webcp.hostinghacks.net/slackware | Web-cp
Web-cp is an open source, PHP/MySQL powered, hosting control panel for Unix/Linux systems. This control panel is free to use under the GPL and when combined with other open source internet server software such as Apache, ProFTP, PHP, MySQL, Dovecot, Squirrelmail, BIND, Sendmail, MRTG, Webalizer and OpenSSL can provide a slick interface to a fully featured hosting provisioning solution.
PREREQUISITES: openssl, mysql, php as a cli (or cgi).
There are 3 key components needed for a fully functional webcp:
1. a php-cli binary located in '/usr/bin/php/cli-php'
2. a php powered Apache for control panel access(a.k.a. apachecp)
4. the webcp software (http://web-cp.net)
Web-cp is software in Beta form and these notes are also.
Installing onto a *non-production* system first is highly recommended.
The installation commands can be run from a Putty window
in a "cut-and-paste" style layout or copied to a script.
Notes on Putty best practices
can be found here.
get the needed packages:
cd /usr/src wget 'http://apache.mirrors.redwire.net/httpd/apache_1.3.33.tar.gz' # wget http://hostinghacks.net/dist/apache_1.3.33.tar.gz tar -zxpf apache_1.3.33.tar.gz cd /usr/src wget 'http://www.modssl.org/source/mod_ssl-2.8.22-1.3.33.tar.gz' # wget http://hostinghacks.net/dist/mod_ssl-2.8.22-1.3.33.tar.gz tar -zxpf mod_ssl-2.8.22-1.3.33.tar.gz cd /usr/src rm -f -R php-4.3.11 wget 'http://us2.php.net/get/php-4.3.11.tar.gz/from/this/mirror' # wget http://hostinghacks.net/dist/php-4.3.11.tar.gz tar -zxpf php-4.3.11.tar.gz
create the 'webcp' user:
groupadd webcp useradd -s /sbin/nologin -g webcp -d /home/webcp -c "webcp user" webcp
build ssl for apache:
cd /usr/src/mod_ssl-2.8.22-1.3.33 ./configure --with-apache=/usr/src/apache_1.3.33
build apache:
cd /usr/src/apache_1.3.33 SSL_BASE="/usr" \ ./configure \ --prefix=/usr/local/apache1 \ --enable-module=log_referer \ --enable-module=log_config \ --enable-module=log_agent \ --enable-module=mime \ --enable-shared=info \ --enable-module=so \ --enable-shared=ssl \ --enable-module=ssl make && make install cd /usr/local/ chown webcp.webcp apache1 -R
make the apachecp php_mod:
cd /usr/src/php-4.3.11
./configure \
--prefix=/usr/local/apache1 \
--with-apxs=/usr/local/apache1/bin/apxs \
--with-config-file-path=/usr/local/apache1/conf \
--with-mysql \
--with-zlib=yes \
--with-zlib-dir=/usr \
--enable-ftp \
--disable-cli \
--disable-pear \
--disable-cgi
make &&
make install
# make test
make clean
rm -f config.cache
create certs:
cd /usr/local/apache1/conf/ cat > csr_info.txt << "EOF" US CA SF Moonshine Hosting, Inc. Fly-By-Night Division serv1.fatpenguinhosting.com servadmin@localhost.usa . . EOF openssl genrsa -rand /var/log/messages -out server.key 1024 openssl req -new -key server.key -out server.csr < csr_info.txt openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt chmod 600 server.key chmod 600 server.crt
Create the httpd.conf for 'apachecp':
cat > /usr/local/apache1/conf/httpd.conf << "EOF"
# --- HOSTINGHACKS.NET/HTTPD_WEBCP.CONF ---
# APACHE 1.3 CONFIG FOR THE CONTROL PANEL FRONT-END
ServerType standalone
ServerName serv1.fatpenguinhosting.com
ServerAdmin servadmin@localhost.usa
ServerRoot "/usr/local/apache1"
LockFile /var/lock/subsys/apachecp
PidFile /var/run/webcp/apachecp.pid
MinSpareServers 1
MaxSpareServers 5
StartServers 2
MaxClients 25
Listen 2081
User webcp
Group webcp
DocumentRoot "/home/webcp/web"
LoadModule php4_module libexec/libphp4.so
LoadModule ssl_module libexec/libssl.so
DirectoryIndex index.php
