Hello everyone so I tried the new tutorial to install ISPConfig3 on Debian Stretch (9) I used this guide the only difference is that I installed Nginx rather than Apache2. When I try to deploy ISPConfig3 I am getting this error while the installation is running: Code: PHP Warning: symlink(): No such file or directory in /tmp/ispconfig3-stable-3.1-e313d006f6b7ea0d26bc9c1c11643c6b79b36a3f/install/lib/installer_base.lib.php on line 2116 This is on both stable and testing versions of ISPConfig3. Any idea what I am doing wrong? I cannot access the web interface of ISPConfig3 it gives me "Connection Refused" (UFW is installed but it's disabled so I can configure it from ISPConfig3). In Nginx dir I can see the vhost of ISPConfig3 (and apps too) in sites-avaible, but there is no dir sites-enabled. If anyone has a solution or direction, please share .
Bellow is the htf_report.txt: Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1dev ##### VERSION CHECK ##### [INFO] php (cli) version is 7.0.19-1 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening [WARN] Port 443 (Webserver SSL) seems NOT to be listening [WARN] Port 22 (SSH server) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (nginx:) (PID 23446) [INFO] I found the following mail server(s): Postfix (PID 30314) [INFO] I found the following pop3 server(s): Dovecot (PID 30363) [INFO] I found the following imap server(s): Dovecot (PID 30363) [INFO] I found the following ftp server(s): PureFTP (PID 30417) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10026 (30344/amavisd-new) [anywhere]:3306 (30105/mysqld) [localhost]:10027 (30314/master) [anywhere]:587 (30314/master) [localhost]:11211 (11395/memcached) [anywhere]:110 (30363/dovecot) [anywhere]:143 (30363/dovecot) [anywhere]:111 (510/rpcbind) [anywhere]:80 (23446/nginx:) [anywhere]:465 (30314/master) ***.***.***.***:53 (30425/named) [localhost]:53 (30425/named) [anywhere]:21 (30417/pure-ftpd) [localhost]:953 (30425/named) [anywhere]:25 (30314/master) [anywhere]:993 (30363/dovecot) [anywhere]:995 (30363/dovecot) [anywhere]:1252 (537/sshd) [localhost]:10023 (945/postgrey) [localhost]:10024 (30344/amavisd-new) [localhost]:10025 (30314/master) *:*:*:*::*:10026 (30344/amavisd-new) *:*:*:*::*:587 (30314/master) [localhost]10 (30363/dovecot) [localhost]43 (30363/dovecot) [localhost]11 (510/rpcbind) *:*:*:*::*:465 (30314/master) *:*:*:*::*:53 (30425/named) *:*:*:*::*:21 (30417/pure-ftpd) *:*:*:*::*:953 (30425/named) *:*:*:*::*:25 (30314/master) *:*:*:*::*:993 (30363/dovecot) *:*:*:*::*:995 (30363/dovecot) [localhost]252 (537/sshd) *:*:*:*::*:10023 (945/postgrey) *:*:*:*::*:10024 (30344/amavisd-new) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-dovecot (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pure-ftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 I installed Nginx directly from: Code: deb http://nginx.org/packages/debian/ stretch nginx deb-src http://nginx.org/packages/debian/ stretch nginx default config file from nginx (/etc/nginx/conf.d/default.conf) after installing: Code: server { listen 80; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } I will understand if nginx is not supported atm and will wait for a fix and will just install apache2 as the guide says, I am asking if there is a simple fix or I am doing something wrong in the process.
Nginx has not been tested yet, otherwise, there would a tutorial for that. Besides that, you used the wrong nginx packages, use the ones from Debian and not nginx.org. The nginx.org packages run under a different user with different config files, so they won't work on Debian 8 as well.
I was running Debian 8 with packages from Nginx not Debian and it was working fine. It seems I will wait for you guys.
Well, it seems Nginx (1.10.3) is working with ISPConfig3 (3.1.4) when you use Debian 9 packages, just letting everyone know. The only difference I made is that I installed Nginx and configured PHP-FPM and then continued to follow the guide up until the roundcube install. I needed to install it without the dependencies (it needed apache2 to be installed in order to have roundcube). When I am done with roundcube I will post info how to do it if anyone is interested. Well for now I have a problem with Let's Encrypt with creating certs but not using them, when I click on the button "Let's Encrypt" it checks SSL also and uses that. If I uncheck it, "Let's Encrypt" get unchecked too.
