Skip to main content

Posts

Showing posts from January, 2017

CWP: Install Latest Usermin on CentOS 7.6 core via Webmin

Usermin is a web-based interface for webmail, password changing, mail filters, fetchmail and much more. It is designed for use by regular non-root users on a Unix system, and limits them to tasks that they would be able to perform if logged in via SSH or at the console. See the standard modules page for a list of all the functions built into Usermin. Follow the Process for Usermin installation : 1.Login Webmin >> Un-used Modules >> Usermin Configuration >> Install Usermin RPM package

CWP: How to Secure Webmin using Webmin GUI on CentOS 7

1.Restrict IP Access Goto Webmin >> Webmin Configuration >> IP Access Control 2.Setup Auto-Logout for session Inactivity Goto Webmin >> Webmin Configuration >> Authentication 3. Change the webmin Port  Goto Webmin >> Webmin Configuration >> Post & Addresses Don't forget to allow new port on CSF Firewall.

CWP: How to add Lets Encrypt SSL certificate to Webmin

By default, Webmin uses a self-signed SSL certificate so your web browser will warn you that the connection is not secure. You can accept the self-signed SSL certificate and proceed to the log in screen. Let's replace it with a valid certificate from Let's Encrypt. We have already generated Lets Encrypt SSL certificate for our Server FQDN using certbot. Please check the Let's Encrypt section for How to install Let's Encrypt for Server FQDN?  Click Here Open the configuration file and add the following : # systemctl stop webmin # vi /etc/webmin/miniserv.conf ssl=1 server=MiniServ/1.900 userfile=/etc/webmin/miniserv.users keyfile=/etc/letsencrypt/live/host.datahead.biz/privkey.pem certfile=/etc/letsencrypt/live/host.datahead.biz/fullchain.pem For CWP: keyfile=/etc/pki/tls/private/hostname.key certfile=/etc/pki/tls/certs/hostname.bundle # This will redirect from http to https ssl_redirect=1 Restart the Webmin Service: # systemctl restart webmin # systemctl

CWP: Getting error "pam_unix(webmin:auth): authentication failure" on Latest Webmin 1.9 on CentOS 7.6 [Fixed]

The Webmin is running smoothly but getting error when I'm checking the webmin status using systemctl command.  The New Issue is # systemctl status webmin -l pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root I'm looking for solution on web but didn't get the proper solution. Someone said that delete the "webmin" file from /etc/pam.d/ and Somebody said that Try editing /etc/webmin/miniserv.conf and removing the line ipv6=1 or just renew the self-sign certificate But I already have Let's Encrypt certificate with validity.    Just Follow this Steps: Goto Webmin >> Webmin Configuration >> Authentication >> Use "Never use PAM for Unix authentication "  OR # vi /etc/webmin/miniserv.conf no_pam=0 :x (save & close) Now Restart the Webmin and check the log , There is no warning . # systemctl restart webmin # tail -f /var/webmin/miniserv.error # tail -f /var/log/secure | gr

CWP : How to Fix Webmin is Excited on CentOS 7.6

After Installing Webmin 1.9 on CentOS 7.6 core , I want to start webmin but it is showing that webmin is excited and I am unable to start webmin manually . I have check the log and found the error below : # tail -f /var/webmin/miniserv.error [05/Feb/2019:16:04:24 +0600] Using MD5 module Digest::MD5 [05/Feb/2019:16:04:24 +0600] Using SHA512 module Crypt::SHA [05/Feb/2019:16:04:24 +0600] Perl module Authen::PAM needed for PAM is not installed : Can't locate Authen/PAM.pm in @INC (@INC contains: /usr/libexec/webmin /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 9) line 1. BEGIN failed--compilation aborted at (eval 9) line 1. And identified that some module needed for webmin. So now install the required module first : # yum install pam-devel # yum install perl-Authen-PAM # yum install perl-CPAN # perl -MCPAN -e shell # install Module::Build # install Perl4::CoreLibs # install

CWP: How to Install Latest Webmin 1.90 on CentOS 7.6

Webmin is a modern, web control panel for any Linux machine. It allows you to administer your server through an simple interface. It’s one of the most popular open source hosting control panels. Webmin is largely based on Perl, running as its own process and web server. It defaults to TCP port 10000 for communicating, and can be configured to use SSL if OpenSSL is installed with additional required Perl Modules. In this tutorial we are going to show you, how to install Latest Webmin on CentOS 7 along with CentOS Webpanel .  It is really an easy task, just follow the steps bellow. Prerequisites To complete this tutorial, you will need: 1. CentOS Linux release 7.6.1810 (Core) 2. CWP7.admin , CWP version: 0.9.8.772 3. CSF Firewall Update the yum packages before Webmin installation # yum clean all # rm -rf /var/cache/yum # yum repolist # yum update -y Create Webmin repo # vi /etc/yum.repos.d/webmin.repo [Webmin] name=Webmin Distribution Neutral #baseurl=https://downlo