UseCanonicalName Off
## TypesConfig /etc/mime.types
DefaultType text/plain
HostnameLookups Off
ServerSignature Off
LogLevel warn
ErrorLog /var/log/apachecp/errors
CustomLog /var/log/apachecp/access combined
AddType application/x-httpd-php .php
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
SSLEngine On
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/webcp/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/webcp/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/apachecp/ssl_engine_log
SSLLogLevel info
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache1/conf/server.crt
SSLCertificateKeyFile /usr/local/apache1/conf/server.key
SSLOptions +StdEnvVars
CustomLog /var/log/apachecp/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
EOF
mkdir -p /var/log/apachecp
chown webcp.webcp /var/log/apachecp
ln -s /usr/local/apache1/conf/httpd.conf /etc/httpd_webcp.conf >/dev/null 2>&1
php.ini for the apachecp module:
cat > /usr/local/apache1/conf/php.ini << "EOF" engine = On short_open_tag = On asp_tags = Off precision = 12 y2k_compliance = Off output_buffering = Off output_handler = unserialize_callback_func= zlib.output_compression = Off implicit_flush = Off allow_call_time_pass_reference = On safe_mode = Off safe_mode_gid = Off safe_mode_include_dir = safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH disable_functions = expose_php = On max_execution_time = 30 memory_limit = 8M error_reporting = E_ALL & ~E_NOTICE display_errors = On display_startup_errors = Off log_errors = Off track_errors = Off variables_order = "EGPCS" register_globals = On register_argc_argv = On post_max_size = 8M gpc_order = "GPC" magic_quotes_gpc = On magic_quotes_runtime = Off magic_quotes_sybase = Off auto_prepend_file = auto_append_file = default_mimetype = "text/html" doc_root = user_dir = extension_dir = ./ enable_dl = On file_uploads = On upload_max_filesize = 128M include_path = allow_url_fopen = On define_syslog_variables = Off [mail function] SMTP = localhost sendmail_from = me@localhost.com [Java] [SQL] sql.safe_mode = Off [MySQL] mysql.allow_persistent = On mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = 3306 mysql.default_socket = /var/run/mysql/mysql.sock mysql.default_host = localhost mysql.default_user = mysql.default_password = [mSQL] msql.allow_persistent = On msql.max_persistent = -1 msql.max_links = -1 [PostgresSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 [bcmath] bcmath.scale = 0 [browscap] [Informix] ifx.default_host = ifx.default_user = ifx.default_password = ifx.allow_persistent = On ifx.max_persistent = -1 ifx.max_links = -1 ifx.textasvarchar = 0 ifx.byteasvarchar = 0 ifx.charasvarchar = 0 ifx.blobinfile = 0 ifx.nullformat = 0 [Session] session.save_handler = files session.save_path = /tmp session.use_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_maxlifetime = 1440 session.referer_check = session.entropy_length = 0 session.entropy_file = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" EOF ln -s /usr/local/apache1/conf/php.ini /etc/php_apache1.ini >/dev/null 2>&1
apachecp (frontend) init script:
cat > /etc/rc.d/rc.apachecp << "EOF"
#!/bin/bash
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
# chkconfig: - 85 15
# description: Starts and stops the webcp httpd daemons.
# processname: apachecp
# pidfile: /var/run/webcp/apachecp.pid
# config: /usr/local/apache1/conf/httpd.conf
case "$1" in
start)
echo "Starting apachecp..."
/usr/local/apache1/bin/apachectl start
;;
stop)
echo "Stopping apachecp..."
