08th Jul2019

How To Install IonCube Loader On Ubuntu running PHP 5.6 | PHP 7.2 | PHP 7.3

by Gyro

I just wanted to install Softaculous in ISPConfig on a server running Ubuntu 18.04, but stumbled upon the requirement of the ionCube Loader.

The ionCube Loader is used by some PHP applications in an effort to secure their PHP code. I personally find it quite silly, as there are ALWAYS ways to decode something, and files secured though ionCube are no exception to that rule. People who think security though obscurity is still a thing have clearly missed the ball imho.

Anyways… here is my take on how to install ionCube Loader on Ubuntu 16.04, 17.10 or 18.04 servers that run PHP 5.6, PHP 7.2, and/or PHP 7.3.

Step 1: Download ionCube Loader

Please let me know in a comment, if these links stop working. Thanks!

On 64-bit systems, enter this in your console

root@server:/# cd /tmp && wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

On 32-bit systems, enter this in your console

root@server:/# cd /tmp && wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz

Extract the ionCube Loader files

root@server:/tmp# tar xfz ioncube_loaders_lin_*.gz

View all available ionCube PHP extension

root@server:/tmp# ls ioncube

Step 2: Check te PHP Version(s) and locate the extensions directory

In order to use ionCube Loader, you must add it to the PHP versions you are using.

A good start is to see what version is used by the cli

root@server:/# php -v

Output should be something like this:

PHP 7.3.6-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: May 31 2019 11:06:48) ( NTS )

Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.6, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.6-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

Get the location of the extensions directory

You may have more than one PHP version installed. An easy way to check which PHP versions are available, you can enter:

root@server:/# update-alternatives --config php

There are 3 choices for the alternative php (providing /usr/bin/php).

Selection Path Priority Status
————————————————————
* 0 /usr/bin/php7.3 73 auto mode
1 /usr/bin/php5.6 56 manual mode
2 /usr/bin/php7.2 72 manual mode
3 /usr/bin/php7.3 73 manual mode

Press <enter> to keep the current choice[*], or type selection number:

So, to get the extension directory of the PHP version that needs the ionCube loader extension, you enter something like this:

root@server:/# /usr/bin/php5.6 -i | grep extension_dir

If you are using PHP 5.6, then the output should be something like this:

extension_dir => /usr/lib/php/20131226 => /usr/lib/php/20131226

If you are using PHP 7.2, then the output should be something like this:

extension_dir => /usr/lib/php/20170718 => /usr/lib/php/20170718/

If you are using PHP 7.3, then the output should be something like this:

extension_dir => /usr/lib/php/20180731 => /usr/lib/php/20180731

Copy the ionCube loader into the extensions directory

If you are using PHP 5.6, enter this:

root@server:/# cp /tmp/ioncube/ioncube_loader_lin_5.6.so /usr/lib/php/20131226/

If you are using PHP 7.2, enter this:

root@server:/# cp /tmp/ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718/

If you are using PHP 7.3, enter this:

root@server:/# cp /tmp/ioncube/ioncube_loader_lin_7.3.so /usr/lib/php/20180731/

Step 3: Add ionCube Loader to PHP

Now that you’ve downloaded, extracted and copied ionCube loader to PHP directory, To enable the ionCube loader extension, you have to add a line to the respective php.ini file(s). Here are the default locations of all php.ini files on a Ubuntu system running PHP 5.6, PHP 7.2, and PHP 7.3:

PHP 5.6

root@server:/# nano /etc/php/5.6/fpm/php.ini

zend_extension = /usr/lib/php/20131226/ioncube_loader_lin_5.6.so

root@server:/# nano /etc/php/5.6/cli/php.ini

zend_extension = /usr/lib/php/20131226/ioncube_loader_lin_5.6.so

PHP 7.2

root@server:/# nano /etc/php/7.2/apache2/php.ini

zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so

root@server:/# nano /etc/php/7.2/fpm/php.ini

zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so

root@server:/# nano /etc/php/7.2/cli/php.ini

zend_extension = /usr/lib/php/20170718/ioncube_loader_lin_7.2.so

PHP 7.3

root@server:/# nano /etc/php/7.3/apache2/php.ini

zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so

root@server:/# nano /etc/php/7.3/fpm/php.ini

zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so

root@server:/# nano /etc/php/7.3/cli/php.ini

zend_extension = /usr/lib/php/20180731/ioncube_loader_lin_7.3.so

Step 4: Restart and Verify

Once you have added the above line(s) to the respective php.ini file(s), you also have to restart the related service(s) (php7.2-fpm, php-7.3-fpm, apache2, nginx). For example:

root@server:/# service  apache2 restart
root@server:/# service php7.3-fpm restart

Check PHP to see all modules installed., if you added the iconCube loader to PHP-CLI:

root@server:/# php -v

Output:

PHP 7.3.6-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: May 31 2019 11:06:48) ( NTS )

Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.6, Copyright (c) 1998-2018 Zend Technologies
with the ionCube PHP Loader + ionCube24 v10.3.7, Copyright (c) 2002-2019, by ionCube Ltd.
with Zend OPcache v7.3.6-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

Final Note

After having installed and configured the IonCube loader extension for all PHP version on the server, I came to the sad conclusion that I did it all for nothing. Why you ask? Well, when you follow the instructions as given in the link I posted earlier, Softaculous will actually get installed including the required IonCube loader extension! The reason I experienced issues with Softaculous after installing (blank page) had absolutely nothing to do with the IonCube loader extension. But, I guess the conclusion of this story will have to appear in a post of its own, which will probably be named something like "How to RTFM when installing Softaculous for ISPConfig".

3044

28th Sep2016

Prevent duplicate Drafts, Junk, Sent, Trash folders in Dovecot

by Gyro

I've set up a new mail server for a client, and then used imapsync to copy all existing mail from the old server to the new server.

Everything seemed to have run smoothly, but shortly after they started using email via the new server, they had multiple folders for drafts, junk, sent, and trash.

After investigating this a bit, I found out that different mail clients expect different folder names on the server, and dovecot will create them when missing.

This really confused me, as this was not happening on the old server, so why was this now happening on the new server?!

Well, I could have prevented this from happening, if I would have had a look at the old server's configuration.

Turns out, you have to configure "Namespaces" to properly configure folders and possible duplicates.

Below is the configuration that was (and now is) in place. It has to be added to /etc/dovecot/dovecot.conf


namespace inbox {
  type = private
  separator = .
  prefix = INBOX.
  inbox = yes

  mailbox Drafts {
    special_use = \Drafts
    auto = subscribe
  }

  mailbox Junk {
    special_use = \Junk
    auto = create
  }

  mailbox spam {
    special_use = \Junk
    auto = no
  }

  mailbox Spam {
    special_use = \Junk
    auto = no
  }

  mailbox Trash {
    special_use = \Trash
    auto = subscribe
  }

  mailbox Sent {
    special_use = \Sent
    auto = subscribe
  }

  mailbox "Sent Mail" {
    special_use = \Sent
    auto = no
  }

  mailbox "Sent Messages" {
    special_use = \Sent
    auto = no
  }

  mailbox Archive {
    special_use = \Archive
    auto = create
  }

  mailbox "Archives" {
    special_use = \Archive
    auto = no
  }
}

With this configuration you get this setup:

INBOX
INBOX.Drafts
INBOX.Junk
INBOX.Trash
INBOX.Sent

Meaning, the Drafts, Junk, Trash, and Sent folders will reside inside the Inbox. Mail clients wanting to be different will have their special folder names mapped to the "one and only" folder of that type, such as iPhone's "Sent Messages" being the actual "Sent" folder.

I hope this helps anyone facing the same issue. Please leave a comment, if you found another special folder name that should be added to this list.

Enjoy! :)

4057

26th Sep2016

Load ISPConfig on subdomain using website’s ssl certificate

by Gyro

I've spent the last few days installing and configuring ISPConfig 3.1 on a new server, and one thing I really don't like about ISPConfig is the custom port it is running on.

