[BlueOnyx:26051] Re: php shell_exec() or exec() always returns null

2023-03-26 Thread Brent Epp 

On 2023-03-25 09:36, Michael Stauber wrote:


That's correct. It's protected with "chattr". To allow editing, run 
this as root first:


chattr -i php.ini

If you want to protect it again after your edits, run this instead:

chattr +i php.ini

It's a good idea to make a copy of your modified php.ini, as the GUI 
may overwrite it in the future when PHP changes are pushed out to Vsites. 

Hi Michael,

This was the key, thanks.  Set it was writable, set the 
disable_functions option, restart httpd, and now it works.


Thanks!
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26049] Re: php shell_exec() or exec() always returns null

2023-03-25 Thread Brent Epp 



On 2023-03-23 14:45, Brent Epp wrote:

On 2023-03-23 13:15, Michael Stauber wrote:

Hi Brent,

Maybe it's not following the config in the include file for some 
reason?


Ah, yes. That's it, because this wholly depends on what type of PHP 
implementation you use for the Vsite in question:


DSO or DSO/mod_ruid2: PHP-Settings from Apache include are honored

suPHP: Aren't honored, Vsite has it's own php.ini for that

PHP-FPM: Aren't honored, Vsite has it's own PHP-FPM pool file for that


Now even for DSO or DSO/mod_ruid2 there are special cases. Some 
config options for PHP are server wide and cannot be set on a per 
Vsite (or per ) level.


See: https://www.php.net/manual/en/ini.core.php

- 


 disable_functions string

    This directive allows you to disable certain functions. It takes on
    a comma-delimited list of function names.

    Only internal functions can be disabled using this directive. User-
    defined functions are unaffected.

    This directive must be set in php.ini For example, you cannot set
    this in httpd.conf.
- 



Generally most of the options you find under "Server Management" / 
"Security" / "PHP" are such "php_admin" functions that must go into 
php.ini and the GUI usually takes care of that for all relevant PHP 
versions and implementations that are or may be installed.




Thanks, Michael, that clears some things up.  I'll play around with 
the PHP implementations and see if I can get it working for just the 
vsite.


Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

Hi Michael,

I set it to suPHP and I can see the php.ini generated in the vsite's 
directory, but it's still not working.


The vsite's php.ini file doesn't contain a configuration for 
disable_functions (does it inherit certain configs from a master php.ini?)


I can't modify the vsite's php.ini file (read-only, even as root).

Is there somewhere in the BX GUI to edit the vsite-specific php.ini that 
I'm missing?


Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26048] Re: php shell_exec() or exec() always returns null

2023-03-23 Thread Brent Epp 

On 2023-03-23 13:15, Michael Stauber wrote:

Hi Brent,


Maybe it's not following the config in the include file for some reason?


Ah, yes. That's it, because this wholly depends on what type of PHP 
implementation you use for the Vsite in question:


DSO or DSO/mod_ruid2: PHP-Settings from Apache include are honored

suPHP: Aren't honored, Vsite has it's own php.ini for that

PHP-FPM: Aren't honored, Vsite has it's own PHP-FPM pool file for that


Now even for DSO or DSO/mod_ruid2 there are special cases. Some config 
options for PHP are server wide and cannot be set on a per Vsite (or 
per ) level.


See: https://www.php.net/manual/en/ini.core.php

-
 disable_functions string

    This directive allows you to disable certain functions. It takes on
    a comma-delimited list of function names.

    Only internal functions can be disabled using this directive. User-
    defined functions are unaffected.

    This directive must be set in php.ini For example, you cannot set
    this in httpd.conf.
-

Generally most of the options you find under "Server Management" / 
"Security" / "PHP" are such "php_admin" functions that must go into 
php.ini and the GUI usually takes care of that for all relevant PHP 
versions and implementations that are or may be installed.




Thanks, Michael, that clears some things up.  I'll play around with the 
PHP implementations and see if I can get it working for just the vsite.


Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26046] Re: php shell_exec() or exec() always returns null

2023-03-23 Thread Brent Epp 

On 2023-03-23 09:39, Michael Stauber wrote:

Hi Brent,

 php_admin_value disable_functions 
system,passthru,popen,escapeshellcmd,proc_open,proc_nice,ini_restore


phpinfo() shows it's loading the local value for disable_functions as 
seen in the above line (note the lack of 'exec' and 'shell_exec' 
listed in the value)


I set PHP with mod_ruid and set it to execute as the vsite owner.

shell_exec() and exec() always return null, even executing a simple 
command where permissions shouldn't be an issue, like `ls /tmp`


What am I missing?


I'm not sure, Brent. To test it I just went to "Server Settings" / 
"Security" / "PHP" and removed "shell_exec" from the list of disabled 
functions and saved. That allowed it then globally for all Vsites.


Your approach to edit the include file is also fine and if phpinfo() 
no longer lists shell_exec() under disabled functions in your PHP, 
then you should be good.


Maybe your PHP syntax is incorrect? It's hard to say without seeing 
the whole code.


I just tried this snippet and it worked for me once shell_exec() was 
no longer forbidden:


$output = shell_exec('ls -als /tmp');
echo "$output";

Please note I'm using 'straight' single-quotation marks and not 
backticks like you did in your `ls /tmp` example.



Hi Michael,

I would prefer to only enable it for the one vsite, if possible, so I 
just modified the include file.


In any case, changed it through the BX GUI like you described above and 
it works.  I didn't not change the testing code, so it wasn't a syntax 
error or otherwise.


My testing code is just:

    error_log(shell_exec('ls /tmp -1sh'));

Maybe it's not following the config in the include file for some reason?

Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26044] php shell_exec() or exec() always returns null

2023-03-23 Thread Brent Epp 

Hello,

I've been trying to get this function working for one site on a BX 
system.  I modified the vsite include file with:


    php_admin_value disable_functions 
system,passthru,popen,escapeshellcmd,proc_open,proc_nice,ini_restore


phpinfo() shows it's loading the local value for disable_functions as 
seen in the above line (note the lack of 'exec' and 'shell_exec' listed 
in the value)


I set PHP with mod_ruid and set it to execute as the vsite owner.

shell_exec() and exec() always return null, even executing a simple 
command where permissions shouldn't be an issue, like `ls /tmp`


What am I missing?

Thanks
 - Brent

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25594] Check vsite suspension state from shell

2022-08-25 Thread Brent Epp 

Greetings,

Is there a way I can use bash to determine if a vsite is suspended?

Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25505] Rename user

2022-07-18 Thread Brent Epp 

Greetings,

Simple question: is there a way to rename a user? (ie.: the actual 
system username)  If not, is there a workaround that doesn't break things?

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25482] Re: Letsencrypt email is not updated?

2022-06-18 Thread Brent Epp 

Hi Michael,

On 2022-06-18 11:05, Michael Stauber wrote:

Hi Brent,

It appears that the Letencrypt email address (entered in [site] > SSL 
> Let's Encrypt > Contact Email) may not be updating the cert.  We've 
been receiving emails from exp...@letsencrypt.org that are sent a 
different address than what's entered here.


Am I missing something?  Is a master entry somewhere I haven't found?


Yeah, this is a bit of a mixed bag. There is a master email address 
configured in /usr/sausalito/acme/account.conf


That is the account email address associated with your server in the 
ACME API.


However, when we register SSL certs, the acme.sh call to register the 
desired certificate substitutes the email address you specified in the 
GUI as a command line parameter. So that cert will get registered with 
whatever email address you had provided in the GUI during the request.


These email addresses (account API vs. certificate request email) can 
be different.


Information that a cert is about to expire is usually sent to the 
email address associated with the cert. Infos about API and policy 
changes are usually email to the account email.


I checked the /usr/sausalito/acme/account.conf file as well as the GUI, 
and they are both set to the correct email address where we want to 
receive these notices.  However, the notices are still being sent to a 
different address.


Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25480] Letsencrypt email is not updated?

2022-06-18 Thread Brent Epp 

Hello,

It appears that the Letencrypt email address (entered in [site] > SSL > 
Let's Encrypt > Contact Email) may not be updating the cert.  We've been 
receiving emails from exp...@letsencrypt.org that are sent a different 
address than what's entered here.