/usr/local/apache1/bin/apachectl stop
;;
restart)
$0 stop
sleep 1
$0 start
;;
status)
statusproc /usr/local/apache1/bin/apachectl status
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
EOF
chmod 755 /etc/rc.d/rc.apachecp
echo "/etc/rc.d/rc.apachecp start" >> /etc/rc.d/rc.local
make edits to apachectl
cd /usr/local/apache1/bin sed -e 's/\/usr\/local\/apache1\/logs\/httpd.pid/\/var\/run\/webcp\/apachecp.pid/g' \ apachectl > apachectl_tmp mv apachectl_tmp apachectl -f chmod 755 apachectl /etc/rc.d/rc.apachecp start
PHP must be installed as a standalone binary to work with the backend php/mysql control panel:
cd /usr/src/php-4.3.11 ./configure \ --prefix=/usr \ --program-prefix=cli- \ --enable-cli \ --disable-cgi \ --disable-pear \ --with-zlib-dir=/usr \ --with-mysql=/usr \ --enable-pcntl \ --enable-posix \ --enable-sockets \ --enable-ftp \ --with-config-file-path=/etc/cli-php/ make && make install make clean rm -f config.cache
php.ini for the CLI:
mkdir -p /etc/cli-php/ cat > /etc/cli-php/php.ini << "EOF" engine = On short_open_tag = On asp_tags = Off precision = 12 y2k_compliance = Off output_buffering = Off output_handler = unserialize_callback_func= zlib.output_compression = Off implicit_flush = Off allow_call_time_pass_reference = On safe_mode = Off safe_mode_gid = Off safe_mode_include_dir = safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ safe_mode_protected_env_vars = LD_LIBRARY_PATH disable_functions = expose_php = On max_execution_time = 30 memory_limit = 8M error_reporting = E_ALL & ~E_NOTICE display_errors = On display_startup_errors = Off log_errors = Off track_errors = Off variables_order = "EGPCS" register_globals = On register_argc_argv = On post_max_size = 8M gpc_order = "GPC" magic_quotes_gpc = On magic_quotes_runtime = Off magic_quotes_sybase = Off auto_prepend_file = auto_append_file = default_mimetype = "text/html" doc_root = user_dir = extension_dir = ./ enable_dl = On file_uploads = On upload_max_filesize = 128M include_path = /home/webcp/web allow_url_fopen = On define_syslog_variables = Off [mail function] SMTP = localhost sendmail_from = me@localhost.com [MySQL] mysql.allow_persistent = On mysql.max_persistent = -1 mysql.max_links = -1 mysql.default_port = 3306 mysql.default_socket = /var/run/mysql/mysql.sock mysql.default_host = localhost mysql.default_user = mysql.default_password = EOF
Install Web-cp:
cd /usr/src wget http://www.web-cp.net/releases/webcp-0.5.6.tar.gz wget http://hostinghacks.net/dist/webcp-0.5.6.tar.gz tar -C /home -zxf webcp-0.5.6.tar.gz touch /var/log/webcp.log chown webcp.webcp /var/log/webcp.log chmod 600 /var/log/webcp.log mkdir -p /var/run/webcp chown webcp.webcp /var/run/webcp chmod 755 /var/run/webcp chown -R webcp.webcp /home/webcp chmod 755 /home/webcp cd /home/webcp chmod 755 -R httpd suspended imap named chmod 750 -R headers web server chown webcp.webcp -R headers chmod 755 server chmod 700 -R skel chmod 770 -R tag chmod 755 server/autoreply.php chmod 777 autoresponder touch /var/log/webcp.log chown webcp.webcp /var/log/webcp.log
Create the webcp database and import the schema:
echo "CREATE DATABASE webcp;" > create_db.txt mysql < create_db.txt -u root --password=dbpasswd mysql -u root --password=dbpasswd -D webcp < /home/webcp/webcp.sql rm create_db.txt
Check all settings in config.php. Any settings not applied here will default from
/home/webcp/web/config.inc.php. To leave a setting to it's default remove
it from config.php.
