• Home

Items filtered by date: December 2015

Thursday, 23 December 2021 08:47

My InnoDB Notes

InnoDB is the better engine and is the one I will be using in all of my projects. InnoDB is faster and more resilient to errors.

These article brings together all of my InnoDB notes which were built while trying to get my head around the different SQL engines (InnoDB vs MyISAM) and which one to use.

my.cnf / my.ini Example with Annotations

This is an example my.cnf/my.ini (my-innodb-heavy-4G.ini) taken from an old version of Xampp running on Windows. This is useful because it has annotations against a lot of the settings.

#BEGIN CONFIG INFO
#DESCR: 4GB RAM, InnoDB only, ACID, few connections, heavy queries
#TYPE: SYSTEM
#END CONFIG INFO

#
# This is a MySQL example config file for systems with 4GB of memory
# running mostly MySQL using InnoDB only tables and performing complex
# queries with few connections.
# 
# MySQL programs look for option files in a set of
# locations which depend on the deployment platform.
# You can copy this option file to one of those
# locations. For information about these locations, see:
# http://dev.mysql.com/doc/mysql/en/option-files.html
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.
#
# More detailed information about the individual options can also be
# found in the manual.
#

#
# The following options will be read by MySQL client applications.
# Note that only client applications shipped by MySQL are guaranteed
# to read this section. If you want your own MySQL client program to
# honor these values, you need to specify it as an option during the
# MySQL client library initialization.
#
[client]
#password	= [your_password]
port		= 3306
socket		= /tmp/mysql.sock

# *** Application-specific options follow here ***

#
# The MySQL server
#
[mysqld]

# generic configuration options
port		= 3306
socket		= /tmp/mysql.sock

# back_log is the number of connections the operating system can keep in
# the listen queue, before the MySQL connection manager thread has
# processed them. If you have a very high connection rate and experience
# "connection refused" errors, you might need to increase this value.
# Check your OS documentation for the maximum value of this parameter.
# Attempting to set back_log higher than your operating system limit
# will have no effect.
back_log = 50

# Don't listen on a TCP/IP port at all. This can be a security
# enhancement, if all processes that need to connect to mysqld run
# on the same host.  All interaction with mysqld must be made via Unix
# sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#skip-networking

# The maximum amount of concurrent sessions the MySQL server will
# allow. One of these connections will be reserved for a user with
# SUPER privileges to allow the administrator to login even if the
# connection limit has been reached.
max_connections = 100

# Maximum amount of errors allowed per host. If this limit is reached,
# the host will be blocked from connecting to the MySQL server until
# "FLUSH HOSTS" has been run or the server was restarted. Invalid
# passwords and other errors during the connect phase result in
# increasing this value. See the "Aborted_connects" status variable for
# global counter.
max_connect_errors = 10

# The number of open tables for all threads. Increasing this value
# increases the number of file descriptors that mysqld requires.
# Therefore you have to make sure to set the amount of open files
# allowed to at least 4096 in the variable "open-files-limit" in
# section [mysqld_safe]
table_open_cache = 2048

# Enable external file level locking. Enabled file locking will have a
# negative impact on performance, so only use it in case you have
# multiple database instances running on the same files (note some
# restrictions still apply!) or if you use other software relying on
# locking MyISAM tables on file level.
#external-locking

# The maximum size of a query packet the server can handle as well as
# maximum query size server can process (Important when working with
# large BLOBs).  enlarged dynamically, for each connection.
max_allowed_packet = 16M

# The size of the cache to hold the SQL statements for the binary log
# during a transaction. If you often use big, multi-statement
# transactions you can increase this value to get more performance. All
# statements from transactions are buffered in the binary log cache and
# are being written to the binary log at once after the COMMIT.  If the
# transaction is larger than this value, temporary file on disk is used
# instead.  This buffer is allocated per connection on first update
# statement in transaction
binlog_cache_size = 1M

# Maximum allowed size for a single HEAP (in memory) table. This option
# is a protection against the accidential creation of a very large HEAP
# table which could otherwise use up all memory resources.
max_heap_table_size = 64M

# Size of the buffer used for doing full table scans.
# Allocated per thread, if a full scan is needed.
read_buffer_size = 2M

# When reading rows in sorted order after a sort, the rows are read
# through this buffer to avoid disk seeks. You can improve ORDER BY
# performance a lot, if set this to a high value.
# Allocated per thread, when needed.
read_rnd_buffer_size = 16M

# Sort buffer is used to perform sorts for some ORDER BY and GROUP BY
# queries. If sorted data does not fit into the sort buffer, a disk
# based merge sort is used instead - See the "Sort_merge_passes"
# status variable. Allocated per thread if sort is needed.
sort_buffer_size = 8M

# This buffer is used for the optimization of full JOINs (JOINs without
# indexes). Such JOINs are very bad for performance in most cases
# anyway, but setting this variable to a large value reduces the
# performance impact. See the "Select_full_join" status variable for a
# count of full JOINs. Allocated per thread if full join is found
join_buffer_size = 8M

# How many threads we should keep in a cache for reuse. When a client
# disconnects, the client's threads are put in the cache if there aren't
# more than thread_cache_size threads from before.  This greatly reduces
# the amount of thread creations needed if you have a lot of new
# connections. (Normally this doesn't give a notable performance
# improvement if you have a good thread implementation.)
thread_cache_size = 8

# This permits the application to give the threads system a hint for the
# desired number of threads that should be run at the same time.  This
# value only makes sense on systems that support the thread_concurrency()
# function call (Sun Solaris, for example).
# You should try [number of CPUs]*(2..4) for thread_concurrency
thread_concurrency = 8

# Query cache is used to cache SELECT results and later return them
# without actual executing the same query once again. Having the query
# cache enabled may result in significant speed improvements, if your
# have a lot of identical queries and rarely changing tables. See the
# "Qcache_lowmem_prunes" status variable to check if the current value
# is high enough for your load.
# Note: In case your tables change very often or if your queries are
# textually different every time, the query cache may result in a
# slowdown instead of a performance improvement.
query_cache_size = 64M

# Only cache result sets that are smaller than this limit. This is to
# protect the query cache of a very large result set overwriting all
# other query results.
query_cache_limit = 2M

# Minimum word length to be indexed by the full text search index.
# You might wish to decrease it if you need to search for shorter words.
# Note that you need to rebuild your FULLTEXT index, after you have
# modified this value.
ft_min_word_len = 4

# If your system supports the memlock() function call, you might want to
# enable this option while running MySQL to keep it locked in memory and
# to avoid potential swapping out in case of high memory pressure. Good
# for performance.
#memlock

# Table type which is used by default when creating new tables, if not
# specified differently during the CREATE TABLE statement.
default-storage-engine = MYISAM

# Thread stack size to use. This amount of memory is always reserved at
# connection time. MySQL itself usually needs no more than 64K of
# memory, while if you use your own stack hungry UDF functions or your
# OS requires more stack for some operations, you might need to set this
# to a higher value.
thread_stack = 192K

# Set the default transaction isolation level. Levels available are:
# READ-UNCOMMITTED, READ-COMMITTED, REPEATABLE-READ, SERIALIZABLE
transaction_isolation = REPEATABLE-READ

# Maximum size for internal (in-memory) temporary tables. If a table
# grows larger than this value, it is automatically converted to disk
# based table This limitation is for a single table. There can be many
# of them.
tmp_table_size = 64M

# Enable binary logging. This is required for acting as a MASTER in a
# replication configuration. You also need the binary log if you need
# the ability to do point in time recovery from your latest backup.
log-bin=mysql-bin

# binary logging format - mixed recommended
binlog_format=mixed

# If you're using replication with chained slaves (A->B->C), you need to
# enable this option on server B. It enables logging of updates done by
# the slave thread into the slave's binary log.
#log_slave_updates

# Enable the full query log. Every query (even ones with incorrect
# syntax) that the server receives will be logged. This is useful for
# debugging, it is usually disabled in production use.
#log

# Print warnings to the error log file.  If you have any problem with
# MySQL you should enable logging of warnings and examine the error log
# for possible explanations. 
#log_warnings

# Log slow queries. Slow queries are queries which take more than the
# amount of time defined in "long_query_time" or which do not use
# indexes well, if log_short_format is not enabled. It is normally good idea
# to have this turned on if you frequently add new queries to the
# system.
slow_query_log

# All queries taking more than this amount of time (in seconds) will be
# trated as slow. Do not use "1" as a value here, as this will result in
# even very fast queries being logged from time to time (as MySQL
# currently measures time with second accuracy only).
long_query_time = 2


# ***  Replication related settings 


# Unique server identification number between 1 and 2^32-1. This value
# is required for both master and slave hosts. It defaults to 1 if
# "master-host" is not set, but will MySQL will not function as a master
# if it is omitted.
server-id = 1

# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
#    the syntax is:
#
#    CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
#    MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
#    where you replace <host>, <user>, <password> by quoted strings and
#    <port> by the master's port number (3306 by default).
#
#    Example:
#
#    CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
#    MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
#    start replication for the first time (even unsuccessfully, for example
#    if you mistyped the password in master-password and the slave fails to
#    connect), the slave will create a master.info file, and any later
#    changes in this file to the variable values below will be ignored and
#    overridden by the content of the master.info file, unless you shutdown
#    the slave server, delete master.info and restart the slaver server.
#    For that reason, you may want to leave the lines below untouched
#    (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id = 2
#
# The replication master for this slave - required
#master-host = <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user = <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password = <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port = <port>

# Make the slave read-only. Only users with the SUPER privilege and the
# replication slave thread will be able to modify data on it. You can
# use this to ensure that no applications will accidently modify data on
# the slave instead of the master
#read_only


#*** MyISAM Specific options


# Size of the Key Buffer, used to cache index blocks for MyISAM tables.
# Do not set it larger than 30% of your available memory, as some memory
# is also required by the OS to cache rows. Even if you're not using
# MyISAM tables, you should still set it to 8-64M as it will also be
# used for internal temporary disk tables.
key_buffer_size = 32M

# MyISAM uses special tree-like cache to make bulk inserts (that is,
# INSERT ... SELECT, INSERT ... VALUES (...), (...), ..., and LOAD DATA
# INFILE) faster. This variable limits the size of the cache tree in
# bytes per thread. Setting it to 0 will disable this optimisation.  Do
# not set it larger than "key_buffer_size" for optimal performance.
# This buffer is allocated when a bulk insert is detected.
bulk_insert_buffer_size = 64M

# This buffer is allocated when MySQL needs to rebuild the index in
# REPAIR, OPTIMIZE, ALTER table statements as well as in LOAD DATA INFILE
# into an empty table. It is allocated per thread so be careful with
# large settings.
myisam_sort_buffer_size = 128M

# The maximum size of the temporary file MySQL is allowed to use while
# recreating the index (during REPAIR, ALTER TABLE or LOAD DATA INFILE.
# If the file-size would be bigger than this, the index will be created
# through the key cache (which is slower).
myisam_max_sort_file_size = 10G

# If a table has more than one index, MyISAM can use more than one
# thread to repair them by sorting in parallel. This makes sense if you
# have multiple CPUs and plenty of memory.
myisam_repair_threads = 1

# Automatically check and repair not properly closed MyISAM tables.
myisam_recover

# *** INNODB Specific options ***

# Use this option if you have a MySQL server with InnoDB support enabled
# but you do not plan to use it. This will save memory and disk space
# and speed up some things.
#skip-innodb

# Additional memory pool that is used by InnoDB to store metadata
# information.  If InnoDB requires more memory for this purpose it will
# start to allocate it from the OS.  As this is fast enough on most
# recent operating systems, you normally do not need to change this
# value. SHOW INNODB STATUS will display the current amount used.
innodb_additional_mem_pool_size = 16M

# InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and
# row data. The bigger you set this the less disk I/O is needed to
# access data in tables. On a dedicated database server you may set this
# parameter up to 80% of the machine physical memory size. Do not set it
# too large, though, because competition of the physical memory may
# cause paging in the operating system.  Note that on 32bit systems you
# might be limited to 2-3.5G of user level memory per process, so do not
# set it too high.
innodb_buffer_pool_size = 2G

# InnoDB stores data in one or more data files forming the tablespace.
# If you have a single logical drive for your data, a single
# autoextending file would be good enough. In other cases, a single file
# per device is often a good choice. You can configure InnoDB to use raw
# disk partitions as well - please refer to the manual for more info
# about this.
innodb_data_file_path = ibdata1:10M:autoextend

# Set this option if you would like the InnoDB tablespace files to be
# stored in another location. By default this is the MySQL datadir.
#innodb_data_home_dir = <directory>

# Number of IO threads to use for async IO operations. This value is
# hardcoded to 8 on Unix, but on Windows disk I/O may benefit from a
# larger number.
innodb_write_io_threads = 8
innodb_read_io_threads = 8

# If you run into InnoDB tablespace corruption, setting this to a nonzero
# value will likely help you to dump your tables. Start from value 1 and
# increase it until you're able to dump the table successfully.
#innodb_force_recovery=1

# Number of threads allowed inside the InnoDB kernel. The optimal value
# depends highly on the application, hardware as well as the OS
# scheduler properties. A too high value may lead to thread thrashing.
innodb_thread_concurrency = 16

# If set to 1, InnoDB will flush (fsync) the transaction logs to the
# disk at each commit, which offers full ACID behavior. If you are
# willing to compromise this safety, and you are running small
# transactions, you may set this to 0 or 2 to reduce disk I/O to the
# logs. Value 0 means that the log is only written to the log file and
# the log file flushed to disk approximately once per second. Value 2
# means the log is written to the log file at each commit, but the log
# file is only flushed to disk approximately once per second.
innodb_flush_log_at_trx_commit = 1

# Speed up InnoDB shutdown. This will disable InnoDB to do a full purge
# and insert buffer merge on shutdown. It may increase shutdown time a
# lot, but InnoDB will have to do it on the next startup instead.
#innodb_fast_shutdown

# The size of the buffer InnoDB uses for buffering log data. As soon as
# it is full, InnoDB will have to flush it to disk. As it is flushed
# once per second anyway, it does not make sense to have it very large
# (even with long transactions). 
innodb_log_buffer_size = 8M

# Size of each log file in a log group. You should set the combined size
# of log files to about 25%-100% of your buffer pool size to avoid
# unneeded buffer pool flush activity on log file overwrite. However,
# note that a larger logfile size will increase the time needed for the
# recovery process.
innodb_log_file_size = 256M

# Total number of files in the log group. A value of 2-3 is usually good
# enough.
innodb_log_files_in_group = 3

# Location of the InnoDB log files. Default is the MySQL datadir. You
# may wish to point it to a dedicated hard drive or a RAID1 volume for
# improved performance
#innodb_log_group_home_dir

# Maximum allowed percentage of dirty pages in the InnoDB buffer pool.
# If it is reached, InnoDB will start flushing them out agressively to
# not run out of clean pages at all. This is a soft limit, not
# guaranteed to be held.
innodb_max_dirty_pages_pct = 90

# The flush method InnoDB will use for Log. The tablespace always uses
# doublewrite flush logic. The default value is "fdatasync", another
# option is "O_DSYNC".
#innodb_flush_method=O_DSYNC

# How long an InnoDB transaction should wait for a lock to be granted
# before being rolled back. InnoDB automatically detects transaction
# deadlocks in its own lock table and rolls back the transaction. If you
# use the LOCK TABLES command, or other transaction-safe storage engines
# than InnoDB in the same transaction, then a deadlock may arise which
# InnoDB cannot notice. In cases like this the timeout is useful to
# resolve the situation.
innodb_lock_wait_timeout = 120


[mysqldump]
# Do not buffer the whole result set in memory before writing it to
# file. Required for dumping very large tables
quick

max_allowed_packet = 16M

[mysql]
no-auto-rehash

# Only allow UPDATEs and DELETEs that use keys.
#safe-updates

[myisamchk]
key_buffer_size = 512M
sort_buffer_size = 512M
read_buffer = 8M
write_buffer = 8M

[mysqlhotcopy]
interactive-timeout

[mysqld_safe]
# Increase the amount of open files allowed per process. Warning: Make
# sure you have set the global system limit high enough! The high value
# is required for a large number of opened tables
open-files-limit = 8192

 

Published in MySQL
Read more...
Thursday, 16 December 2021 11:11

Create a Divi Theme Demo Site

There are a couple of ways that I know of to create a theme demo site and I will outline them below.

  • Single WordPress Website (Multiple Themes)
    • Pro
      • Probably only works for themes with builders
      • less files and WordPress installs
      • all theme templates are available in 1 dashboard
      • only 1 set of plugin to configure
      • don't have the hassle of setting up multisite
      • can add iframe-x header 1 and configure as needed
      • less server overheads
      • easy to manage
      • 1 set of credentials to log in with
      • uploaded files are easier to manage
    • Con
      • cant use divi global headers for each theme
      • cant use the inbuilt divi theme menu in div customizer
  • Multiple WordPress Websites (1 Theme per Website)
    • Pro
      • Each theme can be fully controlled
    • Con
      • A lot more inodes and server space is required
      • more of a security risk because of the greater attack surface
      • harder to manage with all of the updates needed to be applied to every site
      • More CPU power needed
      • Takes much longer to setup a theme
      • many different credentials and databases to manage
  • WordPress Multisite (same as Multiple Wordpress Sites, but one WordPress instance)
    • Pro
      • Should work for all WordPress themes
      • can use divi global headers for each theme
      • only the pages for the defined theme will be in the database
      • can configure plugins on a per-theme basis (i think)
      • can use the inbuilt Divi theme menu in the Divi Theme customizer
    • Con
      • extra configuration required to enable multi-site
      • all themes are separate and makes them harder to manage
      • loads of credentials
      • many theme will start to be cumbersome to manage


So after outlining the options above I figured out the best way of setting out my themes was to use the Single WordPress Website option. This allows for ease of management and a great base to keep your templates for export when you need them to build client sites.

I will not only use this as my demo site, but i will use this to store my templates which i directly export and use to build my client sites reducing the time it takes to make a site.

You can also add and make modifications to these pages as you go to fix errors, add extra features and general improvements for future project. I find when i use a template for a client, I sometimes design or use a layout I really like so i can then add this back into my theme for future use.

Build the Demo Site (Single WordPress Website)

If you follow these easy instructions below you can quickly build your demo site which allows for easy expansion and management.

Install WordPress

This is straight forward and does not need notes except

  • When creating the Database use:
    • Use utf8mb4_unicode_ci for database collation
    • InnoDB for DB engine
  • Extract WordPress into the public_html
  • Run the WordPress Wizard
  • Setup WordPress using the following details:
    • Site Title: WordPress Themes

Configure WordPress and Extensions

These should be straight forward. I am using Divi as my Theme engine, but if you use another it should be fine.

  • Themes (Install and Configure)
    • Divi
      • Manually add API key: xxxxxxxxxxxxxx
      • Import Theme options
      • Import 'Theme Customizer'
      • In options, enable the Divi Gallery (should be done as part of the options import)
      • Set Divi to auto update
    • Delete widgets
    • Delete unwanted themes (i.e. Theme 21)
  • Plugins (Install and Configure)
    • Delete unwanted plugins (i.e. Hello Dolly)
    • Wordfence
      • (no-reply@qwdemos.com) or what email address you use
      • configure/ import settings (via long hash)
      • Wordfence --> Login Security --> Settings --> Disable XML-RPC authentication: ticked
      • Change file hash scanning because of high I/O (change 'Basic Scan Type Options' to 'Limited Scan' , 'Standard Scan' is normal
      • Enable Automatic updates
    • Easy WP SMTP (Only needed if no mail() function)
      • configure/ import settings
    • Manage Notification E-mails
      • import settings or configure as:
        • Turn off - Automatic WordPress core update e-mail
        • Turn off - Automatic WordPress plugin update e-mail
        • Turn off - Automatic WordPress theme update e-mail
        • Leave the rest same
    • W3 Total Cache
      • Either the PHP configuration, web server configuration or a script in the WordPress installation has zlib.output_compression enabled.
      • configure/Import settings
        • Load options (General Settings --> Import / Export Settings)
      • Enable Page Cache (contact forms might fail to work but are not needed on the Demo Sites)
      • Save settings and purge
      • Now deactivate until you have finished building
    • Velvet Blues Update URLs
      • This is optional but if you are importing layouts from different URLs you might want this installed so you can change the links.
      • You can leave this deactivated when not in use.
    • Disable all auto updates
    • Set all plugins to auto update
  • WordPress Settings
    • WordPress --> Settings
      • General:
        • remove tagline
      • Reading:
        • Set home page
      • Discussion:
        • 'Attempt to notify any blogs linked to from the post' = off
        • 'Allow link notifications from other blogs (pingbacks and trackbacks) on new posts' = off
        • 'Allow people to submit comments on new posts' = off
        • 'Users must be registered and logged in to comment' = on
        • 'Comment must be manually approved' = on
    • delete test comments and posts (might not do this) ??
    • WordPress --> Updates
      • Updates:
        • 'Switch to automatic updates for maintenance and security releases only.'
      • Updates all Plugins and Themes
    • Delete all Comments, Posts and Pages. Make sure you empty the trash afterwards.
  • Set Favicon

Create a Primary Menu and Homepage

We need to create a default menu and homepage for WordPress for all requests that do not have a proper page then at least we have a proper page that is displayed.

  • Create a new menu call 'Primary'
    • This should have at least one 'Custom Link' pointing to the 'homepage' of the site https://themes.mydomain.com/ called 'Themes Home'
    • Display Location = Primary Menu
    • This is so that all default Divi pages have a menu that does not have every page listed.
  • Create a homepage
    • Goto (Pages --> All Pages)
    • Add 'New Page' called 'QWThemes - Home'
  • Set the static homepage
    • (Settings --> Reading --> Your homepage displays -> Homepage) = 'Themes - Home'
  • Fill in content as require. You can leave this blank or add in some company information for example.

Notes

  • You could create a menu structure pointing to the
    1. homepage of each theme (if you don't have a theme toolbar this could be a good option)
    2. to every themes page (not recommended)

Adding Themes (Pages)

When I refer to a Theme, I actual mean a group of pages that have the same styling such as found on Divi Layouts by Elegant Themes

Each theme will require you to do the following (I will use example of Theme1). You can expand this to have more pages if you require.

  • Create Theme Homepage
    • Title: Theme1 - Home
    • Slug: theme1
    • Parent: Main Page (no parent)
    • Template = Blank Template
    • Use Divi
  • Create Theme Content pages
    • Services
      • Title: Theme1 - Services
      • Slug: services
      • Parent: Main Page (Theme1 - Home)
      • Template = Blank Template
      • Use Divi
    • Gallery
      • Title: Theme1 - Gallery
      • Slug: gallery
      • Parent: Main Page (Theme1 - Home)
      • Template = Blank Template
      • Use Divi
    • About
      • Title: Theme1 - About
      • Slug: about
      • Parent: Main Page (Theme1 - Home)
      • Template = Blank Template
      • Use Divi
    • Contact
      • Title: Theme1 - Contact
      • Slug: contact
      • Parent: Main Page (Theme1 - Home)
      • Template = Blank Template
      • Use Divi
    • Alt1 (optional)
      • Title: Theme1 - Alt1
      • Slug: alt1
      • Parent: Main Page (Theme1 - Home)
      • Template = Blank Template
      • Use Divi
    • Alt2 (optional)
      • Title: Theme1 - Alt2
      • Slug: alt2
      • Parent: Main Page (Theme1 - Home)
      • Template = Blank Template
      • Use Divi
    • Alt3 (optional)
      • Title: Theme1 - Alt3
      • Slug: alt3
      • Parent: Main Page (Theme1 - Home)
      • Template = Blank Template
      • Use Divi
  • Change the internal links to now work on your website.
    • Run 'Velvet Blues Update URLs' as required.

Adding Menus

Each theme needs its own custom menu and the instructions below show you how this should be done. Again I will use Theme1 as an example.

