Hi all, I'm currently running and building my debian server 10, following the tutorial "perfect server debian 10". I strictly comply to all step of this tutorial, i didn't get any error or problem until the end of the installation where i get : Code: PHP Warning: chown(): Unable to find uid for ispconfig in /tmp/ispconfig3_install/install/lib/installer_base.lib.php on line 3554 PHP Warning: chgrp(): Unable to find gid for ispconfig in /tmp/ispconfig3_install/install/lib/installer_base.lib.php on line 3555 chown: invalid user: ‘ispconfig:ispconfig’ Configuring DBServer Installing ISPConfig crontab Detect IP addresses Restarting services ... Installation completed. I try to connect to the ispconfig panel, and i get : Code: Then when i try to connect, i get : Not accessible website ERR_CONNECTION_REFUSED If you ask about iptables : Code: sudo iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 149 12250 f2b-postfix-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25 36286 37M f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain f2b-sshd (1 references) pkts bytes target prot opt in out source destination 18 1232 REJECT all -- * * 115.240.206.206 0.0.0.0/0 reject-with icmp-port-unreachable 20 1580 REJECT all -- * * 61.177.173.61 0.0.0.0/0 reject-with icmp-port-unreachable 30671 37M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2b-postfix-sasl (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 212.70.149.72 0.0.0.0/0 reject-with icmp-port-unreachable 149 12250 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 And when i tried to look about vhost, it's look quite stressing : Code: root@rackam:/home/orxagrondii# cd /etc/apache2/sites-enabled/ root@rackam:/etc/apache2/sites-enabled# ls 000-default.conf root@rackam:/etc/apache2/sites-enabled# For me, parts are missing. And to comply with the post from till, the test show : Code: cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 10 (buster) [INFO] uptime: 10:52:37 up 10 days, 12:19, 1 user, load average: 0.01, 0.02, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 62Gi 899Mi 48Gi 287Mi 12Gi 60Gi Swap: 31Gi 0B 31Gi [INFO] systemd failed services status: 0 loaded units listed. Pass --all to see loaded but inactive units, too. To show all installed unit files use 'systemctl list-unit-files'. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.8p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.3.31-1~deb10u1 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.3.31 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "submission" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 8470) [INFO] I found the following mail server(s): Unknown process (smtpd) (PID 7418) [INFO] I found the following pop3 server(s): Dovecot (PID 21098) [INFO] I found the following imap server(s): Dovecot (PID 21098) [INFO] I found the following ftp server(s): PureFTP (PID 21750) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:993 (21098/dovecot) [anywhere]:995 (21098/dovecot) [localhost]:10023 (23990/postgrey) [localhost]:10024 (25024/amavisd-new) [localhost]:11211 (27165/memcached) [anywhere]:110 (21098/dovecot) [anywhere]:143 (21098/dovecot) [anywhere]:465 (21056/master) ***.***.***.***:53 (22250/named) [localhost]:53 (22250/named) [anywhere]:21 (21750/pure-ftpd) [anywhere]:22 (818/sshd) [localhost]:953 (22250/named) [anywhere]:25 (7418/smtpd) *:*:*:*::*:443 (8470/apache2) *:*:*:*::*:993 (21098/dovecot) *:*:*:*::*:995 (21098/dovecot) *:*:*:*::*:10023 (23990/postgrey) *:*:*:*::*:10024 (25024/amavisd-new) *:*:*:*::*:3306 (19497/mysqld) [localhost]10 (21098/dovecot) [localhost]43 (21098/dovecot) *:*:*:*::*:80 (8470/apache2) *:*:*:*::*:465 (21056/master) *:*:*:*::*:53 (22250/named) *:*:*:*::*:21 (21750/pure-ftpd) *:*:*:*::*:22 (818/sshd) *:*:*:*::*:953 (22250/named) *:*:*:*::*:25 (7418/smtpd) ##### IPTABLES ##### ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh Thanks for the help that you will provide, i have no clue how to fix it. Best rgrs
Just use ISPConfig auto installer if you are not well versed with building ISPConfig server manually. https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
Dear ahrasis, thanks for your answer. Well, you proposed at least a solution, that's true. But i will be pleased to find the problem that i have on my current installation for many reasons : - it will help me to improve my level and be better versed with building ISPConfig server manually - it allow me to use personnal setting and not to have tor reconfigure everything with new password increasing the protection of my server. - is-it not the aim of this forum ? I think that i provide a lot of informations to help me in that way so please, could help me to fix the current issue ? Kind regards P.
Seems as if the ISPConfig installer was not able to add the user and group 'ispconfig' That#s w very uncommon issue as it means that even basic commands like adding users and groups fail on your system. Or you did not run the installer as root to if you originally logged in as another user, you did not use 'su -' to become root, e.g. using 'su' without - would cause all kinds of failures on Debian since 10. Then you seem not to have edited postfix master.cf in the way that's described in the tutorial as the submission part seems to be missing or not enabled. And that the test script was not able to run ifconfig command is uncommon too and might be the result of not running it as root or being logged in as root in the wrong way (see my explanation above).
Hello till, As you could see i was logged as root : Code: root@rackam:/home/orxagrondii What is bizare for me on the new version of debian : - after the initial installation from OVH of my Debian server 10, OVH create a user "debian" and send me by email a link where i could have the initial password to connect to my server. - when i connect to my server with this user (debian & password associated), this user is CHROOT and of course, i don't want user to have this, for me it's a security breach. - so logged with debian user and i create another user : Code: sudo adduser orxagrondii - I create a password to access to root Code: sudo passwd root - i delog from debian, i log in orxagrondii then su to pass root - i install PERL because i need it to remove a user with the next command Code: apt-get install perl - i delete the debian user Code: sudo deluser --remove-home debian That the only think that i do before starting your tutorial to be sure that the safety is not compromise. For me, that's perfectly normal and nothing wrong with that. But, the bizare thinks for me, is, even logged as root, some time i need to add "sudo" on some command otherwise, it's not working which is strange for me : logged as root, i don't understand why i have to add that.
oooops i read again your answer ... you're right : i use Code: su not Code: su - I was not aware of this change ......... So that means logged on an user, to pass root, now you have to writte Code: su - how bizarre ?? i never read that before.
It has been the case since I started using Unix 30 years ago that su - is needed to get proper root environment in the session. The man page of su explains this. Now I learn it should nowadays be --login and not plain -.
We explicitly mention that in the Debian 10 perfect server guides (even if it's not ISPConfig specific, but many users missed the change from Debian 9 to 10, on Debian 9, su without - was working, starting with Debian 10, one must use su - or the PATH variable is not initialized correctly and many system apps were not found by the root user then. But as @Taleman mentioned, one should have used 'su -' before Debian 10 as well, nonetheless, it worked before and apparently someone seems to have decided to remove the workaround that made the 'wrong' su usage acceptable Quote from Debian 10 perfect server guide:
That --login shall be used now is new to me too, thanks for pointing this out. I guess I should consult the man page again
Ok so just to be sure, the normal way now to pass from a user to root is : Code: myuser@rackam:~$ su --login And no change for sudo ? so for example to log into root as a user chroote, it's become : Code: sudo su --login but remain : Code: sudo adduser myuser Confirm ?
Is it necessary to use sudo with su? I would have thought sudo su is wrong. And not needed at least, since using just su works.
On Debian, you don't need sudo to become root user via su, on Ubuntu you probably will need sudo and I would say leave out sudo if you don't need it.
ok so with the inital user which is « chrooted »provided by ovh which is the only one available after the initial installation, when there is not yet a password for root, After login on this user, how do you switch to root on a correct way to create your first user and create a password for root ?
If you don't have a password for the root user and just a sudo enabled non root user available, then you must use sudo indeed. That's basically the setup that Ubuntu uses by default. Getting a root shell via sudo is normally done with the command: Code: sudo -s the su command is not needed then.