change the server hostname on the Parallels Plesk Panel server

Posted on December 11, 2014December 11, 2014 by ppadmin

wordpress – plesk error Call to undefined function is_admin()

Posted on December 9, 2014December 9, 2014 by ppadmin

In the Plesk under the subscription we are seeing the following error and we can not apply the Plesk security settings.

Error: PHP Fatal error: Call to undefined function is_admin() in /usr/share/plesk-wp-cli/php/wp-cli.php(18) : eval()’d code on line 87

Parallels identifies this in a KB article:

http://kb.sp.parallels.com/en/123569

They say:

Cause:

Modified wp-config.php file inside a WordPress installation document root. Function is_admin() could be handled properly while it evaluated from CLI.

Resolution

Either remove his function from the wp-config.php or modify it, as it shown on example below:

if(function_exists(‘is_admin’))

We compared the config against another new installation and removed the following lines from it.

============================================================

if(is_admin()) {

add_filter(‘filesystem_method’, create_function(‘$a’, ‘return “direct”;’ ));

define( ‘FS_CHMOD_DIR’, 0751 );

}

if(is_admin()) {

add_filter(‘filesystem_method’, create_function(‘$a’, ‘return “ftpext”;’ ));

define( ‘FS_CHMOD_DIR’, 0755 );

}

============================================================

Then in the subscriptions control panel we clicked the Plesk to refresh button for WordPress security scan and all appears to be fine now.

Activate mod_deflate on plesk server

Posted on November 26, 2014December 2, 2014 by ppadmin

On a Plesk server, the mod_deflate module is installed by default, however it may be disabled in the Apache configuration file. To enable the module edit the Apache configuration file

vi /etc/httpd/conf/httpd.conf

Search for the line

#LoadModule deflate_module modules/mod_deflate.so

and uncomment it i.e. remove the ‘#’ mark

LoadModule deflate_module modules/mod_deflate.so

Save the file and restart the httpd service

service httpd restart

Now, create a .conf file under the /etc/httpd/conf.d/ directory since Apache reads all the .conf files from that directory on a Plesk server

vi /etc/httpd/conf.d/deflate.conf

and place the following code in it

<Location />
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
</Location>

Save the file and restart the httpd service. The compression code will compress all the files except the .gif, .jpe, .jpeg and .png files. To test the compression, use the tool

http://www.whatsmyip.org/mod_gzip_test/

To enable compression for a specific directory or domain, specify the directory path in the <Location> directive in deflate.conf and restart the Apache server.

get plesk email passwords

Posted on November 21, 2014November 21, 2014 by ppadmin

1> To find password for a single email account

root@server[#] /usr/local/psa/bin/mail --info info@domain.com

2> To find passwords for a single domain

root@server[#] /usr/local/psa/admin/bin/mail_auth_view | grep domain.com

3> To find passwords for all email accounts.

root@server[#] /usr/local/psa/admin/bin/mail_auth_view

Unable to configure RSA server private key” and “certificate routines:X509_check_private_key:key values mismatch” Errors

Posted on November 20, 2014November 20, 2014 by ppadmin

“Unable to configure RSA server private key” and “certificate routines:X509_check_private_key:key values mismatch” Errors

If you see one of these errors it usually means that the private key that is being loaded in the VirtualHost section of your .conf file doesn’t match the SSL Certificate being loaded in the same section.

To check if the two files match, run the following OpenSSL command on each of them:

openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5openssl rsa -noout -modulus -in your_domain_com.key | openssl md5

If the modulus of the two files doesn’t match exactly, do one of the following:

Find the .key file matching your .crt file and update the VirtualHost in your .conf file to match.
Reissue your certificate by either generating two new files with the OpenSSL CSR Wizard or by creating a new CSR from your existing private key file using the following command.
Note that the existing private key must be at least 2048 bits. If the key is less than 2048 bits you will have to recreate the key.

openssl req -new -key your_domain_com.key -out your_domain_com.csr

ssl cert on Verio servers

Posted on November 20, 2014November 20, 2014 by ppadmin

(Apache v2.X)

Download the appropriate GlobalSign root certificate and save it in a text editor as “gs_root.pem.” Only the ExtendedSSL certificate uses the GlobalSign root CA R2 certificate.
Download the appropriate intermediate certificate(s) and save it in a text editor as “intermediate.pem”.
Copy your SSL certificate from the order fulfillment e-mail or log into your GlobalSign Certificate Center account and download it. Paste it into a text editor. Save the file as “mydomain.crt.”
Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
Open your “httpd.conf” file with a text editor. Please note that some installations keep the SSL section separately in the “ssl.conf” file. Locate the the virtual host section for the site that the SSL certificate will secure.Your virtual host section will need to contain the following directives:
- SSLCACertificateFile – This will need to point to the appropriate GlobalSign root CA certificate.
- SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates you previously created in Step 1 above.
- SSLCertificateFile – This will need to point to the end entity certificate. This is the certificate you have called “mydomain.crt.”
- SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
Save the changes to the file. Quit the text editor.
Restart Apache.

