The safe bet for high-capacity use

Reliable brand name hardware with XEON processors

Our servers provide the raw horsepower you demand for your processor-intensive and disk I/O-intensive workloads. These servers come with the most complete package of standard features and services.

The operation of applications for mining crypto currencies is prohibited.

1 Gbit Guaranteed Bandwidth
DDoS Protection
99.99% Uptime Guarantee
Juniper Routing Technology

Single CPU, Multiple Cores

CPU
RAM
HARD DRIVE
BANDWIDTH / LOCATION
Price

CPU Intel Xeon E-2176G
6 cores (12 threads)
RAM 64 GB DDR4 ECC
HARD DRIVE 2 x 960 GB SSD
4 Maximum hard disks
BANDWIDTH / LOCATIONUnlimited
^€60^,00/month
No setup fee
Order Details

CPU Intel® Xeon® E3-1271 v3
RAM 32 GB ECC DDR3
HARD DRIVE 4 x 10TB HDD
BANDWIDTH / LOCATIONUnlimited
^€70^,00/month
No setup fee
Order Details

CPU Intel Xeon E3-1270 v5
4 cores (8 threads)
RAM 16 GB DDR4 ECC
HARD DRIVE 2x480GB SSD
4 Maximum hard disks
BANDWIDTH / LOCATION30TB
^€90^,00/month
Setup fee 50.00€
Order Details

CPU Intel Hexa-Core Xeon E-2286G
6 cores (12 threads)
RAM 32 GB DDR4 ECC
HARD DRIVE 2 x 480GB SSD
4 Maximum hard disks
BANDWIDTH / LOCATION30TB
^€105^,00/month
Setup fee 50.00€
Order Details

CPU Intel® Xeon® Gold 5412U
24 cores (48 threads)
RAM 256 GB
HARD DRIVE 2x 1.92 NVMe
BANDWIDTH / LOCATIONUnlimited
^€165^,00/month
Setup fee 80.00€
Order Details

Multiple CPUs, Multiple Cores

CPU
RAM
Hard Drive
Bandwidth / LOCATION
Price

CPU 2 x Intel Xeon E5-2620v4
16 cores (32 threads)
RAM 32GB DDR4
384GB DDR4 Maximum RAM
HARD DRIVE 2 x 480GB SSD
8 Maximum hard disks
BANDWIDTH / LOCATION30 TB
^€150^,00/month
Setup fee 50.00€
Order Details

CPU 2 x Intel Xeon E5-2630v4
20 cores (40 threads)
RAM 32GB DDR4
384GB DDR4 Maximum RAM
HARD DRIVE 2 x SSD 960GB
8 Maximum hard disks
BANDWIDTH / LOCATION30 TB
^€165^,00/month
Setup fee 50.00€
Order Details

CPU 4 x Intel® Xeon® E5-4620 v2
32 cores (64 threads)
RAM 128 GB DDR4
768GB DDR4 Maximum RAM
HARD DRIVE 2 x SSD 960GB
BANDWIDTH / LOCATION30 TB
^€200^,00/month
Setup fee 50.00€
Order Details

For custom machine configuration feel free to contact us.

Operating System

A wide range of operating systems are available for your Dedicated Server.

OPERATING SYSTEM	PRICE
AlmaLinux	Free
Debian (Minimal)	Free
Ubuntu LTS (Minimal)	Free
Proxmox VE	Free Setup fee €100.00
Windows Server 2022 Standard Edition	28^,00€/month
Windows Server 202 Datacenter Edition	160^,00€/month

Additional Server Options and Control Panel

Below you can see the additional options for your Server.

	PRICE
cPanel Premier (Up to 100 accounts) Sale	^€ 65^,99/month
Plesk Onyx Web Admin (10 Domains)	^€ 12^,99/month
Plesk Onyx Web Pro Edition (30 Domains)	^€ 22^,99/month
Plesk Onyx Web Host Edition (Unlimited Domains)	^€ 56^,99/month
4-Port Hardware-RAID Controller	^€ 30^,00/month
IP	^€ 3^,00/month

* Allocation in accordance with RIPE guidelines

Addional Storage Options

In most cases we can install up to 4 drives in our servers, meaning we can either add 2 additional drives or we can remove the default drives and install 4 new drives.

HDD SATA Enterprise	PRICE
2 TB SATA	12^,00€/month
4 TB SATA	15^,00€/month
6 TB SATA	16^,00€/month
10 TB SATA	23^,00€/month
12 TB SATA	30^,00€/month

SSD Datacenter Edition	PRICE
240 GB	10^,00€/month
480 GB	15^,00€/month
960 GB	28^,00€/month
1.92 TB	40^,00€/month
3.84 TB	100^,00€/month

Why use Dedicated Servers?

We guarantee our commitment to quality.

Features
Guarantee

Infrastructure

Dedicated Servers are hosted in Europe with feature latest generation hardware and technologies – Enterprise SATA HDDs or SSD for storage, DDoS protection for strong security, DDR4 ECC RAM for super-fast performance.

Uptime Guarantee

We deliver even more by putting our servers up and running 99.99%.

DDoS Protection

Our Datacenter uses its automated security tools to protect your web applications, websites, servers, and IT infrastructure from this threat. Our automated system recognizes almost all attack patterns in advance, allowing it to block the attacks and effectively thwart the vast majority of them.

