Archive for the ‘Plesk for Linux’ Category

Upgrading Plesk

Wednesday, March 1st, 2006

Since Plesk Reloaded version 7.5.3, one can disable the quotacheck for the upgrade procedure, which will increase the speed of the upgrade.

As per the documentation:

If PLESK_QUOTACHECK_OFF environment variable is not empty then quotacheck will be skipped during Plesk installation.

Plesk 7.5.4, MySQL 4.1.x and PHP 4.x.x

Wednesday, December 21st, 2005

Although it seems that Plesk 7.5.4 for Unix/Linux is almost compatible with MySQL 4.1.x, there is one problem with the PHP 4.x.x series, that still uses the old MySQL 3.23.x libraries to interface to MySQL. If you have the above scenario on your server you have to set MySQL 4.1.x to use the old password format or you will receive an error along the lines of:

Error (1251) : Client does not support authentication protocol requested by
server; consider upgrading MySQL client.

Adding the entry below to the [mysqld] section of your /etc/my.cnf file solves the problem:

old_passwords=1

Moving tomcat4 logging on Plesk

Monday, August 8th, 2005

To add logging on a Plesk-Tomcat 4 server, to a domain name, add the following code to the server.xml file.

<logger className="org.apache.catalina.logger.FileLogger" directory="/home/httpd/vhosts/mydomain.com/tomcat4" suffix=".log" timestamp="true"/>

Make sure that the /home/httpd/vhosts/mydomain.com/tomcat4 directory have the following permissions:

drwxrwxr-x 2 root tomcat4 4096 Aug 8 17:35 tomcat4

(24) Too many open files (errno: 24)

Monday, June 13th, 2005

When attempting to start apache, I received some errors indicating that I hav reached the maximum number of open files.

[error] System: Too many open files (errno: 24)

This is caused by apache and RedHat setting their open file limits too low. Be forwarned, an older system could see a serious degredation in performance by setting these limits too high. To correct this you will need to do the following:

Edit /etc/sysctl.conf. Add a new line with: fs.file-max = 8192 (The default is 1024) The change to the /etc/sysctl.conf will make the setting persistant over reboots.

To immediately increase the number of open files, use ulimit -n 8192.

To view all the current ulimit‘s. you my run: ulimit -a.

Securing /tmp directory

Saturday, April 9th, 2005

If you are renting a server then chances are everything is lumped in / and a small amount partitioned for /boot and some for swap. With this current setup, you have no room for making more partitions unless you have a second hard-drive. Following the method descriped below, you will learn how to create a secure /tmp partition even while your server is already up and running.

Recently, I found out it would be worthwhile to give /tmp it’s own partition and mount it using noexec. This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

What we are doing it creating a file that we will use to mount at /tmp. So log into ssh and su to root so we may begin!

In your /dev directory create an empty 250MB file. You may need more space on a busier system. To increase the size of the empty file make the count parameter larger.

cd /dev
dd if=/dev/zero of=tmppart bs=1024 count=250000

We will now create an ext3 filesystem for in our tmppart file. If it asks you if you want to proceed, since the destination is not a block device, say yes (y).

/sbin/mkfs.ext3 /dev/tmppart

Backup your /tmp diretory since you may have files in there that is needed by certain programs. Some programs may use it to store cache files or other temporary information.

cd /
cp -R /tmp /tmp_backup

Now, mount the new /tmp filesystem with noexec, nosuid and rw options, and set the correct permissions on the new partition:

mount -o loop,noexec,nosuid,rw /dev/tmppart /tmp
chmod 1777 /tmp

Restore the old /tmp data and remove backup directory:

cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup

We now need to add this to /etc/fstab so it mounts automatically on reboots. Add the following line to your /etc/fstab file.

/dev/tmppart /tmp ext3 loop,noexec,nosuid,rw 0 0

You are done! /tmp is now mounted as noexec, nosuid and rw. You can sleep a little bit safer tonight.

To test the setup, you may copy an executable to the /tmp directory and then try and execute it. It should fail with a Permission denied error message.

Running Plesk on Port 443

Saturday, March 5th, 2005

By default Plesk is installed to run on port 8443. Some companies have very restrictive firewalls, which might lead to clients not being able to access the Plesk control panel. I have found that most companies will happily allow a connection on port 443, the standard port for SSL connection. Luckily you can configure Plesk to listen on a second IP address for connections to port 443.

This method describled below has been tested on Plesk for Linux version 6.0.x, 7.1.x and Plesk for Windows version 7.5.x.

Step 1: Add a secondary IP address to your server. The way to do this depends on the OS and is left as an excercise to the reader. We assume that our secondary IP address is: 10.0.0.1
Step 2: Edit the httpsd.conf file. In this file add the following entry: Listen 10.0.0.1:443.
Step 3: If on Linux, edit the ssl.conf file, to only Listen on the the main IP address’s SSL port.
Step 4: Restart the Plesk control panel
Step 5: Test the setup, by connecting to: https://10.0.0.1/

If everything was done properly the Plesk control panel will now be running on port 443.