Am I missing something?  Is a master entry somewhere I haven't found?

Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23919] Re: 5209R Update: Disabled TLSv1.1 for Apache

2020-05-30 Thread Brent Epp 

Hi Michael,

My apologies; you can probably disregard this, I misread the date on 
your email and these failures we're experiencing only began recently.


 - Brent

On 2020-05-30 12:04, Brent Epp wrote:

Hi Michael,

Since this update, we seem to be having a problem with a PHP SMTP 
library (swiftmailer) that we're using for a number of sites. I've 
updated the library to the version that provides TLSv1.2 support, the 
the failure persists: "Swift_TransportException: Unable to connect 
with TLS encryption"


I've also tried the latest version of swiftmailer with PHP 7.3.17, 
which results in the same error.


The one last thing I've tried is tweaking the library to force the TLS 
version to 1.2 ... same error.


Is there something else I need to adjust within apache to make this work?

Thanks
 - Brent

On 2020-02-19 10:49, Michael Stauber wrote:

Hi all,

Well, it's now the year 2020 (still no flying cars or hover-boards!), so
it's time to retire the TLSv1.1 protocol from Apache.

To that end an updated base-apache-* has been released for 5209R, where
it was still available as a fallback.

As the OpenSSL on 5209R is too old to support TLSv1.3 we had introduced
Nginx as SSL-proxy, as our custom built Nginx is statically compiled
against a newer OpenSSL that allows us to provide TLSv1.3 and HTTP/2
functionality.

The benefits and usage of the Nginx SSL-proxy are explained here - in
case you're wondering what that is and how to make use of it:

https://www.blueonyx.it/5209r-nginx-ssl-proxy

In case someone wonders what SSL protocols the different versions of
BlueOnyx support in Apache, here is a small list:

BlueOnyx 5210R: Both Apache & Nginx: TLSv1.3 with TLSv1.2 as a fallback

BlueOnyx 5209R: Apache: TLSv1.2, Nginx: TLSv1.3 with TLSv1.2 as fallback

BlueOnyx 5207R/5208R: Apache: TLSv1.2 only





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23918] Re: 5209R Update: Disabled TLSv1.1 for Apache

2020-05-30 Thread Brent Epp 

Hi Michael,

Since this update, we seem to be having a problem with a PHP SMTP 
library (swiftmailer) that we're using for a number of sites. I've 
updated the library to the version that provides TLSv1.2 support, the 
the failure persists: "Swift_TransportException: Unable to connect with 
TLS encryption"


I've also tried the latest version of swiftmailer with PHP 7.3.17, which 
results in the same error.


The one last thing I've tried is tweaking the library to force the TLS 
version to 1.2 ... same error.


Is there something else I need to adjust within apache to make this work?

Thanks
 - Brent

On 2020-02-19 10:49, Michael Stauber wrote:

Hi all,

Well, it's now the year 2020 (still no flying cars or hover-boards!), so
it's time to retire the TLSv1.1 protocol from Apache.

To that end an updated base-apache-* has been released for 5209R, where
it was still available as a fallback.

As the OpenSSL on 5209R is too old to support TLSv1.3 we had introduced
Nginx as SSL-proxy, as our custom built Nginx is statically compiled
against a newer OpenSSL that allows us to provide TLSv1.3 and HTTP/2
functionality.

The benefits and usage of the Nginx SSL-proxy are explained here - in
case you're wondering what that is and how to make use of it:

https://www.blueonyx.it/5209r-nginx-ssl-proxy

In case someone wonders what SSL protocols the different versions of
BlueOnyx support in Apache, here is a small list:

BlueOnyx 5210R: Both Apache & Nginx: TLSv1.3 with TLSv1.2 as a fallback

BlueOnyx 5209R: Apache: TLSv1.2, Nginx: TLSv1.3 with TLSv1.2 as fallback

BlueOnyx 5207R/5208R: Apache: TLSv1.2 only



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23841] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-14 Thread Brent Epp 

Hi Michael,

Yes, those command outputs line up.  This is copied straight from the shell:

# rpm -q --whatprovides /home/solarspeed/php-5.6/lib/httpd/libphp5.so
PHP56-5.6.40-3.x86_64

# strings /home/solarspeed/php-5.6/lib/httpd/libphp5.so | grep X-Powered-By
X-Powered-By: PHP/5.6.40

However, I think this did the trick:

1. under "Server Management" / "Security" / "PHP Settings", set default version 
to 5.6.40 and make all installed versions available

2. under "Site Management" / [site] / "Web" and "PHP", switch the execution 
modes around a few times and eventually it sorts itself out.

No more notice message on the PHP settings in the site manager and phpinfo() 
now reports 5.6.40 with DSO and mod_ruid2.

Thanks!
 - Brent

On 2020-05-14 14:42, Michael Stauber wrote:

Hi Brent,


Sorry for top-posting, but I just want to bring to your attention that
this isn't resolved.

Can you please run the following commands and check what they return?

#> rpm -q --whatprovides /home/solarspeed/php-5.6/lib/httpd/libphp5.so

This should report:

PHP56-5.6.40-3.x86_64

#> strings /home/solarspeed/php-5.6/lib/httpd/libphp5.so
|grep X-Powered-By


This should report:

X-Powered-By: PHP/5.6.40



Site Management > [site] > Services > Web: 5.6.36

Please go to "Server Management" / "Security" / "PHP Settings" and check
what PHP versions it reports there. When you access the page, it'll
fetch the latest available version numbers and it wouldn't hurt if you
(just once) saved the page after loading it to make that data available
to Vsites.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23836] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-12 Thread Brent Epp 

Hi Micahel,

Sorry for top-posting, but I just want to bring to your attention that 
this isn't resolved.


Thanks
 - Brent

On 2020-05-08 12:01, Brent Epp wrote:

Hi Michael,

The package installed and it works with suPHP or FPM.

But the issues DSO and mod_ruid2 persist.

  Site Management > [site] > Services > Web: 5.6.36
  Site Management > [site] > Services > PHP: [no version string] and a 
persistent PHP error (below)

  phpinfo(): 5.4.16

A PHP Error was encountered
Severity: Notice
Message: Undefined index: 5.6.36
Filename: controllers/vsitePHP.php
Line Number: 137

In the PHP settings, the  elements are also showing newlines 
as \n


 - Brent

On 2020-05-08 11:33, Michael Stauber wrote:

Hi Brent,


It does not appear to be showing up for us: https://imgur.com/a/oNfQlcs

I have clicked "Check Availability Now", the list doesn't change.

Am I missing something?

Perhaps the release date of the PHP-5.6.40-3 is *after* the expiry of
your support period? You can see that under "Expiry Report".

I just set the start date of the availability of that -3 PKG to the same
that the -2 PKG had: 2020-04-29 19:20:09

Please check again if you can see it now. You may have to hit that
"Check Availability Now" button again, though.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23834] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-08 Thread Brent Epp 

Hi Michael,

The package installed and it works with suPHP or FPM.

But the issues DSO and mod_ruid2 persist.

  Site Management > [site] > Services > Web: 5.6.36
  Site Management > [site] > Services > PHP: [no version string] and a 
persistent PHP error (below)

  phpinfo(): 5.4.16

A PHP Error was encountered
Severity: Notice
Message: Undefined index: 5.6.36
Filename: controllers/vsitePHP.php
Line Number: 137

In the PHP settings, the  elements are also showing newlines as \n

 - Brent

On 2020-05-08 11:33, Michael Stauber wrote:

Hi Brent,


It does not appear to be showing up for us: https://imgur.com/a/oNfQlcs

I have clicked "Check Availability Now", the list doesn't change.

Am I missing something?

Perhaps the release date of the PHP-5.6.40-3 is *after* the expiry of
your support period? You can see that under "Expiry Report".

I just set the start date of the availability of that -3 PKG to the same
that the -2 PKG had: 2020-04-29 19:20:09

Please check again if you can see it now. You may have to hit that
"Check Availability Now" button again, though.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23832] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-08 Thread Brent Epp 

Hi Michael,

Thanks, that did the trick.