Our Guarantee of Quality

All Cloud Services Store hosting services are backed by our pioneering Hosting Guarantee. This guarantee is a mark of the high quality you can expect from Cloud Services Store and underlines our commitment to providing excellence in our hosting division. Our Hosting Guarantee explains that we treat each service you have with Cloud Services Store individually. You can subscribe, modify or cancel any service you have with us at any time.

Most frequently asked questions

How to configure Plesk mail in Android
Here is a step-by-step guide to help you configure Plesk mail in Android.

Step 1

Open the Gmail app, go to ‘Settings’ and tap ‘Add account’.

Step 2

Select ‘Personal (IMAP/POP)’.

Step 3

Insert email address and select ‘Manual setup’.

Step 4

Select Personal (IMAP) or Personal (POP3) according to your preference.

Step 5

Enter your password.

Step 6

On the incoming settings screen select authentication ‘SSL/TLS (Accept all certificates)’.

Step 7

The incoming server settings will be validated.

Step 8

On the outgoing server settings screen select authentication ‘SSL/TLS (Accept all certificates)’.

Step 9

Select the prefered synchronization options.

Step 10

Tap your ‘Inbox’ to start reading and writing emails.
How to install the php-mcrypt module on a Plesk server
Question

How to install the php-mcrypt module on a Plesk server?

Answer

Notes: The solution in this article is applicable to system PHP versions (Up to 7.1) supplied by OS vendor.

Plesk PHP handlers up to 7.1 are shipped with the mcrypt module by default. PHP handlers provided by Plesk can be installed via Plesk Installer and selected at Domains > example.com > PHP settings.

The mcrypt module is deprecated since PHP 7.1 and is moved out from core into PECL:
PHP RFC: Deprecate (then Remove) Mcrypt
PHP: Deprecated features in PHP 7.1.x
1. Connect to a Plesk server via SSH.
2. Install the module:
  - on CentOS/RHEL-based distributions:
    
    The php-mcrypt package is available in RPMforge and EPEL repositories. Add the repository to the server and install the package using the yum utility. In this example, we are using the EPEL repo:
    
    # yum install epel-release
    # yum install php-mcrypt
  - on Debian/Ubuntu-based distributions:
    
    Find the system PHP version:
    
    # php -v
    
    Run the command:
    - if PHP 5.x version is installed:
      
      # apt-get install php5-mcrypt
    - if PHP 7.x version is installed:
      
      # apt-get install php-mcrypt
3. To make the mcrypt extension available for existing websites, update PHP settings for all domains with the command:
  
  # /usr/local/psa/bin/php_settings -u
  
  This extension will also appear in Plesk at Tools & Settings > PHP Settings > [php] by OS vendor.
Windows: Accessing Your Server with Remote Desktop
This article explains how to use Remote Desktop to access your Windows server’s desktop from anywhere in the world.

Remote Desktop from a Windows Computer
1. Click the Start button.
2. Click Run…
3. Type “mstsc” and press the Enter key.
4. Next to Computer: type in the IP address of your server
5. Click Connect.
6. If all goes well, you will see the Windows login prompt.
Remote Desktop from a Linux Computer with RDesktop
1. Open a command shell using xterm
2. Type ‘rdesktop’ at the command prompt to see if you have rdesktop installed
3. If rdesktop is installed, then proceed. Otherwise, you will need to install the rdesktop package for your flavor of Linux.
4. Type ‘rdesktop’ followed by your server’s IP address. Then press Enter.
  - Example:
    $ rdesktop 72.52.246.40
5. If all goes well, you will see the Windows login prompt.
Remote Desktop from Mac OS X
1. Using Microsoft Remote Desktop (Mac OS X versions 10.9 and later):
  - Install Microsoft Remote Desktop from the Mac App Store.
  - Click the New button or use the shortcut Command + N to set up a connection to your server with the following settings:
    - PC name: You can use your server’s IP address or its hostname (if the hostname has an appropriate DNS record and resolves).
    - User name: To access the admin account, use "root" or “Administrator”.
    - Password: Enter the Administrator password.
    - Configure full-screen and multi-monitor settings to your preference.
  - Once you’ve filled in the appropriate settings, close the Edit Remote Desktops window.
  - Select your connection under My Desktops and press the Start button in the menu to connect (or simply press the return key on your keyboard).
  - If your server uses a self-signed SSL certificate, a message will be displayed as Remote Desktop is negotiating credentials. You can either press Continue to proceed with the connection or, to permanently store the certificate and connect directly in the future, click Show Certificate and then check the box next to Always trust … before clicking Continue to proceed.
2. Using CoRD (Mac OS X versions 10.5 through 10.8 only):
  - Download and install the CoRD application here.
  - Open the application and click on the File menu, then New Server
  - You will be presented with a window where you can specify information about the server you are connecting to.
  - Enter the server’s hostname or IP address in the Address field.
  - You can alter the other settings in this window if you wish but all you need to start the connection is the address.
  - When you are finished making changes, press the enter/return key on your keyboard or simply close the new server window.
  - Your new server profile will appear in the list to the left side of the application. Double click on it and you will start the connection to your server.
3. Using the Microsoft RDP Tool (Mac OS X versions prior to 10.7 only):
  - Download and install the Microsoft Remote Desktop Connection Client for Mac here.
  - When you open the application, you will be prompted for the “Computer:” you would like to connect to. You can enter the server’s hostname or IP address.
  - After you click Connect the client will ask for your user name and password. If it fails to connect, you can try again inside the remote connection window.
What is Reverse DNS?
Reverse DNS (rDNS) is name resolution that looks up an IP addresses to obtain a domain name, performing the opposite function of the DNS server, which turns domain names into IP addresses.

