MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Development => Topic started by: fossxplorer on 2016-07-19, 11:22:46
-
When a client uses Kloxo UI to add LE cert for a domain, your scripts doesn't add a .pem file inside /home/kloxo/ssl/example.com.pem as Kloxo's Hiawatha config requires it:
[root@mail ~]# cat /opt/configs/hiawatha/conf/proxies/example.com.conf | grep TLScertFile| tail -n1
TLScertFile = /home/kloxo/ssl/example.com.pem
Also, now on another subdomain, the TLS config of Hiwatha seems totally wrong:
[root@mail ~]# cat /opt/configs/hiawatha/conf/proxies/subdomain.example.com.conf | grep TLScertFile| tail -n1
TLScertFile = /home/kloxo/ssl/eth0_0___localhost.pem
eth0_0___localhost.pem should have been subdomain.example.com.pem!
-
Make sure using latest Kloxo-MR 7.0 and always running 'sh /script/cleanup' after 'yum update'.
Letsenscrypt may not work to create ssl if website using redirect (let say redirect non-www to www). Also no 'A record' (the same IP with '__base__' aka non-www) for www, cp and webmail in dns settings.
-
Just updated and cleanup crashes Hiawatha. Any tips?
*** Restart services - BEGIN ***
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
-------------------------------------------------------------------
Stopping httpry: [FAILED]
Starting httpry: [ OK ]
-------------------------------------------------------------------
Shutting down MySQL... SUCCESS!
Starting MySQL.. SUCCESS!
-------------------------------------------------------------------
Stopping named: . [ OK ]
Starting named: [ OK ]
-------------------------------------------------------------------
Stopping php56m-fpm (PHP Used): [ OK ]
Starting php56m-fpm (PHP Used): [ OK ]
-------------------------------------------------------------------
Stopping php54m-fpm (Multiple Php): [ OK ]
Stopping php55m-fpm (Multiple Php): [ OK ]
Stopping php56m-fpm (Multiple Php): [ OK ]
Stopping php70m-fpm (Multiple Php): [ OK ]
Starting php54m-fpm (Multiple Php): [ OK ]
Starting php55m-fpm (Multiple Php): [ OK ]
Starting php56m-fpm (Multiple Php): [ OK ]
Starting php70m-fpm (Multiple Php): [ OK ]
-------------------------------------------------------------------
Stopping nginx: [ OK ]
Starting nginx: [ OK ]
-------------------------------------------------------------------
Stopping Hiawatha web server: [FAILED]
Starting Hiawatha web server: /bin/bash: line 1: 450 Segmentation fault /usr/sbin/hiawatha -c /etc/hiawatha
[FAILED]
-------------------------------------------------------------------
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
-
Use latest upload (2016071802) and then run 'sh /script/cleanup'.
In your issue, go 'switch program' and try select lighttpd and change back to original.
-
I'm using 2016071802.
But there is no point in switching, since the problem is hiawtha binary:
[root@mail ~]# hiawatha -c /etc/hiawatha/
Segmentation fault
[root@mail ~]# dmesg | grep hiawatha
hiawatha[2470]: segfault at 0 ip 00007fdf5a0b38ca sp 00007ffebc54f3b8 error 4 in libc-2.12.so[7fdf5a034000+18a000]
hiawatha[2603]: segfault at 0 ip 00007f9e541198ca sp 00007ffe5688def8 error 4 in libc-2.12.so[7f9e5409a000+18a000]
[root@mail ~]#
Did a 'yum downgrade hiawatha -y', same issue.
Use latest upload (2016071802) and then run 'sh /script/cleanup'.
In your issue, go 'switch program' and try select lighttpd and change back to original.
-
I swiched to Nginx. Now i'm getting issues:
topping named: . [ OK ]
Starting named: [ OK ]
-------------------------------------------------------------------
Stopping php56m-fpm (PHP Used): [ OK ]
Starting php56m-fpm (PHP Used): Failed loading /opt/php56m/usr/lib64/php/modules/opt/php56m/opcache.so: /opt/php56m/usr/lib64/php/modules/opt/php56m/opcache.so: cannot open shared object file: No such file or directory
[ OK ]
-------------------------------------------------------------------
Stopping php54m-fpm (Multiple Php): [ OK ]
Stopping php55m-fpm (Multiple Php): [ OK ]
Stopping php56m-fpm (Multiple Php): [ OK ]
Stopping php70m-fpm (Multiple Php): [ OK ]
Starting php54m-fpm (Multiple Php): [ OK ]
Starting php55m-fpm (Multiple Php): [ OK ]
Starting php56m-fpm (Multiple Php): Failed loading /opt/php56m/usr/lib64/php/modules/opt/php56m/opcache.so: /opt/php56m/usr/lib64/php/modules/opt/php56m/opcache.so: cannot open shared object file: No such file or directory
[ OK ]
Starting php70m-fpm (Multiple Php): [ OK ]
-------------------------------------------------------------------
Stopping spawn-fcgi: [FAILED]
Starting spawn-fcgi: [FAILED]
-------------------------------------------------------------------
Stopping nginx: [ OK ]
Starting nginx: [ OK ]
-------------------------------------------------------------------
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
-------------------------------------------------------------------
Also, your new changes to DoS is creating too much problem with max conn per IP.
Where can i customize it? I need to raise the value as we host cloud systems with many reg/s, much more than 10r/s.
-
Try reinstall phpm with 'sh /script/phpm-all-install -y'.
-
I fixed the PHP opcache.so issue by editing /opt/php56m/etc/php.d/10-opcache.ini and changing from
zend_extension=/opt/....... to just opcache.so.
But now i need to hoiw i can customize the limit_conn and limit req in Nginx? You have too low values for our apps.
Try reinstall phpm with 'sh /script/phpm-all-install -y'.
-
limit_conn and limit_req related to protect 'DDOS' attack.
-
Yes, correct and i'm using Nginx with such settings on many of our non-Kloxo servers :)
But your settings actually brings DoS to our sites :)
We are running SaaS cloud and they often need 2-300 connections per IP :)
Anyway, i have changed this in files inside /opt/configs/nginx/conf/globals/*.conf, but will they be overwritten by next update or cleanup etc?
I need this permanent!
limit_conn and limit_req related to protect 'DDOS' attack.
-
Copy all php-fpm*.conf and proxy*.conf to custom.php-fpm*.conf and custom.proxy*.conf and then modified all custom files. After that, run 'sh /script/fixweb; sh /script/restart-web -y'.
This is 'customize rule' in Kloxo-MR.