Our expiry is 2020-05-06 19:37:40

 - Brent

On 2020-05-08 11:33, Michael Stauber wrote:

Hi Brent,


It does not appear to be showing up for us: https://imgur.com/a/oNfQlcs

I have clicked "Check Availability Now", the list doesn't change.

Am I missing something?

Perhaps the release date of the PHP-5.6.40-3 is *after* the expiry of
your support period? You can see that under "Expiry Report".

I just set the start date of the availability of that -3 PKG to the same
that the -2 PKG had: 2020-04-29 19:20:09

Please check again if you can see it now. You may have to hit that
"Check Availability Now" button again, though.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23830] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-08 Thread Brent Epp 

Hi Michael,

It does not appear to be showing up for us: https://imgur.com/a/oNfQlcs

I have clicked "Check Availability Now", the list doesn't change.

Am I missing something?

Thanks
 - Brent

On 2020-05-07 19:58, Michael Stauber wrote:

Hi Brent,


When I select DSO or mod_ruid2 for a vsite, that site gets kicked down
to 5.4.16.  Interestingly, I get different version numbers in the site
management than I do from phpinfo()

With PHP (DSO) + mod_ruid2:

   Site Management > [Site] > Services > Web: 5.6.36
   Site Management > [Site] > Services > PHP: 5.4.16 (there was one time
where the version was blank)
   phpinfo: 5.4.16

With PHP (DSO)

   Site Management > [Site] > Services > Web: 5.6.36
   Site Management > [Site] > Services > PHP: 5.4.16
   phpinfo: 5.4.16

I just released 5209R-PHP56-5.6.40-3.pkg, which fixes this problem. It's
available on NewLinQ.




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23825] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-06 Thread Brent Epp 

Hi Michael,

When I select DSO or mod_ruid2 for a vsite, that site gets kicked down 
to 5.4.16.  Interestingly, I get different version numbers in the site 
management than I do from phpinfo()


With PHP (DSO) + mod_ruid2:

  Site Management > [Site] > Services > Web: 5.6.36
  Site Management > [Site] > Services > PHP: 5.4.16 (there was one time 
where the version was blank)

  phpinfo: 5.4.16

With PHP (DSO)

  Site Management > [Site] > Services > Web: 5.6.36
  Site Management > [Site] > Services > PHP: 5.4.16
  phpinfo: 5.4.16

I get a version  for suPHP and FPM/FastCGI.  No such  
for DSO or DSO + mod_ruid2, just displays the version.


The BlueOnyx panel also shows this error at the top sometimes when 
switching between execution modes:


  A PHP Error was encountered
  Severity: Notice
  Message: Undefined offset: 0
  Filename: modifyWeb.Vsite/10_PHP.php
  Line Number: 140

Let me know if you need any logs.

Thanks
 - Brent

On 2020-05-06 18:25, Michael Stauber wrote:

Hi Brent,


However, it seems that it also broke DSO and mod_ruid2 execution modes.
We're okay to get around it with suPHP or FPM, which work, but now I'm
stuck with an issue that's preventing me from writing to the php.ini
files in /home/.sites/XXX/siteX

Oh? In which way are these broken? And that's with the
5209R-PHP56-5.6.40-2.pkg?



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23823] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-06 Thread Brent Epp 

Thanks Michael, that did the trick.

However, it seems that it also broke DSO and mod_ruid2 execution modes.  
We're okay to get around it with suPHP or FPM, which work, but now I'm 
stuck with an issue that's preventing me from writing to the php.ini 
files in /home/.sites/XXX/siteX


 - Brent

On 2020-05-05 18:12, Michael Stauber wrote:

Hi Brent,


I guess I slipped through the cracks with PHP 5.6.36

You could install 5209R-PHP56-5.6.40-2.pkg instead. That has working
ImageMagick-support again.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23821] Re: Problem with ImageMagick!! - Update of ImageMagick

2020-05-05 Thread Brent Epp 

I guess I slipped through the cracks with PHP 5.6.36

 - Brent

On 2020-04-29 22:38, Michael Stauber wrote:

Hi all,

Small update on the 5209R ImageMagick debacle:

While the release of solarspeed-Imagick-compat managed to silence the
error messages in PHP, the ImageMagick support remained somewhat broken
due to further remaining incompatibilities.

For that reason updated PHP pages for 5209R have been built and released
to NewLinQ:

5209R-PHP54-5.4.45-3.pkg
5209R-PHP55-5.5.38-3.pkg
5209R-PHP56-5.6.40-2.pkg
5209R-PHP70-7.0.33-2.pkg
5209R-PHP71-7.1.33-2.pkg
5209R-PHP72-7.2.30-2.pkg
5209R-PHP73-7.3.17-2.pkg
5209R-PHP74-7.4.5-2.pkg

As you can see: This includes every latest version of PHP between PHP
5.4 and the now current 7.4. All these were built with (working)
ImageMagick support using the latest OS provided ImageMagick.

I even rebuilt PHP versions that have since long been EOL'ed, because
some of you still might have them in usage.

I could *not* rebuild PHP-5.3.29 because of compatibility issues, but
then again: That one is so old that it *really* shouldn't be used
anywhere at this time.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23593] Re: AWStats likely incomplete

2020-01-20 Thread Brent Epp 
I'm not familiar enough with AWStats particularly to know why this 
change may have affected it, but I can tell you that Javascript can be 
finicky with redirection and it will cause navigation step.  Perhaps 
that step is what's affecting the stats?  We would need to know 
specifically what metric or metrics have changed.


The first thing I would do is remove the JS redirect and use an 
.htaccess file for SSL enforcement.  You'll need to login to the BX 
admin GUI, under Server Management > Network Services > Web


Under Options: enable All, FollowSymLInks, SymLinksIfOwnerMatch
Under AllowOverride: enable All, Options

If these are already enabled, you can just leave this screen alone.

Then paste this inside a file named `.htaccess` in the website's 
document root:




DirectoryIndex index.cgi

# enable rewrites
Options +FollowSymLinks
RewriteEngine on
RewriteBase /

# force SSL
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]



This will do two things:
 - set your default homepage to index.cgi (no redirection needed)
 - force SSL throughout the entire site transparently

If for some reason the .htaccess file breaks the site, you can quickly 
restore access by renaming the .htaccess file to anything else (like 
.htaccess.off)


 - Brent

On 2020-01-20 10:53, Adam Lepp wrote:

Index.html redirects via JS to https://[sitename]/index.cgi but you can
access http://[sitename]/index.cgi directly.
They have a larger site that most people use, via a menu item, to access
this site. We had recently changed the directive from
http://[sitename]/index.cgi to https://[sitename]/index.cgi and that's what
I believe caused this.

-Original Message-
From: Blueonyx  On Behalf Of Brent Epp
Sent: Monday, January 20, 2020 11:10 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:23591] Re: AWStats likely incomplete

Hi Adam,

How exactly did you implement the SSL enforcement?

   - Brent

On 2020-01-20 09:55, Adam Lepp wrote:

One of my clients pulls her AWStats monthly.   We noticed that recent
stats have dropped off 50%+ and suspect it’s due to my recently-added
directive that the site now requires SSL.

I looked over documentation but don’t see an easy way to make sure it
is reading all page requests.

With Webalizer, hits dropped somewhat due to the usual holiday
slowdown, but not to the extreme shown by AWStats.  We prefer to
continue using AWStats.

Can any of you smart people provide insight, and a way to adjust
configuration logs without messing anything up?

I could edit the raw logs, replace HTTPS with HTTP and run on a
different server, but there has to be an easier way.

5209R BOPE


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23591] Re: AWStats likely incomplete

2020-01-20 Thread Brent Epp 

Hi Adam,

How exactly did you implement the SSL enforcement?

 - Brent

On 2020-01-20 09:55, Adam Lepp wrote:


One of my clients pulls her AWStats monthly.   We noticed that recent 
stats have dropped off 50%+ and suspect it’s due to my recently-added 
directive that the site now requires SSL.


