Profile Details

Toggle Sidebar
Recent updates
  • Sorry, but I have no ideas. There is nothing obviously wrong. The firewall restarts a few times during boot up but I think that is normal. It successfully gets to the end of the its start up without tripping. I would, therefore, think it was a squid issue, but I don't use squid so I don't know. Did you use my modification to the firewall start up file?

  • As a note of caution to any existing LetsEncrypt users, this hosed my certificate renewal but only because of my particular set up. I had been using /var/www/html as my document root rather than the default website from the Webconfig which I was not aware of when I set my site up a long while ago. When you assign the certificates in the Webconfig Webserver menu, it activates virtual hosts in /var/flexshare/shares/{default_site} and this intercepts some of the handshaking certbot uses to renew certificates. To get round this I had to edit the conf file in /etc/letsencrypt/renewal to point to the new document root. I also copied over the .well-known folder but certbot may create it if it does not exist.

  • Nick Howitt
    Nick Howitt's reply was accepted as an answer

    Re: How to change interface name on ClearOS 7 ?

    I am not sure if it needs a re-install, but this is the RedHat document saying how to do it. I've never tried it. There is also a program called ifrename but I don't know if it works on the FC/RHEL/Centos/ClearOS lineage.

    More stuff here and here.

  • Does the modem have a bridge mode. My VirginMedia cable modem/router does and connects by pure Ethernet. In the UK, BT cable uses VDSL. If you put this into bridge mode you have to then switch your ClearOS WAN to PPPoE.

  • Unfortunately those drivers are the optimum. The problem NIC is the RTL8111/8168 but you don't have that.

    I don't know if you can bypass any internal processing of ClearOS except the proxy/content filter.

    In your set up does your WAN get a public IP or is it NAT'd through another modem or router? I can't remember the details of your other posts.

  • Before you go down that rout, can you just check your NIC drivers. There is one in particular we can do something about. What is the output of:

    For an iptables rule, try something like:and perhaps the same with a "-d" instead of "-s". This may mess with any time rules you create as normally the first rule matched stops all further rule processing. You'd want to see the time blocks above this rule when you do an "iptables -nvL FORWARD"

    Also, with the above rule, if it works at the command line, change "iptables" to "$IPTABLES" for the custom firewall module.

  • I am not sure if it needs a re-install, but this is the RedHat document saying how to do it. I've never tried it. There is also a program called ifrename but I don't know if it works on the FC/RHEL/Centos/ClearOS lineage.

    More stuff here and here.

  • Nick Howitt
    Nick Howitt's reply was accepted as an answer

    Re: Aliases

    It died with 5.x. Just edit /etc/aliases manually then issue the command "newaliases".

  • This all sounds wrong. The config backup does not fully backup the network settings as it is typically used when people need to transfer settings to another server like I did when setting up a 7.x server form a 6x live one. You don't want to copy over the network settings as all the interfaces will probably be different in the new server. It is also dangerous to restore firewall rules to a different server as hardcoded interfaces can make the firewall panic.

    I am still thinking there is an issue with storage mounts if you think everything under /var/flexshare has gone. What is the contents of /etc/fstab?

  • fullchain.pem = chain.pem + cert.pem.

    In apache you can specify separately the chain (intermediate) and certificate file. ClearOS is set up to use certificates in this fashion as I understand certificate providers generally provide both the certificate and intermediate files. I believe you can get away with specifying the certificate file as fullchain.pem and not specify the chain file, but why bother as this would become a specific set up for LetsEncrypt instead of a general one for all external certificates.

    In Peter's program there is no need to copy the certificate to domain.crt. His program configures flex-443.conf to read directly from the /etc/letsencrypt/live/{domain}/*.pem files which are symlinks to the latest certificate. It does not look in /etc/clearos/certificate_manager.d.