After migration mail accounts appear in ispconfig contol panel but can't bring anything up when I http://mail.mysite.com or even with the :8081. Something is wrong. Not sure what version it installs. I think postfix and roundcube but not sure how to track this down, test and fix the issue. I just don't want to start loosing mail now that the server is back online Error is "403 forbidden" by nginx ISPCONFIG is reporting the following: Web-Server: Online SMTP-Server: Online POP3-Server: Online IMAP-Server: Online DNS-Server: Online mySQL-Server: Online So not sure why I can't http to mail I think all this happened because I tried to go from apache to nginx. I probably should not have tried to migrate and just used the new system and manually added? If anyone can help me bail out of this it would be greatly appreciated. I don't mind doing all my websites over. Not much there but mail is a big issue. Some sites work and some don't. If I delete websites and re-create they seem to work okay but mail is out to lunch. Thanks! Art
Yes ispconfig installs postfix dovecot and roundcube. And in your case nginx as webserver. Have you tried https://mail.mysite.com/roundcube (with port 8081)?
Try deleting you apps.vhost and force update ISPConfig for it to be reconfigured with the default that came with it.
No. This issue is not related to the migration at all. Its an issue that you somehow did not have webmail installed. No big deal, you can install it later at any time. But you probably should not have switched from Apache to Nginx, unless you know Nginx well. Nginx and Apache are not fully compatible, so switching from Apache to Nginx can be done, but it requires that you create rules for every site that uses custom rules or .htaccess files. That's to be expected when switching from Apache to Nginx. You must create proper rules for the sites, e.g. when they use WordPress. So what's your mail issue? You have not posted any errors yet. Webmail or RoundCube is not your mail system, its just a webmail client, so like Outlook but with a web GUI. Your mail system is Postfix, Dovecot, rspamd. If you have an issue with your mail system, then please post the error that you get in the mail.log file.
I did get mail to work by using https: or http://mysite:8081/webmail. As you said some sites worked and some did not. It's been a real battle here. I am getting lots of errors with sites now and can no longer get the ispconfig control panel to work anymore. Errors like: "server" directive is not allowed here in /etc/nginx/sites-enabled" and "invalid parameter "R,L" in /etc/nginx/sites-enabled" (I believe this one is from apache migration to nginx). I did read about replacing these and got everything working before with a new lines that were more nginx friendly but I can't find that page anymore. I couldn't get ispconfig control panel to load initially until I change 2 of the virtual host file that were getting this error. Now I can't load the control panel any longer. I think it was because I updated/upgraded from the command line and then restarted the ngnix. I think it updated debian as well and that's when things really went bad. At this point I am willing to just manually re-create all my sites and email accounts. Ideally I would like to salvage anything I can. My question is can I remove ISPconfig completely, re-install it with NGINX (even though I came from apache) and not loose my mail for each user? If not then I am pretty screwed or may have to try another 2 day migration from apache to apache. I will need to setup a whole new system, migrate from apache to apache and spend lots of time importing or merging mail. I really don't know what else to do. Like Till hinted towards, migrating from apache to nginx is probably the issue with much of this. My hope was just to update to a faster web server but in the end all I did was cause myself lots of pain. I think should ultimately be running NGINX unless you think that's not a good plan? Maybe another option is just to remove nginx and reinstall apache? I am just grabbing at straws at this point. Please help!!!!!
If you migrate, just migrate normally, make sure all things working just fine as it is before. From there, make copy(ies) to test conversion to nginx, which is not so difficult as I mentioned earlier. Until your nginx trial works, you can keep trying. Though I mentioned steps that sounds simple, it is actually that simple if you grab and execute them right. Good luck!
My previous apache server was working fine. I guess I didn't realize that the migration tool would not handle this conversion. It wouldn't be that bad but not having access to the ISPCONFIG control panel any longer is a problem, Not sure how to make peace with the /etc/nginx/sites-enabled files that are of issue to get this going again. Also, the fear is if I ever update the server again that this will only happen again because things are written for both apache and nginx.
Delete all symlinks of your websites in /etc/nginx/sites-enabled and try to get nginx going with the control panel. Then you can disable all websites properly in ispconfig and fix them one by one.
The Migration hadles the conversion of files written and managed by ISPConfig. But it can not read the source code of all your installed websites to anlyze it and create matching Nginx directives for custom configs. Nginx is a special software, and while you can basically run any software that you can run on Apache, you must know how to write custom configs for your sites. It is only useful if you know it well. If you do not know it, then it makes no sense to use it. You should consider contacting Thom from ISPConfig business support and get a quote for cleaning up your system: https://www.ispconfig.org/get-support/?type=ispconfig
Then make a copy/copies of it and use the copy for your trial. Nobody says it will. May be, but you can fix it first, if you want. Just remove all apache2 traces install via apt, and ISPConfig, when calibrated, won't detect nor use it, so it will only uses nginx. To be frank, when I did my migration it was Ubuntu 16, 10 years ago, but I do not think that it has too much different nowadays.
Okay, I deleted the apps.vhost for each site and forced ispconfig update. That got me going again, many thanks! I am having issue with trying to make the subdomain "mail" under ispconfig "subdomains" point to https://mysite.com:8081/webmail but it won't work. Here is the file and not sure what I am doing wrong but it seems like ispconfig is setting this up wrong from a default config file somewhere. Here is what I have that does not work below: server { listen *:80; listen [::]:80; server_name mail.mysite.com; location ^~ /.well-known/acme-challenge/ { access_log off; log_not_found off; root /usr/local/ispconfig/interface/acme/; autoindex off; index index.html; try_files $uri $uri/ =404; } location / { rewrite ^ https://www.mysite.com:8081/webmail$request_uri? redirect; } } The rewrite is not working. Not sure what I can do about that but if I can get by this so ISPCONFIG sets up things right for subdomains I think I would be okay. I noticed in the ISPCONFIG control panel that under SUBDOMAINS that a couple of them have "R,L (Temporary redirect + last rule) even though the pull down options below do not include that. Something in one of the defaults is causing this I'm sure even though I forced the update. Can't get subdomains to work properly Thanks! Art
I think the only realistic way I can make peace with this is to try another migration except from Apache to Apache. The only problem is now I have current mail all migrated to the server I setup that had the website from apache to nginx. If I do a more normal (I'll call it more normal) apache to apache migration how can I merge mail from the server that has ngnix? There are 3 servers now. My original apache ispconfig that I migrated to a new server with ngnix that has failed miserably. Then the third server that I will migrate from the original server except the original server does not have the most current mail. Once the new server goes online can I merge the ngnix server mail into the new server since that server has more current mail? I hope that's not confusing. It just doesn't make sense to try to migrate a failing server (the ngnix one), therefore I'm going back to the original that worked and just doing apache to apache migration. After I will try to get merge mail off the ngnix server (failing server but with more current mail). I just don't know how to go about merging mail for each user. Thankfully there are not that many users (maybe a few dozen) but still I don't want to loose mail I have saved. Thanks again in advance for any replies! Art
Sample of nginx ispconfig.vhost: Code: server { listen 8080 ssl; listen [::]:8080 ssl ipv6only=on; http2 on; ssl_protocols TLSv1.3 TLSv1.2; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; # ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; # ssl_prefer_server_ciphers on; # redirect to https if accessed with http error_page 497 https://$host:8080$request_uri; server_name _; root /usr/local/ispconfig/interface/web/; client_max_body_size 20M; location / { index index.php index.html; } # serve static files directly location ~* \.(ogg|ogv|svg|svgz|eot|ttf|otf|woff|woff2|mp4|mp3|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|html|xml|txt|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)(\?ver=[0-9.]+)?$ { access_log off; log_not_found off; expires max; #location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { # access_log off; } location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/lib/php8.3-fpm/ispconfig.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_read_timeout 1200; fastcgi_param HTTP_PROXY ""; } location ~ /\. { deny all; } } Sample of nginx apps.vhost: Code: server { listen 8081 ssl; listen [::]:8081 ssl ipv6only=on; http2 on; ssl_protocols TLSv1.3 TLSv1.2; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key; # redirect to https if accessed with http error_page 497 https://$host:8081$request_uri; server_name _; root /var/www/apps; client_max_body_size 100M; location / { index index.php index.html; } # serve static files directly location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { access_log off; } location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/lib/php8.3-fpm/apps.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } location ~ /\. { deny all; } location /datamanager { root /usr/share/; index index.php index.html index.htm; location ~ ^/datamanager/(.+\.php)$ { try_files $uri =404; root /usr/share/; include /etc/nginx/fastcgi_params; # To access datamanager, the default user (like www-data on Debian/Ubuntu) must be used #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/lib/php8.3-fpm/apps.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_read_timeout 1200; } location ~* ^/datamanager/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; access_log off; log_not_found off; expires max; } } location /data { rewrite ^/* /datamanager last; } ## ELFINDER FILE MANAGER CONFIG STARTS ## location /filemanager { root /usr/share/; index index.php index.html index.htm; location ~ ^/filemanager/(.+\.php)$ { try_files $uri =404; root /usr/share/; include /etc/nginx/fastcgi_params; # To access filemanager, create ftp users in ISPConfig UI #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/lib/php8.3-fpm/apps.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_read_timeout 1200; } location ~* ^/filemanager/(.+\.(ogg|ogv|svg|svgz|eot|ttf|otf|woff|woff2|mp4|mp3|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|html|xml|txt|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)(\?ver=[0-9.]+)?$) { root /usr/share/; access_log off; log_not_found off; expires max; } } location /file { rewrite ^/* /filemanager last; } ## ELFINDER FILE MANAGER CONFIG STARTS ## location /mailmanager { root /usr/share/; index index.php index.html index.htm; location ~ ^/mailmanager/(.+\.php)$ { try_files $uri =404; root /usr/share/; include /etc/nginx/fastcgi_params; # To access mailmanager, the default user (like www-data on Debian/Ubuntu) must be used #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/lib/php8.3-fpm/apps.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } location ~* ^/mailmanager/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; access_log off; log_not_found off; expires max; } } location /mail { rewrite ^/* /mailmanager last; } location /rspamd/ { proxy_pass http://127.0.0.1:11334/; rewrite ^//(.*) /$1; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Authorization; client_max_body_size 0; client_body_buffer_size 1m; proxy_intercept_errors on; proxy_buffering on; proxy_buffer_size 128k; proxy_buffers 256 16k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_max_temp_file_size 0; proxy_read_timeout 300; location ~* ^/rspamd/(.+\.(jpg|jpeg|gif|css|png|js|ico|html?|xml|txt))$ { alias /usr/share/rspamd/www/$1; } } } This is basically what I customized from ISPConfig original conf folder to conf-custom/install, but nothing in the default conf for ISPConfg and its apps vhost files that is not good, but all are good, only you customize what you want to achieve. The same goes to default conf for web site, if you are on ISPConfig nginx-only web server, resync might help to set the proper vhost for each website, when you can reach your ISPConfig GUI.
