Category: Plesk Toggle Comment Threads | Keyboard Shortcuts

I love Plesk – it’s a work of art that makes my life easier. Rather than a “programme” as such, it’s a web interface that takes control of several thousand services on a web server and makes administering domains and hosting a breeze.

Since 2012 I’ve been a certified Parallels Plesk Automation Technician.

  • Jay Versluis 4:58 pm on January 4, 2015 Permalink | Reply
    Tags:   

    Categories: Plesk ( 52 )

    How to recalculate statistics in Plesk 

    Plesk-LogoPlesk recalculates all usage statistics once every day as part of a daily maintenance script. Sometimes however you’ve made a change and would like to see statistics updated immediately rather than “sometime tomorrow”.

    The solution: run the statistics recalculations script manually.

    On CentOS the path to the file is /usr/local/psa/admin/sbin/statistics. When used on its own all statistics are recalculated on the spot.

    You can use the script with options too, for example to update a single domain only. Use the –help switch to see the full array of options:

    /usr/local/psa/admin/sbin/statistics --help
    
    Usage: /usr/local/psa/admin/sbin/statistics [ options ]
    
    --calculate-all               Calculate statistics for all domains
    --calculate-one               Calculate statistics for <domain-name>
    --domain-name|-d <string>     
    --calculate-list              Calculate statistics for listed domains
    --generate-all-webstat        Generate web-statistics pages for all domains
    --generate-domain-webstat     Generate web-statistics pages for <domain-name>
    --domain-names|-n <string>    List of domains, comma separated
    --domain-ids|-i <string>      List of domains IDs, comma separated
    --process-domains|-p <string> Calculate statistics for <domain-name>
    --all                         Calculate all aspects of statistics
    --antivirus                   Calculate antivirus and antispam statistics
    --no-webstat                  Do not generate web-statistics pages (always set for PPA mode or Windows)
    --help|-h                     display this help and exit
    
    If no options specified - calculate statistics for all domains
    

    Depending on the amount of domains you have this can take a minute or two. If you’re only interested in refreshing statistics for a single domain you can use this syntax:

    /usr/local/psa/admin/sbin/statistics --calculate-one -d yourdomain.com
    

    Have fun ;-)





     
  • Jay Versluis 3:34 pm on January 3, 2015 Permalink | Reply
    Tags: dovecot, , ,   

    Categories: Linux, Plesk ( 53 )

    How to install and secure Dovecot in Plesk 12 

    dovecotI’ve just installed the Dovecot Mail Service on one of my Plesk 12 servers. It’s an alternative to the old favourite Courier IMAP/POP and a new addition in Plesk 12.

    Dovecot does more or less the same as Courier (i.e. lets you receive mail), but it’s a bit more configurable and debug friendly. It also offers server-side mail filtering which is accessible via the Plesk Webmail services Roundcube and Horde.

    In this article I’ll show you how to install Dovecot in Plesk 12, and how to add your own SSL certificates for mail. In my previous article I’ve explained how to do this with the standard Courier Mail service.

     

    Installing Dovecot in Plesk 12

    Head over to

    • Tools and Settings (or the Server Tab)
    • under the Plesk heading
    • Updates and Upgrades

    Select Add or Remove Components and under Mail Hosting Features, find the option for Different IMAP/POP3 server:

    Screen Shot 2015-01-03 at 15.14.37

    You can only install either Courier or Dovecot. Switching will automatically uninstall the component you currently have and instead install the other one.

    Note that switching Courier for Dovecot will preserve all mailboxes and will not affect your outgoing mail services. Give Plesk a moment until your see the “installation has finished” message.

    You’re now running Dovecot!

     

    Patching Dovecot SSL Certificates

    As with Courier, Dovecot will use self-signed certificates for secure connections. This means that a nasty window is likely to pop up when clients connect. You can suppress this window by specifying your own SSL Certificates.

    Screen Shot 2015-01-03 at 15.12.08

     

    The default configuration file for Dovecot is in /etc/dovecot/dovecot.conf. However the file states that any changes you make here are wiped when an upgrade comes along. Instead, take a look at the /etc/dovecot/conf.d/ directory in which you’ll find three files by default:

    • 10-plesk-security.conf
    • 15-plesk-auth.conf
    • 90-plesk-sieve.conf

    You can add your own configuration snippets here, each beginning with a number and ending with .conf. The lower the number, the earlier your snippet is loaded. The higher the number, the later it is loaded. You get the picture.

