Ling

No, misunderstanding. I was simply talking about CWP2CWP migration between 2 servers for Almalinux 8 transfer to Almalinux 8. Before I could transfer user accounts seamlessly but now it just stopped.

Right now I got stuck in the migration, seems I have to stay with the old provider. @Sandeep B. Apparently you are unable to provide/refine the current migration script I have provided to this forum. On the other hand, your approach to first install CWP on a “virgin” minimal Almalinux 8.10 installation already got stuck at the point where you have to install http2 and it conflicts with modsecurity. The respective other users who had this very same problem as well, you were unable to help as well. Yeah maybe it is the ssl version, maybe, who knows, hey…. So I even can not display the just same installation of CWP which I have currently on my old server and which is running flawlessly there, towards the new server. No wonder that the imported websites are not working then either. It seems CWP has become a can of worms, better don’t touch it anymore…. Apparently you are also not in a position to solve the current problems anymore, for whatever reason, finally it does not matter. May it be http2/modsecurity, may it be netdata installation, may it be direct account transfer CWP2CWP, really nothing works as it has been before. It seems CWP gets regularly updated, but really where? No changelogs either….. Up to now there is still no 2FA in the root panel, have to use my own patch since more than 2 years. I would say CWP is a dead project, can not be migrated to a new VPS, can even not be reinstalled from scratch, as it is apparently completely broken internally. The solution recipes you give, apparently don’t work, and there are no further replies from your side, if I mention it. I see no real interest to solve the current problems either. In this situation, I have to go back to my original approach to refine my server migration script for a one2one copy until it works on the new server: It is currently impossible to install CWP on a new server with apache http2 running and modsecurity OWASP2 working. I really don’t believe that I have to say this today. Sorry for my frustration. But when I think back 5 years ago, how smooth it worked to migrate from Cpanel to CWP and how easy all the installations were, and how easy I could migrate all my websites and emails from an even completely different controlpanel and server architecture/operating system at this time, and I compare it to today, there is only one word which describes it best: CHAOS A slow but steady evolution process, surely caused by numerous updates of surrounding software versions (which you are sure not responsible for) which makes the current system basically unusable if installation is repeated from scratch. Maybe you should shift your focus. Here are a lot of users, just stuck with this situation. I currently can NOT recommend any new user to use CWP in its current form! Either you address all current problems first and lead it back to its old strength (even if just running on EL8, thats fine with me) or you grade it down to an Experimental prototype. Thats what it is currently. MAKE CWP GREAT AGAIN………

Hi Sandeep really tried your approach, rsyncing etc really breaks the system, and this is no wonder at all, considering the many hardware specifics residing in etc. What is your rsync syntax and exclusion list when you are doing this rsync of the described directories, maybe this can help further….. Sure, I can manually move the databases via mysqldump and the users according to the redhat script. Question is what to do first and when, really got lost here. Basically I think a correct Rsysnc with the correct paameters and the right right exclusion list, followed by an IP and hostname replacement process must be able to do all in one step. Is there any other problem, like ownership adjustment or immutable flags which I am overlooking here?

I really look for an automated server migration script, alone the installation of all the software installed on the source server would take me days, function not guranteed. The current status is, that I tried that already, and the result is: CWP working, transferred websites not working fully, email not working. That can not be the solution There must be a working transfer script out there, no matter what you have on the source server, just using rsync and changing IP adress/hostname everywhere it is referred to. Am I the only one who has this problem?

