Hi, I'm new to ispconfig, i have installed a vps with ubuntu 16 and ispconfig. It was working properly until i did a system update through webmin, suddenly i cannot access ispconfig. And if i type my ip, its redirecting to apache default page, also every domain/user account inside ispconfig are redirected into apache default page. What should i do to get my ispconfig working properly.? Thank You
Do an ispconfig update like this and choose to reconfigure services during update: Code: cd /tmp wget https://www.ispconfig.org/downloads/ISPConfig-3.1.15p3.tar.gz tar xvfz ISPConfig-3.1.15p3.tar.gz cd ispconfig3_install/install php -q update.php
It works... websites in that ispconfig are able to be accessed now. but the ispconfig main page is still failed, when i type ip-address:8080 it came up with Secure Connection Failed how to fix this please.? Thank You
Nope, both doesn't work. I was going to type complete url but since i am new here, so i cannot post any link without https, its just show a blank page, with https came up with Secure Connection Failed An error occurred during a connection to ip-address:8080. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LON
unfortunately it's not working, i have ran update.php again and recreating a new SSL certificate. but it still came up with Secure Connection Failed An error occurred during a connection to ip-address:8080. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LON
Hmm, you might check what's under /usr/local/ispconfig/interface/ssl, maybe it is symlinks to bad/nonexistent files or such. (The update was intended to fix that issue .. possibly it doesn't change/overwrite existing symlinks?) Aside from that, check the log files and cli output when you start apache and you'll likely see an error about the port 8080 site to work from.
I found /usr/local/ispconfig/interface/ssl doesn't symlinks, here it is : root@vps:/usr/local/ispconfig/interface/ssl# ls -l total 20 -rwxr-x--- 1 root root 45 Sep 19 12:16 empty.dir -rwxr-x--- 1 root root 1850 Sep 21 21:21 ispserver.crt -rwxr-x--- 1 root root 1704 Sep 21 21:21 ispserver.csr -rw-r--r-- 1 root root 3243 Sep 21 21:21 ispserver.key -rwxr-x--- 1 root root 3311 Sep 21 21:20 ispserver.key.secure root@vps:/usr/local/ispconfig/interface/ssl# here is what i got after restarting apache, i didn't see error on port 8080 : root@vps:/usr/local/ispconfig/interface/ssl# systemctl start apache2 root@vps:/usr/local/ispconfig/interface/ssl# systemctl status apache2 ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: active (running) since Tue 2020-09-22 16:48:56 WIB; 3s ago Docs: man:systemd-sysv-generator(8) Process: 17006 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS) Process: 1073 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS) Process: 17286 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS) CGroup: /system.slice/apache2.service ├─17341 /usr/sbin/apache2 -k start ├─17344 vlogger (access log ├─17345 /usr/sbin/apache2 -k start └─17346 /usr/sbin/apache2 -k start Sep 22 16:48:55 vps systemd[1]: Starting LSB: Apache2 web server... Sep 22 16:48:55 vps apache2[17286]: * Starting Apache httpd web server apache2 Sep 22 16:48:55 vps apache2[17286]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.co Sep 22 16:48:56 vps apache2[17286]: * Sep 22 16:48:56 vps systemd[1]: Started LSB: Apache2 web server.
The error you get usually (always?) indicates the server is talking http but your client expects https. What does apachectl -S show? The port 8080 vhost should be defined in /etc/apache2/sites-enabled/000-ispconfig.vhost, what does that file contain? (It should point to the certificate files you showed above.)
