I accidentally posted this under the general linux forum, so I'm trying again here. I did a fresh install of the perfect server using Falko's SUSE12.1 /apache doc and everything seemed to work yesterday. I wanted to add roundcubemail to the setup before adding domains/user accounts. I turned the server off last night and today when I try to access the ISPConfig control panel it does not come up the error is "Website cannot display the page", although my squirrelmail, webmail, roundcubemail, phpmyadmin pages all show up fine. I kind of looked around and it all seems fine to me..but... Any ideas of where or what to look for? There is an error in the /var/log/apache2 error log "Directory index forbidden.... /srv/www/htdocs.." but I can't tell what is generating it.
A little more detail. I did a fresh install, and all seemed to work. I then tried to add Roundcubemail. Right after the install I was still able to get to the control panel, then I rebooted the server and since doing that I cannot get to the control panel. I can run the phpMyAdmin page. I get nothing when I try https://{ip address or full domain name}:8080.. etc. Here is the output of my netstat command: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *op3 *:* LISTEN 2040/dovecot tcp 0 0 localhost:dyna-access *:* LISTEN 1888/clamd tcp 0 0 *:imap *:* LISTEN 2040/dovecot tcp 0 0 *:ftp *:* LISTEN 1942/pure-ftpd (SER tcp 0 0 mail.inlettsyste:domain *:* LISTEN 1923/named tcp 0 0 localhost:domain *:* LISTEN 1923/named tcp 0 0 *:ssh *:* LISTEN 1892/sshd tcp 0 0 *:smtp *:* LISTEN 2148/master tcp 0 0 localhost:953 *:* LISTEN 1923/named tcp 0 0 localhost:10024 *:* LISTEN 2069/amavisd (maste tcp 0 0 localhost:10025 *:* LISTEN 2148/master tcp 0 0 *:mysql *:* LISTEN 1899/mysqld tcp 0 144 mail.inlettsystemsg:ssh 192.168.131.125:56174 ESTABLISHED 3863/0 tcp 0 0 *:http-alt *:* LISTEN 1931/httpd2-prefork tcp 0 0 *:www-http *:* LISTEN 1931/httpd2-prefork tcp 0 0 *:sunproxyadmin *:* LISTEN 1931/httpd2-prefork tcp 0 0 *:ftp *:* LISTEN 1942/pure-ftpd (SER tcp 0 0 *:domain *:* LISTEN 1923/named tcp 0 0 *:ssh *:* LISTEN 1892/sshd tcp 0 0 *:smtp *:* LISTEN 2148/master tcp 0 0 localhost:953 *:* LISTEN 1923/named tcp 0 0 *:https *:* LISTEN 1931/httpd2-prefork and here is the iptables output: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I'm guessing that the roundcubemail install overwrote something in the apache/ispconfig setup but I can't tell what/where. This was the basis of the roundcubemail install (after I downloaded the latest version) Code: zypper install /install/roundcubemail-0.6-4.1.noarch.rpm
A quick update, I removed the roundcube config file from the /etc/apache2/conf.d directory and restarted the server and everything is back to normal, although no roundcube. Here is the config file, I'm no expert so I can't tell what is wrong (this was generated during the roundcube install). Code: # You might want to set up a virtual host for the server, but it is # not a requirement. You can as well reach the server under its # common name under http://your.server.name/roundcube # # NameVirtualHost * # <VirtualHost *> # ServerName your.server.name # DocumentRoot /srv/www/roundcubemail Alias /webmail /srv/www/roundcubemail <IfModule mod_alias.c> Alias /roundcube /srv/www/roundcubemail </IfModule> <IfModule mod_php5.c> # remove the next line to get real UTF-8 support # AddDefaultCharset UTF-8 php_admin_flag display_errors Off php_admin_flag log_errors On php_admin_flag file_uploads on php_admin_value upload_max_filesize 5M php_admin_value error_log logs/errors php_admin_value open_basedir "/srv/www/roundcubemail:/etc/roundcubemail:/tmp" <Directory /srv/www/roundcubemail> <FilesMatch "(\.inc|\~)$|^_"> Order allow,deny Deny from all </FilesMatch> Order deny,allow Allow from all </Directory> <Directory /srv/www/roundcubemail/bin> Order allow,deny Deny from all </Directory> <Directory /srv/www/roundcubemail/config> Order allow,deny Deny from all </Directory> <Directory /srv/www/roundcubemail/logs> Order allow,deny Deny from all </Directory> <Directory /srv/www/roundcubemail/temp> Order allow,deny Deny from all </Directory> </IfModule> # </VirtualHost>
Before you removed roundcube from the config what errors were your getting in your apache error.log, or what errors was /etc/inti.d/apache2 restart giving you?
I stopped the service Code: systemctl stop apache2.service removed the error and access log. copied the original roundcube config file back and then started the service Code: systemctl start apache2.service Here is the error log right after restart: Code: [Fri Dec 09 13:30:03 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Use of uninitialized value $DBI_DUMP in alarm at /usr/local/ispconfig/server/scripts/vlogger line 538. [Fri Dec 09 13:30:03 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Fri Dec 09 13:30:03 2011] [notice] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads. [Fri Dec 09 13:30:03 2011] [notice] mod_python: using mutex_directory /tmp [Fri Dec 09 13:30:03 2011] [notice] Apache/2.2.21 (Linux/SUSE) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_fcgid/2.3.6 DAV/2 mod_ruby/1.3. 0 Ruby/1.8.7(2011-06-30) mod_python/3.3.1 Python/2.7.2 configured -- resuming normal operations Here is the log after I try and go the the control panel using the format Code: https://192.168.132.12:8080 Code: [Fri Dec 09 13:36:51 2011] [error] [client 192.168.131.125] PHP Warning: Unknown: open_basedir restriction in effect. File(/usr/local/isp config/interface/web/index.php) is not within the allowed path(s): (/srv/www/roundcubemail:/etc/roundcubemail:/tmp) in Unknown on line 0 [Fri Dec 09 13:36:51 2011] [error] [client 192.168.131.125] PHP Warning: Unknown: failed to open stream: Operation not permitted in Unkno wn on line 0 [Fri Dec 09 13:36:51 2011] [error] [client 192.168.131.125] PHP Fatal error: Unknown: Failed opening required '/usr/local/ispconfig/inter face/web/index.php' (include_path='.:/usr/share/php5:/usr/share/php5/PEAR') in Unknown on line 0 Here is the additional error in log when I try and login using the roundcube webpage (which comes back with the error "Your session is invalid or expired") Code: http://192.168.132.12/roundcube Code: [Fri Dec 09 13:38:54 2011] [error] [client 192.168.132.1] MDB2 Error: constraint violation (-3): _doQuery: [Error message: Could not execu te statement]\n[Last executed query: EXECUTE mdb2_statement_mysql_292e6f5e074bf45d807990334f86cfaac939ca367 USING @0, @1, @2]\n[Native cod e: 1062]\n[Native message: Duplicate entry '3k6ua0to6i159shosh1r42l4e16i3qn548vbs9f7' for key 'PRIMARY']\n piped log program ' /usr/local/ispconfig/server/scripts/vlogger -s access.log -t "%Y%m%d-access.log" -d "/etc/vlogger-dbi.conf" /var/log/i spconfig/httpd' failed unexpectedly [Fri Dec 09 13:39:08 2011] [error] [client 192.168.132.1] MDB2 Error: constraint violation (-3): _doQuery: [Error message: Could not execu te statement]\n[Last executed query: EXECUTE mdb2_statement_mysql_25fe5903e71cda31e892b9606b0e5c4690c120c13 USING @0, @1, @2]\n[Native cod e: 1062]\n[Native message: Duplicate entry 'drmii1jrk7c8k67hsemo5s6n84sbp7e0mhl60bbk' for key 'PRIMARY']\n, referer: http://192.168.132.12 /roundcube/
Another interesting turn. I noticed in the last log I posted the error: Code: index.php) is not within the allowed path(s): (/srv/www/roundcubemail:/etc/roundcubemail:/tmp So I commented out that line in the roundcubemail.conf file Code: # php_admin_value open_basedir "/srv/www/roundcubemail:/etc/roundcubemail:/tmp" restarted the server and was able to access the control panel again (yeah). the tried to log into mail using roundcube and got the following: Code: [Fri Dec 09 13:45:01 2011] [error] [client ::1] Directory index forbidden by Options directive: /srv/www/htdocs/ [Fri Dec 09 13:45:15 2011] [error] [client 192.168.131.125] PHP Notice: Undefined index: login in /usr/local/ispconfig/interface/lib/classes/plugin.inc.php on line 139, referer: https://192.168.132. 12:8080/ [Fri Dec 09 13:45:18 2011] [error] [client 192.168.131.125] PHP Notice: Undefined index: logout in /usr/local/ispconfig/interface/lib/classes/plugin.inc.php on line 139, referer: https://192.168.132 .12:8080/index.php [Fri Dec 09 13:45:18 2011] [error] [client 192.168.131.125] PHP Notice: Undefined index: site in /usr/local/ispconfig/interface/web/login/logout.php on line 70, referer: https://192.168.132.12:8080/ index.php [Fri Dec 09 13:45:25 2011] [error] [client 192.168.132.1] MDB2 Error: constraint violation (-3): _doQuery: [Error message: Could not execute statement]\n[Last executed query: EXECUTE mdb2_statement_m ysql_244dae9645882d9878a3eeee7cabb57efd188b0c4 USING @0, @1, @2]\n[Native code: 1062]\n[Native message: Duplicate entry '78eih16qjjr79l3u85j4mcbo0396h98malib1c77' for key 'PRIMARY']\n [Fri Dec 09 13:45:36 2011] [error] [client 192.168.132.1] MDB2 Error: constraint violation (-3): _doQuery: [Error message: Could not execute statement]\n[Last executed query: EXECUTE mdb2_statement_m ysql_26c7f9b1821597feb60f1a8f9990b8e5c1b1cdc21 USING @0, @1, @2]\n[Native code: 1062]\n[Native message: Duplicate entry 'jev36g08gmu6m10am2b737tsm61mda2dneoahnam' for key 'PRIMARY']\n, referer: http: //192.168.132.12/roundcube/ Warning: SuexecUserGroup directive requires SUEXEC wrapper. Warning: SuexecUserGroup directive requires SUEXEC wrapper. Warning: SuexecUserGroup directive requires SUEXEC wrapper. Warning: SuexecUserGroup directive requires SUEXEC wrapper. [Fri Dec 09 13:50:02 2011] [error] [client ::1] Directory index forbidden by Options directive: /srv/www/htdocs/ piped log program ' /usr/local/ispconfig/server/scripts/vlogger -s access.log -t "%Y%m%d-access.log" -d "/etc/vlogger-dbi.conf" /var/log/ispconfig/httpd' failed unexpectedly
Your issue with round cube is the open_basedir outside of all virtual host environments. If you want to make it globally /mail/ on all domains get rid of the open_basedir, thats going to mess up everything else. Considering your using a global /mail/ I'm assuming your the only person that has access to this php code, and as long as you trust the roundcube/squirrel/whatnot dev teams, it should be secure. Another option, is create a special domain for your mail.. i typically use mail.domain.tld, and set and make all the Alias & open_basedir's inside of that vhost made.
The PHP Notice's are no big deal. Thats not hurting anything. For the other errors, this is a shot in the dark, but try editing php.ini and changing Code: session.hash_function = sha256 to Code: session.hash_function = 1 or Code: session.hash_function = 0
Funny, got an email from the forum and it had your reply in it which said to change it to "sha1", but on the forum here I see it says to change to either "1" or "0"! I did change it to "sha1" and that seems to work. My goal for this server is just email, no web sites (unless someone else changes my mind ie. the boss!). So I will have a couple different domains on it and I would like one url like "webmail.xxxxxx.xxx" so that I can buy one ssl certificate for it and then just alias each seperate domain to the "master" webmail site. So I'm confused now as to what else I need to do so that the current configuration can be chaned from "https//xxxxx.xxxxxx.xxx:8080/roundcube" to "https://webmail.xxxxxxxx.xxx". I'm new to this who ISPConfig / vhost setup. Thanks for your help.
Ahh.. that was me, I edited it afterwards.. I started to second guess the sha1 setting thinking it would be 1 or 0.. Glad my first guess worked.
