Page 1 of 1

EHCP Standard Edition V24.04 GN

Posted: Wed Aug 03, 2022 11:15 pm
by Rob Swan
What is it?
It’s a version of the standard EHCP for Ubuntu 24.04.xx.

Why?
EHCP has not been updated for ubuntu 24.04.xx, I want to try.

How do I get it this version?
I will post an installer script, if and when I get it to work.

How long will it take?
No Idea, could be easy, could be a nightmare, it may be beyond my limited capabilities.
I do expect it will be after Ubuntu release V24.04.

Why are you doing this, when we can use EHCP force?
Mainly because I like EHCP, but EHCP force it better, no question about it.
I am going to attempt to enhance it a little, in order to avoid most command line configuration.

How it going?
19/09/2024: Courier-imap and Fail2ban changes.

I have compiled version 5.2.10-100 of Courier-imap, using the courier-debuild script. What an absolute nightmare that was, seriously courier needs to fix this so it actually works out of the box. I had to modify it, just so it would run. I also had to manually edit the control file of the outputted deb file so it actually refers to packages that exist.

Using the new version of courier-imap, there is no need to install courier-pop, as it all come in the same package. There are far less dependencies for this version. Which begs the question as to why Ubuntu have not added it to the 24.04 repository. It’s still included in the latest version of Debian.

This version has now been added to the installer.

I have also made a slight tweak to Fail2ban.

26/03/2024: Installer and MySQL (MariaDB) integration Improvements.

I have added a new file called MyEHCP.cnf, which is controlled by EHCP, when the user changes one or both off the IP addresses from the control panel the file is updated. The file is linked to MySQL (MariaDB).

Also, I have added an option in the control panel to enable or disable MySQL remote connections.

This differs from EHCP force as MySQL remote connections are disabled by default, where in EHCP V24.04 GN they are enabled by default (with the option to turn them off).

17/03/2024: Python Fail2ban issue fixed.

The default version of python with Ubuntu 24.04 is not currently compatible with Fail2ban.

I have added Python version 3.10, to run along side the existing version to support Fail2ban.

17/03/2024: Made some security improvements.

17/03/2024: Changed php version to 8.3.

31/01/2024: More bug fixes.

The more I go though EHCP, the more bugs I find.

EHCP is in such a mess, maybe someone in the future should do a full re-write.

27/01/2024: The installer now turns off “Restart Services” prompts when running updates.

21/01/2024: Roundcube issue update 2.

Well, I was wrong on all counts.

It’s not Roundcube, its not the Ubuntu 24.04 package installer, or even PHP8.2, it’s an outdated plugin.

Tested several versions of Rouncube and they all worked fine.

Disabled one of my plugins, and hey presto even Roundcube 1.6.5 (Latest Ubuntu Package Version) works fine.

21/01/2024: Roundcube issue update.

I have just performed a quick test with the latest Long Term Support version of Roundcube (1.5.6), by downloading it and using the web installer and its working PERFECT.

So, the problem is either the Ubuntu 24.04 Package installer, or Roundcube 1.6.5 (Latest Ubuntu Package Version).

Now, Roundcube just release version 1.66 (this was not out when I did my previous tests), so the next step will be to try that one.

20/01/2024: Made changes for Ubuntu 24.04 compatibility.

This version of EHCP is no longer compatible with Ubuntu 22.04.

It has taken almost a full week to make the changes.

I am still having a problem with Roundcube webmail reporting “Internal Server Error”
In my opinion, this is a computability issue with PHP8.2 and Roundcube.

As I am using a beta version on Ubuntu 24.04, there is no easy way to prove this is a compatibility issue, as at the moment as there is no PHP8.1 repository for Ubuntu 24.04. There are no new versions of Roundcube available either.

14/01/2024: The installer now disables Ubuntu auto updates.

19/12/2023: I am still working on this, but other things are taking up my time(at the moment).

13/11/2023: Fixed all the server default certificates so that can never expire, whilst in use.

13/11/2023: Some more irritating bug fixes.

14/10/23: Some irritating bug fixes.

An “irritating bug” is a bug that does not affect functionality but is still irritating.

01/10/2023: phpMyAdmin missing symlink fixed.

