Messages

61

Kloxo-MR Technical Helps / Re: Setting up multiple DNS server

« on: 2017-05-05, 10:00:38 »

@mustafa,
i just changed my server1 and server2 with such a setup, and i can see the notify in the logs of both servers.
But where are slave saving the config files as i don't see any?



On slave, the file is empty:
[root@kloxomrc7_01 bind]# cat conf/defaults/named.slave.conf
[root@kloxomrc7_01 bind]#


Also, before this change, i had rsynced all the Bind and Nsd config from master to "slave" to have "slave" serve all the zones as master.
So right now, the DNS sec keys are the same on slave. Should i delete the config files of Bind and Nsd and reinstall Bind and nsd?




[root@kloxomrc7_01 bind]# ll /opt/configs/nsd/conf/slave/
total 0
[root@kloxomrc7_01 bind]#

Let say you have server1 (IP 111.111.111.111) and server2 (IP 222.222.222.222) and domain.com.

In server1, set dns as:

Code: [Select]

ns1 IN A 111.111.111.111
ns2 IN A 222.222.222.222
__base__ IN NS ns1.domain.com.
__base__ IN NS ns2.domain.com.

and then in server2, go to 'admin > secondary dns' and add 'Primary IP' as '111.111.111.111' and 'Domain' ad 'domain.com'.

62

Kloxo-MR Technical Helps / Re: Enabling Apache Deflate and PageSpeed module the right way

« on: 2017-05-04, 14:19:30 »

Yes, @mustafa is right. You already have gzip enabled (because of pagespeed as mustafa writes):
root]$ curl -H "Accept-Encoding: gzip" -I https://pharmaindigital.com/
HTTP/1.1 200 OK
Date: Thu, 04 May 2017 06:53:53 GMT
Server: Apache/2.4.25 (CentOS)
X-Content-Type-Options: nosniff
X-XSS-Protection: 1;mode=block
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
X-Supported-By: Kloxo-MR 7.0
Strict-Transport-Security: max-age=2592000; preload
Upgrade: h2
Connection: Upgrade, close
Accept-Ranges: bytes
X-Mod-Pagespeed: 1.11.33.4-0
Cache-Control: max-age=0, no-cache, must-revalidate
Vary: Accept-Encoding,Cookie
Content-Encoding: gzip
Content-Length: 18340
Content-Type: text/html; charset=UTF-8

63

Kloxo-MR Technical Helps / Re: Enabling Apache Deflate and PageSpeed module the right way

« on: 2017-05-04, 14:13:08 »

You need to UNCOMMENT it so that line should look like:
LoadModule deflate_module modules/mod_deflate.so
And you must restart httpd, e.g with restart-web. Did you do that?

Setting up reverse proxy in Kloxo-MR is simple:
Go to "Switch Program" as admin and choose e.g nginxproxy under Web and then click Update.
That should be it. If you do this, then don't worry about deflate with Apache. Nginx reverse proxy does gzip by default in Kloxo-MR!

@fossxplorer I tried commenting the line in 00-base.conf still no success

Could you please help me by telling the steps in Kloxo-MR to configure reverse proxy as Nginx/Hiawatha

64

Kloxo-MR Technical Helps / Re: Enabling Apache Deflate and PageSpeed module the right way

« on: 2017-05-04, 13:50:23 »

@rsakhale, why are you not using any reverse proxy (Nginx or Hiawatha reverse proxy) in front of Apache?
You would get better performance from such setup, at least with Nginx proxy due to better caching.

If you do that, your gzip problems will be solved too! 

65

Kloxo-MR Technical Helps / Re: Enabling Apache Deflate and PageSpeed module the right way

« on: 2017-05-04, 13:42:56 »

Reason is this line:
[root@mail ]# cat -n /opt/configs/apache/tpl/defaults.conf.tpl| grep deflate
    61         exec("sed -i 's/^LoadModule deflate_module/#LoadModule deflate_module/' {$trgtcmdpath}/00-base.conf");

@mustafa, i think he should create  /opt/configs/apache/tpl/custom.defaults.conf.tpl where that line is commented out, then remove the uncomment it from:
[root@mail ]# cat -n /etc/httpd/conf.modules.d/00-base.conf| grep deflate
    30   #LoadModule deflate_module modules/mod_deflate.so

Finally run  sh /scripts//restart-web 


@mustafa, i think i make sense to disable deflate_module when Apache is behind a proxy(Nginx or Hiawatha proxy) since at least Nginx proxy does it:
[root@mail linuxwonders]# grep -ri 'gzip on' /opt/configs/nginx/conf/*
/opt/configs/nginx/conf/globals/gzip.conf:   gzip on; 
 

66

Kloxo-MR Development / Skeleton not unzipped correctly on slave when adding new domain

« on: 2017-05-04, 10:21:06 »

I noticed, when i add a domain for a client that's on the slave, the skeleton is not unzipped correctly.
Can you fix @mustafa?


