Perfect Server with ISPConfig - 502 Gateway Error with Roundcube

Discussion in 'ISPConfig 3 Priority Support' started by tyzenker, Dec 16, 2016.

Page 2 of 2
  1. till

    till Super Moderator Staff Member ISPConfig Developer

    The file should not have world read permissions.

    Please run this command and post the output:

    grep isp /etc/group
     
    till, Dec 20, 2016
    #21
  2. tyzenker

    tyzenker Member HowtoForge Supporter

    After playing around with Roundcube settings, below are the ONLY settings that I've been able to get it to work. Both files need these permissions to get it to work.

    debian-db.php

    upload_2016-12-20_2-55-10.png

    config.inc.php

    upload_2016-12-20_2-55-46.png

    After running your command, "grep isp /etc/group", below is the output that I received.

    ispapps:x:5003:www-data
    ispconfig:x:5004:www-data

    I know that I shouldn't have world read permissions on the server for Roundcube.
    Do you have any idea what is going on?
     
    tyzenker, Dec 20, 2016
    #22
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    That's ok. The question is what user is running roundcube on your server, I have all the perfect server guides here and all of them that include roundcube are working fine without the need of a permissin change. here are e.g. the permissions from the latest debian nginx server:

    root@server1:/etc/roundcube# ls -la
    total 96
    drwxr-xr-x 3 root root 4096 Dec 9 06:24 .
    drwxr-xr-x 119 root root 12288 Dec 9 16:58 ..
    -rw-r--r-- 1 root root 1240 Dec 7 04:12 apache.conf
    -rw-r----- 1 root www-data 3582 Dec 8 05:12 config.inc.php
    -rw-r----- 1 root www-data 546 Dec 8 05:11 debian-db.php
    -rw-r--r-- 1 root root 373 Dec 7 04:12 debian-db-roundcube.php
    -rw-r--r-- 1 root root 49062 Dec 7 05:15 defaults.inc.php
    -rw-r--r-- 1 root root 1743 Dec 7 05:16 htaccess
    -rw-r--r-- 1 root root 491 Dec 7 04:12 lighttpd.conf
    -rw-r--r-- 1 root root 2815 Apr 17 2016 mimetypes.php
    drwxr-xr-x 15 root root 4096 Dec 8 05:11 plugins

    which are the permissions that don't work for you. This means that roundcube is not run by the www-data group on your system and not by the ispapps group.

    and you are sure that you try to access RoundCube trough port 8081 and not trough port 80 or 443? And you are sure that you did not try to install nginx from another source like the nginx repository instead of the ubuntu repository as the ones from nginx run under a wrong user "nginx" and not the ubuntu user www-data?
     
    till, Dec 20, 2016
    #23
  4. tyzenker

    tyzenker Member HowtoForge Supporter

    I just went to another computer and tried to access the server online. Something weird happened.

    1) On Another Computer
    On another computer, when I type in a domain hosted on the server to access webmail, I get a configuration error again.

    upload_2016-12-20_17-12-25.png

    When I type in the server name to access webmail, it works with the read permissions.

    upload_2016-12-20_17-13-38.png

    2) On the Server itself
    On the server itself, when I type in the domain name hosted on that computer, it gives me Roundcube access.
    upload_2016-12-20_17-16-8.png

    It almost appears as if I am being blocked from outside the Server. Maybe it is a security issue?

    To answer your questions, all the commands I typed to install Round Cube, came from your Perfect Server Guides. I listed the guides earlier in this post. The guides are two Perfect Server Guides and the one below:

    https://www.howtoforge.com/using-roundcube-webmail-with-ispconfig-3-on-debian-wheezy-nginx

    I've tried two different ways to install it from different instructions that you offered. The two sets in your guides are:

    apt-get install roundcube roundcube-core roundcube-mysql roundcube-plugins
    apt-get install roundcube roundcube-plugins roundcube-plugins-extra

    Does it make a difference which one that I use?

    Right now I am going to go through the permissions you gave me. Give me 10 minutes.
     
    tyzenker, Dec 20, 2016
    #24
  5. tyzenker

    tyzenker Member HowtoForge Supporter

    Is it too late for me to just uninstall Roundcube and then re-install it? Would it mess up the rest of my ISPConfig settings for Nginx, Web Sites, MySQL, and other things already installed on my server?

