Category Archives: cPanel

SVNManager in Softaculous

Came across this in a support request


The following errors were found :

- The SVN config directory does not exist.
- The SVN password file does not exist.
- The SVN access file does not exist.

The solution is before installing svnmanager run:

svnadmin create ~/repos

As the user you want to install it as.

Then rerun the installer. Make sure the repo path is /path/to/user/repos

cpanel server changing /tmp permissions during upcp to clamav / 711

This was an odd one. I found a few servers which had their /tmp permissions changed to user clamav with permissions 711.

Turned out clamav home was set to /tmp causing this during an upcp. A which script to check / fix


tmpcheck='cat /etc/passwd | grep ^clamav: | cut -d: -f6';
echo "Warning /tmp set as homedir for user clamav";
if [ "$tmpcheck" = "/tmp" ]; then
if [ ! -e /usr/local/clamav ]; then
mkdir -p /usr/local/clamav
chown clamav:clamav /usr/local/clamav
usermod -d /usr/local/clamav clamav
else
echo '/usr/local/clamav already exists, no changes made';
fi
fi

This will create clamav home as /usr/local/clamav, only if it does not exist already. Another option may be /home/clamav

Converting to nginx on a cpanel server

Moved to http://forum.interserver.net/forum/threads/beta-convert-to-nginx-on-a-centos-cpanel-server.1857/

I’ve been working on a script slowly to convert a cpanel server to nginx for a while. I consider the script now to be good enough to allow others to use it. Some things to consider:

* tested on centos 5/6
* only available for cpanel
* I don’t have an easy way to convert back yet (but will add this in and show below how it can be easily removed.
* You must be able to run commands as root in SSH
* non static content is proxied to apache

Converting to nginx
Run the following ssh commands
Code:

rsync -a rsync://mirror.trouble-free.net/admin /admin
/admin/upscripts

1) Install + convert

/admin/convert2nginx yes all

Nginx will be installed, the apache vhosts converted and started up. But you are not done, you should also

2) Add to cron

*/2 * * * * /admin/nginx_monitor.sh >/dev/null 2>&1

3) Remove fileprotect

/scripts/disablefileprotect

4) Configure mod_rpaf by adding the below to /usr/local/apache/conf/includes/pre_virtualhost_global.conf

The install process also configured mod_rpaf. Note change RPAFproxy_ips to your server IPs.

LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
# Enable reverse proxy add forward
RPAFproxy_ips 127.0.0.1 10.0.0.1
# which ips are forwarding requests to us
RPAFsethostname On
# let rpaf update vhost settings
# allows to have the same hostnames as in the "real"
# configuration for the forwarding Apache
RPAFheader X-Forwarded-For
# Allows you to change which header mod_rpaf looks
# for when trying to find the ip the that is forwarding
# our requests


Once done restart apache with /scripts/restartsrv_httpd

So what just happened? /admin/convert2nginx did the following

* installed nginx
* installed mod_rpaf
* converted the vhosts to nginx (/usr/local/nginx/conf/virtual.include)
* added /admin/nginx_monitor.sh to /etc/rc.d/rc.local
* created /scripts/legacypostwwwacct and /etc/logrotate.d/nginx
* change /var/cpanel/cpanel.config to reflect apache_port=0.0.0.0:81

Your steps are to add the cron and configure mod_rpaf, and if needed disable file protect.

Disabling nginx

To disable edit /var/cpanel/cpanel.config and change apache_port=0.0.0.0:81 to apache_port=0.0.0.0:80

Save and run
killall -9 nginx
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
/usr/local/cpanel/bin/build_apache_conf
/scripts/restartsrv_httpd

nginx_monitor.sh will not run if the apache port is not set to 81

To remove completely: delete /usr/local/nginx, /etc/logrotate.d/nginx, /scripts/legacypostwwwacct, nginx_monitor from cron and /etc/rc.d/rc.local startup of nginx

To do

Add in support for file protect (better to get cloudlinux with cagefs anyway)
Add in DA support
Add in removal script

John Quaglieri
InterServer Inc

Install clamavconnector (cpanel addon) from SSH

I avoid logging into WHM whenever possible, relying on ssh, and normally cpanel as script or command so WHM can be avoided. I’ve been looking around for a way to install clamavconnector with out logging into WHM and enabling it in the addons section. Unfortunatly there is no script to do this with cpanel. However after enabling it a few times in WHM, I was able to write my own script to do this.