Speeding UP SMTP on Plesk 7.1.7

Saturday, March 5th, 2005

Some clients might experience a very slow SMTP connection on a Plesk 7.1.7 server running qmail. The main reason for the delay is cuased by a Reverse DNS lookup performed on each IP address connection to the SMTP server on port 25. If your server does not have good DNS connectivity or the owner of the IP address’s DNS servers are overloaded, you may notice a delay of up to 60 seconds (the default) to be able to send mail.

I suggest that you update your /etc/xinetd.d/smtp_psa and /etc/xinetd.d/smtps_psa files.

Update the server_args key in both files, as suggested below:
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org -r bl.spamcop.net ......

You may want to replace sbl-xbl.spamhaus.org and/or bl.spamcop.net with your favourite RBL list. You may also add additional RBL entries by specifying additional -r parameters.

Upgrading phpMyAdmin on Plesk 7.1.7

Saturday, March 5th, 2005

Thanks to G.L. DATA it is now possible to upgrade the default phpMyAdmin installed in the Plesk control panel under the DB WebAdmin icon. According to G.L. DATA the upgrade will work on version 7.1.x and 7.5.x of Plesk for Linux. We have been able to confirm that it definitely does run on Plesk 7.1.7 for Linux.

For more information see G.L. DATA Plesk page

Plesk 7.1.6’s psadump and MySQL version

Saturday, February 12th, 2005

The psadump utility that is shipped with Plesk 7.1.6, expect the version number of the MySQL server to always be in the format x.x.x, where x is a digit. We have however had cases where the MySQL version was x.x.xX, where x is a digit and X is a letter. Below is a hack on the regex to make psadump work properly again.

In the {PSA_BASE_DIRECTORY}/lib/perl5/BU/PSA/Const.pm file, change:

$mysql_version_str =~ m/[Vv][Ee][Rr]\s+[0-9\.]+\s+Distrib\s+([0-9\.]+)[\s,]/;

to:

$mysql_version_str =~ m/[Vv][Ee][Rr]\s+[0-9\.]+\s+Distrib\s+([0-9\.\w]+)[\s,]/;

UPDATE:
This problem has been resolved in Plesk for Linux version 7.1.7.

Plesk 7.1.6 & rpm errors

Saturday, February 12th, 2005

RedHat Enterprise Linux 3 (RHEL3), Update 4, in certain cases breaks your Plesk 7.1.6 installation. When you attempt to login you might get the following error message:

Unable to exec utility packagemng: packagemng: Unable to open rpm db: cannot
open Packages using index db3 (-30982)

System error 2: No such file or directory

Below is my WORKAROUND for the problem, until a permanent solution can be found.

I have edited my /etc/sysconfig/rhn/up2date file so that the pkgSkipList entry reads as follows: pkgSkipList=kernel*;rpm*;.

up2date will now, no longer upgrade the rpm system.

If you have already upgraded your rpm system, you could run the following commands:

up2date --get rpm-4.2.3-10 rpm-python-4.2.3-10 rpm-build-4.2.3-10 rpm-devel-4.2.3-10 rpm-libs-4.2.3-10
cd /var/spool/up2date/
rpm -Uvh --oldpackage rpm-4.2.3-10.i386.rpm rpm-build-4.2.3-10.i386.rpm rpm-devel-4.2.3-10.i386.rpm rpm-libs-4.2.3-10.i386.rpm rpm-python-4.2.3-10.i386.rpm
rm /var/lib/rpm/__db.00*

The above commands should get you up and running with the older rpm system.

RedHat did release the updated rpm system, due to a bug, as explained by in this Errata.

Plesk backups and psadump

Wednesday, February 2nd, 2005

/usr/local/psa/bin/psadump -F -z --nostop --nostop-domain --tar-ignore-failed-read --do-not-dump-logs -f - | split -b 1000m - /backup/psa-`cat /usr/local/psa/version | cut -d ' ' -f 1`-backup-`date +%Y%m%d%H`.

Basically it does a full dump and doesn’t stop services, doesn’t switch a domain off, ignores misread files (files which are being modified whilst psadump is backing them up), doesn’t backup logfiles (waste of time/space/resources) and splits the backup into 1000MB chunks, labeling them with the Plesk version and that date and hour of the backup.

Plesk 7.1.6 and osCommerce (Application Vault)

Tuesday, February 1st, 2005

After installing osCommerce on a clients website, the osCommerce installation gave a number of errors. Searching the web and forums, let to the discovery that you have to have register_globals on and safe_mode off.

Add a vhost.conf file with the following entries:

<IfModule sapi_apache2.c>
php_admin_flag register_globals On
php_admin_flag safe_mode Off
</IfModule>

and then reconfigure the webserver:

/usr/local/psa/admin/bin/websrvmng --reconfigure-vhost --vhost-name=<domainname>

and restart the webserver:

/usr/local/psa/admin/bin/websrvmng --restart

Plesk 7.1.6 and Dr. Web Antivirus

Tuesday, February 1st, 2005

We purchased the Dr. Web Antivirus solution for 2 of our Plesk 7.1.6 installations. When we recieved the key files, we were instructed to upload the keys via the Pleskcontrol panel.

Every time we tried, Plesk informed us that the file did not contain a valid key file.

To resolve the problem, we finally installed the key file manually, by copying the key file to the /opt/drweb/drweb32.key and then restarting Dr. Web using service drwebd restart.

The above solved the problem on both, a RedHat 9 and RHEL 3 box.