wizap's blog

If you're short of IP addresses and hosting multiple domains on a single IP requiring SSL connection to all domains, then a good solution would be to get the Multi-Domain certificate from Comodo, which is a single certificate containing more than one domain name, and that certificate is for a single server installation.

However, the use of Host Headers (which is how you can use a single IP for more than one SSL enabled domain) is not recommended for E-Commerce sites.

The multi-domain certificate can only be purchased from one of the Comodo resellers, or can apply to become one yourself.

To order the certs, you will need to first generate a Certificate Signing Request Key. This is easily done via Plesk admin UI.

1. Login to the Plesk Control Panel.
   
2. From the left hand menu, select 'Server'.
   
3. Click on 'Certificates'.
   
4. Click on the 'Add New Certificate' item.
   
5. Fill out the information on the page. All items noted by red asterisks must be filled in
   
6. Press the 'Request' button.
   
7. You will then be returned to the Certificates menu. From the list at the bottom of the page, click on the certificate name that you just created. Mid-way down the page, there is a box. Copy the content of this box labelled 'CSR'.
   
8. Paste the CSR into the order screen when purchasing the SSL certificate.

Shortly after ordering, the SSL certificate is emailed to you zipped along with the below CA certs:

1. AddTrustExternalCARoot.crt
   
2. PositiveSSLCA.crt
   
3. UTNAddTrustServerCA.crt

The CA certs need to be concatenated and uploaded to Plesk as one single certificate and should follow the same order.

Those files are available for download from Comodo's support site as well.

The order you place the contents of those files into a new file is important, and should be followed as outlined above. No blank lines should be added between the certificate contents when you copy the contents of the existing CA certs into a new file. You then provide this new file to Plesk when it asks for the CA Certificate.

In order to install the certificate, go back to the Certificate area in Plesk and upload or copy/paste the certs into the relevant areas.

Return to the Server Page and go to the IP address section. Click on the relevant IP address and apply the newly installed certificate.

Add panic=10 to the kernel command line to reboot with 10 seconds of a kernel error. Be careful with this when setting up new kernels.

It’s possible to change it later with sysctl, or by writing to /proc:

To make it permanent, edit /etc/sysctl.conf and add the below line:

`sysctl -p` to load the conf file and make permanent.

Edit "/root/ispconfig/isp/conf/procmailrc.master" and add the below ".custom.rc" line.

Now include any custom rules that you may have to the ".custom.rc" file in the users home directory.

I needed custom configuration for each site to exclude the domain which would otherwise show up in the webalizer referrer report.

I patched "/root/ispconfig/scripts/shell/webalizer.php" with the below diff for ispconfig-2.2.21.

So, now it will detect if there is a custom webalizer.conf file in the sites root directory and include it instead of the default. You can simply copy over the default webalizer.conf file to the site root and add the site name to the HideReferrer section:

As of this writing, the latest versions were:

• apache_1.3.41
  
• php-4.4.8
  
• openssl-0.9.8g
  
• mod_ssl-2.8.31-1.3.41

Once the files are downloaded and extracted; config, compile and install in the below order:

1. Install openssl:
   
   $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
$ make
# make install

2. mod_ssl patch:
   
   $ ./configure \
--with-ssl=../openssl-0.9.8g \
--with-apache=../apache_1.3.41

3. Pre-configure apache:
   
   $ ./configure

4. Install php:
   
   $ ./configure \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-zlib-dir \
--with-freetype \
--with-freetype-dir=/usr/lib \
--enable-gd-native-ttf \
--enable-memory-limit \
--with-ldap \
--with-mysql \
--with-apache=../apache_1.3.41
$ make
# make install

5. Install apache
   
   $ SSL_BASE=../openssl-0.9.8g \
./configure \
--prefix=/usr/local/apache \
--enable-module=rewrite \
--enable-module=so \
--activate-module=src/modules/php4/libphp4.a \
--enable-module=ssl

If you're hosted on a VPS, the below would explain if you are getting the resources that you paid for:

As mentioned in the resources (/proc/user_beancounters):

vmguarpages	0	30,000	2,147,483,647	4KB pages	\
      Memory allocation guarantee

This is the guaranteed RAM you get which works out to be:

30000 x 4 / 1024 = 117.1875 MB

Accordingly kmemsize is set to:

kmemsize	7,167,393	12,288,832	13,517,715	bytes	\
     Size of unswappable memory, allocated by the operating system kernel

Minimum kmemsize should be 10% of the vmguarpages, which is correct for the current setup:

12288832/1024/1024 = 11.7 MB == 10% of 117 (vmgaurpges)

1. Download and unpackage the source files:
   
   $ cd /usr/local/src
$ wget http://www.ibiblio.org/pub/mirrors/apache/httpd/apache_1.3.41.tar.gz
$ wget http://us2.php.net/get/php-4.4.8.tar.gz/from/us.php.net/mirror
$ tar -xvzf apache_1.3.41.tar.gz
$ tar -xvzf php-4.4.8.tar.gz

2. Preconfigure apache:
   
   $ cd apache_1.3.41
$ make clean
$ ./configure

3. Configure, compile, install php:
   
   $ cd ../php-4.4.8
$ make clean
$ ./configure \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-zlib-dir \
--with-freetype \
--with-freetype-dir=/usr/lib \
--enable-gd-native-ttf \
--enable-memory-limit \
--with-ldap \
--with-mysql=/usr/local/mysql \
--with-apache=../apache_1.3.41
$ make
# make install

4. Configure, compile, install apache:
   
   $ ./configure \
--prefix=/usr/local/apache \
--enable-module=rewrite \
--enable-module=so \
--activate-module=src/modules/php4/libphp4.a
$ make
# make install

1. Create dev.domain.tld site in hosting control panel.
   
2. Create the database and user.
   
3. Copy over the database and files.
   
4. Update the database and user info in "includes/configure.php" and "admin/includes/configure.php".
   
5. Update the links to point to the development site:
   
   $ for x in `grep -r www.domain.tld * -l` ; do perl -pi \
  -e 's/www\.domain\.tld/dev\.domain\.tld/g' $x ; done

6. Optionally disable SSL in "includes/configure.php".
   
7. Change ownership of files as required.
   
8. Login in as admin and change the cache location.

Recently I've had to research on some missing files of a website.

When looking through the proftpd xferlog files, it was clear that the files were deleted by a user having ftp access.

The xferlog file is usually located at "/var/log/xferlog". However, since this was a plesk server, it was located at:
"/var/www/vhosts/{DOMAIN}/statistics/logs/xferlog_regular*"

A quick grep produced the files that were deleted out and could easily be recovered from a previous backup. Also, discovered the time and offending IP address of the person that did the deletes.

Full listing:

Listing of just the deleted files:

Below are some additional notes on xferlog anlysis:

If you apt-get install sysstat, and sar returns:

Sar needs to be enabled before it can be used. The error message in this case is completely useless, and the solution I have found is as below:

Enable sysstat data collection by doing

or manually by changing value of ENABLED from "false" to "true" in "/etc/default/sysstat".

Then start sysstat via:

Check "/var/log/sysstat/" for the missing file.

Run sar after about 10 minutes to see the collected data.