Ubuntu 20.04, PHP 7.4, ISPConfig 3.2.8p2, Nginx I've recently migrated (using the ISPConfig migrate tool) from Ubuntu 16.04 and a slightly older ISPConfig that was working fine. Now, when I make *some* changes to a site's configuration within ISPConfig, then the UI hangs with the 'loading' box for 30 seconds or so. The loading box then disappears, but no changes have actually been made (and the 'pending changes' counter does not appear). Some changes work fine. It only seems to happen if the data being submitted is 'big', eg if I try to save SSL certificates, or if there is a lot of data in the 'nginx Directives' box in the 'Options' tab. For instance, if I make a new site, it's fine, go to the 'Options' tab and put '#test' in the nginx directives box, that will save fine, but then if I put a comment in that is a few lines long, then it hangs. I've spent many hours trying to debug this, and am now stuck and despairing. To try and diagnose it, I put logging comments (using 'file_put_contents') in the 'sites/web_vhost_domain_edit.php' file - when the settings save, then the logging entries are logged so it looks as if they are working, but when the settings hang, then NOTHING is logged - even if I log the first line of the PHP file - it's as if the PHP script isn't even being started in that case. It's as if, if there is a certain amount of data being posted, then the PHP isn't running at all, but I can't see why that would be! The web browser reports that the connection was dropped, and the 'access.log' on the server shows a 408 (timeout) error. No relevant errors are logged in the Nginx 'errors.log' or the 'ispconfig.log' In case it helped, I've tried doing 'ispconfig_update.sh --force' and let it reconfigure everything. It made no difference. Also the server has been rebooted - no difference. I'm getting to the point where I'm going to set up another instance of the server, but I'm not keen on buying a second licence for the ISPConfig Migrate tool given that I'm only doing it because this instance is misbehaving badly. Other sites on the same server seem OK - eg I have a Wordpress blog running on the server (same version of PHP). I can create a long post in that with no problems whatsoever. Any ideas of things to try? HTF_Report.TXT output Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 20.04.5 LTS [INFO] uptime: 22:40:38 up 1:58, 5 users, load average: 0.18, 0.12, 0.09 [INFO] memory: total used free shared buff/cache available Mem: 7.7Gi 2.4Gi 3.1Gi 175Mi 2.2Gi 4.8Gi Swap: 4.0Gi 0B 4.0Gi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.8p2 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.32 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.32 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (nginx:) (PID 18666) [INFO] I found the following mail server(s): Postfix (PID 11001) [INFO] I found the following pop3 server(s): Dovecot (PID 11069) [INFO] I found the following imap server(s): Dovecot (PID 11069) [INFO] I found the following ftp server(s): PureFTP (PID 11148) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:953 (11163/named) [anywhere]:25 (11001/master) [localhost]:9049 (815/php-fpm:) [anywhere]:443 (18666/nginx:) [anywhere]:4190 (11069/dovecot) [localhost]:9054 (815/php-fpm:) [anywhere]:993 (11069/dovecot) [anywhere]:1443 (18666/nginx:) [anywhere]:995 (11069/dovecot) [localhost]:10023 (1265/postgrey)[localhost]:10024 (11033/amavisd-new) [localhost]:10025 (11001/master) [localhost]:10026 (11033/amavisd-new) [localhost]:10027 (11001/master) [anywhere]:587 (11001/master) [localhost]:6379 (1016/redis-server) [localhost]:11211 (791/memcached) [localhost]:9038 (13893/php-fpm:) [anywhere]:110 (11069/dovecot) [anywhere]:143 (11069/dovecot) [anywhere]:111 (1/init) [anywhere]:80 (18666/nginx:) [anywhere]:8080 (18666/nginx:) [anywhere]:8081 (18666/nginx:) [anywhere]:465 (11001/master) [localhost]:9011 (13893/php-fpm:) [localhost]:9043 (804/php-fpm:) ***.***.***.***:53 (11163/named) [localhost]:53 (11163/named) [anywhere]:21 (11148/pure-ftpd) ***.***.***.