Hi guys, I managed to install ISPCongif 3 on AWS EC2 instance. Have chosen Nginx. This is my first experience with Linux, so it was quite hard for me. However, I am quite stuck now. What works: - webui on server.example.com:8080 - mail on example.com configured under email client (with Dkim, sfp, SpamAssassin etc.) - ftp user login What doesn't work: - accessing the default page of the website by typing example.com (ISPconfig is on server.example.com) (however, on the ftp account I see all files) - webmail example.com/webmail or /roundcube simply doesn't work. - awstats also, probably for the same reason that the above do not work My security group on AWS inbound all TCP traffic, ISPConfig firewall also has 443 pasted, but still, can't access website/webmail/stats. My info: Ubuntu 20.04.2 LTS PHP 7.4.18 nginx Here is ISPConfig report: Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 20.04.2 LTS [INFO] uptime: 14:16:17 up 5:47, 1 user, load average: 0.00, 0.00, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 1.9Gi 542Mi 604Mi 47Mi 808Mi 1.2Gi Swap: 0B 0B 0B [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● clamav-daemon.service loaded failed failed Clam AntiVirus userspace daemon ● quotaon.service loaded failed failed Enable File System Quotas ● snap.amazon-ssm-agent.amazon-ssm-agent.service loaded failed failed Service for snap application amazon-ssm-agent.amaz on-ssm-agent ● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 4 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.4 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.18 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.18 ##### PORT CHECK ##### [WARN] Port 443 (Webserver SSL) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (nginx:) (PID 22764) [INFO] I found the following mail server(s): Postfix (PID 1428) [INFO] I found the following pop3 server(s): Dovecot (PID 375) [INFO] I found the following imap server(s): Dovecot (PID 375) [INFO] I found the following ftp server(s): PureFTP (PID 21574) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:995 (375/dovecot) [localhost]:11332 (412/rspamd:) [localhost]:11333 (412/rspamd:) [localhost]:11334 (412/rspamd:) [localhost]:10023 (823/postgrey) [anywhere]:587 (1428/master) [localhost]:6379 (618/redis-server) [localhost]:11211 (385/memcached) [anywhere]:110 (375/dovecot) [anywhere]:143 (375/dovecot) [anywhere]:80 (22764/nginx:) [anywhere]:8080 (22764/nginx:) [anywhere]:8081 (22764/nginx:) [anywhere]:465 (1428/master) [anywhere]:21 (21574/pure-ftpd) ***.***.***.***:53 (386/named) [localhost]:53 (386/named) ***.***.***.***:53 (333/systemd-resolve) [anywhere]:22 (870/sshd:) [anywhere]:25 (1428/master) [localhost]:953 (386/named) [anywhere]:4190 (375/dovecot) [anywhere]:993 (375/dovecot) *:*:*:*::*:995 (375/dovecot) *:*:*:*::*:3306 (636/mysqld) *:*:*:*::*:587 (1428/master) *:*:*:*::*:6379 (618/redis-server) [localhost]10 (375/dovecot) [localhost]43 (375/dovecot) *:*:*:*::*:80 (22764/nginx:) *:*:*:*::*:8080 (22764/nginx:) *:*:*:*::*:8081 (22764/nginx:) *:*:*:*::*:465 (1428/master) *:*:*:*::*:21 (21574/pure-ftpd) *:*:*:*::**:*:*:*::*53 (386/named) *:*:*:*::*:53 (386/named) *:*:*:*::*:22 (870/sshd:) *:*:*:*::*:25 (1428/master) *:*:*:*::*:953 (386/named) *:*:*:*::*:4190 (375/dovecot) *:*:*:*::*:993 (375/dovecot) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh Thank you for your help.
Https doesn't work. However, on http it redirects me to https server.example.com:8081/squirrelmail and displays this: Code: CONFIGURATION ERROR config.inc.php was not found. Please read the INSTALL instructions!
Okay, I solved the problem with Roundcube by changing the permissions as advised here: https://www.howtoforge.com/communit...-debian-8-6-nginx-problems.77009/#post-363937 Code: chown root:ispapps /etc/roundcube/debian-db.php chmod 640 /etc/roundcube/debian-db.php chown root:ispapps /etc/roundcube/config.inc.php chmod 640 /etc/roundcube/config.inc.php chown -R ispapps:adm /var/log/roundcube chmod -R 750 /var/log/roundcube chown -R ispapps:ispapps /var/lib/roundcube/temp chmod -R 750 /var/lib/roundcube/temp However, website on Nginx is still, of course, unreachable. Could this also be the problem with permissions? FYI, I installed ISPConfig on clean Ubuntu of course.
Have you created a website in ISPConfig panel? From your messate #1: I think there is no default page in the way you seem to assume. Both Apache and nginx show the first page in alphabetic order if no more specific page exists. So that is in a way "default page". I create website 0000aaaa.site for this purpose, and add index.html that explains why user ended on that page.
I did. Created a website in the panel. There is a small anchor button that links to http://example.com. I mentioned .html file that is in the web directory after creating website from panel (it's name is standard_index.html). I can access it through FTP of course, but can't through web browser.
example.com points to elastic IP static address mail.example.com points to elastic IP static address server.example.com points to elastic IP static address
Ok, and you created a website for 'example.com' in ISPConfig, right? What do you get exactly in the web browser when you enter http://example.com ?
Okay, now it works! The DNS must have been propagating for longer than 48h. However, SSL certificate is recognized by Safari and Chrome as "not valid". Is there a way to fix that? Probably worth mentioning, before, I had on this domain let's encrypt certificate and now, maybe because of slight difference in credentials, the browsers mark this as "not valid"? Thank you so much for your help. I understand if my problem with SSL is out of the scope of original problem and you may not help here. @Edit SSL checker prints this: Code: We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that: The web site does not use SSL, but shares an IP address with some other site that does. The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted. The web site uses a content delivery network (CDN) that does not support SSL. The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
You can not have a LE cert when domain was not pointing to the server at the time you created the site. Go to website settings, check on SSL tab that you did not created a SSL cert there. if you created a cert there, delete it by using certificate delete action and then press save. Then go back to the first tab of the website, enable Let#s encrypt and SSL checkbox and press save. Then wait a few minutes until the LE cert has been issued and the website is reconfigured.
Everything seems to be working now, at least online tools shows no errors or warnings and certificate is issued by LE. However, I discovered another problem when trying to add email to Apple Mail iPhone client. It couldn't obtain an SSL connection, so when I checked mail server SSL with this tool https://ssl-tools.net/mailservers/ I got: Hostname: mail.example.com IP Address: <static IP address> Priority: 10 STARTTLS: supported Certificates: server.example.com Which results in "hostname mismatch". What I did wrong, that my certificate at my mailserver points to server hostname? (btw. outgoing mails pass the tests) Thank you for your help!
If you want to use a different SSL cert for your mailserver than the hostname, see https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
