Jailkit is an easy to use toolit to create and maintain jail enviroments for shell users on Linux. In this guide I will show you how to move PHP and its dependencies into the jail so that the jailed user can execute php scripts inside the jail.
Continue reading How to add PHP support for jailed SSH users in ISPConfig 3
Here is a list of ports that are used commonly on ISPConfig 3 servers. If you dont have all services installed or if you e.g. dont want to connect to MySQL from external servers, then close the unused or unwanted ports.
20 - FTP Data
21 - FTP Command
22 - SSH
25 - Email
53 - DNS
80 - HTTP (Webserver)
110 - POP3 (Email)
143 -Imap (Email)
443 - HTTPS (Secure webserver)
993 - IMAPS (Secure Imap)
995 - POP3S (Secure POP§)
3306 - MySQL Database server
8080 - ISPConfig web interface
8081- ISPConfig apps vhost
53 - DNS
3306 - MySQL
To disable the error.log for a website in ISPConfig on a Apache webserver, follow this steps:
1) Login to ISPConfig
2) Go to the website settings of the website were you like to disable the error.log and there go to the "Options tab"
3) Add the following line in the field labeled "Apache Directives"
and press save:
If your mail server stops working (neither incoming nor outgoing email works) and you find the following error message in the mail.log file:
fatal: open database /var/lib/postfix/smtpd_scache.db: File exists
then the smtpd_scache.db might got corrupted. Postfix will recreate this file, if it does not exist. So it can be removed to solve the issue:
rm -f /var/lib/postfix/smtpd_scache.db
Thanks to Alexander Fox for sending me this FAQ.
Dovecot is watching the whole server filesystem for modifications and removed or added sub filesystems. If you get errors similar to this one on your server:
Aug 30 09:10:23 server1 dovecot: master: Warning: /var/www/clients/client1/web1/log is no longer mounted. If this is intentional, remove it with doveadm mount
(the directory path may vary), then you can fix it by excluding the path from being watched by dovecot. In my case, dovecot shall not watch my website directories as they do not contain any mailboxes
Run the following command on the shell as root user:
doveadm mount add '/var/www/*' ignore
To exclude all files and folders in /var/www from deovecot monitoring.
If you get error messages from amavisd similar to the one posted below on a server which is virtualized with OpenVZ:
Mar 5 09:09:02 v100 amavis: (17378-14) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 100) line 987, <GEN44> line 31.
then the issue can be caused by the NUMTCPSOCK value in the openvz limits. Even if the barrier of this limit was never met in /proc/user_beancounters, the above error occurs when more then 25% of all TCP sockets were used. The solution is to set the NUMTCPSOCK barrier and limit to a high value in the openvz container configuration file. Here a value that worked for me on a moderately used mailserver:
Finally restart the OpenVZ VM to apply the new limit value.
If you use the apache mod_security module on your apache server, you might encounter wrong 403 errors for several URL's of the cms systems. Here are some exception rules to avoid that:
For WordPress Blogs
For the ModX CMS
SecRuleRemoveById 300013 300014 300015 300016
SecRuleRemoveById 300013 300016
Add these rules inside the vhost file of the website. If you use ISPConfig to manage the server, then add the rules in the apache directives field of the website settings in ispconfig.
Many thanks to PlanetFox for providing the rules.
The following guide shows how to disable and remove mysql replication from two or more mysql servers. These steps can be used for master/slave and master/master mysql setups. The following SQL commands have to be be executed in phpmyadmin or with the mysql commandline program. It is just important that you are logged in as mysql root user. Below I will use the mysql commandline client.
Login into mysql as root user from commandline:
mysql -u root -p
the mysql command will ask for the mysql root password.
Then execute these commands if the installed mysql version is < 5.5.16:
use the commands below instead if the mysql version is > 5.5.16
RESET SLAVE ALL;
Now edit the my.cnf file (/etc/mysql/my.cnf) and add a # in front of all lines that start with "replicate-" or "master-". Example:
# replicate-same-server-id = 0
# master-host = 192.168.0.105
# master-user = slaveuser
# master-password = akst6Wqcz2B
# master-connect-retry = 60
Then restart mysql:
The following guide describes the steps to add DNS records that route emails from a domain managed in ISPConfig 3 to google apps / gmail. The guide assumes that you have already setup the dns zone for your domain in ispconfig.
Login to ISPConfig, click on the DNS module icon in the upper navigation bar, then open the settings of the DNS zone that you want to redirect to google and click on the "records" tab. You should see a record list similar to this:
Now Delete the existing MX record and the "mail" A-Record. Then add the following new records:
example.com. ASPMX.L.GOOGLE.COM. 10
example.com. ALT1.ASPMX.L.GOOGLE.COM. 20
example.com. ALT2.ASPMX.L.GOOGLE.COM. 30
example.com. ASPMX2.GOOGLEMAIL.COM. 40
example.com. ASPMX3.GOOGLEMAIL.COM. 50
IMPORTANT: All full domain names like "ghs.google.com." have to end with a dot, if the dot is missing, the name is treated as subdomain of the zone.
The resulting record list should look like this:
If you have a local mail server installed and change your server controlpanel to ISPConfig 3, having used ISPConfig 2 in the past, you may have to change the value that defines the form field observed by all functions in need of the address that mails are supposed to be delivered to (catchalls, etc.) on your mail server preferences since the identifier has changed from X-Delivered-To to Delivered-To in ISPConfig 3; otherwise the system won't be able to find the necessary information in the mails' headers.
Restart the server afterwards and you should find it working again.
Thanks to Alexander Fox for this post!