***:53 (766/systemd-resolve) [localhost]:9014 (815/php-fpm:) [anywhere]:22 (924/sshd:) *:*:*:*::*:25 (11001/master) *:*:*:*::*:953 (11163/named) *:*:*:*::*:443 (18666/nginx:) *:*:*:*::*:4190 (11069/dovecot) *:*:*:*::*:993 (11069/dovecot) *:*:*:*::*:995 (11069/dovecot) *:*:*:*::*:10024 (11033/amavisd-new) *:*:*:*::*:10026 (11033/amavisd-new) *:*:*:*::*:3306 (10276/mysqld) *:*:*:*::*:587 (11001/master) *:*:*:*::*:6379 (1016/redis-server) [localhost]10 (11069/dovecot) [localhost]43 (11069/dovecot) [localhost]11 (1/init) *:*:*:*::*:80 (18666/nginx:) *:*:*:*::*:8080 (18666/nginx:) *:*:*:*::*:8081 (18666/nginx:) *:*:*:*::*:465 (11001/master) *:*:*:*::**:*:*:*::*53 (11163/named) *:*:*:*::*:53 (11163/named) *:*:*:*::*:21 (11148/pure-ftpd) *:*:*:*::*:22 (924/sshd:) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:4190 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT tcp -- ***.***.***.***/24 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- ***.***.***.***/24 [anywhere]/0 tcp dpt:3306 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
It is possible the ISPConfig installation is broken, but no need to purchase another Migration Tool licence. from https://www.ispconfig.org/add-ons/ispconfig-migration-tool/ You seem to have read the Read Before -article, but did you follow the debugging instructions on why ISPConfig is not writing changes to disk? The common issues -script show snap service is failing. It is worth fixing, although I do not now what it does.
Ah. I obviously misread it. I remember reading that I could use it on one source server multiple times. I'm not sure where I got that from.. Yes. That is debugging why changes aren't written to the database once they're in the job queue. In my problem, they're not even getting to the job queue. The ISPConfig logging doesn't contain anything when it hangs. (As mentioned, it looks as if the PHP scripts aren't even being run - as if the PHP-FPM installation is broken, but just for the ispconfig site - every other PHP7.4 site on the same server seems to work fine) As I understand it, Snap is for 'prebuilt apps'. I'm not entirely sure how it's different from the standard apt repository and I've never used it. I can't see that it's relevant for this problem. But, just in case, I've reinstalled snap and it's now running OK - but it has made no difference.
The problem is that something with your php installation is wrong, PHP fails in a way that it is not able to even log or show an error. The problem indeed is that it is very complicated to fix it if you don't get a hint of what fails in php. maybe try to run: /usr/local/ispconfig/server/server.sh as root user, do you get any error? It's a small chance that the same issues pos up in server script, but worth a try. And double check that php-fpm default is really php 7.4 and not 8.x.
Yes, that is what I suspect, but it works *most* of the time. Indeedy I don't think there's anything useful there Code: root@ispserver5:/etc/pure-ftpd/conf# /usr/local/ispconfig/server/server.sh 06.10.2022-10:32 - DEBUG [plugins.inc:155] - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'. 06.10.2022-10:32 - DEBUG [server:217] - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock finished server.php. I've put a little PHP script with just 'phpinfo()' in the ISPConfig web UI folder and accessed it through the port 8080 HTTP server, and that says it's PHP 7.4.32, so (unless I'm badly mistaken) that same PHP should be being used for the rest of the ISPConfig web UI (See attached screenshot) I'm working up to building a fresh instance of ISPConfig and test this particular problem right from the start so that if it happens again, I'll maybe know what triggered it.
OK. This is infuriating. I created a fresh instance yesterday using the auto-install scripts. Migrated everything to it. Everything worked fine. But now, it's started behaving exactly the same again. It was working earlier today, but now it's stopped, and I don't know what caused it.
OK. Now that's weird. This morning they're back working again. I set it migrating from Instance 3 to a new Instance 4 and went to bed. Come back in the morning to do further tests on Instance 4, and now Instance 2 and Instance 3 are both working correctly again (as well as Instance 4) If the FPM server was 'overloaded' would that cause the problem I'm having? Is there any way to check that?
