3.0.5.4p1 PHP-FPM not working

Discussion in 'General' started by basz, May 4, 2014.

  1. basz

    basz New Member

    Hello,

    after upgrading from ispconfig 3.0.5.3 to 3.0.5.4p1 my ability to run sites using php fpm has been lost. This is true for existing sites as well as newly created sites.. (as a temporary work around I have moved to all existing sites to suPHP). Newly added sites are disabled immediately.

    Below is the output of several logs and configs. It seems a problem exists with the FastCgiExternalServer directive of the vhost configuration ... I am using ipv6, i've read somewhere that could explain the (or similar) problem. I'm not sure what to do next... so any help is much appreciated.

    Thanks you

    Bas



    # Apache did not start after modifying this vhost file.
    # Please check file /etc/apache2/sites-available/testdommie.bushbaby.nl.vhost.err for syntax errors.

    ===
    <Directory /var/www/testdommie.bushbaby.nl>
    AllowOverride None
    Require all denied
    </Directory>

    <VirtualHost *:81>
    DocumentRoot /var/www/clients/client1/web103/web

    ServerName testdommie.bushbaby.nl
    ServerAlias www.testdommie.bushbaby.nl
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/testdommie.bushbaby.nl/error.log

    Alias /error/ "/var/www/testdommie.bushbaby.nl/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
    </IfModule>

    <Directory /var/www/testdommie.bushbaby.nl/web>
    Options +FollowSymLinks
    AllowOverride All
    Require all granted
    </Directory>
    <Directory /var/www/clients/client1/web103/web>
    Options +FollowSymLinks
    AllowOverride All
    Require all granted
    </Directory>




    # suexec enabled
    <IfModule mod_suexec.c>
    SuexecUserGroup web103 client1
    </IfModule>
    # Clear PHP settings of this website
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler None
    </FilesMatch>
    <IfModule mod_fastcgi.c>
    <Directory /var/www/clients/client1/web103/cgi-bin>
    Require all granted
    </Directory>
    <FilesMatch "\.php[345]?$">
    SetHandler php5-fcgi
    </FilesMatch>
    Action php5-fcgi /php5-fcgi
    Alias /php5-fcgi /var/www/clients/client1/web103/cgi-bin/php5-fcgi-*-81-testdommie.bushbaby.nl
    FastCgiExternalServer /var/www/clients/client1/web103/cgi-bin/php5-fcgi-*-81-testdommie.bushbaby.nl -idle-timeout 300 -socket /var/lib/php5-fpm/web103.sock -pass-header Authorization
    </IfModule>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
    AssignUserId web103 client1
    </IfModule>

    <IfModule mod_dav_fs.c>
    # Do not execute PHP files in webdav directory
    <Directory /var/www/clients/client1/web103/webdav>
    <ifModule mod_security2.c>
    SecRuleRemoveById 960015
    SecRuleRemoveById 960032
    </ifModule>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    DavLockDB /var/www/clients/client1/web103/tmp/DavLock
    # DO NOT REMOVE THE COMMENTS!
    # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
    # WEBDAV BEGIN
    # WEBDAV END
    </IfModule>


    </VirtualHost>
    ===

    From the apache log after a restart

    ===

    [Sun May 04 14:51:49.561233 2014] [mpm_prefork:notice] [pid 30145] AH00169: caught SIGTERM, shutting down
    [Sun May 04 14:51:50.665295 2014] [ssl:warn] [pid 30960] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
    [Sun May 04 14:51:50.665397 2014] [suexec:notice] [pid 30960] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
    [Sun May 04 14:51:50.712782 2014] [:notice] [pid 30964] FastCGI: process manager initialized (pid 30964)
    [Sun May 04 14:51:50.757091 2014] [ssl:warn] [pid 30961] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
    [Sun May 04 14:51:50.770200 2014] [mpm_prefork:notice] [pid 30961] AH00163: Apache/2.4.9 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.7 PHP/5.5.11-3+deb.sury.org~precise+1 OpenSSL/1.0.1 configured -- resuming normal operations
    [Sun May 04 14:51:50.770263 2014] [core:notice] [pid 30961] AH00094: Command line: '/usr/sbin/apache2'

    ===

    root@s2:~# apachectl configtest
    AH00526: Syntax error on line 59 of /etc/apache2/sites-enabled/100-testdommie.bushbaby.nl.vhost:
    FastCgiExternalServer: redefinition of previously defined class "/var/www/clients/client1/web103/cgi-bin/php5-fcgi-*-81-testdommie.bushbaby.nl"
    Action 'configtest' failed.
    The Apache error log may have more information.

