Plesk: Close ports 8443 and 8880, and make Plesk available via subdomain
März 6th, 2017- Create new subdomain, e.g. plesk.mydomain.com, enable SSL while disabling all PHP and so on
- Create and apply a certificate for SSL (Let's Encrypt should be sufficient)
- Now open the "Apache2 & Nginx Settings" dialog for that particular subdomain
- Under Additional Apache directives:
- Additional directives for HTTP:
- RewriteEngine on
ProxyRequests Off
ProxyPass /.well-known ! - Additional directives for HTTPS:
- RewriteEngine on
ProxyRequests Off
ProxyVia On
ProxyPass /.well-known/ !
ProxyPass / http://127.0.0.1:8880/
ProxyPassReverse / http://127.0.0.1:8880/
SSLProxyEngine On
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy> - Under nginx settings:
- Check Proxy Mode
- Uncheck Smart static files processing
There was an error with that on one of my servers: There the redirect worked only after adding some other, additional subdirectory also being redirected to this subdomain before the main ProxyPass statement (also via ProxyPass and ProxyPassreverse). You might simply copy the lines of the main redirect and modify the first one so that it points to a subdirectory. However, I never found out why and when that happened.
In general, you have to be aware of the fact that if during the configuration the nginx or the apache2 have to be restarted (which happens quite often...), you always receive a "502 bad gateway" error at first. Then, just refresh the browser window (e.g. using F5), and you will get the original result.
Plesk Backup failed: Sitebuilder error
März 6th, 2017Sometimes the Plesk backup fails due to some undefined error in saving the Sitebuilder database. This database has to exist even if no Sitebuilder is used at the server. How can you work around this issue?
- Create a new, empty database named "sitebuilder5" and make sure Plesk has the rights to access it (as for the rights, usually there is nothing to do)
- Now run the following two commands (as root):
-
/usr/local/psa/bin/sw-engine-pleskrun /usr/local/sb/utils/configure.php --init_db --merge_config --db_admin_name=admin --db_admin_passwd=`cat /etc/psa/.psa.shadow`
-
/usr/local/psa/bin/sw-engine-pleskrun /usr/local/sb/utils/post_configure.php
- From now on everything should work as expected again.
(see also https://support.plesk.com/hc/en-us/articles/213959605)
If your customers do not use Sitebuilder (aka Web Presence Builder), you can disable it for them via the following command:
mysql -Ns -uadmin -p`cat /etc/psa/.psa.shadow` psa -Ne" select d.name from domains d JOIN Subscriptions s on (s.object_id=d.id and s.object_type='domain' and d.webspace_id=0) LEFT JOIN SubscriptionProperties sp on (s.id=sp.subscription_id and sp.name='limitsId') LEFT JOIN Limits l on (l.id=sp.value and sp.name='limitsId') where l.limit_name='max_site_builder' and l.value<>0;"|while read d;do /usr/local/psa/bin/domain_pref -u $d -max_site_builder 0;done
Powershell: Get the length of directory and file names
Februar 10th, 2017Using Powershell you could easily get the total length of path names:
cmd /c dir D:\DIRECTORYNAME /s /b |? {$_.length -gt 248}
This shows all files and folders with names that exceed 248 characters ("-gt 248") in the directory "D:\DIRECTORYNAME".
Plesk: Using PHP without getting error messages all the time...
Januar 2nd, 2017When using PHP as FPM in the default Plesk configuration you will often experience that the website is down.
In the PHP error log file (e.g. /var/log/plesk-php70-fpm/error.log) you will see one of the following errors:
- WARNING: [example.com] server reached max_children setting (5), consider raising it
- ERROR: unable to read what child say: Bad file descriptor (9)
The reason is a really unreasonable default configration by Plesk.
The original, default config of Plesk looks like this:
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
; Following pm.* options are used only when 'pm = dynamic'
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
That means, on a usual system there are way too few possible child servers available for the requests. And since pm is set to "ondemand" most of the other options would not work at all.
Solution:
Create a php.ini file in each domain config directory, that is, /var/www/vhosts/system/[yourdomain.com]/conf/ containing the following lines:
[php-fpm-pool-settings]
pm = dynamic
pm.max_children = 75
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 8
pm.max_requests = 500
Of course, you have to play around a bit at least with the pm.max_children as well as the pm.min_spare_servers values since each child process also costs memory. Else you could easily run out of memory, which would also not be the preferred solution :-)
Next, issue the following command:
/usr/local/psa/bin/php_settings -u
This updates the PHP configuration of Plesk with the new settings.
And last but not least, restart the PHP FPM processes themselves:
service plesk-php70-fpm restart
where "70" is the version of PHP you want to restart. E. g. for PHP 5.6 ou would use "plesk-php56-fpm".
