Skip to main content

Posts

Showing posts from 2017

CWP: Install Latest Usermin on CentOS 7.6 core via Webmin

Usermin is a web-based interface for webmail, password changing, mail filters, fetchmail and much more. It is designed for use by regular non-root users on a Unix system, and limits them to tasks that they would be able to perform if logged in via SSH or at the console. See the standard modules page for a list of all the functions built into Usermin. Follow the Process for Usermin installation :
1.Login Webmin >> Un-used Modules >> Usermin Configuration >> Install Usermin RPM package

CWP: How to Secure Webmin using Webmin GUI on CentOS 7

1.Restrict IP Access
Goto Webmin >> Webmin Configuration >> IP Access Control
2.Setup Auto-Logout for session Inactivity
Goto Webmin >> Webmin Configuration >> Authentication
3. Change the webmin Port 
Goto Webmin >> Webmin Configuration >> Post & Addresses
Don't forget to allow new port on CSF Firewall.

CWP: How to add Let's Encrypt SSL certificate to Webmin

By default, Webmin uses a self-signed SSL certificate so your web browser will warn you that the connection is not secure. You can accept the self-signed SSL certificate and proceed to the log in screen. Let's replace it with a valid certificate from Let's Encrypt.

We have already generated Lets Encrypt SSL certificate for our Server FQDN using certbot. Please check the Let's Encrypt section for How to install Let's Encrypt for Server FQDN? Click Here

Open the configuration file and add the following :
# systemctl stop webmin # vi /etc/webmin/miniserv.conf ssl=1 server=MiniServ/1.900 userfile=/etc/webmin/miniserv.users keyfile=/etc/letsencrypt/live/host.datahead.biz/privkey.pem certfile=/etc/letsencrypt/live/host.datahead.biz/fullchain.pem # This will redirect from http to https ssl_redirect=1
Restart the Webmin Service:
# systemctl restart webmin # systemctl status webmin -lNow login to your server
http://host.datahead.biz:10000 
This non secure connection will re…

CWP: Getting error "pam_unix(webmin:auth): authentication failure" on Latest Webmin 1.9 on CentOS 7.6 [Fixed]

The Webmin is running smoothly but getting error when I'm checking the webmin status using systemctl command. The New Issue is
# systemctl status webmin -l pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root I'm looking for solution on web but didn't get the proper solution. Someone said that delete the "webmin" file from /etc/pam.d/ and Somebody said that Try editing /etc/webmin/miniserv.conf and removing the line ipv6=1 or just renew the self-sign certificate But I already have Let's Encrypt certificate with validity. 

Just Follow this Steps:
Goto Webmin >> Webmin Configuration >> Authentication >> Use "Never use PAM for Unix authentication "  OR
# vi /etc/webmin/miniserv.conf no_pam=0 :x (save & close)Now Restart the Webmin and check the log , There is no warning .
# systemctl restart webmin # tail -f /var/webmin/miniserv.error # tail -f /var/log/secure | grep webminBut Thi…

CWP : How to Fix Webmin is Excited on CentOS 7.6

After Installing Webmin 1.9 on CentOS 7.6 core , I want to start webmin but it is showing that webmin is excited and I am unable to start webmin manually .
I have check the log and found the error below :
# tail -f /var/webmin/miniserv.error [05/Feb/2019:16:04:24 +0600] Using MD5 module Digest::MD5 [05/Feb/2019:16:04:24 +0600] Using SHA512 module Crypt::SHA [05/Feb/2019:16:04:24 +0600] Perl module Authen::PAM needed for PAM is not installed : Can't locate Authen/PAM.pm in @INC (@INC contains: /usr/libexec/webmin /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 9) line 1. BEGIN failed--compilation aborted at (eval 9) line 1. And identified that some module needed for webmin. So now install the required module first :
# yum install pam-devel # yum install perl-Authen-PAM # yum install perl-CPAN # perl -MCPAN -e shell # install Module::Build # install Perl4::CoreLibs # install Auth…

CWP: How to Install Latest Webmin 1.90 on CentOS 7.6

Webmin is a modern, web control panel for any Linux machine. It allows you to administer your server through an simple interface. It’s one of the most popular open source hosting control panels.

Webmin is largely based on Perl, running as its own process and web server. It defaults to TCP port 10000 for communicating, and can be configured to use SSL if OpenSSL is installed with additional required Perl Modules.

In this tutorial we are going to show you, how to install Latest Webmin on CentOS 7 along with CentOS Webpanel . It is really an easy task, just follow the steps bellow.