(creating CSR)

Make sure OpenSSL is installed and in your PATH.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):$ openssl genrsa -des3 -out server.key 2048
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:

$ openssl rsa -noout -text -in server.key

Unless you want to enter the password each time you start apache, you will need a decrypted PEM version for later:

$ openssl rsa -in server.key -out server.key.unsecure
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):$ openssl req -new -key server.key -out server.csr

fail2ban hangs after making change

Posted on October 30, 2014October 30, 2014 by ppadmin

Refer to KB http://kb.sp.parallels.com/en/122407

Symptoms

After enabling a jail, fail2ban service can be neither restarted nor stopped. The service status is shown wrong, without the jails list:

# service fail2ban status
fail2ban-server (pid  3291) is running

/var/log/fail2ban.log shows that it stopped when adding log files to its monitoring pool:

2014-07-27 21:09:25,487 fail2ban.filter [25047]: INFO    Added logfile = /var/www/vhosts/system/dom1.com/logs/proxy_access_log
2014-07-27 21:09:25,985 fail2ban.filter [25047]: INFO    Added logfile = /var/www/vhosts/system/domain.com/logs/proxy_access_ssl_log

Cause

Fail2ban has plesk-apache-badbot and plesk-apache (or other big) jails enabled. That jail forces fail2ban to parse all the access and error logs for each virtual host and Apache’s access log. In case if there are a lot of virtual host access logs, the service hangs by resource over usage trying to parse all of them.

NOTE: When you enable this jail in panel you might see the warning:

Warning: Fail2Ban might not work well if there are many domains and Fail2Ban has to monitor too many log files.

Resolution

The following instruction should be applied in case if there are less then 300 domains, and amount of log files in jail should be reduced:

Kill the stuck process(es) by PID (exercise caution, it might be a good idea to check PIDs which it will kill first by omitting the last part after |):
```
# ps aux | grep fail2ban|awk '{print $2}'|xargs kill -9
```
Remove .pid file:
```
# rm -f /var/run/fail2ban/fail2ban.pid
```

Reduce the amount of logs to parse for the jail plesk-apache-badbot (or disable the jail altohether). Open file/etc/fail2ban/jail.d/plesk.conf and change the mask of the path to logs from '*access*log' to '*access_log':

[plesk-apache-badbot]

enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https,7080,7081"]
logpath  = /var/www/vhosts/system/*/logs/*access_log
           /var/log/httpd/*access_log

If fail2ban service is running, execute fail2ban-client reload. Otherwise start the service.

The below instruction is for big amount of domains (more then 300):

Fail2Ban can use a lot of RAM on the server, in case if it monitors a lot of jails with many log files! Make sure that the server will not experience the out-of-memory condition before applying this solution! If it does – disable some jails.

In case if you have a very big amount of domains on your Plesk server, and the above workaround doesn’t help, you may divide the logs by different jails, so that they are loaded one by one and therefore minimize the amount of logs in one jail. This should help, since issue is caused by a single big jail with a lot of logs, but it won’t be happening when there are a lot of jails with small amount of logs included.

Please use the following commands to create separate jails for domains according to the first name letter\digit:

Get admin email:

admin_email=`mysql -Ns -uadmin -p\`cat /etc/psa/.psa.shadow\` psa -Ne"select email from clients where login='admin'"`

Set plesk-apache jails:

 for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 1 2 3 4 5 6 7 8 9 0;do find /var/www/vhosts/system/$i*/logs/error_log 2>/dev/null 1>/dev/null; found=`echo $?`;if [ $found == "0" ];then echo "[[\"usedns\",\"no\"],[\"logpath\",\"\\/var\\/www\\/vhosts\\/system\\/$i*\\/logs\\/error_log\"],[\"enabled\",\"true\"],[\"filter\",\"apache-auth\"],[\"maxretry\",\"6\"],[\"__source__\",\"jail.d\\/plesk.conf\"],[\"action\",\"iptables-multiport[name=apache, port=\\\"http,https,7080,7081\\\"]\"],[\"ignoreip\",\"127.0.0.1\/8\"],[\"bantime\",\"600\"],[\"destemail\",\"$admin_email\"],[\"findtime\",\"600\"],[\"backend\",\"auto\"]]"|/usr/local/psa/admin/bin/f2bmng --set-jail plesk-apache-$i ;fi;done

