Announcement

Collapse
No announcement yet.

InterWorx Version 5.1.0 Released!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Hi omelin

    Many thanks, you may be best advised to open a support ticket then, as it's more involved re database then FTP services.

    Is this a test server or live production

    Have you tried yum downgrade iworx

    Many thanks

    John

    Comment


    • #17
      Hello,

      I found an other problem you can see the attached picture.



      It seems the additional IP is not active on the system and cant't activate, but it works. The configuration files are OK as I checked.
      Attached Files

      Comment


      • #18
        Hi dss

        I hope your well

        I believe this is on centos 7, as I have just tried it on a test server running centos 6, and it works lovely.

        The one thing I did notice, was your newly added IP address is shown as 0, whereas I would expect to see eth0:0

        Please could I ask if you added manually or via IW-cp.

        I ask because if you add an IP address manually, it appears in the list as you picture.

        I'm sorry, I reloaded our centos 7 test server as it was needed for clients to play with, for the differences which they may encounter when we upgrade IW.

        I hope you don't mind my thoughts

        Many thanks

        John

        Comment


        • #19
          How do you update from RC to Stable? I told the server I want to use Stable versions, however doing a yum clean and yum reinstall iworx didn't do anything.

          Or am I unable to move from RC to Stable?

          Comment


          • #20
            Hi katronix

            Hope your well

            You cannot update RC to stable.

            You set the version update to stable and it uses stable updates, which are updated slower then RC.

            You should be able to use yum downgrade if you know the package you want to downgrade but I would be careful as you could potentially cause issues, such as Curl or if packages have dependencies

            I personally would just IW set to stable for updates and leave server as is without downgrading any packages

            I hope that helps

            Many thanks

            John

            Comment


            • #21
              Originally posted by d2d4j View Post
              You cannot update RC to stable.
              Well you actually can do this but it will take a while before your RC install will receive updates from Stable or Release. But after a month or two you probably will have a "Release" or "Stable" system.

              EDIT:
              Well just checked a CentOS 5 system using the "Release" repo and a CentOS 7 system using the "RC" repo and the version difference between the two is 5.1.2-1012 for the "Release" and 5.1.2-1016 for the "RC" and the difference in release date is 6 days, so I guess it will take a few weeks and not a few months.
              Last edited by Ramon; 11-23-2015, 09:10 AM.

              Comment


              • #22
                Originally posted by IWorx-Paul View Post
                * Simplified customization of SSLCipherSuite and SSLProtocol settings for services, and removal of the less-secure SSLv3 protocol option by default.

                Paul
                Paul,

                Does this mean that the SSLCipherSuite and SSLProtocol settings can be customized from the control panel? I am unable to find anything like this in the CP (upgraded already, of course). I frequently have to manually edit the SSL configuration for many sites, because PCI Compliance vulnerability scanners will fail compliance over not using (very current) SSL "best practices." Do I still have to edit all the SSL configs manually, in InterWorx's Apache config, the VirtualHosts, qmail, and proftp? Perhaps there is an edit field on the NodeWorx level that can bring all services and SiteWorx accounts in step with a new SSL config in one step?
                My small technology blog
                [translocator.ws]

                Stack Overlap - Web Hosting and Development
                [www.stackoverlap.com]

                Mealsite
                [www.mealsite.com]

                Comment


                • #23
                  Hi jimp

                  Yes, you can set different ciphers for different services.

                  If you need to make a deeper change, such as strict SSL then you will still need to manual adjust

                  Here's my post to show where you find edit the ciphers

                  Many thanks

                  John

                  http://forums.interworx.com/showpost.php?p=27901

                  Comment


                  • #24
                    It would be a great feature to edit the vhost files easier. For example, editing headers, protocol. Enable forward secrecy, public key pinning, OCSP stapling, HSTH, etc... Maybe Let's Encrypt support.

                    Comment


                    • #25
                      Originally posted by d2d4j View Post
                      Hi jimp

                      Yes, you can set different ciphers for different services.

                      If you need to make a deeper change, such as strict SSL then you will still need to manual adjust

                      Here's my post to show where you find edit the ciphers

                      Many thanks

                      John

                      http://forums.interworx.com/showpost.php?p=27901
                      That worked, thank you. It appears to have removed SSLCipherSuite from all vhost files and defined it once in ssl.conf, effectively applying to all SiteWorx accounts that use SSL.

                      So where is the similar field for SSLProtocol? The release notes cite that option too.
                      My small technology blog
                      [translocator.ws]

                      Stack Overlap - Web Hosting and Development
                      [www.stackoverlap.com]

                      Mealsite
                      [www.mealsite.com]

                      Comment


                      • #26
                        Hi jimp

                        Good point, I missed that sorry

                        To be honest though, with the ending of SSL, the only protocols which should be used are TLS v1.0, 1.1 and 1.2, with PCI dss only using TLS v1.1 or 1.2, so I'm thinking this might why IW did not include it, as ciphers should dictate the protocol to a high degree

                        I'll email this to IW tommorow when I'm back though, showing your post so you have credit for it, as it would be lovely to have this input option

                        Many thanks

                        John

                        Comment

                        Working...
                        X