So, I thought it would be really cool to use a subdomain instead and forget about the port all together.

It took me quite a while to figure out how to make ISPConfig load on a subdomain and have the subdomain configured for each website automatically. Of course I googled it, but information on how to accomplish this is quite rare (non-existent?), and I had to take stuff from a few different sources to come up with the (in my opinion) perfect solution.

The result: ISPConfig loads on an automatically configured subdomain and even works with each website's ssl certificate!

EDIT: This approach currently does not work with letsencrypt, because letsencrypt does not create a SSL certificate including the subdomain used for ISPConfig, so your browser willl warn you about an invalid SSL certicate being used. I am working on a solution. If you have a wildcard SSL certificate from a different vendor, this will work though.

Prerequisite

1. Make sure the following mods are enabled
~$ sudo a2enmod proxy_http
~$ sudo a2enmod proxy

2. You have to activate SSL for each website
A self-signed SSL certificate is sufficient, but I recommend getting a free one from StartSSL or LetsEncrypt.
ISPConfig 3.1+ can automatically setup a valid LetsEncrypt SSL certificate for each website.

Modify Vhost Master Template

~$ sudo nano /usr/local/ispconfig/server/conf/vhost.conf.master

Add the following code directly under </VirtualHost>, near the bottom of the file.

This will only work with https, and it will redirect http to https


#--------------------------------------------
# START: Add ISPConfig subdomain to all accounts
#--------------------------------------------
<tmpl_if name='ssl_enabled'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
</VirtualHost>
<tmpl_else>
# Redirect unsecure to secure connection
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
Redirect 301 / https://panel.{tmpl_var name='domain'}/
</VirtualHost>
</tmpl_if>
#--------------------------------------------
# END: Add ISPConfig subdomain to all accounts
#--------------------------------------------

This will work with both -- http and https conections


#--------------------------------------------
# START: Add ISPConfig subdomain to all accounts
#--------------------------------------------
<tmpl_if name='ssl_enabled'>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
</VirtualHost>
<tmpl_else>
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
ServerName panel.{tmpl_var name='domain'}
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyVia off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://localhost:1155/
ProxyPassReverse / https://localhost:1155/
</VirtualHost>
</tmpl_if>
#--------------------------------------------
# END: Add ISPConfig subdomain to all accounts
#--------------------------------------------

Notes

1. You have to change the port (1155) to match the port that your ISConfig installation runs on (default is 8080).
2. You may want to replace "panel" with a different word for the subdomain.

Enjoy! :)

1932

06th Aug2014

Comming Soon: HHVM Support in WHM/cPanel?

by Gyro

Great news everyone, it looks like cPanel is gearing up to integrate HHVM (HipHip Virtual Machine)!

I just received a notification from the official features request section of cPanel, in particular the request for PHP HHVM support for better performance.

To quote: "Has anyone had any success implementing PHP HHVM on their own? It's very helpful for us to hear about real world experiences with features we are considering to add in cPanel & WHM." -- cPScottT (cPanel staff).

Don't know HHVM yet?

HHVM is what powers Facebook, it has been developed by Facebook, and they made it available for everyone free of charge. HHVM processes PHP code lighting fast and is currently compatible with about 98% of all php applications.

Today, cPanel employees have finally picked up on this and started asking some questions about HHVM in the respective feature request. What happened next is what got me really excited: Their entire features request section went temporarilly offline! I can only guess that the news has spread rapidly through the twitterverse and other social media channels, resulting in such an increase of page requests that it overwhelmed their server! Maybe they should run their feature request section on HHVM…

Anyways, I am pretty sure that with this kind of response to an "innocent" question by cPanel staff, integrating HHMV into WHM/cPanel has just jumped to the top of their To-Do-List.

Not sure about you, but I am thrilled about this news! :crazy:

2064

21st Feb2013

Speed up your WordPress with CloudFlare!

by Gyro

My web hosting services provider ServerPilot has integrated CloudFlare into the cPanel!

