Đã đăng: 4 năm
DirectAdmin is a leading alternative control panel to cPanel/WHM. This installation guide will outline how to install DirectAdmin control panel on CentOS 7 64bit server. I will be using a Las Vegas based BuyVM.net 1GB dedicated KVM Slice VPS server which costs just US$3.50/month as they generously offer free DirectAdmin license with every VPS server. Seems like the cheapest way to get access to DirectAdmin for testing/learning purposes. The 1GB KVM plan only has 20GB disk space which isn’t suitable for production usage but for purpose of writing this guide and learning on DirectAdmin it should suffice. Otherwise, if you web host doesn’t provide a DirectAdmin license you’d have to buy a DirectAdmin license directly with DirectAdmin. As I am new to DirectAdmin, this guide serves a dual purpose in also documenting my learning and experiences with DirectAdmin installation process. As such this guide will be constantly updated over time so check back regularly. I’ve added a last updated date timestamp for this very purpose. Update: besides DirectAdmin standard licenses, there are also DirectAdmin Lite & Personal limited license options available. For details of what DirectAdmin limited licenses means, read here.

Reading Time: 61 minutes

The following DirectAdmin installation steps are based on the official DirectAdmin outlined documentation for:

DirectAdmin System Requirements
DirectAdmin Installation Guide
Common DirectAdmin pre-installation commands
DirectAdmin SSL setup and configuration
How to enable Letsencrypt SSL certificate support
Installing Letsencrypt SSL certificate on DirectAdmin hostname
DirectAdmin Tech Notes
Contents
Step 1. CentOS 7 server preparation
Step 2. Verify your DirectAdmin license information.
Step 3. DirectAdmin Installation
Pre-configure DirectAdmin Installs
Step 4. Post-Install DirectAdmin Tasks
Step 5. DirectAdmin HTTPS / SSL Configuration
Step 6. Access DirectAdmin Control Panel
Step 7. Switching DirectAdmin From Firewalld To CSF Firewall
DirectAdmin & Cloudflare Configuration via csfcf.sh
csfcf.sh auto-apache option
Step 8. DirectAdmin Skin Customisations
Step 9. DirectAdmin Mail Handling
SPF TXT record setup
DKIM record setup
DMARC record setup
Using Amazon SES SMTP For Outbound Exim MTA
Step 10. DirectAdmin Optimisations
Step 11. Switching MySQL Server Versions – Oracle vs MariaDB MySQL
Step 12. DirectAdmin Log Locations
Step 13. Updating DirectAdmin
Step 14. Speeding Up DirectAdmin Compile Times
Summary
Step 1. CentOS 7 server preparation
DirectAdmin system requirements guidelines outline specific recommendations. The ones relevant to this DirectAdmin installation are:

For CentOS 7, use the xfs quota system. If you use ext4, add use_xfs_quota=0 to the /usr/local/directadmin/conf/directadmin.conf.
Swap disk size – for less than 2GB memory based servers, set swap disk size to 2x memory installed. For 2-8GB memory based servers, set swap disk size to same amount as installed memory. For greater than 8GB memory based servers, set swap disk size to at least 4GB.
Ensure basic development/compiling tools such as gcc, g++, and perl have been installed
Do not install services such as Apache, PHP, MySQL, Ftp, Sendmail, etc as DirectAdmin installation will take care of installation and configuration of such services. Full outline list of what DirectAdmin installs can be found at https://www.directadmin.com/technologies.php
At a bare minimum your server must have one static IPv4 IP address. However, for DNS control you will sometimes need at least two (2) IP addresses. With only one IP address you might be forced to use an external DNS service, depending on your registrar. This means web sites you create through the control panel will not propagate automatically. For this DirectAdmin installation guide I’ll be using only one static IPv4 IP address with intention of using Cloudflare for DNS management.
Setup and configuration of your DirectAdmin server’s hostname which should not be the same as the primary domain name. e.g. yourdomain.com is not a good hostname, where server.yourdomain.com or host.yourdomain.com is. If you have signed up with a VPS or dedicated server provider, at order time you would of specified a hostname to label and name your server. This is usually the hostname that the CentOS 7 image will configure out of the box when you log in for the first time and as such may require changing to a hostname that suits your needs.
So within your SSH logged in session as root user, run the following commands to prepare your CentOS 7 server for DirectAdmin installation.

Configuring your hostname for your DirectAdmin server. You can find the current registered hostname for your CentOS 7 server via either of these commands

uname -n
hostname
On BuyVM.net VPS there’s currently a bug in their system which incorrectly populates the hostname as the following instead of your entered hostname at order time. BuyVM folks are aware of this bug and actively working on a fix.

[root@roblifehack ~]# uname -n
roblifehack.com

[root@roblifehack ~]# hostname
roblifehack.com
The bug also appears in the default BuyVM Stallion control panel’s networking PTR configuration field so you will need to adjust those to your desired hostname with the proceeding instructions.

BuyVM PTR

If your desired hostname needs changing you can do that now using command below changing hostname.yourdomain.com to your own desired hostname.

hostnamectl set-hostname hostname.yourdomain.com
You can verify with with above commands used to get current registered hostname or via

hostnamectl status
Then ensure your hostname’s DNS works via DNS A record pointing to DirectAdmin server’s public IP address. This is important for proper mail delivery from the server and for DirectAdmin licensing checks.

Configuring a swap disk. As DirectAdmin does do quite a bit of source compilation, my own experience with Centmin Mod LEMP stack has taught me that on low memory VPS servers, always have adequate swap disk size. So I opted to configure a 3GB swap disk for this 1GB BuyVM KVM VPS server. Below SSH commands create a 3GB swap disk for DirectAdmin to use.

if [ "$(df -hT | grep -w xfs)" ]; then dd if=/dev/zero of=/swapfile bs=1024 count=3072k; else fallocate -l 3G /swapfile; fi
mkswap /swapfile
swapon /swapfile
chown root:root /swapfile
chmod 0600 /swapfile
swapon -s
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
mount -a
free -m
BuyVM.net VPS already provisioned a 1GB swap file so this change would increase your total swap available to 4GB

free -ml
total used free shared buff/cache available
Mem: 991 59 412 12 518 757
Low: 991 578 412
High: 0 0 0
Swap: 1023 0 1023
After adding 3GB swap file to existing 1GB swap file = 4GB swap total

free -m
total used free shared buff/cache available
Mem: 991 61 405 12 524 755
Swap: 4095 0 4095
Installing basic development and compiling tools via YUM. I also add the following additional YUM packages:

nano – my preferred linux text editor
cmake, cmake3 – for compiling other software which may use cmake or version 3 of cmake
screen – useful to run lengthy scripts or where you want your SSH session to survive disconnections from SSH
sysstat – access to useful system resource gathering tools like sar, pidstat, mpstat, and iostat
perl-libwww-perl – required if you want to install CSF Firewall
perl-Crypt-SSLeay – required if you want to install CSF Firewall
perl-Net-SSLeay – required if you want to install CSF Firewall
perl-LWP-Protocol-https – required if you want to install CSF Firewall for CentOS 7
GeoIP-devel
GeoIP
mlocate
bc
jq – install via EPEL YUM repo
nghttp2 – for HTTPS/SSL diagnostics testing and access to h2load HTTP/2 HTTPS load tester
redis – install via Remi YUM repo for newer version that CentOS 7 base YUM repo version
memcached – install via Remi YUM repo for newer version that CentOS 7 base YUM repo version
memcached-devel – install via Remi YUM repo for newer version that CentOS 7 base YUM repo version
libmemcached-devel – install via CentOS 7 base YUM repo version
libmemcached – install via CentOS 7 base YUM repo version
yum clean all
yum -y install wget gcc gcc-c++ flex bison make bind bind-libs bind-utils libaio libcom_err-devel openssl openssl-devel perl quota libcurl-devel gd zlib-devel zip unzip libcap-devel cronie bzip2 cyrus-sasl-devel perl-ExtUtils-Embed autoconf automake libtool which patch mailx bzip2-devel lsof glibc-headers kernel-devel expat-devel psmisc net-tools systemd-devel libdb-devel perl-DBI perl-Perl4-CoreLibs xfsprogs rsyslog logrotate crontabs file kernel-headers nano cmake cmake3 screen sysstat perl-libwww-perl perl-Crypt-SSLeay perl-Net-SSLeay perl-LWP-Protocol-https GeoIP-devel GeoIP mlocate bc

