dah85.com

*not* just another blog ;)

On one my test servers running VestaCP on an LXC container, I ran into an interesting issue where (due to the nature of LXC this is expected behaviour) the VestaCP LXC container shows the load of the host node, and as it's under load, VestaCP refuses to perform backups.

If you get an email like this "LoadAverage 5 is above threshold" and you would prefer to change that to something a bit higher (in my case, I'm changing it to 20 because I want it to backup even if the server is on fire) then here's how to do it.

We need to edit the BACKUP_LA_LIMIT=5 variable in /usr/local/vesta/func/main.sh

sudo nano /usr/local/vesta/func/main.sh

In my case I've changed it to read BACKUP_LA_LIMIT=20 so that it will always backup.

I searched high and low on the internet and couldn't find anything that suggested this, so I ended up doing a grep -r "BACKUP_LA_LIMIT" in the /usr/local/vesta directory to find which file is responsible.

I hope this can help someone else :)

A quick tip so that I don't forget this again. By default, VestaCP will set directories to disallow listings, for example, example.com/files would show a 403 error instead of listing the contents.

Sometimes, though, it's desirable to have a list shown to the user, so all we need to do is create or modify the .htaccess file in the top level folder.

For example, in /home/user/web/example.com/public_html/files/

nano .htaccess

Add the following to ALLOW listing:

Options +Indexes   

Or to DISALLOW:

Options -Indexes   

Hopefully this also helps someone :)

Setting up FTP backups for VestaCP

- Posted in Quick Tip by with comments

By default, VestaCP will do a daily backup and store it on the same file system that VestaCP is installed on, which isn't great if something happened to that and that was our reason for wanting to restore!

What we're going to do is set VestaCP to backup to the local storage and also an FTP server.

I've already set up my FTP server, so all I need to do next is change the VestaCP config. First, we need to create the config file:

sudo nano /usr/local/vesta/conf/ftp.backup.conf

And then paste the following into it, keeping in mind that you will need to change the options to match your FTP server:

HOST='backupserver.yourdomain.com'
PORT='21'
USERNAME='backupuser'
PASSWORD='[email protected]'
BPATH='/home/backupuser/vestabackup'

Once you've got that done, it's time to let VestaCP know about this, so we're going to edit the config file an add ftp to the list of backup targets:

sudo nano /usr/local/vesta/conf/vesta.conf

Find the line that looks like this:

BACKUP_SYSTEM='local'

And change it to this:

BACKUP_SYSTEM='local,ftp'

Now when VestaCP does its daily backup, it will save it to the FTP server too.

I have recently installed Matomo (formerly Piwik) on a test server for collecting analytics, and I have noticed that there is this annoying error message that shows up 3-4 times on the main page:

WARNING: /var/www/public_html/matomo/libs/Zend/Db/Statement/Mysqli.php(105): Warning - Error while sending STMT_CLOSE packet. PID=18123 - Matomo 3.3.0 - Please report this message in the Matomo forums: https://forum.matomo.org (please do a search first as it might have been reported already)

I'm going to try to fix that here. I found that the problem is that MySQL times out waiting for it to complete the task, so let's change some settings in MySQL.

wait_timeout = 60
max_allowed_packet = 128MB

I did this on VestaCP, by going into the "Server" tab, then MySQL -> Configure. Once changed, click save and then refresh Piwik/Matomo and it is fixed!

Please let me know if this has helped you, in the comments :)

It's a long-winded title, but it's fitting.

I was trying to work out how to set up VestaCP so that when someone visits the IP of the server, it can go to a specific website instead of the first website that was configured, which in my case, is not desired.

So basically what made me want to do this is there seem to be a lot of domains that are still pointing to my IP and I'd like to capture that traffic and forward them to my web design page just.

What we are going to do is change the order in which VestaCP and Apache will look at websites in this case.

First, we'll edit /etc/apache2/conf.d/vesta.conf

nano /etc/apache2/conf.d/vesta.conf 

Then move the website you want to the top of the list, then save (control+x)

Once you've done that, we need to restart nginx and apache

service apache2 restart
service nginx restart

Now when you go to the website by the IP or a domain that's not hosted by you, it'll forward to the first website in that list. Neat, eh?

Redirecting domains with VestaCP

- Posted in Quick Tip by with comments

I have been looking for a way to redirect domain1.com to domain2.com even if the address is domain1.com/blah/random it will always redirect to domain2.com

We need to make a .htaccess file in the public_html folder and add the following:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain1.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.domain1.com [NC]
RewriteRule ^(.*)$ http://domain2.com/ [L,R=301,NC]

If we want it to forward them like this, example1.com/blah to example2.com/blah, we'd use:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain1.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.domain1.com [NC]
RewriteRule ^(.*)$ http://domain2.com/$1 [L,R=301,NC]

In a previous post I spoke about setting up the SSL cert for mail, but the web interface also needs SSL set up. The steps are actually similar, but without the extra bit for mail.

Here's what I did to fix it, just make sure you replace the example with your own domain. If you aren't running as root, use these commands otherwise put sudo in front of them all:

ln -s /home/admin/conf/web/ssl.example.com.pem /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.example.com.key /usr/local/vesta/ssl/certificate.key

If that didn't do the trick, restart apache and vestacp and it will now work with your new cert :)

Setting up SSL for Mail in VestaCP

- Posted in Quick Tip by with comments

I'm still playing with my VestaCP install, and I've found that the outgoing mail doesn't work correctly when using Thunderbird or any other mail client except webmail which works perfectly.

It turns out there's an issue with the SSL certificates and EXIM (the mail server)

Here's what I did to fix it, just make sure you replace the example with your own domain. If you aren't running as root, use these commands otherwise put sudo in front of them all:

ln -s /home/admin/conf/web/ssl.example.com.pem /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.example.com.key /usr/local/vesta/ssl/certificate.key

setfacl -m user:Debian-exim:r-- /home/admin/conf/web/ssl.example.com.pem
setfacl -m user:Debian-exim:r-- /home/admin/conf/web/ssl.example.com.key

chgrp mail /home/admin/conf/web/ssl.example.com.pem
chmod 660 /home/admin/conf/web/ssl.example.com.pem
chgrp mail /home/admin/conf/web/ssl.example.com.key
chmod 660 /home/admin/conf/web/ssl.example.com.key

Now you should be able to send email from a mail client without it complaining about certificates :)

Finding the SQL password in VestaCP

- Posted in Quick Tip by with comments

I've been playing with VestaCP lately, getting it all set up the way I like and I had a need to manually edit the databases and found that there was a root password set that I never set.

The password is hidden away in a file, to get to it do this:

sudo nano /usr/local/vesta/conf/mysql.conf

You'll find the password in there :)