Here is what i get from apachectl -S root@vps:/usr/local/src# apachectl -S AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73 VirtualHost configuration: *:8081 vps.abcdefg.ac.id (/etc/apache2/sites-enabled/000-apps.vhost:9) *:8080 is a NameVirtualHost default server 103.xxx.xxx.xxx (/etc/apache2/sites-enabled/000-default.conf:1) port 8080 namevhost 103.xxx.xxx.xxx (/etc/apache2/sites-enabled/000-default.conf:1) port 8080 namevhost vps.abcdefg.ac.id (/etc/apache2/sites-enabled/000-ispconfig.vhost:9) *:80 is a NameVirtualHost default server cbt.abcdefg.ac.id (/etc/apache2/sites-enabled/100-cbt.abcdefg.ac.id.vhost:7) port 80 namevhost cbt.abcdefg.ac.id (/etc/apache2/sites-enabled/100-cbt.abcdefg.ac.id.vhost:7) alias www.cbt.abcdefg.ac.id port 80 namevhost digilib.abcdefg.ac.id (/etc/apache2/sites-enabled/100-digilib.abcdefg.ac.id.vhost:7) alias www.digilib.abcdefg.ac.id port 80 namevhost elearning.abcdefg.ac.id (/etc/apache2/sites-enabled/100-elearning.abcdefg.ac.id.vhost:7) alias www.elearning.abcdefg.ac.id ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/var/lock/apache2" mechanism=fcntl Mutex mpm-accept: using_defaults Mutex fcgid-pipe: using_defaults Mutex authdigest-opaque: using_defaults Mutex watchdog-callback: using_defaults Mutex rewrite-map: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex authdigest-client: using_defaults Mutex fcgid-proctbl: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG Define: ENABLE_USR_LIB_CGI_BIN User: name="www-data" id=33 Group: name="www-data" id=33 root@vps:/usr/local/src# and here the /etc/apache2/sites-enabled/000-ispconfig.vhost cointain ###################################################### # This virtual host contains the configuration # for the ISPConfig controlpanel ###################################################### Listen 8080 NameVirtualHost *:8080 <VirtualHost _default_:8080> ServerAdmin webmaster@localhost <Directory /var/www/ispconfig/> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> <Directory /usr/local/ispconfig/interface/web/> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> <IfModule mod_fcgid.c> DocumentRoot /var/www/ispconfig/ SuexecUserGroup ispconfig ispconfig <Directory /var/www/ispconfig/> Options -Indexes +FollowSymLinks +MultiViews +ExecCGI AllowOverride AuthConfig Indexes Limit Options FileInfo <FilesMatch "\.php$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php Require all granted </Directory> IPCCommTimeout 7200 MaxRequestLen 15728640 </IfModule> <IfModule mpm_itk_module> DocumentRoot /usr/local/ispconfig/interface/web/ AssignUserId ispconfig ispconfig AddType application/x-httpd-php .php <Directory /usr/local/ispconfig/interface/web> # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp" Options +FollowSymLinks AllowOverride None Require all granted php_value magic_quotes_gpc 0 </Directory> </IfModule> ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined ServerSignature Off <IfModule mod_security2.c> SecRuleEngine Off </IfModule> # SSL Configuration SSLEngine On SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key SSLProtocol All -SSLv3 # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt # SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-RSA-AES256-SHA256HE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHAES-CBC3-SHA:!DSS SSLHonorCipherOrder On <IfModule mod_headers.c> # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests" Header set X-Content-Type-Options: nosniff Header set X-Frame-Options: SAMEORIGIN Header set X-XSS-Protection: "1; mode=block" Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" <IfVersion >= 2.4.7> Header setifempty Strict-Transport-Security "max-age=15768000" </IfVersion> <IfVersion < 2.4.7> Header set Strict-Transport-Security "max-age=15768000" </IfVersion> RequestHeader unset Proxy early </IfModule> SSLUseStapling On SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors Off </VirtualHost> <IfModule mod_ssl.c> SSLStaplingCache shmcb:/var/run/ocsp(128000) </IfModule> <Directory /var/www/php-cgi-scripts> AllowOverride None Require all denied </Directory> <Directory /var/www/php-fcgi-scripts> AllowOverride None Require all denied </Directory>
Note for future posts, using \[code\] tags makes output more readable. Your default server definition in 000-default.conf is overriding the definition in 000-ispconfig.vhost, so either compare 000-default.conf to 000-ispconfig.vhost to see what is different, or change your setup. Normally you create a default vhost for port 80 and 443, leaving 8080 completely untouched, and managed by ISPConfig. On installations where I want to customize my 000-ispconfig.vhost, I copy apache_ispconfig.vhost.master to the conf-custom folder and make my changes there.
