Config changes

hennaboy

Verified User
Joined
Jan 9, 2020
Messages
13
Okay so just joined DirectAdmin and finding it interesting the approach to OLS config and the splitting of the configuration, therefore, disabling the web admin supplied by OLS.

Was this work by DA themselves and or how OLS wished to supply the software?

I have concerns about this in that default SSL is set to sslProtocols 30 which should be 24. 30 includes TLS1.0 and 1.1

SSL config apparently cannot be changed as it will be overwritten by directadmin. SSL security settings were not included. Even though a dhparam is created when DirectAdmin is installed its not used. So, the question is. If SSL config is overwritten by directadmin where is the config to do this? Really defeats the point of having a set of config files to adjust if you have to adjust everytime there is an update.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,755
Location
LT, EU
Was this work by DA themselves and or how OLS wished to supply the software?
This is how DirectAdmin configures Apache, Nginx, LiteSpeed as well. In split configuration files, to load virtualhosts (have separate configs for them) and to be able to customize any of the files easily. OpenLiteSpeed does not include support of "includes" in their web UI yet. If they get enough of feature requests to have UI read-write on DA servers, I'm sure they'd do it :)

I have concerns about this in that default SSL is set to sslProtocols 30 which should be 24. 30 includes TLS1.0 and 1.1

SSL config apparently cannot be changed as it will be overwritten by directadmin. SSL security settings were not included. Even though a dhparam is created when DirectAdmin is installed its not used. So, the question is. If SSL config is overwritten by directadmin where is the config to do this? Really defeats the point of having a set of config files to adjust if you have to adjust everytime there is an update.
You may just try creating /usr/local/directadmin/data/templates/custom/openlitespeed_vhost.conf.CUSTOM.6.pre with:
Code:
|?SSLPROTOCOL=24|
Then just execute:
Code:
/usr/local/directadmin/custombuild/build rewrite_confs
 

hennaboy

Verified User
Joined
Jan 9, 2020
Messages
13
So config is done with ? before each value and is that one parameter per line

For example

?SSHPROTOCOL=24
?CIPHERS=
?ENABLEECDHE=

and so on
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,755
Location
LT, EU
No, it's just setting a variable in configs, which is used then. See /usr/local/directadmin/data/templates/openlitespeed_vhost.conf:
Code:
sslProtocol             |SSLPROTOCOL|
 

hennaboy

Verified User
Joined
Jan 9, 2020
Messages
13
How do I configure other settings such as httpdWorkers the only place I can find this set is in /usr/local/lsws/conf/httpd-defaults.conf but rebuilding resets it to 2
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,755
Location
LT, EU
Just use documented way for customizations. Customized files should be placed in /usr/local/directadmin/custombuild/custom/openlitespeed/conf
 

jayw1

Verified User
Joined
Nov 20, 2019
Messages
134
Location
USA
Just use documented way for customizations. Customized files should be placed in /usr/local/directadmin/custombuild/custom/openlitespeed/conf
So for example, I can create /usr/local/directadmin/custombuild/custom/openlitespeed/conf/httpd-phplimits.conf with these contents:

maxConns 100
env PHP_LSAPI_CHILDREN=100

and this will work?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,755
Location
LT, EU
It’d always place it in /usr/local/lsws/conf/httpd-phplimits.conf on config rewrite time then :)
 

jayw1

Verified User
Joined
Nov 20, 2019
Messages
134
Location
USA
It’d always place it in /usr/local/lsws/conf/httpd-phplimits.conf on config rewrite time then :)
I'll just modify that file directly then. I was receiving an error about children being less than max connections but modifying this file fixed it.

Last errors I'm seeing:

2020-01-10 14:01:13.899100 [WARN] Path for document root is not accessible: /home/admin/domains/sharedip/
2020-01-10 14:01:13.899147 [WARN] [config:server:vhosts:vhost:1.1.1.1] configuration failed!


and

2020-01-10 14:01:13.903691 [ERROR] [config:server:vhosts:vhost:domain1.com-80:context:/cgi-bin/] path is not accessible: /home/admin/domains/domain1.com/public_html/cgi-bin/
2020-01-10 14:01:13.905638 [ERROR] [config:server:vhosts:vhost:domain1.com-443:context:/cgi-bin/] path is not accessible: /home/admin/domains/domain1.com/public_html/cgi-bin/


should I create /cgi-bin/ for the domains affected or modify some config file?
 

jayw1

Verified User
Joined
Nov 20, 2019
Messages
134
Location
USA
and

2020-01-10 14:01:13.903691 [ERROR] [config:server:vhosts:vhost:domain1.com-80:context:/cgi-bin/] path is not accessible: /home/admin/domains/domain1.com/public_html/cgi-bin/
2020-01-10 14:01:13.905638 [ERROR] [config:server:vhosts:vhost:domain1.com-443:context:/cgi-bin/] path is not accessible: /home/admin/domains/domain1.com/public_html/cgi-bin/


should I create /cgi-bin/ for the domains affected or modify some config file?
Fixed this by removing all instances of

context /cgi-bin/ {
allowBrowse 1
location /home/admin/domains/domain1.com/public_html/cgi-bin/
type cgi
}


for all domains from /usr/local/directadmin/data/users/admin/openlitespeed.conf
If this shouldn't be done, let me know.
Only issue remains now is the first one above.
 

jayw1

Verified User
Joined
Nov 20, 2019
Messages
134
Location
USA
This is how DirectAdmin configures Apache, Nginx, LiteSpeed as well. In split configuration files, to load virtualhosts (have separate configs for them) and to be able to customize any of the files easily. OpenLiteSpeed does not include support of "includes" in their web UI yet. If they get enough of feature requests to have UI read-write on DA servers, I'm sure they'd do it :)



You may just try creating /usr/local/directadmin/data/templates/custom/openlitespeed_vhost.conf.CUSTOM.6.pre with:
Code:
|?SSLPROTOCOL=24|
Then just execute:
Code:
/usr/local/directadmin/custombuild/build rewrite_confs
Does this matter if I have this setting with CloudFlare?

1.png
 
Top