Not major but causing a little stress... changed the port for the admin panel from 8080 to 8443 to get through CF without redirects last week - and it stopped working after the change.. attempted to change back - still no go... not sure which log would have that directly, to see what is going on... /var/log/apache2/error.log not really helpful thought it might be vhosts - but that doesn't look off... especially since it was working.. did remove _default_ but didn't help... Ideas?
sry didn't mean to cross post: https://www.howtoforge.com/communit...-seems-not-to-be-listening.78947/#post-383209 just was working through the issue... here is output of test script on system not loading panel... Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** IP-address(es) (as per ifconfig): ***.***.***.*** [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.6.38-2+0~20181015120552.6+jessie~1.gbp567807 [INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.38-0+deb8u1 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 23015) [INFO] I found the following mail server(s): Postfix (PID 17084) [INFO] I found the following pop3 server(s): Dovecot (PID 17182) [INFO] I found the following imap server(s): Unknown process (init) (PID 1) [INFO] I found the following ftp server(s): PureFTP (PID 17330) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:993 (1/init) [anywhere]:995 (17182/dovecot) [localhost]:10024 (17174/amavisd-new) [localhost]:10025 (17084/master) [localhost]:10026 (17174/amavisd-new) [localhost]:10027 (17084/master) [anywhere]:587 (17084/master) [localhost]:11211 (555/memcached) [anywhere]:110 (17182/dovecot) [anywhere]:143 (1/init) [anywhere]:40399 (474/rpc.statd) [anywhere]:111 (455/rpcbind) [anywhere]:465 (17084/master) ***.***.***.***:53 (17338/named) [localhost]:53 (17338/named) [anywhere]:21 (17330/pure-ftpd) [anywhere]:22 (696/sshd) [localhost]:953 (17338/named) [anywhere]:25 (17084/master) *:*:*:*::*:993 (1/init) *:*:*:*::*:995 (17182/dovecot) *:*:*:*::*:10024 (17174/amavisd-new) *:*:*:*::*:10026 (17174/amavisd-new) *:*:*:*::*:3306 (16800/mysqld) *:*:*:*::*:587 (17084/master) [localhost]10 (17182/dovecot) [localhost]43 (1/init) [localhost]11 (455/rpcbind) *:*:*:*::*:80 (23015/apache2) *:*:*:*::*:8081 (23015/apache2) *:*:*:*::*:465 (17084/master) *:*:*:*::*:53 (17338/named) *:*:*:*::*:21 (17330/pure-ftpd) *:*:*:*::*:22 (696/sshd) *:*:*:*::*:39095 (474/rpc.statd) *:*:*:*::*:953 (17338/named) *:*:*:*::*:25 (17084/master) *:*:*:*::*:8443 (23015/apache2) *:*:*:*::*:443 (23015/apache2) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination fail2ban-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 fail2ban-dovecot-pop3imap tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993 fail2ban-pureftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 fail2ban-ssh tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 DROP tcp -- [anywhere]/0 ***.***.***.***/8 ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATED,ESTABLISHED ACCEPT all -- [anywhere]/0 [anywhere]/0 DROP all -- ***.***.***.***/4 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 DROP all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATED,ESTABLISHED DROP all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- [anywhere]/0 [anywhere]/0 DROP all -- [anywhere]/0 [anywhere]/0 Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain PAROLE (17 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain PUB_IN (6 references) target prot opt source destination ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 0 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpts:40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 DROP icmp -- [anywhere]/0 [anywhere]/0 DROP all -- [anywhere]/0 [anywhere]/0 Chain PUB_OUT (6 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-dovecot-pop3imap (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-pureftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0
Ok - have it working but unable to switch to 8443... rebooted - re-ran update and change back to 8080 and it started working but only after a reboot. expecting php-fpm getting stuck and reboot seems to resolve it.. thinking its from the php 7.0-7.3 install capabilities and something I messed up.. what I messed up... yeah that one I'm not certain of but sure sure its several things!!!
Probably the best way to change that is via the update.php script like you did. Your output shows the server listening on 8443 - maybe blocked in a firewall somewhere?
nope... no firewall between myself and server... ip accessing via IP https://ip:8443 ssh works just fine and have firewall disabled in setup... this is re-run again with server back to 8080.. which requires a reboot before 8080 works... which I think is a php related issue... the fpm service I can stop / but when I try to restart says already running... unless manually reboot... basically think I trashed php somewhere... either way though 8443 never shows / lights up... was going to try 2053 but never got around to that... 8443 not in use it appears.... so just odd.... Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** IP-address(es) (as per ifconfig): ***.***.***.*** [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1.13 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.6.38-2+0~20181015120552.6+jessie~1.gbp567807 [INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.38-0+deb8u1 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (fcgi-pm) (PID 324) [INFO] I found the following mail server(s): Postfix (PID 1427) [INFO] I found the following pop3 server(s): Dovecot (PID 590) [INFO] I found the following imap server(s): Unknown process (init) (PID 1) [INFO] I found the following ftp server(s): PureFTP (PID 1381) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:993 (1/init) [anywhere]:995 (590/dovecot) [anywhere]:43205 (484/rpc.statd) [localhost]:10024 (1167/amavisd-new) [localhost]:10025 (1427/master) [localhost]:10026 (1167/amavisd-new) [localhost]:10027 (1427/master) [anywhere]:587 (1427/master) [localhost]:11211 (556/memcached) [anywhere]:110 (590/dovecot) [anywhere]:143 (1/init) [anywhere]:111 (456/rpcbind) [anywhere]:465 (1427/master) [anywhere]:21 (1381/pure-ftpd) ***.***.***.***:53 (562/named) [localhost]:53 (562/named) [anywhere]:22 (673/sshd) [anywhere]:25 (1427/master) [localhost]:953 (562/named) *:*:*:*::*:993 (1/init) *:*:*:*::*:995 (590/dovecot) *:*:*:*::*:53508 (484/rpc.statd) *:*:*:*::*:10024 (1167/amavisd-new) *:*:*:*::*:3306 (1022/mysqld) *:*:*:*::*:10026 (1167/amavisd-new) *:*:*:*::*:587 (1427/master) [localhost]10 (590/dovecot) [localhost]43 (1/init) [localhost]11 (456/rpcbind) *:*:*:*::*:8080 (324/fcgi-pm) *:*:*:*::*:80 (324/fcgi-pm) *:*:*:*::*:8081 (324/fcgi-pm) *:*:*:*::*:465 (1427/master) *:*:*:*::*:21 (1381/pure-ftpd) *:*:*:*::*:53 (562/named) *:*:*:*::*:22 (673/sshd) *:*:*:*::*:25 (1427/master) *:*:*:*::*:953 (562/named) *:*:*:*::*:443 (324/fcgi-pm) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination fail2ban-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 fail2ban-dovecot-pop3imap tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993 fail2ban-pureftpd tcp -- [anywhere]/0 [anywhere]/0 mult iport dports 21 fail2ban-ssh tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 DROP tcp -- [anywhere]/0 ***.***.***.***/8 ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATE D,ESTABLISHED ACCEPT all -- [anywhere]/0 [anywhere]/0 DROP all -- ***.***.***.***/4 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 PUB_IN all -- [anywhere]/0 [anywhere]/0 DROP all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 state RELATE D,ESTABLISHED DROP all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 PUB_OUT all -- [anywhere]/0 [anywhere]/0 Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- [anywhere]/0 [anywhere]/0 DROP all -- [anywhere]/0 [anywhere]/0 Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain PAROLE (17 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain PUB_IN (6 references) target prot opt source destination ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 0 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:1000 0 PAROLE tcp -- [anywhere]/0 [anywhere]/0 tcp dpts:401 10:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 DROP icmp -- [anywhere]/0 [anywhere]/0 DROP all -- [anywhere]/0 [anywhere]/0 Chain PUB_OUT (6 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-dovecot-pop3imap (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-pureftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0
notice the difference from one where its not working and the one that is working? didn't catch that over the weekend until just now... - which tell me I messed up something with php in this specific server... it is Deb 8 (upgraded since 2015/2016 range) vs other test server Deb 9 but below is same box just changed panel port - even after reboots. Not Working: *:*:*:*::*:80 (23015/apache2) *:*:*:*::*:8081 (23015/apache2) *:*:*:*::*:8443 (23015/apache2) *:*:*:*::*:443 (23015/apache2) Working: *:*:*:*::*:8080 (324/fcgi-pm) *:*:*:*::*:80 (324/fcgi-pm) *:*:*:*::*:8081 (324/fcgi-pm) *:*:*:*::*:443 (324/fcgi-pm)
Your firewall rules show you allow port 8080 and not 8443 - do you change the firewall rules when you reconfigure the web server port?
Nope... because the Firewall is not enabled... so that is moot correct? on the update it asks... hey firewall is not enabled... do you want to enable? - Default [No]: and i hit enter to leave disabled ... That said... it does act exactly like the firewall is turning on and that rule isn't enabled... even though it shouldn't be running.. for giggles - what would be the way to enable / allow 8443 port? notice the same thing on my test machine... here is output from test machine.. it shows apache too not fcgi but is Deb 9 vs 8 and php 7.0 for OS PHP. Code: ##### SCRIPT FINISHED ##### Results can be found in htf_report.txt To view results use your favourite text editor or type 'cat htf_report.txt | more' on the server console. If you want to see the non-anonymized output start the script with --debug as parameter (php -q htf-common-issues.php --debug). root@cp:/tmp# cat htf_report.txt ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.1.13 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.0.30-0+deb9u1 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 1489) [INFO] I found the following mail server(s): Postfix (PID 1106) [INFO] I found the following pop3 server(s): Dovecot (PID 748) [INFO] I found the following imap server(s): Dovecot (PID 748) [INFO] I found the following ftp server(s): PureFTP (PID 19407) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10023 (816/postgrey) [localhost]:10024 (1575/amavisd-new) [localhost]:10025 (1106/master) [localhost]:10026 (1575/amavisd-new) [localhost]:10027 (1106/master) [anywhere]:587 (1106/master) [localhost]:11211 (693/memcached) [anywhere]:110 (748/dovecot) [anywhere]:143 (748/dovecot) [anywhere]:465 (1106/master) [anywhere]:21 (19407/pure-ftpd) ***.***.***.***:53 (689/named) [localhost]:53 (689/named) [anywhere]:22 (775/sshd) [anywhere]:25 (1106/master) [localhost]:953 (689/named) [anywhere]:993 (748/dovecot) [anywhere]:995 (748/dovecot) *:*:*:*::*:10023 (816/postgrey) *:*:*:*::*:10024 (1575/amavisd-new) *:*:*:*::*:10026 (1575/amavisd-new) *:*:*:*::*:3306 (934/mysqld) *:*:*:*::*:587 (1106/master) [localhost]10 (748/dovecot) [localhost]43 (748/dovecot) *:*:*:*::*:80 (1489/apache2) *:*:*:*::*:465 (1106/master) *:*:*:*::*:8081 (1489/apache2) *:*:*:*::*:21 (19407/pure-ftpd) *:*:*:*::*:53 (689/named) *:*:*:*::*:22 (775/sshd) *:*:*:*::*:25 (1106/master) *:*:*:*::*:953 (689/named) *:*:*:*::*:443 (1489/apache2) *:*:*:*::*:8443 (1489/apache2) *:*:*:*::*:993 (748/dovecot) *:*:*:*::*:995 (748/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-dovecot tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993,587,465,4190 f2b-pure-ftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-dovecot (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pure-ftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0
Just for kicks... running update again... verified it said disabled and also typed no as well. Code: >> Update Operating System: Debian 8.0 (Jessie) or compatible This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: Creating backup of "/usr/local/ispconfig" directory... Creating backup of "/etc" directory... Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /usr/local/src/ispconfig3_install/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Service 'firewall_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: no Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Mailman Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring BIND [INFO] haveged not detected - DNSSEC can fail Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Database Updating ISPConfig ISPConfig Port [8080]: 8443 Create new ISPConfig SSL certificate (yes,no) [no]: Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished.
You were right... disabled the firewall per : Code: iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT and blammo - it now works... not sure why the update didn't kill it - but figure it was another firewall setup somewhere somehow that I didn't see / catch. you were absolutely correct...
The install script is asking if it should add a symlink to enable the ISPConfig firewall plugin; you have a firewall setup independent of ISPConfig. That 'PAROLE' name comes from Bastille I believe; I would remove Bastille, install ufw, and enable the firewall plugin in ispconfig to configure it (unless you prefer to configure it from the command prompt, which is more flexible).
I'm thinking remove bastille and install UFW.. I need, Me proof... flexible is nice and all, but geez... causing my own issues! appreciate the help - just needed fresh eyes to see through my blunders...
