Plesk: Close ports 8443 and 8880, and make Plesk available via subdomain

März 6th, 2017
  1. Create new subdomain, e.g. plesk.mydomain.com, enable SSL while disabling all PHP and so on
  2. Create and apply a certificate for SSL (Let's Encrypt should be sufficient)
  3. Now open the "Apache2 & Nginx Settings" dialog for that particular subdomain
  4. Under Additional Apache directives:
  5. Additional directives for HTTP:
    1. RewriteEngine on
      ProxyRequests Off
      ProxyPass /.well-known !

  6.  Additional directives for HTTPS:
    1. RewriteEngine on
      ProxyRequests Off
      ProxyVia On

      ProxyPass /.well-known/ !

      ProxyPass / http://127.0.0.1:8880/
      ProxyPassReverse /  http://127.0.0.1:8880/

      SSLProxyEngine On
      <Proxy *>
          Order deny,allow
          Deny from all
          Allow from all
      </Proxy>
  7.  Under nginx settings:
    1. Check Proxy Mode
    2. Uncheck Smart static files processing 

There was an error with that on one of my servers: There the redirect worked only after adding some other, additional subdirectory also being redirected to this subdomain before the main ProxyPass statement (also via ProxyPass and ProxyPassreverse). You might simply copy the lines of the main redirect and modify the first one so that it points to a subdirectory. However, I never found out why and when that happened.

In general, you have to be aware of the fact that if during the configuration the nginx or the apache2 have to be restarted (which happens quite often...), you always receive a "502 bad gateway" error at first. Then, just refresh the browser window (e.g. using F5), and you will get the original result.

 

Plesk Backup failed: Sitebuilder error

März 6th, 2017

Sometimes the Plesk backup fails due to some undefined error in saving the Sitebuilder database. This database has to exist even if no Sitebuilder is used at the server. How can you work around this issue?

  • Create a new, empty database named "sitebuilder5" and make sure Plesk has the rights to access it (as for the rights, usually there is nothing to do)
  • Now run the following two commands (as root):
    • /usr/local/psa/bin/sw-engine-pleskrun /usr/local/sb/utils/configure.php --init_db --merge_config --db_admin_name=admin --db_admin_passwd=`cat /etc/psa/.psa.shadow`

    • /usr/local/psa/bin/sw-engine-pleskrun /usr/local/sb/utils/post_configure.php

  • From now on everything should work as expected again.

 (see also https://support.plesk.com/hc/en-us/articles/213959605)

 

If your customers do not use Sitebuilder (aka Web Presence Builder), you can disable it for them via the following command:

mysql -Ns -uadmin -p`cat /etc/psa/.psa.shadow` psa -Ne" select d.name from domains d JOIN Subscriptions s on (s.object_id=d.id and s.object_type='domain' and d.webspace_id=0) LEFT JOIN SubscriptionProperties sp on (s.id=sp.subscription_id and sp.name='limitsId') LEFT JOIN Limits l on (l.id=sp.value and sp.name='limitsId') where l.limit_name='max_site_builder' and l.value<>0;"|while read d;do /usr/local/psa/bin/domain_pref -u $d -max_site_builder 0;done

Powershell: Get the length of directory and file names

Februar 10th, 2017

 Using Powershell you could easily get the total length of path names:

cmd /c dir D:\DIRECTORYNAME /s /b |? {$_.length -gt 248}

This shows all files and folders with names that exceed 248 characters ("-gt 248") in the directory "D:\DIRECTORYNAME".

 

 

 

 

Plesk: Using PHP without getting error messages all the time...

Januar 2nd, 2017

When using PHP as FPM in the default Plesk configuration you will often experience that the website is down.

In the PHP error log file (e.g. /var/log/plesk-php70-fpm/error.log) you will see one of the following errors:

  • WARNING: [example.com] server reached max_children setting (5), consider raising it
  • ERROR: unable to read what child say: Bad file descriptor (9)

The reason is a really unreasonable default configration by Plesk.

The original, default config of Plesk looks like this:

pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
; Following pm.* options are used only when 'pm = dynamic'
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1

That means, on a usual system there are way too few possible child servers available for the requests. And since pm is set to "ondemand" most of the other options would not work at all.

Solution:

Create a php.ini file in each domain config directory, that is, /var/www/vhosts/system/[yourdomain.com]/conf/ containing the following lines:

[php-fpm-pool-settings]
pm = dynamic  
pm.max_children = 75
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 8
pm.max_requests = 500

Of course, you have to play around a bit at least with the pm.max_children as well as the pm.min_spare_servers values since each child process also costs memory. Else you could easily run out of memory, which would also not be the preferred solution :-)

Next, issue the following command:

/usr/local/psa/bin/php_settings -u

This updates the PHP configuration of Plesk with the new settings.

And last but not least, restart the PHP FPM processes themselves:

service plesk-php70-fpm restart

where "70" is the version of PHP you want to restart. E. g. for PHP 5.6 ou would use "plesk-php56-fpm".