  • Import my Theme Menu Module Layout into Divi Library
    • this only needs to be done once
    • You might not have a pre-built layout, but it is easy to make one. Just create a layout with a menu module in a section.
    • Import my pre-built Divi Menu module layout into the Divi library and call it Themes Header
    • Edit the layout and add a logo (optional)
    Create Theme's WordPress Menu
    • Create a menu called 'Theme1'
    • Select all of the pages for Theme1 and import into the menu
    • Put them in the correct order with drag and drop (Home, Services, Gallery, About, Contact, Alt1, Alt2, Alt3)
    • Edit menu item's navigation label to read (Home, Services, Gallery, About, Contact, Alt1, Alt2, Alt3)
  • Import the 'Themes Header' into each page of the theme
    • Edit the page
    • Click on the add section button and select Themes Header
    • Edit the 'Menu Module' and select the 'Theme1' menu as the menu source
    • Move the menu section it to the top as this will be needed there as this is the primary menu.
    • Now save the page

Repeat this for each theme you want to add. You can create the layouts on the fly in the demo site but will have to use a plugin (How To Clean Up Your WordPress Media Library | WP Engine / Media Cleaner – Clean & Optimize Space – WordPress plugin | WordPress.org ) to cleanup unwanted images after you finish or you have a separate development site.

Notes

Theme Content

Whether you have built you own layouts or used ones from Elegant themes I recommend reading the following about setting out the actual content.

The blog layouts in the Divi themes can be a good source of a standard clean page.

Use these Contact details

020 7123 456
07747 123456
no-reply@qwdemos.com

QuantumWarp House, London SW1A 1AA

QuantumWarp House
Easy Street
Westminster
London
SW1A 1AA
United Kingdom

Import a Divi Layout

  • Select the theme you are going to use
  • Select a layout for each page of your theme (usually the namesakes are good ones to use, About --> About, Contact --> Contact)
  • Import Layout
    • You can import via the (Load from Library --> Premade Layouts) or a layout file you have locally.
    • Either, 'Do Not Replace Content' as you want to keep the menu in place that you have just added.

Convert a Divi Theme to one you can use for your Clients

Not all clients send enough information and I have found that a lot of Divi Themes look nice but can be a bit impractical to use for my clients so I need to make alterations to them first before I can even use them.

Follow the steps below for each of the Pages/Layouts to make them ready to use for your clients:

  • Google Maps (if present)
    • The Google map is usually just on the contact page.
    • I prefer just to have the map present on the contact page
    • Hide the Google Map module for later use. This is just incase you client has specific needs.
    • Where the 'Google Map Module' add a 'Code Module' as we are going to add an iframe version which does not require a credit card.
    • Add the following Demo iframe code: 
      <iframe 
src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2483.64596804941!2d-0.1440786842302416!3d51.501363979634085!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x48760520cd5b5eb5%3A0xa26abf514d902a7!2sBuckingham%20Palace!5e0!3m2!1sen!2suk!4v1639323812962!5m2!1sen!2suk" 
width="100%" 
height="450" 
style="border:0;display:block;" 
allowfullscreen="" 
loading="lazy"
></iframe>
  • 'Call Us' / 'Call (451) 350-3922' Buttons
    • Rename these all to Contact Us and add the link https://themes.qwdemos.com/theme1/contact/#contact-form
    • If you have a button with a phone number on it and the client whats this changing it can take time.
    • Phone numbers should stay in the header and footers', and the contact page only
  • Contact Form(s)
    • Remove all contact forms except the one on the contact page
    • This allows you to change the contact email address if every needed
    • Reduces the attack surface
    • Can apply page caching to more pages.
    • On the Contact Page, on the contact form add the CSS ID contact-form to the contact form row. The row is used to allow it to appear on screen better.
    • Enable Standard Captcha
      • Contact Form --> Advanced --> Custom CSS --> Captcha Field --> margin-left: 5px;
      • Contact Form --> Advanced --> Custom CSS --> Captcha Text --> color: #ffffff
        • Only if styling is required.
        • You don't have to use white
    • Make all 'Contact Us' buttons point to https://themes.qwdemos.com/theme1/contact/#contact-form
    • Add a success message
      • This is the default Divi one: 'Thanks for contacting us'
      • No need to add one unless you want to change the default message.
    • Add the email address no-reply@qwdemos.com otherwise emails will get sent to the default email account and you will get a lot of SPAM
  • Gallery page
    • If there is not already a Gallery page on your chosen theme, create one using the following basic layout:
      • Grid
      • 6-8 images
      • No captions or pagination
  • Upload logo for the menu (if needed)
  • Make sure all of the text is in Lorem Ipsum.
  • Remove all non-free assets
    • If you have imported layouts from client websites it is important to remove all of their images and asets
  • Examine each page and remove/hide sections that cannot be altered for a generic website. i.e.
    • Highly specific graphics
    • Cartoons
    • Replace images where needed with generic ones (not for copyright reasons though)

Control who can Embed your Demo Site using an iframe

Now you have done all of this hard work you don't want other people stealing your bandwidth so you need to control who can put your site in an iframe and this can be done by several options, some old, some new, but extensively the hosting server tells the client if it can use the website in an iframe. This behaviour all works on the browser or software at the other end respecting these directives.

The options I outline below can usually be managed by decent software such as W3C Total Cache, but there is no harm in doing it manually.

Content Security Policy (CSP)

CSP allows you to control how the browser behaves with your code remotely, and locally. You can tell the browser not to execute scripts on a page or not to embed the content in and iframe. Not allowing your content to be embedded in an iframe is quite obvious, but why would you want to stop your own scripts from running? This feature prevents scripts that have been maliciously implanted from running by only allowing scripts that you want to be run. The rules can be specified a lot more precisely, but this is just a simple example.

Enable restrictions via .htaccess

These are some examples of the .htaccess rules. You only need to specify one.

<IfModule mod_headers.c>
    ## Allow embedding from sitea.com or siteb.com including sub-domains using any protocol
    Header set Content-Security-Policy "frame-ancestors 'self' *.sitea.com *.siteb.com"
    
    ## Allow embedding from sitea.com or siteb.com including sub-domains using only HTTPS protocol
    Header set Content-Security-Policy "frame-ancestors 'self' https://*.sitea.com https://*.siteb.com"
    
    ## Allow embedding from example.org, example.com, store.example.com using only HTTPS protocol
    Header set Content-Security-Policy "frame-ancestors 'self' https://example.org https://example.com https://store.example.com;"    
</IfModule>
  • You can use wildcards
  • Using frame-ancestors 'self' is similar to using X-Frame-Options: sameorigin
    • If you do not need this option, you can just remove 'self'
  • When you add multiple Policies, they can be on separate lines to make it easier to read.
  • You do not need to add any wrapping conditions like you do when using X-Frame-Options because the conditions are in the statement.

Enable restrictions via W3 Total Cache

  • You can add these in WordPress using the W3C Total Cache plugin:
    • WP Admin --> Performance --> Browser Cache --> Security Headers --> Content Security Policy: ticked
    • WP Admin --> Performance --> Browser Cache --> Security Headers --> frame-ancestors: 'self' *.sitea.com siteb.com;
    • WP Admin --> Performance --> Browser Cache --> Security Headers --> X-Frame-Options: unticked

Notes

X-Frame-Options Header (rules based without using ALLOW-FROM)

You can control the X-Frame-Options headers in either .htaccess or PHP but I will use .htaccess code here because it is easier to implement and is not script dependent.

The Code

The .htaccess code below uses the X-Frame-Options and gives the same effect as using ALLOW-FROM but without using this obsolete command.

# Conditional X-Frame-Options for iframe Embedding Control
<If "%{HTTP_REFERER} == 'https://www.content-site.com/' || %{HTTP_REFERER} == 'https://www.sitea.com/' || %{HTTP_REFERER} == 'https://www.siteb.com/'">
    <IfModule mod_headers.c>
        Header always unset X-Frame-Options
    </IfModule>
</If>
<Else>
    <IfModule mod_headers.c>
        Header always append X-Frame-Options SAMEORIGIN
    </IfModule>
</Else>

Notes

Combined .htaccess Example

No matter if you use a plugin or manually create the rules in your .htaccess they should look something like this:

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options "nosniff"
    Header set Referrer-Policy "no-referrer-when-downgrade"
    Header set Content-Security-Policy "frame-ancestors 'self' *.sitea.com *.siteb.com"
    #Header set Content-Security-Policy "frame-ancestors 'self' https://*.sitea.com https://*.siteb.com"
    #Header set Content-Security-Policy "frame-ancestors 'self' https://example.org https://example.com https://store.example.com;"
</IfModule>

Notes

  • There are some commented out Content-Security-Policy examples for reference.
  • HSTS is on.
  • The live Content-Security-Policy does not define the protocol of connections allowed. This means that both HTTP and HTTPS are allowed but because HSTS is on, all incoming HTTP connections must be upgraded to HTTPS.

Final Tasks

These are somes task that might need doing after you have built all of your Theme pages.

  • Remove all un-needed images and assets
  • Activate W3C Total Cache
    • It might aswell run quick

Your Theme Demo Site is now finished

You have built all of your Theme Demos, the last thing you have to do is:

  • Update QWDemobar (only if you have this plugin on your main business site)
    • You need to add the new Theme Pages to be able to show you clients

 

Published in Wordpress
Read more...
Friday, 10 December 2021 16:16

My APC SMT1500IC UPS Notes

These are my notes on using and configuring my APC Smart-UPS SMT1500IC 1500VA with SmartConnect.

General Notes

  • Websites
  • Different software versions
    • There are two versions of PowerChute. The Personal Edition and the Business Edition. The personal Edition does not recognize the professional UPS.
  • Maintenance and longer life
  • Minimum Load
    • The minimum load is 10% on my SMT1500IC which translates to 100W, my server is using 70W which is below the minimum load. 100W usage will give me 2h52min runtime at current levels.
      • Rated power in W: 1000 W
      • Rated power in VA: 1500 VA
      • This means I probably went overkill on my purchase, but I was originally running 2 PCs of the UPS until I decided virtualisation was the way to go.
      • I need to test the minimum load theory
    • APC UPS units and minimum load... | Reddit
      • Q:
        • I need a new UPS and for various reasons have settled on the APC SMT*** series. I'm in a 240v country. The SMT750i would fit the bill, my load is very low maybe 100-200w, however I have the chance to get a used SMT3000i for less than the cost of a new SMT750i.
        • However one thing confuses me... on the APC site it indicates for each UPS the minimum load is 10% of the maximum, so in the case of SMT3000i it says 270w. I messaged APC support and they said that was the case. I asked what would happen if you had a load of less than that, or a load of 400w then switched off one device bringing the load to 200w, and they said the UPS would beep and then shut down the output completely.
      • A:
        • This would only make sense to me if they had an “auto-off” feature that waited for load to drop below 10%, then taking this as a sign that you’ve shut everything down, switch off the output to save wear on the batteries. Otherwise theoretically the thing would just keep burning batteries until they ran to zero.
        • 18 months ago I ran a couple of LED christmas tree lights off a pair of SRT3000XLI 3kVA UPSes as no mains power was available - total load of probably 5 watts per device, estimated battery duration in excess of 48 hours. No issues whatsoever - but note this was battery only, no mains power to battery transfers as would happen with a mains outage.
        • Line interactive UPS's don't really care about the load if it's less than maximum. Larger UPS would use more power for housekeeping, that's why they define a minimum load. It's a minimum reasonable load in fact. Below that threshold you'd be in the low efficiency range due to UPS self-consumption.
        • This is exactly what happened to us. We verified that our UPS was working correctly, battery had recently been replaced, 100 % charged ... then we had a power outage and the UPS switched off immediately. APC support just replied "your load was too low, it must be at least 10 % or the UPS will shut down."
  • Buying Guides
    • What are the various generations of Smart-UPS Products? | APC Canada - What are the various generations of single phase Smart-UPS Products? There are pictures to help identification as well.
    • Help with APC UPS - SMT vs SMC? - General Support - Unraid
      • SMT will give you longer runtime.  It's more of an enterprise grade model than the SMC.
      • Also with the SMT you can add that network management card into the back of it.
    • Is this the older version of the smc1000i? what's the difference between smc and smt? | Amazon.co.uk: Customer Questions & Answers
      • The main differences between SMC and SMT is:
        • SMT has a higher output power capacity at 1000 watts compared to only 900 watts for the SMC.
        • SMT has a Network Management Card slot for use with network communication.
        • SMT units have a 3 years factory warranty while the SMC only have 2 years factory warranty.
    • SMC vs SMT (pdf) | APC
    • Which Smart ups? | MacRumors Forums
      • I have been using a APC SmartUPS 1500 for several years with no problems.
      • In simple terms, a true "Sine Wave" output mimics the power coming from your electrical outlets and provides more total power (energy) to your computer than does a "Step Wave" output which has many gaps. This causes the power supply in your computer to work harder to deliver the required current needs when running from a stepped input waveform.
      • There is an alternative supplier remember - CyberPower. The forum search will show you plenty of threads.
      • As long as you buy a Pure Sinewave model rather than a Stepped Sinewave you will be fine. For APC that means the SmartUPS (pure) not the BackUPS (stepped) range.
      • To reduce risk of mission critical parts, I always advice a preventative maintenance plan. Rule of thumb, replace your PS every 6 - 8 years.
      • I've used Tripp-Lite UPSs in the past and they worked fine. But, as everyone has stated, APC seems to be the gold standard now. However, you should have no issues with the Tripp-Lite and it should work fine for you.
  • Some Shops (note used or recommending)
    • UPS, New Batteries - UPS Trader
      • Supplier of Refurbished UPS, New Batteries and UPS associated hardware. 12 Month RTB warranty and new batteries as standard.
      • We have been retailing UPS and associated hardware since Aug 2001. We have thousands of units in stock and have extended experience of working with UPS. We can guide customers to the the best option for their specific use, and all of our units are priced at a fraction of their original RRP. Unless stated otherwise, our UPS will have new cells fitted and 12 month RTB warranty with us. They will all be fully functional.
      • We also offer the battery packs that UPS are dependent upon.
      • Has a support forum.
    • Scan
    • eBuyer
    • Amazon
    • Box
    • eBay
    • Comms Express
  • How to turn off
    • how to turn off apc ups? - YouTube
      • Press and hold the power button on the front and as soon as you hear the beep, release the button.
      • This is not in the manual
    • SMT1500IC - just press and hold the power button until unit powers off.

PowerChute

  • Last time I checked, you cannot read the serial number of the UPS via PowerChute
  • PowerChute does not do days. (I think this refers to setting the installation date.)
  • How do I request a new feature in future versions of APC by Schneider Electric products? - APC USA
    • For DCIM products such as StruxureWare Data Center Expert, StruxureWare Data Center Operation, StruxureWare Portal and NetBotz, you can enter your request here.
    • For all other APC products, such as Uninterruptible Power Supplies, Power Distributions Units, Automatic Transfer Switches, Network Management Cards, Acccessories and PowerChute software, you can enter your request on the contact form here.

Shutting down a PC with your UPS

Battery Installation

When you initially setup the UPS and you come to the install date, use only the arrow keys to configure the date as pressing enter accepts the date and sets it. This can be awkward to change. This does not affect any of the performance of the UPS but does change the predicted fail date of the battery which is about 4.5+ years.
  • When you connect the UPS to the mains power (Utility) the control unit is on i.e. the menu display and configuration options. The output power to which you will connect your protected devices is not on.
  • Power Button
    • The power button controls the power to the outlets only, not the menu and config control circuitry.
    • If the unit is 'on' and you press the power button, a menu with different options is presented rather that the power outputs just being terminated.
  • The battery tab at the back
    • This is the blade connector you had to connect when setting the unit up
    • It can be safely removed while the unit is on as I have to do this while on the phone with an APC support tech. I have done this several times and caused me no issue.
    • If possible I would make sure you kit is turned off and unplugged from the UPS when doing this.
    • I believe this is to allow hot swapping of batteries.
    • The tab at the back just connects the battery circuit to allow charging and to be able to use them as the power supply.
  • The UPS will charge the batteries whether the unit is on or off as long as it has a good mains connection (and of course the battery tab is installed)
  • SmartConnect - Smart-UPS™ - Welcome
    • This is great for basic monitoring for people at home or small installs.
    • You cannot configure the device remotely with this platform.
    • It allows you to do remote firmware updates.
    • The platform emails you when there are issues with your UPS.
    • Limited for professionals but useful for the small guy.
    • Registering your UPS gives you +1year warranty on the battery. This alone is worth registration.
  • The SMT range uses PowerChute Business Edition software. Available for Windows and Linux.

Changing the Battery Install date

Do not have any kit connected as I am not sure if this will cause any issue.

Method 1 (unverified)

How to Update Battery Date for Smart UPS during Battery Insertion - YouTube

This example shows the procedure using a rack mount UPS, the only difference is that the battery connection for my UPS is at the back, the 'Battery Tab'

  • Pull Battery Tab out
  • Wait for the UPS to give a battery warning.
  • Plug the Battery Tab bag in
  • Follow the menu and set the new battery install date.

Method 2 (didn't work)

  • Pull Battery Tab out
  • Factory reset
  • Power Off via menu
  • Disconnect mains supply (Utility)
  • Wait 30 seconds
  • Re-Install battery Tab
  • Reconnect the mains supply (Utility)
  • Access menu by pressing the enter Key
  • Follow the wizard

Method 3 (didn't work)

  • Pulled tab out at the back
  • Reset to Factory

    to
  • (Optional) Instead of doing a factory reset you can just run the setup wizard from the menu and should have the same effect as a factory reset without loosing your settings.
    • Enter Setup
        Wizard:

      to
  • Follow the setup wizard
    • Setup Wizard
        Press any key
    • Language:
        English
    • Output Voltage:
        230v
    • Local Power:
        Quality
    • Menu Type:
        Standard/Advanced

      to
    • The unit will reboot
    • New Battery
        Installed

      to

        (now when you select Yes, this just goes to the 'Setup Complete',
        it should go to the 'Battery Install
        Battery Install
        Date: 05-may-2021
        just use the arrow keys for setting the date and then enter when finished
    • Setup Complete

Method 4 (doesn't work)

These are the official guides from APC.

The reason they are no good is that they tell you to go to the  "Install New Battery" from the configuration menu, but this does not exist.

Method 5 - Using PowerChute

I have not used this to change my 'Battery Installation Date' but I cant see why it will not work.

  • Install PowerChute
  • Connect your UPS
  • Change your date and apply.

NB: This method does not have an option to change the day, only the month and year.

Troubleshooting

  • Why is my new battery only charging up to 99%
  • PowerChute - UPS Communication Lost
    • Unplug and re-plug USB cable. It does not matter if you have restarted or turned the PC on or off. This could be because of an always on power supply to the USB bus of your PC, not all PCs have this feature.
    • Solved: UPS Communication Lost - Schneider Electric Community
      • Q: I have my SMT1500C connected to my computer via USB and it only retains the USB connection for 15-20 minutes after login before disconnecting; the only way to get the connection back is to unplug and plug in the USB cable again. When the connection is lost, Device Manager shows the USB connection is working under Human Interface Devices and shows the unit under Batteries. Also, the APC PBE Agent service is running and restarting the services doesn't resolve the problem. I've had this unit for less than a week and this has been an issue from day 1. 
      • A: The next time this happens reset comm of the SMC. On the display interface hold the MUTE and MENU buttons simultaneously for 5 seconds. The display flashes to indicate that comm has restarted. 

 

Published in Hardware
Read more...
Monday, 06 December 2021 14:32

My Double Glazing Windows Notes

Minimum Glazing Specs you should have

As standard, most double glazing should be supplied with argon cavity gas, at least 1 low-e coating and a warm edge spacer.

  • Warm Heat Bar
  • Coated Float Pane : Low E (emissivity) Glass / Pilkington K glass (is Low E Glass) / Planitherm (is Low E Glass)
  • Argon filled (krypton is better)

My Choice

  • Planitherm Confort Glass
    • Planitherm Comfort Glass is the best glass choice for most houses
    • OuterPane: 6.8mm STADIP SILENCE (2 sheets of glass with laminate in the middle)
    • Inner Pane: 4mm PLANITHERM TOTAL+ (like K glass, this is also called the floating pane)
    • Cavity: 16mm | Argon gas filled | Warm edge spacer (cavity might be a bit wider on 28mm cassette 28 - 6.8 - 4 = 17.2mm)
    • Comfort | Planitherm
    • Planitherm Glass Technical Specs (PDF)
  • Frame
    • Profile 22 - 5 baffles ???
    • Rehow - 3 baffles ???
  • Windows
    • Full 90 degree openers
  • Furniture
    • Brushed Chrome or Satin Finish ???

This is the research I have done to decide what new type of windows I should put in my house.