The EHCP cp had missing images for phpMyAdmin due to a missing symbolic link, I have put this back.

Not sure why it had been removed in the first place.

12/09/2023: Unfortunately, I have had to strip most of the language packs out. They did not work anyway.

It just has the English pack now, however I have not taken out the code so anybody who want them could put them back in.

It should be possible to run the CP using online translator services.

I have also removed all the awful themes, I have just left the Sky theme.

23/07/23: Baseline restrictions in Apache templates fixed.

30/04/2023
Lets Encrypt Integration Completed.

Well, this has taken an absolute age, but I finally got there.

Image

When you click ‘Attempt to deploy Certificate’ the following happens.

One certificate is created for the main domain with and without the www.

A second certificate is created for ehcp.MyDomain.com, cp.MyDomain.com, panel.MyDomain.com and cpanel.MyDomain.com (for the EHCP control panel).

A third certificate is created for webmail.MyDomain.com, Email.MyDomain.com and Mail.MyDomain.com (for Squirrel Mail).

A fourth certificate is created for webmail2.MyDomain.com, Email2.MyDomain.com and Mail2.MyDomain.com (for Roundcube Webmail).

Finally certificates are created for any subdomains that you have added to your domain.

After deploying the certificate, you need to wait 3-6 minute for it all to work (a lot of work is going on in the background).

You can check the Lets Encrypt status for the domain from the control panel, for example if the certificate had not been created (should never happen), you will see this.

Image

If you do see this, the chances are you just haven’t waited long enough.

Once Let’s Encrypt has finished working, the status will show this.

You also have options to delete a certificate set for a domain.

There is a also a repair option if things have not gone to plan.

When a domain is protected by Lets Encrypt and you add a subdomain, a certificate for that subdomain will automatically be created.

Let’s Encrypt settings can only be accessed by the admin user.

03/03/2023
How many bugs are in EHCP?

My Let ‘s Encrypt integration is going well, but everywhere I turn I find more bugs.

How EHCP was usable in an “as is” state is beyond me.
So many things just don’t work!

I am purposely re-coding the Let’s Encrypt integration, rather than just copying it from EHCP force, as I want it to work slightly differently, and be a bit more user friendly.

09/02/2023
Some major bug fixes.

Whilst, working on the new Let’s encrypt section, I found so many bugs in the Apache template system, I have had to stop work and fix them.

Here is just some of the bugs, I have fixed.

When changing from either ‘ssl’ or ‘sslonly’ mode back to standard mode (no ssl), the Apache templates where not getting updated, so all the sites would remain in the previous ssl mode.

When changing from standard mode (non ssl) to ‘sslonly’ mode, the entire template system would crash, meaning that nothing on the entire server would be accessible via a web browser.

When in ‘sslonly’ mode the default site would not be redirected so ‘https’, meaning despite being in ‘sslonly’ mode ‘http’ connections could be made via a web browser.

On first install, without changing any mode, when a subdomain is added, the Apache service would stop, due to a configuration error. This was due to the default subdomain template being for nginx despite being in Apache mode.

I find it hard to believe that the last standard version of EHCP actually functioned as intended.
This has been an absolute nightmare.

04/02/2023
I am currently working on Let’s Encrypt integration, But finding time to write the code, is difficult at the moment, sorry this is all taking so long.

24/01/2023
SMTP relay settings added to the main options in the EHCP control panel.

Image

04/12/2022
SSH Port setting added to the main options in the EHCP control panel.

Image

When you change one of the new options, a script is run in the background to synchronise the relevant conf files. This script also runs with the EHCP daemon.

11/11/22
Control Panel options enhancement.

I have added two new options into the control panel, so the user can change the Fail2Ban notification email address, and also the root email address (system notifications) without resorting to the command line.

07/11/22
The list backups function in the control panel is now fixed.

I have made a slight change to the layout of the list backups screen, so it now makes more sense.

The list servers function in the control panel is also, now fixed.

I have fixed a couple of spelling mistakes within the control panel (English language).

05/11/22
I have just about fixed the majority of the PHP errors, although I do expect to find more as development continues.

I have cleaned up the installer too.

I will fix the rest of the PHP and installer errors on the fly.

