Posts by jackstone

Hello guys,

I'm importing some E-mail accounts from an old installation and some of the passwords are weaker.

If i try to set the old password i-MSCP is giving an error that the "Password must contain letters and numbers".

Is there anyway in the i-MSCP settings to disable this and allow the weak passwords ?!

I have another server with 1.5.3 on which I can set a weak password without problem so there must be some settings that differ between the server that allows weak passwords and the server that doesn't, both run on the latest 1.5.3 version.

I tried to look in /etc/impsc/imscp.conf and search the forums but couldn't find any mention.

Normally I would tell users to just update the passwords to more complex ones, but I have a few cases with customers who are unable to do that, so I must use the old passwords when I move the domain. (at least for now)

Thanks!

Quote from Nuxwin

Code

1. # List of IP addresses for slave server(s)
2. # Only relevant in master mode
3. SECONDARY_DNS = 192.168.1.100,192.168.2.100

This is EXACTLY what I was looking for but didn't know where to look, thank you very much !!!

Nuxwin

Thanks for your reply!

From what I can tell the allow-transfer { localhost; }; was the problem it was overriding the main config with allow-transfer { slaves; } I changed that in every record on all servers and now it seems to be working.

One question remains, do I have to edit named.conf.local every time I add a new domain for a client adding { localhost ; slaves; } or is there some setting in i-MSCP that can do that automatically ?!

Thanks for all the help!

Nuxwin exactly !! 100% correct !

I added allow transfer & notify on the i-MSCP servers in named.conf.options and it works.

I also saw that on the master there is only { localhost } in the named.conf.local but the transfer works if I set allowed servers in named.conf.options so I didn't bother to add { localhost ; masters ; } in the named.conf.local + I wasn't sure if i-MSCP replaces that file and I would just edit it until next i-MSCP restart and than the file is overwritten.

The thing that I cannot understand is why in God's name do the zones expire on ns1 & ns2 after one week. It's really really bad because I cannot know for sure when a zone expires and suddenly I get calls from customers that the domain is not working and it's happened 2-3 times already, people are getting frustrated and with good reason.

Any ideas ?!

Hello everyone,

I've been having problems these past few weeks with the transfer of zone files between i-MSCP 1.5.3 latest version master servers and their very old ispCP slave servers. Every week or so, the domains stop working on the slave servers (ispCP) until i manually edit the zone file on the slave and change the serial number of the zone. Then I manually restart bind and the zone transfer begins again and the domains work. Needless to say this is very bad, having to manually edit all the zone files each week is becoming a nightmare. Any ideas how to fix this ?

Bellow is the setup :

- All domains have ns1 & ns2 setup as NS servers.

- ns1 & ns2 are the SLAVE servers running an outdated ispCP version.

- All domains are setup as MASTER on the specific server where they are hosted with websites / e-mails on i-MSCP 1.5.3 latest version.

Slave 1 /etc/bind/named.conf.options :

Slave 1 /etc/bind/named.conf.local

Quote

include "/etc/bind/bind.keys";

include "/etc/bind/rndc.key";

include "/etc/bind/named.server1.secondary";

include "/etc/bind/named.server4.secondary";

include "/etc/bind/named.server9.secondary";

server ......... { keys { MasterKey; }; }; //server1

server .......... { keys { MasterKey; }; };

And /etc/bind/named.serverXX.secondary :

zone "blabla.com" {

type slave;

masters {

............; <- IP of the i-MSCP 1.5.3 hosted domain and master DNS

};

file "/var/cache/bind/secondary/server9/blabla.com.hosts";

allow-query{ any; };

};

Display More

Master of a zone with problems running on i-MSCP 1.5.3 latest :

- named.conf.options :

Master named.conf.local on i-MSCP 1.5.3 latest :

Logs from bind :

The old ispCP slave servers are running on Debian 6

The latest i-MSCP 1.5.3 2018 servers are running on Ubuntu 18.04

Can anyone tell me what's wrong with this config and why I have to manually change the serial number of each zone in order to get it to work ?

When the logs say that the zone is expired if I dig @localhost zone.com it doesn't resolve, if i change 1 number from the serial, restart bind and dig @localhost zone.com it rezolves without problem for about 1 week. After that it stops working and says the serial expired again.

I'm going crazy here with this, please help!

Quote from Nuxwin

Good evening,

The fact is that with latest i-MSCP version, you should not use the PanelRedirect plugin which was deprecated in favour of the Redirect (proxy) feature that is integrated in core. You can find more information there:

The PanelRedirect plugin will be soon abandoned and therefore, no longer maintained.

I didn't know that, thank you for the info!

Quote from tracer

Code

1. BTW, before an upgrade you should disable all plugins and enable them afterwards.

Yes, forgot to do that, but now everything is working again.

Apparently, after the upgrade the plugin PanelRedirect was no longer installed for some reason, after the (re)install of the plugin, the panel now works on :443

Quote from tracer

That would be my next try: root@web10:/usr/local/src/imscp-1.5.3# perl imscp-autoinstall -dar ssl

What's next ?

Hey tracer thanks for your reply!

Quote

# netstat -luntep|grep 443

tcp 0 0 *:8443 0.0.0.0:* LISTEN 0 4031892 18077/nginx: master

tcp6 0 0 :::443 :::* LISTEN 0 4091968 4142/apache2

tcp6 0 0 :::8443 :::* LISTEN 0 4031893 18077/nginx: master

And SSL Labs says :

Quote

Assessment failed: No secure protocols supported

It is very weird, I have another server with the exact same configuration, i checked each file in /etc/apache2 , i checked enable modules of apache, they are identical, on one server everything works fine, and this one it doesn't. I even checked apache2 related installed packages, same version and same packages installed on both servers, I'm really lost, no idea where to look next

Quote

# curl -v https://localhost

* Rebuilt URL to: https://localhost/

* Trying 127.0.0.1...

* TCP_NODELAY set

* Connected to localhost (127.0.0.1) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* successfully set certificate verify locations:

* CAfile: /etc/ssl/certs/ca-certificates.crt

CApath: /etc/ssl/certs

* (304) (OUT), TLS handshake, Client hello (1):

* error:1408F10B:SSL routines:ssl3_get_record:wrong version number

* stopped the pause stream!

* Closing connection 0

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Display More

A more verbose curl.