 

Plesk: In SSL, use only safe DHE EC curves and enable HTTP Strict Transport Security (HSTS)

November 15th, 2016

Enable Nginx first.

/usr/local/psa/admin/bin/nginxmng --enable

Now, create a safe ECDHE private key

openssl dhparam -outform PEM -out /etc/nginx/dhparam4096.pem 4096

This will take some time. Make sure the file has been successfully created.

Now navigate to the following folder:

/opt/psa/admin/conf/templates

Create a folder named "custom"

Copy the following files from the "default" subfolder:

default/domain/nginxDomainVirtualHost.php to custom/domain/nginxDomainVirtualHost.php

default/server/nginxVhosts.php to custom/server/nginxVhosts.php

default/webmail/nginxWebmailPartial.php to custom/webmail/nginxWebmailPartial.php

 

In the custom nginxDomainVirtualHost.php, search for the following lines:

  ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
<?php       endif ?>

Directly thereafter, in the next line, insert the following lines:

# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ssl_session_cache           shared:SSL:10m;
    ssl_session_timeout         10m;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                 HIGH:!RC4:!eNULL:!aNULL:!LOW:!EXP:!MD5;
    ssl_prefer_server_ciphers   on;
    ssl_dhparam                 /etc/nginx/dhparam4096.pem;
    ssl_ecdh_curve              secp384r1;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

In the custom nginxVhosts.php, search for the following lines:

  ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
<?php       endif ?>

Directly thereafter, insert the following lines:

 # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                 HIGH:!RC4:!eNULL:!aNULL:!LOW:!EXP:!MD5;
    ssl_prefer_server_ciphers   on;
    ssl_dhparam                 /etc/nginx/dhparam4096.pem;
    ssl_ecdh_curve              secp384r1;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Do the same with the custom nginxWebmailPartial.php

Now, issue the following command:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Voilá, you have secured your Webserver...

Plesk: Fehler bei mchk beheben

November 15th, 2016

Fehlermeldung bei mchk --with-spam:

==> Checking for: mail_outgoing_restore... fail
==> Checking for: mail_transport_restore... ok
Errors occured in mail restore procedure
Some utilities have exited with errors:
  /usr/lib/plesk-9.0/remote_mail_restore/mail_outgoing_restore

Manuelles Aufrufen von mail_outgoing_restore führt zu folgender Fehlermeldung:

ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/mail_outgoing_restore.worker' '--start' '--finish'] with exit code [1]
Error: START httpd_modules_ctl --enable sysenv
Module sysenv already enabled
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:
Command '['/opt/psa/admin/sbin/httpd_modules_ctl', '--enable', 'sysenv']' returned non-zero exit status 1

Manuelles Aufrufen von  httpd_modules_ctl --enable sysenv führt zu folgender Fehlermeldung;

START httpd_modules_ctl --enable sysenv
Module sysenv already enabled
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:
websrvmng: /opt/psa/admin/sbin/apache_control_adapter execution failed:

D. h die Fehlermeldung kam eigentlich von httpd_modules_ctl

Ein Restart des Apache2 brachte nicht das gewünschte Ergebnis, sondern nur weitere Fehlermeldungen.

LÖSUNG: Der apache2 hatte einige Zombie-Prozesse hinterlassen (Das sind nicht mehr funktionsfähige Prozesse).  Diese waren erst manuell durch kill einzeln zu beenden, dann Apache neu zu starten, dann lief auch mchk wieder problemlos durch

 

Bash: Größe aller Mailboxen anzeigen

April 21st, 2015

Die Größe aller Mailboxen anzeigen (QMail/Postfix/Courier/Dovecot - die größten zuerst):

if [ -d /var/qmail/mailnames ]; then 
echo -ne "\n\n=== MAILBOXES ===\n"
cd /var/qmail/mailnames && TMB=$(du -ks */* 2>/dev/null | sort -nr | cut -f2)
if [ -n "$TMB" ]; then
   echo "$TMB" | xargs du -sh
fi
 echo "[`find . -mindepth 2 -maxdepth 2 -type d | wc -l` Mailboxes - Total `du -hs | cut -f1`  ]"
fi


(Fürs Kopieren: Die Zeilen mögen über den dargestellten Rand hinausgehen)

Bash: Alle Dateien ohne weitere Hard Links finden

April 21st, 2015

Auflisten aller Dateien des aktuellen Verzeichnisses, die nur einen einzigen Verzeichnis-Eintrag haben (also nicht anderweitige Hard Links besitzen)

find . -type f ! -links 1

Plesk: Alle Benutzer-Datenbanken exportieren

April 21st, 2015

Hier der Einzeiler:

( $PATH_BACKUP steht für den Pfad, auf dem die Backups erzeugt werden sollen. Diese Variable einfach vorher setzen)

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -Ns -e"select name from data_bases where type = 'mysql'" | while read dbname ; do mysqldump -uadmin -p`cat /etc/psa/.psa.shadow` --databases $dbname > $PATH_BACKUP/mysql.$dbname.sql ; done