  • Sound Reduction
    • 4mm+6mm: Domestic windows are typically 4-6mm thick. It follows that the thicker the glass, the better the noise insulation but it is also important to note that different glass thicknesses reduce different noise frequencies. So, if your double-glazed unit has one pane of glass at 4mm thick and one at 6mm thick, this will reduce noise across a wider frequency range than if they were the same thickness.
  • Gases
    • Argon (Krypton is better for price)
  • Correct Spacing
    • To get the maximum benefit from your double glazing, the gaps between the panes of glass should be 16mm and the gap between the two glass panes should be filled with argon gas, which adds another layer of heat insulation. If the gap is reduced then the thermal performance is reduced, unless you use a very expensive gas such as krypton.
    • In a 28mm cassette, triple glazing is worse than double glazing because the minimum gap between the panes is violated.
  • Triple Glazing:
    • is only really needed in extreme conditions.
    • is best in a 32mm cassette
    • is a lot more expensive

Triple Glazing Vs Double Glazing

  • Triple Glazing v Double Glazing – Regency Glass
    • The key to the differences in performance between double and triple glazing is the selection of glass types, cavity widths, gas filling and overall unit thickness.
    • Most double glazing in the UK consists of : 4mm clear glass / 20mm cavity / 4mm low e glass
    • This makes the overall unit thickness 28mm and this is pretty much standard for all UK uPVC window manufacturers and tends to mean that most manufacturers will put a triple glazed unit into this 28mm space. Depending how the glazing is made up, the window could actually have worse energy saving properties with a TGU than with the DGU it replaces:
    • Triple glazing in a 28mm cassette is worse than double glazing.
    • Triple glazing to be better has to be in a larger casssette such as a 36mm
  • Is bigger always better – triple better than double? - BRE Group
    • For years the domestic window market in the UK has developed on the premise that bigger is better. double glazing grew from an overall thickness of 20mm to 24mm and finally settled on 28mm even though thermally, with either air or argon cavities, 24mm is the optimum size. Frame depths grew from nominally 60mm to 70mm for no great technical improvement, just the misconception that bigger is better.
    • There are some technical thermal numbers here.
  • Triple Glazing - Is it really worth it?
    • Today’s standard double glazing units are generally 28mm in thickness with a configuration of 4-20-4mm, which represents, glass thickness, cavity depth and glass thickness.
    • As standard, most double glazing should be supplied with argon cavity gas, at least 1 low-e coating and a warm edge spacer.
    • Triple glazing is generally supplied with an overall thickness of 28 – 44mm.
    • A 28mm unit with 1 low-e coating will achieve a centre pane u-value of 1.3, in this configuration, triple glazing would not be more energy efficient than a double glazed unit.
    • If you are considering upgrading your new windows to triple glazing we would recommend a minimum overall unit thickness of 36mm (4-12-4-12-4) with 2 Low e coatings, Argon cavity gas and warm edge spaces used to join the glass panes together.
  • Triple glazing – Is it worth it? - TheGreenAge
  • Triple Glazing v Double Glazing – Regency Glass
    • Double Glazing versus Triple Glazing Is one really better than the other?Double glazing is better than single glazing: FACT Therefore triple glazing must be better than double glazing: FACT…..(well not always) The key to the differences in performance between double and triple glazing is the selection of glass types, cavity widths, gas

4mm / 6mm

  • Double Glazing thickness | Screfix
  • How Thick is Double Glazed Glass for Windows? [Full Guide]
    • You can also use thicker glass, which can achieve slightly better thermal insulation benefits and significantly improved acoustic benefits.
    • It’s possible to use two different glass thicknesses in one IGU, such as 6mm for the inner pane and 10mm for the outer pane. In fact, using varying thickness can be effective for blocking low frequencies of sound, like traffic noise.
    • How thick is the gap in a double glazing unit?
      • The space in between will usually range from 6mm to 20mm.
      • For greater energy efficiency, 10 to 20mm is a good idea, with at least 12mm being effective for both thermal and acoustic insulation concerns.
      • In situations where a bigger air gap is not able to be used due to frame thickness restrictions this is where a high performance Low E Glass and Argon Gas installed inside the IGU will pick up the performance of a thinner IGU helping it perform like a thicker air space.
  • Double Glazing Experts In Brighton | Top Notch Sash
    • Describes the different gasses: Argon, Krypton, Xenon
  • Best Practise Specifying for Noise Reduction | Secondary Glazing London
    • noise reduction is better with 6mm
  • Insulating Glass Units and Acoustics (pdf)(Dual Seal Glass)
    • Detail write up on how the glass can affect the sound
    • Cavity widths in the normal range of 6mm to 20mm, between the panes in double glazing units, provide similar performances, with no significant variation in sound reduction.
    • The inclusion of argon gas within the cavity of  an  insulating  glass  unit  will  exhibit  a similar  acoustic  performance  as  units  with the  same  glass  combination and air in the cavity.
    • To maximise the acoustic benefits, the laminated  pane  of  an  insulating  glass  unit may be glazed to the warmer side, usually inside of the building.
    • Triple  glazing  units  do  not  always  improve the noise reduction in comparison to double glazing, i.e. test data should be considered prior to selection of any glazing.
  • Window acoustics and noise control | BUILD
  • 24mm Double glazing... — MoneySavingExpert Forum
    • They can be made really narrow and maintain their thermal efficiency if they are krypton filled and made with low iron glass, and warm-edge spacers, and even lower-e glass - there are endless options.
    • If you want to improve accoustic insulation without shelling out for the fanciest glass or ugly secondary glazing then have the units made with different thickness panes of glass (say 4mm/14mm spacer/6mm for a 24mm unit), or with different materials (have one of the panes made with laminated glass, say) or both.
    • "My understanding of document L is that 16mm is considered the optimum air gap."
  • Why choose double glazing? | EW Grace Glass
    • Correct installation of good quality double glazing units can lead to a noticeable reduction in noise levels inside the home. There are two vital components to this, however: the thickness of the glass and the air gap between the glass.
    • Domestic windows are typically 4-6mm thick. It follows that the thicker the glass, the better the noise insulation but it is also important to note that different glass thicknesses reduce different noise frequencies. So, if your double-glazed unit has one pane of glass at 4mm thick and one at 6mm thick, this will reduce noise across a wider frequency range than if they were the same thickness.
    • To get the maximum benefit from your double glazing, the gaps between the panes of glass should be 16mm and the gap between the two glass panes should be filled with argon gas, which adds another layer of heat insulation. If the gap is reduced then the thermal performance is reduced, unless you use a very expensive gas such as krypton.

Different Types of Glass

General

Gas Types

Warm Edge / Warm Heat Bar

Suppliers

Double Glazing Trim

  • Profile 22 - 5 baffles
  • Rehow - 3 baffles
Published in House
Read more...
Sunday, 05 December 2021 09:14

My Zgemma H2S Notes

Default name for Zgemma H2S http://zgemmah2s/

Others can be found at here and then:

  • Spoiler: Installation Step 1 Getting ready for WooshBuild Infinity
  • Spoiler: Select the make of your box from this list and then the model
  • Spoiler AirDigital (Zgemma)

Zgemmas are made by AirDigital

Flashing a new firmware (openATV used as example)

Get firmware here : openATV Nightly Downloads - Zgemma H2S

  • Extract the firmware into the root of a pendrive so you see the folder structure /zgemma/h3/
  • Power off the Zgemma
  • Plug the USB drive in with the extracted firmware
  • Turn on the Zgemma
  • When the front panel says Flash, press the power button
  • The unit will now flash the new firmware

Folowups

  • Install e2iPlayer
    • Plugins --> Download Plugins --> extensions --> e2iplayer

Notes

  • Inside the /zgemma/h3/ folder there is a file called noforce, rename this file to force to force an update without confirmation.
  • This will wipe all of your settings
  • If you want to backup to a pendrive you must put the following empty file on the root of the pen drive backupstick.txt so your box knows its a valid backup device.

 

OpenATV

Set a Password

This is needed so things like FTP and remote Webif will work.

Notes

Configure Webif

I want to use my Webif remotely so i need to do the following

  • Set a system password (if not already done above)
  • Go to the Webif config and set the following
    • Enable HTTP Authentication: yes
    • HTTP: 8001
    • Enable HTTPS: yes (optional)
    • HTTPS port: 8002
    • Enable Authentication for streaming: yes ?
    • Streaming port: 8003

Notes

  • If you are running a VPN on the box, Webif will not work because the IP is not your public IP.

Change HDD device Location

Sometimes the USB device that the Zgemma uses is not set correctly. In days pas this could be quite a manually task changing all of the mounts but this is now easy.

  1. Press the blue Button
  2. Goto Mounts --> Device Manager
  3. Select the new location for the HDD
  4. Click 'Use as HDD'
  5. Done

FTP not Working

  • Is FTP enabled on the box?
    • check (Menu --> Setup --> System --> Network --> FTP Setup)
  • In OpenATV 6.4+ root has been restricted and you cannot use FTP until you set a password
  • You must use `SFTP over SSH` not standard FTP
  • When you login, make sure you go up to see all files, files = /media/hdd/

USB keyboard not working

  • Login into openwebif
  • Goto (Settings --> keyboard setup --> keyboard map --> USB  Keyboard English (QWERTY))

No free space on / HDD / error in IPTV when there is

This is an old way of fixing the HDD issue but might be useful for a reference.

You get error warnings on your Zgemma H.S2 running Wooshbuild that there is no free space on /hdd/movies/ or other such locations on the hdd when there is actually free space. This error is common in the IPTV application.

Cause

This is caused by

  • Incorrect mounting of the of the USB, SD card or Hard drive. Either the mount name is wrong or does not exist
  • or you have not initialised the media.
    • In my case is was because during the installation I intialised a SD Card to be used while it was in rear USB socket and then after the setup was complete I moved it to the SD card reader on the front right which broke the mount name /hdd/
  • The media is actually full or faulty.

Solution

All apps seem to be  hardcoded to use the /media/hdd/ mount

  • Make sure the USB, SD card or Hard drive is in the port it is going to stay in. It can be moved later.
  • Intialise the media (optional). This will wipe everything on the drive, so if you have all of your recordings on the media you might not want to do this and only needs to be done in the media is not initialised.
  • Power on the Zgemma box
  • Once loaded navigate to (Menu --> Info Panel --> Plugins --> Mount Manager)
  • You are now in the mount manager and one of the following should be done depending on your situation
    • There are no mounts - This means your media is not mounted at all
      • Select your device and mount it
    • There is one mount present - This assumes you only have 1 external media plugged in.
      • edit the mount to make it show /media/hdd/.
      • you can change its mount name by using the left and right arrows on the remote

Notes

Upgrading OpenATV

  • backup settings (should be to your SD Card)
  • (optional) I manually make a copy of the backups to my PC via FTP
  • make a USB drive with the new image on
  • flash the new image
  • When the flash is complete and the new version of OpenATV has loaded it will ask you if you want to restore your settings
    • Select yes and your settings will be imported
    • You will now be asked is you want to import your plugins
      • I think this will try and find the matching package in this version extension repor rather than copying the plugin from the backup
      • If the upgrade is between major versions such as 6.4 to 7.1 (i.e. Python 2 --> 3) you might not want to import your plugins.
      • You can try importing plugins and if it it fails just repeat this process and dont import plugins.
  • Done

Misc Notes

not here yet

WooshBuild (this is no longer supported)

Install Wooshbuild

  1. Open a terminal in Webif
  2. Run the following command 
    opkg install http://wbuildx.co.uk/setup.ipk
  3. Follow the onscreen instructions

Notes

Manually update e2iPlayer (maxbambi)

The version of e2iPlayer that Wooshbuild installs is too old and does not have some of the update options so this plugin needs to be updated. The instructions below assume you have used Wooshbuild rather than a complete vanilla OpenAtv install.

  1. Connect to your Zgemma with ftp
  2. backup the folder /usr/lib/enigma2/python/Plugins/Extensions/IPTVPlayer/
  3. Delete the folder /usr/lib/enigma2/python/Plugins/Extensions/IPTVPlayer/
    • Not sure weather to delete this folder or allow them to be over written.
    • I deleted and started fresh which seems to work
  4. Download the latest e2iPlayer files from maxbambi repo https://gitlab.com/maxbambi/e2iplayer/-/archive/master/e2iplayer-master.zip
  5. Extract this archive on your PC
  6. FTP the folder /e2iplayer-master/IPTVPlayer/ to /usr/lib/enigma2/python/Plugins/Extensions/ (ignore the other files in the archive)
  7. Reboot the Zgemma
  8. Got to the e2iplayer config and set the following
    • The preferred update server = Gitlab
    • Select Gitlab repository owner = maxbambi
    • Update packet type = with source code
    • Use the PyCurl for HTTP(S) requests = yes.
  9. Done

Notes

Install TSI Player

This requires e2iPlayer to be installed because it is a plugin of e2iPlayer rather than a standalone OpenAtv extension.

  • Run the following code from your Webif terminal 
    wget --no-check-certificate "https://gitlab.com/Rgysoft/iptv-host-e2iplayer/-/archive/master/iptv-host-e2iplayer-master.zip" -O /tmp/iptv.zip && unzip /tmp/iptv.zip -d /tmp/ && cp -rf /tmp/iptv-host-e2iplayer*/IPTVPlayer /usr/lib/enigma2/python/Plugins/Extensions
  • The script above will grab the code from the repo and install it into /usr/lib/enigma2/python/Plugins/Extensions/IPTVPlayer/
  • Reboot the Zgemma
  • The icon for TsiPlayer will be under the 'All' group but can be added to any other group by highlighting it, pressing menu and selecting which group to put it in.

Notes

Setup Digibit VPN

Install the plugin from Wooshbuild plugins feed and set your account details.

Subtitles don't work

  • Goto e2iplayer
  • Where you select country, select other
  • then media player
  • this will allow you to play a downloaded file and load the subtitle manager thing to grab a .srt etc..

Notes

  • Only e2iplayer has subtitles via external files
  • The normal media player will read embedded subtitles.

Box is crashing when running Wooshbuild setup

I have been trying to install wooshbuild infinity on my h.2s with satellite for my live channels but during the setup it always crashed just after when you select 'do you only want to see FreeSAT channels'.

  • If i select IPTV option instead of satellite channels, then Wooshbuild will install.
  • my satellite dish is connected but I dont have a signal because of the scaffolding around my house, but I do want to use the satellite channels when it comes down.

Solution

Using PyCurl for downloading from HTTPS

I dont know if this is better or worse using this when watching streams, however it appears that it needs installing.

  • Load OpenWebif in your browser (enable this plugin if it is not enabled already)
  • Goto: Extras --> Settings --> Packages --> All
  • Filter by 'curl'
  • Install 'python3-pycurl' by clicking on the green disk icon, wait and it will be installed but you will get no notification
  • Reboot your box
  • Enable PyCurl in e2iPlayer's options

Links

Published in Other Devices
Read more...
Monday, 18 October 2021 15:01

How to install OpenWRT on a Bare Metal PC

this notes are in progress + take my notes from my virtual box tutoaril as they will share with this alomost

  • in the bios turn evrything of that you are not going to use (keep serial obviously)
  • Select your image
  • Installing your image method
    • Expand the drive image
      1. convert img --> VHD with vboxmanage (or other converter) and then use a standard disk image utulity to put it on the real hdd
      2. use a disk utility that can use the image file as is and install it on to the PC
      3. Boot of a linux distro and use DD to rawwrite the image to the PC
    • Expand the ext4 partition to allow a lot more stuff to be installed.
  • Install additional hardware

Links

Published in DSL / Broadband
Read more...
Friday, 10 September 2021 07:30

Atari ST Disk Transfers

These are a collection of notes for newbies. I point to other peoples work and highlight the main points.

Imaging Methods

Use the MSA (Magic Shadow Archiver) file format as it stores disk geometry and other things which can get around some weak disk protections.

Floppy Image & file transfer program (best)

This is a modern Windows based disk acquisition and image file handler. It will handle some copy protections I believe but not all, for that you will need a KyroFlux device.

Their instructions are straight forward and I guide you to them for further advise.

Make Disk

This is the simplest method to image disks using DOS but is an old way of doing it becasue of the use of DOS. Also makedisk cannot handle copy protected disks.

  • Create a PC running DOS 6.22 (or FreeDOS should be fine) and Hard Drive formatted in FAT32 which does not have to be to large
  • Copy the makedisk command onto the harddrive
  • Use a command similar to these below 
    makedisk /read /auto /msa /slow TEST.ST  (this creates an image from a floppy disk)
makedisk /write c:\test\TEST.MSA /auto   (this writes an image to a floppy disk)
    • /slow is used on disks that you are having trouble reading, but does not harm when running on healthy disks either, it is just more thorough
    • /msa is used to specify the outputted image image should be a Magic Shadow Archiver formatted file. 

Pasti

Pasti can handle protected disks and other images but you need a real ST to use this software.

OniFlop

This can handle a wide variety of disks including Atari ST. I am not sure how well it handles copy proteced disks.

Notes

  • PaCifiST, an emulator, on a PC can be used to access the floppy drive without windows stepping in between.  You can use formatting tools with it. from here
  • Is it possible to use Pasti to copy disks in an emulator? see WTF is "Pasti" - Atari ST/TT/Falcon Computers - AtariAge Forums
  • Windows 10 is blocking access to 720kb disks when using USB?
  • Internal 3.5 FDD are better than USB ones.

Links

  • Misc
  • Forums
  • Useful Sites
  • Floppy Drive and Disk image format information
    • Atari ST Preservation & Backup | Info-Coach - A document that describes the copy protection mechanisms used on Atari mainly from a "hardware point of view" (e.g. detail analysis of the flux transitions sampled from FD) and not from a "software point of view" (how a program tests these protections).
    • Atari ST Protection Mechanisms | Info-Coach - This page presents several Atari Floppy Disks image's formats. These images can be used for emulation or for preservation backup / copy of original Atari floppy disks. Some of these formats can be used directly (for example Pasti STX) in hardware / software emulators while some other may require to be converted (for example Kryoflux Stream files) by program like Aufit. This explains all of the different image formats.
    • Atari ST Diskette Information | Atari ST FD Information - This page contains quite a lot of information related to the Atari ST diskettes: This includes information on the Floppy Disk Media (down to the flux level), the FD Drives, the FD controller, the FD copy protection mechanisms, the FD layouts , FD specific hardware solutions, etc ... The end goal is to help the understanding of the duplication (backup) of Atari ST diskettes (protected or not) and this should not be confuse with a preservation project like PASTI.
    • List of floppy disk formats - Wikipedia
    • Pasti (STX) floppy image format - This description is based mostly on Markus Fritze's article. He is floppy expert and made some protections for Atari ST in past. I added couple things to it + rearranged some parts . Made without format's author contribution, this is certainly not complete. May contain some minor errors, but intention is to help people who want to do something more with thousands of STX images available - and not just playing under emulators.
    • Really Atari ST? | Hacker News - An interesting thread on this topic.
    • Atari ST Protection Mechanisms - Describes some of the protections used by the Atari ST as well as techniques to reproduce copy protected FD.
    • MSA vs ST
      • ST format does not hold parameters of floppies separately, it uses values from boot sector. They are correct in most cases, but some titles have invalid values in boot sectors. Very likely such titles will not work with Image Runner, since they use not regular filesystem. MSA format is better - it holds in header physical floppy parameters as track count, sectors/track and side count. Unfortunately, there is a lot of oversized floppy images on DL sites. Often there is too much track without need, single sided floppy imaged as double sized etc. It is useful to read what writes about how to copy such titles/menus and then doing new image only with used tracks. How? Writing out to floppy (some in good shape), and then imaging with correct parameters. Or better do it without physical floppy, in emulators.
      • MSA is better format than ST - it holds some useful infos (floppy Geom.) which helps with non-standard floppy formats.
    • Image Formats
      • ST = The orginal disk image.
      • MSA = Magic Shadow Archiver, A standard ST image with a MSA header contained in a compressed archive
      • STX = Supports copy protected disks
      • STT = not sure  what this is but i think it supports copy protected disks
    • Q75131: Standard Floppy Disk Formats Supported by MS-DOS | KnowledgeBase Archive - An Archive of Early Microsoft KnowledgeBase Article on Floppy disk formats MS-DOS used.
    • MSWIN4.1 FD Boot Record - Complete examination of Microsoft's MSWIN4.1 Floppy Disk Boot Record.
    • Check your floppy can write weird formats
    • Some formats information
      PC 720KB disk (79 Tracks ??)
ST 720KB disk (80 Sectors/Tracks Cylinders 9, Sides 2) 
ST 720KB : track=80, head=2, sector=9, block=512
PC 1.44MB (18 Sectors/Tracks, Cylinders 80, Sides 2)
    • List of floppy disk formats - Wikipedia
    • Floppy Disk Formats | Phil Storrs PC Hardware book - A teardown of a Floppy Disk Drive.
  • Formatting a disk in windows
    • Formatting a 720K floppy disk over USB fails with Windows 10 - Retrocomputing Stack Exchange
      • This tells you about swapping the driver that Windows is using for the USB drive.
      • ufiformat
        • If you have a Linux system handy, you can determine your drives’ capabilities by querying it with these following commands
        • ufiformat -i or ufiformat /dev/sda
        • Make sure there is a DD disk in the drive and if it displays the expected data then your USB FDD read DD disks
        • You will most likely have to download this when prompted.
        • You might need to use sudo if you dont have permission.
        • manual here
      • High-density and double-density disks use magnetic media with different coercivity, requiring different field strengths to write data; a double-density drive can’t reliably format or alter a disk that’s been written to by a high-density drive. 1.44MB disks are not ideal to be used as DD because they have different magnetic strengths to DD disks.
      • Note that the holes in disks’ cases don’t determine the formats one-for-one. A DD disk will always end up formatted in double-density, and a DD drive will always format in double-density. An HD drive can theoretically operate in both modes (and will do so automatically with a DD disk). An HD disk can be formatted as a DD in a HD drive, but as mentioned previously will be unreliable in a DD drive; an HD disk formatted as a DD in a DD drive will work fine. You can use DD disks as HD by drilling an extra hole but then you’re taking your chances with the magnetic support.
      • use a dos prompt to format a 720KB disk:  format a: /t:80 /n:9 because DD formatting removed in the Windows GUI and has to be done through the command line
      • You can use 1.44MB disks as DD disks by covering up the hole that is not the write protect. This is a light sensitive trigger and not a physical one so using transparent sellotape will not work, the material has to be opaque.
      • Not all USB drives support 720KB
    • 720k Floppies with Windows 10 and a USB Floppy drive. - Atari-Forum
      • Just to be clear, some (including some new-ish) USB drives support 720k but not all of them. All of them support 1.4M.
      • Also, the motors in them will not always turn slightly stiff disks fast enough for it to access data on the disk.
    • DOS Command: DRIVPARM - Used in the CONFIG.SYS file to set parameters for a disk drive.
    • How to Format floppies - My Notes
      • The only way to format a floppy consistently is to use a windows 98SE boot disk (put it on a pendrive)
      • This is a dumb formatter and ignores a lot of issues and just formats the disk.
      • Other methods using the 3rd party tools might help fix more corrupted disks, but 98se formats amiga disks ok.
      • External USB drives do not all support 720kb disks and are not as sensitive as a standard internal floppy drive, so avoid them at all cost. You sanity depends on it.
      • If after you have formatted a disk in win98se successfully and the disk still does not work, then it is probably corrupt and needs chucking in the bin (if you are sure you hardware is ok)
      • USB FDD drives don't do 720KB disk mainly because of the driver, not the hardware. ie try in linux, but I cannot guarantee this will work either because the USB drives are cheap and might be hardware encoded just to do 1.44MB disks.
    • Format a 1.44MB floppy disk in windows 7 using an internal drive
      • Format command 
        format a: /f:720
format a: /t:80 /n:9
      • This will reformat Amiga disks
    • Windows will not format a 720KB disk
      • I think the only way is to use Windows 7 or lower and then you have to use the command prompt.
    • NFormat Floppy Disk Formatter
      • NFORMAT is a disk formatter designed to dynamically format floppy disks for MS/PC-DOS. The internal parameter editor or command line options let you specify parameters that allow you to get up to 23% more data space from your floppy disks.
  • Trouble Shooting Floppy Disks in Windows
  • Floppy Disk Imaging Software
    • Floppy Image & file transfer program
      • This seems to be the goto imaging software which will handle a lot (not all) exotic formats. It requires an internal FDD 3.5 inch drive and controller which it uses a custom low level floppy driver which overrides limitations of standard Windows floppy drivers.
      • Not sure it does copy protected disks.
      • It does over sized disks
      • Can convert MSA to ST. And can write MSA images onto floppies, so even no need for conversion.
    • OmniFlop
      • A 'universal' floppy disk reader, writer, and tester for the IBM PC or compatible which can handle alien floppy and exotic disk formats not normally supported by DOS, Windows and Linux. It was first released in December 2004. this will read many different formats including a multitude of Atari ST formats, a complete list is available on its homepage. The documentation says you need an internal FDD to use it but the a tutorial above uses a USB drive.
      • dd -or- OMNIFLOP -or- SDISKW ? | llamamusic.com - Using "dd", OmniFlop or SDISKW depends on the method you create sample disks or image files. Each one has an advantage over the other.
      • This has its own driver which you manually have to install. This drive also requires the driver enforcement to be disabled.
    • Pasti Atari ST Imaging & Preservation Tools
      • Our main goal is the preservation of Atari software in its original unmodified form. Original software is normally stored on diskettes with custom format or copy protection.
      • Pasti is a package of software tools for imaging and preservation of Atari software. The two major components are the imaging tools and the emulation helper tools. This has tools for windows and real Atari ST.
      • This software will copy disks using a single floppy disk, an Atari ST and a PC. http://pasti.fxatari.com/
      • The imaging tools produce a disk image file from an original disk. It works very similarly to standard imaging tools like Makedisk, but they can image virtually any ST disk including copy protected disks.
      • I think this creates STX images with the copy protection in tact.
      • WTF is "Pasti" - Atari ST/TT/Falcon Computers - AtariAge Forums - Pasti explained in simple terms.
      • Quickstart guide for making Pasti-images | atari-forum.com
      • Pasti can be used to run exotic disks images (protected) in emulators and then allow the extraction of them.
    • MakeDisk
      • Might not work properly on anything later than XP
      • No official site, available on the internet though.
      • v1.5 is the latetst I could find
    • Windows Floppy Disk Copy (wfdcopy) | SourceForge.net
      • wfdcopy is a floppy disk image maker for Windows, its main purpose is to read floppy disks into image-files but it can be used to write them back or to copy a disk
      • It was wrote mainly to convert floppy disks into image-files for use in emulators, especially Atari ST emulators (that why the filename extension is ".st" by default).
      • It should read any Atari ST and PC disks, including "overformatted" ST disks.
      • if you have something else than a *real* 3"1/2 1.44Mb floppy drive then your drive is not supported and wfdcopy may not work properly.
    • MSA Converter Website - MSA Converter is an utility destinated to convert and manipulate the disk image files used by ATARI ST emulators. It is designed to work with Windows 95 and more. It also allows to view some of the graphic image formats used on Atari directly from disk images or from the hard disk.
    • STDISK, Image writing utility for Atari ST disk images. - STDISK is our new utility to get those pescy Atari ST .st and .msa images onto innocent, unsuspecting DD (and wannabe DD) floppies... As this was something that gave us more trouble than was good for anybody, we've started making this utility. 
    • hmsa - Atari MSA / ST disk image creator and converter | Ubuntu Manpage - A linux utility
    • fdrawcmd.sys | simonowen.com
      • A floppy filter driver for Windows 2000/XP/2003/Vista/2008/7/8/10.
      • The driver exposes command-level access to the µPD765a floppy disk controller, making it possible to read/write many non-standard and copy-protected disk formats.
      • This is the low level driver a lot of ST imaging programs use.
    • SAMdisk | Simonowen.com
      • SAMdisk is a command-line disk image utility for Windows, Linux, and macOS.
      • Read and write almost any soft-sectored floppy disk format compatible with the PC floppy controller, including some traditionally copy-protected formats. Also supports hard disk imaging to and from HDF and raw formats.
      • Low-level floppy device access requires the fdrawcmd.sys driver to be installed.
    • DD for Windows
    • Floppy Image - Win3x.Org
      • The 1.5.2 version of floppy disk is the last freeware of this program. This program, made in 2001, can make images of 5.25 and 3.5 inches floppies in 360k, 1.2 mb, 720k and 1.44 mb. It can make them in .IMG, .IMZ(compressed) and in .EXE. It can work under windows 95 and nt 4.0 minimum and waise only 316kb. You should also notice that the program only work in windows 95 with some updated .dll, which are included in the .7z file.
      • Read and write Atari ST floppy disks with a PC and an USB drive | YouTube | Vretrocomputing - Read and write Atari ST 720 KB floppy disks directly with a PC and an USB floppy drive. Convert real 720 KB floppies into ST files, and conversely.
    • Image runner for Atari ST(E) machines - Floppy image mounting on real Ataris
  • Disk Images in Linux
  • Formatting floppy disks in Linux
  • Collections of disk transfer Tools
    • Disks Tools - Atari ST - Essential software (The List) - Both PC and ST utilities, very useful. Many other utilities aswell.
    • ST-Utils - Small programs to help you out on your Atari or on your pc .... With everything you need to archive your old games or to create ST game disks from the files on this site ...
  • Imaging Tutorials
  • Disk Recovery Software
    • GitHub - ChrisBertrandDotNet/ST-Recover
      • ST Recover can read Atari ST floppy disks on a PC under Windows
      • ST Recover can read Atari ST floppy disks on a PC under Windows, including special formats as 800 or 900 KB and damaged or desynchronized disks, and produces standard .ST disk image files. Then the image files can be read in ST emulators as WinSTon or Steem.
    • Old Floppy Disks Won't Read | Motherboard Forums - I have 20 old floppy disks I need to access. They are high-densitydisks. They were bought pre-formatted, and the files were saved with Windows 95. I am now trying to access them using a PC running Windows XP Pro SP2. But I get: "The disk in drive A is not formatted. Would you like to format it now?"
  • Other Hardware
    • HxC Floppy Emulator | HxC2001 HeadQuarters - A Universal Floppy Disk Drive Emulator. The HxC Floppy Emulator project main idea is to completely replace the floppy disk drive by an electronic device. This electronic device emulate the floppy disk drive behavior and functionnalities.
    • Jookie's home page » UltraSatan - The Ultrasatan is a hard disk replacement for your Atari ST - and it uses SD cards for storage. Whilst not specifically intended for file transfer, by partitioning and formatting the SD card in the right way, you can mount the SD card on both your PC and ST - and hence use it to transfer files.
    • KryoFlux
      • KryoFlux is a USB-based device designed specifically for the reliability and precision needed to acquire reliable low-level reads suitable for software preservation.
      • This is the official hardware developed by The Software Preservation Society, an authority in authentic floppy disk imaging and preservation.
      • LGR - Kryoflux USB Floppy Disk Controller Overview - YouTube - A demonstration and overview of the capabilities of the Kryoflux USB High Definition Flux Sampler.
    • Arduino Nano Floppy Emulator For When Your Disk Is Not Accessible | Hackaday - Among the plethora of obsolete removable media there are some which are lamented, but it can be difficult to find those who regret the passing of the floppy disk.
Published in Emulators
Read more...
Tuesday, 13 July 2021 14:44

