Servers

When transferring files to or from your ftp server you will need to have passive ports defined in pure-ftpd and allowed in the firewall.
These are often not defined correctly by pure-ftpd or your firewall, even though you may be using CWP.

First define the Passive Port Range in the pure-ftpd config file

nano /etc/pure-ftpd/pure-ftpd.conf

 Uncomment (remove # at beginning of the line) PassivePortRange and specify the passive port range:

PassivePortRange 30000 50000

 * If this line is missing then simply add it at the end of the file.

Restart pure-ftpd to load the new configuration

service pure-ftpd restart

 Then define the port range in the CSF firewall configuration (if you're using CWP)
In the file /etc/csf/csf.conf add the same port range under TCP_IN and TCP_OUT

nano /etc/csf/csf.conf

In lines TCP_IN and TCP_OUT add 30000:50000, example

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,30000:50000,6666"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,30000:50000,993,995"

 Finally reload csf firewall configuration

csf -r

 

Install the latest certbot for your system.

Debian:
sudo apt-get install certbot

Windows:
Download and install the latest certbot application and run CMD or Powershell as administrator
https://certbot.eff.org/lets-encrypt/windows-other

In your terminal or cmd window:

certbot -d mydomain.com,www.mydomain.com,othersub.mydomain.com --manual certonly

 Then follow the prompts and answer yes to IP logging.

By default certbot will validate the domain against an HTTP challenge.
The http challenge will ask you to place 'Keys' in a file with a specific name and specific content in the /.well-known/acme-challenge/ directory directly in the top-level directory (“web root”) containing the files served by your webserver, for the domain you're specifying.
You'll know what file name and key content is required from the terminal/cmd prompts.

If you want to use the DNS challenge, simply specify in the certbot command:

certbot -d mydomain.com,www.mydomain.com,othersub.mydomain.com --manual --preferred-challenges dns certonly

 

 More information can be found here
https://certbot.eff.org/docs/using.html#manual

At first grub boot prompt, you have 4sec to pres: [e]

grub-menu.JPG

Does not matter which grub kernel you choose as we are not really modifying the kernel.

With your [e] key just choose to edit the first one

add at the end the word "single", like so:

<YTABLE=us crashkernel=auto rhgb quiet single

centos-kernel-edit-to-single-user.JPG

and press [enter]

Back at the Grub menu press [b] to boot.
When the prompt comes up we are in single user mode

centos-single-user-mode.JPG

In this mode we are not required to authenticate and we can go ahead and reset the password by typing at the prompt:

[root@localhost /]# passwd

setting-root-passwrod-centos.JPG

retype the password to confirm and the root password has been changed,

do a shutdown by typing:

shutdown -r now

 

Fixing the original problem

So we want to serve our files at /var/www/html and enable writing to log files and file uploads as well? Let’s play nice with SELinux.

First, copy the files as usual to /var/www/html, then set the proper ownership and permissions.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Ownership
sudo chown apache:apache -R /var/www/html
cd /var/www/html
 
# File permissions, recursive
find . -type f -exec chmod 0644 {} \;
 
# Dir permissions, recursive
find . -type d -exec chmod 0755 {} \;
 
# SELinux serve files off Apache, resursive
sudo chcon -t httpd_sys_content_t /var/www/html -R
 
# Allow write only to specific dirs
sudo chcon -t httpd_sys_rw_content_t /var/www/html/logs -R
sudo chcon -t httpd_sys_rw_content_t /var/www/html/uploads -R

httpd_sys_content_t – for allowing Apache to serve these contents and httpd_sys_rw_content_t – for allowing Apache to write to those path.

You may use the 'sestatus' command to view the current SELinux status:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

The 'setenforce' command may be used to switch between Enforcing and Permissive modes on the fly but note that these changes do not persist through a system reboot.

To make changes persistent through a system reboot, edit the 'SELINUX=' line in  /etc/selinux/config  for either 'enforcing', 'permissive', or 'disabled'. For example: 'SELINUX=permissive'

Boot up the machine, and after the BIOS screen, hold down the left Shift key. You will then be prompted by a menu that looks something like this:

MQv6f.png

I've noticed on some systems that timing when to hit the left Shift key can be tricky, sometimes I miss it and need to try it again.

Hit the down arrow until you select the 2nd entry from the top (the one with the recovery mode in the description) and then hit Enter.

Now you should see this menu:

RRKur.png

Using the arrow keys scroll down to root and then hit Enter.

You should now see a root prompt, something like this:

root@ubuntu:~#

 At this stage you should have a read-only filesystem. You have to remount it with write permissions:

mount -o remount,rw /

 Now we can set the user's password with the passwd command. (In this example I will use jorge as the example, you need to substitute whatever the user's username is):

root@ubuntu:~# passwd techadmin
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@ubuntu:~#

Alternate Root Shell Method

If you don’t have the recovery mode option, this is the alternate way to manually edit the grub options to allow for a root shell.