Bash: Leerzeilen in Variable bzw. Ausgabe eines Programms löschen

April 21st, 2015

Als Pipe:

   ....    | grep -v ^$

Erklärung: ^ = Zeilenanfang, $ = Zeichenende, nichts dazwischen

Plesk: Alle Releases anzeigen

April 5th, 2015

Hier der entsprechende Befehl:

/opt/psa/admin/bin/autoinstaller --all-versions

Microsoft: Welcome to MS-DOS mobile

April 4th, 2015

 

Hier die App für Windows Phone

 Fun commands:

  • COLOR: alter the MS-DOS appearance with a variety of colors
  • DATE: display the date in case you forgot it’s April Fools’ Day
  • VER: shows the current MS-DOS version
  • FORMAT: use format c: and Cortana will save the day
  • WIN: launch Windows 3.1
  • A: type A: to try and access a floppy disk
  • HELP: discover all the commands

Der aktuelle Aprilscherz... ...oder doch nicht??? :D

Plesk: Diverse MySQL Queries

April 2nd, 2015

Anzeigen verschiedener Informationen aus der Plesk Datenbank

Mailboxes

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name, concat(mail.mail_name,'@',domains.name) as myEMail, mail.redirect, mail.redir_addr, mail.mail_group,mail_redir.address from domains,mail left join mail_redir on mail_redir.mn_id = mail.id WHERE domains.id=mail.dom_id order by domains.name ASC,mail.mail_name ASC ;"

Mailbox: Accounts

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"SELECT mail.mail_name, accounts.password, domains.name FROM mail, accounts, domains WHERE domains.id=mail.dom_id AND mail.account_id=accounts.id ASC ;"

Mailbox: Aliases

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select mail.mail_name, domains.name, mail_aliases.alias from mail, domains, mail_aliases where mail.dom_id=domains.id and mail.id=mail_aliases.mn_id;"

Mailbox: Groups

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select mail.mail_name as group_mailbox,domains.name,mail_redir.address as group_member from mail,domains,mail_redir where mail.dom_id=domains.id and mail.id=mail_redir.mn_id and mail.mail_group='true' order by domains.name,mail.mail_name,mail_redir.address;"

Mailbox: Catchall

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name,Parameters.value from domains,Parameters,DomainServices where DomainServices.type='mail' and Parameters.value in ('catch','reject','bounce') and domains.id=DomainServices.dom_id and DomainServices.parameters_id=Parameters.id order by Parameters.value,domains.name;"

Mailbox: Redirects

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name, concat(mail.mail_name,'@',domains.name) as myEMail, mail.redirect, mail.redir_addr, mail.mail_group,mail_redir.address from domains,mail left join mail_redir on mail_redir.mn_id = mail.id WHERE domains.id=mail.dom_id and mail_redir.address is not Null order by domains.name ASC,mail.mail_name ASC ;"

Customers (Kunden)

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select clients.login, accounts.password from clients,accounts where clients.account_id=accounts.id ASC ;"

FTP Users

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name,sys_users.login from domains,sys_users,hosting,accounts where domains.id=hosting.dom_id and hosting.sys_user_id=sys_users.id and sys_users.account_id=accounts.id order by domains.name;"

Domains: Disk Usage

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select domains.name,disk_usage.*,httpdocs+httpsdocs+subdomains+web_users+anonftp+logs+dbases+mailboxes+webapps+maillists+domaindumps+configs+chroot as total from domains,disk_usage where domains.id=disk_usage.dom_id order by total;"

Domains

mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e"select name, cr_date, adminDescription from domains;"

Users

mysql -u admin -p`cat /etc/psa/.psa.shadow` -e "SELECT type, cr_date,  pname, login, email, id from clients;" psa

Bash: Umgang mit Datumsfunktionen

April 2nd, 2015

Einige Beispiele für Datumsfunktionen:

DATE_CURRENT=`date +"%y-%m-%d"`
DATE_CURRENT_ENGLISH="`LC_ALL=en_US.utf8 date +"%b"` `date +" %d"`"
DATE_PRINT=`date +"%m/%d/%y"`
TIME_CURRENT=`date +"%H-%M-%S"`
YESTERDAY=`date -d yesterday +"%y-%m-%d"`

YEAR=`date +"%Y"`
MONTH=`LC_ALL=en_US.utf8 date +"%b"`
DAY=`date +"%d"`
LAST_MONTH=`LC_ALL=en_US.utf8 date -d  last-month +"%b"`

Bash: Alle Dateinamen auf Lowercase (Kleinschreibung)

April 2nd, 2015

Hier ein Einzeiler, der alle Datei- und Verzeichnisnamen eines Verzeichnisses (hier UNTERVERZEICHNIS genannt) auf Lowercase bringt:

find UNTERVERZEICHNIS -depth -exec rename 's/(.*)\/([^\/]*)/$1\/\L$2/' {} \;