I looked over documentation but don’t see an easy way to make sure it 
is reading all page requests.


With Webalizer, hits dropped somewhat due to the usual holiday 
slowdown, but not to the extreme shown by AWStats.  We prefer to 
continue using AWStats.


Can any of you smart people provide insight, and a way to adjust 
configuration logs without messing anything up?


I could edit the raw logs, replace HTTPS with HTTP and run on a 
different server, but there has to be an easier way.


5209R BOPE


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23571] Re: 5209R - iptables issue

2020-01-11 Thread Brent Epp 

Hi Colin,

Next time this happens, before flushing the tables, run `iptables -L -n` 
and look for any peculiar rules.  Check particularly the fail2ban chains.


Perhaps make daily-run script to dump a list of the iptables rules to 
file so you can compare the rules from before and after the connection 
starts failing.


 - Brent

On 2020-01-10 07:23, Colin Jack wrote:

I have a strange issue on a 5209R VPS.

After a few weeks it stops connecting to blueonyx.it even though name resolves 
okay.
So no access to shop or news.

Also cannot connect via SSH to other VPS on the same network etc.

If I run iptables -F everything starts working again and stays like that for a 
few weeks and then breaks again.

Can anybody suggest a remedy?

I haven't seen this on any of our other VPS - 5207R, 5208R, 5209R

Thanks

Colin

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23553] Re: Office 365

2019-12-27 Thread Brent Epp 
Wow, I just looked up the minimum requirements for Exchange -- you 
weren't kidding!


Most of our mail accounts on BX hosts are using POP, so I don't know 
about handling extremely large files, but the biggest limitation I've 
encountered with IMAP is that dovecot can't handle "inferior mailboxes" 
(subfolders in subfolders in subfolders...) in the default 
configuration.  I would consider this to be fairly critical 
functionality for anyone wanting to use IMAP.


 - Brent

On 2019-12-27 09:48, Lew Berry wrote:

M$, Google and Apple all remind me of the cartoon rat with plans to rule the 
world. With the latest version of Exchange requiring well over 100Gb of RAM 
just to operate I don't think you'll be seeing any big movement to it in the 
SMB marketplace. With them disavowing all knowledge of the 2010 version (the 
last one truly affordable to small business is the form of the SBS package), 
there is going to be some sort of rapid shift in the market about to begin. The 
new Outlook seems to be designed to (without substantial effort) only want to 
work with the M$ buy here, pay here, used car lot (AKA 365). GSuite doesn't 
seem like that much better of a bargain, so let's hope this brings us a surge 
in demand for open-source. That said, how has BX been at dealing 80Gb mailboxes

Lew Berry, MCSE, MCT, CSSA
LCB Consulting Inc.
Systems Engineer
450-106 State Road 13 N, #205
St Johns FL, 32259
lcbe...@lcbconsulting.net
(904) 482-1405
(904) 322-5049 fax
(904) 651-1046 cell
  
** CONFIDENTIALITY NOTICE **

NOTICE: This e-mail message and all attachments transmitted with it may contain 
legally privileged and confidential information intended solely for the use of 
the addressee. If the reader of this message is not the intended recipient, you 
are hereby notified that any reading, dissemination, distribution, copying, or 
other use of this message or its attachments is strictly prohibited. If you 
have received this message in error, please notify the sender immediately and 
delete this message from your system. Thank you.


-Original Message-
From: Blueonyx  On Behalf Of Dick Dolby
Sent: Friday, December 27, 2019 6:20 AM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:23551] Re: Office 365

Hi all,

>From within Outlook, choose File > Account Settings > Manage Profiles, give it 
admin, then click 'Email Accounts'. That will give you the classic window too.

I agree with Brent though, MS have lost the plot.


DD


-Original Message-
From: Blueonyx  On Behalf Of Brent Epp
Sent: 26 December 2019 03:20
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:23546] Re: Office 365

Microsoft has completely lost their minds with the later versions of Office 
(among other things)

The trick is to go in through Control Panel > Mail (32 bit) > Email Accounts.  
This will give you the classic Outlook account config window with all the settings 
available.

   - Brent

On 2019-12-25 21:05, Robert Fitzpatrick wrote:

Is there any solution to setting up an IMAP or POP account on Office
365 since the BlueOnyx server will not recognize a full email address
as the username?

I've tried to find a way and can't, doesn't seem like MS gives a way
to do.

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23546] Re: Office 365

2019-12-25 Thread Brent Epp 
Microsoft has completely lost their minds with the later versions of 
Office (among other things)


The trick is to go in through Control Panel > Mail (32 bit) > Email 
Accounts.  This will give you the classic Outlook account config window 
with all the settings available.


 - Brent

On 2019-12-25 21:05, Robert Fitzpatrick wrote:
Is there any solution to setting up an IMAP or POP account on Office 
365 since the BlueOnyx server will not recognize a full email address 
as the username?


I've tried to find a way and can't, doesn't seem like MS gives a way 
to do.


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23268] Re: redirect to https

2019-09-24 Thread Brent Epp 

Ah - thanks for the correction, no more editing include files!

 - Brent

On 2019-09-24 13:57, Michael Stauber wrote:

Hi Meaulnes,


yeah I tried several .htaccess configurations, but always got the 500
Internal Server Error error...

In order to allow these kind of .htaccess stuff you need to tweak Apache
a little, but you can do so via the GUI:

Under "Server Management" / "Network Services" / "Web" tick everything
but "SymLinksIfOwnerMatch" under "Options" and under "AllowOverride"
tick everything.

Save the changes and the .htaccess should work, provided it has no
errors in it.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23266] Re: redirect to https

2019-09-24 Thread Brent Epp 

There's no option in the GUI, unfortunately.

I'm not sure if it's a default from Apache or BX, but you need to add 
this to the site's .include file (/etc/httpd/conf/vhosts/siteX.include)



AllowOverride All
Options All


Do `ls -l /home/sites | grep www.yourdomain.com` to get the 
corresponding numbers for XXX and Y.


You could further limit the AllowOverride and Options directives you 
need, but this is what works for me since I'm the only siteadmin on my 
vhosts.


After this, you'll need to restart apache to put it into effect: 
`systemctl restart httpd`


Then you should be able to add rewrites (and more) in .htaccess

 - Brent

On 2019-09-24 12:15, Meaulnes Legler @ MailList wrote:

thanks Brent!

yeah I tried several .htaccess configurations, but always got the 500 
Internal Server Error error...


with your approch, /var/log/httpd/error_log reports:

/home/.sites//web/.htaccess: Options not allowed here

same with AllowOverride All, for instance.

I'm a bit scared to go into the site's Apache configuration in 
/etc/httpd/conf/vhosts...


Any other idea? I thought there is an option to click in the GUI?

Thank you and best regards

(ツ) Meaulnes Legler
Zurich, Switzerland.
+41¦0 44 260-1660

On 24.09.19 17:49, Brent Epp wrote:
You can achieve this quite simply with an .htaccess in the document 
root:


Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This requires mod_rewrite for Apache, which I believe is standard 
with BlueOnyx.


 - Brent

On 2019-09-24 06:14, Meaulnes Legler @ MailList wrote:

hello

the Let's Encrypt feature is really cool and simple, 
https://mysite.tld comes up right away.


what I'm missing is the automatic redirect from http:// to 
https://... If one enters http://mysite.tld it stays in the insecure 
protocol instead of changing to https://mysite.tld


how can I achieve this?

Thank you and best regards

(ツ) Meaulnes Legler
Zurich, Switzerland.
+41¦0 44 260-1660




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23262] Re: redirect to https

2019-09-24 Thread Brent Epp 

You can achieve this quite simply with an .htaccess in the document root:

Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This requires mod_rewrite for Apache, which I believe is standard with 
BlueOnyx.


 - Brent

On 2019-09-24 06:14, Meaulnes Legler @ MailList wrote:

hello

the Let's Encrypt feature is really cool and simple, 
https://mysite.tld comes up right away.


what I'm missing is the automatic redirect from http:// to https://... 
If one enters http://mysite.tld it stays in the insecure protocol 
instead of changing to https://mysite.tld


how can I achieve this?