    Let’s create /etc/dovecot/conf.d/5-ssl.conf for our purposes. Because I had already configured my certificates for Courier they are still in /usr/share/imapd.pem – but feel free to place your .pem files anywhere you like. Here’s what my file looks like:

    # SSL Certificates for Dovecot are defined here
    
    ssl = yes
    # Path to your Certificate, preferred permissions: root:root 0444
    ssl_cert = &lt;/usr/share/imapd.pem
    # Path to your Private Key, preferred permissions: root:root 0400
    ssl_key = &lt;/usr/share/imapd.pem
    

    Dovecot lets you have separate files for the certificate and the private key, something that’s not possible in Courier as far as I know. Dovecot is also happy to keep those in the same file though as in my example, and as in Courier. Easy going I say!

    For the changes to take effect we need to restart the Plesk Mail Service like so:

    /usr/local/psa/admin/sbin/mailmng --restart-service

    That’s it!

     

    How do I add a certificate for outgoing mail?

    Postfix (and QMail) deal with sending mail, Dovecot and Courier only deal with receiving it. I’ve described how to add SSL Certificates to Postfix in my article about Courer.

     

    Further Reading

     





     
    • prupert 2:32 pm on January 18, 2015 Permalink | Reply

      You may want to add the following directives for added security:

      Strong DH params

      ssl_dh_parameters_length = 2048

      Disable insecure SSL protocols

      ssl_protocols = !SSLv2 !SSLv3

      • Jay Versluis 3:35 pm on January 18, 2015 Permalink | Reply

        Thank you for the tip, prupert! Very much appreciated!

  • Jay Versluis 10:04 pm on December 24, 2014 Permalink | Reply  
    Categories: Linux, Plesk, WordPress ( 53 )

    FIXED: The wp-content folder does not show itself via FTP in Plesk 12 and CentOS 7 

    Screen Shot 2014-12-24 at 21.49.49

    I’ve noticed a weird bug in Plesk 12 on CentOS 7: when you connect via FTP, the wp-content folder does not show up – all other folders can be seen as usual. It’s a rather crucial folder for WordPress users.

    At first I had suspected a problem with the ProFTP service which is not the stock version, but a specially compiled version for use with Plesk, and Plesk takes care of this system services (it’s called psa-proftpd in case you’re interested). But ProFTP is not the problem.

    Thanks to the amazing Sergey Lystsev from Parallels for letting me know that the issue is instead with SELinux: when it’s used in Enforcing mode (which is the default), wp-content does not show itself via FTP. Switching it to Permissive mode or disabling SELinux altogether solves the problem.

    The entire issue will be fixed in the next release of Plesk, and it’s already working in the latest update to the Plesk Preview 12.1.13. CentOS 5 and 6 are not affected.

    How do we fix it, Cap’m?

    To disable SELinux on CentOS 7 we can use this:

    setenforce 0
    

    Or, to switch to permissive mode, use this:

    setenforce permissive
    

    Now we’ll need to restart the xinetd service as well as Plesk for the changes to take effect:

    systemctl restart xinetd.service
    service psa stopall
    service psa restart
    

    Connect to your site via FTP and see if the wp-content folder shows itself.

    To permanently change the SELinux configuration so that it survives a server restart, check out my other article here:





     
    • Ronald 7:56 am on January 20, 2015 Permalink | Reply

      Thanks a lot for this post! I was experiencing the exact same problem and this solved it. Thanks.

      • Jay Versluis 9:16 am on January 20, 2015 Permalink | Reply

        You’re very welcome, Ronald!

  • Jay Versluis 6:36 pm on December 18, 2014 Permalink | Reply
    Tags:   

    Categories: Plesk ( 52 )

    How to allow Passive FTP Connections in Plesk 

    Plesk-LogoA little while ago I’ve written an article about opening Passive FTP Ports specifically for using Plesk on Amazon AWS. Here’s a slightly more condensed version about how to do this on any server if you need it.

    Passive FTP ports are not open by default when you install Plesk. To make it happen we need to patch the ProFTP configuration with a range of ports (anything between 49152 and 65534) and open the same range in our firewall.

