Vesta CP

Aus HS Syswiki
(Unterschied zwischen Versionen)
Wechseln zu: Navigation, Suche
(Notes)
(exim/spamassassin)
Zeile 132: Zeile 132:
 
= exim/spamassassin =
 
= exim/spamassassin =
 
http://lists.merlins.org/archives/sa-exim/2003-July/000511.html
 
http://lists.merlins.org/archives/sa-exim/2003-July/000511.html
 +
= FTP =
 
<pre>
 
<pre>
 
- Mainuser / FTP account? restrict permission main user.
 
- Mainuser / FTP account? restrict permission main user.

Version vom 10. Mai 2017, 16:46 Uhr

Inhaltsverzeichnis

Default vhost templates

Templates can be found in the /usr/local/vesta/data/templates/ directory. Feel free to modify or copy them to create new custom templates. After modifying existing template you need to rebuild user configuration. This can be done using v-rebuild-user command or bulk operation in the web interface (drop down list on a "User" page).


Apache

  • default - no additional settings, works well for most sites
  • basedir - to fight against phpshells using openbasedir directive
  • hosting - separate php limits for each domain (php_admin_value memory/safemode/etc)
  • phpcgi - template to run php as cgi. can be useful to run php4 or php5.2
  • phpfcgid - to php as fcgi (automatically installed on a server with > 1Gb of RAM)
  • wsgi - template to run python projects (can be installed manually)

Apache template actually consists of three files. File with tpl extension is used to build usual virtual host. File with stpl extension is used to build SSL vhost. File with sh extension is optional. It can be used as trigger to run additional shell commands on domain creation. For details see phpfcgid.sh template


Nginx

  • default - serves static content, works well for most sites
  • hosting - disable_symlinks directive to protect from symlink attacks
  • сaching - dynamic pages are cached for 15 min to handle spontaneous traffic aka reddit-effect
  • force-https - force users to https/SSL (can be installed manually)


DNS

  • default - general dns records
  • gmail - predefined records to host mail on google app
  • child-ns - template for vanity name servers

Default locations data customers

Hosting data:

  • /home/$user/web
  • /home/$user/web/$domain1.ch
  • /home/$user/web/$domain2.ch
  • /home/$user/web/$domain1.ch/cgi-bin
  • /home/$user/web/$domain1.ch/document_errors
  • /home/$user/web/$domain1.ch/logs
  • /home/$user/web/$domain1.ch/private
  • /home/$user/web/$domain1.ch/public_html
  • /home/$user/web/$domain1.ch/public_shtml
  • /home/$user/web/$domain1.ch/stats


Mail data:

  • /home/$user/mail
  • /home/$user/mail/$domain1.ch
  • /home/$user/mail/$domain2.ch
  • /home/$user/mail/$domain1.ch/$alias
  • /home/$user/mail/$domain1.ch/$alias/cur
  • /home/$user/mail/$domain1.ch/$alias/new
  • /home/$user/mail/$domain1.ch/$alias/.Spam


Database data:

  • /var/lib/mysql/$db1


Webserver conf:

  • /home/$user/conf/web/apache2.conf
  • /home/$user/conf/web/sapache2.conf (ssl)
  • /home/$user/conf/web/nginx.conf
  • /home/$user/conf/web/snginx.conf (ssl)

Mail conf:

  • /home/$user/conf/mail/$domain/* (exim)
  • /home/$user/conf/mail/$domain/passwd (dovecot)