# EPEL & Remi YUM repo
yum -y install epel-release yum-utils
rpm -ivh https://rpms.remirepo.net/enterprise/remi-release-7.rpm
# disable Remi & EPEL by default and only enable manually when needed
yum-config-manager --disable remi epel
yum -q list jq nghttp2 redis memcached memcached-devel libmemcached-devel libmemcached --enablerepo=epel,remi
yum -y install jq nghttp2 redis memcached memcached-devel libmemcached-devel libmemcached --enablerepo=epel,remi
# mlocate
updatedb
Disabling SELINUX

setenforce 0
sed -i 's|enforcing|disabled|g' /etc/selinux/config
A YUM update and reboot is highly recommended before proceeding to ensure that your Linux Kernel is the latest available patch fixed for Meltdown/Spectre and other vulnerabilities.

yum -y update
reboot
After setting up 3+1 = 4GB swap disks and doing YUM update and package installs, current disk usage is:

df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 ext4 19G 4.8G 13G 27% /
devtmpfs devtmpfs 486M 0 486M 0% /dev
tmpfs tmpfs 496M 0 496M 0% /dev/shm
tmpfs tmpfs 496M 6.7M 489M 2% /run
tmpfs tmpfs 496M 0 496M 0% /sys/fs/cgroup
tmpfs tmpfs 100M 0 100M 0% /run/user/0
Step 2. Verify your DirectAdmin license information.
If you didn’t get your DirectAdmin license from your web host but direct with DirectAdmin, sign into your client account at https://www.directadmin.com/clients and

Click the “view” link next to your license and make sure that the license is Active and Verified (if it isn’t, then DirectAdmin’s billing system hasn’t processed the order yet).
Verify that the server IP address and operating system is correct.
For BuyVM.net they offer free DirectAdmin licenses for their VPS which you can order after your BuyVM VPS has been provisioned and assigned an IP address here. The order form prompts you to provide the IP address of the BuyVM VPS server you intend to install DirectAdmin on, Once ordered you should see your DirectAdmin license listed in services listing. Clicking on the service will reveal the DirectAdmin license id, client id, status and registered IP and OS. Note, for new first time BuyVM VPS customers when you first provision a new VPS, mail ports are blocked by default until you contact their technical support to unblock the mail ports. This is a one time task you need to do.

Directadmin license

Directadmin license

You’ll also receive an email from BuyVM with DirectAdmin license details

DirectAdmin BuyVM Email

Step 3. DirectAdmin Installation
Now to the actual DirectAdmin install which is done as root user in SSH logged in session. You first download the DirectAdmin setup.sh script and give it executable permissions. You can download setup.sh and save anywhere on your server but I generally like to group all my tools in a directory like /root/tools

mkdir -p /root/tools
cd /root/tools
wget -4 https://www.directadmin.com/setup.sh
chmod 755 setup.sh
Next is to actually run the setup.sh script. If you have a flaky SSH connection and do not want SSH disconnections to occur during setup.sh run, you can run setup.sh within a screen session. I also raise the default screen scrollback limit in /root/.screenrc.

You will be prompted for a client ID number, license ID number, and hostname when you run setup.sh as well as ethernet adaptor device name for the public IP address for the server.

The hostname should not be the same as the primary domain name and should of been the same one we prepared and configured in step 1 preparation stage e.g. yourdomain.com is not a good hostname, where server.yourdomain.com or host.yourdomain.com is.
Having the same host/main domain name will cause e-mail and FTP problems.
Also, make sure the hostname resolves once you setup DNS – so ensure a DNS A record for your hostname exists pointing to the DirectAdmin server’s public IP address.
You can find the list of your ethernet adaptor’s device name for public IP via command. For BuyVM VPS the public IP is on eth0 device name
/sbin/ifconfig
Actual DirectAdmin installation commands for running setup.sh or read further below on customising setup.sh runs:

echo "defscrollback 200000" >> /root/.screenrc
screen -dmS directadmin
screen -r directadmin
time ./setup.sh
Pre-configure DirectAdmin Installs
Was only made aware after writing this article that you can customise setup.sh and use preset options.conf prior to actual install via outlined instructions here. You can see this DirectAdmin installations final options.conf file settings in a Gist file here.

So populate these SSH session variables or put into a script the following. Where YOUR_LINK_TO_HOSTED_OPTIONS_FILE would be something like https://yourdomain.com/options.conf where you host the customised options.conf file usually created by DirectAdmin at /usr/local/directadmin/custombuild/options.conf.

clientid=YOUR_CLIENTID
licenseid=YOUR_LICENSEID
hostname=YOUR_HOSTNAME
ip=YOUR_SERVERIP
devicename=YOUR_ETHERNET_DEVICENAME
opturl=YOUR_LINK_TO_HOSTED_OPTIONS_FILE
custombuild_ver=2.0
Also you can pre-configure your DirectAdmin admin email and nameservers in the following files prior to running setup.sh:

/root/.email.txt
/root/.ns1.txt
/root/.ns2.txt
Then you’d change your setup.sh run to

mkdir -p /root/tools
cd /root/tools
wget -4 https://www.directadmin.com/setup.sh
chmod 755 setup.sh

echo "defscrollback 200000" >> /root/.screenrc
screen -dmS directadmin
screen -r directadmin

echo $custombuild_ver > /root/.custombuild
time ./setup.sh $clientid $licenseid $hostname $devicename $ip
If you have a preconfigured options.conf config file you saved from an existing DirectAdmin server location at /usr/local/directadmin/custombuild/options.conf, you can use that too by setting up /usr/local/directadmin/custombuild/options.conf before running setup.sh by downloading your custom options.conf file from remote server or Gist hosted file you defined in above populated variables for $opturl. You can see this DirectAdmin installations final options.conf file settings in a Gist file here.

Downloading preset options.conf to /usr/local/directadmin/custombuild/options.conf

mkdir -p /usr/local/directadmin/custombuild
wget -O /usr/local/directadmin/custombuild/options.conf $opturl
Example using my Gist file to prepopulate options.conf and using sed to replace values for redirect_host (remember to also configure and setup DirectAdmin over HTTPS) and email options:

HOSTNAME='hostname.yourdomain.com'
EMAIL='your_directadmin_email'
mkdir -p /usr/local/directadmin/custombuild
curl -s -4 https://gist.githubusercontent.com/centminmod/62cc0bcdb44977718f98390a93ad8776/raw/options.conf | sed -e "s|^redirect_host=.*|redirect_host=$HOSTNAME|" -e "s|^email=.*|email=$EMAIL|" > /usr/local/directadmin/custombuild/options.conf
The setup.sh has various setup question prompts for you to answer. Once all question prompts have been answered it’s waiting for DirectAdmin installation process to complete. As there’s source compilation involved, how fast DirectAdmin installs will depend on your specific server hardware configuration.

