nerdia.net

Ispconfig 3.0 to 3.1 update issue – PHP-FPM and SSL problems

March 10, 2018/0 Comments/in Ispconfig /by Stefan Helander

After updating a multi server installation of Ispconfig3 problems occured when editing existing or adding new websites on one of the servers.

If the site had SSL enabled the apache2 vhosts file for the site (located in /etc/apache2/sites-availible) would get empty values for SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile fields, causing it to revert to old configuration or not load the site at all. At some point apache2 wouldn’t reload at all so to get it upp the site had to be disabled by removing /etc/apache2/sites-enabled/100-sitename.vhost file.
If the site was running under PHP-FPM the site would report Internal server error 501 caused by the socket file /var/lib/php5-fpm/webXXX.sock was owned by root and not by the web user. This in turned was caused by the fields listen.owner and listen.group in webXXX.conf (for PHP-FPM) was empty.

Since this was a multi server installation and this problem only occured on one server they could be compared. It turned out that the problem was caused in the directory /usr/local/ispconfig/server/plugins-enabled. The files in this directory should be symbolic links to the corresponding files in /usr/local/ispconfig/server/plugins-available, but after a move of the Ispconfig3 installation from an older server, these links had become real files instead of symbolic links.

This meant that the files in /usr/local/ispconfig/server/plugins-enabled was still Ispconfig 3.0 files while the ones in /usr/local/ispconfig/server/plugins-available was Ispconfig 3.1. To resolve the problem, to be on the safe side, make a backup of /usr/local/ispconfig/server/plugins-enabled and then run:

cd /usr/local/ispconfig/server/plugins-enabled ln -s -f /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php apache2_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/apps_vhost_plugin.inc.php apps_vhost_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/aps_plugin.inc.php aps_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/bind_plugin.inc.php bind_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/cron_jailkit_plugin.inc.php cron_jailkit_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/cron_plugin.inc.php cron_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/firewall_plugin.inc.php firewall_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/ftpuser_base_plugin.inc.php ftpuser_base_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/getmail_plugin.inc.php getmail_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/maildrop_plugin.inc.php maildrop_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/mailman_plugin.inc.php mailman_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/mail_plugin_dkim.inc.php mail_plugin_dkim.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/mail_plugin.inc.php mail_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php mysql_clientdb_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/network_settings_plugin.inc.php network_settings_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/postfix_filter_plugin.inc.php postfix_filter_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/postfix_server_plugin.inc.php postfix_server_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/shelluser_base_plugin.inc.php shelluser_base_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/shelluser_jailkit_plugin.inc.php shelluser_jailkit_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/software_update_plugin.inc.php software_update_plugin.inc.php ln -s -f /usr/local/ispconfig/server/plugins-available/webserver_plugin.inc.php webserver_plugin.inc.php

Verify with ls -l /usr/local/ispconfig/server/plugins-enabled that all your files are symbolic links.

Microsoft Office 365 SSL certificate error in Outlook [solved]

March 1, 2018/0 Comments/in Email, Microsoft /by Stefan Helander

Clients moving over to Office 365 who had purchased a valid SSL certificate for their mail server still got SSL certificate errors in Outlook and mobile clients. This was despite the mail service was equipped with a valid SSL certificate (not self signed, but issued by a real CA).

It turns out here that Outlook seems to investigate https root domain (i.e. the customer’s web site) for auto configuration before trying autodiscover.customerdomain.com. And if there is no valid SSL certificate installed on the customers web site, an error is displayed. This was verified by examining the customer’s web site logs where we could se repetitive accesses to /autodiscover/autodiscover.xml.

If only Outlook just would have ignored the SSL error and continued to the next method….

A simple solution was just to add a valid SSL certificate to the customer’s web site, and the problem was solved. That way Outlook didn’t get SSL certificate error when trying to retrieve the non-existing autoconfiguration information from the customer’s web site.

Add custom favicon.ico to T3 bootstrap framework for Joomla!

February 27, 2018/0 Comments/in Joomla, Web design /by Stefan Helander

When you are using the T3 bootstrap framwork for Joomla! to create a Joomla! responsive template, an easy way to use a custom favicon.ico is to just replace the file templates/t3_bs_blank/favicon.ico with your own.

This is fine – until you update the T3 framwork. Then your custom favicon.ico will be overwritten with the default file.