that is what I have right now, anyone may find something I overlooked…. At least it is rebootable, though database and cwp NOT working at all, nor websites. #!/bin/bash # This script runs on the target machine # Define the old and new IPv4 addresses OLD_IP="99.888.77.666" NEW_IP="55.444.33.222" # Define the old and new hostnames OLD_HOST="vmi123.dumbhost.net" NEW_HOST="vmi234.smarthost.net" SSH_PORT="1234" # Port used for SSH on both servers login with same public key certificate # Set variables for source and destination server SERVER1_IP=${OLD_IP} SERVER2_IP=${NEW_IP} SERVER1_HOSTNAME=${OLD_HOST} SERVER2_HOSTNAME=${NEW_HOST} # Directory to search in (set to / for entire system) SEARCH_DIR="/" # List of directories to search (excluding system files in /proc, /sys, /dev, /run, /tmp) SAFE_DIRECTORIES=( "/etc" "/var" "/home" "/opt" "/srv" "/usr" "/etc/csf" "/etc/amavisd" "/etc/systemd" "/etc/clamd.d" "/etc/cron.d" "/etc/cron.daily" "/etc/cron.hourly" "/etc/cron.weekly" "/etc/cron.monthly" "/etc/dnf" "/etc/dovecot" "/etc/fail2ban" "/etc/ImageMagick-6" "/etc/logrotate.d" "/etc/mail" "/etc/modpobe.d*" "/etc/monit.d" "/etc/netdata*" "/etc/opendkim" "/etc/opt" "/etc/pam.d" "/etc/pki" "/etc/postfix" "/etc/redis" "/etc/yum" "/etc/yum.conf" "/etc/yum.repos.d" ) # List of files in etc to transfer SAFE_ETC_FILES=( amavisd.conf clamd.conf cron.deny crontab freshclam.conf mailname motd named.conf opendkim.conf #group #group- #passwd #passwd- redis.conf redis-sentinel.conf ) # Function to check if file is readable and writable is_accessible_file() { local file="$1" if [ ! -r "$file" ] || [ ! -w "$file" ]; then return 1 # not readable or writable fi return 0 # file is accessible } # Function to replace IP and hostname in a file replace_in_file() { local file="$1" local old_value="$2" local new_value="$3" if grep -q "$old_value" "$file"; then sudo sed -i "s|$old_value|$new_value|g" "$file" echo "Replaced '$old_value' in: $file" fi } # Ensure ssh authentication works with no prompt (test connection) echo "Testing SSH connection to ${SERVER1_IP}..." if ! ssh -p ${SSH_PORT} root@${SERVER1_IP} "echo SSH connection successful"; then echo "SSH connection to ${SERVER1_IP} failed. Check your configuration." exit 1 fi systemctl stop mariadb || systemctl stop mysql # Step 2: Sync System Files with Full Attribute Preservation echo "Starting file sync from ${SERVER1_HOSTNAME} to ${SERVER2_HOSTNAME} with attribute preservation..." sleep 5 rsync -aHAXSzlpog --super --filter='-x security.selinux' --progress \ -e "ssh -p ${SSH_PORT}" \ --exclude='/root/.ssh/' \ --exclude='/etc/' \ --exclude='.trash/' \ --exclude='/dev/' \ --exclude='/boot/' \ --exclude='/lib/' \ --exclude='/mybackups/' \ --exclude='/mybackups_stage/' \ --exclude='/proc/' \ --exclude='/sys/' \ --exclude='/tmp/' \ --exclude='/mnt/' \ --exclude='/media/' \ --exclude='/lost+found' \ --exclude='/usr/lib/firmware/' \ --exclude='/usr/share/' \ --exclude='/swapfile' \ root@${SERVER1_IP}:/* / if [ $? -ne 0 ]; then echo "Rsync encountered errors during file transfer. Please check and retry." exit 1 fi echo "Completed file sync from ${SERVER1_HOSTNAME} to ${SERVER2_HOSTNAME} with no errors." echo "Copying root batch files, Firewall Rules, important etc dirs and motd from ${SERVER1_HOSTNAME} to ${SERVER2_HOSTNAME}..." sleep 5 for etcfile in "${SAFE_ETC_FILES[@]}"; do sudo scp -P ${SSH_PORT} root@${SERVER1_IP}:/etc/$etcfile /etc done sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/csf /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/amavisd /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/systemd /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/clamd.d /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/cron.d /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/cron.daily /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/cron.hourly /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/cron.weekly /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/cron.monthly /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/dnf /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/dovecot /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/fail2ban /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/ImageMagick-6 /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/logrotate.d /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/mail /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/modpobe.d /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/monit.d /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/netdata /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/opendkim /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/opt /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/pam.d /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/pki /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/postfix /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/redis /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/yum /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/yum.conf /etc sudo scp -r -P ${SSH_PORT} root@${SERVER1_IP}:/etc/yum.repos.d /etc if [ $? -ne 0 ]; then echo "scp encountered errors during file transfer. Please check and retry." exit 1 fi echo "File transfer from ${SERVER1_HOSTNAME} to ${SERVER2_HOSTNAME} completed with no errors." # Step 4: Update Hostname and IP References in System Files echo "Updating hostname and IP references on ${SERVER2_HOSTNAME}..." sleep 5 # Update /etc/hosts sed -i "s/${SERVER1_IP}/${SERVER2_IP}/g" /etc/hosts sed -i "s/${SERVER1_HOSTNAME}/${SERVER2_HOSTNAME}/g" /etc/hosts # Update /etc/hostname hostnamectl set-hostname ${SERVER2_HOSTNAME} echo "${SERVER2_HOSTNAME}" > /etc/hostname # Replace old hostname and IP in key configuration directories find /etc -type f -exec sed -i "s/${SERVER1_IP}/${SERVER2_IP}/g" {} \; find /etc -type f -exec sed -i "s/${SERVER1_HOSTNAME}/${SERVER2_HOSTNAME}/g" {} \; echo "Updating hostname and IP references with no errors." service mariadb enable service cwpsrv enable service mariadb start || service mysql start sleep 5 # Step 1: Migrate Databases with IP and Hostname Replacement echo "Installing current MariaDB for upgrade ..." echo "Dumping databases on ${SERVER1_HOSTNAME} and updating IP and hostname references..." DB_DUMP="/tmp/db_backup.sql" ssh -p ${SSH_PORT} root@${SERVER1_IP} "mysqldump --all-databases > ${DB_DUMP}" scp -P ${SSH_PORT} root@${SERVER1_IP}:${DB_DUMP} ${DB_DUMP} # Replace old IP and hostname references in the dump file sed -i "s/${SERVER1_IP}/${SERVER2_IP}/g" ${DB_DUMP} sed -i "s/${SERVER1_HOSTNAME}/${SERVER2_HOSTNAME}/g" ${DB_DUMP} # Import the modified dump into the new server echo "Importing updated database dump into ${SERVER2_HOSTNAME}..." mysql < ${DB_DUMP} rm -f ${DB_DUMP} if [ $? -ne 0 ]; then echo "Data base import unsuccessful. Please check and retry." exit 1 fi echo "Imported updated database successfully." yum -y upgrade # Step 5: Starting IP and hostname replacement echo "Starting IP and hostname replacement process..." sleep 5 # Loop through each directory in SAFE_DIRECTORIES for dir in "${SAFE_DIRECTORIES[@]}"; do echo "Searching in directory: $dir" # Find files in the current directory (excluding system files) find "$dir" -type f \ ! -path "/proc/*" ! -path "/sys/*" ! -path "/dev/*" ! -path "/run/*" ! -path "/tmp/*" ! -name "servermigrate.sh"\ ! -name "*.log" ! -name "*.gz" ! -name "*.bak" ! -name "*.swp" ! -name "*.tar" ! -name "new_ip_change.sh"\ ! -name "*.iso" | while read -r file; do # Check if the file is accessible (readable and writable) is_accessible_file "$file" || continue # Replace IP address replace_in_file "$file" "$OLD_IP" "$NEW_IP" # Replace hostname replace_in_file "$file" "$OLD_HOST" "$NEW_HOST" done done echo "IP address and hostname replacement completed for all files." sleep 5 yum -y upgrade # Step 6: Final Verification echo "Migration completed. Verify all services and configurations on ${SERVER2_HOSTNAME} (${SERVER2_IP})." sleep 10 echo "rebooting in 60 s, Press CTRL-Z to stop." sleep 10 echo "rebooting in 50 s, Press CTRL-Z to stop." sleep 10 echo "rebooting in 40 s, Press CTRL-Z to stop." sleep 10 echo "rebooting in 30 s, Press CTRL-Z to stop." sleep 10 echo "rebooting in 20 s, Press CTRL-Z to stop." sleep 10 echo "rebooting in 10 s, Press CTRL-Z to stop." sleep 10 reboot

