Cloudlinux Setting Global Php Directives

/in , , , , /by

When you want to apply one or more php directives like disable_functions,datetime.zone or something else to all your customers websites,you should write these to /etc/cl.selector/global_php.ini file.After you write your directives enter this command to apply

selectorctl –apply-global-php-ini

/usr/sbin/cagefsctl –setup-cl-selector

You can see the example below.

; This file provides global settings for php.ini of all alt-php packages
; The structure of this file:
; option = value
; To confirm changes (not affecting “date.timezone” and “error_log” options) please run:
; /usr/sbin/cagefsctl –setup-cl-selector
; To confirm changes (including “date.timezone” and “error_log” options) please run:
; /usr/bin/selectorctl –apply-global-php-ini
; or
; /usr/sbin/cagefsctl –apply-global-php-ini
; If you don’t want to change error_log, but want to change date.timezone, you can execute
; selectorctl –apply-global-php-ini date.timezone
; Similarly, command
; selectorctl –apply-global-php-ini error_log
; applies error_log and all other options specified in /etc/cl.selector/global_php.ini file, except date.timezone.
; So, you can specify 0, 1 or 2 parameters from the list: error_log, date.timezone
; using –apply-global-php-ini without arguments applies all global php options including two above
; Example:
; selectorctl –apply-global-php-ini error_log
; selectorctl –apply-global-php-ini date.timezone
; selectorctl –apply-global-php-ini date.timezone error_log
; The latter command has the same effect as /usr/bin/selectorctl –apply-global-php-ini
[Global PHP Settings] disable_functions = mail,system, dl, array_compare, array_user_key_compare, passthru, cat, exec, popen, proc_close, proc_get_status, proc_nice, proc_open,escapeshellcmd,escapeshellarg, show_source,posix_mkfifo, ini_restore, mysql_list_dbs, get_current_user, getmyuid,pconnect, link, symlink, fin, fileread, shell_exec, pcntl_exec, leak, apache_child_terminate,chown, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, execute, shell, chgrp, passthru, socket_select,socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid,pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version,apache_getenv, apache_note, apache_setenv, virtual, eval, allow_url_fopen, pconnect, p_connect,posix_getpwuid,fileowner,symlink,readlink,stream_select,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority

Install and activate quota on Linux

/in , , , , , , , , /by

Install the quota tools on your server.(debian – ubuntu)

sudo apt install quota

Edit your fstab file under etc folder:

/dev/sda1 / ext4 usrquota,grpquota 0 0

and remount it to take effect immediately:

sudo mount -o remount / (or whereever you want to enable)

Enable quota.This command will create two files on file system like /aquota.user and /aquota.group :

sudo quotacheck -ugm /

Activate the quota

sudo quotaon -v /

 

 

 

Mount remote ftp to your server

/in , , , , , , , , /by

If you use debian or ubuntu,you should install the package first.

apt-get install curlftpfs

After the installation,create a folder where will you mount to.for example /mnt/rftp

sudo mkdir /mnt/rftp

curlftp’s format and its parameters are simple.for example,we have an ftp account like olriss and password: 123x4P at 192.168.1.199

in local server,mount remote ftp with using this command

curlftpfs olriss:123x4P@192.168.1.199 /mnt/rftp/

curlftps is similar to nfs tools so you can review the mounted ftp area in your mounted drive list.so check it with “mount -a” command.

after your work is finished,you can unmount it with similar way as nfs unmounting.You won’t need all parameters to unmount,You just unmount the folder like below,

umount /mnt/rftp

 

Extending lvm disk by adding space

/in , , , , , , , , , , /by

On Vmware Esx server,You can increase size of your virtual hard disk easily.If you use lvm for your guest os,you will need to add new virtual hard disk or just increase the size of your current disk.This guide will help you to extend size of the disk after you resize of your virtual disk by using vsphere

After increased the size on ESX ,In Linux Terminal;

rescanning the device.host id can change and it depents to your system.you must do that if you dont want to restart your guest;

echo “- – -” > /sys/class/scsi_host/host0/scan

see your disk and partitions;
fdisk -l

lets add new partitions.after you create the partition,you will need to set type of disk to 8e (LVM)
cfdisk /dev/sda (please note your new partition name sample :sda3

see your disk&partitions status again;
fdisk -l

check for available space;
df -h

scan for new partition
partprobe

create physical volume by using new partitions.(disk name may differ.)
pvcreate /dev/sda3

see your volume group and check and confirm
vgdisplay

extend your volume group
vgextend centos /dev/sda3

recheck;
pvscan

extend your logical volume with using the new part
lvextend /dev/centos/root /dev/sda3

in this point,last step may change according to your file system.if you use xfs ;
xfs_growfs /dev/centos/root

for ext4

resize2fs /dev/centos/root

finally see your new available space

df -h

Cloudlinux saving common php settings permanently for all installed versions

/in , , , /by

When you update cloudlinux,it also will be updated the php.ini files.Therefore you will lost your customized php settings like disable_functions.You can write some of yours into common settings file instead of editing php.ini’s directly.