CWP: Auto_SSL is not working from both Admin/User Panel [Fixed]

Auto_SSL location For Admin Panel: WeServer Settings >> SSL Certificates Auto_SSL location For User Panel: Domain >> AutoSSL Both are not working when i try install ssl certificate for my parent & sub-domain. Error Type: "ErrorErrorInvalid Domainfile_get_contents(/usr/local/cwp/.conf/vhosts-ssl.json): failed to open stream: No such file or directory" DNS Issues , .htacess issue Solutions: Goto Server Settings >> Change Hostname >> Click on Change Hostname Then Install Auto SSL from Admin Panel , Restart & Reload WebServer . If success then Install another Auto SSL for another sub-domain , If success then Okay . Now login to your user panel and Install AutoSSL .

SSL Inconsistent server configuration [ Error: SSL_ERROR_RX_RECORD_TOO_LONG in CWP ]

I have two dedicated ip(s) on my CWP server, one is for shared and another is still alive . I have done Lets Encrypt successfully & there is no warning from any web-browser but SSL Labs (https://ssllabs.com/ssltest/) showing "SSL Inconsistent server configuration" and  I am checking my server that it showing "[ Error: SSL_ERROR_RX_RECORD_TOO_LONG in CWP ]"  . The Solution is simple . 1.Goto the templates directory and change it to as per your needs or use  <VirtualHost *:PORT_REPLACE> on apache.conf , apache_ssl.conf # cd /usr/local/cwpsrv/htdocs/resources/conf/web_servers/conf_templates/ # ll total 24 -rw-r--r-- 1 root root 799 Aug 28 2018 apache.conf - rw-r--r-- 1 root root 1142 Aug 28 2018 apache_ssl.conf -rw-r--r-- 1 root root 127 Oct 20 2017 named_conf.conf -rw-r--r-- 1 root root 707 Jun 27 2018 named_new_dns_zone.conf -rw-r--r-- 1 root root 1198 Jan 15 03:52 nginx_proxy_vhost.conf -rw-r--r-- 1 root root 1732 Jan 15 03:52 nginx_proxy_vhost

CWP: Redirect Admin/User/Wemail panel from http to https

If you want use https always for Admin/User/Wemail panel , So You need to redirect http to https . For Admin Panel # vi /usr/local/cwpsrv/conf/cwpsrv.conf server { listen 2030; listen 2086; server_name localhost; return 301 https://$host:2031$request_uri; rewrite "/cwp_([0-9a-zA-Z]{32})/(.*)" /$2; For User Panel # vi /usr/local/cwpsrv/conf.d/users.conf server { listen 2082; server_name localhost; return 301 https://$host:2083$request_uri; rewrite "/cwp_([0-9a-zA-Z]{16})/(.*)" /$2; error_log logs/error_log debug; error_page 404 /index.php?error=404; For Webmail # vi /usr/local/cwpsrv/conf.d/webmail.conf server { listen 2095; server_name localhost; return 301 https://$host:2096$request_uri;

CWP: How to Auto Renew Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin

Check certificate expiry time to verify that renewal has worked: # openssl x509 -noout -dates -in /etc/letsencrypt/live/host.datahead.biz/cert.pem notBefore=Jan 12 13:16:11 2019 GMT notAfter=Apr 12 13:16:11 2019 GMT Add the Cron job # crontab -e 0 */12 * * * certbot renew --cert-name host.datahead.biz --renew-hook "systemctl restart httpd && systemctl restart cwpsrv" To test the renewal process, you can use the certbot --dry-run switch: # certbot renew --cert-name example.com --dry-run If there are no errors, it means that the renewal process was successful. Check the log: # tail -f /var/log/letsencrypt/letsencrypt.log n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU= -----END CERTIFICATE----- 2019-01-13 02:05:42,952:DEBUG:certbot.renewal:Dry run: skipping updating lineage at /etc/letsencrypt/live/host.datahead.biz 2019-01-13 02:05:42,954:DEBUG:certbot.updater:Skipping updaters in dry-run mode. 2019-01-13 02:05:42,955:DEBUG:certbot.renewal:

CWP: How to Configure Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"   option was exist under  Apache Settings >> Letsencrypt Manager >> Install Letsencrypt . At Present CWP Team has been removed "Letsencrypt Manager"   that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL. Previous Article Link :  Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working  N.B: I am using the below cipherlist  https://cipherli.st/ https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://wiki.mozilla.org/Security/Server_Side_TLS https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate&openssl-version=1.0.2k-fips https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options https://ssldecoder.org/ So now