Hello, after upgrading from ispconfig 3.0.5.3 to 3.0.5.4p1 my ability to run sites using php fpm has been lost. This is true for existing sites as well as newly created sites.. (as a temporary work around I have moved to all existing sites to suPHP). Newly added sites are disabled immediately. Below is the output of several logs and configs. It seems a problem exists with the FastCgiExternalServer directive of the vhost configuration ... I am using ipv6, i've read somewhere that could explain the (or similar) problem. I'm not sure what to do next... so any help is much appreciated. Thanks you Bas # Apache did not start after modifying this vhost file. # Please check file /etc/apache2/sites-available/testdommie.bushbaby.nl.vhost.err for syntax errors. === <Directory /var/www/testdommie.bushbaby.nl> AllowOverride None Require all denied </Directory> <VirtualHost *:81> DocumentRoot /var/www/clients/client1/web103/web ServerName testdommie.bushbaby.nl ServerAlias www.testdommie.bushbaby.nl ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/testdommie.bushbaby.nl/error.log Alias /error/ "/var/www/testdommie.bushbaby.nl/web/error/" ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 502 /error/502.html ErrorDocument 503 /error/503.html <IfModule mod_ssl.c> </IfModule> <Directory /var/www/testdommie.bushbaby.nl/web> Options +FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client1/web103/web> Options +FollowSymLinks AllowOverride All Require all granted </Directory> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web103 client1 </IfModule> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client1/web103/cgi-bin> Require all granted </Directory> <FilesMatch "\.php[345]?$"> SetHandler php5-fcgi </FilesMatch> Action php5-fcgi /php5-fcgi Alias /php5-fcgi /var/www/clients/client1/web103/cgi-bin/php5-fcgi-*-81-testdommie.bushbaby.nl FastCgiExternalServer /var/www/clients/client1/web103/cgi-bin/php5-fcgi-*-81-testdommie.bushbaby.nl -idle-timeout 300 -socket /var/lib/php5-fpm/web103.sock -pass-header Authorization </IfModule> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web103 client1 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client1/web103/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client1/web103/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> </VirtualHost> === From the apache log after a restart === [Sun May 04 14:51:49.561233 2014] [mpm_prefork:notice] [pid 30145] AH00169: caught SIGTERM, shutting down [Sun May 04 14:51:50.665295 2014] [ssl:warn] [pid 30960] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Sun May 04 14:51:50.665397 2014] [suexec:notice] [pid 30960] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Sun May 04 14:51:50.712782 2014] [:notice] [pid 30964] FastCGI: process manager initialized (pid 30964) [Sun May 04 14:51:50.757091 2014] [ssl:warn] [pid 30961] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Sun May 04 14:51:50.770200 2014] [mpm_prefork:notice] [pid 30961] AH00163: Apache/2.4.9 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.7 PHP/5.5.11-3+deb.sury.org~precise+1 OpenSSL/1.0.1 configured -- resuming normal operations [Sun May 04 14:51:50.770263 2014] [core:notice] [pid 30961] AH00094: Command line: '/usr/sbin/apache2' === root@s2:~# apachectl configtest AH00526: Syntax error on line 59 of /etc/apache2/sites-enabled/100-testdommie.bushbaby.nl.vhost: FastCgiExternalServer: redefinition of previously defined class "/var/www/clients/client1/web103/cgi-bin/php5-fcgi-*-81-testdommie.bushbaby.nl" Action 'configtest' failed. The Apache error log may have more information. === Below is the output from the ispconfig common issues check script. I'm using ubuntu 12.04 (up-to-date) and apache (2.4) + php (5.5) from deb.sury.org root@s2:~# cat htf_report.txt | more ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** IP-address(es) (as per ifconfig): ***.***.***.***, ***.***.***.*** [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.0.5.4p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 5.5.11-3+deb.sury.org~precise+1 ##### PORT CHECK ##### [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening [WARN] Port 465 (SMTP server SSL) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Unknown process (varnishd) (PID 13381) [INFO] I found the following mail server(s): Postfix (PID 31203) [INFO] I found the following pop3 server(s): Dovecot (PID 989) [INFO] I found the following imap server(s): Dovecot (PID 989) [INFO] I found the following ftp server(s): PureFTP (PID 30249) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:3306 (28163/mysqld) [anywhere]:587 (31203/master) [localhost]:6379 (4703/redis-server) [localhost]:11211 (4492/memcached) [anywhere]:27629 (1415/btsync-daemon) [anywhere]:110 (989/dovecot) [anywhere]:143 (989/dovecot) [localhost]:783 (5382/spamd.pid) [anywhere]:80 (13381/varnishd) [localhost]:8082 (15111/unicorn.rb) [anywhere]:21 (30249/pure-ftpd) ***.***.***.***:53 (2709/named) ***.***.***.***:53 (2709/named) [localhost]:53 (2709/named) [anywhere]:22 (2568/sshd) [localhost]:8888 (1415/btsync-daemon) [localhost]:9016 (7297/php-fpm [anywhere]:25 (31203/master) [localhost]:953 (2709/named) ***.***.***.***:2812 (5297/monit) [anywhere]:993 (989/dovecot) [localhost]:6082 (13380/varnishd) [anywhere]:995 (989/dovecot) [localhost]:10024 (27023/amavisd) [localhost]:10025 (30170/smtpd) *:*:*:*::*:587 (31203/master) [localhost]10 (989/dovecot) [localhost]43 (989/dovecot) *:*:*:*::*:8080 (30145/apache2) *:*:*:*::*:80 (13381/varnishd) *:*:*:*::*:81 (30145/apache2) *:*:*:*::*:21 (30249/pure-ftpd) *:*:*:*::*:53 (2709/named) *:*:*:*::*:22 (2568/sshd) *:*:*:*::*:25 (31203/master) *:*:*:*::*:953 (2709/named) *:*:*:*::*:443 (30145/apache2) *:*:*:*::*:993 (989/dovecot) *:*:*:*::*:995 (989/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-SSH tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 fail2ban-wordpress tcp -- [anywhere]/0 [anywhere]/0 multiport dports 80,443 fail2ban-postfix tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25,465 fail2ban-ssh-ddos tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 fail2ban-ssh tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-SSH (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-postfix (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-ssh-ddos (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-wordpress (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-xinetd-fail (0 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain fail2ban-xinetd-fail-log (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 6/min burst 2 LOG flags 0 level 4 prefix "fail2ban-xinetd-failROP " DROP all -- [anywhere]/0 [anywhere]/0
root@s2:~# ls -la /usr/local/ispconfig/server/conf-custom/ total 28 drwxr-x--- 6 ispconfig ispconfig 4096 May 1 22:31 . drwxr-x--- 14 ispconfig ispconfig 4096 Dec 27 2012 .. -rwxr-x--- 1 ispconfig ispconfig 45 May 1 22:31 empty.dir drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 error drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 index drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 install drwxr-x--- 2 ispconfig ispconfig 4096 May 1 22:31 mail
Ok, so there is no custom config. Did you modify the vhost template file in /usr/local/ispconfig/server/conf/ ?
Might have done that once (looking at the mod times in that dir). But i assume updating ispconfig voided any changes I might have made. Since the last update I have only adapted the apache plugin 'apache2_plugin.inc.php' to use port 81 as the default port (i'm using varnish) cat /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php | grep 81 $tmp_vhost_arr = array('ip_address' => $data['new']['ip_address'], 'ssl_enabled' => 0, 'port' => 81); $tmp_vhost_arr = array('ip_address' => '['.$data['new']['ipv6_address'].']', 'ssl_enabled' => 0, 'port' => 81); root@s2:~# ls -la /etc/apache2/sites-enabled/*.conf lrwxrwxrwx 1 root root 35 Aug 8 2013 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf lrwxrwxrwx 1 root root 38 Dec 25 23:49 /etc/apache2/sites-enabled/ci.bushbaby.nl.conf -> ../sites-available/ci.bushbaby.nl.conf lrwxrwxrwx 1 root root 39 Sep 2 2013 /etc/apache2/sites-enabled/git.bushbaby.nl.conf -> ../sites-available/git.bushbaby.nl.conf lrwxrwxrwx 1 root root 39 Sep 2 2013 /etc/apache2/sites-enabled/ispconfig.vhost.conf -> ../sites-available/ispconfig.vhost.conf lrwxrwxrwx 1 root root 40 Apr 24 11:15 /etc/apache2/sites-enabled/sync.bushbaby.nl.conf -> ../sites-available/sync.bushbaby.nl.conf lrwxrwxrwx 1 root root 31 Oct 8 2013 /etc/apache2/sites-enabled/webmail.conf -> ../sites-available/webmail.conf root@s2:~# ls -la /usr/local/ispconfig/server/conf/ total 176 drwxr-x--- 5 ispconfig ispconfig 4096 Nov 4 22:41 . drwxr-x--- 14 ispconfig ispconfig 4096 Dec 27 2012 .. -rwxr-x--- 1 ispconfig ispconfig 1592 May 1 22:31 apache_apps.vhost.master -rwxr-x--- 1 ispconfig ispconfig 3278 May 1 22:31 apache_ispconfig.conf.master -rwxr-x--- 1 ispconfig ispconfig 376 May 1 22:31 apps_php_fpm_pool.conf.master -rwxr-x--- 1 ispconfig ispconfig 862 May 1 22:31 autoresponder.master -rwxr-x--- 1 ispconfig ispconfig 2173 May 1 22:31 awstats_index.php.master -rwxr-x--- 1 ispconfig ispconfig 1445 May 1 22:31 bash.bashrc.master -rwxr-x--- 1 ispconfig ispconfig 14388 May 1 22:31 bastille-firewall.cfg.master -rwxr-x--- 1 ispconfig ispconfig 201 May 1 22:31 bind_named.conf.local.master -rwxr-x--- 1 ispconfig ispconfig 200 May 1 22:31 bind_named.conf.local.slave -rwxr-x--- 1 ispconfig ispconfig 2254 May 1 22:31 bind_pri.domain.master -rwxr-x--- 1 ispconfig ispconfig 872 May 1 22:31 debian_network_interfaces.master drwxr-x--- 18 ispconfig ispconfig 4096 Nov 4 2011 error -rwxr-x--- 1 ispconfig ispconfig 543 May 1 22:31 gentoo_network_interfaces.master -rwxr-x--- 1 ispconfig ispconfig 321 May 1 22:31 getmail.conf.master drwxr-x--- 2 ispconfig ispconfig 4096 Nov 4 2011 index drwxr-x--- 2 ispconfig ispconfig 4096 Oct 25 2013 mail -rwxr-x--- 1 ispconfig ispconfig 363 May 1 22:31 mailfilter_move_junk.master -rwxr-x--- 1 ispconfig ispconfig 4475 May 1 22:31 mm_cfg.py.master -rwxr-x--- 1 ispconfig ispconfig 39 May 1 22:31 motd.master -rwxr-x--- 1 ispconfig ispconfig 9903 May 1 22:31 nginx_apps.vhost.master -rwxr-x--- 1 ispconfig ispconfig 4492 May 1 22:31 nginx_reverse_proxy_plugin.vhost.conf.master -rwxr-x--- 1 ispconfig ispconfig 8055 May 1 22:31 nginx_vhost.conf.master -rwxr-x--- 1 ispconfig ispconfig 331 May 1 22:31 php-cgi-starter.master -rwxr-x--- 1 ispconfig ispconfig 837 May 1 22:31 php-fcgi-starter.master -rwxr-x--- 1 ispconfig ispconfig 1427 May 1 22:31 php_fpm_pool.conf.master -rwxr-x--- 1 ispconfig ispconfig 1193 May 1 22:31 sieve_filter_1.2.master -rwxr-x--- 1 ispconfig ispconfig 947 May 1 22:31 sieve_filter.master -rwxr-x--- 1 ispconfig ispconfig 12362 May 1 22:31 vhost.conf.master -rwxr-x--- 1 ispconfig ispconfig 8277 Aug 15 2012 vhost.conf.master.copy
Here is the problem: seems as if you renamed some website config files manually from .vhost to .conf. IN ISPConfig, all vhost files end with .vhost, by renaming the files, you created now duplicate symlinks which cause apache to fail.
Indeed these specific sites aren't managed by ISPConfig... I created these manually and added then via a2ensite. Mainly because the various applications install in different locations (gitlab has it own document root for example). This works and has been working fine for me. ISPConfig uses the *.conf.vhost versions, manually added use *.conf So the question remains, why does apache fail to start when I enable (or create a new) a site with php-fmp enabled but not for the other php setups? Are you able to confirm sure the ghost config is correct (from my example above testdommie.bushbaby.nl which was a new site created from the ISPConfig provided template)
Yes that was it! I had : # Include the virtual host configurations: IncludeOptional sites-enabled/ IncludeOptional sites-enabled/*.vhost Now i have : # Include the virtual host configurations: IncludeOptional sites-enabled/*.conf IncludeOptional sites-enabled/*.vhost Things are back to normal... thanks to you both
The cerrect include is to have just one line: IncludeOptional sites-enabled/ The way you cahnge dit will cause your setup to break again on next update.