RE: How to enable ssl for a website not available in web tab

@Locvps There is no SSL for directories, certificates are issued by domain and subdomain.

If the certificate was generated for domainx.com it applies to any /folder

@Automata Hey, is everything okay?

I was really crazy behind something like that, but really crazy

Thanks for the tip of the project, and I already took the liberty of starting to create a fork in the exclusive github for CWP-Pro.

Initially I realized that there are some problems with inconsistencies with the standard installation of CWP, here are the problems:

1 - The default folder that the project uses for VHosts is different from the one that the CWP uses.
2 - The folder where the project domains is located is the default for a server with nginx (/var/www/...), in the CWP it is /home/
3 - The installation and setup executable needs to be updated.
4 - For me the most critical is that it blocks many bots of current SEO tools, like SemRush and Ahrefs, this is a problem for commercial customers.

Well, I'm busy at the moment, but I will customize this project for the reality of the CentOS Web Panel and I believe that this will help everyone who uses the panel.

Project git link: https://github.com/gplone/nginx-ultimate-bad-bot-blocker-cwp

I already made the correction of items 2, 3 and 4 above, and soon I will update the Readme of the project to better explain the installation for the CWP, to install as it is, just follow the following recommendations:

1 - Follow the standard tutorial until Step 5 (Before running setup-ngxblocker)
2 - Update the /usr/local/sbin/setup-ngxblocker codes with the code that exists in the repository I created.
3 - Perform Step 5 and 6 (Do not restart Nginx yet)
4 - Update the /etc/nginx/conf.d/globalblacklist.conf file with the same file that exists in the repository.
5 - Run the command nginx -t and if everything is OK, restart nginx using the systemctl restart nginx or via the panel.

I am analyzing other things, and I will make the necessary customizations for the project to update only in the new repository and as I see other corrections I will make them, I even have a huge list of Bad IPs from Digital Ocean used by bots.

If you have any updates you can send me that I will be happy to be able to integrate in the project.

Enjoy

@sandeep The problem goes beyond just changing a few lines in Nginx.

I have a series of bots and useragents that I need to control, and an installer helps me a lot.

As I said in the previous post, the installer is mounted for a standard installation of Nginx or Easyengine that uses the same folder layout, so i need custom this for use with CWP.

Another common problem is the lack of professionalism in CWP Updates....which in my opinion is the only negative point...as a hosting company we have no feedback on updates from the CWP team, and at least in the last 20 updates, half there were bugs.

So I will continue to adapt this project to work with the CWP, with a view to quick maintenance in case of problems with the Panel.

Good Sunday

Hi @sandeep, After a while of testing I realized that the MPM Event that comes standard in its installation script does not work well for servers with high traffic.

When Nginx overloads Apache, it ends with the message Graceful Restart, but it is unable to finish the restart and the Webserver is blocked.

The solution I found was to use MPM_Prefork, but as your script compiles MPM_Event into the apache executable, I had to insert --enable-mpms-shared=all for apache to compile all MPMs and make them available for selection at httpd.conf .

For now it has been running well with my high traffic clients, and Apache has stopped crashing.

I left my tip for you to include this MPM configuration in your standard apache installation script in the next versions.

Strong hug.

Hey @JosePP

I checked your site and it is working as I had spoken with the 2 protocols working without redirect.

• https://prnt.sc/v0xcuq

I think there must be a problem using the {HTTP_HOST} and {REQUEST_URI} variables on your server.

You can try to declare the URL directly without using apache variables, like this:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://inprenta.eus/$1 [L,R=301]

After inserting the code, restart the Web Server and try to access the site in an anonymous tab in your browser, I think it should work that way.

Hey @JosePP,

It's very simple, just use a config on the WebServer for the domain without HTTPS, so the webserver is open to 2 protocols (HTTP / HTTPS).

Then just add a redirect to htaccess, with code like this:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

@bmask Normally when I need these specific modules I compile it on a server and then copy it to the others, I just tested it and it worked normally, I put the files in a Driver if I want to test it.

CentOS 7 + Nginx 1.20.0 + incubator-pagespeed-ngx-1.13.35.2-stable:
https://drive.google.com/file/d/1s_x7hdOujhHC6CSce6CGV_z5JxmJ8Jgo/view?usp=sharing

CentOS 8 + Nginx 1.20.0 + incubator-pagespeed-ngx-1.13.35.2-stable: https://drive.google.com/file/d/1W_QEsYRP_bER7iAaaItmiTmHHJbc28vh/view?usp=sharing

Commands to reproduce:

$ wget -O- http://nginx.org/download/nginx-1.20.0.tar.gz | tar -xz
$ cd nginx-1.20.0/
$ wget https://github.com/apache/incubator-pagespeed-ngx/archive/refs/tags/v1.13.35.2-stable.tar.gz  | tar -xz
$ ./configure --with-compat --add-dynamic-module=/root/nginx-1.20.0/incubator-pagespeed-ngx-1.13.35.2-stable

The compiler will stop and will give you 3 commands that I forgot to note , when executing the 3 commands, go back to the nginx folder.

