Archive for the ‘Webserver’ Category
How to access a namebased website without a DNS record
If you want to access a namebased website that you created e.g. in ISPConfig before the DNS records are setup, edit the hosts file on your workstation computer and add a line like this:
192.168.0.100 www.mydomain.com
Replace the IP address with the IP of your server and www.mydomain.com with the domain name of the website.
The hosts file on linux and MAC systems is /etc/hosts, on Windows systems the hosts file is C:\Windows\system32\drivers\etc\hosts
The above trick also works if you want to run a website in your internal network (intranet) without having a DNS server availalble for local dns resolving.
Set stricter PHP settings to secure joomla and wordpress installations
If you run a joomla or wordpress installation with mod_php, the following settings in the vhost configuration file or the “Apache directives” field in ISPConfig can be used to set stricter securitypolicys. This helps limit the impact of a possible hack to this websiteand protect the other sites on the server.
php_admin_value disable_functions “show_source system shell_exec passthru exec phpinfo popen proc_open”
php_admin_flag allow_url_fopen Off
php_admin_value session.save_path “/var/www/webXXX/phptmp/”
php_admin_value open_basedir “/var/www/webXXX/:/tmp”
Explanation
disable_functions disables functions that have a potential security impact e.g. because they allow the execution of external applications.
allow_url_fopen disables the ablity to open files via an URL.
session.save_path sets the path were php stores its session files. For ISPConfig 2, the path is e.g. “/var/www/webXXX/phptmp/” and for ISPConfig 3 the path is like “/var/www/clients/client1/web1/tmp/” If you dont use ISPConfig, set this path to a directory which is writable for the webserver user. the directory should be unique for every website.
open_basedir sets the path were php scripts are allowed to open files. For ISPConfig 2, the path is like “/var/www/webXXX/” and for ISPConfig 3 the path is like “/var/www/clients/client1/web1/” If you dont use ISPConfig, set this path to a the root directory of this vhost. With :/tmp we allow php scripts to use also the /tmp directory of the server.
Webalizer stats only showing 1 or 2 days?
If webalizer statistics of your website are only showing the last 1 or two days instead of all days since the website has been created, you have to activate incremental processing in the webalizer configuration file (/etc/webalizer.conf or /etc/webalizer/webalizer.conf depending on the Linux distribution).
vi /etc/webalizer/webalizer.conf
Change the line:
# Incremental yes
to:
Incremental yes
How to avoid that wordpress replaces — with – in HTML
If you run a blog that covers topics from Linux / Unix like we here at FAQforge and you include Linux shell commands in a wordpress post, you might have noticed that WordPress replaces the char combination “–” with – in the HTML sources. But the replacement – is displayed by the browser as “-” and not “–”. So if someone copys your shell command examples to execute them, they will not work. To fix this behaviour, edit the file wp-includes/formatting.php in wordpress and replace the lines 55 and 56:
$static_characters = array_merge(array(‘—’, ‘ — ‘, ‘–’, ‘ – ‘, ‘xn–’, ‘…’, ‘“’, ‘\’s', ‘\’\”, ‘ ™’), $cockney);
$static_replacements = array_merge(array(‘—’, ‘ — ‘, ‘–’, ‘ – ‘, ‘xn--’, ‘…’, $opening_quote, ‘’s’, $closing_quote, ‘ ™’), $cockneyreplace);
with:
$static_characters = array_merge(array(‘—’, ‘ — ‘, ‘xn–’, ‘…’, ‘“’, ‘\’s', ‘\’\”, ‘ ™’), $cockney);
$static_replacements = array_merge(array(‘—’, ‘ — ‘, ‘xn--’, ‘…’, $opening_quote, ‘’s’, $closing_quote, ‘ ™’), $cockneyreplace);
Enable SSL for the ISPConfig 3 Controlpanel Login
Hint: The procedure that is described below is for ISPConfig versions < 3.0.3. For newer ispconfig versions, use the builtin ssl certificate creation function of the ispconfig updater instead. The steps below should only be used to manually create a new SSL certificate in case that you can not run the updater on your installation.
The ISPConfig controlpanel login is running on http by default. This short tutorial shows you how to enable SSL encryption (https) vor the ispconfig vhost.
1) Make the directory for the SSL certificate:
mkdir /usr/local/ispconfig/interface/ssl
cd /usr/local/ispconfig/interface/ssl
2) Create the SSL certificate files
openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr \
-signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key ispserver.key.secure
mv ispserver.key.insecure ispserver.key
3) Enable the mod_ssl module
a2enmod ssl
4) Edit th ISPConfig vhost file
vi /etc/apache2/sites-available/ispconfig.vhost
and insert the following lines insert the fallowing lines between the “<VirtualHost ….></VirtualHost>” tags:
SSLEngine On
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
5) Restart apache2
/etc/init.d/apache2 restart
The ISPConfig controlpanel login is now reachable on port 8080 by https.
ISPConfig: I created a new user or website but he cannot log in to see the website statistics.
The statistics are updated once a day. Once this has happened the new user can log in.
ISPConfig 2: What is a Co-Domain?
Under “Co-Domains” you can enter subdomains or even total different domains that should point to that web.
Example:
If you can reach your web by www.xyz.tld then you could enter the subdomain www2.xyz.tld under “Co-Domains”. You could also enter the new domain abc.tld (e.g. with the host www, so that www.abc.tld points to your web www.xyz.tld).