cat > /home/webcp/config.php << "EOF" <? // System $cfg['adminmail'] = 'servadmin@localhost.usa'; $cfg['sysname'] = 'serv1.fatpenguinhosting.com'; $cfg['ssl'] = true; $cfg['port'] = 2081; $cfg['httpd_mode'] = 'apache'; $cfg['loglevel'] = 2; $cfg['log_system'] = 'file'; $cfg['logfile'] = '/var/log/webcp.log'; $cfg['accesslog'] = '/var/log/apachecp/access'; $cfg['devhd'] = '/dev/md3'; $cfg['key'] = 'used.4.db.encryption'; $cfg['pid'] = '/var/run/webcp/webcp.pid'; $cfg['basedir'] = '/home/webcp'; $cfg['webdir'] = '/home'; $cfg['webname'] = 'web'; $cfg['os'] = 'linux'; $cfg['osversion'] = 'RedHat9.0'; // (*no setting exists for slack. use redhat9.0*) $cfg['ftpserver'] = 'proftpd'; $cfg['mailserver'] = 'sendmail'; // alternate = 'virtualqmail'; // Mysql $cfg['dbhost'] = 'localhost'; $cfg['dbuser'] = 'root'; $cfg['dbpass'] = 'dbpasswd'; $cfg['dbname'] = 'webcp'; $cfg['dbadminuser'] = 'root'; $cfg['dbadminpass'] = 'used.4.db.backups'; // Interface $cfg['sslang'] = 'php,ssi,perl,ssl,awstats'; $cfg['cookiesec'] = true; $cfg['ucount'] = 25; $cfg['bandwidth'] = false; $cfg['lang'] = 'english'; $cfg['defaultskin'] = 'bluefade'; // DNS (none|mail|bind|tinydns|mydns|pdns) $cfg['dns_system'] = 'bind'; $cfg['dns_email'] = 'servadmin@localhost.usa'; $cfg['dns_server1'] = 'ns1.fatpenguinhosting.com'; $cfg['dns_server2'] = 'ns2.fatpenguinhosting.com'; $cfg['mail_exchanger1'] = 'mx1.fatpenguinhosting.com'; $cfg['mail_exchanger2'] = 'mx2.fatpenguinhosting.com'; //to sync with a secondary: $cfg['masterip']=" 172.16.0.1"; // IMAP settings $cfg['uwimap'] = false; $cfg['uwimapdir'] = '/var/imap'; $cfg['allowed_cfg'] = 'dbhost|dbuser|dbpass|dbname| sysname|adminmail|os|osversion|defaultlang|key|httpd_mode'; $cfg['badusers'] = ' root bin daemon adm lp sync shutdown halt mail news uucp operator games gopher ftp nobody nscd mailnull ident rpc xfs httpd apache named webmail dovecot webcp mysql smmsp pop gdm sshd '; // Server Side HTTP config Location // Double quotes are used here because single quotes are needed within the strings $cfg['ss']['perl'] = "\tAddHandler cgi-script .cgi .pl\n\t <Directory '%PATH%'>\n\tOptions +ExecCGI\n\t</Directory>"; $cfg['ss']['php'] = "\tphp_admin_flag engine On \tphp_admin_value doc_root %PATH% \tphp_admin_value safe_mode_exec_dir .:%PATH% \tphp_admin_value open_basedir .:/tmp:".$cfg['php_lib'].":%PATH% \tAddType application/x-httpd-php .php .php4 .php3 .phtml \tAddType application/x-httpd-php-source .phps\n"; $cfg['ss']['ssi'] = "\tAddType text/html .shtml\n\tAddHandler server-parsed .shtml"; $cfg['ss']['awstats'] = "\tAlias /awstatsclasses \"/usr/local/awstats/wwwroot/classes/\" \tAlias /awstatscss \"/usr/local/awstats/wwwroot/css/\" \tAlias /awstatsicons \"/usr/local/awstats/wwwroot/icon/\" \tScriptAlias /awstats/ \"/usr/local/awstats/wwwroot/cgi-bin/\" \t<Directory \"/usr/local/awstats/wwwroot\"> \t\tOptions None \t\tAllowOverride None \t\tOrder allow,deny \t\tAllow from all \t</Directory>"; // Sendmail Configurations $cfg['mail_spool'] = '/var/spool/mail'; $cfg['mail_access'] = '/etc/mail/access'; $cfg['mail_virtuser'] = '/etc/mail/virtusertable'; $cfg['mail_aliases'] = '/etc/mail/aliases'; $cfg['mail_sendmail'] = '/etc/mail/local-host-names'; // Service