Plesk: In SSL, use only safe DHE EC curves and enable HTTP Strict Transport Security (HSTS)
November 15th, 2016Enable Nginx first.
/usr/local/psa/admin/bin/nginxmng --enable
Now, create a safe ECDHE private key
openssl dhparam -outform PEM -out /etc/nginx/dhparam4096.pem 4096
This will take some time. Make sure the file has been successfully created.
Now navigate to the following folder:
/opt/psa/admin/conf/templates
Create a folder named "custom"
Copy the following files from the "default" subfolder:
default/domain/nginxDomainVirtualHost.php to custom/domain/nginxDomainVirtualHost.php
default/server/nginxVhosts.php to custom/server/nginxVhosts.php
default/webmail/nginxWebmailPartial.php to custom/webmail/nginxWebmailPartial.php
In the custom nginxDomainVirtualHost.php, search for the following lines:
ssl_client_certificate <?php echo $sslCertificate->caFilePath ?>;
<?php endif ?>
Directly thereafter, in the next line, insert the following lines:
# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!eNULL:!aNULL:!LOW:!EXP:!MD5;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam4096.pem;
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
In the custom nginxVhosts.php, search for the following lines:
ssl_client_certificate <?php echo $sslCertificate->caFilePath ?>;
<?php endif ?>
Directly thereafter, insert the following lines:
# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!RC4:!eNULL:!aNULL:!LOW:!EXP:!MD5;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam4096.pem;
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Do the same with the custom nginxWebmailPartial.php
Now, issue the following command:
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
Voilá, you have secured your Webserver...
Plesk: Fehler bei mchk beheben
November 15th, 2016Fehlermeldung bei mchk --with-spam:
==> Checking for: mail_outgoing_restore... fail
==> Checking for: mail_transport_restore... ok
Errors occured in mail restore procedure
Some utilities have exited with errors:
/usr/lib/plesk-9.0/remote_mail_restore/mail_outgoing_restore
Manuelles Aufrufen von mail_outgoing_restore führt zu folgender Fehlermeldung:
ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/mail_outgoing_restore.worker' '--start' '--finish'] with exit code [1]
Error: START httpd_modules_ctl --enable sysenv
Module sysenv already enabled
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:
Command '['/opt/psa/admin/sbin/httpd_modules_ctl', '--enable', 'sysenv']' returned non-zero exit status 1
Manuelles Aufrufen von httpd_modules_ctl --enable sysenv führt zu folgender Fehlermeldung;
START httpd_modules_ctl --enable sysenv
Module sysenv already enabled
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:
D. h die Fehlermeldung kam eigentlich von httpd_modules_ctl
Ein Restart des Apache2 brachte nicht das gewünschte Ergebnis, sondern nur weitere Fehlermeldungen.
LÖSUNG: Der apache2 hatte einige Zombie-Prozesse hinterlassen (Das sind nicht mehr funktionsfähige Prozesse). Diese waren erst manuell durch kill einzeln zu beenden, dann Apache neu zu starten, dann lief auch mchk wieder problemlos durch
Bash: Größe aller Mailboxen anzeigen
April 21st, 2015Die Größe aller Mailboxen anzeigen (QMail/Postfix/Courier/Dovecot - die größten zuerst):
if [ -d /var/qmail/mailnames ]; then
echo -ne "\n\n=== MAILBOXES ===\n"
cd /var/qmail/mailnames && TMB=$(du -ks */* 2>/dev/null | sort -nr | cut -f2)
if [ -n "$TMB" ]; then
echo "$TMB" | xargs du -sh
fi
echo "[`find . -mindepth 2 -maxdepth 2 -type d | wc -l` Mailboxes - Total `du -hs | cut -f1` ]"
fi
(Fürs Kopieren: Die Zeilen mögen über den dargestellten Rand hinausgehen)
Bash: Alle Dateien ohne weitere Hard Links finden
April 21st, 2015Auflisten aller Dateien des aktuellen Verzeichnisses, die nur einen einzigen Verzeichnis-Eintrag haben (also nicht anderweitige Hard Links besitzen)
find . -type f ! -links 1
Plesk: Alle Benutzer-Datenbanken exportieren
April 21st, 2015Hier der Einzeiler:
( $PATH_BACKUP steht für den Pfad, auf dem die Backups erzeugt werden sollen. Diese Variable einfach vorher setzen)
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -Ns -e"select name from data_bases where type = 'mysql'" | while read dbname ; do mysqldump -uadmin -p`cat /etc/psa/.psa.shadow` --databases $dbname > $PATH_BACKUP/mysql.$dbname.sql ; done