also if you just rsync etc your system wont boot anymore, as target server has different hardware for sure. Think it needs a more granular response.

Thanks Sandeep Seems you forgot CWP itself in this approach, as well as other installed software. Can you advise a script doing all this and running out of the box. Already did something similar but always got stuck up to now. Th farthest I got was CWP running by manual install and websites running partially but not all links working. But I really need a one to one copy by rsync, yet take care of the different IP and hostnames, and hardware specifics (shouldnt rsync /boot….). Thought it was less difficult, but no one a solution? Seems I am the first one to migrate a CWP server? No working script out there?

Hi guys out there. Hi Sandeep. Is there any viable migration script out there for server migration? CWP Server1 IPV41 hostname1 websites emails accounts all running flawlessly CWP Server 2 IPV42 hostname2 Almalinux 8.10 minimal, SSH running on same port, both SSH certificate based login, OS installed, no CWP installed, no software installed. sh servermigrate.sh copies all software, databases, CWP, websites in one flash reboots and afterwards everything is running (after DNS A records change of course) IS THIS A DREAM? Someone out there must have done this already. Currently I am held hostage by a fraudulent provider and can not migrate, because my programming skills are too limited. Even ChatGPT is too stupid for this to help me. The servers both run the same operating system, though have different hardware, harrddisk2 is bigger. Thinking of rsync and scp…..

Nothing happens, still caught in an endless loop, always keeps asking to install again.

Unfortunately the situation remains unchanged, even if installed on both servers with firewalls turned off.

Ok then, I ll give it a try

The supposed installation process in CWP does not start by itself anymore. The only option left is to manually install it from SSH using the kickstart.sh, requiring a lot of afterworks, especially for password protecttion I think the idea was to provide a seamlessly integrated netdata with password protecton out of the box.....accessible from the controlpanel as well as from outside.

Seems not for everyone, as you see below. the New Bera Restore actually helped me a lot up to now. But a lot of things still have to be done manually after, such as php settings, mariadb upgrade and virtually all additionaly installled stuff. Server migration should look more easy IMHO. But as it looks like the CWP2CWP is mainly looking after the user as well not too much care taken for the system AFAIK

el7 Thats for Almalinux 7 I am on Almalinux 8. BTW if you know the problem already, you should post an CWP update, so we all can get it right.

In the last version of CWP I noticed that the account transfer from CWP to CWP has stopped working. It complains that there are not enough access rights in the key provided: That means 1. the communication and the password, as well as the port settings are all working, as the key can be checked. 2. There must be a new bug as this has definitely worked before 3. Even I click all possible additional access rights (which are apparently not needed by the preset function CWP to CWP) the error remains. For a complete server migration, just migrating the user accounts apparently is not enough. All internal settings of CWP, PHP, Webserver settings have to be migrated as well. Am I wrong here?

Maybe next year?

There are several bugs in the user panel under File Management / Directory Protection The directory protection manipulates the .htaccess and .htpasswd files in a user directory in order to limit the access from the web to these directories. 1. The predefined .htaccess file contains a typo error "memebers only" instead of members only 2. The mechanism fails completely if there is a .htaccess file already present. Instead of scanning the existing .htaccess and appending the predefined blocking content, no action is performed at all. Only the .htpassword file is generated, which is useless as such without the blocking content in .htaccess 3. If removing the block, an existing .htaccess file is not scanned and only the blocking content is removed. If there is additional content in the .htaccess file, again nothing happens. 4. If there is only the predefined content available, it will be removed. However, then a .htaccess file with length 0 remains on the server. This means all files in this directory and below are defined as unprotected regardless of the content of .htaccess files in upper directories. This is undesired and the .htaccess file should be deleted completely if empty (as it was before the protection action). Also, because of the bugs above this now prevents all further protection actions in this directory by CWP. 5. Unprotection actions leave the generated .htpassword files there as garbage. Those should be removed. I hope you could fix those errors, as they generate needless trouble for the users who expected them to work flawlessly and for sure cannot understand, why a repeated protect/unprotect operation makes the whole process not only dysfunctional from now on at all but also generates an unwanted security risk by disabling higher directories global protection commands for this particular subdirectory from now on.