The higher the cpu clock frequency, the faster source compilations go.
The more cpu threads available, the faster source compilations should go if DirectAdmin makes use of multiple cpu threads during source compilation.
The faster the underlying disk storage layer i.e. NVMe SSD vs SSD vs non-SSD, the faster source compilations are.
New cpu models are generally clock for clock faster than previous cpu generations.
The BuyVM VPS has 1GB of memory with 1 cpu thread on an Intel Xeon E3-1270v3 Haswell based processor.

lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 60
Model name: Intel(R) Xeon(R) CPU E3-1270 v3 @ 3.50GHz
Stepping: 3
CPU MHz: 3499.992
BogoMIPS: 6999.98
Hypervisor vendor: Microsoft
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
L3 cache: 16384K
NUMA node0 CPU(s): 0
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat umip
Excerpt below:

time ./setup.sh
*** 64-bit OS ***

*****************************************************
*
* DirectAdmin requires certain packages, described here:
* http://help.directadmin.com/item.php?id=354
*
* Would you like to install these required pre-install packages? (y/n): y
*****************************************************

Please enter your Client ID : CLIENTID
Please enter your License ID : LICENSEID
Please enter your hostname (server.domain.com)
It must be a Fully Qualified Domain Name
Do *not* use a domain you plan on using for the hostname:
eg. don't use domain.com. Use server.domain.com instead.
Do not enter http:// or www

Your current hostname is: hostname.yourdomain.com

Enter your hostname (FQDN) : hostname.yourdomain.com
Client ID: CLIENTID
License ID: LICENSEID
Hostname: hostname.yourdomain.com
Is this correct? (y,n) : y
The following ethernet devices/IPs were found. Please enter the name of the device you wish to use:

eth0 MY_SERVERIP
eth1

Enter the device name: eth0
Your external IP: MY_SERVERIP
The external IP should typically match your license IP.

Is MY_SERVERIP the IP in your license? (y,n) : y

DirectAdmin will now be installed on: Enterprise 7.6
Is this correct? (must match license) (y,n) : y
You have chosen custombuild 2.0.
Prompts for Apache/PHP setup – I deliberately chose a non-default Apache/PHP setup just to see what options are available for now. Will play with different configurations later down the track.

Would you like the default settings of apache 2.4 with mod_ruid2 and php 7.2 cli? (y/n): n
You have chosen to customize the custombuild options. Please wait while options configurator is downloaded...

Cannot find /usr/local/directadmin/custombuild/options.conf, writing defaults.
Downloading versions.txt...

Would you like to backup the current options.conf? (yes/no): yes
Backup created: /usr/local/directadmin/custombuild/options.conf.20190717054458.backup

Please select webserver you would like to use (apache/nginx/nginx_apache/litespeed/openlitespeed):apache

Please select FTP server you would like to use (proftpd/pureftpd/no):pureftpd

Please select default PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):7.3

Please select default PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp/mod_php):php-fpm

Would you like to have a second instance of PHP installed? (yes/no): yes

Please select additional PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):7.2

Please select additional PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp):php-fpm

Would you like to have a third instance of PHP installed? (yes/no): yes

Please select additional PHP version you would like to use (5.3/5.4/5.5/5.6/7.0/7.1/7.2/7.3):5.6

Please select additional PHP mode you would like to use (php-fpm/fastcgi/suphp/lsphp):php-fpm

Would you like to have a fourth instance of PHP installed? (yes/no): no

Please select if you would like to use ionCube (yes/no):no

Please select if you would like to use Zend Guard Loader (yes/no):no

Please select if you would like to use suhosin (yes/no):no

Please select if you would like CustomBuild to manage Exim installation (yes/no):yes

Please select if you would like CustomBuild to manage Dovecot installation (yes/no):yes

Please select if you would like CustomBuild to manage phpMyAdmin installation (yes/no):yes

Please select if you would like CustomBuild to manage SquirrelMail installation (yes/no):yes

Please select if you would like CustomBuild to manage RoundCube installation (yes/no):yes

Would you like to search for the fastest download mirror? (y/n): y
Installation on BuyVM 1GB KVM VPS with 1 cpu thread, took approximately 95 minutes to complete ending with the following message

To login now, follow this link:

http://MY_SERVERIP:2222

and enter your Admin username and password when prompted.

You should now visit http://admin.site-helper.com and http://www.directadmin.com/newinstall.html to learn how to get started.

Thank you for using DirectAdmin. Should you have any questions, don't hesitate to contact us at support@directadmin.com

## REPORT_END
Permissions set

System Security Tips:
http://help.directadmin.com/item.php?id=247
Disk space usage after DirectAdmin install:

df -hT
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 ext4 19G 6.2G 12G 35% /
devtmpfs devtmpfs 486M 0 486M 0% /dev
tmpfs tmpfs 496M 0 496M 0% /dev/shm
tmpfs tmpfs 496M 6.7M 489M 2% /run
tmpfs tmpfs 496M 0 496M 0% /sys/fs/cgroup
tmpfs tmpfs 100M 0 100M 0% /run/user/0
If you do happen to get disconnected from your SSH session during setup.sh run, you can just SSH login again and reattach the screen session named, directadmin and will see the setup.sh script is still continuing it’s run if it hasn’t finished yet or may see that setup.sh run has completed.

screen -r directadmin
Once DirectAdmin is installed to access the control panel on port 2222, you’d need to whitelist it in CentOS 7’s Firewalld firewall.

firewall-cmd --permanent --zone=public --add-port=2222/tcp
However, on my BuyVM VPS server DirectAdmin install instance, I was able to reach DirectAdmin control panel on port 2222 without whitelisting port 2222 because it seems Firewalld service wasn’t running !

service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
So have to manually start CentOS 7’s Firewalld service which then will block port 2222 access until you run the above firewall-cmd command to whitelist port 2222

service firewalld start
Checking Firewalld

firewall-cmd --state
running
Listing current open public ports before whitelisting port 2222 returns empty for this command as no ports are whitelisted as yet.

firewall-cmd --zone=public --list-ports
Whitelist port 2222 in Firewalld and then recheck public whitelisted ports

firewall-cmd --permanent --zone=public --add-port=2222/tcp
success

firewall-cmd --reload

firewall-cmd --zone=public --list-ports
2222/tcp
Do the same for whitelisting SSH and common service ports. I also added 9418 for Git usage and FTP passive port range 35000-35999. Would be nice if DirectAdmin did this by default for it’s known installed services so out of the box DirectAdmin installations would be protected behind Firewalld initially.

firewall-cmd --permanent --zone=public --add-port=22/tcp
firewall-cmd --permanent --zone=public --add-port=2222/tcp
firewall-cmd --permanent --zone=public --add-port=9418/tcp
firewall-cmd --permanent --zone=public --add-port=35000-35999/tcp
firewall-cmd --permanent --zone=public --add-service=dns
firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=imap
firewall-cmd --permanent --zone=public --add-service=imaps
firewall-cmd --permanent --zone=public --add-service=pop3
firewall-cmd --permanent --zone=public --add-service=pop3s
firewall-cmd --permanent --zone=public --add-service=smtp
firewall-cmd --permanent --zone=public --add-service=smtps
firewall-cmd --permanent --zone=public --add-service=smtp-submission
firewall-cmd --reload
firewall-cmd --zone=public --list-ports
firewall-cmd --zone=public --list-services
Check port and service listings that are whitelisted now

firewall-cmd --zone=public --list-ports
2222/tcp 22/tcp 35000-35999/tcp 9418/tcp

firewall-cmd --zone=public --list-services
ssh dhcpv6-client dns ftp http https imaps pop3s smtp imap pop3 smtps smtp-submission
The corresponding whitelisted services’ ports from their profile

echo "ssh dhcpv6-client dns ftp http https imaps pop3s smtp imap pop3 smtps smtp-submission" | xargs -n1 | while read s; do echo -n "/usr/lib/firewalld/services/$s.xml"; grep 'port protocol' /usr/lib/firewalld/services/$s.xml; done
/usr/lib/firewalld/services/ssh.xml <port protocol="tcp" port="22"/>
/usr/lib/firewalld/services/dhcpv6-client.xml <port protocol="udp" port="546"/>
/usr/lib/firewalld/services/dns.xml <port protocol="tcp" port="53"/>
<port protocol="udp" port="53"/>
/usr/lib/firewalld/services/ftp.xml <port protocol="tcp" port="21"/>
/usr/lib/firewalld/services/http.xml <port protocol="tcp" port="80"/>
/usr/lib/firewalld/services/https.xml <port protocol="tcp" port="443"/>
/usr/lib/firewalld/services/imaps.xml <port protocol="tcp" port="993"/>
/usr/lib/firewalld/services/pop3s.xml <port protocol="tcp" port="995"/>
/usr/lib/firewalld/services/smtp.xml <port protocol="tcp" port="25"/>
/usr/lib/firewalld/services/imap.xml <port protocol="tcp" port="143"/>
/usr/lib/firewalld/services/pop3.xml <port protocol="tcp" port="110"/>
/usr/lib/firewalld/services/smtps.xml <port protocol="tcp" port="465"/>
/usr/lib/firewalld/services/smtp-submission.xml <port protocol="tcp" port="587"/>
If you have other services, Firewalld has a profile for some of these services which you can use –add-service=SERVICENAME to whitelist in public zone where appropriate:

ls -alh /usr/lib/firewalld/services/
total 512K
drwxr-xr-x. 2 root root 4.0K May 12 23:10 .
drwxr-xr-x. 8 root root 4.0K May 12 23:09 ..
-rw-r--r--. 1 root root 412 Oct 30 2018 amanda-client.xml
-rw-r--r--. 1 root root 447 Oct 30 2018 amanda-k5-client.xml
-rw-r--r--. 1 root root 320 Oct 30 2018 bacula-client.xml
-rw-r--r--. 1 root root 346 Oct 30 2018 bacula.xml
-rw-r--r--. 1 root root 339 Oct 30 2018 bgp.xml
-rw-r--r--. 1 root root 275 Oct 30 2018 bitcoin-rpc.xml
-rw-r--r--. 1 root root 307 Oct 30 2018 bitcoin-testnet-rpc.xml
-rw-r--r--. 1 root root 281 Oct 30 2018 bitcoin-testnet.xml
-rw-r--r--. 1 root root 244 Oct 30 2018 bitcoin.xml
-rw-r--r--. 1 root root 294 Oct 30 2018 ceph-mon.xml
-rw-r--r--. 1 root root 329 Oct 30 2018 ceph.xml
-rw-r--r--. 1 root root 168 Oct 30 2018 cfengine.xml
-rw-r--r--. 1 root root 260 Oct 30 2018 condor-collector.xml
-rw-r--r--. 1 root root 296 Oct 30 2018 ctdb.xml
-rw-r--r--. 1 root root 305 Oct 30 2018 dhcpv6-client.xml
-rw-r--r--. 1 root root 234 Oct 30 2018 dhcpv6.xml
-rw-r--r--. 1 root root 227 Oct 30 2018 dhcp.xml
-rw-r--r--. 1 root root 346 Oct 30 2018 dns.xml
-rw-r--r--. 1 root root 374 Oct 30 2018 docker-registry.xml
-rw-r--r--. 1 root root 391 Oct 30 2018 docker-swarm.xml
-rw-r--r--. 1 root root 228 Oct 30 2018 dropbox-lansync.xml
-rw-r--r--. 1 root root 338 Oct 30 2018 elasticsearch.xml
-rw-r--r--. 1 root root 836 Oct 30 2018 freeipa-ldaps.xml
-rw-r--r--. 1 root root 836 Oct 30 2018 freeipa-ldap.xml
-rw-r--r--. 1 root root 315 Oct 30 2018 freeipa-replication.xml
-rw-r--r--. 1 root root 629 Oct 30 2018 freeipa-trust.xml
-rw-r--r--. 1 root root 374 Oct 30 2018 ftp.xml
-rw-r--r--. 1 root root 184 Oct 30 2018 ganglia-client.xml
-rw-r--r--. 1 root root 176 Oct 30 2018 ganglia-master.xml
-rw-r--r--. 1 root root 212 Oct 30 2018 git.xml
-rw-r--r--. 1 root root 132 Oct 30 2018 gre.xml
-rw-r--r--. 1 root root 603 Oct 30 2018 high-availability.xml
-rw-r--r--. 1 root root 448 Oct 30 2018 https.xml
-rw-r--r--. 1 root root 353 Oct 30 2018 http.xml
-rw-r--r--. 1 root root 372 Oct 30 2018 imaps.xml
-rw-r--r--. 1 root root 327 Oct 30 2018 imap.xml
-rw-r--r--. 1 root root 454 Oct 30 2018 ipp-client.xml
-rw-r--r--. 1 root root 427 Oct 30 2018 ipp.xml
-rw-r--r--. 1 root root 554 Oct 30 2018 ipsec.xml
-rw-r--r--. 1 root root 255 Oct 30 2018 ircs.xml
-rw-r--r--. 1 root root 247 Oct 30 2018 irc.xml
-rw-r--r--. 1 root root 264 Oct 30 2018 iscsi-target.xml
-rw-r--r--. 1 root root 213 Oct 30 2018 jenkins.xml
-rw-r--r--. 1 root root 182 Oct 30 2018 kadmin.xml
-rw-r--r--. 1 root root 233 Oct 30 2018 kerberos.xml
-rw-r--r--. 1 root root 384 Oct 30 2018 kibana.xml
-rw-r--r--. 1 root root 249 Oct 30 2018 klogin.xml
-rw-r--r--. 1 root root 221 Oct 30 2018 kpasswd.xml
-rw-r--r--. 1 root root 182 Oct 30 2018 kprop.xml
-rw-r--r--. 1 root root 242 Oct 30 2018 kshell.xml
-rw-r--r--. 1 root root 232 Oct 30 2018 ldaps.xml
-rw-r--r--. 1 root root 199 Oct 30 2018 ldap.xml
-rw-r--r--. 1 root root 385 Oct 30 2018 libvirt-tls.xml
-rw-r--r--. 1 root root 389 Oct 30 2018 libvirt.xml
-rw-r--r--. 1 root root 349 Oct 30 2018 managesieve.xml
-rw-r--r--. 1 root root 424 Oct 30 2018 mdns.xml
-rw-r--r--. 1 root root 343 Oct 30 2018 minidlna.xml
-rw-r--r--. 1 root root 237 Oct 30 2018 mongodb.xml
-rw-r--r--. 1 root root 473 Oct 30 2018 mosh.xml
-rw-r--r--. 1 root root 211 Oct 30 2018 mountd.xml
-rw-r--r--. 1 root root 170 Oct 30 2018 mssql.xml
-rw-r--r--. 1 root root 190 Oct 30 2018 ms-wbt.xml
-rw-r--r--. 1 root root 242 Oct 30 2018 murmur.xml
-rw-r--r--. 1 root root 171 Oct 30 2018 mysql.xml
-rw-r--r--. 1 root root 342 Oct 30 2018 nfs3.xml
-rw-r--r--. 1 root root 324 Oct 30 2018 nfs.xml
-rw-r--r--. 1 root root 293 Oct 30 2018 nmea-0183.xml
-rw-r--r--. 1 root root 247 Oct 30 2018 nrpe.xml
-rw-r--r--. 1 root root 389 Oct 30 2018 ntp.xml
-rw-r--r--. 1 root root 335 Oct 30 2018 openvpn.xml
-rw-r--r--. 1 root root 260 Oct 30 2018 ovirt-imageio.xml
-rw-r--r--. 1 root root 343 Oct 30 2018 ovirt-storageconsole.xml
-rw-r--r--. 1 root root 235 Oct 30 2018 ovirt-vmconsole.xml
-rw-r--r--. 1 root root 433 Oct 30 2018 pmcd.xml
-rw-r--r--. 1 root root 474 Oct 30 2018 pmproxy.xml
-rw-r--r--. 1 root root 544 Oct 30 2018 pmwebapis.xml
-rw-r--r--. 1 root root 460 Oct 30 2018 pmwebapi.xml
-rw-r--r--. 1 root root 357 Oct 30 2018 pop3s.xml
-rw-r--r--. 1 root root 348 Oct 30 2018 pop3.xml
-rw-r--r--. 1 root root 181 Oct 30 2018 postgresql.xml
-rw-r--r--. 1 root root 509 Oct 30 2018 privoxy.xml
-rw-r--r--. 1 root root 261 Oct 30 2018 proxy-dhcp.xml
-rw-r--r--. 1 root root 424 Oct 30 2018 ptp.xml
-rw-r--r--. 1 root root 414 Oct 30 2018 pulseaudio.xml
-rw-r--r--. 1 root root 297 Oct 30 2018 puppetmaster.xml
-rw-r--r--. 1 root root 273 Oct 30 2018 quassel.xml
-rw-r--r--. 1 root root 520 Oct 30 2018 radius.xml
-rw-r--r--. 1 root root 268 Oct 30 2018 redis.xml
-rw-r--r--. 1 root root 741 Oct 30 2018 RH-Satellite-6.xml
-rw-r--r--. 1 root root 214 Oct 30 2018 rpc-bind.xml
-rw-r--r--. 1 root root 310 Oct 30 2018 rsh.xml
-rw-r--r--. 1 root root 311 Oct 30 2018 rsyncd.xml
-rw-r--r--. 1 root root 384 Oct 30 2018 samba-client.xml
-rw-r--r--. 1 root root 461 Oct 30 2018 samba.xml
-rw-r--r--. 1 root root 337 Oct 30 2018 sane.xml
-rw-r--r--. 1 root root 283 Oct 30 2018 sips.xml
-rw-r--r--. 1 root root 509 Oct 30 2018 sip.xml
-rw-r--r--. 1 root root 231 Oct 30 2018 smtp-submission.xml
-rw-r--r--. 1 root root 577 Oct 30 2018 smtps.xml
-rw-r--r--. 1 root root 550 Oct 30 2018 smtp.xml
-rw-r--r--. 1 root root 308 Oct 30 2018 snmptrap.xml
-rw-r--r--. 1 root root 342 Oct 30 2018 snmp.xml
-rw-r--r--. 1 root root 405 Oct 30 2018 spideroak-lansync.xml
-rw-r--r--. 1 root root 173 Oct 30 2018 squid.xml
-rw-r--r--. 1 root root 463 Oct 30 2018 ssh.xml
-rw-r--r--. 1 root root 297 Oct 30 2018 syncthing-gui.xml
-rw-r--r--. 1 root root 311 Oct 30 2018 syncthing.xml
-rw-r--r--. 1 root root 496 Oct 30 2018 synergy.xml
-rw-r--r--. 1 root root 444 Oct 30 2018 syslog-tls.xml
-rw-r--r--. 1 root root 329 Oct 30 2018 syslog.xml
-rw-r--r--. 1 root root 393 Oct 30 2018 telnet.xml
-rw-r--r--. 1 root root 301 Oct 30 2018 tftp-client.xml
-rw-r--r--. 1 root root 437 Oct 30 2018 tftp.xml
-rw-r--r--. 1 root root 336 Oct 30 2018 tinc.xml
-rw-r--r--. 1 root root 771 Oct 30 2018 tor-socks.xml
-rw-r--r--. 1 root root 244 Oct 30 2018 transmission-client.xml
-rw-r--r--. 1 root root 264 Oct 30 2018 upnp-client.xml
-rw-r--r--. 1 root root 593 Oct 30 2018 vdsm.xml
-rw-r--r--. 1 root root 475 Oct 30 2018 vnc-server.xml
-rw-r--r--. 1 root root 310 Oct 30 2018 wbem-https.xml
-rw-r--r--. 1 root root 509 Oct 30 2018 xmpp-bosh.xml
-rw-r--r--. 1 root root 488 Oct 30 2018 xmpp-client.xml
-rw-r--r--. 1 root root 264 Oct 30 2018 xmpp-local.xml
-rw-r--r--. 1 root root 545 Oct 30 2018 xmpp-server.xml
-rw-r--r--. 1 root root 314 Oct 30 2018 zabbix-agent.xml
-rw-r--r--. 1 root root 315 Oct 30 2018 zabbix-server.xml
Revisiting DirectAdmin control panel login page on port 2222 now:

DirectAdmin Login Page



Check MySQL version installed by default where MySQL root password details are located in

/usr/local/directadmin/conf/mysql.conf read by DirectAdmin
/usr/local/directadmin/conf/my.cnf read by MySQL server/client
/usr/local/directadmin/scripts/setup.txt contents variables logins setup by DirectAdmin
MariaDB 5.5 MySQL server is installed by default it seems according to mysqladmin ver command

mysqladmin --defaults-extra-file=/usr/local/directadmin/conf/my.cnf ver
If you find having to pass –defaults-extra-file path tedious, setup a custom command alias in your ~/.bashrc file

alias mysqladmin='mysqladmin --defaults-extra-file=/usr/local/directadmin/conf/my.cnf'
Output

mysqladmin --defaults-extra-file=/usr/local/directadmin/conf/my.cnf ver
mysqladmin Ver 9.0 Distrib 5.5.63-MariaDB, for Linux on x86_64
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Server version 5.5.63-MariaDB
Protocol version 10
Connection Localhost via UNIX socket
UNIX socket /var/lib/mysql/mysql.sock
Uptime: 2 hours 39 min 46 sec

Threads: 1 Questions: 66 Slow queries: 0 Opens: 3 Flush tables: 2 Open tables: 29 Queries per second avg: 0.006
Check Apache version and config installed – Apache 2.4.39 built as Event MPM worker

httpd -V
Server version: Apache/2.4.39 (Unix)
Server built: Jul 17 2019 17:56:35
Server's Module Magic Number: 20120211:84
Server loaded: APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D HAVE_SYSTEMD
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Check which Apache modules loaded into Apache – take note that mod_remoteip (remoteip_module) is loaded. Important if you plan to use Cloudflare in front of your DirectAdmin web sites.

httpd -M
Loaded Modules:
core_module (static)
authn_file_module (static)
authn_dbm_module (static)
authn_anon_module (static)
authn_dbd_module (static)
authn_socache_module (static)
authn_core_module (static)
authz_host_module (static)
authz_groupfile_module (static)
authz_user_module (static)
authz_dbm_module (static)
authz_owner_module (static)
authz_dbd_module (static)
authz_core_module (static)
access_compat_module (static)
auth_basic_module (static)
auth_form_module (static)
auth_digest_module (static)
allowmethods_module (static)
file_cache_module (static)
cache_module (static)
cache_disk_module (static)
cache_socache_module (static)
socache_shmcb_module (static)
socache_dbm_module (static)
socache_memcache_module (static)
socache_redis_module (static)
so_module (static)
watchdog_module (static)
macro_module (static)
dbd_module (static)
dumpio_module (static)
buffer_module (static)
ratelimit_module (static)
reqtimeout_module (static)
ext_filter_module (static)
request_module (static)
include_module (static)
filter_module (static)
substitute_module (static)
sed_module (static)
deflate_module (static)
http_module (static)
mime_module (static)
log_config_module (static)
log_debug_module (static)
logio_module (static)
env_module (static)
expires_module (static)
headers_module (static)
unique_id_module (static)
setenvif_module (static)
version_module (static)
remoteip_module (static)
proxy_module (static)
proxy_connect_module (static)
proxy_ftp_module (static)
proxy_http_module (static)
proxy_fcgi_module (static)
proxy_scgi_module (static)
proxy_uwsgi_module (static)
proxy_fdpass_module (static)
proxy_wstunnel_module (static)
proxy_ajp_module (static)
proxy_balancer_module (static)
proxy_express_module (static)
proxy_hcheck_module (static)
session_module (static)
session_cookie_module (static)
session_dbd_module (static)
slotmem_shm_module (static)
ssl_module (static)
http2_module (static)
lbmethod_byrequests_module (static)
lbmethod_bytraffic_module (static)
lbmethod_bybusyness_module (static)
lbmethod_heartbeat_module (static)
unixd_module (static)
dav_module (static)
status_module (static)
autoindex_module (static)
info_module (static)
suexec_module (static)
cgi_module (static)
dav_fs_module (static)
dav_lock_module (static)
vhost_alias_module (static)
negotiation_module (static)
dir_module (static)
actions_module (static)
speling_module (static)
userdir_module (static)
alias_module (static)
rewrite_module (static)
systemd_module (shared)
mpm_event_module (shared)
Check Apache httpd.conf default include files which are available or commented out/disabled

grep Include /etc/httpd/conf/httpd.conf
Include /etc/httpd/conf/extra/httpd-phpmodules.conf
# Include some DirectAdmin alias
Include conf/extra/httpd-alias.conf
Include conf/extra/httpd-includes.conf
Include conf/extra/httpd-directories.conf
Include conf/extra/httpd-nginx.conf
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-multilang-errordoc.conf
Include conf/extra/httpd-autoindex.conf
Include conf/extra/httpd-languages.conf
#Include conf/extra/httpd-userdir.conf
Include conf/extra/httpd-info.conf
Include conf/extra/httpd-suphp.conf
#Include conf/extra/httpd-manual.conf
Include conf/extra/httpd-dav.conf
Include conf/extra/httpd-default.conf
Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-deflate.conf
Include conf/extra/httpd-php-handlers.conf
Include conf/extra/httpd-vhosts.conf
Include conf/extra/directadmin-vhosts.conf
Looks like the /etc/httpd/conf/extra/directadmin-vhosts.conf file contains the DirectAdmin added domain site’s Apache vhost configurations in /usr/local/directadmin/data/users/admin/httpd.conf include file

cat conf/extra/directadmin-vhosts.conf
Include /usr/local/directadmin/data/users/admin/httpd.conf
Within /usr/local/directadmin/data/users/admin/httpd.conf are the domain site’s Apache vhost configurations it seems. Example in Gist posted here.

How DirectAdmin’s Apache was compiled/configured

cat /usr/local/directadmin/custombuild/configure/ap2/configure.apache
#!/bin/sh
"./configure" \
"--prefix=/etc/httpd" \
"--exec-prefix=/etc/httpd" \
"--bindir=/usr/bin" \
"--sbindir=/usr/sbin" \
"--sysconfdir=/etc/httpd/conf" \
"--enable-so" \
"--enable-dav" \
"--enable-dav-fs" \
"--enable-dav-lock" \
"--enable-suexec" \
"--enable-deflate" \
"--enable-unique-id" \
"--enable-cgi" \
"--disable-cgid" \
"--enable-mods-static=most" \
"--enable-mpms-shared=all" \
"--with-suexec-safedir=/usr/local/safe-bin" \
"--with-suexec-caller=apache" \
"--with-suexec-docroot=/" \
"--with-suexec-gidmin=100" \
"--with-suexec-logfile=/var/log/httpd/suexec_log" \
"--with-suexec-uidmin=100" \
"--with-suexec-userdir=public_html" \
"--with-suexec-bin=/usr/sbin/suexec" \
"--with-included-apr" \
"--with-pcre=/usr/local" \
"--includedir=/usr/include/apache" \
"--libexecdir=/usr/lib/apache" \
"--libdir=/usr/lib/apache" \
"--mandir=/usr/share/man" \
"--datadir=/var/www" \
"--localstatedir=/var" \
"--enable-logio" \
"--enable-ssl" \
"--enable-rewrite" \
"--enable-proxy" \
"--enable-expires" \
"--enable-reqtimeout" \
"--with-ssl=/usr" \
"--disable-md" \
"--enable-headers"
Check PHP command line version – looks like Zend Opcache isn’t installed by default which will result in PHP performance being much lower ! Check the Post-Install steps for using CustomBuild 2.0 to install Zend Opcache.

php -v
PHP 7.3.7 (cli) (built: Jul 17 2019 18:33:55) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.7, Copyright (c) 1998-2018 Zend Technologies
Check if DirectAdmin PHP 7.3 supports Argon2 password hashing algorithm and libsodium – looks like libsodium is supported but missing Argon2 password hashing support. FYI, PHP web apps like Xenforo 2.x support newer Argon2 password hashing algorithm if your PHP version supports it.

php -r 'print_r(get_defined_constants());' | grep -i argon
[SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13] => 1
[SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13] => 2
[SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$
Usually for PHP 7.3 on my Centmin Mod LEMP 123.09beta01 stack installs I add Argon2 + libsodium support and you should see the following:

php -r 'print_r(get_defined_constants());' | grep -i argon
[PASSWORD_ARGON2I] => 2
[PASSWORD_ARGON2ID] => 3
[PASSWORD_ARGON2_DEFAULT_MEMORY_COST] => 1024
[PASSWORD_ARGON2_DEFAULT_TIME_COST] => 2
[PASSWORD_ARGON2_DEFAULT_THREADS] => 2
[SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13] => 1
[SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13] => 2
[SODIUM_CRYPTO_PWHASH_STRPREFIX] => $argon2id$
For Argon2 you need newer 1.5+ version of libzip for PHP 7 to compile Argon2. On DirectAdmin PHP 7.3 seems libzip is older 1.1.2 version

php --ri zip

zip

Zip => enabled
Zip version => 1.15.4
Libzip version => 1.1.2
And looks like DirectAdmin default PHP 7.3 configuration is compiled with –without-libzip

php-config
Usage: /usr/local/bin/php-config [OPTION]
Options:
--prefix [/usr/local/php73]
--includes [-I/usr/local/php73/include/php -I/usr/local/php73/include/php/main -I/usr/local/php73/include/php/TSRM -I/usr/local/php73/include/php/Zend -I/usr/local/php73/include/php/ext -I/usr/local/php73/include/php/ext/date/lib]
--ldflags [ -L/usr/local/lib -L/usr/local/icu/lib]
--libs [-lcrypt -lz -lexslt -lresolv -lcrypt -lsodium -lrt -lstdc++ -liconv -lpng -lz -ljpeg -lwebp -lz -lrt -lm -ldl -lnsl -lsystemd -lxml2 -lz -liconv -lm -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -lpcre2-8 -lcurl -lxml2 -lz -liconv -lm -ldl -lssl -lcrypto -lfreetype -licui18n -licuuc -licudata -licuio -lxml2 -lz -liconv -lm -ldl -lxml2 -lz -liconv -lm -ldl -lcrypt -lxml2 -lz -liconv -lm -ldl -lxml2 -lz -liconv -lm -ldl -lxml2 -lz -liconv -lm -ldl -lxslt -lxml2 -lz -liconv -ldl -lm -lssl -lcrypto -lcrypt ]
--extension-dir [/usr/local/php73/lib/php/extensions/no-debug-non-zts-20180731]
--include-dir [/usr/local/php73/include/php]
--man-dir [/usr/local/php73/php/man]
--php-binary [/usr/local/php73/bin/php73]
--php-sapis [ cli fpm phpdbg cgi]
--configure-options [--prefix=/usr/local/php73 --program-suffix=73 --enable-fpm --with-fpm-systemd --with-config-file-scan-dir=/usr/local/php73/lib/php.conf.d --with-curl --with-gd --with-gettext --with-jpeg-dir=/usr/local/lib --with-freetype-dir=/usr/local/lib --with-libxml-dir=/usr/local/lib --with-kerberos --with-openssl --with-mhash --with-mysql-sock=/var/lib/mysql/mysql.sock --with-mysqli=mysqlnd --with-pcre-regex=/usr/local --with-pdo-mysql=mysqlnd --with-pear --with-png-dir=/usr/local/lib --with-sodium=/usr/local --with-webp-dir=/usr/local/lib --with-xsl --with-zlib --enable-zip --without-libzip --with-iconv=/usr/local --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-sockets --enable-soap --enable-mbstring --with-icu-dir=/usr/local/icu --enable-intl]
--version [7.3.7]
--vernum [70307]
cat /usr/local/directadmin/custombuild/configure/ap2/configure.php73
#!/bin/sh
./configure \
--with-apxs2 \
--with-config-file-scan-dir=/usr/local/lib/php.conf.d \
--with-curl \
--with-gd \
--with-gettext \
--with-jpeg-dir=/usr/local/lib \
--with-freetype-dir=/usr/local/lib \
--with-libxml-dir=/usr/local/lib \
--with-kerberos \
--with-openssl \
--with-mhash \
--with-mysql-sock=/var/lib/mysql/mysql.sock \
--with-mysqli=mysqlnd \
--with-pcre-regex=/usr/local \
--with-pdo-mysql=mysqlnd \
--with-pear \
--with-png-dir=/usr/local/lib \
--with-sodium=/usr/local \
--with-webp-dir=/usr/local/lib \
--with-xsl \
--with-zlib \
--enable-zip \
--without-libzip \
--with-iconv=/usr/local \
--enable-bcmath \
--enable-calendar \
--enable-exif \
--enable-ftp \
--enable-sockets \
--enable-soap \
--enable-mbstring \
--with-icu-dir=/usr/local/icu \
--enable-intl
On Centmin Mod PHP 7.3 builds I deliberately use a newer libzip 1.5 version instead of CentOS 7 provided libzip 1.1.2 for this reason. Example from Centmin Mod 123.09beta01 with PHP 7.3.7

php --ri zip

zip

Zip => enabled
Zip version => 1.15.4
Libzip headers version => 1.5.0
Libzip library version => 1.5.0
Check where DirectAdmin’s PHP command line version is reading settings .ini file directories from

php --ini
Configuration File (php.ini) Path: /usr/local/php73/lib
Loaded Configuration File: /usr/local/php73/lib/php.ini
Scan for additional .ini files in: /usr/local/php73/lib/php.conf.d
Additional .ini files parsed: /usr/local/php73/lib/php.conf.d/50-webapps.ini
Check DirectAdmin’s PHP command line loaded PHP extension modules

php -m
[PHP Modules]
bcmath
calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gd
gettext
hash
iconv
intl
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
Reflection
session
SimpleXML
soap
sockets
sodium
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter
xsl
zip
zlib

[Zend Modules]
Checking the cpu load and memory usage of DirectAdmin install as sysstat YUM package was installed as part of preparation stage.

cpu load

sar -q | sed -e "s|$(hostname)|hostname|"
Linux 3.10.0-957.21.3.el7.x86_64 (hostname) 07/17/2019 _x86_64_ (1 CPU)

05:10:00 PM LINUX RESTART

05:20:01 PM runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15 blocked
05:30:01 PM 1 83 0.00 0.00 0.00 0
05:40:01 PM 1 83 0.00 0.00 0.00 0
05:50:01 PM 1 91 0.45 0.16 0.07 0
06:00:02 PM 2 116 1.81 1.57 0.85 0
06:10:02 PM 2 118 1.32 1.45 1.16 0
06:20:01 PM 3 113 1.12 1.39 1.31 0
06:30:02 PM 3 114 1.64 1.56 1.44 0
06:40:01 PM 3 114 1.16 1.44 1.46 0
06:50:02 PM 2 114 1.33 1.46 1.47 0
07:00:01 PM 2 114 1.84 1.62 1.54 0
07:10:01 PM 3 113 2.01 1.84 1.71 1
07:20:01 PM 3 128 1.94 1.77 1.71 0
07:30:01 PM 1 522 0.14 1.08 1.48 0
07:40:01 PM 2 523 0.00 0.15 0.78 0
07:50:01 PM 2 525 0.00 0.02 0.41 0
08:00:01 PM 5 527 0.00 0.01 0.22 0
08:10:01 PM 3 528 0.00 0.01 0.12 0
08:20:01 PM 1 527 0.09 0.07 0.10 0
08:30:01 PM 3 528 0.00 0.02 0.06 0
08:40:01 PM 2 525 0.00 0.01 0.05 0
08:50:01 PM 1 524 0.00 0.01 0.05 0
09:00:01 PM 3 527 0.00 0.01 0.05 0
Average: 2 298 0.68 0.71 0.73 0
memory usage

sar -r | sed -e "s|$(hostname)|hostname|"
Linux 3.10.0-957.21.3.el7.x86_64 (hostname) 07/17/2019 _x86_64_ (1 CPU)

05:10:00 PM LINUX RESTART

05:20:01 PM kbmemfree kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kbdirty
05:30:01 PM 857528 157360 15.51 10060 66416 172372 3.31 49376 61324 0
05:40:01 PM 856412 158476 15.62 10124 67356 172372 3.31 49996 61700 16
05:50:01 PM 237420 777468 76.61 13492 582788 265880 5.10 347640 358336 44516
06:00:02 PM 84916 929972 91.63 17932 609740 889168 17.07 392288 443152 7624
06:10:02 PM 68800 946088 93.22 7652 518300 1002412 19.24 400396 443116 6988
06:20:01 PM 343964 670924 66.11 15040 308432 914316 17.55 192084 364012 11372
06:30:02 PM 686800 328088 32.33 7380 187656 889076 17.07 77984 184040 6244
06:40:01 PM 68984 945904 93.20 12516 599196 1052332 20.20 473912 370572 6380
06:50:02 PM 624964 389924 38.42 8748 193772 920440 17.67 109684 197288 6316
07:00:01 PM 201596 813292 80.14 10960 472432 1050972 20.18 393552 318388 8688
07:10:01 PM 381048 633840 62.45 12244 448196 892164 17.13 219448 317064 6560
07:20:01 PM 85520 929368 91.57 11608 726004 900956 17.30 380644 437972 11616
07:30:01 PM 340136 674752 66.49 57184 312992 3813832 73.21 274420 285892 0
07:40:01 PM 339664 675224 66.53 57336 313272 3813832 73.21 274568 286184 0
07:50:01 PM 299644 715244 70.48 58704 322676 3848780 73.88 307624 291068 0
08:00:01 PM 296944 717944 70.74 58940 322980 3852336 73.95 311300 289780 20
08:10:01 PM 292696 722192 71.16 59264 324164 3856300 74.03 313924 290564 60
08:20:01 PM 250300 764588 75.34 60464 366480 3853488 73.97 323220 323740 180
08:30:01 PM 244376 770512 75.92 61368 370316 3856012 74.02 325556 327132 76
08:40:01 PM 247284 767604 75.63 61968 370712 3849488 73.90 323016 327864 0
08:50:01 PM 246944 767944 75.67 62112 370760 3849488 73.90 323040 328040 0
09:00:01 PM 245516 769372 75.81 62268 370804 3852592 73.96 324256 328228 0
09:10:01 PM 246096 768792 75.75 62432 370952 3849488 73.90 323404 328448 0
Average: 328154 686734 67.67 34774 373756 2235569 42.92 283101 302778 5072
Verify DirectAdmin detected OS and environment to ensure CentOS 7 is detected

/usr/local/directadmin/directadmin o
Output

/usr/local/directadmin/directadmin o
Compiled on 'CentOS 7.0 64-Bit'
Compile time: Jul 12 2019 at 09:37:52
Timestamp: '1562945823'
Compiled with IPv6
Step 4. Post-Install DirectAdmin Tasks
Hide DirectAdmin Apache Version header by editing /etc/httpd/conf/extra/httpd-default.conf and to customise Apache default MPM Worker settings edit /etc/httpd/conf/extra/httpd-mpm.conf.

Current Apache defaults show ServerSignature is already set to Off (disabled) but ServerTokens should be changed from Major to Prod.

egrep '^ServerTokens|^ServerSignature' /etc/httpd/conf/extra/httpd-default.conf
ServerTokens Major
ServerSignature Off
Change via sed replacement

sed -i 's|^ServerTokens .*|ServerTokens Prod|' /etc/httpd/conf/extra/httpd-default.conf
sed -i 's|^ServerSignature .*|ServerSignature Off|' /etc/httpd/conf/extra/httpd-default.conf
Verify the changes

egrep '^ServerTokens|^ServerSignature' /etc/httpd/conf/extra/httpd-default.conf
ServerTokens Prod
ServerSignature Off
Then ensure these changes don’t get overwritten by DirectAdmin

cd /usr/local/directadmin/custombuild/
mkdir -p custom/ap2/conf/extra/
cp -p /etc/httpd/conf/extra/httpd-default.conf /usr/local/directadmin/custombuild/custom/ap2/conf/extra/
cp -p /etc/httpd/conf/extra/httpd-mpm.conf /usr/local/directadmin/custombuild/custom/ap2/conf/extra/
Then test the modified Apache config files

httpd -t
Syntax OK
Then restart Apache service

service httpd restart
Then do a curl header check to ensure DirectAdmin Apache server only reports Server = Apache without any version identifiers.

curl -I localhost
HTTP/1.1 200 OK
Date: Thu, 25 Jul 2019 14:01:18 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 23 Jul 2019 13:32:29 GMT
ETag: "2c-58e593965e689"
Accept-Ranges: bytes
Content-Length: 44
Vary: User-Agent
Content-Type: text/html
Hide DirectAdmin HTTP Daemon Header for port 2222 non-logged in visitors as per instructions here.

By default HTTP header response for requests over DirectAdmin port 2222 return the full DirectAdmin version number and the full name of the person the DirectAdmin license belongs to:

Server: DirectAdmin Daemon v1.57.5 Registered to FULL NAME - FULL NAME - DirectAdmin License
However, you can disable the more verbose version by setting show_info_in_header=0 in /usr/local/directadmin/conf/directadmin.conf

echo 'show_info_in_header=0' >> /usr/local/directadmin/conf/directadmin.conf
service directadmin restart
Then HTTP Header would return a less verbose version

Server: DirectAdmin Daemon
DirectAdmin Apache server-status configuration
Setup Apache server-status and server-info configured for the server hostname you setup in Step 1 above via modifying Apache Include file /etc/httpd/conf/extra/httpd-info.conf – making sure to change YOUR_ISP_IP_ADDR to your ISP IP address or IP address you want to be able to view /server-status and /server-info statistics from and enable ExtendedStatus.

myisp_ip=YOUR_ISP_IP_ADDR
sed -i "s|Require host .*|Require host $(hostname -f)|g" /etc/httpd/conf/extra/httpd-info.conf
sed -i "s|Require ip .*|Require ip 127
Require ip $myisp_ip|g" /etc/httpd/conf/extra/httpd-info.conf
sed -i 's|^#ExtendedStatus On|ExtendedStatus On|' /etc/httpd/conf/extra/httpd-info.conf
Modified contents of /etc/httpd/conf/extra/httpd-info.conf

#
# Get information about the requests being processed by the server
# and the configuration of the server.
#
# Required modules: mod_authz_core, mod_authz_host,
# mod_info (for the server-info handler),
# mod_status (for the server-status handler)

#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.

<Location /server-status>
SetHandler server-status
Require host hostname.yourdomain.com
Require ip 127
Require ip YOUR_ISP_IP_ADDR
</Location>

#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
ExtendedStatus On

#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".example.com" to match your domain to enable.
#
<Location /server-info>
SetHandler server-info
Require host hostname.yourdomain.com
Require ip 127
Require ip YOUR_ISP_IP_ADDR
</Location>
Then restart Apache service

service httpd restart
Then accessing hostname.yourdomain.com/server-status or hostname.yourdomain.com/server-info from the specified YOUR_ISP_IP_ADDR IP address will allow you to see DirectAdmin’s Apache server status and server info pages.

For hostname.yourdomain.com/server-status



For hostname.yourdomain.com/server-info





Setup nightly update notification cronjob as outlined here.

Defaults in /usr/local/directadmin/custombuild/options.conf

#Cronjob Settings
cron=no
cron_frequency=weekly
email=email@domain.com
notifications=yes
da_autoupdate=no
updates=no
webapps_updates=yes
Change to below replacing email with your desired email addresss for notifications

#Cronjob Settings
cron=yes
cron_frequency=weekly
email=email@domain.com
notifications=yes
da_autoupdate=yes
updates=no
webapps_updates=yes
Then type:

./build cron
./build cron
Cronjob is set for MYEMAILADDRESS:
Cronjob frequency: weekly
Automatic notifications: yes
Automatic updates: no
Actual cronjob at /etc/cron.weekly/custombuild

#!/bin/sh
cd /usr/local/directadmin/custombuild
./build update >/dev/null 2>&1
AVAIL_UPDATES="`./build versions_nobold | grep -c -e 'update is available.'`"
if [ "${AVAIL_UPDATES}" -gt 0 ]; then
./build versions_nobold | grep 'update is available.' | mail -s "${AVAIL_UPDATES} updates available for `hostname`" MYEMAILADDRESS
./build update_da
./build update_webapps
fi
exit 0;
Then when you get email notification alerts for updates, run

cd /usr/local/directadmin/custombuild
./build update_versions
Optionally if you need to create alias redirects i.e. create a /mydir alias which redirects users to /var/www/html/directory as per instructions here.

cd /usr/local/di
Chia sẻ trên dòng thời gian