Thank you and best regards

(ツ) Meaulnes Legler
Zurich, Switzerland.
+41¦0 44 260-1660




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23252] Re: 5209R related: CentOS 7.7 has been released

2019-09-18 Thread Brent Epp 

I allowed the auto-update to run today at 10 CST.  So far, so good!

Thanks all!

 - Brent

On 2019-09-18 05:19, Dirk Estenfeld wrote:

Hello,

I agree with Michael. We have quite a high number of 5209R servers and most
of them did an update this morning at 6am. So far no problems have been
noticed. Only servers with too little HDD memory needed a little attention
to get the update done.

Best regards,
Dirk


---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel


-Ursprüngliche Nachricht-
Von: Blueonyx  Im Auftrag von Michael
Stauber
Gesendet: Mittwoch, 18. September 2019 02:40
An: blueonyx@mail.blueonyx.it
Betreff: [BlueOnyx:23233] Re: 5209R related: CentOS 7.7 has been released

Hi Brent,


We haven't made any outside-the-box changes as far as I'm aware, but
I'm considering disabling for now and running it manually tomorrow
morning from the GUI so I can have a fresh coffee boost to deal with
any problems that arise.

I've updated around 20 different BlueOnyx 5209R today. All of them had some
form or other of software from the shop installed. Or - in three cases -
something I had installed myself. Only my own DNS servers (running an older
version of PDNS) had issues afterwards, as the installed PDNS exhibited
problems with CentOS 7.7.

Richard had issues with his MariaDB 10.4 from the shop after the YUM
updates. I could fix it for him, but was unable to replicate the problem
when I updated my own MariaDB 10.4 test box to CentOS 7.7.

So all in all I'd still consider these updates fairly smooth compared to
some other updates we've had in the past.

Yet: It's a big update and it would be best to run it from the command line
via "yum clean all" followed by "yum update". That way you're able to see
what goes on and if it throws any unusual messages during the installation
of the updates.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23235] Re: 5209R related: CentOS 7.7 has been released

2019-09-17 Thread Brent Epp 

Hi Michael,

Thanks for the info.  Is there any major difference between running the 
`yum` commands in the shell and just running the update from the GUI 
while tailing the yum log?


 - Brent

On 2019-09-17 19:40, Michael Stauber wrote:

Hi Brent,


We haven't made any outside-the-box changes as far as I'm aware, but I'm
considering disabling for now and running it manually tomorrow morning
from the GUI so I can have a fresh coffee boost to deal with any
problems that arise.

I've updated around 20 different BlueOnyx 5209R today. All of them had
some form or other of software from the shop installed. Or - in three
cases - something I had installed myself. Only my own DNS servers
(running an older version of PDNS) had issues afterwards, as the
installed PDNS exhibited problems with CentOS 7.7.

Richard had issues with his MariaDB 10.4 from the shop after the YUM
updates. I could fix it for him, but was unable to replicate the problem
when I updated my own MariaDB 10.4 test box to CentOS 7.7.

So all in all I'd still consider these updates fairly smooth compared to
some other updates we've had in the past.

Yet: It's a big update and it would be best to run it from the command
line via "yum clean all" followed by "yum update". That way you're able
to see what goes on and if it throws any unusual messages during the
installation of the updates.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23231] Re: 5209R related: CentOS 7.7 has been released

2019-09-17 Thread Brent Epp 
I'm thinking the same thing.  Our updates are set to install tomorrow at 
6am CST.  Rather early for me :)


We haven't made any outside-the-box changes as far as I'm aware, but I'm 
considering disabling for now and running it manually tomorrow morning 
from the GUI so I can have a fresh coffee boost to deal with any 
problems that arise.


 - Brent

On 2019-09-17 13:37, Adam Lepp wrote:

Chris,
Should I be confident that it's prudent to update my (Virtbiz) server?
I just checked for updates and there are 313 available! I'd just as soon run 
them now.
I don't want to wake up tomorrow with any surprises, nor do I want your team 
burdened with unpleasantries from myself and others. Please advise.

-Original Message-
From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Chris 
Gebhardt - VIRTBIZ Internet
Sent: Tuesday, September 17, 2019 2:09 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23220] Re: 5209R related: CentOS 7.7 has been released


On 9/17/2019 12:54 PM, Richard Barker wrote:

This is all I see

Sep 17 12:16:53 spottedbass cce_construct: Unit mysqld.service could
not be found.
Sep 17 12:37:43 spottedbass cce_construct: Unit mysqld.service could
not be found.


What's the status of  systemctl status mariadb?

--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated www.virtbiz.com | toll-free (866) 4 
VIRTBIZ

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23205] proftpd won't start on 5209R

2019-09-13 Thread Brent Epp 

Greetings,

I seem to be having trouble with FTP on 5209R:

$ ftp
ftp> op
(to) 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
421 Service not available, remote server has closed connection
ftp>

# systemctl status xinetd
● xinetd.service - Xinetd A Powerful Replacement For Inetd
   Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; 
vendor preset: enabled)

   Active: active (running) since Fri 2019-09-13 10:11:34 CDT; 13min ago
  Process: 6514 ExecStart=/usr/sbin/xinetd -stayalive -pidfile 
/var/run/xinetd.pid $EXTRAOPTIONS (code=exited, status=0/SUCCESS)

 Main PID: 6515 (xinetd)
   CGroup: /system.slice/xinetd.service
   └─6515 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid

Sep 13 10:11:58 *[redacted]* xinetd[6515]: EXIT: ftp status=0 pid=6524 
duration=0(sec)
Sep 13 10:15:02 *[redacted]* xinetd[6515]: START: ftp pid=7038 
from=:::127.0.0.1
Sep 13 10:15:02 *[redacted]* xinetd[6515]: EXIT: ftp status=0 pid=7038 
duration=0(sec)
Sep 13 10:21:20 *[redacted]* xinetd[6515]: START: ftp pid=7454 
from=:::*[red.act.te.d]*
Sep 13 10:21:20 *[redacted]* xinetd[7454]: warning: can't get client 
address: Connection reset by peer
Sep 13 10:21:20 *[redacted]* xinetd[6515]: EXIT: ftp status=0 pid=7454 
duration=0(sec)
Sep 13 10:22:59 *[redacted]* xinetd[6515]: START: ftp pid=7541 
from=:::*[red.act.te.d]*
Sep 13 10:22:59 *[redacted]* xinetd[6515]: EXIT: ftp status=0 pid=7541 
duration=0(sec)
Sep 13 10:23:07 *[redacted]* xinetd[6515]: START: ftp pid=7551 
from=:::127.0.0.1
Sep 13 10:23:07 *[redacted]* xinetd[6515]: EXIT: ftp status=0 pid=7551 
duration=0(sec)



FTP is enabled in the GUI, but the daemon won't start. I've tried 
restarting xinetd to no avail.  We haven't changed anything from the 
default proftpd configuration as far as I'm aware.


How do I get this up and running?

 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23179] Re: LE auto-renewals still failing

2019-09-04 Thread Brent Epp 

Thanks, I looked into that now:

$ grep letsencrypt.cron /var/log/cron
Sep  2 03:13:13 one run-parts(/etc/cron.daily)[15199]: starting 
letsencrypt.cron
Sep  2 03:13:13 one run-parts(/etc/cron.daily)[15747]: finished 
letsencrypt.cron
Sep  3 03:19:14 one run-parts(/etc/cron.daily)[9936]: starting 
letsencrypt.cron
Sep  3 03:19:15 one run-parts(/etc/cron.daily)[10466]: finished 
letsencrypt.cron
Sep  4 03:13:13 one run-parts(/etc/cron.daily)[21800]: starting 
letsencrypt.cron
Sep  4 03:13:13 one run-parts(/etc/cron.daily)[22321]: finished 
letsencrypt.cron


This repeats down to August 19th (furthest back I have cron logs for 
this entry)


So, it doesn't look like cron or the daily scripts are the culprit.