    ===

    Below is the output from the ispconfig common issues check script.

    I'm using ubuntu 12.04 (up-to-date) and apache (2.4) + php (5.5) from deb.sury.org

    root@s2:~# cat htf_report.txt | more

    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    IP-address(es) (as per ifconfig): ***.***.***.***, ***.***.***.***
    [INFO] ISPConfig is installed.

    ##### ISPCONFIG #####
    ISPConfig version is 3.0.5.4p1


    ##### VERSION CHECK #####

    [INFO] php (cli) version is 5.5.11-3+deb.sury.org~precise+1

    ##### PORT CHECK #####

    [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening
    [WARN] Port 465 (SMTP server SSL) seems NOT to be listening

    ##### MAIL SERVER CHECK #####

    [WARN] I found no "smtps" entry in your postfix master.cf
    [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

    ##### RUNNING SERVER PROCESSES #####

    [INFO] I found the following web server(s):
    Unknown process (varnishd) (PID 13381)
    [INFO] I found the following mail server(s):
    Postfix (PID 31203)
    [INFO] I found the following pop3 server(s):
    Dovecot (PID 989)
    [INFO] I found the following imap server(s):
    Dovecot (PID 989)
    [INFO] I found the following ftp server(s):
    PureFTP (PID 30249)

    ##### LISTENING PORTS #####
    (only ()
    Local (Address)
    [localhost]:3306 (28163/mysqld)
    [anywhere]:587 (31203/master)
    [localhost]:6379 (4703/redis-server)
    [localhost]:11211 (4492/memcached)
    [anywhere]:27629 (1415/btsync-daemon)
    [anywhere]:110 (989/dovecot)
    [anywhere]:143 (989/dovecot)
    [localhost]:783 (5382/spamd.pid)
    [anywhere]:80 (13381/varnishd)
    [localhost]:8082 (15111/unicorn.rb)
    [anywhere]:21 (30249/pure-ftpd)
    ***.***.***.***:53 (2709/named)
    ***.***.***.***:53 (2709/named)
    [localhost]:53 (2709/named)
    [anywhere]:22 (2568/sshd)
    [localhost]:8888 (1415/btsync-daemon)
    [localhost]:9016 (7297/php-fpm:)
    [anywhere]:25 (31203/master)
    [localhost]:953 (2709/named)
    ***.***.***.***:2812 (5297/monit)
    [anywhere]:993 (989/dovecot)
    [localhost]:6082 (13380/varnishd)
    [anywhere]:995 (989/dovecot)
    [localhost]:10024 (27023/amavisd)
    [localhost]:10025 (30170/smtpd)
    *:*:*:*::*:587 (31203/master)
    [localhost]10 (989/dovecot)
    [localhost]43 (989/dovecot)
    *:*:*:*::*:8080 (30145/apache2)
    *:*:*:*::*:80 (13381/varnishd)
    *:*:*:*::*:81 (30145/apache2)
    *:*:*:*::*:21 (30249/pure-ftpd)
    *:*:*:*::*:53 (2709/named)
    *:*:*:*::*:22 (2568/sshd)
    *:*:*:*::*:25 (31203/master)
    *:*:*:*::*:953 (2709/named)
    *:*:*:*::*:443 (30145/apache2)
    *:*:*:*::*:993 (989/dovecot)
    *:*:*:*::*:995 (989/dovecot)




    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    fail2ban-SSH tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22
    fail2ban-wordpress tcp -- [anywhere]/0 [anywhere]/0 multiport dports 80,443
    fail2ban-postfix tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25,465
    fail2ban-ssh-ddos tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22
    fail2ban-ssh tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain fail2ban-SSH (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain fail2ban-postfix (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain fail2ban-ssh (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain fail2ban-ssh-ddos (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain fail2ban-wordpress (1 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain fail2ban-xinetd-fail (0 references)
    target prot opt source destination
    RETURN all -- [anywhere]/0 [anywhere]/0

    Chain fail2ban-xinetd-fail-log (0 references)
    target prot opt source destination
    LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 6/min burst 2 LOG flags 0 level 4 prefix "fail2ban-xinetd-fail:DROP "
    DROP all -- [anywhere]/0 [anywhere]/0
     
    Last edited: May 4, 2014
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the output of:

    ls -la /usr/local/ispconfig/server/conf-custom/
     
  3. basz

    basz New Member

    root@s2:~# ls -la /usr/local/ispconfig/server/conf-custom/
    total 28
    drwxr-x--- 6 ispconfig ispconfig 4096 May 1 22:31 .
    drwxr-x--- 14 ispconfig ispconfig 4096 Dec 27 2012 ..
    -rwxr-x--- 1 ispconfig ispconfig 45 May 1 22:31 empty.dir
    drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 error
    drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 index
    drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 install
    drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 mail
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so there is no custom config. Did you modify the vhost template file in /usr/local/ispconfig/server/conf/ ?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    and please post the output of:

    ls -a /etc/apache2/sites-enabled/*.conf
     
  6. basz

    basz New Member

    Might have done that once (looking at the mod times in that dir). But i assume updating ispconfig voided any changes I might have made.

    Since the last update I have only adapted the apache plugin 'apache2_plugin.inc.php' to use port 81 as the default port (i'm using varnish)

    cat /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php | grep 81
    $tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 81);
    $tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 81);

    root@s2:~# ls -la /etc/apache2/sites-enabled/*.conf
    lrwxrwxrwx 1 root root 35 Aug 8 2013 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
    lrwxrwxrwx 1 root root 38 Dec 25 23:49 /etc/apache2/sites-enabled/ci.bushbaby.nl.conf -> ../sites-available/ci.bushbaby.nl.conf
    lrwxrwxrwx 1 root root 39 Sep 2 2013 /etc/apache2/sites-enabled/git.bushbaby.nl.conf -> ../sites-available/git.bushbaby.nl.conf
    lrwxrwxrwx 1 root root 39 Sep 2 2013 /etc/apache2/sites-enabled/ispconfig.vhost.conf -> ../sites-available/ispconfig.vhost.conf
    lrwxrwxrwx 1 root root 40 Apr 24 11:15 /etc/apache2/sites-enabled/sync.bushbaby.nl.conf -> ../sites-available/sync.bushbaby.nl.conf
    lrwxrwxrwx 1 root root 31 Oct 8 2013 /etc/apache2/sites-enabled/webmail.conf -> ../sites-available/webmail.conf

    root@s2:~# ls -la /usr/local/ispconfig/server/conf/
    total 176
    drwxr-x--- 5 ispconfig ispconfig 4096 Nov 4 22:41 .
    drwxr-x--- 14 ispconfig ispconfig 4096 Dec 27 2012 ..
    -rwxr-x--- 1 ispconfig ispconfig 1592 May 1 22:31 apache_apps.vhost.master
    -rwxr-x--- 1 ispconfig ispconfig 3278 May 1 22:31 apache_ispconfig.conf.master
    -rwxr-x--- 1 ispconfig ispconfig 376 May 1 22:31 apps_php_fpm_pool.conf.master
    -rwxr-x--- 1 ispconfig ispconfig 862 May 1 22:31 autoresponder.master
    -rwxr-x--- 1 ispconfig ispconfig 2173 May 1 22:31 awstats_index.php.master
    -rwxr-x--- 1 ispconfig ispconfig 1445 May 1 22:31 bash.bashrc.master
    -rwxr-x--- 1 ispconfig ispconfig 14388 May 1 22:31 bastille-firewall.cfg.master
    -rwxr-x--- 1 ispconfig ispconfig 201 May 1 22:31 bind_named.conf.local.master
    -rwxr-x--- 1 ispconfig ispconfig 200 May 1 22:31 bind_named.conf.local.slave
    -rwxr-x--- 1 ispconfig ispconfig 2254 May 1 22:31 bind_pri.domain.master
    -rwxr-x--- 1 ispconfig ispconfig 872 May 1 22:31 debian_network_interfaces.master
    drwxr-x--- 18 ispconfig ispconfig 4096 Nov 4 2011 error
    -rwxr-x--- 1 ispconfig ispconfig 543 May 1 22:31 gentoo_network_interfaces.master
    -rwxr-x--- 1 ispconfig ispconfig 321 May 1 22:31 getmail.conf.master
    drwxr-x--- 2 ispconfig ispconfig 4096 Nov 4 2011 index
    drwxr-x--- 2 ispconfig ispconfig 4096 Oct 25 2013 mail
    -rwxr-x--- 1 ispconfig ispconfig 363 May 1 22:31 mailfilter_move_junk.master
    -rwxr-x--- 1 ispconfig ispconfig 4475 May 1 22:31 mm_cfg.py.master
    -rwxr-x--- 1 ispconfig ispconfig 39 May 1 22:31 motd.master
    -rwxr-x--- 1 ispconfig ispconfig 9903 May 1 22:31 nginx_apps.vhost.master
    -rwxr-x--- 1 ispconfig ispconfig 4492 May 1 22:31 nginx_reverse_proxy_plugin.vhost.conf.master
    -rwxr-x--- 1 ispconfig ispconfig 8055 May 1 22:31 nginx_vhost.conf.master
    -rwxr-x--- 1 ispconfig ispconfig 331 May 1 22:31 php-cgi-starter.master
    -rwxr-x--- 1 ispconfig ispconfig 837 May 1 22:31 php-fcgi-starter.master
    -rwxr-x--- 1 ispconfig ispconfig 1427 May 1 22:31 php_fpm_pool.conf.master
    -rwxr-x--- 1 ispconfig ispconfig 1193 May 1 22:31 sieve_filter_1.2.master
    -rwxr-x--- 1 ispconfig ispconfig 947 May 1 22:31 sieve_filter.master
    -rwxr-x--- 1 ispconfig ispconfig 12362 May 1 22:31 vhost.conf.master
    -rwxr-x--- 1 ispconfig ispconfig 8277 Aug 15 2012 vhost.conf.master.copy
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Here is the problem:
    seems as if you renamed some website config files manually from .vhost to .conf. IN ISPConfig, all vhost files end with .vhost, by renaming the files, you created now duplicate symlinks which cause apache to fail.
     
  8. basz

    basz New Member

    Indeed these specific sites aren't managed by ISPConfig... I created these manually and added then via a2ensite. Mainly because the various applications install in different locations (gitlab has it own document root for example).

    This works and has been working fine for me. ISPConfig uses the *.conf.vhost versions, manually added use *.conf

    So the question remains, why does apache fail to start when I enable (or create a new) a site with php-fmp enabled but not for the other php setups? Are you able to confirm sure the ghost config is correct (from my example above testdommie.bushbaby.nl which was a new site created from the ISPConfig provided template)
     
  9. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Could you please post the Include* directives from your apache config?
    Maybe it includes twice.
     
  10. basz

    basz New Member

    Yes that was it!

    I had :
    # Include the virtual host configurations:
    IncludeOptional sites-enabled/
    IncludeOptional sites-enabled/*.vhost

    Now i have :
    # Include the virtual host configurations:
    IncludeOptional sites-enabled/*.conf
    IncludeOptional sites-enabled/*.vhost

    Things are back to normal... :)

    thanks to you both
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The cerrect include is to have just one line:

    IncludeOptional sites-enabled/

    The way you cahnge dit will cause your setup to break again on next update.
     
  12. basz

    basz New Member

    ok done thx again!
     

Share This Page