cPanelConfig - cPanel server configuration guide

Enabling passive ftp in Pure-FTPd

2009-07-17T11:15:39Z

For users that are behind a firewall it might be required that you enable passive ftp in your ftp server and client.

While enabling passive ftp in your ftp client is simple, doing so in your ftp server configuration files might be a bit tricky if you don’t know what you are doing.

This tutorial will cover Pure-FTPd, the ftp server used on most cPanel powered servers.

Here are the steps that you will have to fallow so that you enable passive FTP.

Login to your server using a ssh client
Open the Pure-FTPd configuration file in your favorite editor (I always use nano)

nano /etc/pure-ftpd.conf

Uncomment the line that starts with PassivePortRange and add:

PassivePortRange 61001 65535

Restart Pure-FTPd with the command:

service pure-ftpd restart

If you use a firewall don’t forget to allow inbound connections on the newly added ports

Before you upgrade to cPanel 11.24

2008-12-20T22:35:18Z

Before you update to cPanel 11.24 you shoud check a few things:

MySQL Root Password

———————————

With cPanel 11.24 now available, it is imperative to ensure that you have set your MySQL root password before upgrading to the latest version of cPanel. If you have previously skipped this step, you can set it now using the “MySQL Root Password” function in WebHost Manager. Failure to set a MySQL root password may cause database corruption on systems running MySQL 4.1 with InnoDB tables. Please set your MySQL root password as soon as possible to avoid any issues. Machines without a MySQL root password set allow access to any database by any user so it is imperative that a password is set as soon as possible.

If you have moved /root

——————————

If you have set root’s home directory to something other than /root, you will need to copy .my.cnf from root’s home directory to /root/my.cnf. In the future, this process will be automated.

Automated process killers

————————————

If you have a system in place that automatically kills processes taking up a lot of CPU time, you should disable them before running the cPanel update as the size of the update has triggered many of these systems. These process killers will kill updates or related process in the middle of the process and cause issues. If you have a failed update, you can force a re-update by running /scripts/upcp –force

Adding a new RBL to cPanel Exim

2008-12-04T21:45:55Z

More then a year ago, cPanel added a future to the Exim Configuration Editor for everyone to easily select from two RBLs (spamhaus.org and spamcop.net) that can be used to filter most of the SPAM that a server receives. While this has been great for most of us (enabling a RBL is a simple as selecting a check box in WHM and pressing the Save button), there are a few admins that would have liked to add additional RBLs to the list that Exim uses to filter SPAM emails. RBLs like dnsbl.njabl.org, list.dsbl.org, dul.dnsbl.sorbs.net, etc. are all considered useful by many, but not included by default.

The question is how can such a RBL be added to Exim ?
Well it’s not that hard !
First you will have to login to your server using ssh.
After a successful login:

Change directory to /usr/local/cpanel/etc/exim/acls/ACL_RBL_BLOCK

cd /usr/local/cpanel/etc/exim/acls/ACL_RBL_BLOCK

Make a copy of of spamcop_rbl and name it with the new rbl name that will be used. For exemple

cp spamcop_rbl njabl_rbl

Open the newly created file

nano njabl_rbl

Change the two “dnslists” entries to the address of the new RBL. For example the new file should look something like this for dnsbl.njabl.org

root@server [/usr/local/cpanel/etc/exim/acls/ACL_RBL_BLOCK]# cat njabl_rbl

deny message = JunkMail rejected – $sender_fullhost is in an RBL, see $dnslist_text
dnslists = dnsbl.njabl.org
hosts = +backupmx_hosts

warn
dnslists = dnsbl.njabl.org
set acl_m8 = 1
set acl_m9 = “JunkMail rejected – $sender_fullhost is in an RBL, see $dnslist_text”
[% ACL_RBL_WHITELIST %]

warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = “Increment Connection Ratelimit – $sender_fullhost because of RBL match”

drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}

Save the file
Run

/scripts/buildeximconf

That’s it you should now have the RBL added to your Exim mail server. You can off curse add as many RBLs as you like but please keep in mind that too many of them will increase the chances of false positives and can increase the general load on the server.

