We have an existing multi-server setup that has been in place for several years and working well. We need to retire one of the slave (web) servers and replace with new hardware. I am not able to find a How-To for installing ispconfig on a slave for anything newer than older versions of Debian, etc. Too many packages are outdated and difficult to find replacements for when installing apache2.4, php8.1, etc. The auto-installer is not applicable here, as this is not a complete installation of all services and the control panel. Any help?
That's wrong, the auto installer is the right way to install a multiserver system as it is capable of installing just the services you need. See the Multiserver installation guide (which uses the auto installer) and auto installer tutorial (which has a chapter with commandline options to specify in detail what shall be installed): https://www.howtoforge.com/tutorial/ispconfig-multiserver-setup-debian-ubuntu/ https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/ Just to mention it, both guides also work for Ubuntu 22.04.
Thanks, Till. I had read the article in the 2nd link but decided against trying it because it appeared to address installing a new multi-server and not joining an existing config. I could not see where there was an option to select only the required packages. And the instructions are to create the users, but they already exist. Is it safe to simply skip that section because they already exist? I misunderstood the option to restrict packages so that you would end up with a slave server rather than a single server setup. I'll give this a try and run through it, integrating with our current setup. Thank you
I ran the installer in expert mode but never received a root password, as mentioned in the article. The installer quit after trying to connect to the master's db. I accessed the slave mariadb with root and no password, which it accepted, and found none of the databases were created. After setting a root passwd, I reran the instaler, again in expert mode and it failed again with the following errors: WARNING: Forcing protocol to TCP due to option specification. Please explicitly state intended protocol. ERROR 1698 (28000): Access denied for user 'root'@'localhost' ERROR: Unable to load SQL-Dump into database table. [INFO] Adding PHP version(s) to ISPConfig. [ERROR] Exception occurred: ISPConfigOSException -> Could not read ISPConfig settings file. (/ispconfig.ai.php:15) I logged iin to mariadb again, this time with the local root/passwd and found the slave databases had been created but can't get past this point. Should root@localhost be sent for auth? I would have assumed it would be either root@servername or root@ipaddr. I any event I've not been able to find info on the errors that applies to ISPConfig
Did you set mysql permission in your master server for your new server to access it which is mentioned in the first part of the tutorial?
yes, I created the accounts for root@servername and root@ipaddr on the master and can remotely log in to the master db from the slave.
There are two mysql root login involved. First, the mysql root login at master server which you must add before starting to install the slave node. You should know that password as you added the user with permission to access from the slave node right before you install the slave. Then there is the MySQL root password on the slave node itself, the installer always sows it in expert mode. The error message you posted shows that you entered a wrong MySQl root password for the slave node.
Thanks, Till. I neglected to change the provided password on the second go around. I reran the installer and it completed.
I created the new webserver using the auto installer (thanks, again, Till), but I'm running into a couple of issues. I do not know if they're a result of adding the new server or if they are pre-existing that I hadn't run into before. I have a separate db server for site databases. Before moving the first site to the new sever, I attempted to add the new server 's IP to the database (Sites | Databases |site database) but I receive an error when trying add, delete or change the IP. The error message is: The Server can not be changed. Because I cannot change the IP, the site is loading only static pages. I can access the database through remote mysql using the same credentials, but it fails when loading the site. The other issue I'm seeing is that I cannot specify the PHP Version for the site. Only Default is listed for the site under (Sites | Website | Domain). The auto installer automatically installed php 5.6 - 8.3 with 8.1 as the default. Running update-alternatives --config php lists all versions mentioned with 8.1 as the default. I added php 7.4 to the specific website under System | Additional PHP Versions. I followed: How to install PHP 5.6 and 7.0 - 8.2 with PHP-FPM and FastCGI mode for ISPConfig 3.2 with apt on Ubuntu 18.04 - 22.04 to add the php versions. but I cannot change the version in the cp for the site. Any recommendations? I've not found anything when searching the forums other that addresses either of these issues specifically. From the htf_report. Note: even though UFW is reporting open ports, UFW is disabled. We rely on our edge devices for security. Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 22.04.3 LTS [INFO] uptime: 16:20:16 up 20:02, 4 users, load average: 0.01, 0.02, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 7.7Gi 2.0Gi 4.4Gi 66Mi 1.3Gi 5.4Gi Swap: 4.0Gi 0B 4.0Gi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION ● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate LOAD = Reflects whether the unit definition was properly loaded. ACTIVE = The high-level unit activation state, i.e. generalization of SUB. SUB = The low-level unit activation state, values depend on unit type. 1 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.11p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 8.1.27 [INFO] php-cgi (used for cgi php in default vhost!) is version 8.1.27 ##### PORT CHECK ##### [WARN] Port 8080 (ISPConfig) seems NOT to be listening [WARN] Port 143 (IMAP server) seems NOT to be listening [WARN] Port 993 (IMAP server SSL) seems NOT to be listening [WARN] Port 110 (POP3 server) seems NOT to be listening [WARN] Port 995 (POP3 server SSL) seems NOT to be listening [WARN] Port 465 (SMTP server SSL) seems NOT to be listening ##### MAIL SERVER CHECK ##### [WARN] I found no "submission" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this. [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 9302) [INFO] I found the following mail server(s): Postfix (PID 1777) [WARN] I could not determine which pop3 server is running. [WARN] I could not determine which imap server is running. [INFO] I found the following ftp server(s): PureFTP (PID 1475) ##### LISTENING PORTS ##### (only () Local (Address) ***.***.***.***:53 (673/systemd-resolve) [localhost]:953 (802/named) [anywhere]:3306 (838/mariadbd) [localhost]:25 (1777/master) [localhost]:53 (802/named) [localhost]:11211 (694/memcached) ***.***.***.***:53 (802/named) [anywhere]:21 (1475/pure-ftpd) [anywhere]:22 (789/sshd:) *:*:*:*::*:3306 (838/mariadbd) *:*:*:*::**:*:*:*::*53 (802/named) *:*:*:*::*:8081 (9302/apache2) *:*:*:*::*:443 (9302/apache2) *:*:*:*::*:80 (9302/apache2) *:*:*:*::*:25 (1777/master) *:*:*:*::*:21 (1475/pure-ftpd) *:*:*:*::*:22 (789/sshd:) *:*:*:*::*:53 (802/named) *:*:*:*::*:953 (802/named) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- ***.***.***.***/24 [anywhere]/0 tcp dpt:3306 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
Did you add new server to the existing ISPConfig multiserver cluster? Successfully? When moving website and it's database to new server, I believe you must create new database, database user and website on that new server, then copy database dump and website files there.
Thanks for the reply Taleman. Yes, the new webserver joined the cluster without any known issues. Replication has been successful with any changes that occur. The databases are not being moved - there's a dedicated db server. When trying to change the allowed IP of the new webserver to the database in the control panel, I receive the error "The Server can not be changed." I have not been able to find any info in any of the logs on the control panel or the db server, although I would not expect there would be anything on the db server.
I'm not sure what you do when you get that error message, but there is this previous discussion (found by Internet Search engines using the error message): https://forum.howtoforge.com/threads/moving-user-databases.91050/
In the CP, Sites | Databases, click the database and the very last field allows you to enter the IPs that are allowed to access the database. If I try to enter an additional IP, delete the one that's there, or replace the existing IP, it throws the error. I did read the same article, but I am not moving the database. It remains on the dedicated database server. I just need to allow the new server to access it, which I can do using mysql from the CLI using the credentials stored for mysql on the new server. But it appears the webserver is blocked because the IP is not allowed. If I remove the database and recreate it, it would be on the same server, so I don't believe it necessary to go through the exercise. Is it really necessary to blow away the existing db and recreate it?
The error message is not about the IP address allowed to access the database at all. The error means that you try to change the server of the database, which is not permitted as you can't move a database from one system to another. So what you are doing and what triggers the message is that you try to change the value of the server select field of the database. If you did not altered it, then you maybe disabled the original server where the database is on so that it is not available anymore in the select field which will also trigger this message.
Thanks for the response. Please forgive me, as I am not understanding all that is going on. So far, what I've done has been, based on one of your other posts, was to delete the site on the existing server (leaving the database intact), recreate the site on the new server, specifying the database. Because it would not come online, I deleted it and recreated it again on the old server. It is now online. The field for the IP states: Remote Access IPs (separate by , and leave blank for any) I assumed that would allow changes to servers capable of connecting to the db. If I try to change the webserver listed under Sites | Database | Site, I also receive the error. Do I need to delete and recreate both the site and database, even though the database does not move with the site and would be restored to the same server? All the credentials were duplicated when I moved the site files. Am i understanding that it's not possible to connect a website from a new webserver to the exisitng db and that both must be recreated?
The database has a field server, and the error message you get occurs when you change the field's value; the IP address field you change does not matter for this. So you either selected a different server there (which means you try to move the database to a different server, which you can't) or you disabled the server the database resides on, so it is not listed anymore in the server select field. The internal logic behind that is really simple, you have a list of servers, each server has a unique id (number) named server_id, the master with the GUI is always 1, and every slave node you add gets a new ID like 2, 3 etc. Each item that resides on a server like a website or a database or a DNS zone has a server_id field to identify on which server it is located. This server_id is what's behind the select field labeled with 'Server' that you find e.g. in the database settings. The error message that you get occurs when you e.g. try to change server_id from 2 to 3, means you try to instruct the system to move a database from one computer to a different one, but that#s not possible and therefore the system tells you that you can not change the server. I outlined already possible reasons: either you selected a different server in that field, or the database was originally on e.g. server 2, but you disabled databases for server 2, so server 2 is not available anymore and the server select field lists only server 3, so when you now alter the IP address and only server 3 is in the server list but the database is on server 2, then this is an attempt to change the server and you must therefore get that error. The solution for this case is to take care that you enable databases again for the server that the database resides on. No, just do not change the server of the database. You might want to contact Thom from ISPConfig business support here: https://www.ispconfig.org/get-support/?type=ispconfig if you need help by remote login.