First you’ll want to make sure to choose the regular boot kernel that you use (typically just the default one), and then use the “e” key to choose to edit that boot option.

image34.png

Now just hit the down arrow key over to the “kernel” option, and then use the “e” key to switch to edit mode for the kernel option.

image35.png

You’ll first be presented with a screen that looks very similar to this one:

image

You’ll want to remove the “ro quiet splash” part with the backspace key, and then add this onto the end:

rw init=/bin/bash

image37.png

Once you hit enter after adjusting the kernel line, you’ll need to use the 'B' key to choose to boot with that option.

image38.png

At this point the system should boot up very quickly to a command prompt.

Should you have forgotten to add the'rw' option at the kernel, the root file system is still mounted read-only, so enter the following command:

mount -n -o remount,rw /

You can use the following command to reset your password:

passwd <username>

For example root just use this command:

passwd 

image39.png

After changing your password, use the following commands to reboot your system. (The sync command makes sure to write out data to the disk before rebooting)

sync
reboot –f

In some instances –f parameter is necessary to get the reboot command to work for some reason. You could always hardware reset instead, but make sure to use the sync command first.

And now we are be able to login without any issues.

Find the default httpd config

/etc/httpd/conf/httpd.conf

Find the userdata folder 

/usr/local/apache/conf/userdata

 

IPut the same directive in httpd.conf under and it work:
<VirtualHost 162.210.xxx.xxx:80>
ServerName example.com
</VirtualHost>

 

You'll need to run /usr/local/cpanel/scripts/ensure_vhost_includes after the modifications, as documented here Modify Virtualhost Containers With Include Files - EasyApache - cPanel Documentation

 

or do the following:
/var/cpanel/userdata/USERNAME/DOMAIN.COM
1. Once you have opened the file, look for the following line:

documentroot: /home/USERNAME/public_html
2. Modify the location according to your needs. Save it and exit.

3. Rebuild the Apache conf and restart Apache:

/scripts/rebuildhttpdconf
service httpd restart
The change will be immediate. Simply clear your browser cache and force refresh the page!

The cPanel accounts are created using a primary domain. All primary domains on the hosting account use “public_html” directory for all its website files and data. The sub-directories inside the public_html directory is occupied by the addon domains. The primary domain can also be setup to use a sub-directory inside public_html directory instead of public_html itself. Follow the below steps to change the document root of your primary domain in cPanel account. Please note that, you will need to have root SSH access to perform these steps.

1) Connect to your server via SSH as root user. You may follow the tutorial below, if you are using a Windows system to connect to your server via SSH. This tutorial explains how to use “Putty”, SSH client software to access server.

https://www.interserver.net/tips/kb/using-putty-to-ssh-to-server/

2) Using your favorite text editor (say vim) edit the following file.

$ vim /cpanel/userdata/username/domain.com

Replace the “username” with your cPanel account username and “domain.com” with your primary domain name and “subdir” with your new directory. Find the following two lines in this file.

documentroot: /home/username/public_html

path: /home/username/public_html/cgi-bin

Modify these two lines to change the document root of your primary domain to a sub-directory inside “public_html” directory.

documentroot: /home/username/public_html/subdir

path: /home/username/public_html/subdir/cgi-bin

Save the file after changes are made and then delete the cache file for your primary domain.

$ rm -vf /var/cpanel/userdata/username/domain.com.cache

3) If the primary domain has an SSL certificate installed, edit the following file the same way as above.

$ vim /var/cpanel/userdata/username/domain.com_SSL

Save the file after changes are made and then delete the cache file for your primary domain.

$ rm -vf /var/cpanel/userdata/username/domain.com_SSL.cache

4) Run the following scripts to update the user data cache and rebuild apache configuration file.

/scripts/updateuserdatacache

/scripts/rebuildhttpdconf

5) Restart Apache server to load changes.

$ service httpd restart

/etc/cpanel/ea4/profiles/cpanel

or

/etc/cpanel/ea4/profiles/custom

 

/usr/local/bin/ea_install_profile [--install] profile_file

 

EasyApache4 Profile list example:

[root@server cpane]]$

allphp.json allphp-opcache.json default.json mpm_itk.json nophp.json rubypassenger.json worker.json

 

Example profile provisioning/install:

/usr/local/bin/ea_install_profile --install /etc/cpanel/ea4/profiles/custom/joomla_php_7-72.json

sudo su root

Run the rpm -qa | grep -i package command, where package (eg. ea-php72-mb) represents part of the name of the package that you wish to install, to determine if the package is already installed.

Run this to determine if package is available:

yum list ea-*

ea-php70-php-mbstring.x86_64

ea-php70-php-zip.x86_64

To Install the available package run the command with exact package name found in list:

yum install ea-php70-php-mbstring.x86_64

Now that you have completed installing the fileinfo PHP extension from the CLI, you can confirm it is enabled by running the following command :

scl enable ea-php70 'php -i' | grep 'mbstring'
Configure Command => './configure' ...'--enable-mbstring=shared'...'
/opt/cpanel/ea-php70/root/etc/php.d/mbstring.ini,
mbstring
mbstring support => enabled

Page 1 of 2