mbstring support => enabled

Details

Parent Category: Servers

Category: Bitnami Stacks

Using Joomla Bitnami Stack as an example

[This applys only after a Bitnami stack package installation in your local environment. Can be appropriated for any Bitnami Stack like Wordpress or Drupal for both Wamp, Mamp or Lamp installations]

Rename the Joomla! application folder. We are going to use joomla1 in this example. The sudo command would be only necessary if you installed it as root user (what happens in Cloud images and Virtual Machines). The /opt/bitnami path is the installation path in Cloud Images and Virtual Machines

sudo mv /opt/bitnami/apps/joomla /opt/bitnami/apps/joomla1

After that, you need to modify the joomla configuration files for Apache (in /opt/bitnami/apps/joomla/conf) to use the new path.

/opt/bitnami/apps/joomla1/conf/httpd-prefix.conf

Alias /joomla1/ "/opt/bitnami/apps/joomla1/htdocs/"

Alias /joomla1 "/opt/bitnami/apps/joomla1/htdocs"

Include "/opt/bitnami/apps/joomla1/conf/httpd-app.conf"

/opt/bitnami/apps/joomla1/conf/httpd-app.conf

....

<Directory "/opt/bitnami/apps/joomla1/htdocs">

...

Include "/opt/bitnami/apps/joomla1/conf/htaccess.conf"

/opt/bitnami/apps/joomla1/conf/htaccess.conf

<Directory "/opt/bitnami/apps/joomla1/htdocs">

/opt/bitnami/apps/joomla1/conf/httpd-vhosts.conf (just in case you want to use VirtualHost

...

DocumentRoot "/opt/bitnami/apps/joomla1/htdocs"

Include "/opt/bitnami/apps/joomla1/conf/httpd-app.conf"

...

To finish with the Apache configuration, we have to modify the path in the /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf file

Include "/opt/bitnami/apps/joomla1/conf/httpd-prefix.conf"

In case you are using VirtualHosts instead of prefix, comment the line above and add the following line to /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf

Include "/opt/bitnami/apps/joomla1/conf/httpd-vhosts.conf"

MySQL Configuration

Now open phpMyAdmin (check this wiki entry to know how to access it remotely), select the bitnami_joomla database and rename it. We will use bitnami_joomla1.

phpmyadmin2.png

Rename Database using phpMyAdmin

After that, we have to modify the database configuration in Joomla! to use the new database.

/opt/bitnami/apps/joomla1/htdocs/configuration.php

...

public $user = 'bn_joomla1';

// DB username

public $password = 'DATABASE_PASSWORD';

// DB password

public $db = 'bitnami_joomla1';

// DB database name

...

public $ftp_root = '/opt/bitnami/apps/joomla1/htdocs';

public $ftp_enable = '1';

public $tmp_path = '/opt/bitnami/apps/joomla1/tmp';

public $log_path = '/opt/bitnami/apps/joomla1/logs';

...

Finally, to let the user bn_joomla1 use the new database, we have to give him access.

sudo /opt/bitnami/mysql/bin/mysql -u root -p

Password: ****

mysql> grant all privileges on bitnami_joomla1.* to 'bn_joomla1'@'localhost' identified by 'DATABASE_PASSWORD';

Where DATABASE_PASSWORD is taken from configuration.php (public $password = 'DATABASE_PASSWORD')

Now restart the apache server so that it uses the new configuration.

sudo /opt/bitnami/ctlscript.sh restart apache

Your first joomla should be accessible using http://YOUR_DOMAIN/joomla1.

Installing new Joomla! site

Now, download a new Joomla! module from the Bitnami Website and install it in the instance. While writing this guide, the latest version was Joomla! 3.3.0. Please, change the link below for the correct one.

wget https://bitnami.com/redirect/to/35442/bitnami-joomla-3.3.0-0-module-linux-x64-installer.run

chmod a+x bitnami-joomla-3.3.0-0-module-linux-x64-installer.run

sudo ./bitnami-joomla-3.3.0-0-module-linux-x64-installer.run

Choose /opt/bitnami as installation path when asked (or your own path if you are using a native installer).

And that's all, now you have two Joomla! sites using the same Apache and MySQL servers.