Cannot Access ISPCONFIG After Ubuntu 16 Update

Discussion in 'Installation/Configuration' started by ovan, Sep 18, 2020.

  1. ovan

    ovan New Member

    Hi,
    I'm new to ispconfig, i have installed a vps with ubuntu 16 and ispconfig. It was working properly until i did a system update through webmin, suddenly i cannot access ispconfig.
    And if i type my ip, its redirecting to apache default page, also every domain/user account inside ispconfig are redirected into apache default page.
    What should i do to get my ispconfig working properly.?

    Thank You
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do an ispconfig update like this and choose to reconfigure services during update:

    Code:
    cd /tmp
    wget https://www.ispconfig.org/downloads/ISPConfig-3.1.15p3.tar.gz
    tar xvfz ISPConfig-3.1.15p3.tar.gz
    cd ispconfig3_install/install
    php -q update.php
     
    ovan likes this.
  3. ovan

    ovan New Member

    It works... websites in that ispconfig are able to be accessed now.
    but the ispconfig main page is still failed, when i type ip-address:8080 it came up with Secure Connection Failed
    how to fix this please.?
    Thank You
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. ovan

    ovan New Member

    Nope, both doesn't work.
    I was going to type complete url but since i am new here, so i cannot post any link
    without https, its just show a blank page, with https came up with
    Secure Connection Failed
    An error occurred during a connection to ip-address:8080. SSL received a record that exceeded the maximum permissible length.
    Error code: SSL_ERROR_RX_RECORD_TOO_LON
     
    Last edited: Sep 18, 2020
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Run update.php again and answer yes to generating a new SSL certificate.
     
    ovan likes this.
  7. ovan

    ovan New Member

    unfortunately it's not working, i have ran update.php again and recreating a new SSL certificate. but it still came up with
    Secure Connection Failed
    An error occurred during a connection to ip-address:8080. SSL received a record that exceeded the maximum permissible length.
    Error code: SSL_ERROR_RX_RECORD_TOO_LON
     
  8. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Hmm, you might check what's under /usr/local/ispconfig/interface/ssl, maybe it is symlinks to bad/nonexistent files or such. (The update was intended to fix that issue .. possibly it doesn't change/overwrite existing symlinks?)

    Aside from that, check the log files and cli output when you start apache and you'll likely see an error about the port 8080 site to work from.
     
    Last edited: Sep 22, 2020
  9. ovan

    ovan New Member

    I found /usr/local/ispconfig/interface/ssl doesn't symlinks, here it is :
    root@vps:/usr/local/ispconfig/interface/ssl# ls -l
    total 20
    -rwxr-x--- 1 root root 45 Sep 19 12:16 empty.dir
    -rwxr-x--- 1 root root 1850 Sep 21 21:21 ispserver.crt
    -rwxr-x--- 1 root root 1704 Sep 21 21:21 ispserver.csr
    -rw-r--r-- 1 root root 3243 Sep 21 21:21 ispserver.key
    -rwxr-x--- 1 root root 3311 Sep 21 21:20 ispserver.key.secure
    root@vps:/usr/local/ispconfig/interface/ssl#

    here is what i got after restarting apache, i didn't see error on port 8080 :
    root@vps:/usr/local/ispconfig/interface/ssl# systemctl start apache2
    root@vps:/usr/local/ispconfig/interface/ssl# systemctl status apache2
    ● apache2.service - LSB: Apache2 web server
    Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
    Drop-In: /lib/systemd/system/apache2.service.d
    └─apache2-systemd.conf
    Active: active (running) since Tue 2020-09-22 16:48:56 WIB; 3s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 17006 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
    Process: 1073 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
    Process: 17286 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    CGroup: /system.slice/apache2.service
    ├─17341 /usr/sbin/apache2 -k start
    ├─17344 vlogger (access log
    ├─17345 /usr/sbin/apache2 -k start
    └─17346 /usr/sbin/apache2 -k start

    Sep 22 16:48:55 vps systemd[1]: Starting LSB: Apache2 web server...
    Sep 22 16:48:55 vps apache2[17286]: * Starting Apache httpd web server apache2
    Sep 22 16:48:55 vps apache2[17286]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.co
    Sep 22 16:48:56 vps apache2[17286]: *
    Sep 22 16:48:56 vps systemd[1]: Started LSB: Apache2 web server.
     
  10. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    The error you get usually (always?) indicates the server is talking http but your client expects https. What does apachectl -S show? The port 8080 vhost should be defined in /etc/apache2/sites-enabled/000-ispconfig.vhost, what does that file contain? (It should point to the certificate files you showed above.)
     
  11. ovan

    ovan New Member

    Here is what i get from apachectl -S
    root@vps:/usr/local/src# apachectl -S
    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
    VirtualHost configuration:
    *:8081 vps.abcdefg.ac.id (/etc/apache2/sites-enabled/000-apps.vhost:9)
    *:8080 is a NameVirtualHost
    default server 103.xxx.xxx.xxx (/etc/apache2/sites-enabled/000-default.conf:1)
    port 8080 namevhost 103.xxx.xxx.xxx (/etc/apache2/sites-enabled/000-default.conf:1)
    port 8080 namevhost vps.abcdefg.ac.id (/etc/apache2/sites-enabled/000-ispconfig.vhost:9)
    *:80 is a NameVirtualHost
    default server cbt.abcdefg.ac.id (/etc/apache2/sites-enabled/100-cbt.abcdefg.ac.id.vhost:7)
    port 80 namevhost cbt.abcdefg.ac.id (/etc/apache2/sites-enabled/100-cbt.abcdefg.ac.id.vhost:7)
    alias www.cbt.abcdefg.ac.id
    port 80 namevhost digilib.abcdefg.ac.id (/etc/apache2/sites-enabled/100-digilib.abcdefg.ac.id.vhost:7)
    alias www.digilib.abcdefg.ac.id
    port 80 namevhost elearning.abcdefg.ac.id (/etc/apache2/sites-enabled/100-elearning.abcdefg.ac.id.vhost:7)
    alias www.elearning.abcdefg.ac.id
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex ssl-stapling: using_defaults
    Mutex ssl-cache: using_defaults
    Mutex default: dir="/var/lock/apache2" mechanism=fcntl
    Mutex mpm-accept: using_defaults
    Mutex fcgid-pipe: using_defaults
    Mutex authdigest-opaque: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex authdigest-client: using_defaults
    Mutex fcgid-proctbl: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    Define: ENABLE_USR_LIB_CGI_BIN
    User: name="www-data" id=33
    Group: name="www-data" id=33
    root@vps:/usr/local/src#

    and here the /etc/apache2/sites-enabled/000-ispconfig.vhost cointain

    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################

    Listen 8080
    NameVirtualHost *:8080

    <VirtualHost _default_:8080>
    ServerAdmin webmaster@localhost

    <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>

    <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
    Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
    AllowOverride AuthConfig Indexes Limit Options FileInfo
    <FilesMatch "\.php$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
    Require all granted
    </Directory>
    IPCCommTimeout 7200
    MaxRequestLen 15728640
    </IfModule>

    <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
    # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
    Options +FollowSymLinks
    AllowOverride None
    Require all granted
    php_value magic_quotes_gpc 0
    </Directory>
    </IfModule>

    ErrorLog /var/log/apache2/error.log
    CustomLog /var/log/apache2/access.log combined
    ServerSignature Off

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    # SSL Configuration
    SSLEngine On
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

    SSLProtocol All -SSLv3
    # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    # SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle

    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder On

    <IfModule mod_headers.c>
    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
    <IfVersion >= 2.4.7>
    Header setifempty Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    <IfVersion < 2.4.7>
    Header set Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    RequestHeader unset Proxy early
    </IfModule>

    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off

    </VirtualHost>

    <IfModule mod_ssl.c>
    SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>

    <Directory /var/www/php-cgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    <Directory /var/www/php-fcgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>
     
  12. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Note for future posts, using \[code\] tags makes output more readable.
    Your default server definition in 000-default.conf is overriding the definition in 000-ispconfig.vhost, so either compare 000-default.conf to 000-ispconfig.vhost to see what is different, or change your setup. Normally you create a default vhost for port 80 and 443, leaving 8080 completely untouched, and managed by ISPConfig. On installations where I want to customize my 000-ispconfig.vhost, I copy apache_ispconfig.vhost.master to the conf-custom folder and make my changes there.
     

Share This Page