Posts

Showing posts from December, 2012

NginX reverse proxy

NginX is a high performance, lightweight webserver. In most situations, it is used as an alternative to Apache. However, in the configurations with cPanel, typical protocol is to install it as a reverse proxy. Reverse proxy NginX runs as a reverse proxy server. In a normal proxy situation, a user makes a request to a server through a proxy. The user and the server never interact directly-- the proxy makes the request on behalf of the user. Likewise, the proxy hands the responses from the server back to the user. A reverse proxy works by the same concept-- it's just a proxy that works on behalf of the server instead of the user. Rather than having Apache process requests directly, NginX takes them, finds any requests it is best suited to satisfy (such as static content) and forwards the rest on to Apache. Apache gives its response to NginX, and NginX sends the response to the client. If NginX finds itself able to serve a request directly, it does so and never involves Apache

Fix FTP issue when CSF is installed

Symptom: FTP almost connects but can not get directory listing Fix: It is important when using an SPI ( Stateful Packet Inspection )  firewall to ensure FTP client applications are configured to use Passive (PASV) mode connections to the server. On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom built kernels), "ip_conntrack" and "ip_conntrack_ftp" iptables kernel modules may not be available or fully functional. If this happens, FTP passive mode (PASV) won't work. In such circumstances you will have to open a hole in your firewall and configure the FTP server to use that same hole. For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd: PassivePortRange 30000 35000 For example, with proftpd you could add the port range 30000:35000 to TCP_IN and add the following line to /etc/proftpd.conf and then restart proftpd