Home » Kloxo Community Support » First Time Users » [FAQ] Frequently Asked Questions(New to Kloxo? Not sure if it's right for you? Read this first.)
( ) 1 Vote
| [FAQ] Frequently Asked Questions [message #82299] |
Sat, 16 April 2011 22:21  |
|
Attention: This is a work in progress. The FAQ will be moved to the wiki (at http://wiki.lxcenter.org) when it's done. You are welcome to contribute to it by posting in this thread.
Is Kloxo safe/secure?
Quote:As secure as any other web hosting manager. There is no standard metric to measure and compare against other similar panels as there are way too many factors to consider, so any attempt to do that should be considered mere personal opinions which we will avoid here. But generally speaking, it is only safe as the weakest link, much like any other software.
You have to first understand Kloxo is not only a web hosting manager, it is a complete solution. That is, it comprises of the web panel part (a stand-alone web server for the panel, a stand-alone php, scripts and command-line tools) and the hosting services packages (RPMs for apache, lighttpd, php, BIND, djbdns, pure-ftpd, qmail, courier, clamav, and many others) that are not available in the standard CentOS/Red Hat repositories or in some cases too old and lacking necessary features for a good and stable hosting service.
LxCenter contributors do their best to keep these updated, including third-party scripts such as Horde, RoundCube and phpMyAdmin provided with the panel.
But you, as a system administrator, have to do your own homework too and be proactive. "0-day" exploits are published every day for various services and scripts, including your GNU/Linux operating system and LxCenter provided packages. Kloxo will NOT auto update (by default - you can enable it if you so wish) or update the OS or provided packages, just like any other web hosting manager. Thankfully, Kloxo allows to easily switch between services (BIND to djbdns, for example) to mitigate an eventual security issue until a fix is provided.
So don't be the weakest link. Visit the forums often and keep an eye in announcements (there's a RSS feed, use it). In the worst case scenario, LxCenter will e-mail all registered forum users with critical alerts. Keep your contact info updated!
When will the next version be released?
Quote:You can follow the roadmap at http://project.lxcenter.org/projects/kloxo/roadmap . Deadlines may vary according to official contributors personal schedules. The ability to build and release new versions is limited to a small group of developers for various reasons (code sanity, compatibility, security, etc). Depending on severity, bug fixes may be released regardless of any schedule and alerted via e-mail (used in the forum registration).
You can always check the announcements forum, web site, or project site for new releases. Or just click the "Update Home" button in your panel (and read the changelog).
I can't find any documentation. Where is it?
Quote:Unfortunately there is no compiled documentation for Kloxo or HyperVM yet but there are efforts to do so. Kloxo and HyperVM were inherited from LxLabs who believed it was not necessary given the panels ease of use and info boxes.
As a result, most of it is scattered in the LxCenter forums (usually at Knowledge Base and Contributed HOWTOs) and the wiki requiring you to use the built-in forum and wiki search functions or google (which does a great job at indexing both).
In time, a proper documentation (User and Admin guides) should be provided with the software and available online but you can help today and create new wiki articles or expand existing ones at http://wiki.lxcenter.org (registration required) so it can be included in the official docs.
Will it run in [INSERT YOUR FAVORITE LINUX DISTRO HERE]?
Quote:Kloxo is only officially supported under CentOS 5.1 and up (or the analogous for Red Hat Enterprise Linux) in 32-bit versions. There is an ongoing effort to officially support Kloxo under CentOS/RHEL x86_64 architecture and packages are not considered production quality yet even though they are available in the LxCenter repository.
That doesn't mean you should not try and adapt to your own setup. Others have done so and detailed the procedure in the wiki and elsewhere but keep in mind future Kloxo updates may not be compatible with such changes.
If you have up to 12 GB of RAM, you should use the PAE linux kernel instead until Kloxo is officially supported under x86_64.
I LOVE Kloxo. What can I do to help?
Quote:Easy answer. Try some of these in no particular order:
- Spread the word
- Support LxCenter partners by using their services
- Submit bug reports and feature requests
- Help others in the forums and other communities you participate
- [[Translation+Tutorial|Translate]] the panel and docs to your own language
- Become a partner by donating resources to the project
- If you are a good coder, join us!
- Donate! Most things are not free in this world, no matter how much LxCenter pleads.
If you are a competent coder (mostly PHP), don't be shy and apply. We can certainly pair you with a knowledgeable coder to get you started.
And above all, an open-source project cannot survive without an active community. Just by helping others and submitting bug reports you have done a lot! We are also more than happy to provide language specific forums as long as your are active to moderate it and weed out spam.
What is the best firewall for kloxo?
Quote:
Basic iptables rules are available at http://wiki.lxcenter.org/How+to+secure+your+Kloxo+with+IPTAB LES .
