Pure-FTPd: install valid SSL certificate / solve untrusted localhost certificate problem on CentOS 7

If you installed Pure-FTPD on your CentOS 7 machine and trying to install SSL certificate on it, chances are that you added your pem file to “/etc/ssl/private/”. I installed valid certificate in this directory and still getting untrusted warning for localhost certificate. Later, I found out that this path is wrong and self signed certificate was being used. Right path on CentOS 7 is “/etc/pki/pure-ftpd/”.

Here is how to do it right on Centos.

  • Create pem certificate that contains your key, crt and intermediate all in one file – pure-ftpd.pem
  • Move this certificate to /etc/pki/pure-ftpd/ as this is the right directory on CentOS.
  • In your pure-ftpd.conf, set TLS to 2.
  • Enable PassivePortRange from 30000 – 65000.
  • Restart pure-ftpd.

It should work.

Directadmin – Proxy Error: DNS lookup failure for php-fpm56 …

If you changed php handler for your Directadmin installation to php-fpm, rewrite all configs and then get error like this:

Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /index.php.
Reason: DNS lookup failure for: php-fpm56.domainname

It is almost certainly that apache templates that are used for generating user http configuration files are wrong. Probably you have custom templates.

Go to /usr/local/directadmin/data/templates/custom and check if there are files like files virtual_host2.conf … . If they are, just rename custom directory to something new:

[root@lol ~]# cd /usr/local/directadmin/data/templates/
[root@lol templates]# mv custom custom-bak

Directadmin will then use default templates when creating new Apache configs. Rewrite your apache config files:

[root@lol ~]#  cd /usr/local/directadmin/custombuild
[root@lol custombuild]# ./build rewrite_confs

It should solve the problem. Also, make sure that php-fpm for all php versions are working.

SFTP: Command failed

If you try to connect via SFTP with some FTP/SFTP client and you are getting error “Command failed”, you’re sftp-server path in sshd_conf is wrong.

Open your sshd_config file and edit sftp-server path accordingly to your OS.

Ubuntu:

Subsystem sftp  /usr/lib/openssh/sftp-server

CentOS:

Subsystem sftp /usr/libexec/openssh/sftp-server

Restart your ssh and it should work.

RoundCube: Could not save new password. Connection error. Recv failure: Connection reset by peer

If you’re having trouble when try to change your email password in Roundcube on your Directadmin installation, than error will be probably something like this:

Could not save new password. Connection error. Recv failure: Connection reset by peer

Solution is simple. Just open Roundcube configuration file (/var/www/html/roundcube/plugins/password/config.inc.php) and find:

$rcmail_config['password_directadmin_host'] = 'tls://localhost';

then, change it to:

$rcmail_config['password_directadmin_host'] = 'ssl://localhost';

It should work.

malware acl condition: clamd: unable to send file body to socket (127.0.0.1)

If you see error like this in your mail logs, than chances are that your ClamAV is not able to process attachments files larger than limit set in clamav configuration. In this case, sender which sent email with larger attachment to your server, will get something like this in respond:

[10.10.10.10] #<[10.10.10.10] #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) [Default] 451-'Temporary local problem - please try later' (delivery attempts: 75)> #SMTP#

In your mail log you’ll see something like this:

+++ 1e248B-000NMy-T6 has not completed +++
1969-08-15 01:40:21 1e248B-000NMy-T6 malware acl condition: clamd : unable to send file body to socket (127.0.0.1)
1969-08-25 01:40:21 1e248B-000NMy-T6 H=some.hostname.com [1.1.1.1] X=TLSv1:RC4-SHA:128 CV=no F=<prvs=449d2f142=senders@email.com> temporarily rejected after DATA

To solve this, open your clamav.conf file (/etc/clamav.conf or find your location) and change value for StreamMaxLength according to your needs. Default value is 25M.

Don’t forget to restart your ClamAV.

Magento – Fatal error: Class Mage not found

Of corse, this can be caused by many different things, but if you’re stuck, without any ideas what could be wrong, than try solution bellow. Compiler stores everything in one file and can cause problems with includes. Just clear compiler and disable it if you don’t need it of corse.

I was getting error like this:

Warning: include(Mage.php): failed to open stream: No such file or directory in /my/web/server/root/public_html/lib/Varien/Autoload.php on line 94 Warning: include(): Failed opening 'Mage.php' for inclusion (include_path='/my/web/server/root/public_html/app/code/local:/my/web/server/root/public_html/app/code/community:/my/web/server/root/public_html/app/code/core:/my/web/server/root/public_html/lib:.:/usr/local/share/pear') in /my/web/server/root/public_html/lib/Varien/Autoload.php on line 94 Fatal error: Class 'Mage' not found in /my/web/server/root/public_html/app/code/core/Mage/Core/functions.php on line 244

Just login into your shell and then execute commands bellow (without comments):

//clear compiler
php compiler.php clear
//disable compiler
php compiler.php disable

It is most likely that this will fix your problem. If not, keep digging 🙂

Hope it helps.

PHP: SSL operation failed with code 1

If you installed PHP 5.6 or grater and your application returns something like this:

SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL...

Then there is a simple fix for that. You can override default OpenSSL’s CA bundle with the one bellow.

  1. Download this cert bundle.
  2. Add this line to your php.ini file
    openssl.cafile=/path/to/your/downloade/cacert.pem
  3. Restart apache/nginx and you should be ok.

fail2ban – Error in FilterPyinotify callback: illegal IP address string passed to inet_aton

Just recently, I discovered great pice of software named fail2ban. Supreme way to provide some additional security to your server. But more about fail2ban next time. So, I configured my jail.local configuration, but getting errors in error log. This was the error:

Error in FilterPyinotify callback: illegal IP address string passed to inet_aton

Error is pretty self explanatory, my whitelisted IP’s defined in variable ignoreip were wrong. If you use commas (,) like I did, then there is your problem. Just replace commas with spaces and it should work fine.

Directadmin and wrong JPEG library version – FreeBSD

I came across this error a few times on DirectAdmin installations. I first noticed this error when I installed Nextgen Gallery plugin on some WordPress installation. When I tried to upload some pictures, php should resize them and create thumbnails, but instead of thumbnails I’ll get error about JPEG library (checked in error log). Below is procedure on how to fix that error. At least it worked for me. This Directaadmin was installed on FreeBSD 9.1.

  • Login as root
  • Update ports
[root@lala ~]# portsnap fetch update
  • Delete currently installed JPEG library
[root@lala ~]# pkg_info | grep jpeg
[root@lala ~]# pkg_delete jpeg
  • Install jpeg library with custombuild
  • Edit your configuration script for php in custombuild. Add or edit values as bellow. Notice that path is not /usr/local/lib anymore.
–with-gd \
–with-jpeg-dir=/usr/local \
  • Rebuild PHP with custombuild
[root@lala ~]# cd /usr/local/directadmin/custombuild
[root@lala /usr/local/directadmin/custombuild]# ./build php n
  • When build is complete, restart Apache and try it again. It should work.
[root@lala ~]# /usr/local/etc/rc.d/httpd restart

 

© 2018 geegkytuts.net
Hosted by Hosterdam


About author