IspConfig + Debian 9 + Nginx 1.12 + MySQL 5.7: "/usr/local/ispconfig/interface/web/index.php" is for

Hi.
I need work on server with latest Nginx 1.12 (installed from original source), MySQL 5.7 (json native support instead fake MariaDB JSON)
After install al system get problem with Ispconfig Admin interface:

Code:

2018/02/12 14:04:30 [error] 710#710: *4 "/usr/local/ispconfig/interface/web/index.php" is forbidden (13: Permission denied), client: 83.51.71.XXX, server: _, request: "GET / HTTP/1.1", host: "kvm693.XXX.XXX:8080"

ispconfig.vhost

Code:

server {
        listen 8080;
        #listen [::]:8080 ipv6only=on;
    ssl on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
        ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
        ssl_prefer_server_ciphers on;

    # redirect to https if accessed with http
    error_page 497 https://$host:8080$request_uri;

        server_name kvm693.tamainut.net;

        root   /usr/local/ispconfig/interface/web/;

        client_max_body_size 20M;

        location / {
               index index.php index.html;
        }

        # serve static files directly
        location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
               access_log        off;
        }

        location ~ \.php$ {
               try_files $uri =404;
               include /etc/nginx/fastcgi_params;
               fastcgi_pass unix:/var/lib/php7.0-fpm/ispconfig.sock;
               fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               #fastcgi_param PATH_INFO $fastcgi_script_name;
               fastcgi_buffer_size 128k;
               fastcgi_buffers 256 4k;
               fastcgi_busy_buffers_size 256k;
               fastcgi_temp_file_write_size 256k;
               fastcgi_read_timeout 1200;
           fastcgi_param HTTP_PROXY "";
        }

        location ~ /\. {
               deny  all;
        }
}

Also try put /usr/local/ispconfig/interface/web/index.html and porblem is same.

Server default work fine with html index.html of ngix. (Not try with php)

 

Thanks for idea. I forget user question.

But you reply for dotdeb... and dotdeb has not repor for "stretch"...

 

The ubuntu sources are 100% compatible with debian stretch, so you can get NGINX 1.13.x with full ALPN and HTTP 2.0 support. I have yet to encounter a bug with this version, been using 1.13.x for over a year already. Here's how to install in Debian 9.x :
Run this to add the apt source:

Code:

sudo bash -c 'cat << EOF >> /etc/apt/sources.list.d/nginx.list
# stretch-backports
deb http://httpredir.debian.org/debian/ stretch-backports main contrib non-free
deb-src http://httpredir.debian.org/debian/ stretch-backports main contrib non-free

# Nginx pre built packages
deb http://nginx.org/packages/mainline/debian/ stretch nginx
deb-src http://nginx.org/packages/mainline/debian/ stretch nginx
EOF'

Since I trust nginx and debian to securely maintain packages, I'll ignore the missing key, for now, and install using;

Code:

apt-get install -t stretch-backports nginx -y --allow-unauthenticated

As soon as the debian main package stream catches up to ubuntu, you can easily switch back to their apt sources.