Hello there, I have a strange problem on my newly installed server (perfect server guide centos 7.2 with ispconfig). Generally, the server and the services are working fines. The server has 3 IPv4 adresses (because there are running different domains on that server which all should serve valid ssl/tls certificates). I want to provide roundcubemail on all virtualhosts within /webmail. On the first IP / default host roundcubemail works like a charme. On the other two IP adresses, when accessing roundcubemail, just a blank page is being displayed. Apache Errorlog shows nothing, the access log shows a "normal" HTTP 200: 83.171.159.* - - [08/Mar/2016:21:27:57 +0100] "GET /roundcubemail/index.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" (before that I had a open_basedir restriction error which I solved with adding /usr/share/roundcubemail/ to php open_basedir - after that this error was gone). I activated the php error_reporting and display_error parameters - but there is nothing in the logs. I also activated the roundcube debug feature and apache LogLevel debug. To be sure /usr/share/roundcubemail/index.php is accessed I temporarily added an echo "test"; to index.php and this is being displayed. So I am sure the php is processed correctly but that seems to lead to a blank page on that two vhosts. If there would be at least an error, it would be easier to investigate. I can't find out why it is working on first IP, but on the other two. I also tried to remove the vhost config from IP 2 and 3, but that did not change anything. Any ideas? Best regards, Hans
I won't recommend that. Looks like you are running php using mod_php meaning php is executed as the same user ( www-data ) for every domain. Adding basedir to open_basedir for every domain also means, every web user might be able to access something like config/config.inc.php ( read out encryption key and database details ) log files, temporary files and so on. You might consider adding a simple (sub) domain like your host server name and setup stuff there using fcgi or php-fpm and restrict access to www-data to that. Then you can add a redirect if you want to. But personally, I wouldn't like companies messing arround with things like that, meaning I could never make my own folder "webmail" accessible within my private space.
Thanks for your hints. I am just running my own projects on that server. Of course, if I had customers there, I would not set standards like these. To be true, I would be happy if I could get it work on IP2 or IP3, but it still only works on IP1 and I would like to understand why.
I don't know why, but deleting the whole open_basedir parameter, which is automatically generated by ispconfig in vhost file, did the trick. I just don't understand why. Now that /usr/share/roundcubemail/ is not in open_basedir anymore, why should it work at all?
To be honest, I've never seen a behaviour like that :/ And defnitly the path should be in open_basedir ... uhm How did you configure the Alias for all websites?
In /etc/httpd/conf.d/roundcubemail.conf Addition info: I don't have open_basedir parameter populated in php.ini.
If open_basedir is not set / empty the restriction is turned off, so everything becomes accessible, which is probably not what you really want. Also you set the roundcube path to /usr/share/roundcubemail/ , leave out the last / > /usr/share/roundcubemail The value can be set to a really restrictive value in your php.ini which should catch issues with vhosts missing that setting and will get overwritten otherwise. Did you try to access roundcube by using http(s)://ip2/webmail and http(s)://ip3/webmail without using a domain name? This can cause issues setting sessions/cookies.