 - Brent

On 2019-09-03 17:37, Greg Kuhnert wrote:

I found one trap a while back. This cron job is in cron.daily … If you have 
another cron job that is daily that hangs, the system will stop running other 
daily jobs till that one is fixed. Check any stuck cron jobs - that might be a 
possible cause.


GK


On 4 Sep 2019, at 8:01 am, Michael Stauber  wrote:

Hi Brent,


I had a site fail auto-renewal today. Renewed by hand through the BX GUI
and worked fine.

The only relevant entries in the LE logs were from the initial cert
generation/lease and the manual renew I just performed.

If it the cert was expired it would mean that the daily cronjob would
have tried to renew it daily - for the last 30 days. Or possibly crond
didn't run or one of the CODB flags that would include that cert in the
renewal run wasn't set. Hard to say after the fact.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23176] LE auto-renewals still failing

2019-09-03 Thread Brent Epp 
I had a site fail auto-renewal today. Renewed by hand through the BX GUI 
and worked fine.


The only relevant entries in the LE logs were from the initial cert 
generation/lease and the manual renew I just performed.


 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23112] Re: LetsEncrypt Auto Update Failed

2019-08-12 Thread Brent Epp 
Can confirm, we had some auto-renew failures a few weeks ago as well.  
Did the same thing: went through the BX GUI and it updated no problem.


Some of our vsites fail with auto-renew, some don't.  I've gone through 
each vsite and ensured that `DOCROOT/.well-known` is publicly accessible 
over a non-SSL connection and not blocked by a server or application config.


I can't find the common factor.

 - Brent

On 2019-08-12 16:08, Philip Hamer wrote:

Good evening.

One of my hosts threw an error during an automatic Lets Encrypt SSL 
update.

I tried a manual update via the GUI and it still would not update.
I re-booted the server (thinking this might fix things) then the site 
showed an NGINX error for the site.

Yikes.

I went back into the GUI, selected the site in question then went to SSL.
Selected the LetsEncrypt tab.
Under SSL Domain Aliases I clicked Remove All.
Ticked Request Or Renew Certificate.
Clicked Save
Waited and it updated.

The site came back to life.
Quick check on Chrome gave me the padlock back and the correct expiry 
date.


This was the first time fail for me for an LE certificate update.
Auto updates have always worked.

The above may be useful to someone for a quick fix if it happens to you.


Kind Regards,


PHILIP HAMER
PW Maintenance
https://www.warmairheaters.com


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23103] Re: Disable webalizer and stats collection

2019-08-12 Thread Brent Epp 

Hi Michael,

I saw that, but I figured I'd ask if it can be disabled first.  I don't 
necessary want to shorten the server logs retention, but I'll reduce and 
purge the stats, thanks.


Is there something I could do in the shell to disable the stats?

 - Brent

On 2019-08-12 11:26, Michael Stauber wrote:

Hi Brent,


Is there a way to disable the webalizer and stats collection server-wide?

We always Google Analytics for any stats our clients need and the BX
stats tracking just consumes disk space and causes quota errors.

No, at this time that's not possible, sorry. But you can go to "Server
Management" / "System Settings" / "Data Retention" and can set the
"Server Logfile Retention" and "Vsite Usage Information" to much shorter
intervals. Anything older than that will then be automatically deleted.
It also has checkboxes with which you can purge all existing stats one
by one.



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23099] Disable webalizer and stats collection

2019-08-12 Thread Brent Epp 

Is there a way to disable the webalizer and stats collection server-wide?

We always Google Analytics for any stats our clients need and the BX 
stats tracking just consumes disk space and causes quota errors.


 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22858] Re: automatic Let's Encrypt Renewal was did not happen

2019-04-29 Thread Brent Epp 

I think Dirk might be onto something here.

We had three certs up for renewal last week, all of which were all 
subdomains.  They all failed to renew automatically and had to be done 
by hand in the GUI.  A cert expiring today was renewed successfully 
*without* our intervention, but it was a plain www domain.


For informational / troubleshooting purposes:

The www domain is configured as:
 - host name 'www'
 - domain name 'whatever-domain.com'
 - includes two domain aliases
 - 'Web Alias Redirects' is OFF
 - domain and aliases renewed SSL without error

The subdomains that failed last week:
 - host name is 'whatever-subdomain'
 - domain name is 'whatever-domain.com'
 - is a full vsite (ie.: not using the subdomain feature on an existing 
vsite)

 - has no domain aliases


Thanks
 - Brent

On 2019-04-27 13:54, Dirk Estenfeld wrote:

Hello,

maybe another issue.
Today there was an automatic renewal of a let's encrypt certificate.
But the renew was only for domain.tld not for www.domain.tld
I had manually renew the certificate again to get a le certificate with domain 
and www.domain.
Maybe an issue in the renew script?

Best regards,
Dirk

---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel

-Ursprüngliche Nachricht-
Von: Blueonyx  Im Auftrag von Brent Epp
Gesendet: Donnerstag, 25. April 2019 14:37
An: BlueOnyx General Mailing List 
Betreff: [BlueOnyx:22844] Re: automatic Let's Encrypt Renewal was did not happen

Our renewals scheduled for today also did not run.

I can confirm same thing as Colin here: the entries in the LE log suggest that 
certs were only renewed when we performed the renewals by hand in the GUI.

   - Brent

On 2019-04-25 05:55, Colin Jack wrote:

Hi Dirk,

On 25/04/2019, 11:07, "Blueonyx on behalf of Dirk Estenfeld" 
 wrote:

  Hello,
  
  today a customer resported that a let's encrypt certificate was not renewed

  automatically. The certificate was outdated today.

We had the same today ... renewed through the GUI fine but automatic had failed.

LE log suggests the cron job didn't run - only entry in log is from GUI 
renewal, but cron log shows acmesh running every day.

Colin
   



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22844] Re: automatic Let's Encrypt Renewal was did not happen

2019-04-25 Thread Brent Epp 

Our renewals scheduled for today also did not run.

I can confirm same thing as Colin here: the entries in the LE log 
suggest that certs were only renewed when we performed the renewals by 
hand in the GUI.


 - Brent

On 2019-04-25 05:55, Colin Jack wrote:

Hi Dirk,

On 25/04/2019, 11:07, "Blueonyx on behalf of Dirk Estenfeld" 
 wrote:

 Hello,
 
 today a customer resported that a let's encrypt certificate was not renewed

 automatically. The certificate was outdated today.

We had the same today ... renewed through the GUI fine but automatic had failed.

LE log suggests the cron job didn't run - only entry in log is from GUI 
renewal, but cron log shows acmesh running every day.

Colin
  



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22828] Letsencrypt update schedule

2019-04-18 Thread Brent Epp 

Michael,

Can you confirm how soon LE certs are updated before they expire? Is it 
on the day-of or earlier than that?


Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22805] Re: java script error after wrong login to blueonyx backend

2019-04-08 Thread Brent Epp 
This error message actually appears on load.  In any case, it doesn't 
appear to have any functional effect on the login form.


 - Brent

On 2019-04-08 04:15, Dirk Estenfeld wrote:

Hello,

there is a java script error if someone login with wrong credentials to the
blueonyx backend (port 444 and 81)

Error parsing a meta element's content: ';' is not a valid key-value pair
separator. Please use ',' instead.
adminica_all-min.js:1 Uncaught TypeError: $(...).validate is not a function
 at adminicaWizard (adminica_all-min.js:1)
 at HTMLDocument. (adminica_all-min.js:1)
 at d (plugins-min.js:1)
 at Object.fireWith (plugins-min.js:1)
 at Function.ready (plugins-min.js:1)
 at HTMLDocument.k (plugins-min.js:1)
adminicaWizard @ adminica_all-min.js:1
(anonymous) @ adminica_all-min.js:1
d @ plugins-min.js:1
fireWith @ plugins-min.js:1
ready @ plugins-min.js:1
k @ plugins-min.js:1


maybe you can check and fix this?

