Posts by Starlight

3. HSTS and Hardening for Apache and nginx

for Apache, add to config/apache/parts/domain_ssl.tpl

for nginx add to config/nginx/00_master_ssl.conf

4. HPKP for Apache and nginx

For HPKP you need to get a base64 encoded fingerprint of the certificate, please have a look at https://scotthelme.co.uk/hpkp-http-public-key-pinning/

I got the same error on update.

I did a security scan on my system (i-mscp 1.2.15) and I think the following advisories are important:

1. Missing httpOnly Cookie Attribute

Set session.cookie_httponly = true in all php.ini files.

see: https://www.owasp.org/index.php/HttpOnly

2. SSL Weak Ciphers in POP3S, IMAPS, SMTPS, POP3-SSL, IMAP-SSL, SMTP-SSL

Add default secure ciphers.

@Nuxwin

Debian standard.

If fixed, I'm fine. I solved it manually with deleting the SQL string. I will report after installing 1.2.16 (when released).

I received a couple of errors while installing/updating i-MSCP to version 1.2.14/1.2.15, for example:

I'm using a remote MariaDB SQL server.

Great, thanks @Nuxwin

I fixed it manually, it will work for now.

I found the problem: in one of the php5-fpm pool files, the {ALLOW_URL_FOPEN} variable was not replaced by a valid boolean string. Unfortunately, I could not find it in the php5-fpm logs.

To find it, I tried:

Looks, like it is i-MSCP related. However, it needs a bit more Investigation how it could happen and why only with one vhost.

yes, with upstart.

I'm not sure where this should lead to. For me, it looks like PHP5 FPM cannot create the socket file in /var/run due to permission problems with the vu-user and therefore cannot connect to this socket. The main problem seems to be AH02454. There is only one PHP5 FPM socket created: for vu2000 (what is the panel). This leads me to the conclusion that Apache or the imscp configuraton create the problem.

Debian 8.3 (Jessie)

Hi @Nuxwin

Quote from Nuxwin

Shell-Script

1. # service php5-fpm status

gives (as expected)