Closed informaticaopensource closed 2 years ago
Dear informaticaopensource. Please, follow the indications at https://vpl.dis.ulpgc.es/documentation/vpl-jail-system-2.7.1/troubleshooting.html#id1 After changing the log level and restarting the service the log must contain the reason why the daemon start fails.
Best regards, Juan Carlos.
Hello, I have a big problem with installation of vpl-jail 2.7.1 I have a vps with almalinux (centos upgrade) with plesk panel manager. I have installed vpl-jail-server but doens't start. The error is (look up image.
Myconfiguration is
CONFIGURATION FILE OF vpl-jail-system #
Format VAR=VALUE #no space before and after "="
To apply changes you must restart the service using
"systemctl restart vpl-jail-system" or "service vpl-jail-system restart"
JAILPATH set the jail path
JAILPATH=/jail
MIN_PRISONER_UGID set start first user id for prisoners
MIN_PRISONER_UGID=10000
MAX_PRISONER_UGID set the last user id for prisoners
MAX_PRISONER_UGID=12000
MAXTIME set the maximum time for a request in seconds
MAXTIME=1800
Maximum file size in bytes
Maximum memory size in bytes
MAXMEMORY=2000000
Maximum number of process
MAXPROCESSES=500
Path to control directory. the system save here information of request in prog$
CONTROLPATH="/var/vpl-jail-system"
Limit the servers from we accept a request
IP or net (type A, B and C) separate with spaces
Format IP: full dot notation. Example: 128.122.11.22
Format net: dot notation ending with dot. Example: 10.1.
TASK_ONLY_FROM=10.10.3.
To serve only to one interface of your system
INTERFACE=128.1.1.1
Socket port number to listen for connections (http: and ws:)
default 80. 0 removes
PORT=80
Socket port number to listen for secure connections (https: and wss:)
default 443
SECURE_PORT=443
URL path for task request
act as a password, if no matches with the path of the request then it's reject$
URLPATH=/
FIREWALL=0|1|2|3|4
1: VPL service+DNS+internet access
2: VPL service+DNS+Limit Internet to port 80 (super user unlimited)
3: VPL service+No external access (super user unlimited)
4: VPL service+No external access
Note: In level 4 stop vpl-jail-system service to update/upgrade the system
Note: Don not use in CentOS
default level 0
FIREWALL=0
ENVPATH is environment PATH var set when running tasks
IMPORTANT: If you are using RedHat or derived OSes you must set this parameter$
PATH environment variable of common users (not root) example
ENVPATH=/usr/bin:/bin
LOGLEVEL is the log level of the program
From 0 to 8. 0 minimum log to 8 maximum log and don't removes prisoners home d$
IMPORTANT: Do not use high loglevel in production servers, you will get pour p$
default level 3
LOGLEVEL=3 FAIL2BAN is a numeric parameter to ban IPs based on the number of failed reque$
0: disable banning
The banning criteria is the number of fail > 20 * FAIL2BAN and more failed re$
The fail counter are reset every five minutes. The banning last five minutes.
default 0
FAIL2BAN=0
USETMPFS This switch allows the use of the tmpfs for "/home" and the "/dev/shm$
Changes this switch to "false" can degrade the performance of the jail system .
To deactivate set USETMPFS=false
USETMPFS=true
HOMESIZE The limits of modifications of the "duplicate" directory the default $
or 2Gb if USETMPFS=false
HOMESIZE=30%
HOMESIZE=2G
SHMSIZE The size of the "/dev/shm" directory he default value is 30% of the sy$
This option is applicable if using tmpfs file system for the "/dev/shm" direct$
ALLOWSUID This switch allows the execution of programs with a suid bit inside $
This may be a security threat, use at your own risk. To activate set ALLOWSUID$
ALLOWSUID=false
SSL_CIPHER_LIST This parameters specifies ciphering optiosn for SSL.
In case of wanting to have Forward Secrecy the option must be: ECDHE
SSL_CIPHER_LIST=
SSL_CERT_FILE Indicates the path to the server's certificate
If your Certification Authority is not a root authority
you may need to add the chain of certificates of the intermediate CAs to this$
SSL_CERT_FILE=/etc/vpl/cert.pem
SSL_KEY_FILE Indicates the path to the server's private key
SSL_KEY_FILE=/etc/vpl/key.pem
The Lets Encrypts certificate are in /etc/vpl.
How do i resolve ? Thank for attension