Hello everyone, I installed ISPconfig with nginx following every step of the tutorial "The Perfect Server - Debian 10 (Nginx, BIND, Dovecot, ISPConfig 3.1)" and secured it afterwards with the tutorial "Securing ISPConfig 3.1 With a Free Let's Encrypt SSL Certificate" and everything seems to work like expected with two exceptions: I cannot reach roundcube and phpmyadmin. Using the internal links serveradress:8080/phpmyadmin and serveradress:8080/webmail gives me 404 errors. If I change 8080 to 8081 like I read here in other posts, my browsers get the following error SSL_ERROR_RX_RECORD_TOO_LONG. Is there anything I missed or a way to fix this? I really hope someone can help me out here. Every hint is appreciated.
serveraddress/phpmyadmin and serveraddress/webmail (without 8080 or 8081) gives me 404 errors. Same goes for server ip. server ip:8081/webmail and server ip:8081/phpmyadmin again give me SSL_ERROR_RX_RECORD_TOO_LONG.
Start with this: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/ Then this: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/
Seems like I got it to work using the following nginx directives (I found on some places here and combined them) on the host website (created to obtain thee lets encrypt certificate like explained in the tutorial). I can now reach roundcube and phpmyadmin under serveraddress/phpmyadmin and serveraddress/roundcube. Perhaps not an ideal solution (especially since links inside ispconfig to phpmyadmin and webmail now dont work) but at least it works somehow. Code: location /phpmyadmin { root /usr/share/; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri =404; root /usr/share/; fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_param HTTPS on; # <-- add this line fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } client_max_body_size 100M; location /roundcube { root /var/lib/; index index.php index.html index.htm; location ~ (.+\.php)$ { try_files $uri =404; include /etc/nginx/fastcgi_params; # To access SquirrelMail, the default user (like www-data on Debian/Ubuntu) must be used #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_index index.php; fastcgi_intercept_errors on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } location ~* /.svn/ { deny all; } location ~* /README|INSTALL|LICENSE|SQL|bin|CHANGELOG$ { deny all; } } location /webmail { rewrite ^ /roundcube last; }
I know I'm not going to be very helpful here, but, interestingly, I never managed port 8081 ('apps' virtual host) to actually work with roundcube/phpmyadmin. Instead, my SSL-protected port 8080 ('ispconfig' virtual host) is handling those two services (I basically copied those directives from 'apps' to 'ispconfig'), and each website gets redirected to that. As you say, hardly a good solution (since internal links to the admin interface get exposed) and it also broke the links inside ispconfig to phpmyadmin, so I guess that we have very similar issues, possibly from the same (unknown) cause. It's funny, but everything used to work perfectly — at some point in time, however, it refused to work, and I assumed that it was some obscure option that I had enabled/disabled somewhere, but, since this issue is not a priority for me, I never gave it a second thought. But now that I've read this thread it looks like the problem is somehow related to the Let's Encrypt certificate and the move from plain old HTTP to HTTPS. I may give it another try and see if I can figure out what exactly is different due to using HTTPS.
Hello, I had same problem and I noticed that in my apps.vhost file first lines looks like this listen 8081; So I changed it based on ispconfig.vhost to this listen 58081 ssl; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; I seems working now.