[root@kloxomrc7_01 home]# ll -th clien111/mydomain.com/sub.mydomain/
total 1.0K
-rwx------. 1 root         root         0 May  4 10:23 skeleton.zip5tRSfD
drwxr-xr-x. 2 client11 client11 2 May  4 10:23 cgi-bin
[root@kloxomrc7_01 home]#

67

Kloxo-MR Technical Helps / Re: Setting up multiple DNS server

« on: 2017-05-03, 11:27:53 »

Ah ok. Then it means, as far as i understand based on what you write @mustafa and without any testing so far, the "secondary dns" is a straight DNS slave getting zone files from the master via inotify.
"secondary dns" is quite confusing here!

I think you can consider changing ""secondary dns"  to something like "DNS slave" if it doesn't break anything @mustafa. IMO, such is important to promote Kloxo-MR so that users/reviewers/future potential users dont' get confused and actually see that Kloxo-MR supports DNS slaves This a big feature IMO! 


Yes, i'm aware i can simply use other DNS server to rsync the zone files and make them master DNS servers.

But my question is, if i install 2 more Kloxo-MR instances, they can all act like slaves (secondary dns) right?
Given i configure master with ns2, ns3 etc with correct IPs ofc
 

Idea for 'secondary dns' is make possible Kloxo-MR 7.0 as 'secondary dns' from 'primary dns'. You can use other panel (like CPanel) as 'primary dns'.

68

Kloxo-MR Technical Helps / Re: Setting up multiple DNS server

« on: 2017-05-03, 10:19:48 »

Oh so Kloxo-MR actually supports  DNS slaves in the right way. I wasn't aware of that.

Does it mean we can add more slaves by adding Kloxo-MR servers and using "secondary dns"?

No, if you set ns2 to IP from other server, dns server in Kloxo-MR will be notify to this other server (after you add domain via 'secondary dns' in other server).

Remember, only bind, nsd and pdns can handle 'dns clustering'.

In your situation, try 'sh /script/restart-dns' in server1 dan then the same way in server2.

69

Kloxo-MR Technical Helps / Re: Setting up multiple DNS server

« on: 2017-05-02, 23:25:05 »

Problem is, the ns2.domain.com will be useless for all the zone records you add to server1.
We need a way to sync the zone records from server1 to server2. I'm using simple rsync for that.

@mustafa, again, we need a wiki for this. If you are not interested or see how useful a wiki is, i'll create one to help users + to have it as a documentation for myself :  )

70

Kloxo-MR Technical Helps / Re: phpMyAdmin error

« on: 2017-05-02, 21:37:22 »

@mustafa, why is his instance using  - PHP: php54s-5.4.45-1.ius.centos6 (fpm mode)`?
Shouldn't it be upgraded to php56s from IUS for lxphp?

71

Kloxo-MR Technical Helps / Re: phpMyAdmin error

« on: 2017-05-02, 14:53:41 »

Kloxo should be using PHP 5.6.30. What version of Kloxo-MR are you running?
Provide details of the following: so we can help you further. 
'sh /script/sysinfo'

72

Kloxo-MR Development / Re: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks

« on: 2017-05-01, 18:17:55 »

Awesome, it's included:
https://github.com/mustafaramadhan/kloxo/commit/aac99f42761265fa6f254986cea1f9c4dc2046e5

73

Kloxo-MR Development / Move/assing user to new server

« on: 2017-05-01, 17:53:42 »

What's the best way to move a user to a new server (slave)?

I tried to assign e.g web server to slave for that user, but i get all kinds of errors.

Do i need to export and import the account into the slave?

WEb server change:
One error is: Alert: Could not ZIP dir [/home/client11]

Mail server change:
Alert: mailaccount_add_failed [me@mydomain.com]


So this is obvisouly not working as it should between servers.

74

Kloxo-MR Development / Re: Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks

« on: 2017-04-29, 14:28:04 »

I tested in CentOS 7 & Kloxo-MR, since Redhat has patched Bind, it works:
 I appended the following to /opt/configs/bind/conf/defaults/named.options.conf right above logging {..
rate-limit {
    responses-per-second 5;
    window 5;
};

[root@kloxomrc7_01 csf]# systemctl reload named
Seems not to complain about anything.

75

Kloxo-MR Development / Responce Rate Limiting in DNS to mitigate DNS amplicaiton attacks

« on: 2017-04-29, 13:04:49 »

Ref https://www.us-cert.gov/ncas/alerts/TA13-088A and https://kb.isc.org/article/AA-00994/0/Using-the-Response-Rate-Limiting-Feature-in-BIND-9.10.html.

Since Kloxo-MR is running authoritative DNS servers, need to add:

          rate-limit {
              responses-per-second 10/5 or other reasonable values;
          };
to options in /opt/configs/bind/conf/defaults/named.options.conf.

What do you think @mustafa