I checked ssl dir for the client and here it is I am having a "-le" at my keys folder? There is another thread over here, maybe we are having the same problem? Anyway here is a screenshot: I tried to delete the client/website and do it again, but I am hitting the same problem.
This means that the Letsencrypt cert generation worked correctly. It has already been explained in the other thread you linked to that the certs must be named with -le in the filename when you use Letsencrypt and ISPConfig uses this filename in the nginx vhost file. if the ssl cert file paths in the vhost file does not have -le inside, then you might use a custom nginx vhost template which has not been adapted for recent ISPConfig versions yet.
Ok..I am kinda ashamed but the problem was that I needed to first create the website and after that I need to edit it and click on "Let's Encrypt" to work. Not sure if this is correct, but before I was doing them at the same time and it was working. As always thank you @till for the help. Hahah, now I need to figure out why when I enter quota on a website it still says unlimited (I am using RAID10+LVM)
That's indeed a problem that we need to address. The website has to exist to get an LE cert as LE tries to reach the site and at the same time: to enable SSL in nginx, the ssl cert has to exist already. At the moment, the SSL cert creation step is always before we write the site. Either we have to write the vhost file twice and restart nginx in this process so that the vhost exists without SSL before LE is called or we will have to at least disable the LE checkbox during initial site creation so that the user can enable it only when the site exists already.
When I enter "repquota -avug" in the terminal to see if there is a hard limit on the websites: Code: *** Report for user quotas on device /dev/mapper/data-root Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 1747560 0 0 90224 0 0 daemon -- 52 0 0 1 0 0 dollar -- 36 0 0 9 0 0 mysql -- 0 0 0 5 0 0 clamav -- 4 0 0 1 0 0 debian-spamd -- 56 0 0 14 0 0 bind -- 4 0 0 1 0 0 getmail -- 8 0 0 2 0 0 ispconfig -- 33976 0 0 6889 0 0 web1 -- 0 819200000 819201024 0 0 0 web2 -- 0 15360000 15361024 0 0 0 web3 -- 0 1024000 1025024 0 0 0 Statistics: Total blocks: 8 Data blocks: 1 Entries: 12 Used average: 12.000000 *** Report for group quotas on device /dev/mapper/data-root Block grace time: 7days; Inode grace time: 7days Block limits File limits Group used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 1746340 0 0 90116 0 0 daemon -- 56 0 0 2 0 0 adm -- 4 0 0 1 0 0 tty -- 44 0 0 2 0 0 mail -- 160 0 0 5 0 0 www-data -- 8 0 0 2 0 0 shadow -- 140 0 0 5 0 0 staff -- 124 0 0 35 0 0 crontab -- 40 0 0 1 0 0 Debian-exim -- 4 0 0 1 0 0 messagebus -- 44 0 0 1 0 0 mlocate -- 40 0 0 1 0 0 ssh -- 352 0 0 1 0 0 dollar -- 36 0 0 9 0 0 mysql -- 0 0 0 5 0 0 ssl-cert -- 8 0 0 2 0 0 postfix -- 120 0 0 30 0 0 postdrop -- 40 0 0 2 0 0 dovecot -- 16 0 0 3 0 0 debian-spamd -- 56 0 0 14 0 0 bind -- 68 0 0 14 0 0 ispconfig -- 33996 0 0 6894 0 0 Statistics: Total blocks: 10 Data blocks: 2 Entries: 22 Used average: 11.000000 I am kinda confused why are they showed at mount point "/" when the website is located at /var/www (I have a LVM partition mounted at /var). Do I need to add errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 on /dev/mapper/data-var--data? The hard limits are there for web[1-3] and are correct. But when I enter in the ISPConfig3 interface (as admin and client) it shows unlimited and no used space: This is my fstab file: Code: # <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/data-root / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1 # /boot was on /dev/md0 during installation UUID=39e6390c-ed04-4514-b813-cb4f9d8c9a96 /boot ext4 defaults 0 2 /dev/mapper/data-var--data /var ext4 defaults 0 2 /dev/mapper/data-swap none swap sw 0 0 /var/log/ispconfig/httpd/cloud.domain.eu /var/www/clients/client1/web1/log none bind,nobootwait 0 0 /var/log/ispconfig/httpd/domain.eu /var/www/clients/client1/web2/log none bind,nobootwait 0 0 /var/log/ispconfig/httpd/dev.domain.eu /var/www/clients/client2/web3/log none bind,nobootwait 0 0
Yes. Quota needs to be enabled for the partition that holds the websites. The quota view in ISPConfig is not real-time, it might be that it needs a bit more time to get updated.
Now it's working. my fstab looks like this (I removed usrquota options from / to /var): Code: # <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/data-root / ext4 errors=remount-ro 0 1 # /boot was on /dev/md0 during installation UUID=39e6390c-ed04-4514-b813-cb4f9d8c9a96 /boot ext4 defaults 0 2 /dev/mapper/data-var--data /var ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 2 /dev/mapper/data-swap none swap sw 0 0 /var/log/ispconfig/httpd/cloud.domain.eu /var/www/clients/client1/web1/log none bind,nobootwait 0 0 /var/log/ispconfig/httpd/domain.eu /var/www/clients/client1/web2/log none bind,nobootwait 0 0 /var/log/ispconfig/httpd/dev.domain.eu /var/www/clients/client2/web3/log none bind,nobootwait 0 0 Only 1 thing bothers me is that when I enter "quotacheck -avugm" it gives me: Code: quotacheck: Scanning /dev/mapper/data-root [/] done quotacheck: Checked 8839 directories and 88324 files quotacheck: Quota for users is enabled on mountpoint /var so quotacheck might damage the file. Please turn quotas off or use -f to force checking. It tries to scan / even tough I removed quota on / with this command: Code: quotaoff -v /
I just did, I ran the command again and now it only gives me: Code: quotacheck: Quota for users is enabled on mountpoint /var so quotacheck might damage the file. Please turn quotas off or use -f to force checking. Maybe now it is ok? Do do I need to somehow delete the quota files which were left maybe on / because of my missconfiguration?
That should be fine now. Most likely you can delete the quota files in / now, but haven had that case yet.
Well I wont touch them since everything is fine now, so on the topic I can safely say that nginx works with the new version of ISPConfig3 with tested software: Roundcube (installed ispconfig plugin, the only problem I have is I cannot access settings in roundcube when I login. Maybe I missconfigured? Used guide from here.) NextCloud (works fine, except for some nginx header options, but that is not from ISPConfig I think.) phpMyAdmin (no problems here) bind (works line a charm) MariaDB (works) WordPress (again no problems) mdadm monitor (working) fail2ban & ufw (no problems) And the last thing...I wanted to change the certificates of ISPConfig3 interface, I manually edited 000-ispconfig.vhost and changed ssl_certificate & ssl_certificate_key to letsencrypt ones. After restarting nginx crashes with this error: Code: nginx: [emerg] duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/000-ispconfig.vhost-1:3 Line 3 is: listen [::]:443 ipv6only=on; When I comment it so it wont load, the web server starts but with 1 error: Code: nginx: [warn] conflicting server name "_" on 0.0.0.0:443, ignored I tried to use the ISPConfig update script to reconfigure the webserver but nothing changed. ISPConfig interface is running on port 443. Everything is working regarding my websites, but I am curious what I did wrong again .
Di not edit that file, your changes will be removed automatically on next update. Use symlinks instead. see e.g. here: https://www.howtoforge.com/communit...ntrol-panel-with-lets-encrypt-free-ssl.75554/ You must have added the same vhost with server name '_' twice in the nginx config.
Thanks @till I had no idea you can do it in this fancy way with symlinks, I did them for ISPConfig interface, postfix & dovecot. I encountered a slight problem, with multiserver setup and slave DNS. I had a domain signed with DNSSEC but decided to add another slave dns, I deleted the keys and the domain and added the domain again, but after that DNSSEC options are not there I assume you guys are working on it from the thread here. I tried to play with it and generate and sign my domain and it works (I think the slave does not get the keys), but when I add e subdomain or in general tweak the dns ISPConfig overwrites my changes (which is normal), I saw some workarounds to make a script when there are DNS changes to add the .signed, but I prefer to wait.
