Categories
VPS

ISPConfig

And The Pied Piper.

ISPConfig is an open source hosting control panel for Linux, it allows multiple server management from one control panel includes web server management, mail server management, and DNS server management.

Comply with strict privacy policy websites- disable the web statistics program.

Create users- it is required to set permanent customer no., create resources for him with the feature “login as client”.

Change the server configuration use the path /usr/local/ispconfig/server/conf-custom/ and for the inteface configuration /usr/local/ispconfig/interface/lib/config.inc.local.php.

Activate SSL for a website- first enable the SSL and than the Let’s Encrypt SSL, you may use the Rewrite HTTP to HTTPS and SEO Redirect (domain.tld => www.domain.tld, after creating automatic www subdomain) options. Clean old SSL certificates- use the command (newer certificates will have higher suffix number):

certbot delete

Run WordPress website with SSL in reverse proxy- add the directive to wp-config.php:

$_SERVER['HTTPS'] = 'on';

Use ISPConfig behind NAT– enable the Skip Lets Encrypt Check option (System => Server Config => Web => SSL Settings), use the WAN IP in DNS Settings and Website Settings, and the LAN IP in Server Config and Server IP Addresses.

Config a reverse proxy in Apache web server, which keeps the original reciever address and don’t pass the SSL certificates requests use those directives:

ProxyPreserveHost On
ProxyPass /.well-known/acme-challenge !
ProxyPass /$PATH http://$LAN-IP:$PORT/$PATH
ProxyPassReverse /$PATH http://$LAN-IP:$PORT/$PATH
ProxyPass / http://$LAN-IP:$PORT/
ProxyPassReverse / http://$LAN-IP:$PORT/ 

Recover better- enable rescue option (Server Config tab).

Restore a website from a server backup- it is possible to export and import the website files & database backup and the relevant backup record from the ISPConfig database, to manual run all the configured backups use the command:

php /usr/local/ispconfig/server/cron_debug.php --cronjob=500-backup.inc.php

Enhance the email policy- edit the directives in /etc/postfix/main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf

Use PureFTP in passive mode (allows using behind firewall)- use the commands (and open the same ports at the firewall):

echo "30510 30610" > /etc/pure-ftpd/conf/PassivePortRange
service pure-ftpd-mysql restart

Deal with a CSRF block while deleting resources- delete it directly in the database.

As you probably have noticed- the oldest written accounts of the Pied Piper of Hamelin was created in Lüneburg, the same town the ISPConfig software is developed.

Leave a Reply

Your email address will not be published. Required fields are marked *