Best regards,
Dirk
---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22771] Re: Need help with increasing PHP memory limit

2019-03-15 Thread Brent Epp 
Assuming you're not digging into the source code, you can set the memory 
limit in the BlueOnyx admin: Site Management > [edit vsite] > Services > PHP


 - Brent

On 2019-03-15 15:03, Brian TerBeek wrote:
I installed concrete5 and made it to the testing environment, 
Everything passes the test except the Memory Limit


Require items shows Memory limit of 64 MB, however the ? says that I 
need to increase to as it claim that it only has 16 MB and to increase 
the limit using ini_set





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22665] LE certs renewing prematurely?

2019-02-01 Thread Brent Epp 
We had a number a certs that with renewal schedules that varied quite a 
bit, based on when they were initially setup (eg.: we had a cert 
expiring Feb 5, one on Apr 2, and numerous other certs on various dates 
in between).  We decided to leave these staggered to avoid running into 
any potential issues with LE rate limits.


I noticed today that the renewal dates are nearly all synced up, 
differing by only a few seconds each.  Was this intentional?


Thanks
 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22654] LE autorenew still in /etc/cron.daily

2019-01-29 Thread Brent Epp 
I received an email notice from my server that a couple of SSL renewals 
had failed.  I just checked, the certs are renewed and good.  I think 
the email originated from the old LE renewal script, which I see is 
still present in /etc/cron.daily


Does the old LE script need to be deactivated or removed?

 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22648] Re: 5207R/5208R/5209R: Let's Encrypt / ACME related updates released

2019-01-29 Thread Brent Epp 

Hi Michael,

Thanks for the great work here.  We just happened to have a renewal 
scheduled for today and it went off without a hitch.


Just one tiny little thing I noticed: there's a .well-known directory 
inside the site's document root.  Should this still be here?


 - Brent

On 2019-01-27 16:58, Michael Stauber wrote:

Hi all,

I just published the next set of updates dealing with our "Let's
Encrypt" debacle and the transition from CertBot to ACME.

The following issues were reported or observed and have now been dealt with:

1.) Failure to issue/renew certs if the cert includes aliases:
===

This is a long standing issue that we also had with CertBot and before
we switched to ACME. Yet ACME added another complication, which made the
issue more obvious.

If you request a cert for www.domain.com the validation is simple. The
LE client (CertBot or ACME) creates two nested subdirectories and a
textfile with a validation code: /.well-known/acme-challenge/

It then contacts the LE-API and they call the URL up, fetch the
validation file and check if it matches the expected result.

This usually works. Now throw in "Web Aliases" and it gets more
complicated. Say you request for www.domain.com, domain.com,
sub1.domain.com and sub2.domain.com.

This means that separate validation files for the FQDN and *all* aliases
are created and are polled by the API. If one of the aliases fails to
get verified, the whole issuing procedure for the LE certificate fails.

There can be several reasons why the validation would fail:

- Vsite has "Web Alias Redirects" (to FQDN) ticked.
- .htaccess uses mod_rewrite, caching, proxing or forwarding
- DNS A record for one of the Aliases is wrong or missing
- Webserver does any kind of redirection.
- Webserver does some kind of proxying. Some work, some don't.

This list is not exclusive.

The most common issues are "Web Alias Redirects" is ticked or some other
kind of redirection.

Solution:
--

If you now request an LE certificate *with* aliases and have "Web Alias
Redirects" ticked for that Vsite, then the handler le_install.pl will
deactivate that feature automatically before it does the API call for
the verification from the outside.

The second really common issue are frigging .htaccess files with all
kind of redirects. Like forced redirects to https://www.domain.com/,
weird mod_rewrite rules and what not. And neither you or I have much
control over what a siteAdmin will put into his .htaccess files once you
allow them to use them in first place. Support wise that's a nightmare.
We really can't get those users educated not to do that shit, even if we
tried. And yes, it's possible to code .htaccess files that ignore
/.well-known/acme-challenge/, but again: People just won't do it,
because 95% of all people that use .htaccess have no friggin' clue what
they do there because they've just copied and pasted something they
found via Google. :p


Solution:
--

I added /etc/httpd/conf.d/acme_sh.conf which contains this:

---
Alias /.well-known/acme-challenge/ /home/.acme/

 Options FollowSymLinks
 AllowOverride None
 ForceType text/plain
 RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
 order allow,deny
 allow from all
 = 2.4>
 Require all granted
 
 
 order allow,deny
 allow from all
 

---

Means:

Every time an URL like http(s):///.well-known/acme-challenge/
is called on your server, then it will not be answered out of the
webspace of the Vsite in question.

Instead this new Apache Alias now points that request to /home/.acme/
instead. It either returns the Let's Encrypt validation file or triggers
a 404 error. Attempts of directory listing are denied and trigger a 403
error instead.

That way we bypass the whole .htaccess related shenanigans on all Let's
Encrypt related checks.


2.) Logging of ACME transactions:
=

All ACME transactions by GUI or cronjob (issue, re-issue or renewal) are
now again properly logged (with --debug set to generate sufficient
details) to /var/log/letsencrypt/letsencrypt.log

If a renewal or cert-issuing fails, check that logfile and it will tell
you in great detail what went wrong where.

Once I have a sufficiently large base of potential failure messages I'll
update base-ssl again so that the GUI can show you just the relevant
bits of the error report. At this time I tries to show you all of it,
for which simply isn't enough space in the red error-thingy.


3.) ACME issues on EL6 (5207R/5208R):
==

On EL6 the /.well-known/acme-challenge/ verification files were
created with "640" permissions, which proved to be insufficient to make
them accessible from the outside. In the first release of
blueonyx-

[BlueOnyx:22619] Re: Updates overwrote root cron job file?

2019-01-24 Thread Brent Epp 
I noticed the same thing.  I symlinked my script in /etc/cron.weekly 
instead.


 - Brent

On 2019-01-24 08:08, Robert Fitzpatrick wrote:
I found the /var/spool/cron/root file updated last night and it 
removed a job I had defined in the file. Would that be through 
updates? If so, what is the best way to setup custom cron jobs?


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22599] Letsencrypt auto-renew failures in 5209R

2019-01-21 Thread Brent Epp 

Hello,

We've been seeing consistent SSL auto-renew failures with some of our 
vsites on 5209R.  There are no entries for the sites with expired certs 
in the letsencrypt log or any of the archived logs, so it appears that 
the attempt is not even being made for these sites.  When renewed by 
hand in the BX GUI, the sites renew without error.


It's worth noting that we've purchased the PHP upgrade package and run 
5.6.36.  I also see a line in the SSL auto-renew script that suggests it 
may rely on a certain version of PHP for determining the renewal date.  
Could there be bug or conflict here?


 - Brent
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22334] Re: 5209R "Owner" field in vsite list is wrong and/or unclear

2018-08-15 Thread Brent Epp 

Oh, I see.  That makes sense.

Thanks
 - Brent

At 2018-08-15 09:24, Dirk Estenfeld wrote:

Content-Language: de-DE
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=2.16.840.1.101.3.4.2.1;
boundary="=_NextPart_000_01B7_01D434B4.72F76300"

Hello Brent,

you might be confusing something here. There is the server admin (admin
owner of the complete website) and the FTP/SSH / web server user of a
website. The selected owner under General Settings is the Server Admin to
which the page is assigned. This allows you to set up access for customers
who can create and manage websites themselves within certain ressources. By
default all sites will be managed by admin.
Under web owner in services menue of a site, set the site admin who owns the
page. This is important for the transfer of data via SSH/(S)FTP(S) and under
which user the web server (at suphp or mod_ruid) runs. The sites and folders
in web belongs to the siteadmin you select in web ownership.

Best regards,
Dirk

---

blackpoint GmbH ­ Friedberger Straße 106b ­ 61118 Bad Vilbel


-Ursprüngliche Nachricht-
Von: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von
Brent Epp
Gesendet: Mittwoch, 15. August 2018 14:50
An: BlueOnyx General Mailing List 
Betreff: [BlueOnyx:22332] 5209R "Owner" field in vsite list is wrong and/or
unclear

Good Morning,

The "Owner" field in the vsite list does not appear to be
correct.  All of my sites just say "admin" in the list, but they are
all owned either by "nobody" or a given siteadmin.

