Posts Tagged ‘ISPConfig 3’
How to disable Apache mod_security for a website in ISPConfig 3.
If you use mod_security on your server you might encounter that a website script is not compatible with mod_security. To disable mod_security (v2) for a website, add the following code into the apache directives field:
<IfModule mod_security2.c> SecRuleEngine Off </IfModule>
For the older mod_security 1 version, use these configuration directives:
<IfModule mod_security.c> SecFilterEngine Off </IfModule>
Thanks to Planetfox for this tipp.
How to Update ISPConfig 3
The ISPConfig update script is a easy way to update a ISPConfig 3 installation. If you want to backup the installation before, take a look at the instructions at the end of the article.
To update ISPConfig 3, login as root user on the shell of your server and run the command:
ispconfig_update.sh
>> Update
Please choose the update method. For production systems select 'stable'. The update from svn is only for development systems and may break your current setup.
Select update method (stable,svn) [stable]:
You should always select “stable” on a production system. The “svn” version is only suitable for ISPConfig 3 development.
The updater will then check the version of your system, download the latest update and starts the update process. In the next step, enter the mysql root password:
This application will update ISPConfig 3 on your server. MySQL root password []:
Then you were asked if the services shall be reconfigured:
Reconfigure Services? (yes,no) [yes]:
You should choose “yes” here, only if you modified your system configuration manually, it might be better to choose no. But in this case, new features in ISPConfig might not work or functions might stop working until you adjusted the config files manually. So its always a good choice to select ‘yes’ here. In the next step, select the ispconfig port:
ISPConfig Port [8080]:
Port 8080 is the default, if you have not changed it, press enter. Otherwise enter the port number and then press enter. As the last step, you wre asked if the crontab shall get reconfigured, you can select yes here by just pressing return.
Reconfigure Crontab? (yes,no) [yes]:
The ISPConfig updater will then update the ispconfig files and restart services, if the configuration has been changed.
Backup before updates
Before you update a software, it is always a good idea to backup all relevant data. This enables you to restore the software version that you had before in case of an error. The steps to create a backup of the ispconfig software and settings are:
Create a backup folder:
mkdir /home/backup chmod 700 /home/backup cd /home/backup
Backup the database
mysqldump -u root -p dbispconfig > dbispconfig.sql
Backup the ISPConfig software
tar pcfz ispconfig_software.tar.gz /usr/local/ispconfig
Backup the configuration files in /etc
tar pcfz etc.tar.gz /etc
This backup does not include the emails and website data.
Keep the spamassassin filter rules up to date in ISPConfig 3
To update the spamassassin rules regularily on your ISPConfig 3 server, add the following line to the root crontab by running:
crontab -e
then insert the following line:
23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null
and save the file. The path to the sa-update script is /usr/bin/sa-update on Ubuntu and Debian Linux, if you use a different linux distrubution, run the command:
which sa-update
to find the location of the sa-update script and adjust the path in the crontab line above so that it matches the path on your system.
How to fix the spamassassin bug with the FH_DATE_PAST_20XX rule
Since january 1 2010, spamassassin is falsely marking non spam emails as spam due to an error in the regular expression of the FH_DATE_PAST_20XX rule.
Description of the bug:
https://secure.grepular.com/blog/index.php/2010/01/01/spamassassin-2010-bug/
To fix this, run the following command on the shell as root user:
sa-update
If you use the software ISPConfig 2 on your server, run this command:
/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/sa-update
How to reset the administrator password in ISPConfig 3
If you lost your ISPConfig 3 administrator password, you can reset it with the following SQL query.
UPDATE sys_user SET passwort = md5('admin') WHERE username = 'admin';
The SQL query sets the password to “admin” for the user “admin”, it has to be executed in the ISPConfig mysql database, e.g. with phpmyadmin. If you dont have phpmyadmin installed, then the query can be executed with the mysql commandline utility as well:
Login to the mysql database.
mysql -u root -p
and enter the password of the mysql root user. To switch to the ISPConfig database, run this command:
use dbispconfig;
Now execute the SQL command:
UPDATE sys_user SET passwort = md5('admin') WHERE username = 'admin';
and close the mysql shell:
quit;
How to reset the MySQL root password
The following steps describe the procedure to reset the mysql root password on Linux.
1) Stop the mysql server
/etc/init.d/mysql stop
2) Start the mysql server manually without permission tables which allows us to login as root user without password:
mysqld_safe --skip-grant-tables &
3) Login into mysql as root user without a password and switch to the “mysql” database:
mysql -u root mysql
Then execute this SQL query to set a new password for the mysql root user:
update user set Password=PASSWORD('mynewpassword') WHERE User='root';
(Replace “mynewpassword” with the new root password in the above command).
Then logout from the mysql prompt by typing:
exit
4) Now bring back the running mysql instance into the foreground by typing:
fg
and then press [ctrl] + c to kill the mysql process.
5) Start the mysql server again:
/etc/init.d/mysql start
How to use a custom php.ini with suphp
To use a custom php.ini file with SuPHP for a website, you can define the path to the php.ini file in a .htaccess file or in the apache vhost like this:
suPHP_ConfigPath /home/websites/domain.tld/
Then add a php.ini file in the directory /home/websites/domain.tld/ which may be a copy of the global php.ini were you just changed a few settings or an empty file were you add only the settings that shall be overridden in the global PHP configuration.
If you use ISPConfig 2 or 3, you can add the suPHP_ConfigPath setting also in the apache directives field of the website in ISPConfig.
Redirect a subdomain with apache mod_rewrite and keep the URL in the address bar
If you want to redirect a subdomain like sub.domain.tld into a subdirectory of the website and keep the original URL in the browser location bar, you may use the following apache directives.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^sub.domain.tld [NC]
RewriteRule ^/(.*)$ /sub/$1 [L]
This rewrite rule can be added into a .htaccess file in the website root or inside the vhost file. If you use ISPConfig 2 or 3, you can add this also into the apache directives field in the website settings.
Replace sub.domain.tld with the subdomain that shall be redirected and /sub/ with the path to the directory were the pages for this subdomain are located.
Redirect domains without www (e.g. domain.com) to www.domain.com with apache rewrite rules
If all your visitors shall access your website with a URL like www.domain.com and not without www, use the following apache rewrite rule for redirecting them.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www
RewriteRule (.*) http://www.%{HTTP_HOST}$1 [L,R]
The apache rewrite rule can be added in a .htaccess file in the website root directory or if you use ISPConfig 2 or 3, you can also add the rwrite rule into the apache directives field of the website.
How to set the PassivePortRange in pure-ftpd on Denian and Ubuntu Linux
If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections dont get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3:
1) Configure pure-ftpd
echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange /etc/init.d/pure-ftpd-mysql restart 2) Configure the firewall. If you use ISPConfig 3 on my server to configure the bastille firewall, you can add the nescessera port range in the ISPConfig firewall settings. Change the list of Open TCP ports from: <p class="command">20,21,22,25,53,80,110,143,443,3306,8080,10000
to:
20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210
and then click on “Save”.