Reverse DNS can be used as a spam filter. Typically, spammers use invalid IP addresses, that is, ones that do not match domain names. A reverse DNS program looks up the IP address of an incoming message and, if no valid domain name is found, the server blocks the message. Although reverse DNS is fairly effective for filtering spam, it also often blocks valid emails.

Our administrators configure reverse DNS on all of our email servers. If you administrate your own server, you can contact your IP address's provider to configure reverse DNS.
How to disable directory browsing globally on whole WHM/cPanel server
o disable directory browsing/listing on whole server, follow these simple instructions:

1. Log into WHM
2. Service Configuration –> Apache Configuration
3. Global Configuration
4. Scroll down to Directory ‘/’ Options
5. Un-tick Indexes option (see picture)
6. Then press Save button below
7. Finally, rebuild by clicking rebuild apache conf button and that’s it…
Setting up Nameserver DNS Using cPanel/WebHost Manager
cPanel's WebHost Manager® (WHM) lets you use your own domain name as a nameserver for websites your server hosts. To use your domain name, you have to set up a WHM Account for it first.

To Set up Nameserver DNS Using cPanel/WHM
1. Log in to WebHost Manager using root for your username and your server's password at https://yourserverip:2087, where yourserverip is your server's IP address.
2. Click DNS Functions.
3. Click Edit DNS Zone.
4. Select the domain name you want to use, and then click Edit.
5. For the two rows with the menu displaying NS, edit the right-most columns to ns1.your domain name. and ns2.your domain name., respectively.
  
  Note: You have to enter a "." after your nameserver in this section for the DNS to work properly.
6. In the Add New Entries Below this Line section, do the following in the first row:
  - First field: Type ns1
  - Second field: Type 14400
  - Third field: Select A
  - Fourth field: Enter your server's IP address
  Then, in the second row, do the following:
  - First field: Type ns2
  - Second field: Type 14400
  - Third field: Select A
  - Fourth field: Enter your server's IP address
  Note: Do not enter a "." after your ns1 and ns2 entries in this section.
7. Click Save.
  
  Note: DNS can take 24-48 hours to propagate once these changes have been made.
How to Install MySQL on CentOS 7
MySQL is a popular database management system used for web and server applications. However, MySQL is no longer in CentOS’s repositories and MariaDB has become the default database system offered. MariaDB is considered a drop-in replacement for MySQL and would be sufficient if you just need a database system in general.

Before You Begin
1. Ensure that you have followed the Getting Started and Securing Your Server guides, and the Linode’s hostname is set.
  
  To check your hostname run:
```
hostname

hostname -f
```
  The first command should show your short hostname, and the second should show your fully qualified domain name (FQDN).
2. Update your system:
```
sudo yum update
```
3. You will need wget to complete this guide. It can be installed as follows:
```
yum install wget
```
Install MySQL

MySQL must be installed from the community repository.
1. Download and add the repository, then update.
```
wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

sudo rpm -ivh mysql-community-release-el7-5.noarch.rpm

yum update
```
2. Install MySQL as usual and start the service. During installation, you will be asked if you want to accept the results from the .rpm file’s GPG verification. If no error or mismatch occurs, enter y.
```
sudo yum install mysql-server

sudo systemctl start mysqld
```
MySQL will bind to localhost (127.0.0.1) by default.

Harden MySQL Server
1. Run the mysql_secure_installation script to address several security concerns in a default MySQL installation.
```
sudo mysql_secure_installation
```
You will be given the choice to change the MySQL root password, remove anonymous user accounts, disable root logins outside of localhost, and remove test databases. It is recommended that you answer yes to these options. You can read more about the script in the MySQL Reference Manual.
How to change the location for Plesk backup files on a Linux server?
By default, all backup data is stored in the directory /var/lib/psa/dumps.

To change the default backup location, follow these steps:
1. Connect to a Plesk server via SSH.
2. Create a new directory for backups. In these example, we will use /plesk_backups:
  
  # mkdir /plesk_backups
3. Set necessary ownership for the created directory:
  
  # chown psaadm:psaadm /plesk_backups
4. Modify the backup location in the Plesk configuration file /etc/psa/psa.conf:
  
  4.1. Open the file /etc/psa/psa.conf in a text editor (for example, "vi" editor).
  
  4.2. Change the value of DUMP_D to the created directory from step 2:
  
  # Backups directory
  DUMP_D /plesk_backups
  
  4.3. Save the changes and close the file.
  
  4.4. Verify that the directory has been changed:
  
  # cat /etc/psa/psa.conf | grep -w DUMP_D
  DUMP_D /plesk_backups
5. Move all backup data and the hidden .discovered directory from the old location to new:
  
  # mv /var/lib/psa/dumps/* /plesk_backups/
  # mv /var/lib/psa/dumps/.discovered/ /plesk_backups/
6. Restart the "sw-cp-server" service:
  
  # service sw-cp-server restart
  
  From now all backup files will be stored in the directory /plesk_backups.
Configuring FTP Passive Mode to Plesk
By default, Plesk allows only active FTP connections. This may result in customers being unable to connect to the server via FTP. To avoid this, we recommend enabling passive FTP. This topic explains how to enable passive FTP mode in Plesk for Linux.

To enable passive FTP mode in Plesk for Linux:
1. Log in to your server via SSH as the root user.
2. Create the /etc/proftpd.d/55-passive-ports.conf file, add the following lines to it, and then save the changes:
  
  <Global>
  
  PassivePorts 49152 65535
  
  </Global>
3. Run the following command:
  
  systemctl restart xinetd
Now your Plesk server accepts passive FTP connections. If you have installed the Plesk Firewall and switched on its default configuration, you need to add a firewall rule allowing passive FTP:
- Direction: Incoming
- Action: Allow
- Ports: TCP 49152-65535
- Sources: (any host)
How to create partition and format a Linux Disk as Ext4 from the Command Line
For the code, I’m just going to assume the drive is /dev/sdb. If you’re following this, make sure you’re using the correct drive name.

Unmount The Drive

Only needed if it’s been mounted already.

sync
umount /dev/sdb1

Prepare the Drive

Fire up fdisk

fdisk /dev/sdb

If you already have a filesystem on the disk, wipe it.

Press d

Now create a new primary partition.

Press n

Enter the partition type.

Press p (primary)

Enter the partition number.

Press 1

It’ll now ask you to set the start and end cylinders on the disk. Just hit return for each to accept the defaults.

Change the system type to Linux.

Press t
Enter 83

Write the changes to disk (this can’t be undone).

Press w

Create the Filesystem

Format the new partition using Ext4.

mkfs.ext4 /dev/sdb1

It’ll now go off and start writing the filesystem. This can take a bit of time, but it should give you an update on what’s being written.

Mount Your Drive

Now your partition has been created, you need to mount it somewhere to use it. Here I’m using /mnt/user/ext/.

mount /dev/sdb1 /mnt/user/ext/
How to log in to MySQL using the Plesk MySQL "admin" password in plain text?
Question

It is not possible to log in to MySQL using a Plesk MySQL "admin" password in plain text:

# mysql -uadmin -p"mysql_admin_password_in_plain" psa
ERROR 1045 (28000): Access denied for user 'admin'@'localhost' (using password: YES)

while login with cat works fine:

# MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql -uadmin psa

How to log in to MySQL using a Plesk MySQL "admin" password in plain text?

Answer

For security reasons, the Plesk MySQL "admin" password is encrypted and stored in the file /etc/psa/.psa.shadow.

To log in to MySQL using the Plesk MySQL "admin" password without cat, use the encrypted string from the file /etc/psa/.psa.shadow:

Note: Put the backslash symbol "\" before the sign "$":

# mysql -uadmin -p"\$AES-128-CBC\$NP15ZIjr/iNnfjQ72gR8yA==\$uil2bGcV83uxvFihBxkSvA==" psa

To connect from the MySQL Workbench use the plain text from the /etc/psa/.psa.shadow.
How to change virtual hosts location in Plesk for Linux?

In Plesk for Linux, transvhosts.pl utility can be used to change the location for all virtual hosts:

Warning: Plesk Onyx with SELinux enabled does not support custom vhosts directory, that would break your sites. This bug PPPM-6521 will be fixed in future Plesk updates.

In Plesk for Linux, transvhosts.pl utility can be used to change the location for all virtual hosts:

# /usr/local/psa/bin/transvhosts.pl --help

In the following example, the location is changed to /home directory:

# /usr/local/psa/bin/transvhosts.pl --dest-dir /home --correct-scripts

Note: All the vhosts' content will be automatically moved into the new location.
How to configure Plesk mail in Outlook
Here is a step-by-step guide to help you configure Plesk mail in Outlook.

Step 1

Open outlook and go to ‘File’.

Step 2

Click ‘Add Account’

Step 3

Select ‘Manual setup or additional server types’ and click ‘Next’.

Step 4

Select ‘POP or IMAP’ and click ‘Next’.

Step 5

Enter your User and Server information and click on ‘More Settings’ if you need to configure other Ports for incoming and outgoing mail server than the defaults.

If using the default ports is okay, click next and skip to Step 7.

Step 6

Configure custom ports for Incoming and Outgoing mail servers in the ‘Advanced’ tab.

Step 7

Wait for the account settings test to complete and click ‘Close’.

Step 8

Click ‘Finish’ to exit the wizard and start using your email account.
How to configure Plesk mail in iOS
Here is a step-by-step guide to help you configure Plesk mail in iOS.

Step 1

Go to Settings and tap ‘Mail, Contact, Calendars’.

Step 2

Select ‘Add account’.

Step 3

Select ‘Other’ from the list of email providers.

Step 4

Then tap ‘Add Mail Account’.

Step 5

Enter your Name, Email, Password and a short description and tap ‘Next’.

Step 6

Select IMAP or POP and enter your incoming and outgoing mail server details.

Step 7

Accept the SSL certificate. Tap Continue. This will appear twice, once for your incoming mail server and once for the outgoing one.

Step 8

Tap ‘Save’ to finish setting up your email.
How to install APCu module on Plesk server ?
1. Connect to the server via SSH.
2. Install required development packages:
  - For .deb-based OS (Ubuntu, Debian):
    
    # apt install plesk-php70-dev zlib1g-dev gcc
  - For .rpm-based OS (CentOS, RHEL, CloudLinux):
    
    # yum install plesk-php70-devel zlib-devel gcc
  Note: As an example, Plesk PHP 7.0 development package is installed. For a different version of PHP change php70 to the required version, for instance, php56
3. Install APCu module:
  - For Plesk PHP 7.x:
    
    # /opt/plesk/php/7.x/bin/pecl install apcu
  - For Plesk PHP 5.x:
    
    # /opt/plesk/php/5.x/bin/pecl install apcu-4.0.11
4. Enable APCu in PHP configuration:
  
  # echo "extension=apcu.so" > /opt/plesk/php/7.0/etc/php.d/apcu.ini
5. Restart PHP service and refresh PHP handlers information:
  
  # service plesk-php70-fpm restart
  
  # plesk bin php_handler --reread
6. Verify that the module is loaded and is working:
  
  # /opt/plesk/php/7.0/bin/php -i | grep apc.enabled
  apc.enabled => On => On
How to enable the Apache server statistics on a Plesk server
1. Connect to a Plesk server via SSH.
2. Check if "status_module" is loaded:
  - for CentOS/RHEL-based distributions:
    
    # httpd -M | grep status
    status_module (shared)
  - for Debian/Ubuntu-based distributions:
    
    # apache2ctl -M | grep status
    status_module (shared)
    
    If the output is empty, enable the "status" module in Plesk at Tools & Settings > Apache Web Server.
3. Find out Apache version:
  - for CentOS/RHEL-based distributions:
    
    # httpd -v | grep version
  - for Debian/Ubuntu-based distributions:
    
    # apache2 -v | grep version
4. To make status reports visible to your IP address (from which you access this page in a browser) and localhost, add the below code to the Apache configuration file (create a new file, if there is no):
  - CentOS/RHEL-based distributions:
    CentOS 7: /etc/httpd/conf.modules.d/status.conf
    CentOS 6: /etc/httpd/conf.d/status.conf
  - Debian/Ubuntu-based distributions: /etc/apache2/mods-enabled/status.conf
    
    In this example, we are allowing status reports to IP addresses 203.0.113.2, 203.0.113.3 and localhost:
    - for Apache 2.2:
      
      <IfModule mod_status.c>
      <Location /server-status>
      SetHandler server-status
      Order deny,allow
      Deny from all
      Allow from 127.0.0.1 localhost ip6-localhost 203.0.113.2 203.0.113.3
      </Location>
      ExtendedStatus On
      </IfModule>
    - for Apache 2.4:
      
      <IfModule mod_status.c>
      <Location /server-status>
      SetHandler server-status
      <RequireAny>
      Require local
      Require ip 203.0.113.2 203.0.113.3
      </RequireAny>
      </Location>
      ExtendedStatus On
      </IfModule>
    Note: If "mod_status" is loaded into the server, its handler capability will be available in all configuration files, including per-directory files (for example, .htaccess). This may have security-related ramifications for your website.
5. Restart Apache:
  - for CentOS/RHEL-based distributions:
    
    # service httpd restart
  - for Debian/Ubuntu-based distributions:
    
    # service apache2 restart
  Server statistics will now be available at http://your.server.ip.address/server-status
Installing ConfigServer Security & Firewall (CSF)
Config Server Firewall (CSF) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
It's is a security tool that can protect your server against attacks, such as brute force, and improve server security.

This application will work as a WHM plugin and is free. Follow these instructions to complete a basic CSF installation:
1. Install CSF: Log into your server as root, using SSH.
```
cd /usr/local/src/
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf 
sh install.sh
```
  You will see "Installation Completed".
```
cd ..
rm -Rfv csf/ csf.tgz
```
2. Configure CSF: Login to your server via WHM as root and go to the bottom left menu. In the Plugins section, go to ConfigServer Security Firewall.
How to manage mailbox size in Web Admin edition?
It is not possible to manage mailbox size via Plesk user interface in Web Admin edition.

The only way to manage it is through command-line with administrator privileges.

Examples (both for Linux and Windows):
- set quota to 100M:
  
  # plesk bin subscription_settings --update example.com -mbox_quota 100M
- Set the mailbox size to the default value:
  
  Note: default value for subscription is inherited from its service plan
  
  # plesk bin subscription_settings --update example.com -mbox_quota -1
- To change the limit for a specific mailbox, use plesk bin mail utility:
  
  # plesk bin mail --update user@example.com -mbox_quota 50M
Which ports to unblock for VPN traffic to pass-through?
Microsoft RRAS server and VPN client supports PPTP, L2TP/IPSec, SSTP and IKEv2 based VPN connection. PPTP control path is over TCP and data path over GRE. L2TP tunnel traffic is carried over IPSec transport mode and IPSec protocol internally has a control path through IKE and data path over ESP. SSTP control and data path is over TCP. IKEv2 control path is over IKE and data path over ESP.

