Perfect debian unable to access ISPConfig control panel

Hi,
Today i am unable to access ISPConfig control panel. Over the years i have installed ISPConfig only twice. I am not able to setup Certbot or any certificate for my websites and it wasn't a problem for accessing ISPConfig, so far.

Today i noticed that i am not able to access the ISPConfig panel on my server.
Browser says:

Code:

The connection has timed out

All other services, are working normally and even same domain is working fine on other port 80
tail apache error.log:

Code:

[Sun May 26 13:57:24.722904 2024] [autoindex:error] [pid 1186:tid 140063362963136] [client 1.2.3.4:52588] AH01276: Cannot serve directory /var/www/apps/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,standard_index.html) found, and server-generated directory index forbidden by Options directive
[Sun May 26 14:09:18.546484 2024] [proxy_fcgi:error] [pid 1186:tid 140063514031808] [client 4.3.2.1:10148] AH01071: Got error 'Primary script unknown'
[Sun May 26 14:31:19.327766 2024] [mpm_event:notice] [pid 1107:tid 140063665059712] AH00492: caught SIGWINCH, shutting down gracefully
[ N 2024-05-26 14:31:19.5259 4805/T1 age/Wat/WatchdogMain.cpp:1377 ]: Starting Passenger watchdog...
[ N 2024-05-26 14:31:19.5618 4808/T1 age/Cor/CoreMain.cpp:1340 ]: Starting Passenger core...
[ N 2024-05-26 14:31:19.5625 4808/T1 age/Cor/CoreMain.cpp:256 ]: Passenger core running in multi-application mode.
[ N 2024-05-26 14:31:19.5692 4808/T1 age/Cor/CoreMain.cpp:1015 ]: Passenger core online, PID 4808
[Sun May 26 14:31:19.589508 2024] [suexec:notice] [pid 4802:tid 140032510748544] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[ N 2024-05-26 14:31:19.6249 4808/T8 age/Cor/CoreMain.cpp:670 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ N 2024-05-26 14:31:19.6250 4808/T1 age/Cor/CoreMain.cpp:1245 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ N 2024-05-26 14:31:19.6258 4808/Ta Ser/Server.h:901 ]: [ApiServer] Freed 0 spare client objects
[ N 2024-05-26 14:31:19.6258 4808/Ta Ser/Server.h:558 ]: [ApiServer] Shutdown finished
[ N 2024-05-26 14:31:19.6258 4808/T8 Ser/Server.h:901 ]: [ServerThr.1] Freed 0 spare client objects
[ N 2024-05-26 14:31:19.6258 4808/T8 Ser/Server.h:558 ]: [ServerThr.1] Shutdown finished
[ N 2024-05-26 14:31:19.7172 4830/T1 age/Wat/WatchdogMain.cpp:1377 ]: Starting Passenger watchdog...
[ N 2024-05-26 14:31:19.7447 4833/T1 age/Cor/CoreMain.cpp:1340 ]: Starting Passenger core...
[ N 2024-05-26 14:31:19.7448 4833/T1 age/Cor/CoreMain.cpp:256 ]: Passenger core running in multi-application mode.
[ N 2024-05-26 14:31:19.7489 4833/T1 age/Cor/CoreMain.cpp:1015 ]: Passenger core online, PID 4833
[Sun May 26 14:31:19.782153 2024] [:notice] [pid 4825:tid 140032510748544] mod_python: Creating 8 session mutexes based on 0 max processes and 25 max threads.
[Sun May 26 14:31:19.782191 2024] [:notice] [pid 4825:tid 140032510748544] mod_python: using mutex_directory /tmp
[Sun May 26 14:31:19.828626 2024] [mpm_event:notice] [pid 4825:tid 140032510748544] AH00489: Apache/2.4.59 (Debian) mod_fcgid/2.3.9 Phusion_Passenger/6.0.17 OpenSSL/3.0.11 mod_python/3.5.0+git20211031.e6458ec Python/3.11.2 mod_perl/2.0.12 Perl/v5.36.0 configured -- resuming normal operations
[Sun May 26 14:31:19.828698 2024] [core:notice] [pid 4825:tid 140032510748544] AH00094: Command line: '/usr/sbin/apache2'
[ N 2024-05-26 14:31:20.1587 4808/T1 age/Cor/TelemetryCollector.h:531 ]: Message from Phusion: End time can not be before or equal to begin time
[ N 2024-05-26 14:31:20.1856 4808/T1 age/Cor/CoreMain.cpp:1325 ]: Passenger core shutdown finished
[ E 2024-05-26 14:31:22.3354 4833/T7 age/Cor/SecurityUpdateChecker.h:521 ]: A security update is available for your version (6.0.17) of Phusion Passenger(R). We strongly recommend upgrading to version 6.0.22.
[ E 2024-05-26 14:31:22.3355 4833/T7 age/Cor/SecurityUpdateChecker.h:526 ]: Additional security update check information:
- [Fixed in 6.0.19] [CVE-2023-38545] A vulnerability existed in libcurl before 8.4.0 which was the library used for Passenger proxy functionality. Exploiting this vulnerability would require two preconditions. First a SOCKS5 proxy to be configured for Passenger licensing, anonymous telemetry, or security update check which is not the default but is possible. Second the attacker would need to cause Passenger to use an attacker-controlled URL when performing these requests. Causing Passenger to use non-standard urls requires that the attacker already have code execution on the Passenger host, or control of the Passenger config. If exploited this vulnerability could lead to code execution, due to buffer overflow.

