Greetings,
We are happy to announce the availability of XtendWeb 4.5.11 and Nginx 1.13.12 on the yum channel
To upgrade
##
yum --enablerepo=ndeploy upgrade nDeploy nginx-nDeploy*
/opt/nDeploy/scripts/attempt_autofix.sh
nginx -t
# if all OK
service nginx restart
##
The major changes apart from various improvements and version upgrade in upstream nginx and modules are
1. Support for branding
XtendWeb is now 100% white-label plugin and you can brand the plugin to your liking boosting your brand visibility and customer satisfaction
To setup branding, you will need to copy a 48x48px icon for your plugin to /opt/nDeploy/nDeploy_cp/ and /opt/nDeploy/nDeploy_whm/ folder
cp -p mybrandicon.png /opt/nDeploy/nDeploy_cp/
cp -p mybrandicon.png /opt/nDeploy/nDeploy_whm/
cp -p /opt/nDeploy/conf/branding.yaml.sample /opt/nDeploy/conf/branding.yaml
Edit the file /opt/nDeploy/conf/branding.yaml in your favourite text editor
/opt/nDeploy/scripts/setup_brand.sh
You can change the plugin name (brand:) visible in WHM and cPanel, The footer link (brand_footer:) visible in cPanel plugin, the icon visible in cPanel and WHM ( brand_logo:), and the plugin group visible in cPanel ( brand_group:)
If any of the above keys are removed from the branding.yaml file, the default value is taken
Setting up the branding.yaml is a one time process and the file and your branding are retained in future plugin upgrade as well.
2. Integration of Brute force mitigation template (the default) with CSF firewall. repeated brute force attempts will now get TEMP_BLOCK ed in CSF
You can see the IP's blocked in /var/log/lfd.log
May 20 11:32:32 XXXX lfd[30676]: (xtendweb) xtendweb blocked brute force attack from y.y.y.y (CN/China/-): 3 in the last 3600 secs - *Blocked in csf* for 300 secs [LF_CUSTOMTRIGGER]
XtendWeb installer will automatically detect CSF if installed and set up the custom trigger
NOTE: if there are false positives or if a user do not wish to avail this feature, they can easily switch the PROXY template from "Proxy+Brute mitigate" to " Proxy to httpd" and this will stop the LFD custom trigger from being activated for the domain
*************************************************NB:: for customers who have a self-managed cluster - We are working on some more improvements to the system including documentation - so an upgrade is not recommended at this moment. A separate notification will be generated in future when you can upgrade the cluster.
***************************************************
Thank you and Have a great day ahead.