Get the most out of your Centmin Mod LEMP stack
Become a Member

ConfigServe ( CSF ) UI

Discussion in 'Other Web Apps usage' started by Matt Williams, Apr 16, 2016.

  1. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    4:53 AM
    latest
    10
    Did not know the CSF UI created such an intense load - Screenshot by Lightshot - anyone else use the UI?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,160
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    6:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    is this on Centmin Mod or cpanel based CSF ? never used CSF UI on Centmin Mod if you mean the web browser CSF UI ? that screenshot doesn't reveal anything that would help ? it's SSH command line that can reveal more.

    Standard copy and paste response for high cpu load troubleshooting (for benefit of everyone reading :) ) below:

    CPU load optimal is 1.0 per cpu thread so 8 cpu thread normal = 8x1 = 8.0. 16 cpu server normal is 16x1 = 16.0

    so cpu load of 8 for
    • 2 cpu server = 8/2 = 4.0 load average
    • 4 cpu server = 8/4 = 2.0 load average
    • 8 cpu server = 8/8 = 1.0 load average
    When you type top command, hit number 1 to break down per cpu stats

    Centmin Mod is provided as is, so troubleshooting load issues is left to end user to do. However, there's many linux tools and scripts that can help you figure out what was causing the load issues and when.

    If you're providing info on this forum, more info might be helpful
    1. What version of Centmin Mod ? .08 stable or .09 beta ? If .09 beta when was it installed and when was last time you updated ?
    2. What's your VPS/Server hardware specifications ? cpu type ? memory available ? disk space ?
    3. Who's your web host ? Different hosts have different limits for server resource usage and some are more restrictive that others so it could just be their resource usage policy you tripped which may or may not be restrictive. If restrictive, then real solution would be finding a better web host. If not restrictive, then it's finding out what caused high cpu load.
    Tools and commands you will want to read up on and learn for basic system admin tasks and troubleshooting.
    Notes:
     
    • Informative Informative x 1
  3. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:53 AM
    1
    10
    I cant seem to get the csf ui to work, i changed the settings in csf.conf to enable it but no site loads up, not sure if its being blocked by iptables
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,160
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    6:53 PM
    Nginx 1.13.x
    MariaDB 5.5
    r
    CSF readme item 23 https://download.configserver.com/csf/readme.txt

    Code (Text):
    23. Integrated User Interface Feature
    #####################################
    
    Integrated User Interface. This feature provides a HTML UI to the features of
    csf and lfd, without requiring a control panel or web server. The UI runs as a
    sub process to the lfd daemon.
    
    As it runs under the root account and successful login provides root access
    to the server, great care should be taken when configuring and using this
    feature. There are additional restrictions to enhance secure access to the
    UI:
    
      1. An SSL connection is required
      2. Separate ban and allow files are provided to only allow access to listed
         IP addresses
      3. Local IP addresses cannot connect to the UI (i.e. all IP addresses
         configured on the server NICs)
      4. Unique sessions, session timeouts, session cookies and browser headers are
         used to identify and restrict active sessions
    
    Requirements:
    
      1. openssl
      2. Perl modules: Net::SSLeay, IO::Socket::SSL and dependent modules
      4. SSL keys
      5. Entries in /etc/csf/ui/ui.allow
    
    The SSL server uses the following files:
    
      SSL Key goes into /etc/csf/ui/server.key
      SSL Certificate goes into /etc/csf/ui/server.crt
    
    Preferably, real CA signed certificates should be used. You can use an
    existing domain and cert for accessing the UI by populating the two files
    mentioned. If the cert has a ca bundle, it should be appended to the server.crt
    file. lfd must be restarted after making any changes:
    http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#realcert
    
    Alternatively, you could generate your own self-signed certificate:
    http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
    
    Any keys used must have their pass-phrase removed:
    http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#removepassphrase
    
    The login URL should use the domain you have listed in the self-signed cert:
    https://<yourdomain>:<port>
    
    For example: https://www.somedomain.com:6666
    
    Your browser must accept session cookies to gain access.
    
    UI_ALLOW is enabled by default, so IP addresses (or CIDRs) allowed to use this
    UI must be listed in /etc/csf/ui/ui.allow before trying to connect to the UI.
    
    Only IP addresses can be listed/used in /etc/csf/ui/ui.ban - this file should
    only be used by the UI to prevent login. Use csf blocks to prevent access to
    the configured port and only use Advanced Allow/Deny Filters for access, i.e.
    do not list the port in TCP_IN.
    
    Logging for UI events are logged to the lfd /var/log/lfd.log file. Check this
    file if you are unable to access the UI.
    
    Required Perl Modules:
    
      For example, on Debian v6 the perl modules can be installed using:
    
        apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \
                        libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl
    
      For example, on CentOS v6 the perl modules can be installed using:
    
        yum install perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN \
                    perl-IO-Socket-INET6 perl-Socket6
     
    • Informative Informative x 1