MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: mawerick on 2017-04-06, 00:01:10
-
I need help for better setup of SSL of my server. I made test in ssllabs.com and result is F grade.
Cipher Suites problems:
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) ECDH secp256r1 (eq. 3072 bits RSA) FS INSECURE 128
TLS_DHE_RSA_WITH_DES_CBC_SHA (0x15) DH 2048 bits FS INSECURE 56
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128
I see that i have problem with RC4.
Where and what to change to be better setup?
-
Inform here 'sh /script/sysinfo'.
-
A. Kloxo-MR: 7.0.0.b-2015100801
- Web: hiawatha-9.14.0-f.6.mr.el6.x86_64
- PHP: php54s-5.4.45-1.ius.el6 (cgi mode)
B. Plateform:
- OS: CentOS release 6.7 (Final) x86_64
- Hostname: host.piximus.net
C. Services:
1. MySQL: --uninstalled--
2. PHP:
- Branch: php54-cli-5.4.45-1.ius.el6.x86_64
- Used: --Use PHP Branch--
3. Httpd: httpd-2.2.31-1.mr.el6.x86_64
- PHP Type: php-fpm_event
4. Lighttpd: --uninstalled--
5. Hiawatha: --unused--
6. Nginx: --uninstalled--
7. Cache: --uninstalled--
8. Dns: bind-9.9.7-1.mr.el6.x86_64
9. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.x86_64
D. Memory:
total used free shared buffers cached
Mem: 6144 2010 4133 0 0 0
-/+ buffers/cache: 2010 4133
Swap: 0 0 0
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/simfs 400G 175G 226G 44% /
-
Update your Kloxo-MR with 'yum clean all; yum update -y' and then reboot. After reboot, run 'sh /script/cleanup'.
Need update because your OS and Kloxo-MR is too old.
-
After update, websites not working. I receive
Error 500 - Internal Server ErrorAlso most of kloxo commands are not found.
sh: /script/sysinfo: No such file or directory
In error logs for domain:
[Fri Apr 07 15:54:24 2017] [error] [client 66.249.66.182] FastCGI: incomplete headers (0 bytes) received from server...
After reinstall kloxo7 and cleanup, everything back to normal.
ssllabs.com grade A !
Only problem after update is FTP connection. Can not connect, pure-ftp service is not working.
-
For ftp, try 'chkconfig pure-ftpd on; sh /script/restart-ftp'.
-
I receive error:
error reading information on service pure-ftpd: No such file or directory
I try to install it, because i think it's missing, but it's already installed.
Package pure-ftpd-1.0.37-1.mr.el6.x86_64 already installed and latest version
Nothing to do
-
Try 'yum reinstall pure-ftpd -y; chkconfig pure-ftpd on; sh /script/restart-ftp'.
-
Pure-ftp start working, but can not connect with FTP users, try new password but no success. Try with passive / active mode, nothing.
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command: USER *****
Response: 331 User ***** OK. Password required
Command: PASS ****************
Response: 530 Login authentication failed
Error: Critical error: Could not connect to server
Problem solved. There is @ char in pass. I see in other post, that might be a problem.
-
I have new problem, after Kloxo update, but don't want to open new post.
On a random time, i'm not sure but day, or two, i think that some precedure return all settings to default.
I edit 00-base.cnf fiile, because i want to enable deflate module. By default it's disabled. So after i edit it, it's wokring, but after time, config file is with disabled deflate module.
Any idea?
-
By default deflat already disable. Only enable if pagespeed enabled.
But, if you want enable deflat without enable pagespeed, create 00-default.conf with content 'LoadModule deflate_module modules/mod_deflate.so'
-
But, if you want enable deflat without enable pagespeed, create 00-default.conf with content 'LoadModule deflate_module modules/mod_deflate.so'
I did it, but after while, i don't know how, but deflate module set to disable(comment with #)
-
You mean set to '#' inside 00-default.conf (sorry it's wrong name; I mean '00-deflat.conf').
-
I do it and work perfect.
Another problem witn DNS/named service. Every day, at the same time named service stop working properly. I don't know how and why, but i have to do:
sh /script/fixdns;
service named restart
If i don't do fixdns, only restart of named service, i receive this error:
Stopping named: [ OK ]
Starting named:
Error in named configuration:
zone domain***.net/IN: loaded serial 2017041552
zone domain***.net/IN: loaded serial 2017041554
dns_master_load: master/domain***.net:4: unexpected end of line
dns_master_load: master/domain***.net:4: unexpected end of input
zone domain***.net/IN: loading from master file master/domain***.net failed: unexpected end of input
zone domain***.net/IN: not loaded due to errors
....
[FAILED]
I think, after Kloxo update, somethnig in domain dns configs got wrong, but don't know how to fix it.
Any idea?
-
UP
-
For 'domain***.net', try to recreate.