So now coming back to original question. There are multiple scenarios:

1) If RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: -
- For PPTP:
  - IP Protocol=TCP, TCP Port number=1723 <- Used by PPTP control path
  - IP Protocol=GRE (value 47) <- Used by PPTP data path
- For L2TP:
  - IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv1 (IPSec control path)
  - IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
  - IP Protocol Type=ESP (value 50) <- Used by IPSec data path
- For SSTP:
- For IKEv2:
  - IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
  - IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
  - IP Protocol Type=ESP (value 50) <- Used by IPSec data path
2) If RRAS server is directly connected to Internet, then you need to protect RRAS server from the Internet side (i.e. only allow access to the services on the public interface that isaccessible from the Internet side). This can be done using RRAS static filters or running Windows Firewall on the public interface (or the interface towards the Internet side). In this scenario following ports need to be opened (bidirectional) on RRAS box to allow VPN traffic to pass through
- For SSTP:
- IP Protocol=TCP, TCP Port number=443 <- Used by SSTP control and data path
- For IKEv2:
- IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
- IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
- IP Protocol Type=UDP, UDP Port Number=1701 <- Used by L2TP control/data path
- IP Protocol Type=50 <- Used by data path (ESP)
Note: Please DO NOT configure RRAS static filters if you are running on the same server RRAS based NAT router functionality. This is because RRAS static filters are stateless and NAT translation requires a stateful edge firewall like ISA firewall.
How to enable/disable SELinux on a server
1. Connect to a server via SSH.
2. Open the /etc/selinux/config file in any text editor. In this example, we are using the vi utility:
  
  # vi /etc/selinux/config
3. Change the SELINUX value to:
  - disabled to completely turn off SELinux on the server:
    
    SELINUX=disabled
  - permissive to make SELinux print warnings instead of enforce security policy:
    
    SELINUX=permissive
  - enforcing to make SELinux security policy enforced:
    
    SELINUX=enforcing
4. Save the changes and close the file.
  
  Note: A server restart is required to apply these changes.
5. Check the permanent status of SELinux:
  
  # sestatus | grep "Mode from config file"
  Mode from config file: permissive
How to upgrade MariaDB 5.5 to 10.0/10.1/10.2 on Centos 7
This article provides instructions for upgrading MariaDB 5.5 to 10.0/10.1/10.2 on Linux.

By default, CentOS 7 is shipped with MariaDB 5.5. MariaDB 10.x version is a drop-in replacement for MySQL 5.5-5.7.
1. For security reasons, create a database dump of all databases with the following command:
  
  # MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysqldump -u admin --all-databases --routines --triggers > /tmp/all-databases.sql
2. Stop MariaDB:
  
  # service mariadb stop
3. Remove additional packages like mariadb-bench:
  
  # rpm -e --nodeps mariadb-bench
4. For security reasons, copy the database directory in a separate folder:
  
  # cp -a /var/lib/mysql/ /var/lib/mysql_backup
5. Check if the mysql-server package is already installed:
  
  # rpm -q --whatprovides mysql-server
  
  If it is installed and the command above gives output, remove using the following command:
  
  # rpm -e --nodeps `rpm -q --whatprovides mysql-server`
6. Configure MariaDB repository: open the Setting MariaDB repositories page, select your OS distro, release and a desired MariaDB version. Once done, the configuration that should be added to the /etc/yum.repos.d/MariaDB.repo file will appear.
  
  Here is an example for MariaDB 10.2:
  
  6.1. Open/create the MariaDB.repo file in any text editor. In this example, we are using the vi editor:
  
  # vi /etc/yum.repos.d/MariaDB.repo
  
  6.2. Add the content below to the file:
  
  [mariadb]
  name = MariaDB
  baseurl = http://yum.mariadb.org/10.2/centos7-amd64
  gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
  gpgcheck=1
  
  6.3. Save the changes and close the file.
7. Start an upgrade of MariaDB:
  
  # yum install MariaDB-client MariaDB-server
8. Once the upgrade is finished, start MariaDB:
  
  # service mariadb start
  
  OR
  
  # service mysql start
9. Upgrade MySQL databases:
  
  # MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql_upgrade -uadmin
10. Restart mysql service:
  
  # service mariadb restart
  
  OR
  
  # service mysql restart
11. Execute this command to update the package version inside Plesk:
  
  # plesk sbin packagemng -sdf
  
  Note: After an upgrade to 10.2 version, there may appear 'mysql' init script. It can be removed.
  
  # rm /etc/init.d/mysql
  # systemctl daemon-reload

Ports Used by Plesk

This section provides information about setting up the firewall built into your panel so as to allow access to Plesk and its services.

The following is a list of ports and protocols used by Plesk services.

Service name	Ports used by service
Administrative interface of Plesk over HTTPS	TCP 8443
Administrative interface of Plesk over HTTP	TCP 8880
Samba (file sharing on Windows networks)	UDP 137, UDP 138, TCP 139, TCP 445
VPN service	UDP 1194
Web server	TCP 80, TCP 443
FTP server	TCP 21
SSH (secure shell) server	TCP 22
SMTP (mail sending) server	TCP 25, TCP 465
POP3 (mail retrieval) server	TCP 110, TCP 995
IMAP (mail retrieval) server	TCP 143, TCP 993
Mail password change service	TCP 106
MySQL server	TCP 3306
Microsoft SQL Server	TCP 1433
PostgreSQL server	TCP 5432
Licensing Server connections	TCP 443
Domain name server	UDP 53, TCP 53
Plesk Installer, Plesk upgrades and updates	TCP 8447

Enabling DKIM Email Signing
Enabling DKIM Email Signing
DKIM “provides a method for validating a domain name identity that is associated with a message through cryptographic authentication” (www.dkim.org).

You enable DKIM email signing for domains that use the Plesk DNS server and those that use an external DNS server in a different way.

