Error 403 on new web

OK no prob! Thank you!

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Debian GNU/Linux 12 (bookworm)

[INFO] uptime:  18:17:19 up  6:34,  1 user,  load average: 0,02, 0,01, 0,00

[INFO] memory:
              gesamt       benutzt     frei      gemns.  Puffer/Cache verfügbar
Speicher:       15Gi       2,5Gi        12Gi       100Mi       1,1Gi        13Gi
Swap:             0B          0B          0B

[INFO] systemd failed services status:
  UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.11p2


##### VERSION CHECK #####

[INFO] php (cli) version is 8.2.18
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.2.18

##### PORT CHECK #####


##### MAIL SERVER CHECK #####

[WARN] I found no "smtps" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Apache 2 (PID 921)
[INFO] I found the following mail server(s):
    Postfix (PID 1288)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 678)
[INFO] I found the following imap server(s):
    Dovecot (PID 678)
[INFO] I found the following ftp server(s):
    PureFTP (PID 1067)

##### LISTENING PORTS #####
Server)        ()
Local        (Address)
[localhost]:11211        (682/memcached)
[anywhere]:995        (678/dovecot)
[anywhere]:993        (678/dovecot)
[anywhere]:587        (1288/master)
[anywhere]:465        (1288/master)
[anywhere]:110        (678/dovecot)
[anywhere]:22        (719/sshd:)
[anywhere]:21        (1067/pure-ftpd)
[anywhere]:25        (1288/master)
[anywhere]:143        (678/dovecot)
[localhost]:3306        (812/mariadbd)
[localhost]:11334        (742/rspamd:)
[localhost]:11333        (742/rspamd:)
[localhost]:11332        (742/rspamd:)
[localhost]:953        (683/named)
[localhost]:953        (683/named)
[localhost]:953        (683/named)
[localhost]:953        (683/named)
[localhost]:53        (683/named)
[localhost]:53        (683/named)
[localhost]:53        (683/named)
[localhost]:53        (683/named)
[localhost]:10023        (490/postgrey)
[localhost]:6379        (685/redis-server)
***.***.***.***:53        (683/named)
***.***.***.***:53        (683/named)
***.***.***.***:53        (683/named)
***.***.***.***:53        (683/named)
*:*:*:*::*:995        (678/dovecot)
*:*:*:*::*:993        (678/dovecot)
*:*:*:*::*:587        (1288/master)
*:*:*:*::*:465        (1288/master)
*:*:*:*::*:443        (921/apache2)
*:*:*:*::*:80        (921/apache2)
[localhost]10        (678/dovecot)
*:*:*:*::*:22        (719/sshd:)
*:*:*:*::*:21        (1067/pure-ftpd)
*:*:*:*::*:25        (1288/master)
[localhost]43        (678/dovecot)
*:*:*:*::*:6379        (685/redis-server)
*:*:*:*::*:10023        (490/postgrey)
*:*:*:*::*5833:beff:fe44:53        (683/named)
*:*:*:*::*5833:beff:fe44:53        (683/named)
*:*:*:*::*5833:beff:fe44:53        (683/named)
*:*:*:*::*5833:beff:fe44:53        (683/named)
*:*:*:*::*:953        (683/named)
*:*:*:*::*:953        (683/named)
*:*:*:*::*:953        (683/named)
*:*:*:*::*:953        (683/named)
*:*:*:*::*:53        (683/named)
*:*:*:*::*:53        (683/named)
*:*:*:*::*:53        (683/named)
*:*:*:*::*:53        (683/named)
*:*:*:*::*:11334        (742/rspamd:)
*:*:*:*::*:11332        (742/rspamd:)
*:*:*:*::*:11333        (742/rspamd:)
*:*:*:*::*:8081        (921/apache2)
*:*:*:*::*:8080        (921/apache2)
2a03:4000:55:f45:583:53        (683/named)
2a03:4000:55:f45:583:53        (683/named)
2a03:4000:55:f45:583:53        (683/named)
2a03:4000:55:f45:583:53        (683/named)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
f2b-sshd   6    --  [anywhere]/0            [anywhere]/0            multiport dports 22
f2b-postfix-sasl  6    --  [anywhere]/0            [anywhere]/0            multiport dports 25

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination         
REJECT     0    --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
RETURN     0    --  [anywhere]/0            [anywhere]/0           

Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     0    --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
REJECT     0    --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
RETURN     0    --  [anywhere]/0            [anywhere]/0           




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh

Code:

Apache log tail:

[CODE][Sat Jun 08 11:42:48.225840 2024] [ssl:error] [pid 921:tid 140218105112448] AH02604: Unable to configure certificate hostname.domain.tld:8081:0 for stapling
[ N 2024-06-08 11:42:48.2365 869/T1 age/Cor/CoreMain.cpp:1325 ]: Passenger core shutdown finished
[Sat Jun 08 11:42:48.243598 2024] [:notice] [pid 921:tid 140218105112448] mod_python: Creating 8 session mutexes based on 0 max processes and 25 max threads.
[Sat Jun 08 11:42:48.243620 2024] [:notice] [pid 921:tid 140218105112448] mod_python: using mutex_directory /tmp
[Sat Jun 08 11:42:48.310046 2024] [mpm_event:notice] [pid 921:tid 140218105112448] AH00489: Apache/2.4.59 (Debian) mod_fcgid/2.3.9 Phusion_Passenger/6.0.17 OpenSSL/3.0.11 mod_python/3.5.0+git20211031.e6458ec Python/3.11.2 mod_perl/2.0.12 Perl/v5.36.0 configured -- resuming normal operations
[Sat Jun 08 11:42:48.310085 2024] [core:notice] [pid 921:tid 140218105112448] AH00094: Command line: '/usr/sbin/apache2'
[ E 2024-06-08 11:42:50.3093 945/T6 age/Cor/SecurityUpdateChecker.h:521 ]: A security update is available for your version (6.0.17) of Phusion Passenger(R). We strongly recommend upgrading to version 6.0.22.
[ E 2024-06-08 11:42:50.3093 945/T6 age/Cor/SecurityUpdateChecker.h:526 ]: Additional security update check information:
- [Fixed in 6.0.19] [CVE-2023-38545] A vulnerability existed in libcurl before 8.4.0 which was the library used for Passenger proxy functionality. Exploiting this vulnerability would require two preconditions. First a SOCKS5 proxy to be configured for Passenger licensing, anonymous telemetry, or security update check which is not the default but is possible. Second the attacker would need to cause Passenger to use an attacker-controlled URL when performing these requests. Causing Passenger to use non-standard urls requires that the attacker already have code execution on the Passenger host, or control of the Passenger config. If exploited this vulnerability could lead to code execution, due to buffer overflow.
[Sat Jun 08 12:53:05.681319 2024] [autoindex:error] [pid 1003:tid 140216455132864] [client 198.235.24.96:61286] AH01276: Cannot serve directory /var/www/apps/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,standard_index.html) found, and server-generated directory index forbidden by Options directive

OS: Debian 12.2.0-14
PHP: PHP 8.2.18
Webserver: Apache/2.4.59 (Debian)


Thank you!

 

Mariadb starts with no issues:

Code:

root@hostname:/tmp# mariadb
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 5164
Server version: 10.11.6-MariaDB-0+deb12u1 Debian 12

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

BTW:

Mysql also starts:

Code:

root@hostname:/tmp# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 5171
Server version: 10.11.6-MariaDB-0+deb12u1 Debian 12

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Is that correct or did I accidentally install mysql in some process but it is completely unnecessary because Mariadb is completely sufficient?

 

I can log in to ispconfig without any problems! Luckily, there is another website running on the server that is much more important

I can't remember changing anything in the Mariadb config. I tried installing Zend Engine to get a Joomla extension running, but that should only affect PHP, not SQL...

 

But I don't want to stress you out any more! I'll have to reinstall the server anyway to avoid future problems!

Unfortunately, I've always done everything on the server without documenting it. I'll have to install a CVS system and get used to using it...

Thank you for your help anyway! The most important things are still running on the server, so there's still some time for everything.

 

Okay, that's true - for someone who knows how to solve this problem, but at the moment I just can't get the wiki to work because the installer can't connect to the database!

I'll have to spend a few more days to fix it at some point, or I'll make a backup of the two other sites that run on the server, reinstall and restore the backup. That would only take me an hour or two at most...

 

Have tried it with localhost and 127.0.0.1, both produce the same error

But I'll give it another try and delete the whole (site & DB) and set it up again ...

 

OK

Ive deleted the whole and and the Database, uploaded Mediawiki again, created The database user and the database and tried to perform the installation:

with localhost:


with 127.0.0.1:


a

Code:

SELECT user FROM mysql.user;

tells that the user exists

and my.cnf (/etc/mysql/my.cnf) contains the port:


and "nmap localhost" and "nmap 127.0.0.1 shows port is accessile!

Code:

3306/tcp open  mysql

I'm on the end with my latin!
Any Ideas?

 

lol that's funny!

Meanwhile /etc/mysql/my.cnf changed:

Code:

# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html

# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.

# Here is entries for some specific programs
# The following values assume you have at least 32M ram

!includedir /etc/mysql/conf.d/

while /etc/mysql/conf.d/ contains mysql.cnf mysqldump.cnf

mysql.cnf:

Code:

[mysql]

mysqldump.cnf

Code:

mysqldump]
quick
quote-names
max_allowed_packet    = 16M

 

Uups no!

That was my local machine

the servers still shows /etc/mysql/my.cnf:

Code:

# The MariaDB configuration file
#
# The MariaDB/MySQL tools read configuration files in the following order:
# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read.
# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
# 4. "~/.my.cnf" to set user-specific options.
#
# If the same option is defined multiple times, the last one will apply.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/

#
# This group is read both by the client and the server
# use it for options that affect everything
#
[client-server]
# Port or socket location where to connect
port = 3306
socket = /run/mysqld/mysqld.sock

Sorry my fault

 

That was a misstype ...
I just could not not delete the image once posted.

The settings I use each time are correct:


same with localhost