If you have any questions don’t hesitate to leave a comment!

Customize Apache default Success page

2008-12-03T16:00:06Z

Recently I was asked by a customer how to change the default Apache success page (the one that you see when you just type in the hostname for example). Surprisingly (or maybe not) this is not documented anywhere on cpanel docs or forums.
If you are faced with the same problem then you will be relieved to know that the solution is extremely simple.
You just have to login to your server via ssh.
Navigate to /usr/local/apache/htdocs

cd /usr/local/apache/htdocs

And finaly edit the file index.html

nano index.html

If you list the content of /usr/local/apache/htdocs you will see that you can also modify the content of other error pages that cpanel’s apache outputs.

That’s it !

If you run into any problems don’t hesitate to leave a comment.

Create a tar archive from a directory

2008-11-29T21:27:05Z

Since I started working with cPanel server I always needed to create archives from directories.
For example backing up a user’s home directory.

How can you do this? It’s not difficult at all. For exemple to backup a user home directory you would have to run:

tar -pczf rchive.tar.gz /home/USERNAME

You can read more about tar by reading it’s manual.

man tar

Happy reading !

If you have any questions don’t hesitate to leave a comment.

Enabling quotas

2008-11-29T21:16:18Z

In this article I will explain how to enable quotas on a cpanel server.
Recently I had to setup a cpanel server that didn’t have quotas enabled by default.
What is the result of a server without quotas?
Simple. All accounts will have unlimited diskspace.

How to fix this?
First of all you will have to login to your server using ssh.

You first have to edit /etc/fstab

nano /etc/fstab

Locate the line that looks something like

LABEL=/1 / ext3 defaults 1 1

Add after “defaults” the word “usrquota”. It should look something like

LABEL=/1 / ext3 defaults,usrquota 1 1

Save and exit
Remount the / partition

mount -o remount /

Now run the cpanel script to fixquotas

/scripts/fixquotas

That’s it! Now all you cpanel accounts should have a limited disk space that you setup.

If you have any questions or problems don’t hesitate to leave a message.

Setting up Wildcard DNS & Subdomains on cPanel

2008-11-20T12:22:20Z

Step 1: DNS: A Record

First we’ll need to log in to WHM. Under DNS Functions, select Edit DNS Zone. Choose the domain for the zone in which you wish to edit. Add an A record mapped to asterisk (wildcard) for the subdomain and the IP Address the site is hosted on. You likely already have A records for ftp, webmail, etc. just model this new one after those.

You should now be able to enter any subdomain on your domain, but it will not likely find your main site. So now we need to set that up.

Step 2: ServerAlias

Log in to your server via SSH and go open /etc/httpd/conf/httpd.conf (I’ll assume you know your way around linux via command line as well as vi or some other editor)

*Note: wherever you see example.com you should expect to see your domain name that you are setting up

Now, we could edit this file and make everything work, but there is a problem with that. Look at the top ofthe document and you should see something like this:

Direct modifications to the Apache configuration file may be lost upon subsequent regeneration of the configuration file. To have modifications retained, all modifications must be checked into the configuration system by running:
/usr/local/cpanel/bin/apache_conf_distiller –update
To see if your changes will be conserved, regenerate the Apache configuration file by running:
/usr/local/cpanel/bin/build_apache_conf
and check the configuration file for your alterations. If your changes have been ignored, then they will need to be added directly to their respective template files.

Basically what it’s saying is don’t edit this file directly because you’re changes may be lost.

Do a search for the domain you are adding the wildcard to. You should find the VirtualHost set up for your domain. Here is mine:

# DO NOT EDIT. AUTOMATICALLY GENERATED. IF YOU NEED TO MAKE A CHANGE PLEASE USE THE INCLUDE FILES.

ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/example/public_html
ServerAdmin webmaster@example.com
UseCanonicalName Off
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
CustomLog /usr/local/apache/domlogs/example.com combined
CustomLog /usr/local/apache/domlogs/example.com-bytes_log “%{%s}t %I .\n%{%s}t %O .”
## User example # Needed for Cpanel::ApacheConf

SuexecUserGroup example example

# To customize this VirtualHost use an include file at the following location
# Include “/usr/local/apache/conf/userdata/std/2/example/example.com/*.conf”

Notice the highlighted lines. This is where we are going to create a file. We are going to create a file at:
/usr/local/apache/conf/userdata/std/2/example/example.com/ServerAlias_wildcard.conf
(you can give it any name you want really)

*Hint: You may need to create the directories first, run this command:
mkdir -p /usr/local/apache/conf/userdata/std/2/example/example.com/

So really, you don’t need to edit anything it httpd.conf, we just needed some info.