stop / start / restart $cfg['init']['httpd'] = '/etc/rc.d/rc.httpd'; $cfg['init']['httpd-cp'] = '/etc/rc.d/rc.apachecp'; $cfg['init']['sendmail'] = '/etc/rc.d/rc.sendmail'; $cfg['init']['named'] = '/etc/rc.d/rc.bind'; // Service PID (for monitoring) $cfg['spid']['httpd'] = '/var/run/httpd.pid'; $cfg['spid']['httpd-cp']= '/var/run/httpd-cp.pid'; $cfg['spid']['sendmail']= '/var/run/sendmail.pid'; $cfg['spid']['named'] = '/var/run/named/named.pid'; $cfg['spid']['proftpd'] = '/var/run/proftpd.pid'; $cfg['spid']['pop3'] = '/var/run/sendmail.pid'; $cfg['spid']['imap'] = '/var/run/dovecot/master.pid'; $cfg['spid']['httpd-cp'] = '/var/run/apachecp.pid'; ?> EOF chmod 600 /home/webcp/config.php chown webcp.webcp /home/webcp/config.php
note: whitespace outside of the '< >' brackets will cause "sent header" errors.
vi /home/webcp/server/webcp.php # open /home/webcp/server/webcp.php # and change the shebang line to read as follows; #!/usr/bin/cli-php
Set the Web-cp daemon to start at boot time:
cat > /etc/rc.d/rc.webcp << "EOF"
#!/usr/bin/php -q
<?#
# putting php's <? opening before # makes chkconfig unable to parse some
# of the header data. This should be fixed in chkconfig.
# chkconfig: - 85 15
# description: Starts and stops the webcp and webcp httpd daemons.
# processname: webcp.php
# processname: webcp-httpd.php
# pidfile: /var/run/webcp/webcp.pid
# pidfile: /var/run/webcp/webcp-httpd.pid
# config: /home/webcp/web/config.inc.php
/*
// File:webcp-init.php
// Purpose:Starts and stops the webcp and webcp httpd daemons.
// Creation:2003-06-04
// Author:Jonathan Haskins - jhaskins_killobyte.com
*/
error_reporting(E_ALL);
$install_dir = '/home/webcp';
include("$install_dir/web/config.inc.php");
$args = trim(next($_SERVER['argv']));
switch($args) {
case 'start':
$status = start();
break;
case 'stop':
$status = stop();
break;
case 'restart':
$status = restart();
break;
case 'reload':
$status = reload();
break;
case 'status':
$status = status();
break;
default:
echo "usage: webcp (start|stop|restart|reload|status|help)\n\n";
echo "start- start web://cp\n";
echo "stop- stop web://cp\n";
echo "restart- restart web://cp\n";
echo "reload- reload the configuration file (not functional)\n";
echo "status- shows whether web://cp is running or not\n";
echo "help- display this help notice\n\n";
$status = 0;
break;
}
/* work around for weird status returns in php < 4.3 */
if ($status == 0) {
return(0);
} else {
exit(1);
}
function start() {
global $cfg, $install_dir;
$status = 0;
echo 'Starting web://cp daemon:';
if (($pid = get_pid($cfg['pid'])) && is_running($pid)) {
echo "[ OK ]\n";
} else {
exec("$install_dir/server/webcp.php -d > /dev/null", $webcp_output, $webcp_return);
if ($webcp_return !== 0) {
$status = 1;
echo "[ FAILED ]\n";
} else {
echo "[ OK ]\n";
}
}
if ($cfg['httpd_mode'] == 'webcp') {
echo 'Starting web://cp http daemon:';
if (($pid = get_pid($cfg['httpd_pid'])) && is_running($pid)) {
echo "[ OK ]\n";
} else {
exec("$install_dir/server/webcp-httpd.php -d > /dev/null", $httpd_output, $httpd_return);
if ($httpd_return !== 0) {
$status = 1;
echo "[ FAILED ]\n";
} else {
echo "[ OK ]\n";
}
}
}
return $status;
}