PrerequisitesTo complete this tutorial, you will need:
1. CentOS Linux release 7.6.1810 (Core)
2. CWP7.admin , CWP version: 0.9.8.772
3. CSF Firewall

Update the yum packages before Webmin installation
# yum clean all # rm -rf /var/cache/yum # yum repolist # yum update -y Create Webmin repo
# vi /etc/yum.repos.d/webmin.repo [Webmin] name=Webmin Distribution Neutral #baseurl=https://download.webmin.com/download/yum…

CWP: Auto_SSL is not working from both Admin/User Panel [Fixed]

Auto_SSL location For Admin Panel: WeServer Settings >> SSL Certificates
Auto_SSL location For User Panel: Domain >> AutoSSL

Both are not working when i try install ssl certificate for my parent & sub-domain.

Error Type:
"ErrorErrorInvalid Domainfile_get_contents(/usr/local/cwp/.conf/vhosts-ssl.json): failed to open stream: No such file or directory"
DNS Issues , .htacess issue

Solutions: Goto Server Settings >> Change Hostname >> Click on Change Hostname

Then Install Auto SSL from Admin Panel , Restart & Reload WebServer . If success then
Install another Auto SSL for another sub-domain , If success then Okay . Now login to your user panel and Install AutoSSL .

SSL Inconsistent server configuration [ Error: SSL_ERROR_RX_RECORD_TOO_LONG in CWP ]

I have two dedicated ip(s) on my CWP server, one is for shared and another is still alive . I have done Lets Encrypt successfully & there is no warning from any web-browser but SSL Labs (https://ssllabs.com/ssltest/) showing "SSL Inconsistent server configuration" and  I am checking my server that it showing "[ Error: SSL_ERROR_RX_RECORD_TOO_LONG in CWP ]" .

The Solution is simple .
1.Goto the templates directory and change it to as per your needs or use <VirtualHost *:PORT_REPLACE> on apache.conf , apache_ssl.conf
# cd /usr/local/cwpsrv/htdocs/resources/conf/web_servers/conf_templates/ # ll total 24 -rw-r--r-- 1 root root 799 Aug 28 2018 apache.conf -rw-r--r-- 1 root root 1142 Aug 28 2018 apache_ssl.conf -rw-r--r-- 1 root root 127 Oct 20 2017 named_conf.conf -rw-r--r-- 1 root root 707 Jun 27 2018 named_new_dns_zone.conf -rw-r--r-- 1 root root 1198 Jan 15 03:52 nginx_proxy_vhost.conf -rw-r--r-- 1 root root 1732 Jan 15 03:52 nginx_proxy_vhost_ssl.con…

CWP: Redirect Admin/User/Wemail panel from http to https

If you want use https always for Admin/User/Wemail panel , So You need to redirect http to https .
For Admin Panel
# vi /usr/local/cwpsrv/conf/cwpsrv.conf server { listen 2030; listen 2086; server_name localhost; return 301 https://$host:2031$request_uri; rewrite "/cwp_([0-9a-zA-Z]{32})/(.*)" /$2; For User Panel
# vi /usr/local/cwpsrv/conf.d/users.conf server { listen 2082; server_name localhost; return 301 https://$host:2083$request_uri; rewrite "/cwp_([0-9a-zA-Z]{16})/(.*)" /$2; error_log logs/error_log debug; error_page 404 /index.php?error=404; For Webmail
# vi /usr/local/cwpsrv/conf.d/webmail.conf server { listen 2095; server_name localhost; return 301 https://$host:2096$request_uri;

CWP: How to Auto Renew Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin

Check certificate expiry time to verify that renewal has worked:
# openssl x509 -noout -dates -in /etc/letsencrypt/live/host.datahead.biz/cert.pem notBefore=Jan 12 13:16:11 2019 GMT notAfter=Apr 12 13:16:11 2019 GMTAdd the Cron job
# crontab -e 0 */12 * * * certbot renew --cert-name host.datahead.biz --renew-hook "systemctl restart httpd && systemctl restart cwpsrv" To test the renewal process, you can use the certbot --dry-run switch:
# certbot renew --cert-name example.com --dry-run If there are no errors, it means that the renewal process was successful.

Check the log:
# tail -f /var/log/letsencrypt/letsencrypt.log n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= -----END CERTIFICATE----- 2019-01-13 02:05:42,952:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/host.datahead.biz 2019-01-13 02:05:42,954:DEBUG:certbot.updater:Skipping updaters in dry-run mode. 2019-01-13 02:05:42,955:DEBUG:certbot.renewal:no renewal fa…

CWP: How to Configure Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"  option was exist under Apache Settings >> Letsencrypt Manager >> Install Letsencrypt .

At Present CWP Team has been removed "Letsencrypt Manager"  that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL.

Previous Article Link Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working 

N.B: I am using the below cipherlist 
https://cipherli.st/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://wiki.mozilla.org/Security/Server_Side_TLS
https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.0.2k-fips
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://ssldecoder.org/

So now I am writing this sol…