Print 2 full pages on single sheet of paper with HP a printer

These are my instructions on configuring my HP 2015n printer to invisibly (to applications) print 2 pages on a single sheet on a single piece of paper.

These instructions might work on different printers as long as they have the feature set in their driver.

Configure the printer defaults

These settings will make the printer scale the full pages and print them 2 a page.

  • Goto
    All Control Panel Items --> Devices and Printers 
    or
    All Control Panel Items --> Printers 
  • Your HP Printer --> printer preferences --> Finishing --> Pages per Sheet
    • Set to 2
    • This will do what it says, 2 pages onto 1.
    • You can only select one of these options at a time. If you choose one the other settings will be wiped out.

Notes

  • Your HP Printer --> printer preferences --> effects--> % of Normal Size
    • This will reduce the print size for each page. The pages will stay separate so this setting does not work.

Create new printer instance (optional)

Setting up a new printer with these options as the default settings will make your lifer easier rather that having to select these options each time you print or reverting the defaults when you are finished.

When I say setup another printer I mean we will use the same physical printer but install another instance of the printer which we can then configure as required.

So follow one of the tutorials below

 

 

 

Published in Printers
Read more...
Tuesday, 13 July 2021 12:45

Outlook 2016/2019 PayPal Receipt Printing - Only print pages 1 and 2

This all started because I printout my PayPal receipts and because of their formatting can take several sheets of paper. Often the last sheet would just have 1 word on it.

I started by manually just printing the first 2 pages, but this is time consuming so I wrote a macro just to print the first 2 pages of the PayPal receipt to the default printer so I could achieve the same thing but with 1 button click which is what I will show you how to do below.

Then I moved on and configured my printer to print 2 pages on every sheet. So instead of an average of 3 A4 pages every receipt I now just use 1. This has the added advantage that some times a receipt is 1 page and sometimes it is 2 pages so no more paper that what is absolutely needed is used.

I then also created a memo style in Outlook with the margins reduced. (Optional)

This is best solution for printing PayPal Receipts.

See Print 2 full pages on single sheet of paper with HP a printer | QuantumWarp

 

Instructions

To get this to work there are several parts, building the macro (which is done for you), installing the macro and then creating a button in Quick Access Toolbar to run it.

The Macro (2022)

' Outlook 2016/2019 PayPal Receipt Printing - Only print pages 1 and 2

Sub PayPal_Receipt_Printing()

SendKeys "%"
SendKeys "FPR"
SendKeys "%{S}"
SendKeys "1-2"
SendKeys "{ENTER}"
DoEvents
SendKeys "{NUMLOCK}{NUMLOCK}"

End Sub

Old Version

The code below worked for a while but recently stopped working after a Windows update but I am leaving it here for reference because there might old versions of office this is needed for and I can see what I changed to get it to work.

' Outlook 2016/2019 PayPal Receipt Printing - Only print pages 1 and 2

Sub PayPal_Receipt_Printing()

SendKeys "%FPR"
SendKeys "%S"
SendKeys "1-2"
SendKeys "{ENTER}"
DoEvents
SendKeys "{NUMLOCK}{NUMLOCK}"

End Sub

How I fixed this

  • The error started occuring after a Windows/Office Update
  • When i run a macro in office it makes a noise/alert/bong and appears not to run
    • This alert was caused by incorrect keypresses generated by the macro caused by changes to how the code is interpreted after an update.
    • The macro is running correctly, but not as you expect.
    • Becasue the macro does not crash, there are no error to be generated.
  • I found the error by REMMING out all of the lines in the VBA and check each line/action until the issue is found.
    • I run each line one by one to see where the bong was generated.
    • I REMMED out all the lines except the first one, checked, then uncommented the second line and rechecked etc..
  • I fixed the script by appling these changes:
    • SendKeys "%FPR" is now broken into 2 lines. For some reason the code on one line was not longer accepted.
      • SendKeys "%"
      • SendKeys "FPR"
    • I have also changed SendKeys "%S" to SendKeys "%{s}" as there was a change in how the asset on the print dialogue box is selected or how this particular line was handled.

Code explained

  • SendKeys "%FPR"
    • Press the keys: Alt --> F --> P --> R
    • Use to work but stop working after a recent update.
  • SendKeys "%"
    • Press the keys: Alt
    • Works fine when it is on its own
  • SendKeys "%{FPR}"
    • While holding the ALT key press F --> P --> R
    • This should work

Install the Macro and create a Quick Access Toolbar button

Test Print

Remembering that this script will use your default printer, do a test print and then you are done.

The rest of this article is for reference.

Notes

 

Numlock gets turned off when using SendKeys

The NumLock would always turn off after running the script no matter what. These are my notes on resolving this issue.

When you use SendKeys the NumLock is turned off due to a bug in Visual Basic.

Solutions from Microsoft

I found these towards the end of my research and they pretty much the best way of fixing this issue.

Executing two or more SendKeys statements in a row results in turning off the NumLock key. This problem may also affect the CapsLock and ScrollLock keys.

My Solution 1 - DoEvents

If you look in the script above you can see the following code taken from SendKeys is messing with my NumLock key via VBA code in Access form - Stack Overflow

DoEvents
SendKeys "{NUMLOCK}{NUMLOCK}"

This solution seems to work really well and perhaps can be expanded for Caps Lock and Scroll Lock if needed.

My Solution 2 - Sense NumLock state and then restore after SendKeys (GetKeyState/GetAsyncKeyState)

I spent quite a bit of time trying this but could not get it to work so I am including my notes and research here for future reference.

The code below I managed to get to sense when a key was pressed down and shows how to use the High/Low bit thing by using Hex codes

' Get Numlock status

Private Const VK_NUMLOCK = &H90
Private Const VK_SCROLL = &H91
Private Const VK_CAPITAL = &H14

Private Declare PtrSafe Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Long

Private Function KeyDown(ByVal vKey As Long) As Boolean
   KeyDown = GetAsyncKeyState(vKey) And &H8001
End Function

Sub Test_Key_down()

If KeyDown(vbKeyNumlock) Then MsgBox "The NumLock key is pressed down!"

End Sub

Notes

  • I can then get state before running the code and restore it aftewwards to fix bug.
  • I cannot get the live state of the NumLock using this method
  • All Declare Statements must now include the PtrSafe keyword when running in 64-bit versions of Microsoft Office. The PtrSafe keyword indicates a Declare statement is safe to run in 64-bit versions of Microsoft Office.
  • SendKeys is messing with my NumLock key via VBA code in Access form - Stack Overflow - Answers here.
  • &H8001 = checks if the key is down has been pressed in this process. it is not cleared until new process.
  • &H8000 = checks if the key is down
  • &H0001 / &H1 = checks if the key has been pressed in this process. it is not cleared until new process.
  • this only does keys, I cant get it to recognise the state of the numlock light
  • process/message que clears after about 5 seconds
  • 0x8001 = Low bit
  • 0x8001 = High bit
  • 0x8001 =  -32767
  • If the function succeeds, the return value specifies whether the key was pressed since the last call to GetAsyncKeyState, and whether the key is currently up or down.
  • If the most significant bit is set, the key is down, and if the least significant bit is set, the key was pressed after the previous call to GetAsyncKeyState. However, you should not rely on this last behavior; for more information, see the Remarks.

My Solution 3 - Sense NumLock state and then restore after SendKeys (Keyboard Events)

I never tried this option as it looked very complicated and I do not want to learn VB.

Outlook VB General Notes

Published in Microsoft Office
Read more...
Tuesday, 22 June 2021 06:55

CWP Full setup in VirtualBox on Windows behind a NAT

These instructions are for CWPpro but will work for the most part with the free version of Control Web Panel. For the yearly cost of the Pro version it is worth paying the $12 and trying the full software out from the start. This will also support the project.

For reference I used:

  • CentOS-7-x86_64-Minimal-2009
  • CWPpro v0.9.8.1074
  • VirtualBox v6.1.22-144080

Following these instructions will take around 5 Hours to complete and this assumes you have built your Windows 10 Pro PC.

I do not cover every aspect because I am not a professional but this should be a good baseline. But what it does cover is:

  • Setting up a Windows 10 Pro PC (not extensively).
  • Setting up a Oracle VirtualBoc Virtual Machine instance with all of the correct settings.
  • Setting up of CWP and all of those settings that most people want.
  • Configuring your local network with OpenWRT

Just follow the guide through from beginning to end and everything will work. I built the guide as I figured things out.

Prerequisites

It is easier to get these things together before you start.

 

Setup Windows 10 Pro PC

You can use your own Virtual Machine server if you have one. My preference is VirtualBox because it is free but VMWare should do just fine.

Check your RAID

Not everyone will use a RAID, but should. A few simple checks to make sure everything is correct is a good idea.

The information below is for standard RAIDs found on Desktop PCs and not ones on ZFS or anything funky like that.

  1. If you are using SSDs on your RAID check to make sure your RAID has presented the RAID as an SSD otherwise you might burnout your drives quicker. This should only be an issue on old RAIDS pre-SSD.
  2. Check your hardware RAID is recognise as 1 drive in Disk Management so you know you have configured it correctly.
  3. Install any RAID specific drivers/utilities that came with your motherboard or RAID card so you can do proper monitoring of the drives hardware.
  4. Configure and RAID utilities to send you email alerts.
  5. When SSDs are used in a RAID:
    • the 'Scheduled Optimisation' should be disabled (if not already) because you cannot trim a RAID as it is made up of more than one drive, and these commands are direct drive commands. Newer RAIDs will have this feature built into their utilities which can see the drives independantly and can make the appropriate adjustments.
    • 'Scheduled Optimisation' is found in the Windows defrag utility and this is where I can check these settings.
  6. Standard drives in a RAID can be defragged as normal because the commands will be handled correctly.

Create a VirtualBox VM

These are my settings for VirtualBox but you might want to modify them slightly which will be fine.

If a setting is not mentioned or is crossed out below, leave it as default.

Using the wizard create your VM with the following settings

Using the Guided or expert mode will give the same outcome.

  • Name and Operating System
    • Name: CWP
    • Machine Folder: C:\Users\{user}\VirtualBox VMs
    • Type: Linux
    • Version: Red Hat (64-bit)
  • Memory size: 4096MB
  • Hard Disk
    • Create a new virtual disk now
    • VDI (Virtual Disk Image)
    • Fixed Size
    • File location and size
      • 50GB
      • C:\Users\{user}\VirtualBox VMs\CWP\CWP.vdi
      • This will create a file that is 50GB so will add 50GB of wear to your SSD. But don’t worry this is ok and expected and is a one time deal.

 

Edit new VM Machine settings

There is currently a bug with rebooting a VM when running in EFI mode with more than 1 CPU. See notes below.

 

CWP/CentOS works with each type of VirtualBox Start Up. You should look into which one suits you best.

I use Normal until everything is setup and then use Headless when it goes into production.

We now need to finish configuring the VM so it performs better with CentOS Linux.

  • Only change settings mentioned, the rest should be left as default
  • General --> Description
  • Control Web Panel
  • System --> Motherboard --> Boot Order
  • Optical
  • Hard Disk
  • Eject ISO after OS setup
  • System --> Motherboard --> Chipset
  • System --> Motherboard --> Enable EFI
  • System --> Motherboard --> Hardware Clock in UTC Time = off. This keeps the time the same as the Host
  • System --> Motherboard --> Processors --> 2 CPUs (My Host has 6 cores)
  • System --> Acceleration --> Paravirtualization Interface --> KVM
  • System --> Acceleration --> VT-x/AMD-V --> Enabled (If present)
  • Display
    • Video Memory: 64MB (Default: 16mb / VMSVGA)
    • Graphics Controller: VBoxSVGA + no 3D acceleration
    • Enable 3D Acceleration: yes
  • Storage
    • SATA Controller
      • Name: SATA
      • Type: AHCI
      • Port Count: 2
      • Use Host I/O Cache: off
    • HDD/SSD
      • Solid-state Drive: Yes if you are using SSD
      • Hot-pluggable: off, leave this off
    • Add optical Drive to the SATA controller with the following:
      • Live CD/DVD: no
      • Hot-Pluggable: no
    • Remove the IDE Controller
    • NetworkAdapter 1
      • EnabledAttached to: Bridged Adapter
      • Promiscuous Mode: Deny

Notes

 

Install CentOS (Minimal)

I will install CentOS using EFI but pay attention to the reset bug

CentOS 7 (Minimal) is the recommended version of the OS to use when installing CWP. It should be also noted there is no uninstaller but you should never need one.

  • Read the Official Installation Instructions
  • Mount CentOS-7-x86_64-Minimal-2009.iso in the optical drive
  • Set the Optical drive to boot first. (for EFI bios this is currently ignored)
  • Power on the VM
  • If UEFI Interactive Shell appear instead of the CentOS DVD booting then follow the instructions below, else skip this section. This is a VirtualBox Bug.
    • Let the timeout finish or press Esc (both end up at the same place)
    • Type exit (and press return)
    • Select Boot Manager

    • Select UEFI VBOX CD-ROM VB1-1a2b3c4d
      • CentOS option does not work
      • This loads EFI/BOOT/BOOTX64.EFI
    • CentOS DVD will now boot
  • Select Install CentOS 7

  • Set your language and click `Continue`

    • The keyboard layout will change to your localization.
  • Installation Summary should now be shown:

    • Configure 'Installation Destination'

      • This needs to be set manually.
      • Go in and select the disk and leave everything on auto unless you want something different
      • Installation Destination: Just click into it and check the information. Do not change anything. Click `Done`
    • Configure 'Network and Host Name'

      • Configure Ethernet (enp0s3)Enable Ethernet (enp0s3)

        • General --> Automatically connect to this network when it is available: yes
        • General --> All users may connect to this network: yes
        • IPv4 Settings --> Method: Manual
        • IPv4 Settings --> Addresses --> Add
          • Address: 192.168.1.11
          • Netmask: 255.255.255.0
          • Gateway: 192.168.1.1
        • IPv4 Settings --> DNS servers: 192.168.1.1
        • IPv4 Settings --> Require IPv4 addressing for this connection to complete: Yes
        • IPv6 Settings --> Method: Ignore
        • Click `Save`
      • Enable Ethernet (enp0s3) (if not already)
      • Set Host name
        • Host name server.mydomain.com
        • Click `Apply`
      • Check setting are correct in the summary.
      • Click `Done`
    • All settings should now be correct.
    • Click `Begin Installation`
    • CentOS will now install the required files
    • Set a Root Password (Once the file installation has completed)

      You will now see
      • Do not create a user account here, we will do that later.
  • Click 'Finish Configuration' (CentOS is now sucessfully installed, but some configuration still needs to be done)

    You will now see
  • Click `Reboot`
  • CentOS Automatically ejects the DVD so you dont have to do anything
  • Remove the CentOS DVD
    • it might have already been ejected by CentOS installer
    • Login with your root credentials
    • enter the command shutdown (this will power CentOS off)
    • Eject the CentOS-7-x86_64-Minimal-2009.iso from the VM
    • Change the boot order by deselecting the Optical drive is no longer a boot device.
    • Power up the VM
  • The VM will now reboot
  • Login with your root credentials when the terminal appears
  • Configure the network card with the static IP you have selected for CWP (if not already done in the CentOS wizard)
    • use `NetworkManager Text User Interface`
      • Command 
        nmtui

or 

nmtui edit enp0s3 (might work)
      • IPv4 Configuratioin
        • Addresses: 192.168.1.11/24 (or 192.168.1.11)
        • Gateway: 192.168.1.1
        • DNS Servers 192.168.1.1
      • Search domains: leave empty
      • Routing: No custom routes
      • Never use this network for default route: leave unticked
      • Ignore automatically obtained routes: leave unticked
      • Ignore automatically obtained DNS parameters: leave unticked
      • Ignore IPv6 Configuration: Ignore
      • Automatically connect: Yes
      • Available to all users: Yes
    • Goto the command prompt
  • Setup Hostname (server.mydomain.com) (if not already done in the CentOS wizard)
    • Use either the nmtui utility or type the following into the terminal
      hostname server.mydomain.com
    • Default is localhost.localdomain

  • Preparing Server
    • Install required packages for CWP installation: 
      yum -y install wget
    • Update your server to the latest version (might take a while)
      yum -y update
    • Reboot the server
      reboot

Notes

 

Install CWP

Now your VM has CentOS insatlled we can proceed and install CWP.

CWP installer can run more than 30 minutes because it needs to compile Apache and php from source but might be a lot quicker on modern PCs.

  • Boot the VM to the CentOS terminal prompt or (optionally) this is a good time to start using PuTTY if you know what you are doing so you can copy and paste from the terminal.
    • You can use the local IP 192.168.1.11 and port 22
  • Login with root
  • Run the commands (the last one might take a while)
    cd /usr/local/src
wget http://centos-webpanel.com/cwp-el7-latest
sh cwp-el7-latest -restart yes --phpfpm 7.4
    The --phpfpm 7.4 switch did not work for me.
  • When the installer is finished, you will see your credentials displayed, copy them down safely. 
    #############################
#      CWP Installed        #
#############################

Go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/

http://13.13.13.13:2030
SSL: https://13.13.13.13:2031
---------------------
Username: root
Password: ssh server root password
MySQL root Password: xxxxxxxxxxxx

#########################################################
          CentOS Web Panel MailServer Installer
#########################################################
SSL Cert name (hostname): server.mydomain.com
SSL Cert file location /etc/pki/tls/ private|certs
#########################################################

Visit for help: www.centos-webpanel.com
Write down login details and press ENTER for server reboot!
Please reboot the server!
Reboot command: shutdown -r now
  • Reboot the server as requested
    shutdown -r now

Notes

Create Primary Domain User Account

Although you don't have to create an account for the Primary Domain on the server for it to work, it makes sense too unless you have a reason otherwise.