function stop() {
global $cfg;
$status = 0;
if ($cfg['httpd_mode'] == 'webcp') {
echo 'Stopping web://cp http daemon:';
if ($pid = get_pid($cfg['httpd_pid'])) {
if (!posix_kill($pid, 15)) {
$status = 1;
echo "[ FAILED ]\n";
} else {
echo "[ OK ]\n";
}
} else {
$status = 1;
echo "[ FAILED ]\n";
}
}
echo 'Stopping web://cp daemon:';
if ($pid = get_pid($cfg['pid'])) {
if (!posix_kill($pid, 15)) {
$status = 1;
echo "[ FAILED ]\n";
} else {
echo "[ OK ]\n";
}
} else {
$status = 1;
echo "[ FAILED ]\n";
}
return $status;
}
function restart() {
$status1 = stop();
sleep(1);
$status2 = start();
return $status1 + $status2 == 0 ? 0 : 1;
}
function reload() {
global $cfg;
$status = 0;
if ($cfg['httpd_mode'] == 'webcp') {
echo 'Reloading web://cp http daemon:';
if ($pid = get_pid($cfg['httpd_pid'])) {
if (!posix_kill($pid, 1)) {
$status = 1;
echo "[ FAILED ]\n";
} else {
echo "[ OK ]\n";
}
} else {
$status = 1;
echo "[ FAILED ]\n";
}
}
return $status;
}
function status() {
global $cfg;
$output = "web://cp is stopped\n";
if (($pid = get_pid($cfg['pid'])) && is_running($pid)) $webcp_pid = $pid;
if (($pid = get_pid($cfg['httpd_pid'])) && is_running($pid)) $httpd_pid = $pid;
if (isset($webcp_pid) || isset($httpd_pid)) {
$output = 'web://cp (pid';
if (isset($webcp_pid)) $output .= " $webcp_pid";
if (isset($httpd_pid)) $output .= " $httpd_pid";
$output .= ") is running...\n";
}
echo $output;
return 0;
}
function get_pid($pid_file) {
if (is_readable($pid_file) && !is_dir($pid_file)) {
return trim(implode('', file($pid_file)));
} else {
return false;
}
}
function is_running($pid) {
if ($pid > 0 && posix_kill($pid, 0)) {
return true;
} else {
return false;
}
}
?>
EOF
chmod 755 /etc/rc.d/rc.webcp
echo "/etc/rc.d/rc.webcp start" >> /etc/rc.d/rc.local /etc/rc.d/rc.webcp start /etc/rc.d/rc.apachecp start
Your control panel should have basic functionality at this point. browse to https://serv1.fatpenguinhosting.com:2081 and continue with the setup script.
If you encounter problems during the installation visit the forums or the troubleshooting tips @ http://phpanel.net/webcp-troubleshooting/ .
cat > /etc/logrotate.d/apachecp << "EOF"
/var/log/apachecp/* {
missingok
create 0644
postrotate
service apachecp restart 2> /dev/null || true
endscript
}
EOF
chmod 644 /etc/logrotate.d/apachecp
cat > /etc/logrotate.d/webcp << "EOF"
/var/log/webcp.log {
missingok
create 0644
postrotate
/etc/rc.d/rc.webcp restart 2> /dev/null || true
endscript
}
EOF
chmod 644 /etc/logrotate.d/webcp
mail daily log reports:
cat > /etc/cron.daily/watch.webcp << "EOF" #!/bin/sh tail -100 /var/log/webcp.log | mail -s "webcp log" servadmin@localhost EOF chmod +x /etc/cron.daily/watch.webcp /etc/cron.daily/watch.webcp
cat > /etc/cron.weekly/watch.apachecp << "EOF" #!/bin/sh tail -100 /var/log/apachecp/errors | mail -s "apachecp errors" servadmin@localhost tail -100 /var/log/apachecp/access | mail -s "apachecp access" servadmin@localhost tail -100 /var/log/apachecp/ssl_engine_log | mail -s "apachecp ssl_engine" servadmin@localhost EOF chmod +x /etc/cron.weekly/watch.apachecp /etc/cron.weekly/watch.apachecp
PHP must be installed as a standalone binary to work with the backend php/mysql control panel.
Critical modules for a Webcp PHP CLI:
MySQL module '--with-mysql=/usr'
FTP module '--enable-ftp'
Zlib module '--with-zlib-dir=/usr'
POSIX module '--enable-posix'
Process Control module '--enable-pcntl'
Sockets Module '--enable-sockets'
'--enable-ftp' - The back end needs FTP for remote backups
(they are done by the backend so that the user doesn't need to sit and
wait for the backup to finish before they can do anything else).
check the apache/php config setup:
cat > /home/webcp/web/phpinfo.php << "EOF" <?php phpinfo(); ?> EOF /usr/local/apache1/bin/httpd -DSSL start lynx https://localhost/phpinfo.php
SSLEngine On
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache1/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache1/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /usr/local/apache1/logs/ssl_engine_log
SSLLogLevel info
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache1/conf/server.crt
SSLCertificateKeyFile /usr/local/apache1/conf/server.key
SSLOptions +StdEnvVars
CustomLog /usr/local/apache1/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLSessionCache none
SSLSessionCache - global/inter-process SSL Session Cache.
modern clients
request inlined images and other data via parallel requests (usually up to
four parallel requests are common) and those requests are served by different
pre-forked server processes. Here an inter-process cache helps to avoid
unneccessary session handshakes.
two storage types:
none - (This is the default).
No drawback in functionality, but a noticeable speed penalty can be observed.
dbm:/path/to/datafile -
This makes use of a DBM hashfile on the local disk to synchronize the local
OpenSSL memory caches. Results in a visible request speedup for your clients, so this
type of storage is generally recommended.
SSLMutex sem
SSLMutex sem - the SSL engine's semaphore (aka. lock) is used
for mutual exclusion of operations which have to be done in a synchronized
way between the pre-forked Apache server processes. This directive can only
be used in the global server context.
The following Mutex types are available:
none - (This is the default) it's not recommended to
leave this the default since it risks a sometimes garbled Session Cache.
Instead configure a real Mutex.
file:/path/to/mutex -
This is the portable and (under Unix) always provided Mutex variant where
a physical (lock-)file is used as the Mutex.
sem - a SysV IPC Semaphore (under Unix) is
used when possible. It is only available when the underlying platform supports it.
Example:
SSLMutex file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed configures one or more sources for seeding the Pseudo Random Number
Generator (PRNG) in OpenSSL at startup time (context is startup) and/or just
before a new SSL connection is established (context is connect).
builtin - This is the always available builtin seeding source. It's usage consumes
minimum CPU cycles under runtime and hence can be always used without
drawbacks.
file:/path/to/source -
This variant uses an external file /path/to/source as the source for
seeding the PRNG. Use this especially at startup time, for instance with
an available /dev/random and/or /dev/urandom devices
SSLOptions +StdEnvVars
available SSLOptions are:
StdEnvVars - enables a standard set of SSL related CGI/SSI
environment variables are created, usually enabled for CGI and SSI requests only.
CompatEnvVars - for backward compatibility to other Apache SSL solutions.
ExportCertData - bloats up the environment with
additional environment variables: SSL_SERVER_CERT, SSL_CLIENT_CERT and SSL_CLIENT_CERT_CHAIN.
Can be used by CGI scripts for deeper Certificate checking.
FakeBasicAuth - the Subject Distinguished Name (DN) of the
Client X509 Certificate is translated into a HTTP Basic Authorization username so
that the standard Apache authentication methods can be used.
StrictRequire - forces forbidden access when SSLRequireSSL or SSLRequire successfully
decided that access should be forbidden.
OptRenegotiate - enables optimized SSL connection renegotiation handling when SSL
directives are used in per-directory context.
Example:
SSLOptions +FakeBasicAuth -StrictRequire
Testing the ssl handshake:
/usr/local/apache1/bin/httpd -DSSL start openssl s_client -connect localhost:2081 /usr/local/apache1/bin/httpd -DSSL stop #0 LOGOUT to exit