But the most popular are CSF (http://www.configserver.com/cp/csf.html) followed by APF+BFD (http://www.rfxn.com/projects/advanced-policy-firewall).
CSF is certainly harder to configure properly but it is great once you have done it. APF is is more modular and easier for newbies at the cost of fewer features compared to CSF+LFD combo.
[Updated on: Sun, 17 April 2011 15:08] by Moderator Report message to a moderator |
|
|
| Re: [FAQ] Frequently Asked Questions [message #84624 is a reply to message #82299] |
Fri, 03 June 2011 12:16  |
|
Regarding the iptables wiki, I believe from another thread that you agree that the article is not a preferred way to do this. I've pasted the same rules from that page below with the command to save the rules. Note that I use /sbin/iptables as when running as sudo or su the path does not include /sbin by default.
# Clear rules
/sbin/iptables -t filter -F
/sbin/iptables -t filter -X
# SSH In
/sbin/iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
# Don't break established connections
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Block all connections by default
/sbin/iptables -t filter -P INPUT DROP
/sbin/iptables -t filter -P FORWARD DROP
/sbin/iptables -t filter -P OUTPUT DROP
# Loopback
/sbin/iptables -t filter -A INPUT -i lo -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -o lo -j ACCEPT
# ICMP (Ping)
/sbin/iptables -t filter -A INPUT -p icmp -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p icmp -j ACCEPT
# DNS In/Out
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
/sbin/iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
# NTP Out
/sbin/iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
# FTP Out
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 30000:50000 -j ACCEPT
# FTP In
/sbin/iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
/sbin/iptables -t filter -A INPUT -p tcp --dport 30000:50000 -j ACCEPT
/sbin/iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# HTTP + HTTPS Out
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
# HTTP + HTTPS In
/sbin/iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
# Mail SMTP:25
/sbin/iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
# Mail POP3:110
/sbin/iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
# Mail IMAP:143
/sbin/iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
# Kloxo
/sbin/iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT
#For the master of a master/slave configuration, uncomment the next 2 lines and modify SLAVE_IP
#/sbin/iptables -t filter -A INPUT -p tcp -s SLAVE_IP --dport 7779 -j ACCEPT
#/sbin/iptables -t filter -A OUTPUT -p tcp -d SLAVE_IP --dport 7779 -j ACCEPT
#For the slave of a master/slave configuration, uncomment the next 2 lines, and modify SLAVE_IP
#/sbin/iptables -t filter -A INPUT -p tcp -s MASTER_IP --dport 7779 -j ACCEPT
#/sbin/iptables -t filter -A OUTPUT -p tcp -d MASTER_IP --dport 7779 -j ACCEPT
#Save rules
/etc/init.d/iptables save
https://www.mercuryvps.com
HyperVM Xen VPS hosting
[Updated on: Fri, 03 June 2011 14:39] Report message to a moderator |
|
| | | |
| Re: [FAQ] Frequently Asked Questions [message #93124 is a reply to message #84638] |
Sun, 25 December 2011 09:41 |
|
Maybe add the following:
What is Kloxo?
Taken from the wiki: Kloxo is one the most advanced and flexible hosting platform on this planet. From Kloxo HostinABox that can run a full featured hosting on 15MB RAM to Kloxo Enterprise, which is only truly distributed hosting platform in the industry, Kloxo is a single software that can power all areas of your hosting business, whether it is powering your entire shared hosting or simple control panel that you can sell with your VPS offering.
Are Kloxo and Lxadmin the same?
Yes and no. Kloxo is a rebranding of Lxadmin after it went open source. Lxadmin used to be a closed source hosting platform similar to cPanel and the likes, but since it has gone open source, it was rebranded to Kloxo due to concerns about the appropriation of the software. On top of this, Kloxo has come a long way and has lots of code changes since it was open sourced.
So InstallApp, use it or not?
No, don't use it. InstallApp is very outdated and hasn't been updated for a long time. There are many security loopholes in the software and quite frankly, it doesn't look like they'll be patched. If you want a one click install function in your Kloxo installation, your best bet is Installatron or Softaculous.
Where are the configuration files?
The configuration files are located as below:
php.ini: /etc/php.ini
my.cnf: /etc/my.cnf
clamd.conf: /etc/clamd.conf
pear.conf: /etc/pear.conf
spamdyke.conf: /etc/spamdyke.conf
httpd.conf: /etc/httpd/conf/httpd.conf
Note: There are other .conf files (such as inclusion of php.conf and others) located in /etc/httpd/conf.d
phpMyAdmin conf.inc.php: /usr/local/lxlabs/kloxo/httpdocs/thirdparty/phpMyAdmin/confi g.inc.php
Note: Kloxo can administer the general settings for most of these files, so it is generally recommended that you don't edit these files directly unless you know what you are doing.
How do I edit these files?