Shouldn't this field reflect the selected user in Services > Web Ownership?

  - Brent

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22332] 5209R "Owner" field in vsite list is wrong and/or unclear

2018-08-15 Thread Brent Epp 

Good Morning,

The "Owner" field in the vsite list does not appear to be 
correct.  All of my sites just say "admin" in the list, but they are 
all owned either by "nobody" or a given siteadmin.


Shouldn't this field reflect the selected user in Services > Web Ownership?

 - Brent

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22285] Re: vsite leads to login

2018-07-25 Thread Brent Epp 

So, I just encountered this myself while setting up a site.

I don't know if it applies to your situation, but 
the problem for me that there was an SSL redirect 
(rewrite) in the site's .htaccess file while 
there was no valid cert setup for the domain.


 - Brent

At 2018-07-24 12:35, Robert Fitzpatrick wrote:
Yes, mine looks the same and get same result with 
or without rediects set. The conf file looks good:



ServerName www.example.com
ServerAlias example.com
ServerAdmin admin
DocumentRoot /home/.sites/39/site9/web
ErrorDocument 401 /error/401-authorization.html
ErrorDocument 403 /error/403-forbidden.html
ErrorDocument 404 /error/404-file-not-found.html
ErrorDocument 500 /error/500-internal-server-error.html
RewriteEngine on
RewriteCond %{HTTP_HOST}!^216.139.202.15(:80)?$
RewriteCond %{HTTP_HOST}!^www.example.com(:80)?$ [NC]

RewriteRule ^/(.*)  http://www.example.com/$1 [L,R=301]
RewriteOptions inherit


On Tue, Jul 24, 2018 at 1:10 PM, Brent Epp  wrote:
Do you have this as your host/domain/alias setup?

I use:

 Host Name: www
 Domain Name: mydomain.com
 Web Alias Redirects: [checked]
 Alias: mydomain.com

No login redirect problems.

Short of that, root into the shell and check the 
ServerAlias line in the site file /etc/httpd/conf/vhosts/siteXX


 - Brent

At 2018-07-24 11:44, Robert Fitzpatrick wrote:
I have one site on a 5209R server that keeps leading to the admserv port 444:

<http://www.example.com/>http://www.example.com/Â 
->Â  http://www.example.com:444/


I have cleared aliases and web alias redirect 
settings, saved and re-entered. Same result with 
or without the setting. I have restarted httpd, 
admserv and named-chroot although we do not host 
DNS for this domain. I did check DNS queries from 
the server and resolving the correct IP. The 
server has one IP and all vsites use another on 
this server. All other sites are working well. It 
also had LE SSL setup, but I have that disabled for now.


It definitely appears the server does not 
recognize and wants to pull up the GUI. What else 
can I check to resolve this issue?


--Â
Robert

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22282] Re: vsite leads to login

2018-07-24 Thread Brent Epp 

Do you have this as your host/domain/alias setup?

I use:

 Host Name: www
 Domain Name: mydomain.com
 Web Alias Redirects: [checked]
 Alias: mydomain.com

No login redirect problems.

Short of that, root into the shell and check the 
ServerAlias line in the site file /etc/httpd/conf/vhosts/siteXX


 - Brent

At 2018-07-24 11:44, Robert Fitzpatrick wrote:

I have one site on a 5209R server that keeps leading to the admserv port 444:

http://www.example.com/Â 
->Â  http://www.example.com:444/


I have cleared aliases and web alias redirect 
settings, saved and re-entered. Same result with 
or without the setting. I have restarted httpd, 
admserv and named-chroot although we do not host 
DNS for this domain. I did check DNS queries 
from the server and resolving the correct IP. 
The server has one IP and all vsites use another 
on this server. All other sites are working 
well. It also had LE SSL setup, but I have that disabled for now.


It definitely appears the server does not 
recognize and wants to pull up the GUI. What 
else can I check to resolve this issue?


--Â
Robert

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22206] Re: RAM limit?

2018-07-06 Thread Brent Epp 
Thanks, I really couldn't come up with a reason 
that would be case.  Just needed a little myth busting.


 - Brent

At 2018-07-06 10:00, Chris Gebhardt - VIRTBIZ Internet wrote:
Hi Brent, On 7/6/2018 9:34 AM, Brent Epp 
wrote: > It has been suggested to me that 
BlueOnyx may only effectively be able > to use 
8GB of RAM.  Is there any reason I shouldn't 
expect it to be able > to fully use 32GB or more 
like any other 64-bit OS? I'm not sure who would 
make that statement, but it's laughably untrue. 
BlueOnyx 5208R is RHEL6.  BlueOnyx 5209R is 
RHEL7. 
https://access.redhat.com/articles/rhel-limits 
12TB > 32GB. -- Chris Gebhardt VIRTBIZ Internet 
Services Access, Web Hosting, Colocation, 
Dedicated www.virtbiz.com | toll-free (866) 4 
VIRTBIZ 
___ 
Blueonyx mailing list Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx 



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22204] RAM limit?

2018-07-06 Thread Brent Epp 
It has been suggested to me that BlueOnyx may only effectively be 
able to use 8GB of RAM.  Is there any reason I shouldn't expect it to 
be able to fully use 32GB or more like any other 64-bit OS?


 - Brent

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22151] Re: Disabling non-SSL access to admin GUI

2018-06-07 Thread Brent Epp 

Ha!  Now I feel silly, should've looked there first.  Thanks

 - Brent

At 2018-06-07 12:11, Chris Gebhardt - VIRTBIZ Internet wrote:


On 6/7/2018 11:37 AM, Brent Epp wrote:
What's the correct way to configure the admserv to only allow SSL 
access to the BlueOnyx GUI?


Navigate to Server Management > Maintenance > Server Desktop.

On GUI access protocols, select "HTTPS only".

Pro-tip: select "Redirect to Server-Name" to ensure that the browser 
will not get a certificate name mismatch.


HTH!

--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22144] Disabling non-SSL access to admin GUI

2018-06-07 Thread Brent Epp 
What's the correct way to configure the admserv to only allow SSL 
access to the BlueOnyx GUI?


 - Brent

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22099] Re: Question about package purchases from BlueOnyx shop

2018-05-22 Thread Brent Epp 

Hi Michael,

That was quick!

Thanks, that clears things up.

 - Brent

At 2018-05-22 14:04, Michael Stauber wrote:
Hi Brent, > If I purchase the PHP package (for 
multiple versions on 5209R), is that > package 
tied to the specific box on which it's 
installed?  Or can be > used on other boxes as well?


One purchase is for one instance of install. So 
after a purchase you can link the purchased 
product(s) to a particular BlueOnyx and can use 
them there. However: The installs remain 
transferable. Means: Once you uninstall and 
unlink the purchase you can use it on another 
server instead. Just not on two at the same 
time. However: If you purchase two or more 
instances of the same items you already get 
pretty good discounts starting with the 2nd 
item. The PHP purchase for 5209R gives you 
access for to all PHP versions between PHP-5.3 
and 7.2 and you can install all of them at the 
same time and can decide which Vsite uses what 
version of PHP. If you purchase PHP with a one 
year subscription, then you also get all PHP 
updates that are released within that period. 
You can even have the GUI update PHP 
automatically if you wish. In general this is a 
pretty good investment as the amount of time 
that goes into providing maintained updates for 
all these PHP versions (and their tight 
integration into the BlueOnyx architecture) is 
hard to replicate on a manual level. FWIW: We 
also offer access to software bundles from the 
shop via a monthly subscription basis. These 
subscriptions can be canceled at any time and 
the overall costs of renting versus outright 
purchase is also quite favorable. -- With best 
regards Michael Stauber 
___ 
Blueonyx mailing list Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22096] Question about package purchases from BlueOnyx shop

2018-05-22 Thread Brent Epp 
If I purchase the PHP package (for multiple versions on 5209R), is 
that package tied to the specific box on which it's installed?  Or 
can be used on other boxes as well?


Thanks
 - Brent

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx