Facebook
Twitter-
Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
-
The BIND DNS server has already been deprecated and removed from Plesk for Windows.
If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release. -
The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
Question psa-firewall via cli/ansible
- Thread starter Dave W
- Start date
Dave W
Regular Pleskian
Hi VGS,
My solution was to disable plesk-firewall and just create my own iptables ruleset and use that with Ansible.
Not really a fix but it works for me.
Dave
My solution was to disable plesk-firewall and just create my own iptables ruleset and use that with Ansible.
# Disable the Plesk firewall extension
- name: Disable Plesk Firewall
command: /usr/local/psa/bin/modules/firewall/settings -d removes=/etc/rc.d/init.d/psa-firewall
# Remove the Plesk firewall extension if installed
- name: UnInstall Plesk Firewall Extension if installed
command: plesk installer --select-release-current --remove-component psa-firewall removes=/etc/rc.d/init.d/psa-firewall
# Upload the the iptables file and restart iptables
- name: Upload the the iptables file to /etc/sysconfig/ and restart iptables
copy: src=files/security/iptables dest=/etc/sysconfig owner=root group=root mode=0644 backup=yes
notify:
- restart iptables
- name: Disable Plesk Firewall
command: /usr/local/psa/bin/modules/firewall/settings -d removes=/etc/rc.d/init.d/psa-firewall
# Remove the Plesk firewall extension if installed
- name: UnInstall Plesk Firewall Extension if installed
command: plesk installer --select-release-current --remove-component psa-firewall removes=/etc/rc.d/init.d/psa-firewall
# Upload the the iptables file and restart iptables
- name: Upload the the iptables file to /etc/sysconfig/ and restart iptables
copy: src=files/security/iptables dest=/etc/sysconfig owner=root group=root mode=0644 backup=yes
notify:
- restart iptables
Not really a fix but it works for me.
Dave
Hi Dave,
Thanks for your answer. Yesterday I found a tricky solution for this problem using firewall system from Plesk. I prefer using that because we have created a auto-deploy system for Plesk containers in our infrastructure and we need to use the same features that users can.
First, you need to have SSH enabled with SSH Key allowed for root. You can do it uncommenting "#PermitRootLogin prohibit-password" in /etc/ssh/sshd_config
Then, you can do something like that:
I hope this can help someone.
Regards!
Thanks for your answer. Yesterday I found a tricky solution for this problem using firewall system from Plesk. I prefer using that because we have created a auto-deploy system for Plesk containers in our infrastructure and we need to use the same features that users can.
First, you need to have SSH enabled with SSH Key allowed for root. You can do it uncommenting "#PermitRootLogin prohibit-password" in /etc/ssh/sshd_config
Then, you can do something like that:
- Generate local SSH Pub key: ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ''
- Copy your local pub key to local allowed keys: cat /root/.ssh/id_rsa.pub > /root/.ssh/authorized_keys
- Enable firewall: /usr/local/psa/bin/modules/firewall/settings -e
- Confirm the changes by this way: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p XXX root@localhost '/usr/local/psa/bin/modules/firewall/settings -c'
- Optional, clean your local authorized_key: echo '' > /root/.ssh/authorized_keys
I hope this can help someone.
Regards!