Enabling DKIM Email Signing for Domains That Use the Plesk DNS Server

To enable DKIM signing of outgoing email, go to Websites & Domains > Mail Settings of a domain, select the Use DKIM spam protection system to sign outgoing email messages checkbox and click OK.

If you have activated DKIM for a domain, Plesk adds the following two records to the DNS zone of the domain (example.com stands for your domain name):

default._domainkey.example.com - contains the public part of the generated key.

_ domainkey.example.com - contains the DKIM policy. You can edit this policy.

Enabling DKIM Email Signing for Domains That Use an External DNS Server

If you use an external DNS service, DKIM signing will work for outgoing messages, but the receiving mail server will not be able to validate these messages. As a workaround, you can switch off Plesk DNS server and add a corresponding DKIM-related DNS record on the external DNS service. In this case, the receiving server will be able to validate the messages.

SPF and DMARC Policies for Outgoing Mail

In addition to DKIM, Plesk supports SPF and DMARC policies for outgoing mail. DMARC carries out the specified policy as to how to treat email messages depending on the results of the DKIM and SPF checking. By default, DMARC uses general policy, and messages that did not pass checking are not deleted. You can use stricter policy. For example, you can specify that it is necessary for a message to pass both SPF and DKIM checking to be accepted by the recipient mail server.

You can change the SPF and DMARC policies for your domain in the domain’s DNS settings.

To set up DMARC or SPF policy for your domain:

Go to Websites & Domains > navigate to the domain > DNS Settings and edit the DNS records related to SPF or DMARC. For example, this record contains the default DMARC policy:

_dmarc.<your domain>. TXT v=DMARC1; p=none

For information on DMARC and SPF, including policy notations, refer to:

How To Install ElasticSearch 7.x on CentOS 7 / RHEL 7

This tutorial discusses how to install ElasticSearch 7.x on CentOS 7 / RHEL 7. Elasticsearch is an open source search and analytics engine that allows you to store, search, and analyze big volumes of data in real time. Elasticsearch powers millions of Applications that rely on intensive search operations such as e-commerce platforms and big data applications.

The latest release of ElasticSearch as of this article update is 7. We will cover the minimum steps you’ll need to install ElasticSearch 7 on CentOS 7 / RHEL 7 Linux system. So let’s get started.

Step 1: Update the system

The server you’re working on should be updated before you install ElasticSearch 7.x on CentOS 7 / RHEL 7. Just run the commands below to update it.

sudo yum -y update

sudo reboot

Step 2: Install Java / OpenJDK

ElasticSearch requires Java installed for it to run. The default Java installable on CentOS 7 / RHEL 7 is Java 8. Here are the commands to use for the installation.

sudo yum -y install vim java-11-openjdk java-11-openjdk-devel

Confirm installation by checking version of Java:

$ java -version

openjdk version "11.0.16.1" 2022-08-12 LTS

OpenJDK Runtime Environment (Red_Hat-11.0.16.1.1-1.el7_9) (build 11.0.16.1+1-LTS)

OpenJDK 64-Bit Server VM (Red_Hat-11.0.16.1.1-1.el7_9) (build 11.0.16.1+1-LTS, mixed mode, sharing)

Step 3: Add ElasticSearch Yum repository

Add the repository for downloading ElasticSearch 7 packages to your CentOS 7 system.

cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-7.x]

name=Elasticsearch repository for 7.x packages

baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

EOF

If you want to install Elasticsearch 6, replace all occurrences of 7 with 6. Once the repository is added, clear and update your YUM package index.

sudo yum clean all

sudo yum makecache

Step 4: Install ElasticSearch 7 package

Finally install ElasticSearch 7.x on your CentOS 7 / RHEL 7 machine. Note that we’ve added an open source repository. Commercial flavor is available on the other repository.

sudo yum -y install elasticsearch-oss

Confirm ElasticSearch 7 installation:

$ rpm -qi elasticsearch-oss

Name        : elasticsearch-oss

Epoch       : 0

Version     : 7.10.2

Release     : 1

Architecture: x86_64

Install Date: Tue 18 Oct 2022 07:10:22 PM UTC

Group       : Application/Internet

Size        : 420252496

License     : ASL 2.0

Signature   : RSA/SHA512, Wed 13 Jan 2021 03:45:21 AM UTC, Key ID d27d666cd88e42b4

Source RPM  : elasticsearch-oss-7.10.2-1-src.rpm

Build Date  : Wed 13 Jan 2021 12:54:36 AM UTC

Build Host  : packer-virtualbox-iso-1600176624

Relocations : /usr

Packager    : Elasticsearch

Vendor      : Elasticsearch

URL         : https://www.elastic.co/

Summary     : Distributed RESTful search engine built for the cloud

...

Configure Java memory Limits

You can set JVM options like memory limits by editing the file: /etc/elasticsearch/jvm.options

Example below sets initial/maximum size of total heap space

$ sudo vi /etc/elasticsearch/jvm.options

.....

-Xms1g

-Xmx1g

If your system has less memory, you can configure it to use small megabytes of ram.

-Xms256m
-Xmx512m

Start and enable elasticsearch service on boot:

sudo systemctl enable --now elasticsearch

Confirm that the service is running.

$ systemctl status elasticsearch

● elasticsearch.service - Elasticsearch

   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-10-18 19:11:16 UTC; 22s ago

     Docs: https://www.elastic.co

 Main PID: 1687 (java)

   CGroup: /system.slice/elasticsearch.service

           └─1687 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true...



Oct 18 19:11:03 cent7.mylab.io systemd[1]: Starting Elasticsearch...

Oct 18 19:11:16 cent7.mylab.io systemd[1]: Started Elasticsearch.

Check if you can connect to ElasticSearch Service.

$ curl http://127.0.0.1:9200 

{

  "name" : "cent7.mylab.io",

  "cluster_name" : "elasticsearch",

  "cluster_uuid" : "hwrxesk0S8CtFo8V5zYNBg",

  "version" : {

    "number" : "7.10.2",

    "build_flavor" : "oss",

    "build_type" : "rpm",

    "build_hash" : "747e1cc71def077253878a59143c1f785afa92b9",

    "build_date" : "2021-01-13T00:42:12.435326Z",

    "build_snapshot" : false,

    "lucene_version" : "8.7.0",

    "minimum_wire_compatibility_version" : "6.8.0",

    "minimum_index_compatibility_version" : "6.0.0-beta1"

  },

  "tagline" : "You Know, for Search"

}

You should be able to create an index with curl.

$ curl -X PUT "http://127.0.0.1:9200/test_index"

{"acknowledged":true,"shards_acknowledged":true,"index":"test_index"}

Step 5: Install Kibana 7 on CentOS 7 / RHEL 7

Related ElasticSearch Packages such as Kibana, Logstash e.t.c can be installed from the repository added.

sudo yum install kibana-oss logstash

After a successful installation, configure Kibana:

$ sudo vi /etc/kibana/kibana.yml

server.host: "0.0.0.0"

server.name: "kibana.example.com"

elasticsearch.url: "http://localhost:9200"

Change other settings as desired then start kibana service:

sudo systemctl enable --now kibana

If you have an active firewall, you’ll need to allow access to Kibana port:

sudo firewall-cmd --add-port=5601/tcp --permanent
sudo firewall-cmd --reload

Access http://ip-address:5601 to open Kibana Dashboard:

How to extend an EXT4 partition using parted and resize2fs

Firstly, we want to extend the partition using parted:

Bash:

root@cana:~# parted /dev/sda

GNU Parted 3.2

Using /dev/sda

Welcome to GNU Parted! Type 'help' to view a list of commands.

(parted) resizepart 1                                                  

Warning: Partition /dev/sda1 is being used. Are you sure you want to continue?

Yes/No? Yes                                                            

End?  [275GB]? -0                                                      

(parted) quit                                                          

Information: You may need to update /etc/fstab.



root@cana:~#

Hint:

resizepart 1 to resize /dev/sda1

-0 resizes it to the end of the disk. - Indicates that it should count from the end of the disk, not the start. This makes -0 the last sector of the disk - which is suitable when you want to make it as big as possible.

If we type df -H it will still showing the old size:

Bash:

root@cana:~# df -H

Filesystem      Size  Used Avail Use% Mounted on

/dev/sda1       271G  240G   18G  94% /

udev             11M     0   11M   0% /dev

tmpfs           1.3G  8.8M  1.3G   1% /run

tmpfs           3.2G   25k  3.2G   1% /dev/shm

tmpfs           5.3M     0  5.3M   0% /run/lock

tmpfs           3.2G     0  3.2G   0% /sys/fs/cgroup

root@cana:~#

Secondly, we need to use resize2fs to extend the volume:
(The file system meta information needs to indicate the size of the disk, and resize2fs updates this.)

Bash:

root@cana:~# resize2fs /dev/sda1

resize2fs 1.42.12 (29-Aug-2014)

Filesystem at /dev/sda1 is mounted on /; on-line resizing required

old_desc_blocks = 16, new_desc_blocks = 29

The filesystem on /dev/sda1 is now 117964544 (4k) blocks long.



root@cana:~#

Connecting using PuTTY on Windows workstations
Configuring PuTTY
1. In PuTTY, under Session, enter your Host Name
2. Under Connection choose Data
3. Enter your username as the Auto-login username
4. Under SSH, choose 2 from Preferred SSH Protocol Version
5. Under SSH -> Auth, you will need to specify where your private key can be found. Remember this is where you saved the private key on your local computer. Click Browse to locate the file on your computer.
6. Under Sessions, type a name (such as "my site") in the Saved Sessions box and click Save.
Connecting using SSH on Linux or OSX workstations
Use the ssh command to connect to your instance. Specify your username and the external IP address for the instance that you want to connect to.

Download Prive Key from client area and save it to your workstation

For this example, the private key is at ~/.ssh/my-ssh-key.

ssh -i ~/.ssh/my-ssh-key USERNAME@IP_ADDRESS

where:
- USERNAME is your username
- IP_ADDRESS is the IP for your Cloud Server.
If the connection is successful, you can use the terminal to run commands on your instance.

When you are done, use the exit command to disconnect from the instance.
How to create a .ppk from private key on Windows
Using a Public/Private key to authenticate when logging into SSH can provide added convenience or added security. The Public/Private key can be used in place of a password so that no username/password is required to connect to the server via SSH. Instead the unique public and private key provide the secure authentication. The keys may also be generated with a different password from your cpanel password if desired.

Generate a ppk file
1. Download and open PuTTYgen here.
2. Click Load
3. Locate the private SSH key that you have downloaded. Note: You will need choose to display All Files* from the menu to the right of the File Name field.
4. Click the Save private key button to create the ppk file.