Login to your cloudlinux and change directory to /etc/cl.selector/

You will see the file named global_php.ini.It is effective for your all installed alt-php* versions.Please open it by your favorite editor like nano or vi.

Sample global_php.ini with applied disable_functions directive

; This file provides global settings for php.ini of all alt-php packages
; The structure of this file:
; option = value
; To confirm changes (not affecting “date.timezone” and “error_log” options) please run:
; /usr/sbin/cagefsctl –setup-cl-selector
; To confirm changes (including “date.timezone” and “error_log” options) please run:
; /usr/bin/selectorctl –apply-global-php-ini
; or
; /usr/sbin/cagefsctl –apply-global-php-ini
; If you don’t want to change error_log, but want to change date.timezone, you can execute
; selectorctl –apply-global-php-ini date.timezone
; Similarly, command
; selectorctl –apply-global-php-ini error_log
; applies error_log and all other options specified in /etc/cl.selector/global_php.ini file, except date.timezone.
; So, you can specify 0, 1 or 2 parameters from the list: error_log, date.timezone
; using –apply-global-php-ini without arguments applies all global php options including two above
; Example:
; selectorctl –apply-global-php-ini error_log
; selectorctl –apply-global-php-ini date.timezone
; selectorctl –apply-global-php-ini date.timezone error_log
; The latter command has the same effect as /usr/bin/selectorctl –apply-global-php-ini
[Global PHP Settings] disable_functions= proc_open,escapeshellcmd,escapeshellarg, show_source,
posix_mkfifo, ini_restore, mysql_list_dbs, get_current_user, getmyuid,pconnect, link, symlink, fin, exec, fileread, shell_exec, pcntl_exec, leak, apache_child_terminate, ch
own, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, execute, shell, chgrp, stream_select, passthru, socket_select, socket_create,
socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wif
exited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, vir
tual, eval, allow_url_fopen, pconnect, p_connect,posix_getpwuid,fileowner,sym

You should write your own directives down the global php settins tag in same syntax of standart php.ini [Global PHP Settings]

After then save and close the editor and apply it by this command

[root@srv ~]# selectorctl –apply-global-php-ini

Plesk Cloudlinux LveManager Extension Error

/in , , , , , , /by

You can manage hosting limits or reseller limits by using lve manager extension (module) inside the plesk hosting control panel.It is useful because you can set some limits to your hosting accounts by using plesk ui.But if you login to plesk with using HTTP,some errors will be occur.Therefore, you must login to plesk with https protocol to work with this extension properly

Related Error Message

Platform error.It seems your session expired.Please login into the platform.You will be redirected to login page.

Error.Bad forgery protection token

Increasing php-fpm limits

/in , , , , /by

If you use php with fpm standalone (without any hosting automation tool like plesk or whm/cpanel) then you need some tweaks for your busy php coded websites.I think the best fpm methot ise “on demand”.The fpm pool can be used for a website or multiple websites.All you have to do is finding your pool configuration file which belongs to your website.

Your pool file should look like this below

You can increase pm_max_children. and pm.start_servers but probably increasing the “max_children” will enough for you.After the file is changed restart the fpm service.

; By default use ondemand spawning (this requires php-fpm >= 5.3.9)
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
; Following pm.* options are used only when ‘pm = dynamic’
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1

 

[php-fpm-pool-settings] pm.max_children = 100

 

Prevent your server from bad bot attacks

/in , , , , , /by

We need some iptables rules and a file that includes ip addresses.These addresses are belong to bad bots

I use a shell script that reads ip addresses one by one from afile and block it by using iptables.

Firstly,You have to create a file.for example under root folder and it’s name is bad_bot.txt

nano /root/bad_bot.txt.Write it ip addresses that you want to block into this file.You can use my own list bad_bot.txt file

If you want it run at every system boot,please write it in rc.local file.

iptables -F

for x in $(cat /root/bad_bot.txt)
do
iptables -A INPUT -p tcp -s $x –dport 80 -j DROP
iptables -A INPUT -p tcp -s $x –dport 443 -j DROP
done

 

Fix Apache SSL vulnerabilites

/in , , , , , , , , , , , /by

For Centos Servers;

Please add these lines to the end of /etc/httpd/conf.d/ssl.conf file and restart httpd service

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3
</IfModule>
<IfModule mod_ssl.c>
#SSLCipherSuite HIGH:!aNULL:!MD5:!RC4-SHA:!RC4
#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RS
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5::!RC4
</IfModule>

Plesk Onyx fix file permissions

/in , , /by

The error message

Unable to open the directory: Unable to find the directory /var/www/vhosts/example.com/httpdocs/dir/: filemng failed: filemng: opendir failed: Permission denied System error 13: Permission denied

Login as root to your server and type

plesk repair fs yourdomain.com

You can also use this command for fixing subdomain permissions.