Chive is a MySQL admin utility (a bit like phpMyAdmin) which has been abandoned years ago, it can no longer be installed and used on modern versions of Ubuntu. I have removed the Chive links from the default ‘shy’ template.

23/10/22
Fixing hundreds of PHP Warnings in the main app file (and maybe other PHP files). One by one.

This is going to take an age, this should have been done years ago, instead of just hiding the errors.

This is just crazy.

Going to be doing this for weeks!

09/10/2022
Done a bit of tidying up on the server status page.

I have also, removed any dangerous service start/stop/restart links.

Image

08/10/2022
FTP system finally fixed and MySQL status reporting fixed.

I have changed the FTP application to pure-ftpd-mysql.

Incidentally, the MySQL status reporting bug also currently effects EHCP force!

The new (improved) FTP system now works on port 21 only, FTP does now use TLS (Transport Layer Security) to make it much more secure.

25/09/2022
Spamassassin fixed/enhanced. Clam AV fixed.

I have completed the configuration for Spamassassin Clam AV.

I have connected Spamassassin and Clam AV directly to postfix, I have also connected Spamassassin to MySQL.

Spamassassin, can be controlled by individual email users within Roundcube webmail, in other words I have added a Spamassassin user interface.

I don’t understand why the above was not done in either EHCP or EHCP force as standard.

10/09/2022
Spamassassin and Clam AV, not getting installed fixed (they still need configuration).

The user input section of the installer is now finished, for now at least.

The code which will exit the installer, if a MySQL root password is detected is complete.

05/09/2022
I have added around 150 lines of new PHP code to the installer, to fix the user input section. Also previously unattended mode, used default passwords which is madness, so like EHCP force the installer now generates random passwords for unattended install.

Now, during the install the MySQL root password is set as per the password you type in during the install (or auto generated for unattended installs). The new section also creates an admin MySQL user.

This version of EHCP is going to be for a CLEAN install of Ubuntu only.
I am currently working on some code which will exit the installer, if a MySQL root password is detected as this would mean the operating system (Ubuntu) is not a clean install.

When I finally get a version of this launched, I would recommend not using unattended install.

The user input section is not quite finished yet, as it still needs a few tweaks, but this has been an absolute marathon to code.

28/08/2022
I am currently working on MySQL and the user input section of the installer.

MySQL (MariaDB), is not getting set up properly, for one thing the root user is not being assigned a password, this is not good at all.

The fix involves rewriting the user input section of the installer, luckily this section is written in PHP, which I have some experience with.

21/08/22
EHCP daemon fixed.

EHCP now starts properly when the system is rebooted.

19/08/2022
Fail2ban Fixed.

This was a total nightmare, could not figure out why the Fail2ban email notification where not working.
Finally, I realised that when EHCP was adding the email address to Fail2ban, it was corrupting the jail.local file.
Fixed it by adding my own search and replace routine, as it was the EHCP one that was killing the jail.local file.

As you would expect, I have set Fail2ban only to send an email when it actually bans an IP address.

I have increased Fail2ban to 21 Jails.
I have also moved most of the Fail2ban setup and configuration from the install_lib.php file over to the install.sh.

16/08/2022
SMTP Auth Fixed!

14/08/2022
OK, got SMTP auth figured out, got it working from the command line on a test VMWare install.
This fix just needs adding to the installer. The crazy thing is this fix should not work, but it does.

13/08/2022
Working on SMTP Auth at the moment, not even sure about the mechanism that it is supposed to use, as it does not make a lot of sense. In one file it says it is using IMAP auth, and then another says saslauthd. Maybe it uses a combination somehow?

How I normally do this, is to use the courier authdaemon, with a custom start-up script (so it works under chroot). I wish I had a better understanding of these things!

11/08/2022
Fixed SquirrelMail webmail.

10/08/2022
Fixed Roundcube webmail configuration.

06/08/2022
Despite getting it to install, its does look like most of the problems are still related to the installer. In my opinion the installer is a complete mess, I understand now why EHCP force has a custom install routine.

I have so far got working, the IP config, and the on-screen PHP errors that show up when you go to the web-based CP.
There is still a very long way to go, as almost everything is broken.

03/08/22: I have got it to actually install now, as it would just crash out with errors during the installer, but it’s a long way of working yet.