  • User Accounts --> New Account
  • Domain: mydomain.com
  • Username: mydomain
  • Package: default (we will change this later)
  • Reseller: Ticked
  • Leave the rest of the settings as they are

Configure CWP (Preliminary – Error Messages)

Now that CWP is installed we need to configure it

  • Log in to your CWP cpanel using the link provided by the installer on your server. You will need to use FireFox to get past the SSL issues.
    Control WebPanel Admin GUI at: http://13.13.13.13:2030/ or https://13.13.13.13:2031/
    • The local IP 192.168.1.11 will work if these don't at the minute
  • Username: root
  • Password: YOUR_ROOT_PASSWORD

Ypu will now see some errors as shown in the picture below (or similiar)

  • CWP Settings --> Edit Settings
    • (WARNING! Your root Email address for notifications isn't set.) (WARNING! Possible NAT networking detected, Please check the following settings.)
    • Shared IP: should be your public IP and does not need changing. (13.13.13.13)
    • Apache port: should be 80 and does not need changing
    • Set Admin email: no-reply@quantumwarp.com
      Forward server system emails: yes (for now)
    • CSF/LFD Alerts: no-reply@quantumwarp.com (for now)
    • NAT Local IP: should be 192.168.1.11 (what you set on the network in CentOS earlier)
      (If you see multiple IPs in the drop down see the notes below)
      Activate NAT-ed network configuration: Yes
      Read instructions by clicking the link
    • Default DNS Zone template, leave as default.tpl
    • CWP Updates: leave as Stable
    • Rebuild vHosts: yes
    • GoAccess Stats: Leave ticked (not sure why this setting is here)
    • Save changes
    • WebServer Settings --> Select Webservers --> Save & Rebuild Configuration (dont change anything on this page yet)
  • Enable Firewall
    • (CSF/LFD Firewall is NOT enabled on your server, click here to enable it.)
    • Security --> Firewall Manger
    • Enable Firewall (button at top)
  • Change SSH port for security
    • (on the Service and Firewall) (WARNING: Security vulnerability! Your server is using default SSH Port 22, to make your server more secure change SSH port in config file /etc/ssh/sshd_config and in CSF firewall !)
    • You dont have to do this if you are behind a NAT and you are never going to present SSH to the internet, but it is still recommended.
    • SSH Server
      • Services --> SSH Configuration
      • Change `#Port` --> `Port 8128`
      • Click Save
      • Goto Dashboard
      • Restart SSH Server
      • Click on SSH Server Status button to check it is now on the new port
    • CSF Firewall
      • Security --> CSF Firewall --> Firewall Configuration
      • Add the port 8128 to the end of the values + remove port 22:
        • # Allow incoming TCP ports
        • # Allow outgoing TCP ports
      • Save Changes
      • Security --> Firewall Manager
      • Restart the Firewall
      • Test SSH (with PuTTY)
    • Enable Mod Security
      • (Mod Security is NOT enabled on your server, click here to enable it.)
      • Security --> Mod Security
      • Click ‘Install Mod Security now’ button
      • Enable Comodo WAF rules (if not already) (are OSWASP better?)
      • Make sure Process the rules is selected
      • Click `Save Configurations` just to make sure.
      • Restart Apache Webserver: The button is at the top right.
    • Fix the following error shown on the page `Server Settings --> Change Hostname`
      Your Hostname is: server.mydomain.com and it resolves to IP: (ERROR: You don't have a valid hostname set!)
      • DNS Functions --> List DNS Zones --> mydomain.com.db --> Edit Records
      • Add a new record
        • Record Name: server
        • TTL: 14400
        • Direction IPv4 address: 13.13.13.13 (your public IP)
      • Goto the top right of the page and you will see the 'Info' box
      • Restart BIND DNS Server
      • Some times you have to wait and Flush your DNS on your PC as the domain did not immediately come on.
      • When it did not work straight away I deleted it and then added another subdomain to see if that worked and it did, i then added the server subdomain afain and it worked. (restarted BIND inbetween change)
      • Manage Hostname in CentOS Web Panel | Hostwinds
      • CWP DNS Part 1 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6 - This covers the server nameserver and hostname DNS, not very clear but it is the issue I am having and go through a bunch of things (if needed)
    • Hidden Processes – Security Issue (Hide system processes from users - Control WebPanel Wiki) (Hide all processes if not owned by the user is NOT activated on your server, click here to enable it.)
      • This requires at least one account to be setup and the error be resolved.
      • Security --> Secure Processes
      • Click ‘Enable Protection’
      • Test the protection is working
    • Reboot server
      • Server Settings --> Reboot Server --> Reboot Server Now

Notes

Configure CWP (in-depth)

In this section we will complete the setup of CWP now we have got rid of the errors.

Hostname

  • Refresh the Hostname
    • (Server Settings --> Change Hostname)
    • Keep all the settings the same and just click 'Change Hostname'
    • This will:
      • Refresh/Create all of the relevant settings
      • Trigger SSL creation
      • Generate the DNS zone for the server (i.e. server.mydomain.com.db). This is not created during the intial setup, either by design or is a bug.

Notes

  • No SSL on the servers hostname
    • This could be caused by the server no yet having polling Letsencrypt yet
    • Fixes (assumes hostname settings are correct)
      1. Access https://server.mydomain.com:2031/ which should trigger a lookup
      2. Refresh Hostname: Server Settings --> Change Hostname --> Change Hostname (this will not change anything but trigger lookups if needed)
  • Cannot Access Cpanel via hostname
    • You need to make sure that you have set up port forwarding.
    • If you are trying to access via the server hostname and you are local, then you need to make sure that the forwarding rules have NAT Loopback enabled (otherwise you will go made). I modified my rules so for these admin panels that NAT Loopback happens but the panels are not accessibly from the internet.
  • Changing Hostname (If you need to change your hostname in the future becasue CWP does not handle the removal of the old server name)
    • Use the process above
    • Delete the old DNS zone manually for the old hostname.
    • Make sure the server's name is not defined as a subdomain in your Primary Domain User Account DNS Zone.
    • Don't forget that the old name might still be cached in other places because of TTL so it might still ping for a while. If you are still setting up you could just power all of your equipment down to speed things up.
    • Delete DKIM entries in:
      • /etc/opendkim/TrustedHosts
      • /etc/opendkim/SigningTable
      • /etc/opendkim/KeyTable
      • /etc/opendkim/userkeys/[old server domain folder]

Nameservers

For this you need a real domain (mydomain.com) and your public static Ip (13.13.13.13) from earlier.

  • Register Nameservers at a registrar
    • Login to your account at the registrar for your domain
    • Register the following Child Name Servers under your domain:
      Child Name Servers are Name Servers which are registered under your Domain Name.
      Once registered, you can use these Child Name Servers in turn as Name Servers for registering other Domain Names
      • ns1.mydomain.com 13.13.13.13
      • ns2.mydomain.com 13.13.13.13
      • It is correct to have the same IP twice (for most people)
      • Now you might have to also register these as Parent Name Servers aswell under domains account.
  • Change CWP Name Servers
    • DNS Functions --> Edit Nameservers IPs
    • Changes name servers to:
      • Name Server 1: ns1.mydomain 13.13.13.13
      • Name Server 2: ns2.mydomain 13.13.13.13
    • Keep Options ‘Update DNS zone file’ and ‘Restart DNS Server’ ticked
    • Save changes
    • Dashboard --> Service Status --> BIND DNS Server --> Restart
    • Server Settings --> Reboot Server --> Reboot Server Now
    • Reboot your router (this is important to get rid of improper routing it might have stored)

Notes

  • The domain resolution test done when you save the nameservers, I think, is done by CWP servers (ie external to your internal server).
  • If you get the error: 
    ns1.mydomain.com resolves to ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> A ns1.mydomain +short @8.8.8.8 ;; global options: +cmd ;; connection timed out; no servers could be reached 
ns2.mydomain.com resolves to


    This is cause by one or both of these:

      1. The Nameservers DNS update has not propagated yet.
      2. The DNS port 53 is not open or properly forwarded on your NAT router.
  • If you get the error Nameserver is not authoritative when checking mydomain.com on leafdns then this is probably because you have not setup a hosting account to match your servers primary domain (mydomain.com).
  • How To setup Name servers
  • Original Nameservers for reference 
    ns1.centos-webpanel.com resolves to 54.36.136.192
ns2.centos-webpanel.com resolves to 198.27.104.41 

ns1.centos-webpanel.com 127.0.0.1
ns2.centos-webpanel.com 127.0.0.1

Correct DNS Zone on Primary Domain User Account

Now that the name servers have been changed, the Primary user account needs to be updated to reflect the change

  • (DNS Functions --> List DNS Zones --> mydomain.com.db --> Edit Records)
  • Change the following (text replace, might be in many records) (edit file is quicker)
    • The RNAME on your primary account should be postmaster.mydomain.com
      • the RNAME is an email address where the `@` is swapped with a `.`
      • I do not have an address postmaster@mydomain.com but when i rebuilt the Zone it uses the email from the mydomain.com user account.
    • centos-webpanel.com --> mydomain.com

Notes

  • Do not rebuild the zone, this will wipe out many Zone records
  • The primary user account some records in it that will not be re-added by rebuilding the domain so would need adding manually. 
    server 14400 IN A 31.125.252.137

ns1.mydomain.com. 14400 IN A 31.125.252.137

ns2.mydomain.com. 14400 IN A 31.125.252.137
  • I am not 100% the nameserver A records becasue the ns1.mydomain.com and ns2. mydomain.com have their own record files (ns1.mydomain.com.db / ns2.mydomain.com.db)
  • smtp, pop, pop3, imap, webmail, cpanel, cwp subdomains are missing, DKIM is not setup properly and the SPF record is missing.
  • See forum questions below for a full text comparison of an account before and after a rebuild.
  • Only the records that were created before changing your name server are corrupted.

Set rDNS and PTR

These must be changed at your ISP or IP provider. These records allow your server domain to be worked out from the IP address.

A good rDNS is better for your server reputation and will allow more successful delvery of email.

Plusnet/BT/UK ISPs: By default thier IPs from ISP are on the Spamhaus 'Policy Block List' because it should not be sending emails. So you might need to contact your ISP to have the Ip removed from the list. I did manage to remove myself from the SPAMHaus PBL list byt looking up my IP and then expanding the message at the bottom, fill in the required information and soon after I was removed for the list. This might not be the case for all ISPs.

Port Forwarding

CentOS Mostly Used Ports - Control WebPanel Wiki

  • Only open the ports you require.
  • These are the ports I have forwarded to allow the basic functionality of the server on the internet but keeps all admin functions (such as control panel) restricted to my local network. You dont even need the email ones if you are not running email and some people dont use Port 25 as standard
    • 25 - SMTP/EMAIL
    • 26 - SMTP (this port is not enabled in the firewall by default)
    • 53 - BIND/DNS
    • 80 - HTTP / Apache Web server
    • 110 - POP3/EMAIL
    • 143 - IMAP
    • 443 - HTTPS / Apache Web server SSL
    • 465 - SMTP/EMAIL SSL/TLS
    • 993 - IMAP/EMAIL SSL
    • 995 - POP3/EMAIL SSL
    • 2030 - CWP Admin
    • 2031 - CWP Admin SSL
    • 2082 - CWP User Panel
    • 2083 - CWP User Panel SSL
    • 2086 - CWP Admin (same as 2030)
    • 2087 - CWP Admin SSL (same as 2031)

 

  • OpenWRT Router Port Forwarding including Local Access
    • OpenWRT Port Forward Rules
      I use a seperate rule for local traffic because you want all ports available on your server to the local network for admin purposes but only the specified ones present to the internet. All ports are available via 192.168.1.0/24 anyway, but we want to use server.mydomain.com locally.

      You need to create the Local Traffic Rule once but a Standard Port Forward Rule for each port you want to forward to the interent.

      • Local Traffic Rule
        • Name: CWP (All Ports / LAN Only)
        • Protocol: TCP+UDP
        • Source Zone: wan/wan6
        • Source MAC Address:
        • Source IP address: 192.168.1.0/24 (this is an IP range)
        • Source port:
        • External IP address: 13.13.13.13
        • External port:
        • Internal zone: lan
        • Internal IP address: 192.168.1.11
        • Internal port:
        • Enable NAT Loopback: Ticked
        • Extra arguments:
      • Standard Port Forward Rule (change the port numbers for the required port)
        • Name: CWP (BIND/DNS)
        • Protocol: TCP+UDP
        • Source Zone: wan/wan6
        • Source MAC Address:
        • Source IP address:
        • Source port:
        • External IP address: 13.13.13.13
        • External port: 53
        • Internal zone: lan
        • Internal IP address: 192.168.1.11
        • Internal port: 53
        • Enable NAT Loopback: NOT ticked
        • Extra arguments:

Notes

  • OpenWRT
    • How to configure totally open DMZ with OpenWRT? - Server Fault - The easy way. Do not leave this on as it is just for testing. This method also routes all local traffic to the to the CWP server without using the Hostnames method below.
      • If you have another rule for Portforwarding you can use this method to allow specific IP address locally to use you server nd keep the DMZ for external traffic only except for a specified IP by add this addition rule. Basically create rule using the above but then edit the rule and specify the following:
        • External IP address: 13.13.13.13
        • The CWP server needs to be connected to the outside world properly for this to work as your laptop will do DNS lookups starting at your authorative DNS servers at your registrar.
    • Network --> Hostnames - This can be used to tell OpenWRT to route all internal calls to a domain to a local address. This is not the same as DMZ. This will allow you to use CWP without it being on the internet or using the hosts trick. This causes the loading of the website to be slow becasue of this extra routing, this might also just also be my low power router.
    • I removed NAT Loopback from the standard port forward rules. This will reduce the CPU overhead by a little and when I disable the (All Ports/LAN Only) rule then all ports locally routed will stop working preventing confusion.
    • If the rules dont behave as expected and you have double checked them, you should restart all network kit so you flush all of their DNS and prebuilt traffic routes.
    • OpenWRT, once a route is established that route will have a TTL similiar to DNS.
    • FlushDNS can be used on your PC but will not change IP routing on other devices.
  • NAT Loopback
    • NAT loopback enables a user on the trusted or optional networks to connect to a public server with the public IP address or domain name of the server, if the server is on the same physical OpenWRT network.
    • Disable NAT loopback for guest network - Network and Wireless Configuration - OpenWrt Forum - You can use hostnames for local routing. I found this to be slow and you might nto add an entry for every subdomain.
    • iptables - How does NAT reflection (NAT loopback) work? - Unix & Linux Stack Exchange - in-depth explanation
    • My notes: NAT loopback is where the router inspects the target IP of the request/packet and if it sees that the target is its public IP it will loop the request back into the network to the defined local IP (as per the rule) as if it has come from the outside in the first place. This options just says to the router perform this check and then do the looping.
    • NAT Loopback allows traffic sent to public IPs to be routed back to the local network if the IP/Server is present on the local network. This is perfect when you are running a server on your LAN that is connected to the internet by port forwarding. Normally you would get a failed message: 
      Forbidden
Rejected request from RFC1918 IP to public server address
    • If you disable the CWP (All Ports / LAN Only) which has NAT Loopback enabled, you will also get the RFC1918IP error when you try and lookup server.mydomain.com:

 

The CWP server is now present on the internet.

Cgroups

Cgroups allow you to limit resources per user — such as CPU %, system memory, network bandwidth, or combinations of these resources. You have to create a Cgroup and then assign it in the package. This is good for preventing server abuse byt the user or a hacker. You have to create a Cgroup before it can be assigned to a package or user so we will do this before creating our packages.

  • Security --> Cgroups Resource Limits
  • Click `Install service`
  • On the same page, got to the `Enable limit resources` and select the following
    • CPU - Limit CPU usage
    • Memory - Limit Memory usage
    • Disk I/O - Limit Disk I/O read/write
  • Click `Save`
  • Add these policies
    • Internal
      • Name: Internal
      • cpu % (min 1 max 200): 150
      • rmem: 1G
      • vmem: 2G
      • read: 10000
      • write: 10000
      • Update user's config files?: Ticked
    • Client
      • Name: Client
      • cpu % (min 1 max 200): 50
      • rmem: 512M
      • vmem: 1G
      • read: 1000
      • write: 1000
      • Update user's config files?: Ticked
    • Click `Restart service` (not sure if I need to do this to apply the new policies)

Notes

Packages

Setup the following packages. These are not mandatory but are a good baseline for you to start from and make managing your server easier. If you are migrating from cPanel I think the packages might be created automatically.

Packages are found at: Packages --> Packages

  • Create Primary package (Primary Domain Account)
    • Name: Primary
    • Disk Quota MB: 5000
    • FTP: 1
    • Email Lists: -1
    • Sub Domains: -1
    • Addon Domains: -1
    • cgroups: Internal
    • apache_nproc: 40
    • nofile: 150
    • Type: Reseller

    • Bandwidth MB: -1
    • Email Accounts: -1
    • DB: -1
    • Parked Domains: -1
    • Hourly Emails: 200
    • nproc: 40
    • inode: 0
    • NodeJs App: 0
    • Accounts: 500

    • Update Quota: [unticked]
  • Create Internal Package (Company Accounts)
    • Name: Internal
    • Disk Quota MB: 5000
    • FTP: 1
    • Email Lists: -1
    • Sub Domains: -1
    • Addon Domains: -1
    • cgroups: Internal
    • apache_nproc: 40
    • nofile: 150
    • Type: General

    • Bandwidth MB: -1
    • Email Accounts: -1
    • DB: -1
    • Parked Domains: -1
    • Hourly Emails: 200
    • nproc: 40
    • inode: 0
    • NodeJs App: 0

    • Update Quota: [unticked]
  • Create Bronze package (for clients)
    • Name: Bronze
    • Disk Quota MB: 500
    • FTP: 1
    • Email Lists: 5
    • Sub Domains: 5
    • Addon Domains: 5
    • cgroups: Client
    • apache_nproc: 40
    • nofile: 150
    • Type: General

    • Bandwidth MB: -1
    • Email Accounts: 5
    • DB: 1
    • Parked Domains: 5
    • Hourly Emails: 100
    • nproc: 40
    • inode: 100000
    • NodeJs App: 0

    • Update Quota: [unticked]
  • Create Silver package (for clients)
    • Name: Silver
    • Disk Quota MB: 1000
    • FTP: 1
    • Email Lists: 10
    • Sub Domains: 5
    • Addon Domains: 5
    • cgroups: Client
    • apache_nproc: 40
    • nofile: 150
    • Type: General

    • Bandwidth MB: -1
    • Email Accounts: 10
    • DB: 5
    • Parked Domains: 5
    • Hourly Emails: 150
    • nproc: 40
    • inode: 125000
    • NodeJs App: 0

    • Update Quota: [unticked]
  • Create Gold package (for clients)
    • Name: Gold
    • Disk Quota MB: 1500
    • FTP: 1
    • Email Lists: 15
    • Sub Domains: 10
    • Addon Domains: 10
    • cgroups: Client
    • apache_nproc: 40
    • nofile: 150
    • Type: General

    • Bandwidth MB: -1
    • Email Accounts: 15
    • DB: 5
    • Parked Domains: 10
    • Hourly Emails: 200
    • nproc: 40
    • inode: 150000
    • NodeJs App: 0

    • Update Quota: [unticked]
  • Set your Primary Domain User Account (acc: mydomain / mydomain.com) to have the package of Primary. It is best not to use the default package.
    • User Accounts --> List Accounts --> mydomain --> edit
    • Account Type: Reseller
    • Package: Primary
    • Leave the rest of the options
      • `Backup user account` = add the account into the backup routine when it is run.
    • Click `Update`

You now have seperate packages for your company and client accounts.

Notes

  • Create/delete hosting packages in CWP - PlotHost
  • Cgroups
    • Cgroups allow you to limit resources per user — such as CPU %, system memory, network bandwidth, or combinations of these resources.
    • Just installed above.
  • apache_nproc
    • It is the process number limit for a certain user, but specifically for Apache.
  • nofile
    • It is the number of open files limit for a certain user. 150 is the recommended, too high and the server will slow and too low and things like IMAP will stop working.
    • The number of files allowed to be read/executed at the same time.
  • Type
    • General - This is a standard client account.
    • Reseller - This tags the account as a reseller and obviously gives it reseller functionality and permissions. when this option is checked a new input box appears called `Accounts` which allows you to set a limit on the number of client accounts this reseller can own. `Accounts` has to be an integer.
  • nproc
    • It is the process number limit for a certain user.
  • inode
    • It Indicates the inode limit for a certain user.
    • It is ok to leave this as 0 as there are usually other limits set in a package.
    • Innodes are used by the file system to store data block locations and metadata because the innode size is relatively small and predictable there usually is no problem with allowing unlimited inodes.
    • If a user is filling up all available inodes possibly with zero byte file data then you do have the ability to restrict their inode limit forcing them to free up used inodes in order to create new ones.
    • Inode is a data structure that stores the information about all files created on your hosting account. The number of inodes indicates number of files, folders, email or anything you store on your web hosting account. Each file on your web hosting account is identified by an inode number in the file system. Inodes store the important data about files such as user, group ownership, access mode and file type.
    • Suggestions for Inode, No of Files, Process Limits - Cloud - Good discussion with suggestions.
  • NodeJs App
    • Number of NodeJS apps a user can create. This will require NodeJS Manager to be installed.
    • CWP - Admin Panel: NodeJS Manager - YouTube - Goes into a little about nodejs and Apps.
    • I am leaving this of on all of my accounts until i find a need for it.
  • process limit
    • (0 = no processes allowed)
    • This limits the number of processes for an account. This setting prevents the user from exceeding the limited number of PHP web processes. Its generally recommended to allow at least 30 to 50, however using this limit is particulary good when using PHP CGI to prevent users with high traffic from overloading the server, the downside is that since this limit is userwide it can also have restrictions on IMAP connections if the number is set to low and the user has many IMAP connections.

Features

The feature manager allows you to filter / block modules for use in the user module.

Feature Manager | Control-WebPanel Documentation

User Accounts --> Features,Themes,Languages --> Feature Manager

I think the accounts have all features available until you assign a feature set.

You can assign these features to an account or package. I will always choose to do these things by packages because it is the way I have done it in cPanel.

When you select these options you might not currently have all of the servers or things installed. Select your options as if they were so they match up when you later add the required features.

  • Create Internal feature list (this is for all company accounts) and assign it to the Primary and Internal packages
    • Name: Internal
    • Type: Package
    • Accounts: Primary, Internal
    • Click `Mark all`
    • Click `Create and Save this rule >>`
  • Create Client feature list (this is for all client accounts)
    • Name: Client
    • Type: Package
    • Accounts: Bronse, Silver, Gold
    • Click `Mark all`(You can come back to edit this feature list later or do it now if you are familiar with CWP)
    • Click `Create and Save this rule >>`

You now have seperate feature sets for your company and client accounts.

Notes

  • The menu items for the features will be present in the users control panel even if the service is not installed but it is enabled in the feature set.

Create a User Test Account

This is a very useful thing to have. It is just a simple account you can use to see what clients see.

  • User Accounts --> New Account
  • This is just an example (but will work)
  • Domain Name: test.acc
  • Username: testacc
  • Password: xxxxxx
  • Admin email: no-reply@test.acc
  • Server IPs: 13.13.13.13
  • Package: Bronze
  • Additional Options: Select:
    • Backup user account
    • AutoSSL: Domain must be pointed to the server

Apache

  • Set Web Server Type
    • WebServer Settings --> Select WebServers --> Setup default Web Servers --> Apache Only (this is default)
    • Dont make any changes to the page
    • Click `Save & Rebuild Configuration` (this might not be needed here but does not harm)
  • Update Apache to the latest version
    • Check you have terminal access via SSH first using putty (for saftey)
    • Check the new version you are going to install is newer than the current version.
    • You should also be aware that if you have installed the TLS1.3/HTTP2 upgrade from MysterData then this might fail. (see notes below)
    • WebServer Settings --> Apache Re-Build --> Select NEW Apache version
    • Select the latest version
    • Click `Next`
    • Leave all options as there are unless you know what you are doing.
    • Click `Start Compiler in Background`
  • HTTP2 + TLS1.3 (select the correct version for your Apache build)

Notes

  • These settings here do not affect the apache daemon for the CWP panel. It has its own Apache for this (I think). It is running PHP 7.1 so cannot be broken by people reconfiguring their server. I got this location by look at the cron jobs that are run by the root.
    /usr/local/cwp/php71
  • CWP WebServers Config | SaadHost very in depth article
  • Apache vs Nginx: Practical Considerations | DigitalOcean
  • Select Server Type
    • don't really understand the other technologies so I will leave the default Apache only setup because there is less to go wrong and I am use to Apache because I have been using Xampp which is Apache based. Apache on its own is proabbly good for development and low traffic sites.
    • Nginx & Varnish & Apache is the best performance option and good for high traffic sites. This seems to be the recommended option by professionals and I will change to it once I have got use to the server.
      • Force Apache to use PHP-FPM Selector
      • WebServer Settings --> Select WebServers --> Setup default Web Servers --> Select Default Apache PHP-FPM version
      • WebServer Settings --> Select WebServers --> Setup default Web Servers --> Select Default Nginx PHP-FPM version
      • I have not choosen this option at this time.
      • This will disable PHP Selector 2 and PHP Version Switcher.
      • If you choose this option, you would have to select a default Apache PHP-FPM and Nginx PHP-FPM version on this page. I am not sure if it would continue to use the server's default php.ini file.
  • What are these? (add Nginx and Varnish add extra hurdles when developing web sites)
    • Apache
      • Your basic Web Server
      • The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
    • Nginx
      • NGINX is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
      • NGINX accelerates content and application delivery, improves security, facilitates availability and scalability for the busiest web sites on the Internet.
      • NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability.
      • Nginx excels at serving static content quickly and is designed to pass dynamic requests off to other software that is better suited for those purposes.
    • Varnish
      • This is a cache based in RAM.
      • Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.
      • What is Varnish cache and how it works? - Interserver Tips
    • LightSpeed
      • A commercial webserver dedicated to speed.
  • Other HTTP2 / TLS1.3 articles (older or untested)
  • Rebuilding Apache broke CWP
    I did this and my server broke. It was running extremely slowly on the terminal and the websites would not load. The CWP panel might of come up if left long enough

FTP

This is mostly setup but for a couple of settings in the FTP manager

  • Set the following settings in FTP Manager (File Management --> FTP Manager V2 --> Edit Configuration)
    • TLS: 2 (This allows only encrypted connections)
    • TLSCipherSuite: HIGH (default HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3)
    • Click on `Update` not reset.
  • You need to create a user as non are created by default like in cPanel (optional)
    • File Management --> FTP Manager V2 --> Add User
    • Fill in the details
    • Click `Submit`
  • TLS1.2+ is now required.