The script is below, if the plugin is installed already the update addon WHM script is called. This has been tested in i686 and x86_64 only.

[code]
#!/bin/bash

# small sanity checks
if [ ! -e /etc/redhat-release ]; then
echo ‘Tested on rhel only’;
exit;
fi

if [ ! -e /usr/local/cpanel ]; then
echo ‘Requires cpanel’;
exit;
fi

#make dir if it doesn’t exist
mkdir -p /usr/local/cpanel/modules-install
cd /usr/local/cpanel/modules-install

# supports i686 and x86_64
arch=`uname -m`;

if [ ! -d clamavconnector-Linux-${arch} ]; then
if [ -f clamavconnector-Linux-${arch}.tar.bz2 ]; then
/bin/rm clamavconnector-Linux-${arch}.tar.bz2
fi
wget http://httpupdate.cpanel.net/cpanelsync/addons/modules/clamavconnector-Linux-${arch}.tar.bz2
if [ -e clamavconnector-Linux-${arch}.tar.bz2 ]; then
tar -jxvf clamavconnector-Linux-${arch}.tar.bz2
rm clamavconnector-Linux-${arch}.tar.bz2
cd clamavconnector-Linux-${arch}
./install
fi
else
echo “clamav installed already, updating”;
/usr/local/cpanel/whostmgr/bin/whostmgr2 –updateaddons
fi

[/code]

Restore cpanel incremental backups in ssh

If you try to restore incremental backups with pkgacct you’ll find at first the backup will not restore. An undocumented feature is you can rename the backup file to cpmove-username and then run restorepkg. In the default set up cpanel will also remove the backup file when done, with “Cleaning up extract directory”, so before the restore you can run chattr +i cpmove-username to keep the directory. When done run chattr -ia cpmove-username and move the folder back to its original name.

I wrote up a script that can be used to restore all incremental backups in a folder as well. Set DIR to be the full path where the files are located. The ARGS variable can be set with restorepkg options like –skipres and/or –force.


#!/bin/bash

DIR='/mnt/cpbackup/daily'
# add restorepkg args like --skipres --force
ARGS='';

cd $DIR
for i in *; do
#format username/cp/username
if [ -e $i/cp/$i ]; then
# rename backup
mv -v $i cpmove-$i
if [ ! -d cpmove-$i ]; then
echo "Error: cpmove-$i does not exist, is the file system read only?";
return;
fi
# otherwise cpanel will "Cleaning up extract directory" and remove the backup
chattr +iv cpmove-$i
/scripts/restorepkg $ARGS $DIR/cpmove-$i
# move backup file back
chattr -iv cpmove-$i
mv -v cpmove-$i $i
fi
done

cPanel’s spamassassin outgoing mail scan

cPanel now can have spamassassin scan outgoing mail. This is something that is a great feature to enable. You may have a secure server setup, emails per hour limited, php mail header patch on or other ability to track mail – but there is no sure way to keep every spam script out of your servers.

With this feature enabled, spamassassin will drop mail over a certain score. Originally you could only have the feature on or off, and not set a spam score but recent updates allow you to set a score.

If you are like me, you might rarely log into WHM, but want to enable this feature. Luckily you can from SSH.

For a score of 10 on outgoing spam set

acl_outgoing_spam_scan_over_int=100

in /etc/exim.conf.localopts

To use the default spamassasin score set
acl_outgoing_spam_scan=1

In the /etc/exim.conf.localopts file and do not set acl_outgoing_spam_scan_over_int

When done run

/scripts/buildeximconf