Edit your .htaccess file in the public_html folder on your website having the issue.

At the very top of the file put in the following
SetEnv PHPRC /home/username/public_html/ <- replace the address with the base address of where you are intending to put the php.ini file we are creating next. Save the file.

Create a new file in the location you assigned in the last step called php.ini ensure it has secure permissions. Please the following text in the php.ini file and save it.

memory_limit = 64M ; Maximum amount of memory a script may consume (64MB)

And that should have your issue resolved!

Questions in the comments, Cheers!

Lets start

In the Exchange Management Console click on Server Configuration.  Right-click the server you wish to create a CSR for and choose New Exchange Certificate. see image below

Enter the friendly name for the new cert. Make it relevant to the Server so you will know where the Cert is assigned in the future. the click next.

Next we get the option of selecting a Domain scope or namely if we want a wildcard Certificate. Exchange 2010 does support wildcard certificates however a standard SAN (Subject Alternative Name) Certificate is usually recommended. In this example we will click next and continue with a SAN configuration as this is the most common.

Next you will see the domain/cert configuration for all the different aspects of Exchange that you would like to sign with this digital Certificate. You will be able to configure the names of each service. see image below.

First up we will configure the Client Access server (Outlook Web App) begin this by clicking the little down arrows to the right of the heading and you will see the below.

Enter in your internal exchange server address. here I’ve used internal.domain.com however it would usually be something like servername.domain.local for the internal and the external would be what you call the server from the outside world. IE it’s subdomain name / address.

The next portion is the ActiveSync domain name. I usually always use the same as the external subdomain/address of the server, this simplifies configuration by making it the same as the Outlook Web App address. (external.domain.com). I’ve smudged it out as this screen grab was from a production server.

The next part is the Web Servces, Outlook Anywhere, and Autodiscover. Again here it is best to use the same external address, for ease of configuration and confusion with end users, as the Outlook Web App and server address. For the Autodiscover portion there should be a prefilled area with autodiscover.domain.com, etc.

Lastly I usually configure the Hub Transport server SSL for secure SMTP communication. Use the same external address we have been using all along for ease of configuration. external.domain.com has been my example. here I’ve scrubbed it out as this was from a production server.

Once your happy with the config click next.

The next screen will give you a list to review all of the common names included in the Certificate. Here you can add any additional names. Ensure that the external.domain.com domain name example is selected as the common name, it should be in bold.

Next we configure the Organization details. Substitute your details for those below.

After this process you will be given a Summary of all the information entered to go over. ensure all looks to be in order and click New to create the Certificate Configuration and the exchange CSR to request the actual certificate.

Now you can take your CSR file (called the .req file in this case) and generate a Certificate with a Certificate Signing Authority. The below process will instruct you on the process of installing the Certificate and completing the process. do this by right clicking on the certificate in the Exchange Certificates field and selecting the Complete Pending Request… option.

Next we select the downloaded Signed Certificate. Sometimes your certificate file extension may be .crt as opposed to the Microsoft Default of .cer just worth keeping in mind when using the browse function to navigate to your file.

Once you have selected the file. Choose Complete.

Next we will Assign Services to the Digital Certificate

Now we have a valid Certificate Installed we need to Assign Services to the Digital Certificate before it will be used. do this by right clicking on the installed certificate and selecting Assign Services to Certificate…

Next there will be a list of servers, select the server in question that the cert has been assigned to then click next. After that you will see a list of Services, check the appropriate services and continue by clicking next. see below. You will be prompted to overwrite the existing default certificate and simply click Yes To All to overwrite and install the new cert.

And thats it!

Hope I’ve helped, questions in the comments. Cheers

On the console/shell of the server enter the following command to check it ImageMagick is installed
#  /scripts/checkimagemagick

The output if installed will be “ok”

If it is not installed, type in the following
# /scripts/installimagemagick

This will take a little while to install depending on server speed and internet speed. Once completed it will say “ImageMagick installed ok” Then we can check the version to ensure it is installed correctly using the following command
# /usr/bin/convert –version

The output should have the ImageMagick Version details and Copyright details.

Now How to install Imagick on CPanel using WHM PECL Module install.

Go to WHM -> Software -> Module Installers ->PHP PECL Manage

Type in imagick in the Install a PHP Pecl and click Install.

Job Done!

Hope That helps. Any questions please put them in the comments.

This is based on CSF (Config Server Firewall) which comes highly recommended by myself and will be included in my CPanel install How-to doco’s that I’ll be releasing when I get time to finish them! .

1. Head to CSF Firewall Configuration and find the options starting from PT_USERPROC. see images below.
   
   
2. Change the settings in the below fields to your desired levels, take a moment to read the descriptions as the ones I have recommended here might not be viable for your setup.

PT_USERPROC = 20
PT_USERMEM = 300
PT_USERTIME = 900
PT_USERKILL = 1
PT_USERKILL_ALERT = 1

Basically this is saying that any process under a specific user runnning for more than 900 seconds will trigger the user process kill and stop all processes under that user. It will also separately trigger the process kill for ALL processes under the specific user should that users TOTAL memory usage be over 300MB. The PT_USERKILL value sets where the process’s are killed or not, and the PT_USERKILL_ALERT value says whether you are emailed an informational alert stating what was done and why. This is valuable information and should always be on! Information is king!