Notes pure-ftpd Setup Passive FTP Ports - Control WebPanel Wiki

PHP

Configuring the PHP service is good for security and performance.

  • Set the Server's default Global PHP version
    • PHP Settings --> PHP Version Switcher --> PHP Version = 7.4.20 (or your preference. php 8.0 is not mainstream yet)
    • Select Options/Modules/Extensions (These are PHP extensions that are added into PHP when it is compileds or it compiles them and attaches them)
      • Check them over but the ones that come up should be fine (if you have not changed them). You can always recompile later with different options.
      • Click `Save & Build` (CWP will now compile PHP from source in the background)
  • PHP Selector 2
    • Standard PHP Parser (PHP-CGI)
    • This feature lets you install additional PHP versions in the CWP. This is the selector for the legacy CGI-based PHP method like SuPHP. You can use a different PHP-CGI version per account/domain rather than the server default one.
    • I am not going to use any on this page because I want to use the faster PHP-FPM.
    • Installation will be similiar to setting the servers default PHP version except you might select several versions and you can select options and other things specific to the particular version before you Compile
    • I am not sure what happens if you select the same version as the servers default version.
    • I think this is the same PHP parser type that the server default is running.
  • PHP-FPM Selector
    • This lets you also install and use additional PHP versions. The difference is that it selects PHP Fast CGI Manager (PHP-FPM) versions instead of traditional CGI.
    • Select:
      • PHP-FPM 7.4.20
        • with default options
        • same as the server default PHP version
      • PHP-FPM 8.0.7
        • with default options
        • for testing
    • Click `Start Compiler (build & install)` (it does take a while to compile, especially if you have chosen a few PHP versions)
    • Enable auto update for the PHP version you have just installed.
      • The servers version might autoupdate anyway when the server updates, other than that there is no option for it.
  • Apply the relevant PHP version to any accounts that already exist that you wish to upgrade/change. They should all currently be on the default legacy CGI PHP parser (server default)
    • So far I can only change this in the user's control panel, not on mass. I will add the command or instructions here when I find one.
  • Configure all of your php.ini files to your taste
    • Dont forget about the multiple versions of the php.ini , one for each version of PHP installed for each enging type (PHP-FPM / Apache Module)
      • (PHP Settings --> PHP.ini Configuration) - This is the servers main/default version of php.ini
      • (PHP Settings --> PHP Selector--> PHP x.x --> Edit php.ini) - When you use multiple versions of PHP as an Apache Module you need to edit these.
      • (PHP Settings --> PHP-FPM Selector --> PHP x.x --> Edit php.ini) - When you use PHP-FPM you need to edit the different version of the php.ini here. Save and then restart that particular version. There is no need to rebuild.
    • Before making changes to the file, always click on the `Create File Backup` button
      • The default server on gets stored at /usr/local/php/php.ini - CWP might do an automatic backup upon save.
    • Once you have configured all of your php.ini files I would recommend you download them and store them as a reference just incase they get wiped out in an upgrade or something else unpredicted especially if you have a complicated chages you have made.
    • Once you have made the changes make sure you restart the relevant services or just restart the server for quickness.
    • Changes I have made to the default file (these might be a bit generous for a standard webhost, so the ones where I have increase values, ignore them)
      disable_functions = "" --> "system,passthru,popen,exec,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,highlight_file,escapeshellcmd,define_syslog_variables,posix_uname,posix_getpwuid,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,escapeshellarg,posix_uname,ftp_exec,ftp_connect,ftp_login,ftp_get,ftp_put,ftp_nb_fput,ftp_raw,ftp_rawlist,ini_alter,ini_restore,inject_code,syslog,openlog,define_syslog_variables,apache_setenv,mysql_pconnect,eval,phpAds_XmlRpc,phpAds_remoteInfo,phpAds_xmlrpcEncode,phpAds_xmlrpcDecode,xmlrpc_entity_decode,fp,fput,shell_exec,apache_get_modulesi"
expose_php = On --> Off
max_execution_time = 30 --> 180
max_input_time = 60 --> 180
max_input_vars = 4000
memory_limit = 128M --> 256M
post_max_size = 8M --> 64M
upload_max_filesize = 2M --> 64M
date.timezone = "Europe/London"
      • A lot of companies disable mail() to prevent spam. Just add 'mail' to the end of disable_functions. I use mail function because there is onyl my stuff on the server and it prevents me from having to setup sMTP on every CMS or PHP script I want to use. If you have customers on your server then definately disable the mail function.
    • changes of note, but I have not changed them (might do) 
      zlib.output_compression = Off
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT --> E_ALL & ~E_NOTICE

; http://php.net/track-errors
;track_errors = Off

; http://php.net/html-errors
;html_errors = On

; http://php.net/register-argc-argv
register_argc_argv = Off

; http://php.net/allow-url-fopen  (I have this on all the time, but should it be off by default)
allow_url_fopen = On
  • Force Apache to use PHP-FPM Selector
    • I am only going to use PHP-FPM so i need this option.
    • WebServer Settings --> Select WebServers (This will be quick becasue we are not re-compiling anything)
      • Select Default Apache PHP-FPM version: 7.4
      • Select Default Nginx PHP-FPM version: 7.4 (I do not have NginX installed at this time, but does not harm to apply this setting now so I can forget about it)
      • Force Apache to use PHP-FPM Selector: Ticked
      • Click `Save & Rebuild Configuration`
      • The switch will be almost instant and this is normal.

Notes

  • Each PHP version for each type of PHP parser (Selector) has its own php.ini
  • If you are using Snuffleupagus (see in the security section below) you will need to manually add it again to any new versions of PHP you install, PHP version upgrades should maintain the software.
  • PHP-FPM
    • This create helpers per account so is more resource intensive but does allow for much quicker parsing of PHP becasue the workers are already spooled up. I would not recommend this for all of your accounts on your server if you have a lot of them.
    • When you have made changes to the PHP-FPM version specific php.ini you need to relaod the service, restarting Apache will not reolad the config file becasue it is not an Apache moduel.
  • AutoUpdate - This enables/disables auto update of the PHP Version ie 7.4, 8.0, so the PHP is always on the latest Patch version (security release)
  • How to disable php/php-fpm selector - Control WebPanel Wiki
  • allow_url_fopen is considered dangerous?
  • The 8.0.7 php.ini is slightly different to the 7.4.20 php.ini but the normal PHP and PHP-FPM version are the same even though there are in different places on the server.
    • the PHP-FPM and normal php have different settings for this
    • PHP Standard ;cgi.fix_pathinfo=1
    • PHP-FPM: cgi.fix_pathinfo=1
  • Disable Dangerous PHP functions.
  • Force Apache to use PHP-FPM Selector
    • After you have enabled this:
      • The menu items for PHP Version Switcher and PHP Selector 2 (NEW) are still present but with a warnings at the top of each of the pages.
      • In PHP Selector 2 (NEW), The PHP versions are obviously just disabled but all compile and delete functions still work which is why the switch is so quick no re-compiling takes place.
  • Divi Recommendations -

Database / MySQL / phpMyAdmin

  • Set default database collations to utf8mb4_unicode_ci (this collation is the modern standard now)
    • (SQL Services --> MySQL Configuration --> Contents of File: /etc/my.cnf)
    • The default my.cnf file is shown below and is for reference. The file is a lot more empty that I expect and I have reported this ont he CWP forum here. 
      #
# This group is read both by the client and the server
# use it for options that affect everything
#
[client-server]

#
# include *.cnf from the config directory
#
!includedir /etc/my.cnf.d
    • Click `Create File Backup` (at the bottom)
    • Add the following code at the end of the file 
      [client]

default-character-set = utf8mb4

[mysql]

default-character-set = utf8mb4

[mysqld]

collation-server = utf8mb4_unicode_ci
init-connect = 'SET NAMES utf8mb4'
character-set-server = utf8mb4
    • Click `Save`
    • Goto the Dashboard
    • Reboot the MySQL Database Server

Notes

  • MariaDB Defaults of note:
    • The database package is MariaDB
    • innodb-file-per-table: True
    • default-storage-engine: InnoDB
  • General
    • After changing the collation as noted above, in phpMyAdmin --> Variables, all collations show correct but collation database shows a (Session value) of latin1_swedish_ci and i dont know why or how to fix it. I would like it to match.
    • Changes made in phpMyAdmin --> Variables are not persistent. When the server is rebooted the changes made there will be lost.
    • Unknown/unsupported storage engine: InnoDB | MySQL Ubuntu - Server Fault
      • The ibdata file contains the data (unless you have file-per-table). The ib_logfile files are the replay logs that contain the data for database-altering transactions that may have been in process when/if the database crashed. If you were able to shutdown the server successfully, deleting these log files won't hurt you. If it crashed, then you need them.
    • Can't read my.cnf file bug | CWP Forum
      • the problem here is that my.cnf needs to be saved with the new line at the end of the file. Some editors, e.g. vim do it automatically and they put a "new line" character at the end of each file - without having the user to actually see it - so it appears that the file ends with the very last character.
      • However if you open this file up with with a different editor, e.g. Mousepad, you will find out that tere is an extra line - a new line - at the end of the file. If there is not - that is the problem - because MySQL fails to process that kind of configuration.
      • Apparently there is a standard for having files end with a new line. Some software upholds it strictly (e.g. MySQL) and that's why we can find this error in MySQL explicitely.
      • Details: https://stackoverflow.com/questions/729692/why-should-text-files-end-with-a-newline
  • Manually Upgrading MariaDB
  • Get the MariaDB variables
    • MariaDB default my.cnf in sources - Stack Overflow
      • No, MariaDB does not have a configuration file which would list all available options and their default values. Different MariaDB packages might provide some configuration files, but those are different, they only contain a small subset of options, and the values are different from default ones.
      • You can output the default MariaDB variables and settings by running:
        Default configuration and explanation of the settings
mysqld --no-defaults --verbose --help

or, on a running 10.1+ server, by executing
SELECT variable_name, default_value FROM information_schema.system_variables ORDER BY variable_name
    • You can output the current MariabDB variables:
  • Removing unwanted Users
    • After importing user accounts from cPanel I found i have a lot of unwanted MySQL users
    • I clicked on the delete icon for the relevant user and got the standard warning message
    • but could not use the CWP GUI to remove them because whern I clicked 'Continue' I got the following error message, Error Invalid System User.
    • The solution is simple to delete the users as the CWP GUI clearly has a bug:
      • Goto (CWP Admin --> SQL Services --> phpMyAdmin --> Users Tab)
      • Select the users you don't want
      • Scroll down to 'Remove selected user accounts'
      • Click 'Go'
      • This will delete the users with no issue. Doing this by the SSH will have the same outcome.
    • How to Show Users in MySQL using a Linux Terminal - via SSH and this is a great tut
    • MySQL “show users”: How to list the users in a MySQL database | alvinalexander.com
      • There might be duplicate users. This is because MySQL filters access to a server according to the IP address it comes from. So you can also add a host column.

Email Server

  • Postfix is an MTA
  • Dovecot is a message store Accessor/Provider, POP3/IMAP Server.

Postfix and Dovecot are both required for a full email system and should already be running and this is why you are already (if configured) getting server notification emails.

  • Start disabled services (you will see they have an error, just ignore these) (Service Recovery FAILED!! I'm reporting this issue to main CWP artificial intelligence system!)

    • Dashboard --> Services Status --> Mail Services
    • ClamAV
    • AMaViS (A Mail Virus Scanner)
    • OpenDKIM
    • SpamAssassin
  • DKIM
    • Email --> DKIM Manager
    • Nothing to do already setup
  • SPF make ~all --> -all
    • Email --> SPF Manager
    • Edit DNS Zone
      • Custom DNS Zone Template - Control WebPanel Wiki
      • Open file manager and navigate to: 
        /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/
      • Copy the file default.tpl --> custom.tpl so it is in the same directory. (You will have to copy it to another folder, rename it, move back to the zones folder)
      • Edit the custom.tpl
      • Change the following 
        @	14400	IN	TXT	"v=spf1 +a +mx +ip4:%ip% ~all"

-->

@	14400	IN	TXT	"v=spf1 +a +mx +ip4:%ip% -all"
      • CWP Settings --> Edit Settings -->Default DNS Zone template = custom.tpl
      • Click `Save Changes`
      • This will not change accounts that have already been created including the Primary account. so either manually edit the DNS zones or use a script to change many. But go through and change all of the relevant zones.
        DNS Functions --> List DNS Zones --> mydomain.com --> Edit File/Edit Records
  • DMARC
    • This appears to be configured and running.
    • If you want to change the DMARC defaults then edit the custom.tpl zone file: 
      /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/custom.tpl
      • NB: This will not change accounts that have already been created including the Primary account. So either manually edit the DNS zones or use a script to change many.
        (DNS Functions --> List DNS Zones --> mydomain.com --> Edit File/Edit Records)
    • Tutorials
      • Creating DMARC Record to Protect Your Domain Name From Email Spoofing
        • This is really easy to read and explains everything well including testing and processing reports.
        • Why I’m still using p=none policy?
          • Firstly, it’s because of Microsoft. mails forwarded from Microsoft Outlook Mailbox can fail DKIM check, which is bad. For this reason, I cannot set my DMARC policy to quarantine or reject.
          • Another reason is that I’m using MailChimp to send newsletters to my email subscribers. MailChimp uses its own domain in the Return-Path header and its own DKIM signature for the signup confirmation email, which causes DMARC failure.
        • Having a p=none policy is better than having no DMARC record. Although p=none cannot prevent email spoofing, at least my legitimate emails have a better chance to be placed in inbox.
      • How to Setup DMARC records in cPanel | InMotion Hosting
      • Does anyone have DMARC working? - DMARC Example.
  • Antispam
    • Install Spamhaus:
      • Email --> AntiSpam --> Install Spamhaus
    • SpamExperts: This is a commercial professional antispam service.
  • Webmail
    • Email --> Roundcube Webmail
    • Nothing to do already setup
  • Configure Postfix
    • Email --> MailServer Manager
    • When the functions are enabled then they have a tick in their box when the page loads. You need to rebuild the Mail Server to allow the Domain name to be updated correctly.
    • Select the following:
      • ClamAV, Amavis & Spamassassin, Requires 2Gb+ RAM
      • Drop all emails if no rDNS/PTR
      • Installs DKIM & SPF, enables DKIM for New Accounts and Domains
      • Installs Policyd, enables hourly email limit per domain.
      • Resource Usage - These use a lot of resources
        • ClamAV (CPU 5%-20%, RAM 1.2GB-2.0GB+)
        • Amavis (CPU 5%-20%, RAM 1.2GB-2.0GB+)
        • Spamassassin (CPU?,RAM?)
    • Hostname: server.mydomain.com
    • Domain: mydomain.com
    • Click `Rebuild Mail Server`
    • Click `Update ClamAV Database`
    • Click `Restart All Mail Server Services`

Notes

Remove 'cwp' subdomain from the Default DNS Zone (optional)

This has to be done here so all of your new accounts dont get this vestigial subdomain.

It is my opinion this is not really used by anything anymore and that is why this is optional.

 

  • Edit the following file (you should of created the file custom.tpl earlier)
    /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/custom.tpl
  • Remove the line 
    cwp 14400 IN A %ip%
  • This will not change accounts that have already been created including the Primary account. So either manually edit the DNS zones or use a script to change many.

 

Firewall

  • Country Blocking / IP to Country Lookups / GeoIP / Geolocation
    • If you are running a network firewall such as pfSense, then do the Country Blocking in that device, so all network devices can benefit from that single ruleset but keep the lookup service enabled here to allow for IP to country lookups
    • Security --> CSF Firewall --> Firewall Configuration
    • Set your provider (MaxMind is preferred)
      • MaxMind
        • Get a MaxMind license Key: GeoLite2 Sign Up | MaxMind (I created a proper MaxMind account first)
        • CC_SRC = "1"
        • MM_LICENSE_KEY = "" (fill in your license key)
      • DB-IP, ipdeny.com, iptoasn.com
        • CC_SRC = "1"
    • (optional) Set the countries to block
      • Search for CC_DENY = ""
      • Change to CC_DENY = "CN,RU"
    • (optional) block all countries except those specified:
      • Search for CC_ALLOW_FILTER = ""
      • Change to CC_ALLOW_FILTER = "CN,RU"
    • Click `Save Changes` (at the bottom)
    • Restart the firewall (Security --> Firewall Manager --> Restart)
  • Check all of the ports, close ones not used - even if the port is not forwarded (i.e. just on LAN).
  • SSH restriction rule

Notes

SSL / HTTPS / AutoSSL / LetsEncrypt

  • Set autorenew
    • WebServer Settings --> SSL Certificates --> Configure
    • Auto Renewals
      • Active: yes
      • Auto renew AutoSSL: yes + Renew all SAN
      • Autorenew every: 60 days
    • Automatic SSL generation:
      • Active: yes + Admin and User
      • Generate SAN automatically: mail, webmail, ftp, cpanel = yes
    • The automatic generation task will be executed every day at: 01:00 (less traffic at this time)
  • Generate SSL for mydomain.com
    • WebServer Settings --> SSL Certificates --> AutoSSL [FREE]
    • User: mydomain
    • Domain: mydomain.com (main)
    • Additional Servers: mail, webmail, ftp, cpanel

Notes

 

Security

The more resources you install the more resources you use. I dont know if you need to install each one of these.

  • Connect via SSH with PuTTY and make the root password complex and create a user as they might not be the strongest ones set earlier because you could not copy and paste.
  • Install PHP Defender (Snuffleupagus)
    • Dont Install this
      • First time I enabled it all of my wordpress installs were broken
      • You must restart the whole server to unload it, just deleting the instances from the security centre and restarting Apache is not enough. I am running PHP-FPM.
      • You might also need to reboot the server for the modules to become live.
      • If you don want to install make sure you have a full server backup
      • Here are some example errors: 
        Apache Error Log (sitea)
[Thu Dec 23 19:47:52.977523 2021] [proxy_fcgi:error] [pid 4659:tid 139985935795968] [client 192.168.1.1:58256] AH01071: Got error 'PHP message: PHP Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'ini_set', because its argument '$varname' content (display_errors) matched a rule in /home/mydomain/public_html/sitea/wp-includes/load.php on line 465'
[Thu Dec 23 19:47:53.157871 2021] [proxy_fcgi:error] [pid 4659:tid 139985935795968] [client 192.168.1.1:58256] AH01071: Got error 'PHP message: PHP Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'ini_set', because its argument '$varname' content (display_errors) matched a rule in /home/mydomain/public_html/sitea/wp-includes/load.php on line 465', referer: https://sitea.mydomain.com/
[Thu Dec 23 19:47:54.155940 2021] [proxy_fcgi:error] [pid 4659:tid 139985935795968] [client 192.168.1.1:58256] AH01071: Got error 'PHP message: PHP Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'ini_set', because its argument '$varname' content (display_errors) matched a rule in /home/mydomain/public_html/sitea/wp-includes/load.php on line 465'

Apache Error Log (siteb)
[Thu Dec 23 19:26:46.802401 2021] [proxy_fcgi:error] [pid 1642:tid 140310124496640] [client 192.168.1.1:49326] AH01071: Got error 'PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762'
[Thu Dec 23 19:26:53.844567 2021] [proxy_fcgi:error] [pid 1696:tid 140310174852864] [client 192.168.1.1:49334] AH01071: Got error 'PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762'
[Thu Dec 23 19:27:27.416398 2021] [proxy_fcgi:error] [pid 1696:tid 140310174852864] [client 192.168.1.1:49349] AH01071: Got error 'PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 0 parameter's name: 'arg' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 1 parameter's name: 'extract_type' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] - 2 parameter's name: 'prefix' in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762'
[Thu Dec 23 19:27:58.554425 2021] [proxy_fcgi:error] [pid 1696:tid 140310174852864] [client 192.168.1.1:49350] AH01071: Got error 'PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'var_array' of the function 'extract', but the parameter does not exists. in /home/mydomain/public_html/siteb/wp-includes/template.php on line 762PHP message: PHP Warning: [snuffleupagus][0.0.0.0][config][log]
    • (Security --> Security Center --> PHP Defender)
    • If you click on 'View details' you get
    • Standard installation (Only change this if you know why)
    • Defender mode: Basic (Only change this if you know why)
    • Click 'Install now'
    • Click 'Accept'. This will install Snuffleupagus for all of your PHP versions, there is no option to select individual version yet.
    • You can now configure the Snuffleupagus settings individual for each version
  • Scan all accounts for Malware (optional)
    • Security --> Security Center --> Malware Scan --> Accounts Scan (All accounts)
  • Install Maldet : Linux Malware Detect (LMD)
    • A malware scanner for Linux. It is particularly effective for the detection of php backdoors, darkmailers and many other malicious files that can be uploaded on a compromised website.
    • Security --> Security Maldet Scan --> Install Maldet
    • Update and scan for malware
  • Install Rkhunter
    • rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux.
    • Security RKHunter Scan --> Install Rkhunter
    • Update and scan for malware
    • Configure rkhunter (RooktKit Hunter)
      • Correct the email address (bug) to send the rkhunter cron emails to
        • Edit the file /etc/cron.daily/rkhunter or /etc/sysconfig/rkhunter
        • Change the file as follows: 
          MAILTO=root@localhost

to

MAILTO=root
      • Run the following commands from the terminal and they will fix the errors in the rkhunter email (as shown below)
        ---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Checking for prerequisites               [ Warning ]
         The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
         is used, all the files on their system are known to be genuine, and installed from a
         reliable source. The rkhunter '--check' option will compare the current file properties
         against previously stored values, and report if any values differ. However, rkhunter
         cannot determine what has caused the change, that is for the user to do.
Warning: The command '/usr/sbin/ifdown' has been replaced by a script: /usr/sbin/ifdown: Bourne-Again shell script, ASCII text executable
Warning: The command '/usr/sbin/ifup' has been replaced by a script: /usr/sbin/ifup: Bourne-Again shell script, ASCII text executable
Warning: The command '/usr/bin/egrep' has been replaced by a script: /usr/bin/egrep: POSIX shell script, ASCII text executable
Warning: The command '/usr/bin/fgrep' has been replaced by a script: /usr/bin/fgrep: POSIX shell script, ASCII text executable

----------------------- End Rootkit Hunter Scan -----------------------
        • sudo rkhunter --propupd
          • This above command lets the scanner know about the current state of specific files. This process helps to avoid false alarms during scanning.
          • the result will look like 
            [root@cwpserver /]# rkhunter --propupd
[ Rootkit Hunter version 1.4.6 ]
File created: searched for 176 files, found 131
[root@cwpserver /]#
          • This will not harm your server.
        • sudo rkhunter --checkall
          • After updating the file properties, run the following command to scan CentOS to detect any vulnerabilities or rootkits.
          • This scanner runs through the system commands, network settings, localhost settings, and files to check for actual rootkits, malware, and vulnerabilities. The findings of the scan get recorded on to a log file.
          • This is the summary from the end and is only a small part of what was reported on screen
            System checks summary
=====================

File properties checks...
    Files checked: 131
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 492
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 3 minutes and 11 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

No warnings were found while checking the system.