    You’ll find the ProFTP config file in /etc/proftpd.conf. There’s no need to open the whole available range, I’ll settle for 99 possible ports here. Add the following somewhere at the top of the file, outside any global declarations:

    # adding passive ports and public IP address
    PassivePorts 50001 50100
    

    For the changes to become effective we’ll need to restart the xinetd service which ProFTP is part of in Plesk:

    service xinetd restart
    

    This will allow passive connections – but you also need to open those in your firewall. The easiest way to do this is via the Firewall Extension in Plesk:

    Screen Shot 2014-12-18 at 18.20.48

    Select Modify Firewall Rules, then Add Custom Rule. Give it a title, then add your port rage and click OK. Your changes are not effective yet because Plesk needs to restart the firewall service. To do this hit “Apply Changes”, followed by “Activate”. Wait a moment and Plesk will have taken care of it.

    If you don’t want to use the extension, here’s how you can open those ports manually. On CentOS 6 you can manually add that port range on the command line like this:

    iptables –I INPUT –p tcp --dport 50001:50100 –j ACCEPT
    service iptables restart
    

    On CentOS 7 you can do it like this:

    firewall-cmd --zone=public --add-port=50001-50100/tcp --permanent
    firewall-cmd --reload
    

    Testing testing… this thing on?

    To make sure everything is working, simply use your favourite FTP client and try to make a passive connection. If you get timeout errors something isn’t right.

    You can also use a great web based tool to check if passive connections are working thanks to Tim Kosse: https://ftptest.net

    Enjoy!

    Further Reading





     
  • Jay Versluis 11:54 am on December 4, 2014 Permalink | Reply  
    Categories: MySQL, Plesk ( 18 )

    How to move databases between subscriptions in Plesk 

    You can move databases and database users between subscriptions in Plesk. There’s no web interface for this, but with a bit of manual database tweaking you’ll soon get the hang of it.

    I recently split a subscription into two for a client and this trick came in handy.

    Before we begin, make sure you backup the psa database – that’s what Plesk uses to keep track of internal values, anything from user names, passwords, and which service is associated with what. If you ruin psa you’ll ruin your Plesk installation. Use caution!

    Editing psa

    You can use phpMyAdmin from Plesk to edit the psa database. Head over to Tools and Settings (or the Server Tab), Database Servers and click the little wrench icon. This will open phpMyAdmin in a new window.

    Screen Shot 2014-12-04 at 11.34.02

    Find the psa database and click on the little disclosure plus icon. This will show you all its tables, similar to this:

    Screen Shot 2014-12-04 at 11.37.24

    Scroll down to find data_bases and db_users. Open either of them (with the little disclose icon again) and you’ll find a list of databases and users respectively. Note the column dom_id. This is how Plesk knows which subscription (or domain) this database belongs to. MySQL takes care of the actual database, the value here is for visual representations in Plesk only.

    The difficult bit is to find out which numeric dom_id translates into which domain. There’s not an easy way to extract that info from Plesk, so we’ll use a quick workaround: create a new identifiable database (and user) in the subscription we’d like to move to and simply look at which dom_id it gets.

    Creating a Dummy Database

    Back in Plesk, head over to the subscription you’d like to move your database to and create a memorable user/database combo. Anything will do, we’ll delete this later. Call it “aaaaaaaaa” or “comehere” – up to you.

    Once done, head back over to psa database in phpMyAdmin, refresh and look at the data_bases (and db_users) again. You’ll see something like this:

    Screen Shot 2014-12-04 at 11.50.55

    Now we know that our important_database (and important_user) need a dom_id value of 2 instead of 1. Change it in both tables – and you’re done!

    Head back into Plesk and check your subscriptions: the database and user will have disappeared from subscription 1 and will now appear in subscription 2.

    Thanks to Matt Nelson for this tip!





     
  • Jay Versluis 3:50 pm on December 3, 2014 Permalink | Reply
    Tags: ,   

    Categories: Linux, Plesk ( 53 )

    How to secure SMTP, POP and IMAP connections in Plesk 

    Plesk-LogoYou’ve installed an SSL Certificate to secure your Plesk Panel, you’ve tested it with an SSL checker and sure enough: the ugly warning window doesn’t bother you or your customers anymore.

    But your email client still says that the server doesn’t have a valid certificate. What gives?

    The secret is this: SMTP, IMAP and POP3 use their own certificates which are not related to the ones you setup in Plesk to secure https connections. By default the mail services use auto-generated self-signed certificates.

    Sadly as of Plesk 12 there is still no way to manage those in the web interface – but it’s relatively easy to fix on the command line. Let’s go through this step by step.