Hope this helped some of you with process/memory issues on your servers. And again, take time to understand what each function does, CSF is a powerful tool! Questions in the comments! Cheers

Virtual Directories for user authentication is my chosen method of auth when using windows IIS servers and has always been. It works by creating a Local user in Computer Management >> Configuration >> Local Users and Groups and then creating a virtual directory in FTP with the same username and allocating its Physical Path to the files associated with that user. The Authentication is then done as a user account and they gain access to their files, simple as that. This option is still available in FTP7.5 on IIS 7.5 in Windows Server 2008 R2 however its all just moved around a bit and some new options added in there that I won’t cover today.

So getting down to it, here I’ll cover how to setup a Default FTP Site, set its basic security and permissions and then configure a virtual directory.

1. Install FTP as a role/service/addon
   I won’t go into this in detail as I’m sure if you’re here you’ve probably already done this. Head to Server Management and then Roles, select Add Roles and go through the prompts checking the FTP options.
2. Open IIS Services Manager (Internet Information Services Manager) and add a Default FTP Site
   Right click on the sites option and select Add FTP Site… As shown in this image.
3. Enter your Site information as shown below
   
4. Assign an IP address (or leave as All if you want to) and choose Allow SSL then click next. as shown below.
   
5. Configure Authentication and Authorization Information.
   I select Basic (Basic Authentication) and Authorisation to Not Selected as we will configure that later.
   
6. Create a folder under %SystemDrive%\inetpub\ftproot called LocalUser. We will use this to house the virtual directories!
7. Click on the Default FTP Site in IIS Manager and select FTP User Isolation on the right Features View window.
   In here we are going to select the option, Isolate users. Restrict users to the following directory: User name directory (disable global virtual directories) as shown below.
   remember to select Apply in the top right!
8. Double check the FTP Authentication options to ensure Basic Authentication is Enabled and Anonymous Authentication is Disabled (unless you want to use it!) see below
   
9. Create a Virtual Directory in the LocalUser folder in IIS7 Manager
   By right clicking on the LocalUser folder under Default FTP Site as shown below.
   
10. Enter Virtual Directory user details.
    Here the Alias is the username of the user you have created in  Local Users and Groups earlier on. Then enter the Physical Path as the location of that users home directory. see below
    
11. Select your newly created Virtual Directory in IIS Manager then select FTP Authorization Rules and select Add Allow Rule… on the right side
    Here we will allow read / write permissions to the user as shown below
    

Now test away! Remember things like firewalls and opening ports if required. I recommend taking a look around in the rest of the options under the Defualt FTP Site and also under the virtual directories. I usually try and use FTP IPv4 Address and Domain Restrictions where possible for added security, but I might cover that in a later post! For now I hope I’ve helped get your FTP operational with FTP7.5

NOTES: Also remember to enable FTP Logging at the top level Default FTP Site! And one last thing, remember to check your security permissions on the folders being accessed! Give the user read and write on the folder with the users data.

Questions or similar in the comments. Cheers

Which brings me to this post, a helpful method of speeding up those sluggish ecommerce or heavily content driven sites is by utilizing Gzip, which is available in Apache version 2.x and up. Gzip will compress the content on the server delivering a much smaller file size to the browser where it is uncompressed and served as per normal, this reduces bandwidth and in most cases drastically reduces the viewing time of your websites. The only downside is there will be some increase in CPU load on the server side and also a slight increase in the browsers load as it decompresses the content, this is minimal and I haven’t yet seen any negative effects.

Basically in order for Gzip to work Apache 2.x needs to be compiled with mod_deflate so the first step, if it isn’t already enabled, is to enable mod_deflated and recompile your apache.

1. Using EasyApache in WHM we rebuild with mod_deflate enabled
   I won’t go through the initial steps in detail, once clicked into the Easy Apache area  ensure the Previously Saved Config (**DEFAULT**) is selected and click start customizing based on profile leave the next screen on its default which should be the current apache version (remember needs to be 2.x to support mod_deflated) choose NEXT leave the PHP Major version the same and click NEXT, leave PHP minor version the same and click NEXT, leave Short Options List the same and click Exhaustive Options List, Here we will check the box that says Deflated. See image right. Then select save and build note that this can take a long time depending on the servers performance, etc. Once its done, apply it and thats it Deflate is now compiled into Apache.
   
2. With mod_deflate enabled we can turn on Gzip on a per account basis.
   In CPanel under the specific accounts you can enable Gzip via the Optimize Website page! See image below.
   
   Once in the Optimize Website menu you can choose from a few options as shown below. I’ll leave that up to you, its relativelt self explanitory. If you want to check your site to see if it is being gzipped you can use  this little tool http://www.gidnetwork.com/tools/gzip-test.php which is pretty helpful, or google gzip test as there is a whole bunch of them out there.
   

