cant access control panel outside of LAN on 8080

Discussion in 'Installation/Configuration' started by McKay, Jan 15, 2021.

  1. McKay

    McKay New Member

    So I installed ISPConfig 3.2.2 on ubuntu 20.4 multiserver with a dedicated control panel, web, mail, db, ns1,ns2, server with their own LAN IP, I went through the whole install process and everything is working except for 2 things so far. I installed ISPConfig 3.1 on ubuntu 18.4 same way, before I did a full reinstall, I had a few problems but information on the web got it all fixed and it worked perfect. Anyways back to the topic, after I installed everything and tested it I cant seem to access the control panel at http://mydomain.com:8080 (nor https://) only on the LAN side can I reach it at https://192.168.*.***:8080 http:// shows the normal bad request cause it wants SSL. I have went through everything online and nothing seems to resolve the problem, any help would be great. Websites are up and working, both nameservers are up and working, email works, and DB works fine. During the initial install it asked something about force reconfigure of openVZ I clicked no at that time, also when I went to do the letsencrypt SSL on the panel install it fails saying "server" from server.mydomain.com is not in the A/AAAA record but "server" is in my dns A record and it defaults to self signed cert setup, not sure if that helps or not. I did a force update on all servers, also did a full resync from the control panel after.

    Any help would be wonderful and I hope you all have a great day!!!!

    Thanks:

    McKay
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you reach it on it's public IP?
    Did you set the correct IP for the A/AAAA record of mydomain.com?
    Did you open port 8080 in your firewall to allow access from everywhere?
     
  3. McKay

    McKay New Member

    Can NOT reach it on public IP only LAN IP.
    IP is set in dns for A record "server" - IPV4 107.130.***.*** <--- public ip
    Port is still open 8080 from previous working installation with ispconfig 3.1 and ubuntu 18 on my router, websites are currently working on port 80 that is under the same alias as port 8080 in my router. DNS is working with port 53 open as well in my router along with all the other ports 443 etc...
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Are you sure port 8080 is forwarded to the right machine?
     
    McKay likes this.
  5. McKay

    McKay New Member

    Ok so for some odd reason the control panel worked before on my web server machine at 192.***.*.113 but I guess I didnt install the control panel on the web server this time just the panel server at 192.***.*.110 so I closed the port 8080 on my web server in my router to 192.***.*.113 and opened port 8080 to my panel server 192.***.*.110 and now seems to be accasable via WAN. Thank you for pointing out something so simple. without great minds even the simple stuff can stump us lol.

    Now I have my second problem that I wanted to see if it fixed it with the first solution but it didnt, so I can access roundcube on /webmail but when I login with full email address and password it says Login Failed in bottom right corner. I followed the perfect server for ubuntu, and I remember last time it gave me this problem it was something simple but this time I cant find the solution. If I should start a new thread for this please let me know and I will be glad to.

    Thanks:

    McKay
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The panel only runs on the master, not on the other nodes. Glad to hear it is resolved.

    For your roundcube issue: Have you set up the webmail to connect to the mail server? Can you share your roundcube config? (remove sensitive info and put it in a code block, in the editor: insert -> code)
     
  7. McKay

    McKay New Member

    P.S. I noticed in the log files I
    Last time I didnt have to setup webmail to connect to mail server, I think it was a symlink or something and it worked, but that was with 3.1 not sure if 3.2 is changed or not. I will post my roundcube config here in a few for ya when I get to my other computer. The rouncube config is standard from the install cause I haven't edited that file at all.
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You will have to set the IMAP and SMTP host aswell as the correct ports to connect to your mailserver.
     
  9. McKay

    McKay New Member

    This what youre looking for??


    Code:
    <?php
    
    /*
    +-----------------------------------------------------------------------+
    | Local configuration for the Roundcube Webmail installation.           |
    |                                                                       |
    | This is a sample configuration file only containing the minimum       |
    | setup required for a functional installation. Copy more options       |
    | from defaults.inc.php to this file to override the defaults.          |
    |                                                                       |
    | This file is part of the Roundcube Webmail client                     |
    | Copyright (C) The Roundcube Dev Team                                  |
    |                                                                       |
    | Licensed under the GNU General Public License version 3 or            |
    | any later version with exceptions for skins & plugins.                |
    | See the README file for a full license statement.                     |
    +-----------------------------------------------------------------------+
    */
    
    $config = array();
    
    // Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database!
    include_once("/etc/roundcube/debian-db-roundcube.php");
    
    // The IMAP host chosen to perform the log-in.
    // Leave blank to show a textbox at login, give a list of hosts
    // to display a pulldown menu or set one host as string.
    // Enter hostname with prefix ssl:// to use Implicit TLS, or use
    // prefix tls:// to use STARTTLS.
    // Supported replacement variables:
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %s - domain name after the '@' from e-mail address provided at login screen
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['default_host'] = 'localhost';
    
    // SMTP server host (for sending mails).
    // Enter hostname with prefix ssl:// to use Implicit TLS, or use
    // prefix tls:// to use STARTTLS.
    // Supported replacement variables:
    // %h - user's IMAP hostname
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %z - IMAP domain (IMAP hostname without the first part)
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['smtp_server'] = 'localhost';
    
    // SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
    $config['smtp_port'] = 587;
    // SMTP username (if required) if you use %u as the username Roundcube
    // will use the current username for login
    $config['smtp_user'] = '%u';
    
    // SMTP password (if required) if you use %p as the password Roundcube
    // will use the current user's password for login
    $config['smtp_pass'] = '%p';
    
    // provide an URL where a user can get support for this Roundcube installation
    // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
    $config['support_url'] = '';
    
    // Name your service. This is displayed on the login screen and in the window title
    $config['product_name'] = 'Roundcube Webmail';
    
    // this key is used to encrypt the users imap password which is stored
    // in the session record (and the client cookie if remember password is enabled).
    // please provide a string of exactly 24 chars.
    // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
    $config['des_key'] = '***************';
    
    // List of active plugins (in plugins/ directory)
    // Debian: install roundcube-plugins first to have any
    $config['plugins'] = array(
    );
    
    // skin name: folder from skins/
    $config['skin'] = 'elastic';
    
    // Disable spellchecking
    // Debian: spellshecking needs additional packages to be installed, or calling external APIs
    //         see defaults.inc.php for additional informations
    $config['enable_spellcheck'] = false;
    
     
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Yes.

    $config['default_host'] = 'localhost'; should be $config['default_host'] = 'ssl://imap.example.com';
    where imap.example.com is your mailservers hostname
    $config['smtp_server'] = 'localhost'; should be $config['smtp_server'] = 'tls://smtp.example.com';
    where smtp.example.com is your mailservers hostname

    The other settings look good to me.
     
  11. McKay

    McKay New Member

    now when you say mailserver hostname say its mail.example.com would I make it ssl://imap.mail.example.com or ssl://imap.example.com
    Also should this config folder be edited on the web server, panel server, or mail server. I added ssl://imap.example.com in the web server config and it throws a "connection to server storage failed" now so Im assuming I edit the web config file for roundcube?!
     
  12. McKay

    McKay New Member

    Tested ssl://imap.mail.example.com and ssl://imap.example.com as well as ssl://mail.example.com all come up with "connection to server storage failed" with both default host and smtp server tls://.
     
  13. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    If the hostname is mail.example.com replace imap.example.com completely.

    Roundcube only has to be installed on the server you visit (so if it's the webserver, it should be installed there) and the config file on that server should be edited.
     
  14. McKay

    McKay New Member

    Code:
    $config['default_host'] = 'ssl://mail.example.com';
    $config['smtp_server'] = 'tls://mail.example.com';
    This is my code (obviously with domain in place of example lol) on my web server that I visit example.com/webmail at, says "connection to storage server failed"
     
  15. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Does the A/AAAA record for mail.example.com exist and point to the correct server?
     
  16. McKay

    McKay New Member

    Yes sir, has an A record pointing to its own WAN IP directed to the mailserver in my router, as well as the mx record pointing to example.com
     
  17. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    And are you able to connect to the mailserver with a local mail client like Thunderbird?

    Can you share the roundcube config as it is now?
     
  18. McKay

    McKay New Member

    Yup its connected on my iphpone mail client and working properly, also mail.example.com resolves to my WAN IP for the mail server.


    Code:
    <?php
    
    /*
    +-----------------------------------------------------------------------+
    | Local configuration for the Roundcube Webmail installation.           |
    |                                                                       |
    | This is a sample configuration file only containing the minimum       |
    | setup required for a functional installation. Copy more options       |
    | from defaults.inc.php to this file to override the defaults.          |
    |                                                                       |
    | This file is part of the Roundcube Webmail client                     |
    | Copyright (C) The Roundcube Dev Team                                  |
    |                                                                       |
    | Licensed under the GNU General Public License version 3 or            |
    | any later version with exceptions for skins & plugins.                |
    | See the README file for a full license statement.                     |
    +-----------------------------------------------------------------------+
    */
    
    $config = array();
    
    // Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database!
    include_once("/etc/roundcube/debian-db-roundcube.php");
    
    // The IMAP host chosen to perform the log-in.
    // Leave blank to show a textbox at login, give a list of hosts
    // to display a pulldown menu or set one host as string.
    // Enter hostname with prefix ssl:// to use Implicit TLS, or use
    // prefix tls:// to use STARTTLS.
    // Supported replacement variables:
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %s - domain name after the '@' from e-mail address provided at login screen
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['default_host'] = 'ssl://mail.example.com';
    
    // SMTP server host (for sending mails).
    // Enter hostname with prefix ssl:// to use Implicit TLS, or use
    // prefix tls:// to use STARTTLS.
    // Supported replacement variables:
    // %h - user's IMAP hostname
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %z - IMAP domain (IMAP hostname without the first part)
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['smtp_server'] = 'tls://mail.example.com';
    
    // SMTP port. Use 25 for cleartext, 465 for Implicit TLS, or 587 for STARTTLS (default)
    $config['smtp_port'] = 587;
    // SMTP username (if required) if you use %u as the username Roundcube
    // will use the current username for login
    $config['smtp_user'] = '%u';
    
    // SMTP password (if required) if you use %p as the password Roundcube
    // will use the current user's password for login
    $config['smtp_pass'] = '%p';
    
    // provide an URL where a user can get support for this Roundcube installation
    // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
    $config['support_url'] = '';
    
    // Name your service. This is displayed on the login screen and in the window title
    $config['product_name'] = 'Roundcube Webmail';
    
    // this key is used to encrypt the users imap password which is stored
    // in the session record (and the client cookie if remember password is enabled).
    // please provide a string of exactly 24 chars.
    // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
    $config['des_key'] = '*******************';
    
    // List of active plugins (in plugins/ directory)
    // Debian: install roundcube-plugins first to have any
    $config['plugins'] = array(
    );
    
    // skin name: folder from skins/
    $config['skin'] = 'elastic';
    
    // Disable spellchecking
    // Debian: spellshecking needs additional packages to be installed, or calling external APIs
    //         see defaults.inc.php for additional informations
    $config['enable_spellcheck'] = false;
    Also as I mentioned on the first post, I wasnt able to create letsencrypt and link it to postfix etc during installation cause it said server was not in my A/AAAA records when it actually was in there. <---Also not sure if this helps.
     
    Last edited: Jan 15, 2021
  19. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You can connect from the roundcube server to 'mail.example.com' (by hostname) port 993? Alternateively you could use tls:// there and it'll use port 143.
    You can tell roundcube to ignore certificate errors until you resolve this, add:
    Code:
    $config['imap_conn_options'] = array(
            'ssl' => array('verify_peer' => false, 'verify_peer_name' => false),
            'tls' => array('verify_peer' => false, 'verify_peer_name' => false),
    );
    $config['smtp_conn_options'] = array(
            'ssl' => array('verify_peer' => false, 'verify_peer_name' => false),
            'tls' => array('verify_peer' => false, 'verify_peer_name' => false),
    );
    
     
  20. McKay

    McKay New Member

    Does not work on port 993, or with tls:// also tried port 25 just for the heck of it. Will the rouncube be seeing the cert not valid even though its self signed and rejecting it without that code above causing the "connection to storage server failed"? And I guess I just add that to the bottom of the code?
     

Share This Page