    Then you could just give me instructions on how to re-install it? There are too many variations in your guides about how to install Roundcube.
     
    tyzenker, Dec 20, 2016
    #25
  6. tyzenker

    tyzenker Member HowtoForge Supporter

    All my default settings match up with yours exactly. You can see in the picture below that it matches up with your permissions.

    upload_2016-12-20_3-47-31.png

    1) If I want to get Roundcube to work on the server itself (localhost), I have to give "Other Access: Read Only" to config.inc.php and debian-db.php.

    2) If I want to get Roundcube to work outside the Server (on the internet), I have to give "Other Access: Read and Write" to config.inc.php and debian-db.php.

    So, that's a perfect description of my problem.
     
    tyzenker, Dec 20, 2016
    #26
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The apps vhost where you can access RoundCube to is a vhost for the server name on port 8181. If you use a different domain name then it can happen that a different vhost which runs under a different user is used to access roundcube and then the permissions for the files can not match anymore.

    If I see your examples correctly, then roundcube works fine when you access it trough the server name (hostname) on port 8081, right?
     
    till, Dec 20, 2016
    #27
  8. tyzenker

    tyzenker Member HowtoForge Supporter

    Last edited: Dec 20, 2016
    tyzenker, Dec 20, 2016
    #28
  9. tyzenker

    tyzenker Member HowtoForge Supporter

    Just to be more clear... it only works when I change the permissions on config.inc.php and debian-db.php to "Other Access: Read and Write" (Internet Access) or "Other Access: Read Only" (Localhost Access).
     
    tyzenker, Dec 20, 2016
    #29
  10. tyzenker

    tyzenker Member HowtoForge Supporter

    Any ideas on how this problem can be solved?
     
    tyzenker, Dec 22, 2016
    #30
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    you can e.g. create a php file like this:

    <?php
    touch('/tmp/test.txt');
    ?>

    and put that in the roundcube document rot, that should be /usr/share/roundcube/ if I remember correctly. Then open the url to that file in a browser, you should see a white page. Then check which user owns the file /tmp/test.txt on your server as this is the user that runs your roundcube php and then change the config and db file from roundcube to that user.
     
    till, Dec 22, 2016
    #31
  12. tyzenker

    tyzenker Member HowtoForge Supporter

    Okay, I will try in a few hours.
     
    tyzenker, Dec 22, 2016
    #32
  13. tyzenker

    tyzenker Member HowtoForge Supporter

    I ran the test that you recommended. The results are as follows:

    upload_2016-12-22_11-52-52.png

    So, are you recommending that I change the settings of the config.inc.php and debian-db.php files to "ispapps" for "Owner" and "Group" ?
     
    tyzenker, Dec 22, 2016
    #33
  14. tyzenker

    tyzenker Member HowtoForge Supporter

    I changed the settings of the config.inc.php and debian-db.php files to "ispapps" for "Owner" and "Group". The new settings are below:

    upload_2016-12-22_12-2-52.png

    upload_2016-12-22_12-3-23.png

    After I did that, the Roundcube webmail is coming up for the server and on the other computers (within my network). I didn't test it on the Internet yet, but on my network, it appears to be working. As you can see below:

    upload_2016-12-22_12-5-24.png

    Your suggestion seems to be working. However, will this always work in the future? Will this be a safe setup to use once I put the Mail Server online for the public?
     
    tyzenker, Dec 22, 2016
    #34
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, that should work.
     
    till, Dec 23, 2016
    #35
  16. luigi mangili

    luigi mangili New Member

    it's the same also for me. Ispconfig modification of section "server config" causes a change in permission of config.inc.php and debian-db.php . only if you change them with chown www-data:www-data and chmod 755 everithing restarts
     
    luigi mangili, May 8, 2017
    #36
  17. luigi mangili

    luigi mangili New Member

    perfect with config.inc.php and debian-db.php:
    chown ispapps:ispapps
    and
    chmod 604
    Bye and thank you so much
     
    luigi mangili, May 8, 2017
    #37
Page 2 of 2

Share This Page