Roundcubemail - Blank page on vhosts

Discussion in 'Server Operation' started by hfr, Mar 8, 2016.

  1. hfr

    hfr Member

    Hello there,
    I have a strange problem on my newly installed server (perfect server guide centos 7.2 with ispconfig). Generally, the server and the services are working fines. The server has 3 IPv4 adresses (because there are running different domains on that server which all should serve valid ssl/tls certificates).
    I want to provide roundcubemail on all virtualhosts within /webmail. On the first IP / default host roundcubemail works like a charme. On the other two IP adresses, when accessing roundcubemail, just a blank page is being displayed. Apache Errorlog shows nothing, the access log shows a "normal" HTTP 200:

    83.171.159.* - - [08/Mar/2016:21:27:57 +0100] "GET /roundcubemail/index.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"

    (before that I had a open_basedir restriction error which I solved with adding /usr/share/roundcubemail/ to php open_basedir - after that this error was gone).

    I activated the php error_reporting and display_error parameters - but there is nothing in the logs. I also activated the roundcube debug feature and apache LogLevel debug. To be sure /usr/share/roundcubemail/index.php is accessed I temporarily added an echo "test"; to index.php and this is being displayed. So I am sure the php is processed correctly but that seems to lead to a blank page on that two vhosts.
    If there would be at least an error, it would be easier to investigate. I can't find out why it is working on first IP, but on the other two. I also tried to remove the vhost config from IP 2 and 3, but that did not change anything.

    Any ideas?
    Best regards,
  2. Well-Known Member HowtoForge Supporter

    I won't recommend that. Looks like you are running php using mod_php meaning php is executed as the same user ( www-data ) for every domain.
    Adding basedir to open_basedir for every domain also means, every web user might be able to access something like
    config/ ( read out encryption key and database details )
    log files, temporary files and so on.
    You might consider adding a simple (sub) domain like your host server name and setup stuff there using fcgi or php-fpm and restrict access to www-data to that.
    Then you can add a redirect if you want to. But personally, I wouldn't like companies messing arround with things like that, meaning I could never make my own folder "webmail" accessible within my private space.
  3. hfr

    hfr Member

    Thanks for your hints.
    I am just running my own projects on that server. Of course, if I had customers there, I would not set standards like these.

    To be true, I would be happy if I could get it work on IP2 or IP3, but it still only works on IP1 and I would like to understand why.
  4. hfr

    hfr Member

    I don't know why, but deleting the whole open_basedir parameter, which is automatically generated by ispconfig in vhost file, did the trick.

    I just don't understand why. Now that /usr/share/roundcubemail/ is not in open_basedir anymore, why should it work at all?
  5. Well-Known Member HowtoForge Supporter

    To be honest, I've never seen a behaviour like that :/
    And defnitly the path should be in open_basedir ... uhm
    How did you configure the Alias for all websites?
  6. hfr

    hfr Member

    In /etc/httpd/conf.d/roundcubemail.conf
    Addition info: I don't have open_basedir parameter populated in php.ini.
  7. Well-Known Member HowtoForge Supporter

    If open_basedir is not set / empty the restriction is turned off, so everything becomes accessible, which is probably not what you really want.
    Also you set the roundcube path to /usr/share/roundcubemail/ , leave out the last / > /usr/share/roundcubemail

    The value can be set to a really restrictive value in your php.ini which should catch issues with vhosts missing that setting and will get overwritten otherwise.

    Did you try to access roundcube by using http(s)://ip2/webmail and http(s)://ip3/webmail without using a domain name? This can cause issues setting sessions/cookies.

Share This Page