This is a solution:

Create an override of the file templates/t3_bs_blank/tpls/blocks/head.php and place it in templates/t3_bs_blank/local/tpls/blocks/head.php
Add the following code last in the file:
 <?php if (is_file(T3_TEMPLATE_PATH . '/local/favicon.ico')) { $this->addFavicon(T3_TEMPLATE_URL . '/local/favicon.ico'); } ?> 
Now put your custom favicon.ico in templates/t3_bs_blank/local

Now your custom favicon.ico will survive updates of the T3 framework.

Where is WordPress links / blogroll?

February 16, 2018/0 Comments/in WordPress /by Stefan Helander

In older WordPress installations there was a possibility to handle links. I recently installed a new WordPress 4.9 and I can’t find links (or blogroll). i.e. the Link Manager, anymore. Where is it?

From version 3.5 of WordPress, the Links section is not visible anymore if there were no links present or if it is a new installation.

If you want it back, you can download Link Manager here.

Should I use hotmail / gmail / yahoo etc for my business email?

February 4, 2018/0 Comments/in Email /by Stefan Helander

When you are starting your new business you will need an email address. As a small, startup company it can be tempting to go for the quick, cheap and easy solutions. Is it a good idea to use one of the free email services like hotmail, gmail, yahoo etc as your company email?

My answer is no. I normally don’t recommend it for several reasons. The free services are great for private use, but not for business.

Buying your own domain name is cheap.
Your own domain name will also market your business name, making it easier for your clients to remember you.
It gives you a more trustworthy appearance towards your clients, when you are not building your business on a free service, sharing the domain name with thousands of others.
Hotmail, for example, has very “trigger happy” spam filters which means you will most certainly find legitimate emails from a new sender in the spam folder along with real spam emails. You have to tell Hotmail that this was not a spam to “teach” it not to put emails from this sender again in the spam folder. To make sure you don’t miss important business emails you will have to check your spam folders on an hourly basis.

I had a client who lost several assignments because of legitimite client requests ending up in the spam folder at Hotmail. When the emails was found in the Hotmail spam folder, the assignments had already gone to competitors.

We switched the client over to using a domain name of their own, hosted at a hosting company targeting businesses, with spam filters that were a bit more allowing. Meaning, sometimes a spam would end up in the inbox but legitimite emails never ended up in the spam folder.

The client was very used to the Hotmail interface, so we just connected the new email account with their own domain name email account, at the new hosting provider, throught IMAP to the Hotmail account.

This way they could continue to work in the Hotmail (or Outlook OWA) interface with their new email account under their own domain name. So they now just used Hotmail as their “email program” because they were used to it.

When replying to emails sent to their own domain name, the own domain name email account was automatically used for the reply. Only when writing a new email they have to select the account with their own domain name (otherwise, by default, the new email is sent from the Hotmail account).

Joomla! 1.5 create new admin user via MySQL and phpMyAdmin

January 25, 2018/0 Comments/in Joomla /by Stefan Helander

If you need to gain administrator access to a Joomla! 1.5 website where the admin password is not known (forgotten or the original admin is no longer available) you can resolve the situation by adding a new administrator user through MySQL.

For this, obviously, you need to now the database credentials. This is how you do it using MySQL and phpMyAdmin. Click on the images below to see them enlarged.

Log in to phpMyAdmin using the credentials for the Joomla! database
Go to the table jos_users and go to the last record. If your last user id is less than 1000 you can use the values in this example. Otherwise you have to adapt it to a user id larger than your last user id (if you have less than 1000 users in your Joomla! database user id 1000 will be fine).
Insert a new record into the jos_users table:
Joomla! 1.5 create new admin user via MySQL and phpMyAdmin step 1

id = 1000
name = A new administrator
username = admin2
email = admin2@example.com (or perhaps your own email address ;))
password = d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199
usertype = Super Administrator
block = 0
sendEmail = 1
gid = 25

Then click on Run to save the entry
Go to the table jos_core_acl_aro and insert a new record:
Joomla! 1.5 create new admin user via MySQL and phpMyAdmin step 2

id = 1000
section_value = users
value = 1000
order_value = 0
name = Administrator
hidden = 0

