TranscendLinux.com

Edit ssl.conf:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:+EXP:+SSLv3:+TLSv1

test with:

# curl --cipher SSLv2 https://www.url.com
curl: (35) SSL: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter
# curl --cipher SSLv3 https://www.url.com
HI THIS IS MY SSL WEB PAGE ISN'T IT GREAT

dd if=/dev/zero of=swapfile bs=1M count=1024
note: replace count with the appropriate size
mkswap swapfile
swapon swapfile
edit /etc/fstab to include the appropriate entry e.g.
/root/swapfile swap swap defaults 0 0

Here is a script you can use to verify php mail is functioning... you need to change the to and from address variables appropriately.

$to_address="your@email.com";
$from_address="user@server.com";

$body="Test message";

$headers = "From: $from_address \r\n";
$headers.= "Content-Type: text/plain; charset=ISO-8859-1 ";
$headers .= "MIME-Version: 1.0 ";

for i in `mysql -B -e "show databases"|grep -v Database`; \
do for j in `mysql $i -B -e "show tables;"|grep -v Tables_`; \
do mysql $i -e "optimize table $j";done;done;

Available at http://partytime.wackyfunster.com/leet/plesk_rdns_check.sh

Checks every domain in /home/httpd/vhosts for forward lookup and reverse lookup, and outputs the results. Output may be more readable when piped into sort.

By default, vacation will not work properly with sendmail... you'll see errors such as the following:

"|/usr/bin/vacation username"
    (reason: Service unavailable)
    (expanded from: email_address)
   ----- Transcript of session follows -----
451 4.0.0 putbody: write error: Broken pipe
smrsh: "vacation" not available for sendmail programs (stat failed)
554 5.0.0 Service unavailable

To restore proper ownerships to everything within Plesk's httpdocs directories (assuming the httpdocs directory itself has the correct ownership)

#!/bin/bash
for i in `ls /home/httpd/vhosts/ |grep "\."`
do
chown -R `ls -l /home/httpd/vhosts/$i|grep httpdocs|awk {'print $3'}`:psacln /home/httpd/vhosts/$i/httpdocs/*
done

By default, sendmail will begin queuing mail rather than sending it out at 12 load average, and stop refusing connections at 18 load average. These options can be changed in /etc/mail/sendmail.mc with the following variables:

define(`confQUEUE_LA', `12')dnl
define(`confREFUSE_LA', `18')dnl

Semaphore issues are generally indicated by "out of space on device" errors when there is still free space on the device. You can run 'ipcs -s|grep apache' to see the apache semaphores. If it looks like there are a lot, try clearing them out with 'ipcrm sem [semid]', or just run:

for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;

This can be accomplished with the smtp_bind_address directived, e.g.

smtp_bind_address = 66.216.86.216

http://partytime.wackyfunster.com/leet/pleskpreinstall
This script:
* Determines current redhat and plesk versions and downloads the necessary files for the upgrade from sw-soft
* blows up tomcat entries in the database (YAY!)
* prints mysql and php versions

pleskacl.sh

#!/bin/bash
# for each domain directory
for i in `ls /home/httpd/vhosts|grep '\.'`
do
# get the username for the directory
user=`ls -ld /home/httpd/vhosts/$i/httpdocs|awk {'print $3'}`
# set up the acls
echo "Setting file acls for $user on $i/httpdocs"
setfacl -m u:$user:rwx -R /home/httpd/vhosts/$i/httpdocs
setfacl -d -m u:$user:rwx -R /home/httpd/vhosts/$i/httpdocs
echo "Setting file acls for $user on $i/httpsdocs"
setfacl -m u:$user:rwx -R /home/httpd/vhosts/$i/httpsdocs
setfacl -d -m u:$user:rwx -R /home/httpd/vhosts/$i/httpsdocs
# profit
done

Sometimes it is desirable to force the use of a specific IP address by certain types of traffic, or services which may not allow configuration of such settings. Fortunately, iptables can do this easily. A couple of examples:

Make all outgoing traffic on eth0 come from 127.23.0.4:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 127.23.0.4

Or, for a more specific example, make all outgoing SMTP connections come from 127.23.0.4:

iptables -t nat -A POSTROUTING -p tcp -s ! 127.0.0.1 --dport 25 -j SNAT --to-source 127.23.0.4

Redirect to another host for nonexistent content (e.g. configure this on example.com, and it will redirect to transcendlinux.com if a requested file or directory doesn't exist)

RewriteCond %{HTTP_HOST}   !^transcendlinux\.com [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteCond %{REQUEST_FILENAME}       !-f
RewriteCond %{REQUEST_FILENAME}       !-d
RewriteRule ^/(.*)         http://transcendlinux.com/$1 [L,R]

select concat(mail_name,'@', domains.name) as `e-mail`, password from domains
left join mail on domains.id=mail.dom_id
left join accounts on mail.account_id = accounts.id where postbox='true';

Some security certifications require this. The easiest way to do this is to include the following in a file in /etc/httpd/conf.d (e.g. /etc/httpd/conf.d/notrace.conf), since this directory is automagickally included:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} (TRACE|TRACK)
RewriteRule .* - [F,L]

RHEL4 tends to swap very heavily on some systems, even when there is plenty of free memory. This is due to the default setting of vw.swappiness (sysctl setting) being excessively high for most systems (60 is the default). If you encounter issues with this, try editing /etc/sysctl.conf to include:

vm.swappiness = 10

sysctl -w vm.swappiness=10

This should be a better setting!