UFW Status

Code:

8080/tcp (v6) ALLOW Anywhere (V6)
8080/tcp (v6) ALLOW Anywhere (V6)

nc

Code:

nc -z 1.2.3.4 80
example.com [1.2.3.4] 80 (http) open
nc -z 1.2.3.4 8080
example.com [1.2.3.4] 8080 (http-alt) Connection timed out.

How to find which is blocking my request

 

if a firewall or router is the culprit, this could be easily checked using tools like this
https://dnschecker.org/port-scanner.php

I assume it was you doing the restart manually or ispconfig byrequest/update/cron?

Though

is a strong indicator either the firewall does not reject but drop ; the timeout value is set too low in a script and your server has lack of resoureces to response in a timely manner or simple as @till said.

check
netstat -tulpen
and your
ufw status

see this as addition, not OR, the logs for ispconfig / letsencrypt may help finding another possible issue, aswell as tills instructions!

 

attaching the htf_report before starting to crack the issue

 

first glance reaction; firewall looks ok.
however one can assume you have a complete ispconfig setup including amavis or rspamd.
However your lack of resources might start the OOM reaper on needed services.
If you are using a full featured ispconfig with database, clamav and such, aim for 4gb of memory at least for smoother operations.

Does it work for a while after rebooting?
Does
cat /var/log/syslog | grep OOM
or
dmesg | grep OOM
reveal something?

could be an configuration issue with apache / php / execution method of the panel still, but lack of resources is a valid reason too

 

>>> inputs below

if a firewall or router is the culprit, this could be easily checked using tools like this
https://dnschecker.org/port-scanner.php
>>> port 8080 is open as per dnschecker


I assume it was you doing the restart manually or ispconfig byrequest/update/cron?
>>> not sure of this
Though

is a strong indicator either the firewall does not reject but drop ; the timeout value is set too low in a script and your server has lack of resoureces to response in a timely manner or simple as @till said.

check
netstat -tulpen

and your
ufw status i
>>> already posted above and is in allow mode
see this as addition, not OR, the logs for ispconfig / letsencrypt may help finding another possible issue, aswell as tills instructions!
>>> can you specify which file is should check for ispconfig

 

I hope i could solve the LE issues later after fixing http://server1.example.com:8080 issue first

 

no output for dmesg but got this for syslog

Code:

2024-05-26T13:07:03.750906+05:30 server1 clamd[890]: LibClamAV debug:    * Submodule  MYDOOMLOG:#011On
2024-05-26T13:28:17.451882+05:30 server1 clamd[890]: LibClamAV debug:    * Submodule  MYDOOMLOG:#011On
2024-05-26T13:49:13.168792+05:30 server1 clamd[890]: LibClamAV debug:    * Submodule  MYDOOMLOG:#011On
2024-05-26T14:49:43.417357+05:30 server1 clamd[890]: LibClamAV debug:    * Submodule  MYDOOMLOG:#011On

 