Then click on Run to save the entry
Go to the table jos_core_acl_groups_aro_map and insert a new record:
Joomla! 1.5 create new admin user via MySQL and phpMyAdmin step 3

group_id = 25
section_value = (empty)
aro_id = 1000

Then click on Run to save the entry
Now go to the backend of your site (i.e /administrator) and log in with the username “admin2” and the password “secret” (whithout “”)
Go to the user section and immediately change the password of admin2 user since “secret” is a very insecure password

Joomla! Component skeleton or framework

January 11, 2018/0 Comments/in Joomla /by Stefan Helander

I was going to develop a Joomla! Component for a client and started to read the documentation on how to build a Joomla! Component. I searched online for a skeleton or framework so I didn’t have to program that from scratch. Googeling it didn’t show up any really good results.

Until I realized there are actually services for this. Component Creator is one of them. Through a web interface you can specify the details for your component and you can download a ZIP-file which is installable for Joomla! to start bulding upon.

However, documentation is something not really existing for Component Creator. Instead there are community forums and some video tutorials. I was searching the forums for a specific matter and it turned out that the same question had been asked several times by other users. The reply from the Component Creator staff was that you will get the answer to that question by buying the Premium service. So instead of documenting an answer to a common question they want each client to contact the support team to get the answer, probably in order to sell more Premium subscriptions. A bit odd to me. The free service is so limited anyway so without the Premium subscription you quickly run into it’s limitations, so they will sell them anyway.

You should also be aware that Jensen Technologies who is behind Component Creator also is a consulting business offering development of Joomla! components. So your supplier will also be kind of your competitor. I am not saying they will go and steal your business or clients but it is not always a healthy thing when your supplier is also your competitor. Their in house developers will naturally always have the best support compared to their clients. If it was me, I would have split it into two different companies.

Anyway, the Component Creator is a powerful and helpful tool when starting a new component project for Joomla!.

The video tutorials can be found here:

There is also a webinar recorded on Youtube here:

Below is a demonstration of building a component in 30 minutes using Component Creator by Søren Beck Jensen (2015).

How to keep WordPress widgets when switching themes

January 9, 2018/0 Comments/in WordPress /by Stefan Helander

When you switch from one theme to another in WordPress you will discover that all widgets you had is gone. Is there a way to keep the widgets when switching themes?

Short answer is – no. The widgets are set specifically for the theme.

But it is often quite simple to resolve the situation. After you switch theme, go to Appearance -> Widgets and scroll down to the bottom of the page.

Here you will find Inactive widgets. You can simply pull them back into your new theme’s widget position and get them back where you want them.

WordPress widgets

However, if the widgets you were using was part of the theme you switched from, they will not be available when using the new theme so in that case you need to find an alternative plugin or widget.

Meltdown and Spectre vulnerabilities – what to do?

January 4, 2018/0 Comments/in Linux/FreeBSD, Mobile, Security, Windows /by Stefan Helander

Meltdown and Spectre are two vulnerabilities present in hardware making it potentially possible for programs to steal information, like passwords etc.

Meltdown affects only Intel processors while Spectre, which is more complex, also partly affects AMD and ARM based processors.

It is not yet known if these vulnerabilities has been exploited by anone. It can affect personal computers, servers, tablets and mobile phones, i.e. more or less any device containing a processor.

More information on: https://spectreattack.com/

What can you do?

Check your operating system for updates the upcoming weeks (this is normal good security practice, but make sure you do it frequently)
Install and update your virus protection. Even if the antivirus program can’t protect you from the attack it might be able to inform you that your device has got malicious code onboard

You can find security bulletins, security advisorys, faq:s etc for your operating system here: https://meltdownattack.com/#faq-advisory

Asterisk no sound from client

December 12, 2017/0 Comments/in SIP /by Stefan Helander

I was running an Asterisk server behind NAT without any problems at one location. Due to reoargnization it was moved to a new location and placed behind a pfsense firewall. After a while users reported increasing problems with no sound from the clients.

It turned out running a SIP server behind a pfsense can be problematic. When moving to the SIP server to a white IP-adress (no NAT), protecting it using iptables firewall on the SIP-server, all problems disappeared.

It should be noted that the pfsense firewall was not running the latest version of pfsense so it could be caused by a problem solved in later versions of pfsense. However, for different reasons it was not possible to upgrade pfsense so the solution was to move the SIP-server from behind pfsense.