CloudFlare is Content Deliver Network (CDN) with 22 data centers across the globe, and according to google there are only 9 web services in the world that have more traffic than CloudFlare. It is free, and it will make your website's load lightning fast from anywhere in world!

Even if your website is hosted with a slow hosting provider elsewhere, you can use CloudFlare for free!

If you give CloudFlare a try, make sure you also get the CloudFlare WordPress Plugin! WIth it, you can turn on the "Developer Mode" from your WordPress admin panel -- a must when updating your site, as changes won't show up immediately if the Developer Mode is turned off.

Enjoy! :enjoy:

1177

21st Feb2013

Restore large mysql databases with nginx 504 Gateway Timeout

by Gyro

I had to restore a 36MB sql database today and kept getting a "504 Gateway Time-out".

After playing around with the config files, adding fastcgi_read_timeout to the settings for php5-fpm, and fiddling with the php.ini, I realized that this can be accomplished with one single line using ssh:

Assuming that you have packed the .sql file into a zip file, and you are currently in that folder:
# gunzip < databasebackup.sql.gz | mysql -DDATABASENAME -uUSERNAME -pPASSWORD

DATABASENAME = name of the database
USERNAME = mysql username
PASSWORD = mysql password

I hope this helps when trying to restore large mysql databases with nginx 504 Gateway Timeout

2342

11th Feb2013

WHMCS: Round up product prices for secondary currencies

by Gyro

Today, I actually assisted my hosting provider in setting up secondary currencies in WHMCS, the billing and support system for/from cpanel! :)

They only wanted full numbers for the monthly breakdowns, so when they click "Update Prices" in the Currency Settings and a product would cost 1233.37 the price gets automatically rounded up to 1234.00.

Unfortunately, WHMCS doesn't offer this feature, so I suggested to setup a script on a secure location that they can trigger after they update the currency conversion rates and product prices. Below is the sql query that goes through all secondary currencies (1 = default currency) and rounds up the values, so that the setup fee and all monthly prices are full numbers.

The script itself would run a simple MySQL query:

UPDATE tblpricing SET
msetupfee = ceil(msetupfee),
qsetupfee = ceil(qsetupfee),
ssetupfee = ceil(ssetupfee),
asetupfee = ceil(asetupfee),
bsetupfee = ceil(bsetupfee),
tsetupfee = ceil(tsetupfee),
monthly = ceil(monthly),
quarterly = ceil(quarterly/3)*3,
semiannually = ceil(semiannually/6)*6,
annually = ceil(annually/12)*12,
biennially = ceil(biennially/24)*24,
triennially = ceil(triennially/36)*36
WHERE
currency != 1 AND
id = id

you could replace

currency != 1 AND

with
currency = 2 AND

or
currency IN(2,3,6) AND

etc

Enjoy :enjoy:

2306

31st Jan2013

Who is hosting WebDesignBlog.asia?

by Gyro

Webdesignblog.asia is being hosted on a Shared Hosting account from ServerPilot, which includes a Free Domain and loads of other goodies!

ServerPilot offers everything from 99ct hosting to high end dedicated servers for incredibly low prices. The shared hosting servers are running CloudLinux, providing a stable and fast performance for all hosting accounts sharing the server.

Wondering why my websites loads so fast? Do a "dig www.webdesignblog.com", and you will see that this website is actually being served from the CloudFlare CDN, which is integrated into the ServerPilot.com cPanel and FREE!

Be my neighboor, move to ServerPilot! :enjoy:

1060

21st Jan2013

Gitlab service doesn’t run on startup/boot/autostart

by Gyro

I have been using Gitlab for a while now to have backups of all my git repositories on my dedicated servers. Now, I needed to reboot one of them for the first time since I installed Gitlab, and ended up with a ‘502 bad gateway' warning by nginx, when trying to access the Gitlab web interface.

I found this on the github, hidden in a small pull request:

gitlab doesn't start on boot if you follow the install instructions on Ubuntu (12.04 LTS Server -- probably others). Turns out gitlab requires redis-server to be running for gitlab to be able to start. Startup script S20redis-server isn't run until after S20gitlab so gitlab fails to start on boot. Webserver will be up, bad gateway 502 error is usually seen/reported. Starting gitlab manually works (because redis-server has started). This change makes gitlab start after redis-server.

The single line for victory:
# sudo update-rc.d gitlab defaults 70 30

Enjoy :enjoy:

source: github

2995

15th Jan2013

Install php-gd on Ubuntu without recompiling php

by Gyro

For some reason one of my client's website stopped showing captcha codes for the mad4joomla component, the server is running nginx with php-fpm instead of Apache.

Looking at the error.log, I got

 [error] 21110#0: *100 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Call to undefined function imageantialias() in /var/www/clients/client1/web1/web/components/com_mad4joomla/sec/im4.php on line 39"

Time to check the server, that function is supposed to be part of the GD library.

First, I checked if GD was loaded:
# php5 -m | grep -i gd

gd

ok, so GD is there… now on to the function.

# php -r "var_dump( function_exists(‘imageantialias'));"

bool(false)

hmm… :wooty:

So, on I went to google, trying to find out how I can get imageantialias() to work (again)… to my surprise I actually stumbled upon a post talking about the exact same issue, while using the same server setup -- Ubuntu with ISP Config. The solution presented was to recompile php, which I was reluctant to do.

After some more searching I came across this amazing little page (http://nossie.addicts.nl/php5-gd.html) which I am going to post (slightly modified) right here, mainly because it looks like that page could be gone tomorrow…

Getting bundled php-gd working on Ubuntu without having to recompile php

Like many other people out there, I ran into the problem that the version of php-gd shipped with Ubuntu (and Debian) is different from the version used by many other distributions.
The version Ubuntu uses misses some functions like imagerotate and imageantialias, which are needed by an increasing number of software projects.

One solution to this problem is recompiling PHP with the bundled version of GD.
It is not particularly hard to do, but there are a reasons not to do it, one of them being that it is not neccesary.

The following steps solved the problem for me.

Install what is needed to do this:
# sudo apt-get install php5-cli php5-gd rpm mc

Check what version of php you are running (php5 -v). In my case it was 5.3.2-1ubuntu4.7
Go to rpmfind.net and search for php-gd-bundled
Download the version that matches your PHP version and architecture, php-gd-bundled-5.3.2-1mdv2010.1.x86_64.rpm in my case.

If you have installed mc (midnight commander) and rpm, you can use mc to open the downloaded .rpm file (start mc, goto the .rpm file and hit enter)
Inside the .rpm file you will see CONTENT.cpio, navigate to that and hit enter. Goto usr/lib64/php/extensions, there you will find gd-bundled.so.

The original php5-gd is installed at /usr/lib/php5/20090626/gd.so (for my installation), backup the original gd.so, and copy the gd-bundled.so to that location and rename to gd.so (you can copy files with F5 in mc).
The new gd.so expects to find libjpeg.so.8, this was not present on my system, but that can be sovled by creating a symlink from the installed libjpeg.so
On my system I found /usr/lib/libjpeg.so.64.0.0
Create the symlink with:
# ln -s /usr/lib/libjpeg.so.62.0.0 /usr/lib/libjpeg.so.8

This is it, restart apache and you should be running with the bundled version of gd.
# php -r "var_dump(function_exists(‘imageantialias'));"
Should return bool(true) this time.

Now, if there is an update of the php5-gd package, your modified version gets overwritten. To prevent this from happening, you can hold the php5-gd package so it will not be updated.
# aptitude hold php5-gd

I hope this will help you as much as it did me!

Enjoy :enjoy:

51625

08th Nov2012

Problems uploading files to ownCloud

by Gyro

I've installed ownCloud a while back and finally got around to test it today.

As ownCloud has a "Music" section, I figured I start by uploading some of my music. I first tried uploading an MP3 file via the web interface, but the spinning wheel would never go away, and an eventual refresh showed no new file. I then tried it with a few small files, and realized that anything over 1MB file size will result in the file not being uploaded, and the original gets deleted by the owncloud sync tool when it was used to upload/sync the file.

(more…)

5335