A common problem with Apache on Redhat is an issue with displaying special characters (they come up as a ? instead of the proper symbol). The most common cause for this is that Redhat sets the default charset to UTF-8, while most content is instead encoded in ISO-8859-1 (or some other thing!)

The easy fix for this is to comment out:

AddDefaultCharset UTF-8

Upgrading to PHP 5 can create some unfortunate issues with Horde webmail. While the version of Horde provided by Plesk is technically PHP 5 compliant, the version of PEAR packaged with Horde contains a DB module that is NOT PHP 5 compliant, which causes miscellaneous and sundry issues with Horde. Here is a quick fix:

pear upgrade DB
cp -a /usr/share/pear/DB.php /usr/share/pear/DB/ /usr/share/psa-horde/pear/

Unfortunately, due to openbasedir restrictions, a straight "cp" is the cleanest solution. Once this is complete, Horde should function properly (still not sure if this resolves everything).

Here are some great resources on mod_rewrite from apache.org:
http://httpd.apache.org/docs/1.3/misc/rewriteguide.html: This guide provides some great examples for common uses of mod_rewrite, including things like using rewrite to rewrite urls from a moved document root, rewriting all subdomains to a primary subdomain (e.g. have *.test.com all be rewritten to test.com), etc.
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html: Full documentation on mod_rewrite.
http://www.ilovejackdaniels.com/mod_rewrite_cheat_sheet.png: Spiffy Cheatsheet

Here are some links to SW-Soft resources:
Plesk Forums
Plesk 7.5.4 documentation
Plesk Migration Manager documentation (7.5.4)
Plesk 7.5 Flash Tutorials

If you're using MySQL 4.1.1 or newer, you can use the following:

DROP USER user@host;

DELETE FROM mysql.user WHERE User='user' AND Host='host';
FLUSH PRIVILEGES;

In order to change the timezone, you need to link /etc/localtime to the appropriate timezone file in /usr/share/zoneinfo... e.g. to change the time to CST, you would do:

rm -f /etc/localtime
ln -s /usr/share/zoneinfo/CST6CDT /etc/localtime
date
Sun Aug 13 01:18:21 CDT 2006

In Redhat, you also need to edit the /etc/sysconfig/clock file (specifically the ZONE= line) to reflect the appropriate timezone. This will be set to the corresponding file in /usr/share/zoneinfo, e.g.

Sometimes it is necessary to relax the open basedir restrictions for a particular domain. To do this, you'll need to create a vhost.conf for that domain, or edit the existing one. For this example, we will use 'test.com' as the domain.

vi /var/www/vhosts/test.com/conf/vhost.conf

<Directory /var/www/vhosts/test.com/httpdocs>
    php_admin_flag engine on
    php_admin_value open_basedir [insert appropriate restrictions here, or 'none' to disable]
</Directory>

/usr/local/psa/admin/bin/websrvmng -av

This is particularly useful when migrating to a NAT environment on a Plesk server with a large number of domains on a single shared IP, or migrating from one IP to another.

First you need to add the IP address on the server, and ensure that it's been picked up by the Plesk control panel. After that, go into the psa database:

mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa

To set the password of an existing user, you use:

SET PASSWORD FOR 'user'@'host' = PASSWORD('newpass');

An equivalent command is:

UPDATE mysql.user SET Password=PASSWORD('newpass')
  WHERE User='user' AND Host='host';
FLUSH PRIVILEGES;

All you need to do is paste the following into a file in a web-content directory (typically phpinfo.php or info.php):

<?php
phpinfo();
?>

Sometimes, ext3 journals go bad. Typically this will be evident in journal or dma errors in dmesg (I'll provide some examples next time I come across one of these). In order to resolve it, perform the following:
* Take the server down and boot it into the rescue environment (this means KVM time for support)... do NOT mount any of the partitions.
* fsck the affected partition.
* Remove the journal from the affected partition
* re-fsck the affected partition
* Readd the journal to the affected partition

In order to set up port forwarding on IPtables, you can use the following (for forwarding one tcp port to another):

iptables -t nat -A PREROUTING -p tcp --dport [port to forward] -j DNAT --to [destination ip]:[destination port]

For example, to forward from port 26 to port 25 (a fairly common practice) on 192.168.1.37 you'd use:

iptables -t nat -A PREROUTING -p tcp --dport 26 -j DNAT --to 192.168.1.37:25

Note that this rule will be added in the nat table, so won't show up on a standard iptables -L -v, and iptables -F won't clear it (you'll need to use iptables -t nat -L -v / iptables -t nat -F).