    These instructions are for Plesk 12 on CentOS 6 and CentOS 7, using the default Courier mail service. You can also install an alternative mail service called Dovecot in Plesk 12. I’m discussing how to install Dovecot over here.

     

    Default Certificates

    We need to replace the following three files (default permissions in brackets):

    • /etc/postfix/postfix_default.pem (600)
    • /usr/share/imapd.pem (400)
    • /usr/share/pop3d.pem (400)

    Those are the culprits for SMTP, IMAP and POP3. We need to add our own private key and the certificate of a domain associated with this server and remove the default certificates.

    Before we begin, make a safety copy of them like this:

    mv /etc/postfix/postfix_default.pem /etc/postfix/postfix_default.old
    mv /usr/share/imapd.pem /usr/share/imapd.old
    mv /usr/share/pop3d.pem /usr/share/pop3d.old

    Here we rename the original files to .old files – in case anything goes wrong, simply rename them back into .pem files.

     

    Add your own certificate

    We need the same file three times, so we’ll start by making one for the SMTP service. Create a new file like this:

    vi /etc/postfix/postfix_default.pem
    

    and paste first the private key, followed by your certificate into this file. It will look something like this:

    -----BEGIN PRIVATE KEY-----
    MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG
    EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM
    IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0
    l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e
    6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb
    ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8
    N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5
    HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd
    gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC
    St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w
    EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
    Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
    JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B
    AQUFAAOCAQEAq7y8Cl0YlOPBscOoTFXWvrSY8e48HM3P8yQkXJYDJ1j8Nq6iL4/x
    /torAsMzvcjdSCIrYA+lAxD9d/jQ7ZZnT/3qRyBwVNypDFV+4ZYlitm12ldKvo2O
    SUNjpWxOJ4cl61tt/qJ/OCjgNqutOaWlYsS3XFgsql0BYKZiZ6PAx2Ij9OdsRu61
    04BqIhPSLT90T+qvjF+0OJzbrs6vhB6m9jRRWXnT43XcvNfzc9+S7NIgWW+c+5X4
    knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
    LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
    -----END PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
    MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
    aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
    WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
    AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
    CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
    OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
    T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
    JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
    Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
    PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
    aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
    TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
    LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
    BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
    dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
    AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
    NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
    b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
    -----END CERTIFICATE-----
    

    The exact same file can be used for both IMAP and POP3 so we can simply copy it to these two new locations:

    cp /etc/postfix/postfix_default.pem /usr/share/imapd.pem
    cp /etc/postfix/postfix_default.pem /usr/share/pop3d.pem
    

    These two files had 400 permissions by default so that only root can read them, and no one can change them. Let’s adhere to this and apply the same permissions:

    chmod 400 /usr/share/imapd.pem
    chmod 400 /usr/share/pop3d.pem
    

     

    Restart Plesk Mail Services

    For the changes to take effect we’ll need to restart all Plesk mail services:

    /usr/local/psa/admin/sbin/mailmng --restart-service
    

    And that’s it! Now that pesky warning isn’t going to come up anymore when you access Plesk mail with an email client.

     

    Adding CA Certificates

    The above is enough to suppress the usual warning windows in email clients, however if you’re an avid SSL enthusiast you’ll notice that we’ve not added any CA Certificates to the above .pem files. In essence those tell a client that our certificate is valid – otherwise the client would only have our word for it.

    You can add the combined CA Certificate to the end of the three .pem files in addition to the private key and your own certificate. It’s not strictly necessary, but doing this means you will pass strict SSL tests.

    Thanks to Mike Yrabedra for this tip, and the test URL below!

    Testing your mail services

    Mike also found a wonderful service that lets you check an email address which will flag up certificate warnings and exceptions – courtesy of CheckTLS:

    Simply hack in your email address and you’ll see if your certificate is installed properly. Note that to pass the test, your email address must match the domain on the certificate. For example, if your address is you@domain.com, but your certificate is for yourdomain.com then the test will fail the “Cert OK” field.

    Screen Shot 2014-12-04 at 12.49.23

     

    Wait – where do I find my private key and certificate?

    If you’re using the same certificate for mail that you’re using to secure Plesk, simply head over to

    • Tools and Settings (or the Server Tab)
    • Security Settings
    • SSL Certificates
    • click on your certificate from the list
    • scroll down to find plain text sections for your private key and certificate

     

    Wait – where do I find that CA Certificate you speak of?