Inside of the ServerAlias_wildcard.conf file, enter this line:
ServerAlias *.example.com

Now, you’ll need to rebuild the httpd.conf file per the instructions at the top of that file by running the following command:
/usr/local/cpanel/bin/build_apache_conf

If you open your /etc/httpd/conf/httpd.conf file again you should see that your VirtualHost for your domain as changed slightly:

ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/example/public_html
ServerAdmin webmaster@example.com
UseCanonicalName Off
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
CustomLog /usr/local/apache/domlogs/example.com combined
CustomLog /usr/local/apache/domlogs/example.com-bytes_log “%{%s}t %I .\n%{%s}t %O .”
## User example # Needed for Cpanel::ApacheConf

SuexecUserGroup example example
Include “/usr/local/apache/conf/userdata/std/2/example/example.com/*.conf”

Step 3: Restart Apache

The last step required is to restart apache. I suppose there are a number of ways to do this. As long as we are logged in to SSH, we might as well just run the command:
service httpd restart

Now, give it a try. you should be aby to access something like http://whatever.example.com and still see your main page.

Backup partition table and bootloader

2008-10-13T10:10:58Z

In this article I will be explaining how to backup the MBR record of a hard-drive.
The MBR record contains the partition table and bootloader.

Having a backup of the MBR is useful in case you want to copy data from an older drive to a new one or in case you want to restore data from a damaged drive.
How to backup the MBR record

dd if=/dev/sdX of=MBR.bck bs=512 count=1

Please note that you have to replace /dev/sdX with your actual drive. This can be /dev/sda, /dev/hda, etc.

How to restore de MBR record

dd if=MBR.bck of=/dev/sdX bs=512 count=1

Again you have to replace /dev/sdX with your actual drive.

If you also want to keep a human readable copy of the partition table you can run:

fdisk -l > part.table

I hope it helps !

Using the screen command

2008-10-09T08:09:08Z

What is the screen command?

First of all I will start by telling you what you can do using the “screen” command.
Many times as a linux sysadmin you will need to run multiple commands at once. You are probably doing this by opening multiple ssh sessions but there is a better way to do it !
Also as a sysadmin you probably had to run a command or script that is taking hours to finish like a rsync. This usually requires you to keep the ssh session open as if you close it the command or script will also be closed.

If you ever faced any of those problems then it’s probably time to learn about the screen command.

Screen – makes it possible to run multiple full-screen pseudo-terminals from one real terminal, and lets you manipulate and save your screen input and output, copy and paste between windows.

In this tutorial I will only present how you can run a command that is taking hours to complete in a screen.

First of all make sure that you have screen installed. If you don’t you can install it using yum, apt-get or any other package manager that you might have on your server.

yum install screen

Now type in:

screen

This will start a new screen for you. You could also name you screen using the -S option. Something like:

screen -S 1

In this case I named the screen “1″.

The screeen will look like any other ssh window.
You can now type in your command that you want to run.

If you want to detach from the screen and still keep the command running you can do this by pressing:

Ctrl-a d (that is press Ctrl-a, release and press d)

If you want to reatach to a screen you simply type in:

screen -r

Other options that you have when you are in a screen are:

To create a new screen:

Ctrl-a c

To switch between screens:

Ctrl-a n

And many others.

For more help on this you can use:

man screen

Hope it helps!
If you have any questions just leave a comment.

mysql execute query from console and export to csv

2008-10-09T07:11:41Z

Hello. To dump a query to csv use this:

mysql –database=database –execute=”select a from b where a>1;” | sed ’s/\t/”,”/g;s/^/”/;s/$/”/;s/\n//g’ > filename.csv