Clicking on Custom View Settings in Tools throws exception

Posted on by

Repro Steps
Under Server Management left nav item, click on the Tools and Settings
Under Panel, click on the first item -> Custom View Settings

Immediately an exception is thrown

PHP Catchable Fatal Error: Argument 1 passed to CommonPanel_Controller_Helper_Subscription::getPer missions() must implement interface Plan_Interface, null given, called in /usr/local/psa/admin/panel/application/library/AdminPanel/Form/Final/ServicePlan/AdminPlanHostingPermissions.php on line 45 and defined
Line: 167
File: /usr/local/psa/admin/plib/CommonPanel/Controller/Helper/Subscription.php
Stack Trace:
[ The stack trace is too large to post here, it is at http://pastebin.com/rXaSypcp ]

My Interface Views are set to Service Provider view, but even if that is the cause it should not throw an exception, it should either hide this area from being accessed, or provide a friendly error message. Well here is how to fix that:

Basically you go into SSH and run these 2 commands, and it will be fixed afterwards:

# /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/scripts/create_default_simple_template.php
# /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/scripts/upgrade_admin_simple_plan_permissions_1013.php
#

Nginx breaks SSL certificates chain

Posted on by

SSL certificates for certain domains are not trusted anymore.
In fact any SSL certificate installed into Parallels Plesk Panel (PP) 11 with more than a single chain certificate on it is unable to load properly.
The only way to fix it is to switch back to apache using “/usr/local/psa/admin/bin/nginxmng –disable” command.

Apache has a ‘SSLVerifyDepth’ parameter with a default value of ten (10), which means that it will look for ten (10) CA (Chain) certificates. Nginx has a similar parameter ‘ssl_verify_depth’, but with a default value of one (1). Since Nginx is the front end web server and it is set to one (1), it is not grabbing the additional CA certificates, thus causing a conflict with some browsers.

Resolution

The issue has been fixed since version 11 MU#10, however it may still affect certificates which had been generated before the needed update was installed. In order to fix such certificates run the following commands:

# wget http://kb.parallels.com/Attachments/22393/Attachments/reload_ssl_certificate.zip
# unzip reload_ssl_certificate.zip
# php reload_ssl_certificate.php

How to Backup and Rebuild the DNS Configuration

Posted on by

DNS zones can get pretty screwy some times.  If they are wrong, or if named wont start for some reason, this is a good place to start.

Backup and rebuld the DNS configuration by running the below commands:

cd /var/named/run-root/etc
mv named.conf named.conf.bak
cp named.conf.default named.conf
for x in `ls`; do /usr/local/psa/admin/sbin/dnsmng --update $x; done;/etc/init.d/named restart

What version of plesk do I have? What is my microupdate version?

Posted on by

These days its hard to know if you are “up to date” or not.  With the patch levels that parallels uses, you could be out of date even if you use the latest version.  Here is how to tell:

cat /root/.autoinstaller/microupdates.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<patches>
<product id="plesk" version="11.0.9" installed-at="20120718T115141">             <patch version="16" timestamp="" installed-at="20121001T040844" />
</product>
</patches>

So now you know you are at plesk version 11.0.9 and MU 16

tomcatmng is failed

Posted on by

This is one of the lamest messages ever.  You go to delete a domain or do just about anything and all it tells you is ‘tomcatmng is failed’.

Well, here we go.  You have the error

tomcatmng is failed –remove-service –vhost-name=domain.com

So now go to the servers error log and see what happened

tail /var/log/sw-cp-server/error_log
tomcatmng: Unable to remove /usr/share/tomcat5/psa-users/domain.com.xml: No such file or directory
System error 2: No such file or directory

Create the file and try again
touch /usr/share/tomcat5/psa-users/domain.com.xml
chown root:tomcat /usr/share/tomcat5/psa-users/domain.com.xml

Now try again and it should work.

How to switch off weak SSL ciphers for connections to PostFix

Posted on by
As part of PCI you are required to remove weak SSL Ciphers.  In general this is just a good idea to do in order to secure your server.  Here is how to do it for PostFix mail server.

  1. 0pen for editing the file /etc/postfix/main.cf.
  2. Add the following lines to the file:smtpd_tls_protocols = SSLv3, TLSv1
    smtpd_tls_ciphers = medium
    smtpd_tls_exclude_ciphers = aNULL
    smtpd_sasl_security_options = noplaintext
  3. Save the file.
  4. Restart the mail server by running the command /etc/init.d/postfix restart.

How to switch off weak SSL ciphers for connections to Qmail

Posted on by

As part of PCI you are required to remove weak SSL Ciphers.  In general this is just a good idea to do in order to secure your server.  Here is how to do it for PostFix mail server.

issue the following commands at the prompt:

echo 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM' > /var/qmail/control/tlsserverciphers
echo 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM' > /var/qmail/control/tlsclientciphers