Category: Webserver

VestaCP disable roundcube webmail

CentOS7: # search for roundcube config file find / -name *roundcubemail.conf* /usr/local/vesta/install/rhel/6/roundcube/roundcubemail.conf /usr/local/vesta/install/rhel/7/roundcube/roundcubemail.conf /usr/local/vesta/install/rhel/5/roundcube/roundcubemail.conf /etc/httpd/conf.d/roundcubemail.conf # search for installed packages yum list installed |grep roundcube roundcubemail.noarch # is enough to disable roundcube rm -rf /etc/httpd/conf.d/roundcubemail.conf # seems to be no […]

NGINX as HTTP proxy – vhosts and SSL for Tomcat

Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication. Technically, the term „SSL“ now refers to the Transport Layer Security (TLS) protocol, which is based on […]


nginx can be used as webserver, web-proxy and even mail-proxy. „Apache ist aufgrund seiner Architektur und Arbeitsweise doch eher der Traktor unter den Webservern.“ X-D (src) let me try to translate: „Apache is due to its architecture and functioning rather […]


in general: social competence demands to first praise then critizise – no matter what – nobody is perfect or god. praise: Thanks for this massively cool webserver software – that can do so many things (vhosts and .htaccess and php) […]

CentOS Redhat – compile Apache2 from source

i tried to compile under debian…. but it’s way more compli cated. also: you probably do not need all the packages stated here… but i did not have the time to sort those out sorry for that. feel free to […]

webserver software marketshare – NetCraft – Web Internet stats statistics – growth number of sites – total number of websites – internet stats statistics

according to apache(2 i guess) is still the dominant webserver on the internet with a market share of 50%. src: according to it is „only“ 40% market share for the apache(2) webserver. also most sites are running […]


client /etc/ssh/ssh_config is for client side config – here you can for example enable StrictHostKeyChecking yes /etc/ssh/ssh_known_hosts similar to ~/.ssh/known_hosts it contains the system-wide-accepted public keys of other hosts. So if you have „StrictHostKeyChecking yes“ enabled, you could manually accept […]

cool stuff you can do with ssh

i assume you have setup public-private-key-authentication and tested its workings and tightened security to only allow public-private key auth of specific non-root users. run local scripts remotely You can run local scripts remotely by executing bash on the remote system […]

BIND und DNS – das Telefonbuch des Internets – Berkeley Internet Name Domain

welche datei macht was? -> Im Gegensatz zum „Telefonbuch“ kann man beim Internet auch durch die Eingabe eines Namens die richtige Nummer „anrufen“ / aufrufen. Ein Bereich in dem Linux mit bind9 und named „dominiert“ – aber gleichzeitig ein […]

Programming Languages and Security

ich wollte mal wissen, wie steht es eigentlich um die Security auf Technologie / Programmiersprachen-Ebene? D.h. welche Programmiersprachen machen es einem schwer vs. einfach sichere Software zu schreiben? Natürlich kann man in jeder Programmiersprache angreifbare Projekte entwickeln… das ist kein […]


tested on vesta cp (apach2+nginx+Debian 8.7) this script could be placed into a file called: /scripts/ #!/bin/bash #sh -c ‚tail -f /var/log/vesta/*.log && tail -f /var/log/nginx/*.log‘ & tail -f /var/log/vesta/*.log & tail -f /var/log/nginx/*.log & and you can run it […]


what config file is nginx using? while it is running you can check via: ps uax|grep nginx root       766  0.0  0.0  41540     4 ?        Ss   Sep16   0:00 nginx: master process […]


vim /etc/fail2ban/jail.conf; # open up the config file that defines all the defaults # find those lins: # # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = # Choose default action. To […]


but also whole companies from israel are offering tools to nuke off your webserver with „rented“ DDoS attacks vim /etc/fail2ban/jail.local; # add those lines: [apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache2/*error.log maxretry = 3 […]


last -x shutdown shutdown system down  3.16.0-4-amd64   Sat Aug 27 16:31 – 16:32  (00:00)     shutdown system down  3.16.0-4-amd64   Fri Aug 26 08:10 – 08:11  (00:00)     shutdown system down  3.16.0-4-amd64   Thu Aug 25 11:04 […]


… if you have ssh properly setup (public-private-key-based-auth) then you can easily connect via sftp to your host and abandon ftp, which is prone to security problems. E.g. with FileZilla to Disable vsftpd service vsftpd stop; # sto vsftpd service […]


it was a bad idea to use the vestacp backup and restore function. unfortunately i believe you are better off restoring every domain by hand. systemctl status apache2.service ● apache2.service – LSB: Apache2 web server    Loaded: loaded (/etc/init.d/apache2)   […]