    Your certificate provider will give that to you. Some providers call it “intermediate CA certificate”. They usually have several versions of the same thing. Look for a combined version. In essence it’s two plain text blocks, very similar to the ones I’ve shown you above.

    For example, the RapidSSL CA certificates can be found here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548

    Further Reading





     
  • Jay Versluis 11:50 am on November 2, 2014 Permalink | Reply
    Tags:   

    Categories: Linux, Plesk ( 53 )

    How to install Plesk on CentOS 7 

    Plesk-LogoInstalling Plesk on CentOS 7 hasn’t changed drastically from earlier versions, however CentOS is different than its predecessors. I’ve written an article about how to install Plesk on CentOS 6, but that was 3 years ago and thought it’s time for an updated version.

    Well here it is: Plesk 12, meet CentOS 7.

     

    Plesk Documentation

    Much of what I’m telling you and more is documented on the Parallels Plesk website:

    On the left hand side you’ll find a link to the current documentation, as well as handy links to purchase a license if you need to. The link will also answer your questions about the different editions of Plesk and direct you to the Parallels Forum.

     

    One-Click Installer

    The Plesk one-click installer is a script that downloads itself and determines the correct Plesk version for your OS. You won’t accidentally pick the wrong version for your distribution. Paste this and the installer will download the latest version of Plesk (12 at the time of writing):

    wget -O - http://autoinstall.plesk.com/one-click-installer | sh

    If you get an error message, wget may not be installed. Rectify this pitiful situation like this:

    yum install wget

     

    To download older versions of Plesk you can download the one-click-installer file and run it with the option –show-all-releases. This will give you the option to specify your desired Plesk version with –select-release-id. For more information, run the file with the –help option.

    I’ve noticed that the installer is much quicker than on previous versions of Plesk and is finished in under 10 mins (as opposed to half an hour previously). This is presumably due to many packages that are pre-installed with CentOS 7, so not much time is spent downloading stuff. Nice!

    Once finished the installer will give you a URL to login with – usually consisting of your IP, like https://10.1.2.3:8843

     

    Opening Ports for Plesk

    On CentOS 6 and prior the firewall rules were set via iptables. This service is gone and has been replaced with firewalld in CentOS 7. We still need to open ports to speak to Plesk via a browser. The two important ones to open here are 8443 and 8447:

     firewall-cmd --zone=public --add-port=8443/tcp --permanent
     firewall-cmd --zone=public --add-port=8447/tcp --permanent
     firewall-cmd --reload

    The –permanent option makes these rules “stick” upon restart.

    These are not the only ports Plesk needs to function, for a full list please see this KB article:

    There is usually no need to open other ports if you install the Firewall extension in Plesk, as this will manage the underlying service for you (and apply the necessary open ports). To do this, head over to Tools and Settings – Updates and Upgrades and install the Firewall Extension (under Additional Plesk extensions).

    Next head over to Extensions select the Firewall Module. Select “Enable Firewall Rules Management”, followed by another enable button. Now Plesk will manage the firewall for you and open all ports ready for web and email traffic.

     

    Add Atomic Repo Power (optional)

    If you’d like to supercharge your server, now’s a good time to install the Atomic repos. These will give you access to many additional tools such as pre-compiled OSSEC HIDS and additional PHP versions:

    wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh

     

    Loggin in for the first time

    With your dedicated IP handy, the installer script will have given you something like https://10.1.2.3:8443. Surf there and be presented with the Plesk login screen.

    But what are your credentials? I’m glad you asked: the first time you login to Plesk you can do so with your server root credentials. This even works on subsequent sessions, however Plesk creates an admin user for which you will specify the password during your first session.

    It is strongly recommended that you use that admin user for Plesk administrative tasks. You can also create additional administrators in Plesk once you’re up and running – so there’s no need to share your super secret password with colleagues and clients.

     

    Correcting your IP address (optional)

    It can happen that Plesk does not detect the correct IP address on your server. This was never the case in CentOS 6, but I’ve noticed this in CentOS 7. In my case the Plesk installer thought that the local loopback address was my main one (127.0.0.1) – which of course it was not.

    You can usually correct this on first login, but just in case you need to do this from the command line, check this helpful KB article:

     

    License Key and Additional Components

    You need a license to operate Plesk. You’ll get this either from your server provider (if Plesk is part of your deal), or you can buy one directly from Parallels. You can also run Plesk as a 14 day trial version. If you don’t enter this you can still use the Plesk interface but you’ll be limited to a single domain and several options are unavailable.

