S-a | Rock'n Root

Templates for Yii2 on Vesta CP for backend and frontend versions.

So, I had problems with manual editing of configs in the Vesta CP (which it constantly rewrites, when something changes or is updated), I set out to make a more or less automated solution.

It did not work very nicely, because it is necessary that the backend and the frontend look in the same folder as the subfolders. This can not be achieved only by editing templates. This can be understood by looking at their syntax, which is handled by scripts, like v-add-web-domain.

There is code on github.

The templates and the script work, based on the fact that: the frontend is here -> /home/$USER/web/$DOMAIN/public_html/frontend/web backend is here -> /home/$USER/web/$DOMAIN/public_html/backend/web

Instruction

(1)
Add the “apache2” and “nginx” directories from the githab repository (mentioned above) to /usr/local/vesta/data/templates/web/ (in CentOS / RHEL, you may need to rename “apache2” to “httpd”). Add Yii2-cconf.sh script in any, you need a place on the server.

(2)
In the Vesta control panel, you can create both domains:
example.com
backend.example.com

After that, in Vesta CP you can edit the domain settings and set the templates:
Yii2-frontend for example.com and yii2-backend for backend.example.com

(3)
In the end, you can run the yii2-cconf.sh script with the command:
( cd your-some-directory/ )
bash ./yii2-cconf.sh vestacpuser example.com

How to unlock an ip address blocked by Fail2ban

As a system administrator, it’s hard for me to imagine a quiet life without Fail2ban.

This service tracks logs of many services, such as a web server, mail server, openssh-server and so on. In case of suspicious activity (as a rule, many unsuccessful authorizations), it automatically blocks (using iptables rules) for some time the ip-address from which these authorizations were. Setting up Fail2ban is a separate topic.

In this article, let’s talk about how to unlock yourself or another user who accidentally entered an incorrect password and was blocked by Fail2ban.

1. You need to log in to ssh under another ip-address to the server as root (or under another user, with sudo rights or then execute the “su -” procedure to get root-rights).

2. To see which IP addresses are blocked, type the following command:
iptables -L -n
If the output of the command is very long, then you can do so:
iptables -L -n | less

3. Next, find the chain fail2ban-ssh (we are talking about locking on ssh, if another service, find the corresponding chain), where our IP should be:
Chain fail2ban-ssh(1 references) target prot opt source destination RETURN all - 0.0.0.0/0 0.0.0.0/0

4. To remove the IP address from the Fail2ban lock, you need to run the following command (aa.bb.cc.dd – the IP you want to unlock):
iptables -D fail2ban-ssh -s aa.bb.cc.dd -j DROP

After that, the user will be able to reconnect to the server via ssh.

How to change the address of the Vesta CP web interface to a subdomain

It is not always convenient for mail to be located at /webmail. But this configuration is in Vesta CP by default. While the developers of the panel have not done the same thing that we are going to do, this will have to be repeated with each new server installation.

So, let’s start:

1. Create a web domain in Vesta CP: mail.your-domain.com (it can be immediately configured on https using the new, built-in ability to generate ssl certificates – letsencrypt).

2. Delete the links to the roundcube and / or roundcube.inc in /etc/apache2 (in the sub-folders conf.d, sites-available, sites-enabled) and /etc/nginx (in the subfolder conf.d).

3. Edit Nginx configuration file (for simplicity, we use /home/admin – the standard user folder in vesta):

/home/admin/conf/web/nginx.conf /home/admin/conf/web/snginx.conf

replace
root /home/admin/web/your-domain/public_html;
to
root /var/lib/roundcube;

4. Edit Apache configuration file:

/home/admin/conf/web/apache.conf /home/admin/conf/web/sapache.conf

replace
DocumentRoot /home/admin/web/mail.nebulonis.com/public_html
to
DocumentRoot /var/lib/roundcube/

and add:

# Access to tinymce files
<Directory "/usr/share/tinymce/www/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>

<Directory /var/lib/roundcube/>
    Options +FollowSymLinks
    # This is needed to parse /var/lib/roundcube/.htaccess. See its
    # content before setting AllowOverride to None.
    AllowOverride All
    order allow,deny
    allow from all
</Directory>

# Protecting basic directories:
<Directory /var/lib/roundcube/config>
    Options -FollowSymLinks
    AllowOverride None
</Directory>

<Directory /var/lib/roundcube/temp>
    Options -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
</Directory>

<Directory /var/lib/roundcube/logs>
    Options -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
</Directory>

5. Let’s check the syntax:
apachectl configtest nginx -t

6. Restart:
apachectl graceful service nginx restart

7. And, finally, in the panel settings (https://your-ip-or-address:8083/edit/server/) SERVER -> CONFIGURE In the tab MAIL -> Webmail URL change to new (https://mail.your-domain.com)

Pages:‹1 2 345 6 7...13 ›