[root@cwpserver /]#
          • This will not harm your server.
          • This does not generate an email like the cronjob does.
        • (optional) sudo cat /var/log/rkhunter/rkhunter.log | grep -i warning
          • This command will show a condensed look at the scan log.
  • Install Lynis Scan
    • Lynis is a battle-tested security tool for systems running Linux. It performs an extensive health scan of your systems to support system hardening and compliance testing.
    • Security Lynis Scan --> Install Lynis
    • Scan and read the log
  • Symlink Scan
    • A symbolic link, also termed a soft link, is a special kind of file that points to another file, much like a shortcut in Windows. In many cases, this is used by hackers to get access to other users files. This module will help you to locate all symlinks.
    • Security --> Security Symlink Scan --> Scan User
  • Restrict SSH to local network
    • Even though my server is on a NAT'ed network and I have not port forwarded the 8128 port for SSH it is a good practise to add a rule which can be altered later.
    • Edit file /etc/hosts.allow and add the line: 
      sshd: 192.168.1.0/24
    • Edit file /etc/hosts.deny and add the line: 
      sshd: ALL
    • Goto the dashboard
    • Restart SSH Server
  • Restrict FTP to local network
    • Even though my server is on a NAT'ed network and I have not port forwarded the 21 port for FTP it is a good practise to add a rule which can be altered later.
    • Edit file /etc/hosts.allow and add the line: 
      ftpd: 192.168.1.0/24
    • Edit file /etc/hosts.deny and add the line: 
      ftpd: ALL
    • Goto the dashboard
    • Restart SSH Server
  • Change SSH to use keys and not passwords (optional)
  • Enforce HTTPS on Webmail and User Cpanel
    • Cpanel and Webmail (no ports)
      • cant figure it out
    • Webmail (port 2095)
      • Edit the file 
        /usr/local/cwpsrv/conf.d/webmail.conf
      • Uncomment the following section (not the title though)
        # Disabled forced ssl, uncomment if you want to force ssl
#if ($host != "localhost"){
#    return 301 https://$host:2096$request_uri;
#}
      • Save the file
      • Goto the dashboard
      • Restart the Server (because this is the CWP Apache server, not the client facing one)
  • Login Brute Force Protection
    • Security --> User Login Security --> Configurations --> Configuration and settings for blocking and user session initiation
    • Active: Yes
    • Failed Attempts: 3
    • Suspend for: 5 Min.
    • Blocking by firewall: Ticked
  • Make MySQL stronger
    • Current password length is 12 characters and I want 16 charaters
    • Open terminal with root permissions
    • Run 
      sh /scripts/mysql_pwd_reset
    • Enter a new root password only using 'a-zA-Z0-9' to prevent script issues.
    • check the root password has changed with 
      grep password /root/.my.cnf
  • If the CWP panel is open you will now get this error and MySQL permmissions will need fixing in the next step.
    Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/resources/admin/include/functions.php on line 0

Warning: mysqli_connect(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0


Trying to start mysql server, please wait!
Try to restart CentOS Web Panel with command: sh /scripts/restart_cwpsrv

**Check your MySQL root password in: /usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php and /root/.my.cnf


Warning: mysqli_error() expects exactly 1 parameter, 0 given in /usr/local/cwpsrv/htdocs/admin/admin/index.php on line 0
Could not connect:
  • To Fix the error above open up a terminal with root privilages (taken from here How to Reset and Recover MySQL or MariaDB Root Password on SystemD Linux | Mystery Data 
    • systemctl stop mysqld
systemctl set-environment MYSQLD_OPTS="--skip-grant-tables"
systemctl start mysqld
mysql -u root
    • Run these MySQL commands - change MyNewPassword with the password from earlier
      mysql> UPDATE mysql.user SET authentication_string = PASSWORD('MyNewPassword') WHERE User = 'root' AND Host = 'localhost';
mysql> FLUSH PRIVILEGES;
mysql> quit
    • Run these final commands 
      systemctl stop mysqld
systemctl unset-environment MYSQLD_OPTS
systemctl start mysqld
    • Test your password works with 
      mysql -u root -p

Notes

Create a secondary user

This is a safety measure so if the root account gets comprimised you can still get in with this account.

  • Open up the CWPpro terminal (or SSH)
  • Run the command 
    adduser backupuser
  • Now assign a password to the user by using the command 
    passwd backupuser

Notes

 

 

Monitoring (Watchdog)

  • Services Monitoring (for initd services)
    • Services Monitor will automatically restart off-line services and send an email notification.
    • Services Monitoring (systemd services) is required for this to work.
    • Services Config --> ServicesMonitor (init)
    • Enable: Yes
    • Email notifications to: youradmin@mydomain.com
    • Check every: 15 mins (some people might want this to be set to 5 mins, you can change it later if you want)
    • network / Exit status: 0 :: I dont know what this is so I will leave it unticked.
  • Services Monitoring (for systemd services)
    • Services Monitor will automatically restart off-line services and send an email notification.
    • This is good becasue failed services will get restarted automatically.
    • Services Config --> ServicesMonitor (systemd)
    • Enable: Yes
    • Email notifications to: youradmin@mydomain.com
    • Just use the list below or your prefered selection:
      • amavisd.service    (If you enable the option AntiSpam/AntiVirus in Postfix, this setting is irrelevant)
      • clamd.service    (If you enable the option AntiSpam/AntiVirus in Postfix, this setting is irrelevant)
      • crond.service
      • csf.service
      • dovecot.service
      • httpd.service
      • lfd.service
      • mariadb.service
      • opendkim.service
      • php-fpm74.service
      • php-fpm80.service
      • postfix.service
      • pure-ftpd.service
      • spamassassin.service    (If you enable the option AntiSpam/AntiVirus in Postfix, this setting is irrelevant)
      • sshd.service
  • Monitoring via Monit
  • Netdata Service Monitor (5-20% CPU, RAM? not sure)
    • (Graphs --> Netdata)
    • Please note that Netdata is high resource demanding for low-performance servers, we recommend installing only on the servers with multiple CPUs and memory 4GB+
    • Don't install this on low power servers. It is not a monster but does need feeding.
    • Netadata does take a while to install.
    • It is run outside of the cpanel so is like a seperate Website.
    • Designed by system administrators, DevOps engineers, and developers to collect everything, help you visualize metrics, troubleshoot complex performance problems, and make data interoperable with the rest of your monitoring stack.
    • Netdata’s distributed, real-time monitoring Agent collects thousands of metrics from systems, hardware, containers, and applications with zero configuration. It runs permanently on all your physical/virtual servers, containers, cloud deployments, and edge/IoT devices, and is perfectly safe to install on your systems mid-incident without any preparation.
    • How to update Netdata In CWP Control WebPanel Centos/RHEL/Ubuntu/Debian | Mystery Data
    • Not sure what most of the metrics are so I will probably uninstall this until I do.
    • You can potentially measure these metrics from the Netdata Cloud which also seems to be free.
    • If your server is not running this then potentially it might be more responsive.

Branding

  • Upload a logo
    • (User Accounts --> Features,Themes,Languages --> Branding)
    • Browse and upload your logo.
    • The logo will appear on dark and light backgrounds and this can be seen on the client login page (light background) and then once in the clients cpanel (dark background).
    • The logo will be automatically renamed.
  • Set Servers default website to a blank page
    • server.mydomain.com actually has a website and the files are located at /usr/local/apache/htdocs/ 
    • This default site is possibly used for other things on the server and might get refreshed during an update wiping any of your changes.
    • The reason we do this is because we want to brand our default templates to look more professional and a few technical people will always go and have a look what is running.
    • You can use a completely branded HTML page but I thing for the server a blank one is better and quicker to do.
    • Backup the file /usr/local/apache/htdocs/index.html (rename it orig-index.html)
    • Edit /usr/local/apache/htdocs/index.html and replace the content with the following code 
      <html><body bgcolor="#FFFFFF"></body></html>
    • NB: The default apache web server IP is set here /usr/local/apache/conf/sharedip.conf
  • Custom Account Templates
    • Custom Account Templates - Control WebPanel Wiki
    • Suspended Account Template - The default template is ok and can be left.
    • New Account Template - I will replace this with a fully branded holding page.
    • New Domain Template - I dont know what this is for.

      I will replace this will a blank index.html
      <html><body bgcolor="#FFFFFF"></body></html>
    • New SubDomain Template

      I will replace this will a blank index.html - A subdomain does not need a fully branded holding page.
      <html><body bgcolor="#FFFFFF"></body></html>

Updates

  • CWP
    • CWP updates itself automatically but you can force this by clicking on the `CWP Update` button on the dashboard.
  • Dependencies (Yum/rpm)
    • I dont think these update automatically but you are warned stuff is out of date.
    • Server Settings --> Yum Manager --> Updates List --> Update All

Configure CWP (Notifications and Alerts)

We need to configure CWP to send error notifications and unless you know where to click this can be hidden.

  • Click on the Bell icon
  • This will now take you to the 'Notifications and Alerts' page with some messages, ignore these for now.
  • Click on 'Click here to Edit Settings and Email Alerts.' (at the top of the messages.) to take you to the 'Notification Settings' page.
  • Configure and save the following settings
    • Email for Alerts = send@theemailhere.com
    • Sender email (server name recommended) = notification@server.mydomain.com
    • Info = Checked
    • Warning = Checked
    • Danger = Checked
    • Notification Template = 
      You've received a new %level% notification: %subject%

Here are the details:

%message%

%url%
  • Now we get to the messages that you saw just before.
  • The blue ones are just notifcation messages pointing you to look at the logs and unless you really want to just click on the cross for each of them and dismiss the message.
  • The orange messages
    • are warnings and you should read each message, click on the link and correct the error as advised. Once you have corrected the error, dismiss the message.
    • Depending on when you process these messages you might find that you have more messages to process or for each warning you have already corrected but just not yet dimissed the message which you can do now.
    • The default orange error messages shown above should all of been corrected during this tutorial.

Client Backups

It should be noted that currently CWP does not manage backup retentions (i.e. it does not delete any backups so they will keep growing in number). See the notes below for solution.

  • Disable the Old Backup system
    • This is now a legacy script but is stable. It appears only to do User Accounts.
    • CWP Settings --> Backup Confifguration --> Manage Backups --> Enable Backup: No
    • Click `Save Changes`
    • Delete files and folders in /backup
  • Enable the new backup System (You can setup multiple backup jobs all with different options.)
    • CWP Settings --> NEW Backup (beta)
    • Start filling in the settings below to create new Backup job.
    • User Accounts
      • Packages: Select all of the packages (easier to manage)
    • Features and settings
      • Select all options
    • Destination:
      • I recommend you set up an external SFTP/FTP/SSH File server to deposit the backups on. It must be a seperate computer/NAS/Device otherwise it is pointless.
      • FTP Server or SSH server
        • Fill the details in of you remote server (this assumes you have built one, but is not covered here)
        • Select Compress Backup
      • Local file or directory
        • Will only be good for restoring individual client data and not disaster recovery.
        • Backup Destination: /newbackup/
      • Temporary Directory: /home/tmp_bak/
      • Backup Level: Compressed
    • Frequency and Execution
      • Execution Schedule: Daily Backup
      • Frequency Details: Everyday
      • Notifications: When you finish homework, To the Server Administrator
      • These are my initial settings so you know that the server backup is working correctly. Reduce/change the frequency later if you wish.
  • Set the backup schedule
    • CWP Settings --> NEW Backup (beta) --> Scheduled --> Scheduling the Execution of your Backup --> Hour: 02, Minutes: 00
    • Most of the servers crons will of finished by now and the traffic and load on the server will be low.
  • Enable the backup jobs
    • CWP Settings --> NEW Backup (beta) -->Backup Settings
    • Click on the `Off` button to enable each backup job you want

Notes

  • Old Backup System / Backup Configuration / Manage Backups
    • it backs up all of the user account's public html and settings in one folder /backup/daily/[username]/
    • All MySQL (not sure about MongoDB and PostgreSQL) are dumped to /backup/mysql/daily/
    • These (I think) are replaced by the next run of the backup script.
    • The backups are just of the user account Home directory and all MySQL databases on the server.
  • Backing up Locally
    • only good if a user breaks their site. if the server fails thene these local backusp will be usefless
    • increased wear on your SSD
    • fills up your HDD on the server quick
    • You need to monitor it
  • New Backup / New Backup (beta) Backup Tool
  • Full Server Backup
    • Occasionally you should shut the server down and do a full backup of the VM. You cannot just backup the server when it is on because of the live services within it might get corrupted (Virtual Machine Quintencence)
    • I use Veeam Agent to do a full host server backup. All VM machines must be powered down when running this
  • New and Old Backup system do not have backup retention management
  • Backup and Restore | Control-WebPanel Documentation
  • Create/restore backups in CentOS Web Panel - PlotHost - For end users

Cron / Anacron /  Cronjobs

This is Linux's version of scheduled tasks (for us Windows users) and there are 2 pages that currently allow you to configure them throught the GUI. They both work on the same dataset which is confusing and hopefully these pages will get merged.

  • (CWP Admin --> Server Settings --> Crontab for root)
  • (CWP Admin --> Server Settings --> Crontab for users)

Check the time they run

I would have my crons run late at night probably after my backups. You check the time fit in with how you run your server and if you ar enot sure just leave themas they are for now.

You dont want you SSL certificates to be getting updated while your backups are running. You server wont die, but why cross the streams :) when you dont have too.

Silence is Golden (optional)

I prefer to make all of the cronjobs quite, they will email me if there is an issue but generally you dont need an email saying they have been run. To fix this you add > /dev/null at the end which sends the output to a null device where it dies.

/usr/local/cwp/php71/bin/php -d max_execution_time=18000 -q /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_all_domains.php

to

/usr/local/cwp/php71/bin/php -d max_execution_time=18000 -q /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_all_domains.php  > /dev/null

Do this for all of the cron jobs yopu want to be quiet. This will not them stop them sending emails if that is what the script does, just the notfication of them running.

Editing Default Cronjobs (in the GUI)

After setting up the server these should be the only cronjobs present. You will find that sometimes after an upgrade or installing a plugin you will get more cronjobs, sometimes duplicates and in which case you should remove the appropriate one.

Notes

Backup Server Settings

CWP does not have a specific mechanisim for backing up the server settings so I will add what I find here and wil post a feature request with CWP.

Please note this section is not complete.

  • Custom Account Templates
    • /usr/local/cwpsrv/htdocs/resources/admin/tpl/ 
  • Company Logo
  • CWP Databases:
    • (CWP Admin --> SQL Services --> phpMyAdmin)
    • root_cpmigrations
    • root_cwp databases
  • DNS Zone Templates
    • /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/default.tpl
    • /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/custom.tpl
    • /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/
  • DNS Zone File Backups (these are created manually and are not the live ones)
    • /usr/local/cwp/.conf/backups/var/named/
  • php.ini (all versions)
  • my.cnf
  • Doevecot/Postfix/Spam assassin and other email stuff
  • Crons (only custom crons)
    • /var/spool/cron/
    • /var/spool/cron/root    These are in the CWP GUI.
    • /var/spool/cron/[other users]   ? Are they stored in the clients accounts when they backup? These are in the CWP GUI.
    • /etc/crons.d/   
    • /etc/cron.hourly/
    • /etc/cron.daily/
    • /etc/cron.weekly/
    • /etc/cron.monthly/
  • CentOS Web Panel Mailserver Installer
    • SSL Cert file location /etc/pki/tls/ private¦certs

Backup the Virtual Machine

This is an additional step I do and is one of the reasons I like windows.

  • Get an external USB HDD (you can use a network location if you want)
  • Shutdown all running VMs
  • Install Veeam Agent for Microsoft Windows FREE
  • Create/Edit a backup job (I will leave the exact options to you)
  • Run the backup.

Notes

  • This backup method will not work correctly if the VMs are running
  • Only changes are backed up so the process can be quite fix after the initial run.
  • If using a USN drive I highly recommend you look at the settings
    • When backup target is connected
    • Eject removable storage once backup is completed
  • The Veeam software is great for doing a backup of your Windows computer.

Create a Test VM

Create another VM with the exact same settings except different name, different credentials, different NAT IP and use a Dynamic Disk as you dont need performance. You can then use this for testing and playing with settings that you dont understand (like me) without harming you main server.

  • Power down your Production/Live CWP server VM.
  • Do a Full Clone of the VM
  • Boot the new development VM
  • Change the IP address
    • Follow the instructions above, search for  'Change Server NAT Local IP after the initial installation'
    • If you dont this will cause conflicts with your real CWP server (see change NAT ip after ... above)
  • Change the server's hostname
    • (Server Settings --> Change Hostname) = testserver.mydomain.com
  • Delete the old servers DNS zone which is probably =  server.mydomain.com.db
    • (DNS Functions --> List DNS Zones --> Delete Zone)
  • Change the password of the root account
    • (Server Settings --> Change Root Password)
  • Change the MySQL root password
    • Open up the CWPpro terminal and run the following command 
      sh /scripts/mysql_pwd_reset
  • Change any Emergency user accounts you have created.
    •  From the terminal as root, run the command for each account (these are not the website accounts)
      passwd <username>
  • Delete any client accounts in this development site as you dont need to be running these except on the live site.
    • Except the leave the user account that has your domain 'mydomain.com' as you might need this for testing.
  • Change name servers to 192.168.1.11 your NAT Local IP
    • (DNS Functions --> Edit Nameservers IPs)
    • Not sure this is right but the server cannot talk to the outside world anyway.
  • Power down the testserver
  • (optionaly) Convert the VDI to a Dynamic Disk to save space.
  • You can now power up both VMs up at the same time.
  • In testing, Snapshots are your friend and prevent hours of work trying to fix something you broke. On a test server I would always use these to test changes but I am not sure if they are safe on a Production/Live server.
  • Dynamic disks will continue to grow over time but can easily have the space recovered by running a VirtualBox command.
  • Changing passwords so they dont match the old server is to prevent you from accidentally logging in to the wrong account on the wrong server.
  • You might want to turn off all the admin emails off if you are leaving the test VM on for a while

Final Thoughts

The initial configuration is completeand I wish you well. As I learn more I will update this article. Keep reading to the bottom as you might find answer to common issues.

These instructions have taken me a long time to put together and I am not a Linux professional so pleases bear that in mind when reading this. If you notice any issues or mistakes please let me know and at some point I will tidy it up.

 

Other Configurations

These settings, configurations and notes have not made it into the main tutorial but are worth a read.

Things not installed or started

  • Team Speak 3 Manager
    • It is no longer supported.
    • It is removed from the menu system.
  • NodeJs
    • An open-source, cross-platform, back-end JavaScript runtime environment that runs on the V8 engine and executes JavaScript code outside a web browser
    • WebServer Settings --> Node.js Manager
  • Apache Tomcat
    • A free and open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and WebSocket technologies. Tomcat provides a "pure Java" HTTP web server environment in which Java code can run.
    • WebServer Settings --> Tomcat Manager
  • Ioncube
    • This is for the user account facing Apache, not CWP.
    • PHP Settings --> PHP Addons --> Install IonCube Loader --> Install
  • PHP PECL extensions
    • PECL stands for PHP Extension Community Library, it has extensions written in C, that can be loaded into PHP to provide additional functionality.
    • PHP Settings --> PHP PECL extensions
  • FFMPEG
    • For Video streaming websites. A free and open-source software project consisting of a large suite of libraries and programs for handling video, audio, and other multimedia files and streams.
    • PHP Settings --> FFMPEG Installer
  • PostgreSQL
    • A free and open-source relational database management system emphasizing extensibility and SQL compliance.
    • SQL Services --> PosgreSQL Installer
  • MongoDB
    • A source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas.
    • SQL Services --> MongoDB Manager
  • ShoutCast Manager
    • By installing Shoutcast server you will create a linux shoutcast user which will be used to run shoutcast servers.
    • Plugins --> ShoutCast Manager
  • Site.pro
    • A Paid for website builder.
    • Plugins --> Site.pro
  • Softaculous
    • A commercial script library that automates the installation of commercial and open source web applications to a website.
    • Script Installers --> Scripts Manager
  • Sitepad
    • A drag and drop website builder (from Softaculous)
    • Script Installers --> Scripts Manager
  • WHMCS Integration

User Email Accounts

When setting up an email account in an app uses these settings (Based/Tested in Outlook 2019)

  • My outgoing server (SMTP) requires authentication: ticked
    • Use same settings as my incoming mail server: selected

You should always use a secure port for your SMTP. Each port has different options it will accept

  • 465 (Preferred)
    • None = Does not work
    • SSL/TLS = Works
    • STARTTLS = Does not work
    • Auto: Does not work
  • 25, 587
    • None = Works
    • SSL/TLS = Does not work
    • STARTTLS = Works
    • Auto: Works
  • 26
    • Not enabled by default but should be the same as (25, 587)

cPanel Account Import / Migration

  • cPanel Compatibility - Control WebPanel Wiki - This has links to everything you need to know from using the new CWP and migrastion cPanel accounts.
  • cPanel Account import
  • Single cPanel account import
    • How To Migrate a User From cPanel To Centos Web Panel - Worth a look.
    • Created a full backup on my cPanel server which I downloaded to my desktop.
    • I uploaded the cPanel backup to my CWP server /home using SFTP over SSH
    • User Accounts --> cPanel Account Restore
      • Account Import: The file you just uploaded
      • Associated Package: Choose something relevant
      • Tick all boxes (except the fast import one if on a slow server)
      • Click `Import`
    • The password is maintained.
  • Why my sites did not work after importing from a cPanel backup or I a warning, Forbidden: You don't have permission to access this resource.

    • Cause(s)
      • Mod Security need to be configured correctly.
      • Name Servers are wrong
      • DNS Zones need to be setup correctly.
      • SSL Issue
        • My demo sites on cPanel had the HSTS header added by the W3 Total Cache which is then cached by the browser.
        • CWP did not automatically create the SSL certificates
        • Google chrome will not allow you to load sites with mis-configured SSL certificates and there is no override option.
      • php.ini and .user.ini issues
      • CWP or something else got mixed up.
    • Solution(s)
      • Mod Security
        • Check you are using Comodo rules (not OWASP)
        • Check the Mod Security logs for blocks.
          • Mod Security (per domain logs, replace DOMAIN.COM) 
            /usr/local/apache/domlogs/DOMAIN.COM.error.log
          • I found the lack of a favicon.ico was causing things to get blocked.
      • Name Servers
        • Check they are pointed to server.mydomain.com (You don't have to do this if you change the A records properly)
      • Check the DNS zones for the account
        • DNS Functions --> List DNS Zones --> Check All Zones
        • CWP wiil then show the relevant IP which the zone point to.
        • The domains zones must be pointing at your server correctly.
      • Manually install the SSL certificates from Letsencrypt
        • WebServer Settings --> SSL Certificates
          • Add CWP service subdomains onto the primary domain
          • Do the other domains/subdomains
      • Run the permissions tool:
        • User Accounts --> Fix Permissions
        • Select the imported cPanel account
        • Tick the following
          • Fix Permissions
          • Internal Server Error
          • Remove AddHandler
        • Click `Fix Selected Issues`
      • php.ini and .user.ini
        • You might have erroneous php.ini and .user.ini files from the old server that have not been modified or deleted as needed that need deleting or editing in the user account's files.