Generally CentOS has vim installed, you can simply type in:
E.g. to edit php.ini you type
To use vim, have a look through this page: http://www.tuxfiles.org/linuxhelp/vimcheat.html
It contains a lot of useful commands.
How do I restart a specific service?
Using SSH:
# service [servicename] {start|stop|restart}
e.g. to restart 'httpd' (apache) you would issue:
How do I install Kloxo?
Kloxo is a fairly simple install, a complete guide is found here:
http://wiki.lxcenter.org/Kloxo+Installation+Guide
How do I check my PHP/MySQL/Apache version?
The default CentOS repositories contain a fairly old build of both the MySQL server and the PHP version.
PHP
You can find the latest version of PHP by using SSH and typing:
This will output something along the lines:
PHP 5.3.8 (cli) (built: Sep 30 2011 20:23:54)
Copyright (c) 1997-2011 The PHP Group
MySQL
For MySQL, the easiest way is to login to phpMyAdmin and looking on the right under the MySQL section. If, for whatever reason, you can't access this, you can also check this using SSH, make sure your MySQL server is running, then type in:
Then it will ask you for a password, type in the root password.
Then in the mysql terminal type:
This will give you 1 row similar to this:
+-----------+
| version() |
+-----------+
| 5.5.19 |
+-----------+
1 row in set (0.00 sec)
This tells you the version is 5.5.19 (at the time of writing this, the latest version).
Apache
Finally to check Apache, you can try and access any 404, and it will give you the version in the server signature (if this hasn't been disabled), otherwise through SSH:
Which will give you something like:
Server version: Apache/2.2.21 (Unix)
Server built: Oct 7 2011 14:13:12
How do I update PHP/MySQL to the latest version?
Before you proceed with upgrades please note: While upgrading these software should, in theory, work fine, the Kloxo developers and I cannot be held responsible for anything that may go wrong, and while, generally, even if something does go wrong, it won't be something catastrophic. If so, you are always welcome to ask for help here on the forums.
So as I mentioned before, CentOS' MySQL and PHP version are fairly old.
In order to upgrade them to the latest version, we can use the REMI repositories.
First of all we need to remove the installation of the current MySQL and PHP version:
install the remi repositories if they're not installed yet:
You will need access to SSH terminal and type in:
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
Then install everything:
# yum --enablerepo=remi,remi-test install php-cli php-xml php-pspell php-mbstring php-snmp php-common php php-gd php-xmlrpc php-process php-soap php-pgsql php-odbc php-dba php-mysql php bcmath php-mcrypt mysqlclient15 mysql mysql-server
You can install additional PHP extensions. You can get a complete list by typing:
# yum --enablerepo=remi,remi-test list php*
Then restart Apache and MySQL
# service httpd restart
# service mysqld restart
Upgrading phpMyAdmin
phpMyAdmin requires a bit more typing, but it's harder to mess up.
# cd /tmp
# wget http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.4.9/phpMyAdmin-3.4.9-all-languages.tar.gz
# tar xvfz phpMyAdmin*
# rm -f phpMyAdmin*.tar.gz
# cp /usr/local/lxlabs/kloxo/httpdocs/thirdparty/phpMyAdmin/config.inc.php phpMyAdmin*
# cd /usr/local/lxlabs/kloxo/httpdocs/thirdparty/
# mv phpMyAdmin phpMyAdmin.backup
# mv /tmp/phpMyAdmin-* phpMyAdmin
That's it, your phpMyAdmin has now been updated. If you've tested everything, and it all works fine, great, you can now safely remove the backup
# rm -Rf /usr/local/lxlabs/kloxo/httpdocs/thirdparty/phpMyAdmin.backup
Otherwise, to revert back to the backup:
# cd /usr/local/lxlabs/kloxo/httpdocs/thirdparty/
# mv phpMyAdmin phpMyAdmin.new.backup
# mv phpMyAdmin.backup phpMyAdmin
How do I use Kloxo?
I have always thought that the best way to learn how to use something is through experimenting. Have a look around an installation, check the demo site etc.
If you can't be bothered with that, you can always do a quick Google, nowadays many people use Kloxo, and along the way, at least one person will have asked the same question.
The other day, while searching for Kloxo tips and tricks, I came accross this site: http://fsckvps.com/tutorials . They have some great video tutorials on how to use Kloxo (Under Lxadmin) amongst other things.
If all of this doesn't appeal to you, you can ask for help on the forums.
If I have missed anything, let me know and I'll update this FAQ.
[Updated on: Thu, 05 January 2012 06:09] Report message to a moderator |
|
|
| |
  |
Goto Forum:
Current Time: Sat May 25 14:00:43 EDT 2013
Total time taken to generate the page: 0.01105 seconds
|
HyperVM & Kloxo Support
Members
Search
Help
Register
Login
Home