Set plesk-apache-badbot jails:

 for i in a b c d e f g h i j k l m n o p q r s t u v w x y z 1 2 3 4 5 6 7 8 9 0;do find /var/www/vhosts/system/$i*/logs/error_log 2>/dev/null 1>/dev/null; found=`echo $?`;if [ $found == "0" ];then echo "[[\"usedns\",\"no\"],[\"logpath\",\"\\/var\\/www\\/vhosts\\/system\\/$i*\\/logs\\/*access_log\"],[\"enabled\",\"true\"],[\"filter\",\"apache-badbots\"],[\"maxretry\",\"100\"],[\"__source__\",\"jail.d\\/plesk.conf\"],[\"action\",\"iptables-multiport[name=BadBots, port=\\\"http,https,7080,7081\\\"]\"],[\"ignoreip\",\"127.0.0.1\/8\"],[\"bantime\",\"172800\"],[\"destemail\",\"$admin_email\"],[\"findtime\",\"600\"],[\"backend\",\"auto\"]]" |/usr/local/psa/admin/bin/f2bmng --set-jail plesk-apache-badbot-$i;fi;done

In regular plesk-apache-badbot and plesk-apache jails, leave only general error\access logs file paths:
plesk-apache-badbot:
```
/var/log/httpd/*error_log
```
plesk-apache:
```
/var/log/httpd/*access_log
```
On steps 2 and 3 we created jails only if there are some domains matching the first digit\letter of domain name. Otherwise, Fail2ban will not start due to configuration errors. Now we need to set up the script that adds a jail upon new domains creation:
- Download the attached script , put it on your server, and grant executable permissions:
```
wget http://kb.sp.parallels.com/Attachments/kcs-32570/add_jails.sh

chmod +x add_jails.sh
```
- Create tasks in Plesk event manager with the following parameters:
  Domain created lowest (0) root /root/add_jails.sh <new_domain_name>
  
  Default domain (the first domain added to a subscription or webspace) created lowest (0) root /root/add_jails.sh <new_domain_name>
Use the first instruction to restart Fail2ban if it hanged.

show all plesk key numbers

Posted on October 30, 2014October 30, 2014 by ppadmin

From the physical server you can show the plesk key numbers of all the containers:

grep ‘key-number’ /vz/root/*/etc/sw/keys/keys/key*

horde time off

Posted on October 14, 2014October 14, 2014 by ppadmin

Horde was not reading the default server time (all users were seeing UTC). I set the default in this config file:

/usr/share/psa-horde/imp/config/prefs.local.php

I added this line:

$_prefs[‘timezone’][‘value’] = ‘US/Central’;

export products in magento

Posted on October 10, 2014October 14, 2014 by ppadmin

Using Magento’s Data-Profiles to Export your entire product database (if this does not work see OPTION 2)

OPTION 1
Navigate to System -> Import/Export -> Data-Profiles
Select Export All Products

Review your options in the Profile Wizard. You may wish to change the name of your export file under File Information -> File Name.

To define which product attributes you wish to export for each product, under Profile Wizard -> Data Format -> Export you can choose to export All Fields, or select specific product attributes you wish to export by selecting Only Mapped Fields and selecting your required attributes.magento-data-profile-data-format

To define a specific range of products you wish to export under Profile Wizard -> Export Filters -> you can filter your products by name, sku, product type, attribute set, price, stock quantity, visibility or status. Save and Continue Edit, and we’re ready to export.

Now that the parameters for your export are set, choose the Run Profile tab and click the Run Profile in Popup button. Your export will start automatically in a pop up window.

Once your export is complete, you now need to retrieve it from your server via FTP.

Once logged into your server, you will find you exported csv file waiting for you inside the var/export folder.

OPTION 2
The above did not work for me, and I found lots of references online saying the same thing. I was able to accomplish the same thing via the command line.

Install this script into main httpdocs directory. You can then specify the profile from OPTION 1 that you want it to run. The export will then be created in the same directory as the script.

Import/Export > Profiles

require_once(‘app/Mage.php’);
umask(0);
Mage::app(‘admin’);

$profile = Mage::getModel(‘dataflow/profile’);
$userModel = Mage::getModel(‘admin/user’);
$userModel->setUserId(0);
Mage::getSingleton(‘admin/session’)->setUser($userModel);
$profile->load($profileId);
if (!$profile->getId()) {
Mage::getSingleton(‘adminhtml/session’)->addError(‘ERROR: Incorrect profile id’);
}

Mage::register(‘current_convert_profile’, $profile);
$profile->run();

echo “EXPORT COMPLETE.\n”;
?>