How to use the PHP selector

  • add notes here
  • Cane be done either in the user panel or admin
  • if default is it using the seerver default with no-fpm,
  • how do i remove the selection, just delete the htaccess

Notes

  • PHP-FPM
    • PHP-FPM selector changes it for the whole domain/subdomain
    • PHP handler is not set in htaccess file (only for php-fpm and default cgi)
  • PHP-CGI (standard)
    • is on a per folder basis unless not specified and the server default version is used
    • AddHandler (in htacces) is for PHP-CGI only
  • default option is shown perhaps becasue I do not have a php-cgi verion installed and I have not forced php-fpm (see video)
  • Default Version
    • once you have selected a PHP version you cannot go back to server default
  • If you have lots of clients I dont think forcing PHP-FPM is the best. Only choose this option if you are doing your own stuff. You can always manually PHP-FPM for specific user accounts.
  • PHP Selector | Control-WebPanel Documentation - Instructions for users and their control panel.
  • How many php versions I can run on the single server - Control WebPanel Wiki - The admin side of the selector. This includes setting options and rebuilding.

Configure Network Devices to be on the same Local Domain (OpenWRT) (optional)

I want all of my local devices to be registered on the same local domain (mydomain.com) as my CWP server (server.mydomain.com) so I can ping and connect to devices on my network using FQDN (eg: device.mydomain.com). This can make my network administration a lot easier and I can pretend that my network is a full domain of computers on the internet. This is not the same as Microsoft Active Directory / Windows Domain but will do for me.

My Choice

Because I am running a webserver which controls DNS zones it is best to leave it doing that role. This setup will prevent duplicate entries in the mydomain.com DNS zone and the OpenWRT hosts file.

  • Change the Local domain to mydomain.com
  • Leave Local server as /lan/ which allows OpenWRT to poll my mydomain.com DNS zone.
  • I will add my public facing servers and devices into the mydomain.com DNS zone so they can be access via a FQDN both remotely and locally.
  • For devices I need to access via a FQDN locally(private) I will use the Hostnames feature in OpenWRT.

Configure the Device Domain Suffix (Local domain)

I am running OpenWRT on my router and it currently adds the configured DNS suffix (.lan) on to the end of each registered device's hostname (device.lan). Device hostnames are automatically registered with DHCP in the Active DHCP Leases and can be manually added via Static Leases. Both these lists combine to make single list of FQDN that the router uses for routing traffic.

The instructions below will change the registered hostnames to belong to .mydomain.com giving the format device.mydomain.com when registered instead of device.lan

  • Login to your OpenWRT router
  • (Network --> DHCP and DNS --> General Settings --> Local domain) = mydomain.com
  • Restart your router

Notes

  • Local domain = suffix appended to DHCP names and hosts file entries
  • default = lan
  • This does not make any changes on the device such as the device's name and is purely for OpenWRT and it's routing.
  • When you ping a device by FQDN you request the IP of the FQDN from the configured DNS server, in this case OpenWRT, which will send back the registred IP address of the device just as if you were looking up www.bbc.co.uk and doing an external DNS lookup to a remote DNS server.
  • You can use Static Leases to manually assign a DHCP address but for what I am doing, this is not needed and I prefer all of my static devices to have an IP so when they are away from my network I can still access them over temporary networks etc.. for diagnostics and other such things.
  • You will notice in the lists only the hostname is shown which is normal.
  • A fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the internet. The FQDN consists of two parts: the hostname and the domain name. For example, an FQDN for a server might be device.mydomain.com , The hostname is device and the host is located within the domain mydomain.com.
  • When a device does a DHCP request it only sends it's hostname unless the FDQN option is specified which is probably never going to be enabled in a default setup.
  • Difference between Hostnames and DHCP hostnames - Installing and Using OpenWrt - OpenWrt Forum
  • IPv4 and IPv6 Advanced DNS Tab - This explains all the options in the Windows Network Adapter IPv4 and IPv6 Advanced DNS Tab.
  • Don't put local IP address in you mydomain.com DNS Zone as this could be a security risk.

Devices with Static IPs need adding to OpenWRT hosts

OpenWRT has no information or interaction with devices that have static IP addresses because it simple does not know about them.

To remedy this there are 2 ways of doing this:

Hostnames (preferred)

  • Goto (Network --> Hostnames)
  • Add a Hostname
    • Hostname =  device (hostname) or device.mydomain.com (FQDN)
      • If there is not domain, only a hostname then OpenWRT will append the DNS Suffix .mydomain.com
    • IP address = 192.168.1.x (Local IP address)
    • You can also use public IP addresses and they will also route as appropriate.
    • If you pick your WAN IP (and assuming the forwarding rules are inplace as shown above) then that traffic will be subject to NAT lookback and be forwarded to your webserver.
    • OpenWRT will not append a DNS Suffix to these entries.
    • Hostnames are stored in /etc/config/dhcp and look like:
      config domain
	option name 'device'
	option ip '192.168.1.99'
      or 
      config domain
	option name 'device.mydomain.com'
	option ip '192.168.1.99'

Static Leases

Static Leases are the ability to use the DHCP system to give the same IP address to the same machine which effectively makes them statics with less configuration at the clients end and more control by the admin, however it does requires some setup work.

  • Goto (Network --> DHCP and DNS --> Static Leases)
  • Click Add
  • Fill in these fields only

    • Hostname = device
    • IPv4 = 192.168.1.x
    • We only use the devices hostname (device) not it's FQDN (device.mydomain.com) because OpenWRT will append the domain suffix for us.

Some of you will be saying how does OpenWRT know which device to assign the IP too because I have not set it, well it doesn't. What I have here is just created a host entry that will allow the correct routing but the IP will never be dished out over DHCP. This is more of a hack I discovered. You can use the Static Lease as it was intended by just adding in the following further information (assuming IPv4 only) into the entry.

  • MAC-Address
  • Lease time

Route all traffic locally (Local server) (optional)

This option tells OpenWRT that hostnames belonging to this domain (.lan) are never forwarded and are resolved from DHCP or hosts files only. So this means unless your device is on DHCP, has a Static Lease configured or an entry in OpenWRT Hostnames then no traffic will be routed to it because OpenWRT will not do any external DNS requests and when I say external I mean outside of the router itself, it will purley use these 3 sources for lookups.

The purpose of this option is to prevent unnecessary traffic going upstream and reduce the load on your infrastructure.

These instructions will change the Local server from .lan to .mydomain.com

  • (Network --> DHCP and DNS --> General Settings --> Local server) = /mydomain.com/
  • Restart your router

Notes

  • Local domain = Names matching this domain are never forwarded and are resolved from DHCP or hosts files only.
  • default = /lan/
  • If server.mydomain.com stops resolving after changing this option, it is probably because you only had the device/server configured in the mydomain.com DNS zone which is no longer queried when the domain DNS lookup matches mydomain.com
    1. Add a static Lease for server.mydomain.com
    2. Revert the option back to /lan/ so your domain traffic it handled by NAT Loopback which is part of the CWP (All Ports / LAN Only) rule.
  • If you are running your own webserver that handles the .mydomain.com DNS zone such as CWP server then you should not use this feature. If you do use this you will have to manually enter all hostnames found in your CWP .mydomain.com DNS zone (mail.mydomain.com/cpanel.mydomain.com/www.mydomain.com/etc...) into the OpenWRT Hostnames which is duplication and extra hassle. The NAT Loopback rules employed earlier on will stop the traffic going upstream anyway (it will go into the WAN zone and straight back for you nerds out there).

Change a Windows PC's 'Primary DNS Suffix' (optional)

Do not do this on laptops etc.. if you are going to move above between sites.

As mention above OpenWRT will add DNS suffixes on to the DNS Hostnames to give a FQDN but will not change the computers actual name.

What we are going to do here is a add a Primary Domain Suffix to our Windows PC but this is also not changing the PCs name. Windows has a normal computer name (NetBIOS) that we can add a domain suffix onto it. If you want to change the computer name on your Windows PC it is just as normal (not discussed here)

I cannot think of a reason why I would want to do this on a Windows PC except so SSL/TLS certificates could be issued and then when you use Remote Desktop the computer names match. However for reference I am going to add the instructions here just incase I change my mind.

  • On your Windows PC goto (Control Panel --> System --> Advanced System Settings --> Computer Name --> Change --> More)
  • 'Primary DNS suffix of this computer' = mydomain.com

    • 'Change primary DNS suffix when domain membership changes' - This is already checked and I think it is more to do with Active Directory so can be left as is.
    • Adding a suffix here does not break DHCP registration. OpenWRT still sees this device as device.mydomain.com because only the hostname is sent with the DHCP request.
    • If you choose a different suffix on the Windows PC to that of your OpenWRT/CWP domain (mydomain.com) then the Windows PC will seen 2 FQDN. One defined by OpenWRT and one defined manually on th Windows PC, so my advice is don't bother doing this, keep the domains the same.
    • Windows original just ran on NETBIOS and so a lot of its stuff is based around that. This is why you have to add 'Primary DNS Suffix' in this way rather than just changing the computer name whereas as in linux your computer name can just be a hostname or a FQDN.

Change Linux computer name (optional)

Do not do this on laptops etc.. if you are going to move above between sites.

I am not an expert on linux but you when you sent the computers name you can either set device or device.mydomain.com and I assume that it will only send the host name in a DHCP request as Windows does above. So you again have the option to set just a hostname or a full FQDN.

Same FQDN for Local and Internet Access (optional)

One of the major benefits of this is that I can use the same FQDN to connect to my devices on my local network as I can when I am in the office at work. Great for CCTV and media servers.

Do NOT add non-public devices to DNS zone for security. Only use Static Leases.

You need to do the following for this to work:

  • Add an A record in to your domain (mydomain.com) pointing to your public IP (13.13.13.13).
  • Configure port forwarding to send the traffic from the WAN to the selected local device's IP address (192.168.1.x).

Default URLs

Useful Notes

 

Questions/Bugs/Features for the Forum

Links

Questions

  • what is the CWP subdomain for? is this a fault?
    • WebServerSettings --> Apache Redirects
    • Redirects info: http://any-domain.com/cwp will be redirected to the CWP control panel login.
  • The CWP forum does not have a HTTPS cert
  • Do other subdomains (not mail, cpanel, mail, webmail)?
  • centos cwp shows a swap file monitor but this system does not have one. do i need one or is it all in ram becasue it shows 4GB?
  • how do i change the PHP version on mass for all user accounts?
  • how can i edit eveyones zone template to make changes (GREP ?)
  • a script to edit everyones htaccess file (GREP ?)
  • did i need to create the user 'user' when setting up CentOS, should I have just left root? delete the shoulders account if not needed.
  • When you click on CWPPro terminal for the first time it installs the terminal. I dont know what the difference is between the terminals. the pro one might have Root privilages and be just like a normal terminal.
    I need a description
  • is cgroups still faulty? (asked here Cgroup In Package Creation Question)
  • does port 26 need to be opend up. = nope
  • how to force https on cpanel and webmail
  • Enforce SSL/HTPPS/TLS for all postfix connections, how to?
  • Enforce SSL/HTPPS/TLS for all Dovecot connections, how to?
  • in the CentOS install wizard, should i keep KDUMP enabled?
  • how do i add aditional SANS to my sub domains SSL?
  • how do i change my primary domain on a client account?
  • how do i update centOS? is this needed?
  • is cwp multicore aware? - i think i looked into this and it is because of centOS
  • how do i configure amavis + clamav? where are the configuration files, they are not accessible via the GUI.
  • my CWP server has many different boot options in the boot loader when it turns on. they seem to be different versions.
    • how do i get rid of them?
    • is this a bug? in CWP or CentOS?
  • my.cnf is empty? is this a bug?
  • ClamnAV
  • SELinux
  • Monit
    • I need more information on what tasks/actions should be installed and what they do.
    • Is there a list of what these scripts do somewhere? documentation?
    • i need to update my notes when i find out more info
    • feature: in the configuration files the ability to read the script files that have not been installed. i appreciate they have to be readonly until installed
    • the configuration files included with cwp should have some documentation about what they do
    • recommendations on what configuration files to install
  • InnoDB/Database
  • Cannot enforce HTTPS on cpanel.mydomain.com - this should be done in the GUI
  • i dont always have to put in the root/password in the CWPPro terminal. Where is it storing the root info? is this safe? this should not be persistent between server reboots or Browser sessions. Can this be clarified as safe or bug?
  • Cron
    • Are CRONs stored in the clients accounts when they backup?
    • Where is the cron for the freshclam update? probably in anacron
    • Why are the autossl crons in the GUI and not in a file in /etc/cron.d/ do you want these to be user editable?
    • freshclam is still updating when clamav is disabled, these should be linked?
    • Duplicate CWP root CRONs - My quetion abput the duplicate crons I have
  • Where dos the (MySQL Manager --> Settings) store these configurations because it is not in the my.cnf file? Are they persistent or just stored in RAM?

 

Feature Requests - CWP Suggestions (Forum)

  • SPF and DMARC should have an edit tool (feature request)
  • MySQL terminal
  • easier way to reset MySQL root password becasue the default password is too short.
    • is this doen by script?
  • have monday as the first day in the week
  • be able to add a custom name to backup jobs (in the new manager)
  • in the file manager I would like to freetype the file location to speed navigation up
  • currently the default setting for letsencrypt renewal time is 28 days, letsecyrpt recommends 60 days
  • filemanager on copy files, folders and files should have separate icons or a way of knowing what the asset is, currently you cannot tell the difference between files and folders
  • filemanager - no refresh button - useful when working with ftp aswell
  • download account backups, i should be able to download the backup by clicking the link like cpanel.
  • easy button to backup CWP server settings
  • Cannot remove ClamAV, Amavis & Spamassassin individually. should be able to select these seperately
    • ClamAV is used as the account sanner in the 'sEcurity Center'
    • ClamAV does the mail and the home directory. However if you uninstall it in the postfix rebuild then ClamAV is not available to scan client home directories.
    • ClamAV: this should not be an option in Postfix becasue it scans homedir aswell
    • the virus scan page is still avaiable in the client panel but just causes an error
    • How to free space like uninstall ClamAV, AMaViS, etc.
      • also you can check more detailed your disk usage by using cwp disk_details module, it has per folder usage. 
        IP:2030/admin/index.php?module=disk_details
    • 'ClamAV, Amavis & Spamassassin, Requires 2Gb+ RAM'
      • It installs ClamAV and AmaVis if not present and will possibly update them aswell.
      • This option stops/starts  the related servicesthem on install/uninstall
      • I am sure does some PostFix configurations.
      • This script does not uninstall ClamAV or Amavis.
      • If this option is enabled then the services amavisd.service, clamd.service, spamassassin.service are started when the server boots and if you manually stop them they will restart irrespective of their configuration in systemd. So they must be defined dependicies of some process this option invokes.
  • CWP changelog feed in the cwp control panel
  • All Admin pages should have a breadcrumb. This allows people to use shortcuts and newbies to find the same area at a later date easier.
  • Cannot edit root crons only add and delete via the GUI. Editing these should be allowed
  • RAM usage does not update like the cpu and diskl i/o only on a page refesh.
  • need a nice utility to look at memory usage easily
    • i have seen TOP
    • i.e AmaVis is using 200mb
    • ClamAV is using 500MB
  • an indicator after the reboot button has bee pressed so you know you have clicked it. like cpanel with a spinning thing and then when the server has reloaded the page can refresh seeing as CWP Admin session are persistent through reboots.
  • No easy backup method to backup the server settings i.e:
    • Skeleton Templates: /usr/local/cwpsrv/htdocs/resources/admin/tpl/ 
    • CWP Databases:
      • (CWP Admin --> SQL Services --> phpMyAdmin)
      • root_cpmigrations
      • root_cwp databases
    • This should be added to the Backups 2
  • account backups should have the account name in it like cpanel
  • cpanel database backups, remove the word dump from the file name
  • root_cpmigrations and root_cwp databases are using latin1_swedish_ci for their collations, this should be changed to utf8_unicode_ci or even better utf8mb4_unicode_ci.
  • CWP should have the ability to back the server settings up using the backup jobs.
  • enable HTTP2 by default
  • enable TLSv13 by default
  • Logo preview should show both light and dark previews for contect
    • (User Accounts --> Features,Themes,Languages --> Branding)
  • Remove 'cwp' subdomain from the Default DNS Zone (section above)
    • This has to be done here so all of your new accounts dont get this vestigial subdomain.
  • GreyListing feature, where is it? is it part of Postfix?
  • Ability to edit default DNS Zone templates from the GUI
    • /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/default.tpl
    • /usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/custom.tpl
  • On the article Custom Account Templates - Control WebPanel Wiki
    • the templates need explaining when they will be called on i.e. when you create new account
  • At the top left what is the load monitoring becasue there is no units and why can it be toggled?
  • When you change the hostname of the server CWP should handle the deleting of the old hostname in all appropriate records (DKIM, DNS Zones) and give a summary of the changes plud do backups of these file where needed.
  • Add a link on all pages to a proper wiki page. these could all be place holders for now
  • put the server name / domain name in big letters at the top of the dashboard so I know which server i am working on.
  • Random password generator passwords are too short and dont have any special characters in them. A way to set the parameters of the generator would be great.

 

Bugs - CWP Bug Tracking / CentOS-WebPanel Bugs (Forum, old?)

  • They says setup port26 but it is not open by default in the firewall - add this when i do email server
  • AutoSSL is not renewing CWP subdomain, bug?
  • once you have selected a PHP version you cannot go back to server default?
  • the menu collapse is inconsitent - when you click on some items the whole menu collapses which is annoying
  • The MySQL Root password changing script is broken
  • Bug: New account create and Rebuild Zone use different templates
    • New Account Zone(test.acc.db) 
      ; Generated by CWP
; Zone file for test.acc
$TTL 14400
@    86400        IN      SOA     ns1.mydomain.com. postmaster.test.acc. (
				2021070154 ; serial, todays date+todays
				3600            ; refresh, seconds
				7200            ; retry, seconds
				1209600         ; expire, seconds
				86400 )         ; minimum, seconds

@	86400	IN	NS		ns1.mydomain.com.
@	86400	IN	NS		ns2.mydomain.com.
@ IN A 13.13.13.13
localhost.test.acc. IN A 127.0.0.1
@ IN MX 0 test.acc.
mail 14400 IN CNAME test.acc.
smtp 14400 IN CNAME test.acc.
pop  14400 IN CNAME test.acc.
pop3 14400 IN CNAME test.acc.
imap 14400 IN CNAME test.acc.
webmail 14400 IN A 13.13.13.13
cpanel 14400 IN A 13.13.13.13
cwp 14400 IN A 13.13.13.13
www 14400 IN CNAME test.acc.
ftp 14400 IN CNAME test.acc.
_dmarc	14400	IN	TXT	"v=DMARC1; p=none"
@	14400	IN	TXT	"v=spf1 +a +mx +ip4:13.13.13.13 -all"
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCviXG9SqprOjF3qvN+Xo2KpXp54Fgx6CX42wLxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    • Rebuilt Account Zone (test.acc.db) 
      ; Generated by CWP
; Zone file for test.acc
$TTL 14400
test.acc.      86400        IN      SOA     ns1.mydomain.com. noreply.quantumwarp.com. (
				2013071600      ; serial, todays date+todays
				86400           ; refresh, seconds
				7200            ; retry, seconds
				3600000         ; expire, seconds
				86400 )         ; minimum, seconds

test.acc. 86400 IN NS ns1.mydomain.com.
test.acc. 86400 IN NS ns2.mydomain.com.

test.acc. IN A 13.13.13.13

localhost.test.acc. IN A 127.0.0.1

test.acc. IN MX 0 test.acc.

mail IN CNAME test.acc.
www IN CNAME test.acc.
ftp IN CNAME test.acc.
; Add additional settings below this line
_dmarc	14400	IN	TXT	"v=DMARC1; p=none"
    • Bug: Zone creation is inconsitent. There appears to be many templates but are out of sync to which data they use to build their templates with, in particular the email address that is declared on them in the SOA.
  • why is my usage in my cpanel not working. it alswyas shows 0.00 MB / 5000 MB - do i need to start something for htis?
    • another time it showed 36mb used and the account backup was 200mb+ on its own
    • client account: disk usage is not updated
  • sometimes if you let a ftp session expire, you cannot reconnect with FTP until you have killed the session via CWP
    • cannot kill session in cpanel (could be i need to add permissions)
  • view trash does not work. see themes.qwdemos.com , certainly not in firefox - double check this, i think it just shows the .trash folder but htis cannot be accessed normally and might be temproary during the filemamanger session.
         make a note of this + is there an article on trash.
  • (Email --> rDNS Checker) checks the NAT IP not the public IP
  • Every new user account creates a mysql user, even if there are no databases. this seems pointless.
  • The intial setup for cwp does not create the DNS zone for the server, it only happens after you have refreshed the server hostname. This is either a bug or by design.
  • when i logged into my secure https://cpanel.mydomain.com/  it redirected to non-secure  http://cpanel.mydomain.com/
  • The only way to removed 'Admin services' from a domains SSL is to delete the certificate. You can add additional 'Admin services' easy by clicking on the button, selecting the additional options and clicking 'Apply changes'
    • The SSL handling is a bit flaky, it is not easy to re-configure an SSL. you can add additional SAN but not seem to remove them except delete the whole thing admin services
  • Cannot delete some MySQL users via the CWP GUI but there is not issue deleting them via the SSH or phpMyAdmin
  • breadcrumbs dont work 'you are here' looks like whwere is should be at the top right but it does not work
  • Menu
    • Most pages titles on the pages do not match up with their menu name and this is confusing. give one example and say i will do the rest if it is of use
    • menus collapse inconsisten -eg: (SQL Services --> MySQL Configuration) is a great example, the mnu just collapses aafter you click, it does not stay on the same  'menu'
  • Bug/Question: do the developers look at these bugs here or is it just ofr us end users?
  • (WebServer Settigns --> SSL Certificates) the multiple actions dropdown has pre-expanded and the options below have leaked (do picture)
  • Custom Account Templates - Control WebPanel Wiki (branding)
    • This is not well written
    • The english does not make sense.
    • what does rsync -av do?
  • The logo preview does not work.
    • (User Accounts --> Features,Themes,Languages --> Branding)
  • http://wiki.centos-webpanel.com/ - needs to have https enforced but currently the https version just redirects to the http version (crazy)
  • Cron
    • The following pages need to be merge becasue it is confusing, almost like one page is a half finished project. They both load the same data. This is more a bug than a feature becasue of how confusing it is.
      • (CWP Admin --> Server Settings --> Crontab for root)
      • (CWP Admin --> Server Settings --> Crontab for users)
    • /etc/cron.d/clamav-update has MAILTO=root rather than a proper email address that I can set in the GUI
    • error: 'PHP Notice:  Undefined index: O in /usr/local/cwpsrv/htdocs/resources/admin/include/alertandautorenewssl.php on line 0'
  • on the dashboard the RAM usage never seems to refresh unless I refresh the page
  • the rkhunter daily cronjob does not send the email to the correct address and you need to
    • edit Daily cronjob /etc/cron.daily/rkhunter or /etc/sysconfig/rkhunter
    • MAILTO=root@localhost  -->  MAILTO=root
  • nameservers do not have TrustedHosts or KeyTable
    • they do get DKIM and SPF records
    • This might be normal because they will never be required to send emails
    • Add this note somewhere above in the relevant email section
  • (Email --> DKIM & SPF Manager) always shows v=DKIM1 and v=spf1 present even if they are not.
  • There is a file that should not be in the default apache template /usr/local/apache/htdocs/autoconfig.php - there should be no PHP in this place.
Published in Web Server
Read more...
Page 9 of 96