# Server Customization

The Upgrade script overrides all the modifications that made in server configurations, but there are several ways to make customization properly.

# Custom PHP configuration

Create new file in /etc/php/php-fpm.d/ directory with .ini extension.

# Example

echo "upload_max_filesize = 400M \n post_max_size = 400M" > /etc/php/php-fpm.d/60-increase-memory-limit.ini
1

# Custom PHP-FPM configuration

Create new files in /etc/php/php-fpm.d/ with .conf extension. For example, /etc/php/php-fpm.d/custom.conf.

# Custom Nginx config

List of available configuration files.

  • /etc/nginx/conf.d/local/keitaro/admin.inc. Use that file to insert customization under location /admin {} section.
  • /etc/nginx/conf.d/local/keitaro/nontracker.inc. Use that file to insert customization for landing pages.
  • /etc/nginx/conf.d/local/keitaro/realip.inc. Use that file to customize reaip resolutions.
  • /etc/nginx/conf.d/local/keitaro/server.inc. Use that file to customize server {} section.
  • /etc/nginx/conf.d/local/keitaro/tracker.inc. Use that file to insert customize traffic handing.

Validate configuration:

nginx -t
1

Restart nginx

systemctl restart nginx
1
How to restrict access to control panel by IP?

To block all IPs, except 1.2.3.4 to access to the control panel, run:

echo 'allow 1.2.3.4; deny all;' > /etc/nginx/conf.d/local/keitaro/admin.inc
1
How to block specific IP?
echo 'deny 1.2.3.4; allow all;' > /etc/nginx/conf.d/local/keitaro/server.inc
1

# Custom MariaDB (MySQL) configuration

Create new file in /etc/my.cnf.d/ directory with .cnf extension. For example, /etc/my.cnf.d/x-overrides.cnf with.

Restart MariaDB:

systemctl restart mysql
1

# Firewall

To open a port, run:

firewall-cmd --permanent --add-port=port_number/tcp
1

For example, to open port 80, run:

firewall-cmd --permanent --add-port=80/tcp
1

To add a range of ports, tun:

firewall-cmd --permanent --add-port=6500-6700/udp
1

To add several ports with one command (here for port 80 and 443):

firewall-cmd --permanent --add-port=80/tcp --add-port=443/tcp
1

# Sending emails

There's no special email service on a server, all emails must be sent with the external service.

For 100-150 emails daily use Gmail.