can't access webmail and website after fresh installation

Discussion in 'Installation/Configuration' started by termik, May 20, 2021.

  1. termik

    termik New Member

    Hi guys,
    I managed to install ISPCongif 3 on AWS EC2 instance. Have chosen Nginx. This is my first experience with Linux, so it was quite hard for me.

    However, I am quite stuck now.
    What works:
    - webui on server.example.com:8080
    - mail on example.com configured under email client (with Dkim, sfp, SpamAssassin etc.)
    - ftp user login

    What doesn't work:
    - accessing the default page of the website by typing example.com (ISPconfig is on server.example.com) (however, on the ftp account I see all files)
    - webmail example.com/webmail or /roundcube simply doesn't work.
    - awstats also, probably for the same reason that the above do not work

    My security group on AWS inbound all TCP traffic, ISPConfig firewall also has 443 pasted, but still, can't access website/webmail/stats.

    My info:
    Ubuntu 20.04.2 LTS
    PHP 7.4.18
    nginx

    Here is ISPConfig report:
    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Ubuntu 20.04.2 LTS
     
    [INFO] uptime:  14:16:17 up  5:47,  1 user,  load average: 0.00, 0.00, 0.00
     
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:          1.9Gi       542Mi       604Mi        47Mi       808Mi       1.2Gi
    Swap:            0B          0B          0B
     
    [INFO] systemd failed services status:
      UNIT                                           LOAD   ACTIVE SUB    DESCRIPTION                                       
                
    ● clamav-daemon.service                          loaded failed failed Clam AntiVirus userspace daemon                   
                
    ● quotaon.service                                loaded failed failed Enable File System Quotas                         
                
    ● snap.amazon-ssm-agent.amazon-ssm-agent.service loaded failed failed Service for snap application amazon-ssm-agent.amaz
    on-ssm-agent
    ● snap.lxd.activate.service                      loaded failed failed Service for snap application lxd.activate         
                
    
    LOAD   = Reflects whether the unit definition was properly loaded.
    ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
    SUB    = The low-level unit activation state, values depend on unit type.
    
    4 loaded units listed.
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.4
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.4.18
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.18
    
    ##### PORT CHECK #####
    
    [WARN] Port 443 (Webserver SSL) seems NOT to be listening
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
        Unknown process (nginx:) (PID 22764)
    [INFO] I found the following mail server(s):
        Postfix (PID 1428)
    [INFO] I found the following pop3 server(s):
        Dovecot (PID 375)
    [INFO] I found the following imap server(s):
        Dovecot (PID 375)
    [INFO] I found the following ftp server(s):
        PureFTP (PID 21574)
    
    ##### LISTENING PORTS #####
    (only        ()
    Local        (Address)
    [anywhere]:995        (375/dovecot)
    [localhost]:11332        (412/rspamd:)
    [localhost]:11333        (412/rspamd:)
    [localhost]:11334        (412/rspamd:)
    [localhost]:10023        (823/postgrey)
    [anywhere]:587        (1428/master)
    [localhost]:6379        (618/redis-server)
    [localhost]:11211        (385/memcached)
    [anywhere]:110        (375/dovecot)
    [anywhere]:143        (375/dovecot)
    [anywhere]:80        (22764/nginx:)
    [anywhere]:8080        (22764/nginx:)
    [anywhere]:8081        (22764/nginx:)
    [anywhere]:465        (1428/master)
    [anywhere]:21        (21574/pure-ftpd)
    ***.***.***.***:53        (386/named)
    [localhost]:53        (386/named)
    ***.***.***.***:53        (333/systemd-resolve)
    [anywhere]:22        (870/sshd:)
    [anywhere]:25        (1428/master)
    [localhost]:953        (386/named)
    [anywhere]:4190        (375/dovecot)
    [anywhere]:993        (375/dovecot)
    *:*:*:*::*:995        (375/dovecot)
    *:*:*:*::*:3306        (636/mysqld)
    *:*:*:*::*:587        (1428/master)
    *:*:*:*::*:6379        (618/redis-server)
    [localhost]10        (375/dovecot)
    [localhost]43        (375/dovecot)
    *:*:*:*::*:80        (22764/nginx:)
    *:*:*:*::*:8080        (22764/nginx:)
    *:*:*:*::*:8081        (22764/nginx:)
    *:*:*:*::*:465        (1428/master)
    *:*:*:*::*:21        (21574/pure-ftpd)
    *:*:*:*::**:*:*:*::*53        (386/named)
    *:*:*:*::*:53        (386/named)
    *:*:*:*::*:22        (870/sshd:)
    *:*:*:*::*:25        (1428/master)
    *:*:*:*::*:953        (386/named)
    *:*:*:*::*:4190        (375/dovecot)
    *:*:*:*::*:993        (375/dovecot)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination         
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW BLOCK] "
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW ALLOW] "
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix
     "[UFW BLOCK] "
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination         
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination         
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:20
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:10000
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:3306
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix
    "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination         
    
    
    
    
    ##### LET'S ENCRYPT #####
    acme.sh is installed in /root/.acme.sh/acme.sh
    
    

    Thank you for your help.
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Which guide did you follow to install your server?
     
  3. termik

    termik New Member

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Th0m likes this.
  5. termik

    termik New Member

    Https doesn't work. However, on http it redirects me to https server.example.com:8081/squirrelmail and displays this:
    Code:
    CONFIGURATION ERROR
    config.inc.php was not found.
    Please read the INSTALL instructions!
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Did the installer finish without warnings?
     
  7. termik

    termik New Member

    Okay, I solved the problem with Roundcube by changing the permissions as advised here: https://www.howtoforge.com/communit...-debian-8-6-nginx-problems.77009/#post-363937
    Code:
    chown root:ispapps /etc/roundcube/debian-db.php
    chmod 640 /etc/roundcube/debian-db.php
    chown root:ispapps /etc/roundcube/config.inc.php
    chmod 640 /etc/roundcube/config.inc.php
    chown -R ispapps:adm /var/log/roundcube
    chmod -R 750 /var/log/roundcube
    chown -R ispapps:ispapps /var/lib/roundcube/temp
    chmod -R 750 /var/lib/roundcube/temp
    However, website on Nginx is still, of course, unreachable. Could this also be the problem with permissions? FYI, I installed ISPConfig on clean Ubuntu of course.
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Have you created a website in ISPConfig panel?
    From your messate #1:
    I think there is no default page in the way you seem to assume.
    Both Apache and nginx show the first page in alphabetic order if no more specific page exists. So that is in a way "default page". I create website 0000aaaa.site for this purpose, and add index.html that explains why user ended on that page.
     
  9. termik

    termik New Member

    I did. Created a website in the panel. There is a small anchor button that links to http://example.com. I mentioned .html file that is in the web directory after creating website from panel (it's name is standard_index.html). I can access it through FTP of course, but can't through web browser.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Does this domain name point to the correct server IP address in DNS?
     
  11. termik

    termik New Member

    example.com points to elastic IP static address
    mail.example.com points to elastic IP static address
    server.example.com points to elastic IP static address
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, and you created a website for 'example.com' in ISPConfig, right? What do you get exactly in the web browser when you enter http://example.com ?
     
  13. termik

    termik New Member

    Okay, now it works! The DNS must have been propagating for longer than 48h. However, SSL certificate is recognized by Safari and Chrome as "not valid". Is there a way to fix that? Probably worth mentioning, before, I had on this domain let's encrypt certificate and now, maybe because of slight difference in credentials, the browsers mark this as "not valid"?

    Thank you so much for your help. I understand if my problem with SSL is out of the scope of original problem and you may not help here.

    @Edit
    SSL checker prints this:
    Code:
    We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that:
    
    The web site does not use SSL, but shares an IP address with some other site that does.
    The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
    The web site uses a content delivery network (CDN) that does not support SSL.
    The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
     
    Last edited: May 21, 2021
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    You can not have a LE cert when domain was not pointing to the server at the time you created the site.

    Go to website settings, check on SSL tab that you did not created a SSL cert there. if you created a cert there, delete it by using certificate delete action and then press save. Then go back to the first tab of the website, enable Let#s encrypt and SSL checkbox and press save. Then wait a few minutes until the LE cert has been issued and the website is reconfigured.
     
  15. termik

    termik New Member

    Everything seems to be working now, at least online tools shows no errors or warnings and certificate is issued by LE.

    However, I discovered another problem when trying to add email to Apple Mail iPhone client. It couldn't obtain an SSL connection, so when I checked mail server SSL with this tool https://ssl-tools.net/mailservers/ I got:
    Hostname: mail.example.com
    IP Address: <static IP address>
    Priority: 10
    STARTTLS: supported
    Certificates: server.example.com

    Which results in "hostname mismatch". What I did wrong, that my certificate at my mailserver points to server hostname? (btw. outgoing mails pass the tests)

    Thank you for your help!
     
  16. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    termik likes this.
  17. termik

    termik New Member

Share This Page