Config and log locations Debian / Ubuntu

https://vestacp.com/docs/#config-log-location-debian-ubuntu

API

https://vestacp.com/docs/api/

Notes 

root@lx1:/usr/local/vesta/bin# ./v-list-user-log user1
DATE        TIME      CMD
----        ----      ---
2017-04-25  12:35:21  changed language to en
2017-04-25  12:36:52  added web domain user1.ch
2017-04-25  12:36:52  added dns domain user1.ch
2017-04-25  12:36:53  added TXT dns record _domainkey for user1.ch
2017-04-25  12:36:53  added TXT dns record mail._domainkey for user1.ch
2017-04-25  12:36:53  added mail domain user1.ch
2017-04-25  12:36:53  enabled web log analyzer for user1.ch
2017-04-25  12:36:54  added ftp account user1_user1@user1.ch
2017-04-25  12:38:32  added mysql database user1_user1
2017-04-26  12:06:52  added web domain user1-domain2.ch
2017-04-26  12:06:52  added dns domain user1-domain2.ch
2017-04-26  12:06:53  added TXT dns record _domainkey for user1-domain2.ch
2017-04-26  12:06:53  added TXT dns record mail._domainkey for user1-domain2.ch
2017-04-26  12:06:53  added mail domain user1-domain2.ch
2017-04-26  12:25:48  added mail account user1@user1.ch
root@lx1:/usr/local/vesta/bin# ./v-list-user-log user2
DATE        TIME      CMD
----        ----      ---
2017-04-27  12:57:02  changed language to en
2017-04-27  12:57:49  added web domain downtown-bern.ch
2017-04-27  12:57:49  added dns domain downtown-bern.ch
2017-04-27  12:57:49  added TXT dns record _domainkey for downtown-bern.ch
2017-04-27  12:57:49  added TXT dns record mail._domainkey for downtown-bern.ch
2017-04-27  12:57:49  added mail domain downtown-bern.ch
2017-04-27  12:57:50  enabled web log analyzer for downtown-bern.ch
2017-04-27  12:57:55  added ftp account user2_user2@downtown-bern.ch

v-add-user USER PASSWORD EMAIL [PACKAGE] [FNAME] [LNAME]
v-add-user user2 mnag2017 abuse@hoststar.ch STARENTRY fname lname

v-add-domain USER DOMAIN [IP] [RESTART]
v-add-domain user1 user1.ch

v-list-web-templates
v-change-user-template

v-add-database USER DATABASE DBUSER DBPASS [TYPE] [HOST] [CHARSET]
v-add-database user1 user1db user1db mnag2017

v-add-web-domain-ftp USER DOMAIN FTP_USER FTP_PASSWORD [FTP_PATH]
v-add-web-domain-ftp user2 user2.ch ftp mnag2017

exim/spamassassin

http://lists.merlins.org/archives/sa-exim/2003-July/000511.html

FTP 

- Mainuser / FTP account? restrict permission main user.

Partitioning 

/ ext4 60G 
/var xfs 55G
/tmp xfs 25G
swap 10G
/home xfs rest

https://www.beegfs.com/wiki/StorageServerTuning#hn_59ca4f8bbb_9

proftp.conf 

ServerName                      "FTP"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     root@localhost
DefaultServer                   on
DefaultRoot                  ~ !adm

#<IfModule mod_vroot.c>
#    VRootEngine                 on
#    VRootAlias                  /etc/security/pam_env.conf etc/security/pam_env.conf
#</IfModule>

AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
UseReverseDNS                   off
User                            proftpd
Group                           nogroup
MaxInstances                    20
UseSendfile                     off
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
ListOptions                     -a
RequireValidShell               off
PassivePorts                    12000 12100
TransferLog                     /var/log/proftpd/xferlog
SystemLog                       /var/log/proftpd/proftpd.log

LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c

<IfModule mod_sftp.c>
        <VirtualHost 85.10.232.92>
           SFTPEngine on
           Port 5544
           SFTPLog /var/log/proftpd/sftp.log

           SFTPHostKey /etc/ssh/ssh_host_rsa_key
           SFTPHostKey /etc/ssh/ssh_host_dsa_key

           SFTPCompression delayed
        DefaultRoot ~
        AllowOverwrite on
        AllowRetrieveRestart on
        AllowStoreRestart on
#        SFTPAuthMethods password
        RequireValidShell       no

        </VirtualHost>
</IfModule>

<Global>
  Umask                         002
  IdentLookups                  off
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

#<IfModule mod_quotatab.c>
#QuotaEngine off
#</IfModule>

LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
<IfModule mod_ctrls.c>
        ControlsEngine        on
        ControlsMaxClients    10
        ControlsLog           /var/log/proftpd/controls.log
        ControlsInterval      5
        ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>
Von „http://syswiki.internet-license.net/index.php?title=Vesta_CP&oldid=1082
Meine Werkzeuge
Namensräume

Varianten
Aktionen
Navigation
Werkzeuge