    In case you’re missing menu items that you had expected to be there, it’s probably a license issue.

    I find it helpful to head over to Tools and Settings (or the Server Tab) – Plesk – Updates and Upgrades and install several additional components, such as

    • Health Monitor
    • Migration Manager
    • Firewall (under Additional Plesk Extensions)
    • Watchdog (under Additional Plesk Extensions)
    • Spam Assassin (under Mail hosting features)
    • Kapersky Anti Virus (under Mail hosting features)

    You can also install Fail2ban from this menu if you like – I personally rely on OSSEC to deal with intrusion detection and choose not to use Fail2ban at this point.

     

    That’s it! Have fun with Plesk ;-)





     
  • Jay Versluis 8:24 am on October 20, 2014 Permalink | Reply
    Tags:   

    Categories: Plesk, Screencasts ( 52 )

    How to create Scheduled Tasks in Plesk 

    In this video I’ll show you how to create Scheulded Tasks in Plesk. I’ll explain where to find them (for admins and customers), how to execute them and what all those cryptic fields mean. I’ll also show you how to mute the output of the commands you execute so you won’t be bothered with emails you didn’t ask for.

    Scheduled Task is another name for Cron Job, and it’s something you want to run on a regular basis, like a script file. Plesk itself does not execute your task. Instead it will give you a nice interface to add the parameters you need for the Linux crontab command (or the equivalent on Windows, I believe it’s called at or schtasks).

     

    Cryptic Numbers

    The cryptic numbers in each field are crontab parameters. Numbers for those fields correspond to their description (i.e. 0-59 for minutes, 0-23 for hours, etc).

    One thing of note (and confusion) is how to define endless repetitions. We can do this with the asterisk and slash combinations.

    • * means “every”, as in “every minute”, “every hour”, “every day”
    • */4 means “every 4″, as in “every 4 hours”
    • 5-11 means “every number in between”, such as 5,6,7,8,9,10,11

    To find out more about the crontab command, head over to a great nixCraft article here:

     

    Muting Output

    By default Plesk will send you an email with any output a script or command may generate. You can avoid this by diverting all output to /dev/null. This is a virtual partition that magically makes things disappear.

    In the video I’m using a fictitious script /var/script.php. To divert its potential output I would use

    /var/script.php &gt; /dev/null 2&gt;&amp;1

     

    A note about Script Files

    If you’re executing BASH, PHP, Python or any other script, make sure your files contain the she-bang at the very beginning to that your server can find the correct path. Here’s an example for how a PHP script should start:

    #!/usr/bin/php

    Note that web files that are designed to run in a browser cannot be called that way. You need to call those using cURL or wget.

     

     





     
  • Jay Versluis 8:56 am on October 13, 2014 Permalink | Reply  
    Categories: Plesk, Screencasts ( 52 )

    How to add Custom Buttons in Plesk 12 

    In this screencast I’ll show you how to create Custom Buttons in the Customer Control Panel in Plesk 12. These are direct links to URLs you can provide with the same look and feel as the rest of Plesk.

    Custom Buttons allow you to create links within Plesk or to external sources, like your website or a contact form. If you’re a developer you can even read out parameters that are passed with the URL (such as customer’s domain name). You can link to external sources as well as other areas of the Plesk Panel – including destinations you’ve created with extensions.

     





     
  • Jay Versluis 9:27 am on October 6, 2014 Permalink | Reply
    Tags: ,   

    Categories: Plesk, Screencasts ( 52 )

    Setting up Plesk Mail on iOS 8 (iPad) 

    In this screencast I’m explaining how to setup your iOS Device for use with Email Accounts created in Plesk 12. I’m also explaining how to map IMAP folders from your email account to the relevant folders on your iOS Device.

    For this demo I’m using an iPad 3 running iOS 8, but the process is the same on your iPhone and iPod Touch and older versions of iOS.

    It’s a rather complex setup (as dealing with email accounts usually is) and has caused me and my customers major headaches in the past. I hope this video can alleviate such pains. If setup properly, Plesk Mail is a pleasure to deal with and works very reliably.

    Sadly iOS Mail does not discover the settings it needs to work with your Plesk Mail automatically, but with a bit of help and guidance it’s easy to get it working. Let me show you how.





     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel