When I use the following script to create a website and client through API functions I get a 403 error on my new website. Creating the website through ispconfig control panel works fine. I verified the linux group and linux user with other websites and they seem correct. I then chown -R root:client0 ../testing1.remcycle.net and chmod -R 744 ../testing1.remcycle.net But that didn't do anything for me. Suggestions would be great! PHP: <?php /* Copyright (c) 2007, Till Brehm, projektfarm Gmbh All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of ISPConfig nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //* Examples for the remoting framework //* Login credentials require('soap_config.php'); // Create the SOAP Client $client = new SoapClient(null, array('location' => $soap_location, 'uri' => $soap_uri)); try { //* Login to the remote server if($session_id = $client->login($username,$password)) { echo 'Logged into remote server sucessfully. The SessionID is '.$session_id.'<br />'; } $params = array( 'server_id' => 1, 'company_name' => $_POST["company"], 'contact_name' => $_REQUEST["name"], 'username' =>$_POST["username"], 'password' =>$_POST["password"], 'language' =>'en', 'usertheme' =>'default', 'street' =>$_POST["address"], 'zip' =>$_POST["zipcode"], 'city' =>$_POST["city"], 'state' =>$_POST["state"], 'country' =>$_POST["country"], 'telephone' =>$_POST["phone_number"], 'mobile' =>'', 'fax' =>'', 'internet' =>'', 'icq' =>'', 'notes' =>'', 'template_master' => '0', 'template_additional' =>'', 'default_mailserver' =>'1', 'limit_maildomain' =>'1', 'limit_mailbox' =>'-1', 'limit_mailalias' =>'-1', 'limit_mailforward' =>'-1', 'limit_mailcatchall' =>'-1', 'limit_mailrouting' => '-1', 'limit_mailfilter' =>'-1', 'limit_fetchmail' =>'-1', 'limit_mailquota' =>'-1', 'limit_spamfilter_wblist' =>'-1', 'limit_spamfilter_user' =>'-1', 'limit_spamfilter_policy' =>'-1', 'default_webserver' =>'1', 'limit_web_domain' =>'-1', 'web_php_options' =>"SuPHP", 'limit_web_aliasdomain' =>'-1', 'limit_web_subdomain' =>'-1', 'limit_ftp_user' =>'-1', 'limit_shell_user' =>'-1', 'ssh_chroot' =>'None', 'default_dnsserver' =>'1', 'limit_dns_zone' =>'-1', 'limit_dns_record' =>'-1', 'limit_client' =>'0', 'default_dbserver' =>'1', 'limit_database' =>'-1', 'limit_cron' =>'0', 'limit_cron_type' =>'', 'limit_cron_frequency' =>'-1'); $con = mysql_connect("localhost","noneya","******"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("dbispconfig", $con); $reseller_id = 0; $domain_id = $client->client_add($session_id, $reseller_id, $params); $tablename = "web_domain"; $next_increment = 0; $qShowStatus = "SHOW TABLE STATUS LIKE '$tablename'"; $qShowStatusResult = mysql_query($qShowStatus) or die ( "Query failed: " . mysql_error() . "<br/>" . $qShowStatus ); $row = mysql_fetch_assoc($qShowStatusResult); $next_increment = $row['Auto_increment']; $domain_id = $next_increment; $params_website = array('server_id' => 1, 'ip_address' => '*', 'domain' => $_POST["username"].'.remcycle.net', 'type' => 'vhost', 'parent_domain_id' => '', 'vhost_type' => 'name', 'hd_quota' => '50', 'traffic_quota' => '1000', 'cgi' =>'n', 'ssi' =>'n', 'suexec' =>'n', 'errordocs' =>'1', 'subdomain' =>'www', 'ssl' =>'n', 'php' =>"mod", 'ruby' =>'n', 'active' =>'y', 'redirect_type' =>'no', 'redirect_path' =>'', 'ssl_state' =>'', 'ssl_organisation' =>'', 'ssl_organisation_unit' =>'', 'ssl_country' =>'', 'ssl_domain' => $_POST["username"].'.remcycle.net', 'ssl_request' =>'', 'ssl_cert' =>'', 'ssl_bundle' =>'', 'ssl_action' =>'', //'stats_password' =>$password, 'stats_password' =>'', 'stats_type' =>'webalizer', 'backup_interval' =>'monthly', 'backup_copies' =>'1', 'document_root' =>'/var/www/remcycle.net/', 'system_user' =>'web'.$domain_id, 'system_group' =>'client0', 'allow_override' =>'All', 'php_open_basedir' =>'/var/www/clients/client0/web'.$domain_id.'/web:/var/www/clients/client0/web'.$domain_id.'/tmp:/var/www/'.$_POST["username"].'remcycle.net/web:/srv/www/'.$_POST["username"].'remcycle.net/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin', 'custom_php_ini' =>'', 'apache_directives' =>'', 'client_group_id' =>$client_id+1 ); $website_id = $client->sites_web_domain_add($session_id, $client_id, $params_website); //* ---------------------------------------------------------- //* Example functions //* ---------------------------------------------------------- /* //* Add a email domain $params = array( 'server_id' => 1, 'domain' => 'domain.tld', 'active' => 'y'); $client_id = 0; $domain_id = $client->mail_domain_add($session_id, $client_id, $params); */ /* //* Update email domain $params = array( 'server_id' => 1, 'domain' => 'domain.tld', 'active' => 'y'); //* ID of the client. 0 = the admin owns this record. $client_id = 0; // ID of the domain whch shall be updated. $domain_id = 1; // Call the domain update function $domain_id = $client->mail_domain_update($session_id, $client_id, $domain_id, $params); */ //* Logout if($client->logout($session_id)) { echo 'Logged out sucessfully.<br />'; } } catch (SoapFault $e) { die('SOAP Error: '.$e->getMessage()); } 2011-03-24 16:21 server1.remcycle.net Debug Processed datalog_id 259 2011-03-24 16:21 server1.remcycle.net Debug Apache online status after restart is: 1 2011-03-24 16:21 server1.remcycle.net Debug Calling function 'restartHttpd' from module 'web_module'. 2011-03-24 16:21 server1.remcycle.net Debug Apache status is: 1 2011-03-24 16:21 server1.remcycle.net Debug Writing the vhost file: /etc/apache2/sites-available/testing1.remcycle.net.vhost 2011-03-24 16:21 server1.remcycle.net Debug Disable SSL for: testing1.remcycle.net 2011-03-24 16:21 server1.remcycle.net Debug exec: chown web13:client43 /var/www/clients/client43/web13/log/error.log 2011-03-24 16:21 server1.remcycle.net Debug exec: chown web13:client43 /var/www/clients/client43/web13 2011-03-24 16:21 server1.remcycle.net Debug exec: chmod 751 /var/www/clients/client43/web13/* 2011-03-24 16:21 server1.remcycle.net Debug exec: chmod 751 /var/www/clients/client43/web13/ 2011-03-24 16:21 server1.remcycle.net Debug Adding the group: client43 2011-03-24 16:21 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client43/web13/ /var/www/clients/client43/testing1.remcycle.net 2011-03-24 16:21 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client43/web13/ /var/www/testing1.remcycle.net 2011-03-24 16:21 server1.remcycle.net Debug Moving site to new document root: mv /var/www/clients/client0/web13 /var/www/clients/client43 2011-03-24 16:21 server1.remcycle.net Debug Removed Symlink: rm -f /var/www/clients/client0/testing1.remcycle.net 2011-03-24 16:21 server1.remcycle.net Debug Removed Symlink: rm -f /var/www/testing1.remcycle.net 2011-03-24 16:21 server1.remcycle.net Debug Calling function 'update' from plugin 'apache2_plugin' raised by event 'web_domain_update'. 2011-03-24 16:21 server1.remcycle.net Debug Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_update'. I even tried to change the client hopping that would chmod and chown, but that didn't do anything either.
The site will not work with this chmod settings. Please delete the site in ispconfig, it can not be used for further teststs with this settings. Regarding your original problem, after you delete the website, create it again. Then try to access it and when you get an error, please look in the apache error.log of the website and post the exact error message that you find there. Also the document root in your script is wrong, a document root "/var/www/remcycle.net/" can not be used, as /var/www/remcycle.net/ is a symlink to the document root and not the folder that contains the website. The document root is a folder like /var/www/clients/client2/web1
Thank you for your reply. I have now changed PHP: 'document_root' =>'/var/www/remcycle.net/', to PHP: 'document_root' =>'/var/www/clients/client0/web'.$domain_id, I don't seem to have any errors in my log, but here is what I have 2011-03-24 19:23 server1.remcycle.net Debug exec: chown web14:client0 /var/www/clients/client0/web14 2011-03-24 19:23 server1.remcycle.net Debug exec: chown -R web14:client0 /var/www/clients/client0/web14 2011-03-24 19:23 server1.remcycle.net Debug Adding the user: web14 2011-03-24 19:23 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client0/web14/ /var/www/clients/client0/testing2.remcycle.net 2011-03-24 19:23 server1.remcycle.net Debug Creating Symlink: ln -s /var/www/clients/client0/web14/ /var/www/testing2.remcycle.net 2011-03-24 19:23 server1.remcycle.net Debug Creating Symlink: ln -s /var/log/ispconfig/httpd/testing2.remcycle.net /var/www/clients/client0/web14/log 2011-03-24 19:23 server1.remcycle.net Debug Calling function 'insert' from plugin 'apache2_plugin' raised by event 'web_domain_insert'. 2011-03-24 19:23 server1.remcycle.net Debug Calling function 'ssl' from plugin 'apache2_plugin' raised by event 'web_domain_insert'. 2011-03-24 19:23 server1.remcycle.net Debug Processed datalog_id 264 2011-03-24 19:23 server1.remcycle.net Debug Processed datalog_id 263 2011-03-24 19:23 server1.remcycle.net Debug Found 3 changes, starting update process. I of course deleted testing1.remcycle.net and this is the output of testing2.remcycle.net. Unfortunately even with me making the changes suggested I still get, "ERROR 403 - Forbidden! The following error occurred: You are not permitted to access the requested URL. Please contact the webmaster with any queries."
