Posts Tagged ‘ISPConfig 3’
Debugging of ISPConfig 3 server actions in case of a failure
The follwing article describes the steps that can be taken to debug the ISPConfig 3 server scripts.
Enable the debug Loglevel in ISPConfig
Login to the ISPConfig intterface and set the log level to Debug under System > System > Server Config (see also chapter 4.9.2.2 of the ISPConfig 3 manual) for the affected server. After one or two minutes, there should be more detailed messages in ISPConfig’s system log (Monitor > System State (All Servers) > Show System-Log).
Disable the server.sh cronjob
Go to the command line of the server on which the error happens (on multiserver systems, it is often the slave and not the master) and run (as root):
crontab -e
Comment out the server.sh cron job:
#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null >> /var/log/ispconfig/cron.log
Run the server script manually to get detailed debug output
Then run the command:
/usr/local/ispconfig/server/server.sh
This will display any errors directly on the command line which should help you to fix the error. If you have fixed
the error, please don’t forget to uncomment the server.sh cron job again.
nginx server error: 413 Request Entity Too Large
The nginx webserver has a max. body size limit of 1 MB for requests as default. This might be too low for file uploads in scripts and you will see the following error message when you try to upload a file:
413 Request Entity Too Large
The configuration variable for this option is “client_max_body_size” and it can be set in the http, server and location sections of the nginx configuration file. To set the Limit globally to 25 MB, edit the nginx.conf file and add:
client_max_body_size 20M;
in the http section.
Example for Ubuntu Linux:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048; client_max_body_size 20M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}Enhanced e-mail SPAM protection in ISPConfig 3
The command below enables a stricter SPAM handling for postfix on ISPConfig 3 servers.
In Detail:
- Reject sender hostnames with invalid syntax
- Reject sender hostnames that are no fully qualified domains (e.g. reject “server1″ but allow server1.domain.tld)
- Reject sender domains that have no DNS records
- Check sender IP addresses against realtime blacklists.
First make a backup of the postfix main.cf file in case that you want to reverse the changes later:
cp -pf /etc/postfix/main.cf /etc/postfix/main.cf.bak
Then execute this command to enable the additional spam protection functions (the command is one line!).
postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination’
Then restart postfix:
/etc/init.d/postfix restart
How to change the welcome email message text in ISPConfig 3
As of ISPConfig 3.0.4, the text of the welcome email message that is sent to new email accounts is stored in the folder /usr/local/ispconfig/server/conf/mail/.
The message has this format:
————————————————————————
From: ISPConfig <postmaster@localhost.localdomain>
Subject: Welcome to your new email account.
Welcome to your new email account. Your webmaster.
————————————————————————
The first line starts with “From: ” followed by the sender email address. The second line starts with “Subject: ” followed by the email subject. The third line should be empty. All following lines are the email text.
The email text files are named “welcome_email_<language>.txt” where <language> has to be replaced with the system language like “en” for English or “de” for German language, e.g. “welcome_email_en.txt” for the english welcome email.
The customized language file should be stored in the folder /usr/local/ispconfig/server/conf-custom/mail/ so that it does not get overwritten by ISPConfig updates.
How to change the language of AWStats statistics on Debian Linux (ISPConfig 3)
To change the language of the website statistics generated by AWStats on a Debian Linux server to e.g. german (de), edit the /etc/awstats/awstats.conf file:
nano /etc/awstats/awstats.conf
and change the value of the “Lang” variable. To change the languge to e.g. German, cahnge:
Lang=”auto”
to
Lang=”de”
The website statistics are generated nightly on a ISPConfig 3 server, so it may take up to 24 hours until the statistics will show up in German language.
Thanks to PlaNet Fox for this FAQ.
Solve the warning: connect to mysql server 127.0.0.1: Too many connections
If you get the error message “connect to mysql server 127.0.0.1: Too many connections” in a log file, e.g. the mail.log file, then the max. number of mysql database connections on your server is reached. To increase the max. number of simultanious connections, edit the MySQL my.cnf file:
vi /etc/mysql/my.cnf
and add or change the lines for mysql max_connections and max_user_connections in the [mysqld] section of the my.cnf file:
[mysqld]
……
max_connections = 500
max_user_connections = 500
…….
Secure /tmp and /dev/shm directories in a OpenVZ enviroment
The /tmp and /dev/shm directories of a OpenVZ virtual machine shall be mounted without suid and exec permissions. To achieve this, create a a shell script on the host server for every virtual machine which contains the commands to remount the directories. This script will be started automatically by openvz when the VM is started.
I will use VPSID as placeholder for the ID of the virtual machine in the commands and the script. Replace VPSID with the id of the virtual machine that you want to create the script for, e.g. replace VPSID with 101.
Create the script:
vi /etc/vz/conf/VPSID.mount
and insert the following lines:
#!/bin/bash
mount -n –bind -onosuid,noexec /vz/vps/VPSID/tmp /vz/root/VPSID/tmp
mount -n –bind -onosuid,noexec /vz/vps/VPSID/shm /vz/root/VPSID/dev/shm
exit ${?}
now make the sscript executable:
chmod 700 /etc/vz/conf/VPSID.mount
Migrate physical server system to OpenVZ virtual machine
In case you plan to virtualize your server infrastructure and migrate physical servers to OpenVZ virtual machines, you may find this tutorial helpful:
http://wiki.openvz.org/Physical_to_container
I used this to migrate a ISPConfig Debian system to OpenVZ successfully.
How to disable spamfilter- and antivirus functions in ISPConfig 3
If you use a mailserver wil very low ram (< 500 MB) and a slow CPU then it might be nescessary to disable the spam- and antivirus filter functions in ISPConfig 3 as amavisd and clamav might be too heavy for your server hardware. The steps to disable clamav and amavisd are:
Edit postfix main.cf file
vi /etc/postfix/main.cf
and comment out these lines by adding a “#” in front of them:
# content_filter = amavis:[127.0.0.1]:10024
# receive_override_options = no_address_mappings
Then restart postfix:
/etc/init.d/postfix restart
Now stop and disable the services. The following commands are for Debian and Ubuntu, the commands for other Linux distributions may vary
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
/etc/init.d/amavis stop
update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove
update-rc.d -f amavis remove
P The normal mail receive and send functions will still work after this modification. But please be aware that disabling amavisd and clamav will disable all spam- and antivirus filtering so that the spamfiltering options that can be configured in the ispconfig interface will have any effect on mail delivery and no spam and viruses will get filtered.
The changes in postfix main.cf will get overwitten by a ispconfig software update when you select to reconfigure services during upadte, so you should comment out the lines again after you install a ispconfig update.
How to solve the ClamAV error “This version of the ClamAV engine is outdated” on Debian 5.0 (Lenny)
As of today, all ClamAV 0.94 or older installs will stop working. The Debian project has not released updates for their current stable release (5.0) yet to solve this, but there is a workaround. The Debain volatile project provides newer clamav versions. The installation steps to install ClamAV 0.95.3 on Debian lenny are:
1) Add the debian volatile repository to the sources list:
echo “deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free” >> /etc/apt/sources.list
2) Update the sources and install the new clamav package:
apt-get update
apt-get install clamav
apt-get -u upgrade
3) If you use amavisd-new (e.g. if you use a ISPConfig 3 server) then restart amavisd:
/etc/init.d/amavis restart