An increase in RAM is on the cards, but my server is just a joke running debian (provided by vultr). i have just one client website running, a small website. i am using mail server only for my personal usage. Just got about 4 clients using SSH for running python programs. They are running between 9:15 to 15:30 +5:30 UST
here is the ps output

Code:

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
_rspamd     1380  0.0  4.6 248464 46104 ?        S    13:48   0:06 rspamd: controller process (localhost:11334)
ispconf+   12831  0.0  4.6 317596 46052 ?        Ss   16:42   0:00 /usr/bin/php-cgi -d disable_classes= -d disable_functions= -d magic_quotes_gpc=off -d open_basedir= -d session.save_path=/usr/local/ispconfig/interface/temp
_rspamd     1381  0.0  4.4 247108 43508 ?        S    13:48   0:03 rspamd: normal process (localhost:11333)
root         899  0.1  3.7 659436 36944 ?        Ssl  13:48   0:37 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
mysql       1036  0.0  2.9 1092656 28696 ?       Ssl  13:48   0:16 /usr/sbin/mariadbd
ispconf+   12832  0.0  2.4 317924 24368 ?        S    16:42   0:00 /usr/bin/php-cgi -d disable_classes= -d disable_functions= -d magic_quotes_gpc=off -d open_basedir= -d session.save_path=/usr/local/ispconfig/interface/temp
clamav       890  0.2  2.3 1609032 22992 ?       Ssl  13:48   1:07 /usr/sbin/clamd --foreground=true
root         259  0.0  2.0  82468 19940 ?        Ss   13:48   0:04 /lib/systemd/systemd-journald
ntpsec       966  0.0  1.9  84876 19236 ?        SLs  13:48   0:01 /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec

 

you are right i entered http:// instead of https://
https://server1.example.com:8080 and http://server1.example.com got the same results. however entering
https://server1.example.com i got this on the browser

Code:

=')) { error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED); } else { error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_USER_NOTICE); } break; default: header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); echo 'The application environment is not set correctly.'; exit(1); // EXIT_ERROR } /* *--------------------------------------------------------------- * SYSTEM DIRECTORY NAME *--------------------------------------------------------------- * * This variable must contain the name of your "system" directory. * Set the path if it is not in the same directory as this file. */ $system_path = 'system'; /* *--------------------------------------------------------------- * APPLICATION DIRECTORY NAME *--------------------------------------------------------------- * * If you want this front controller to use a different "application" * directory than the default one you can set its name here. The directory * can also be renamed or relocated anywhere on your server. If you do, * use an absolute (full) server path. * For more info please see the user guide: * * https://codeigniter.com/user_guide/general/managing_apps.html * * NO TRAILING SLASH! */ $application_folder = 'application'; /* *--------------------------------------------------------------- * VIEW DIRECTORY NAME *--------------------------------------------------------------- * * If you want to move the view directory out of the application * directory, set the path to it here. The directory can be renamed * and relocated anywhere on your server. If blank, it will default * to the standard location inside your application directory. * If you do move this, use an absolute (full) server path. * * NO TRAILING SLASH! */ $view_folder = ''; /* * -------------------------------------------------------------------- * DEFAULT CONTROLLER * -------------------------------------------------------------------- * * Normally you will set your default controller in the routes.php file. * You can, however, force a custom routing by hard-coding a * specific controller class/function here. For most applications, you * WILL NOT set your routing here, but it's an option for those * special instances where you might want to override the standard * routing in a specific front controller that shares a common CI installation. * * IMPORTANT: If you set the routing here, NO OTHER controller will be * callable. In essence, this preference limits your application to ONE * specific controller. Leave the function name blank if you need * to call functions dynamically via the URI. * * Un-comment the $routing array below to use this feature */ // The directory name, relative to the "controllers" directory. Leave blank // if your controller is not in a sub-directory within the "controllers" one // $routing['directory'] = ''; // The controller class file name. Example: mycontroller // $routing['controller'] = ''; // The controller function you wish to be called. // $routing['function'] = ''; /* * ------------------------------------------------------------------- * CUSTOM CONFIG VALUES * ------------------------------------------------------------------- * * The $assign_to_config array below will be passed dynamically to the * config class when initialized. This allows you to set custom config * items or override any default config values found in the config.php file. * This can be handy as it permits you to share one application between * multiple front controller files, with each file containing different * config values. * * Un-comment the $assign_to_config array below to use this feature */ // $assign_to_config['name_of_config_item'] = 'value of config item'; // -------------------------------------------------------------------- // END OF USER CONFIGURABLE SETTINGS. DO NOT EDIT BELOW THIS LINE // -------------------------------------------------------------------- /* * --------------------------------------------------------------- * Resolve the system path for increased reliability * --------------------------------------------------------------- */ // Set the current directory correctly for CLI requests if (defined('STDIN')) { chdir(dirname(__FILE__)); } if (($_temp = realpath($system_path)) !== FALSE) { $system_path = $_temp.DIRECTORY_SEPARATOR; } else { // Ensure there's a trailing slash $system_path = strtr( rtrim($system_path, '/\\'), '/\\', DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR ).DIRECTORY_SEPARATOR; } // Is the system path correct? if ( ! is_dir($system_path)) { header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); echo 'Your system folder path does not appear to be set correctly. Please open the following file and correct this: '.pathinfo(__FILE__, PATHINFO_BASENAME); exit(3); // EXIT_CONFIG } /* * ------------------------------------------------------------------- * Now that we know the path, set the main path constants * ------------------------------------------------------------------- */ // The name of THIS file define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME)); // Path to the system directory define('BASEPATH', $system_path); // Path to the front controller (this file) directory define('FCPATH', dirname(__FILE__).DIRECTORY_SEPARATOR); // Name of the "system" directory define('SYSDIR', basename(BASEPATH)); // The path to the "application" directory if (is_dir($application_folder)) { if (($_temp = realpath($application_folder)) !== FALSE) { $application_folder = $_temp; } else { $application_folder = strtr( rtrim($application_folder, '/\\'), '/\\', DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR ); } } elseif (is_dir(BASEPATH.$application_folder.DIRECTORY_SEPARATOR)) { $application_folder = BASEPATH.strtr( trim($application_folder, '/\\'), '/\\', DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR ); } else { header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); echo 'Your application folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF; exit(3); // EXIT_CONFIG } define('APPPATH', $application_folder.DIRECTORY_SEPARATOR); // The path to the "views" directory if ( ! isset($view_folder[0]) && is_dir(APPPATH.'views'.DIRECTORY_SEPARATOR)) { $view_folder = APPPATH.'views'; } elseif (is_dir($view_folder)) { if (($_temp = realpath($view_folder)) !== FALSE) { $view_folder = $_temp; } else { $view_folder = strtr( rtrim($view_folder, '/\\'), '/\\', DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR ); } } elseif (is_dir(APPPATH.$view_folder.DIRECTORY_SEPARATOR)) { $view_folder = APPPATH.strtr( trim($view_folder, '/\\'), '/\\', DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR ); } else { header('HTTP/1.1 503 Service Unavailable.', TRUE, 503); echo 'Your view folder path does not appear to be set correctly. Please open the following file and correct this: '.SELF; exit(3); // EXIT_CONFIG } define('VIEWPATH', $view_folder.DIRECTORY_SEPARATOR); /* * -------------------------------------------------------------------- * LOAD THE BOOTSTRAP FILE * -------------------------------------------------------------------- * * And away we go... */ require_once BASEPATH.'core/CodeIgniter.php'; 

 

you mean this, i am not using their firewall service. hope i am not missing anything, here

 

My assumption would be a misconfigured php configuration for your vhosts.
If this is an older instance or a configuration got disrupted due to lack of resources it could be this
or just a bug a while ago ( or whatever ) and there is a missmatch now.

is running, but is it configured for your ispconfig panel correctly.
This is stuff I'd look for if I had more time but I think @till knows his things much better and could give you the valid pointers. tldr, compare the ispconfig vhost configs and check if paths given makes sense.

Though I guess the error-log should show something if upstream is not available.

If you are not sure if you induced the restat of apache, it's a thing to monitor then.

The OOM you found is not the OOM I was looking for, though it might have been logged a too long
while ago or in other logs. Also ufw spams dmesg unfortunally.

If you can afford some downtime, disable clamav, rspamd and redis if you do not need redis for other things. but clamav alone can lead to more memory consumption than you have, unfortunally.

 

it was not showing when accessing port 8080 but 80 , which is actually another subdomain. so the issue remains. sorry for confusing.

 

i

i can afford to stop all the services, no problems.
i will stop and try again.