$ ./configure --with-compat --add-dynamic-module=/root/nginx-1.20.0/incubator-pagespeed-ngx-1.13.35.2-stable
$ make modules

The .so file will be in the objs/ folder, just copy it to the nginx folder and configure it normally.

I hope it helps.

@sandeep I wish you well and take care of your health

@bmask Normally when I need these specific modules I compile it on a server and then copy it to the others, I just tested it and it worked normally, I put the files in a Driver if I want to test it.

CentOS 7 + Nginx 1.20.0 + incubator-pagespeed-ngx-1.13.35.2-stable:
https://drive.google.com/file/d/1s_x7hdOujhHC6CSce6CGV_z5JxmJ8Jgo/view?usp=sharing

CentOS 8 + Nginx 1.20.0 + incubator-pagespeed-ngx-1.13.35.2-stable: https://drive.google.com/file/d/1W_QEsYRP_bER7iAaaItmiTmHHJbc28vh/view?usp=sharing

Commands to reproduce:

$ wget -O- http://nginx.org/download/nginx-1.20.0.tar.gz | tar -xz
$ cd nginx-1.20.0/
$ wget https://github.com/apache/incubator-pagespeed-ngx/archive/refs/tags/v1.13.35.2-stable.tar.gz  | tar -xz
$ ./configure --with-compat --add-dynamic-module=/root/nginx-1.20.0/incubator-pagespeed-ngx-1.13.35.2-stable

The compiler will stop and will give you 3 commands that I forgot to note , when executing the 3 commands, go back to the nginx folder.

$ ./configure --with-compat --add-dynamic-module=/root/nginx-1.20.0/incubator-pagespeed-ngx-1.13.35.2-stable
$ make modules

The .so file will be in the objs/ folder, just copy it to the nginx folder and configure it normally.

I hope it helps.

@sandeep I wish you well and take care of your health

@bmask If you are talking about ngx_pagespeed, just compile the module using the Nginx code and the last Pagespeed Code on Github.

@sandeep Probably

Hey @JosePP

I checked your site and it is working as I had spoken with the 2 protocols working without redirect.

• https://prnt.sc/v0xcuq

I think there must be a problem using the {HTTP_HOST} and {REQUEST_URI} variables on your server.

You can try to declare the URL directly without using apache variables, like this:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://inprenta.eus/$1 [L,R=301]

After inserting the code, restart the Web Server and try to access the site in an anonymous tab in your browser, I think it should work that way.

Hey @JosePP,

It's very simple, just use a config on the WebServer for the domain without HTTPS, so the webserver is open to 2 protocols (HTTP / HTTPS).

Then just add a redirect to htaccess, with code like this:

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Hi @sandeep, After a while of testing I realized that the MPM Event that comes standard in its installation script does not work well for servers with high traffic.

When Nginx overloads Apache, it ends with the message Graceful Restart, but it is unable to finish the restart and the Webserver is blocked.

The solution I found was to use MPM_Prefork, but as your script compiles MPM_Event into the apache executable, I had to insert --enable-mpms-shared=all for apache to compile all MPMs and make them available for selection at httpd.conf .

For now it has been running well with my high traffic clients, and Apache has stopped crashing.

I left my tip for you to include this MPM configuration in your standard apache installation script in the next versions.

Strong hug.

@sandeep Thanks, yesterday I tested and see an error in a PHP file.

But then I recompiled and it worked normally, only with that problem that I mentioned that the ioncube * .so was not being saved in the folder.

@sandeep Very good, congratulations for the work

I am testing here and I identified 3 things that gave problem:

• The oniguruma and oniguruma-devel packages were missing in the pre-installation, without it the installation ends at the time of the mbstring extension compilation.
• At the end of the installation, the Ioncube.so files were missing in the /usr/local/ioncube/...
• I realized that after reconfiguring the WebServer to use PHP 7.4, it did not assign the correct PHP socket variable in Apache files, and looking at the templates I saw that this line is an internal CWP variable, but I was able to manually change the settings files and use the correct Socket without problems.

In the 2 first cases I installed it manually and it worked without problems and the 3 case i need some help

@Automata This update is available in the repository, if you don't want to do the manual update, just select the Apache WebServer in CWP Admin, and it will automatically remove Nginx.

Then select any option with nginx that it will reinstall and configure the new version of Nginx.

I hope it helps

@sandeep Excellent news...I'm looking forward to testing