Bash: Leerzeilen in Variable bzw. Ausgabe eines Programms löschen
April 21st, 2015Als Pipe:
.... | grep -v ^$
Erklärung: ^ = Zeilenanfang, $ = Zeichenende, nichts dazwischen
Plesk: Alle Releases anzeigen
April 5th, 2015Hier der entsprechende Befehl:
/opt/psa/admin/bin/autoinstaller --all-versions
Microsoft: Welcome to MS-DOS mobile
April 4th, 2015
Hier die App für Windows Phone
Fun commands:
- COLOR: alter the MS-DOS appearance with a variety of colors
- DATE: display the date in case you forgot it’s April Fools’ Day
- VER: shows the current MS-DOS version
- FORMAT: use format c: and Cortana will save the day
- WIN: launch Windows 3.1
- A: type A: to try and access a floppy disk
- HELP: discover all the commands
Der aktuelle Aprilscherz... ...oder doch nicht??? :D
Plesk: Diverse MySQL Queries
April 2nd, 2015Anzeigen verschiedener Informationen aus der Plesk Datenbank
Mailboxes
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name, concat(mail.mail_name,'@',domains.name) as myEMail, mail.redirect, mail.redir_addr, mail.mail_group,mail_redir.address from domains,mail left join mail_redir on mail_redir.mn_id = mail.id WHERE domains.id=mail.dom_id order by domains.name ASC,mail.mail_name ASC ;"
Mailbox: Accounts
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"SELECT mail.mail_name, accounts.password, domains.name FROM mail, accounts, domains WHERE domains.id=mail.dom_id AND mail.account_id=accounts.id ASC ;"
Mailbox: Aliases
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select mail.mail_name, domains.name, mail_aliases.alias from mail, domains, mail_aliases where mail.dom_id=domains.id and mail.id=mail_aliases.mn_id;"
Mailbox: Groups
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select mail.mail_name as group_mailbox,domains.name,mail_redir.address as group_member from mail,domains,mail_redir where mail.dom_id=domains.id and mail.id=mail_redir.mn_id and mail.mail_group='true' order by domains.name,mail.mail_name,mail_redir.address;"
Mailbox: Catchall
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name,Parameters.value from domains,Parameters,DomainServices where DomainServices.type='mail' and Parameters.value in ('catch','reject','bounce') and domains.id=DomainServices.dom_id and DomainServices.parameters_id=Parameters.id order by Parameters.value,domains.name;"
Mailbox: Redirects
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name, concat(mail.mail_name,'@',domains.name) as myEMail, mail.redirect, mail.redir_addr, mail.mail_group,mail_redir.address from domains,mail left join mail_redir on mail_redir.mn_id = mail.id WHERE domains.id=mail.dom_id and mail_redir.address is not Null order by domains.name ASC,mail.mail_name ASC ;"
Customers (Kunden)
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select clients.login, accounts.password from clients,accounts where clients.account_id=accounts.id ASC ;"
FTP Users
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name,sys_users.login from domains,sys_users,hosting,accounts where domains.id=hosting.dom_id and hosting.sys_user_id=sys_users.id and sys_users.account_id=accounts.id order by domains.name;"
Domains: Disk Usage
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name,disk_usage.*,httpdocs+httpsdocs+subdomains+web_users+anonftp+logs+dbases+mailboxes+webapps+maillists+domaindumps+configs+chroot as total from domains,disk_usage where domains.id=disk_usage.dom_id order by total;"
Domains
mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select name, cr_date, adminDescription from domains;"
Users
mysql -u admin -p`cat /etc/psa/.psa.shadow` -e "SELECT type, cr_date, pname, login, email, id from clients;" psa
Bash: Umgang mit Datumsfunktionen
April 2nd, 2015Einige Beispiele für Datumsfunktionen:
DATE_CURRENT=`date +"%y-%m-%d"`
DATE_CURRENT_ENGLISH="`LC_ALL=en_US.utf8 date +"%b"` `date +" %d"`"
DATE_PRINT=`date +"%m/%d/%y"`
TIME_CURRENT=`date +"%H-%M-%S"`
YESTERDAY=`date -d yesterday +"%y-%m-%d"`
YEAR=`date +"%Y"`
MONTH=`LC_ALL=en_US.utf8 date +"%b"`
DAY=`date +"%d"`
LAST_MONTH=`LC_ALL=en_US.utf8 date -d last-month +"%b"`
Bash: Alle Dateinamen auf Lowercase (Kleinschreibung)
April 2nd, 2015Hier ein Einzeiler, der alle Datei- und Verzeichnisnamen eines Verzeichnisses (hier UNTERVERZEICHNIS genannt) auf Lowercase bringt:
find UNTERVERZEICHNIS -depth -exec rename 's/(.*)\/([^\/]*)/$1\/\L$2/' {} \;