Hi Master Could you please enlighten us how to install mod_qos against the now so popular slow loris attacks on our Apache server.

With menu key I mean the possibility to access DNS functions ---> dns zone editor inside the user panel This appears totally without any effect Whatever I edit here, even I delete all is ignored by websites and CWP root So best to remove DNS functions

Yes, thats possible. But the menu key sure was not migrated.

So what's the point of having the menu DNSZONES in /home/userblablabla/dnszones with completely useless entries reflecting nothing. Even the user modifies them, no effect at all. I would understand if those would be links to /var/named contents but they are just meaningless copies. Would be better to remove this menu entry rather than creating wrong expectations.

I am aware of this, i just had followed your recommendation on this board how to install it and it worked. DNS attacks have dissapeared now. So I think DNSSEC would be an important future asset of CWP. What I found out is that the CWP user refers to DNS according to the contents of /home/userblablabla/dnszones But the system refers to dns according to /etc/named.conf (the zone files) and then /var/named where the zone files are Apparently the zone files in /home/userblablabla/dnszones are redundant and are completely ignored. Even I delete them nothing happens. Please clarify if I am wrong in this topic, or maybe I did the installation in a wrong way?

Now I have jumped over my shadow: I did a rollback to the corrupted version, as I was sure I had found a way out before. I had applied your patch CWP-Control Web Panel 500 Internal server Error/Expir above, but only for the user. I can confirm, that even it throw a lot of errors, it worked. I can login over the user panel now and also have DNSSEC back as I have installed it before. So the problem is solved. The only thing remains: The user panel is still not aware that there is DNSSEC installed on the server, but apparently without consequences. So THANKYOU

No. I did a complete server roll back to a 2 weeks earlier version which clearly and definitely worked for sure. This was the 1156 version To my whole surprise, even then I could not log into the userpanel, same as above !!!! How can that be.... Then I did an upgrade back to the 1170 version. Then everything worked again, suddenly. No idea why either. Now I will reapply the DNSSEC modification I did before. If it stops working, that was the reason. I dont think this was the reason but I will investigate this weird case and keep you posted. I remember, I had this case long time ago. Unfortunately my brain is getting Alzheimer so I forgot how I solved it. I am really tempted to roll back to the faulty case and try your fix above if it works or not. What I noticed during the process, is that even I modified the DNSSEC and the websites are using it, the user control panel still is not aware of the modification and searching for the old unsigned files and for sure can not find them. But no errors are produced and the websites work signed according to dig. If there is any connection to the error above, no idea. In prinicple it is not good that I dont know why it did not work even it works now. Usually those errors will reappear, knock on wood.... Anyway I will keep you posted.

# # /etc/fstab # Created by anaconda on Tue Feb 28 12:59:30 2023 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=30cfcfc6-6c1f-4203-975d-120ff2e0552c / ext4 usrjquota=quota.user,jqfmt=vfsv0 1 1 UUID=31e0d1f8-5b9a-46d9-b3fb-49b823209c65 /boot ext4 usrjquota=quota.user,jqfmt=vfsv0 1 1 See, I have installed diskquota now, as it was not there before, but no change. NB. Only the direct access over port https://blablabla.com:2083/login/?acc=logon gives an error 500/blank white page The access over "list accounts" click on the "open panel" wrench symbol (temporary link) works flawlessly and opens the user panel. If I click logout the same blank page opens with error 500.