Hope this helped give you an idea of how to enable Gzip in CPanel! Questions in the comments, happy fast browsing

1. Open Exim configuration from within WHM
   Open up a WHM connection to your CPanel server and head to Service Configuration >> Exim Configuration Editor then click on Advanced Editor.
I will take this moment to make a note:- if you are running a CPanel server you MUST use the WHM editor Exim Configuration Editor, I learnt the hard way before I even knew you could edit this option in WHM by editing exim.conf on a CPanel server that it will definitely be overwritten at some stage by an update! However these changes also apply to a non CPanel server that uses Exim by applying the same changes to /etc/exim.conf. See image below.



2. Find and edit the Routers Configuration
   Find the editable section below ROUTERS CONFIGURATION it looks something like this.
   Just below the section that says demo accounts are not permitted to relay email is where we are going to add our relay hosts. And below is a demo of a very basic send connector.

   domain1send:
   driver = manualroute
   transport = remote_smtp
   route_list = domain1.com smtp2.anotherserver.com

   This one here basically would take anything sent to a @domain1.com address and send it out via smtp2.anotherserver.com.

3. Save your changes and restart Exim
   Save the changes you have made by clicking save at the bottom of the page, then go to Restart Services >> Mail Server (Exim) then click yes. And test away.

This is a fairly basic setup and is intended to be used in a server that “sends to the world” directly already. IE this is for those domains that become a problem or in your environment may need to be routed differently than what the DNS resolve for that address might come up with.

Any questions, leave them in the comments!

1. Restrict SSH to Protocol 2 & Restrict the Port to a non standard port.

to do this simply log into the console of the server as the root user and use your favourite editor to modify the sshd configuration file like so.

pico /etc/ssh/sshd_config

Find the line that reads Protocol 2,1 and the line that reads Port. Below is an example of a modified configuration. Port 22444 is the new ssh port and the #Protocol 2,1 is removing that line from the config and the line below it is restricting the Protocol to 2 only.

Port 22444

#Protocol 2,1

Protocol 2

2. Restrict Source Hosts from within CPanel.
   From within your WHM head to Security Center >> Host Access Control.
   Here we can add in some rules to control who can access sshd. View the image below you can see how I have added access to Office and Head Office with two rules (Access List is internal ranges in this case, would normally be a single external source, IE 123.211.123.211) & the third rule is to deny ALL others, the final deny rule must be the last of the sshd rules.
   
   
3. Restart SSHD service.
   From console/terminal or WHM restart the sshd service. type service sshd restart in console/terminal or go to Restart Services >> SSH Server (OpenSSH) from within WHM and hit YES.

NOTES: I am using OpenSSH in this example. If you have any third party firewall’s in place you will need to punch a hole in those with the different port as well. Also as I recommend you run a firewall on your CPanel box you will also need to configure that. I recommend Config Server Firewall as an addon/pluggin for CPanel and will have an install and configuration writeup on that at some stage soon! Post a Comment if you have any questions.

1. Create an ACL (Access List) within named.conf

Get access to your CPanel servers console or SSH in with root permissions. Using your favourite editor, pico in my case, edit the following file

pico /etc/named.conf

Here is the section of named.conf we are going to add in our ACL. This is prior to any changes to show the default file.

controls {
inet 127.0.0.1 allow { localhost; } keys { “rndc-key”; };
};
WE WANT TO ADD HERE
options {

here is an example of the same section with a basic ACL added. Bolded for convenience.

controls {
inet 127.0.0.1 allow { localhost; } keys { “rndc-key”; };
};
acl trusted-servers {
192.168.100.0/24;   //Showing a entire range allowed
123.122.123.122;     //dns0.something.com
122.123.122.123;     //dns1.something.com
};
options {

Above you can see we have allowed the entire 192.168.100.0 address range (just an example of allowing a range of IPs) and we have added specific access from the two dns0 and dns1 servers. Everything behind the // is ignored and only used to comment the file so we can understand what we have done when we need to view this file some random time in the future! It saves the headache of trying to figure out what the hell we did last time

2. Apply our new ACL to the main options in named.conf
   Now all we need to do is add in the trusted-servers ACL we created!
   Find the below bit a little further down in named.conf

// Put files that named is allowed to write in the data/ directory:
directory                ”/var/named”; // the default
pid-file                 “/var/run/named/named.pid”;
dump-file                ”data/cache_dump.db”;
statistics-file          ”data/named_stats.txt”;
/* memstatistics-file     “data/named_mem_stats.txt”; */
allow-transfer {none;};
};

And below example is the same area changed to add in the ACL we created. I have bolded the bit I changed.

// Put files that named is allowed to write in the data/ directory:
directory “/var/named”; // the default
pid-file “/var/run/named/named.pid”;
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
/* memstatistics-file “data/named_mem_stats.txt”; */
allow-transfer { trusted-servers; };
};

Save your changed file and restart BIND/NSD. You can do this from command or simply from within the WHM panel!

Now TEST! From an allowed source you can use nslookup from command, if its a windows box simply run nslookup then server then ls -d domainname.com domainname.com being a domain which is hosted on the CPanel server. You should recieve a copy of the entire zone on screen! Any questions, put them in the comments.

C:\>nslookup
>server my.cpanelhost.com
>ls -d domainname.com
Zone information will be displayed.