PLease check the error.log of the website. If you get a 403 error, then it must be listed there. I do not talk about the ispconfig log!
error.log Code: [Thu Mar 24 19:23:05 2011] [error] [client 98.226.168.246] client denied by server configuration: / [Thu Mar 24 20:26:32 2011] [error] [client 98.226.168.246] client denied by server configuration: / [Thu Mar 24 21:24:36 2011] [error] [client 98.226.168.246] client denied by server configuration: / [Thu Mar 24 21:24:36 2011] [error] [client 98.226.168.246] File does not exist: /var/www/testing2.remcycle.net/web/favicon.ico, referer: http://testing2.remcycle.net/ testing2.remcycle.net/index.html works. I guess I could fix it with an htaccess file , but I would prefer to figure out why the directory isn't forwarding to index.html.
Do you have a DirectoryIndex directive in your vhost? http://httpd.apache.org/docs/2.0/mod/mod_dir.html#directoryindex
both /etc/apache2/sites-available/testing2.remcycle.net.vhost /etc/apache2/sites-enabled/testing2.remcycle.net.vhost do not have DirectoryIndex. here is my vhost:
I tried to add "DirectoryIndex index.html" to the vhost and then restarted the system, but that did not solve the issue. I then deleted the website and readded it just in case that messed up ispconfig.
server1:~# ls -la /var/www/testing3.remcycle.net/web/ total 20 drwx--x--- 4 web15 client0 4096 2011-03-24 19:34 . drwxr-x--x 6 web15 client0 4096 2011-03-24 19:34 .. drwxr-xr-x 2 web15 client0 4096 2011-03-24 19:34 error -rwxr-xr-- 1 web15 client0 1861 2011-03-24 19:34 index.html drwxr-xr-x 2 root root 4096 2011-03-24 19:34 stats
Which setting do you use in system > server config > web > security level? The recommended setting is high. And which linux user and linux group is used for this website?
Ok, so as I am stumped as to why this is happening I have done a bad work around to fix the issue. in the .vhosts I changed the 403 error path to index.html. This restricts the users to having this exact file name. I will post an answer as soon I discover it.
Alright it has been long enough for me to be fed up with all this troubleshooting so instead of me just doing random things I find on the web I am going to have to do this in a more intelligent manner. ok So I need to start off by listing all the possibilities of a 403 error on a web site then from that list systematically rule out each issue until I get to the root cause. I need help with the first step of this process. My current list of possible causes is as follows: 1.Site is password protected. 2.Wrong Group for access 3. Wrong username for access 4.The website may be configured so as to disallow all attempted requests for directory listings When accessing the directory from the internet what user and group is used by the user to access those files? Is it client24:web52 *example*? Also I am having no issue when I create a website through the control panel. Does the API do this process manually or does it use whet ever the control panel uses? if it uses the same script then I would have to assume that the problem is in my registration script. Thank you for your help and I hope I can figure this out soon, otacon
Thats depends on the file type that you access and the options that you have set in the website. E.g. html files and images are accessed by the apache user while php scripts run under the web user when you have suexec enabled. Then its most likely a problem with your script. ISPConfig uses the same code to create a website wether you use the ispconfig interface or the api.
should these errorlogs be saying client denied by / "root"? Why would it be trying to access root? Is this normal or should it be /var/www/testing600.remcycle.net/web? ----------------------------------------------------- Ok I think that was the problem. I added <Directory /> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> to testing600.remcycle.net.vhost and now it works. Now I have to find out why it needs to go to the root directory. Will adding this to the vhost create a security risk? ------------------------------------------------------------------ another update. I have found the issue inside the vhost. in the vhosts that are created through API PHP: RewriteEngine on RewriteCond %{HTTP_HOST} ^test.remcycle.net [NC] RewriteRule ^/(.*)$ /$1 RewriteCond %{HTTP_HOST} ^www.test.remcycle.net [NC] RewriteRule ^/(.*)$ /$1 is added once this is removed the domain works perfectly. I am not sure what this means, but I will be doing a little googling to find out.
