[SOLVED] ISPConfig3 Control Panel gives 502 error after upgrade

Discussion in 'Installation/Configuration' started by zenny, Jan 26, 2022.

  1. zenny

    zenny Member

    Hi,

    I just upgraded the ISPConfig3 to the latest version (v3.2.7p1) in Debian buster
    Code:
    # lsb_release -a
    No LSB modules are available.
    Distributor ID: Debian
    Description:    Debian GNU/Linux 10 (buster)
    Release:        10
    Codename:       buster
    and encountered with `nginx` connection to `php7.3-fpm` as it appears:

    Code:
    2022/01/26 10:10:41 [crit] 21467#21467: *4 connect() to unix:/var/lib/php7.3-fpm/ispconfig.sock failed (13: Permission denied) while connecting to upstream, client: ::1, server: _, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/lib/php7.3-fpm/ispconfig.sock:", host: "localhost:8080"
    I have tried with `ispconfig_update.sh --force' and allowed to `Reconfigure Services' with no go.

    In the server `nginx` is running and there are not errors:

    Code:
    # sytemctl status nginx
    -bash: sytemctl: command not found
    root@server3:~# systemctl status nginx
    ● nginx.service - nginx - high performance web server
       Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
       Active: active (running) since Wed 2022-01-26 10:09:39 CET; 11min ago
         Docs: https://nginx.org/en/docs/
      Process: 21465 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, stat
     Main PID: 21466 (nginx)
        Tasks: 3 (limit: 4664)
       Memory: 17.6M
       CGroup: /system.slice/nginx.service
               ├─21466 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
               ├─21467 nginx: worker process
               └─21468 nginx: worker process
    
    Jan 26 10:09:39 server3 systemd[1]: Starting nginx - high performance web server...
    Jan 26 10:09:39 server3 systemd[1]: nginx.service: Can't open PID file /run/nginx.pid
    Jan 26 10:09:39 server3 systemd[1]: Started nginx - high performance web server.
    `php7.3-fpm` is running without any issues:

    Code:
    # systemctl status php7.3-fpm
    ● php7.3-fpm.service - The PHP 7.3 FastCGI Process Manager
       Loaded: loaded (/lib/systemd/system/php7.3-fpm.service; enabled; vendor preset: ena
       Active: active (running) since Wed 2022-01-26 10:09:52 CET; 13min ago
         Docs: man:php-fpm7.3(8)
      Process: 21484 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php
     Main PID: 21477 (php-fpm7.3)
       Status: "Processes active: 0, idle: 6, Requests: 0, slow: 0, Traffic: 0req/sec"
        Tasks: 7 (limit: 4664)
       Memory: 20.0M
       CGroup: /system.slice/php7.3-fpm.service
               ├─21477 php-fpm: master process (/etc/php/7.3/fpm/php-fpm.conf)
               ├─21478 php-fpm: pool apps-{fpm_domain}
               ├─21479 php-fpm: pool apps-{fpm_domain}
               ├─21480 php-fpm: pool ispconfig
               ├─21481 php-fpm: pool ispconfig
               ├─21482 php-fpm: pool www
               └─21483 php-fpm: pool www
    
    Jan 26 10:09:51 server3 systemd[1]: Starting The PHP 7.3 FastCGI Process Manager...
    Jan 26 10:09:52 server3 systemd[1]: Started The PHP 7.3 FastCGI Process Manager.
    lines 1-20/20 (END)
    No changes were made to `/etc/php/7.3/fpm/pool.d/www.conf`

    Code:
    ; Start a new pool named 'www'.
    ; the variable $pool can be used in any directive and will be replaced by the
    ; pool name ('www' here)
    [www]
    
    ; Per pool prefix
    ; It only applies on the following directives:
    ; - 'access.log'
    ; - 'slowlog'
    ; - 'listen' (unixsocket)
    ; - 'chroot'
    ; - 'chdir'
    ; - 'php_values'
    ; - 'php_admin_valuep 
    `/etc/php/7.3/fpm/pool.d/ispconfig.conf` is also untouched:

    Code:
    [ispconfig]
    
    listen = /var/lib/php7.3-fpm/ispconfig.sock
    listen.owner = ispconfig
    listen.group = ispconfig
    listen.mode = 0660
    
    user = ispconfig
    group = ispconfig
    
    pm = dynamic
    pm.max_children = 500
    pm.start_servers = 2
    pm.min_spare_servers = 1
    pm.max_spare_servers = 5
    
    chdir = /
    
    ; php_admin_value[open_basedir] = /usr/local/ispconfig/interface:/usr/local/ispconfig/security:/usr/share:/var/lib/roundcube:/etc/roundcube:/usr/share/roundcube
    php_admin_value[session.save_path] = /usr/local/ispconfig/interface/temp
    php_admin_flag[magic_quotes_gpc] = off
    
    php_admin_value[memory_limit] = -1
    php_admin_value[max_execution_time] = 1200
    php has been defaulted to v7.3 for Debian10:

    Code:
    # update-alternatives --config php-cgi-bin
    There are 4 choices for the alternative php-cgi-bin (providing /usr/lib/cgi-bin/php).
    
      Selection    Path                     Priority   Status
    ------------------------------------------------------------
      0            /usr/lib/cgi-bin/php8.1   81        auto mode
      1            /usr/lib/cgi-bin/php5.6   56        manual mode
      2            /usr/lib/cgi-bin/php7.3   73        manual mode
    * 3            /usr/lib/cgi-bin/php7.4   74        manual mode
      4            /usr/lib/cgi-bin/php8.1   81        manual mode
    
    Press <enter> to keep the current choice[*], or type selection number: 2
    update-alternatives: using /usr/lib/cgi-bin/php7.3 to provide /usr/lib/cgi-bin/php (php-cgi-bin) in manual mode
    You have new mail in /var/mail/root
    # update-alternatives --config php-cgi
    There are 4 choices for the alternative php-cgi (providing /usr/bin/php-cgi).
    
      Selection    Path                 Priority   Status
    ------------------------------------------------------------
      0            /usr/bin/php-cgi8.1   81        auto mode
      1            /usr/bin/php-cgi5.6   56        manual mode
    * 2            /usr/bin/php-cgi7.3   73        manual mode
      3            /usr/bin/php-cgi7.4   74        manual mode
      4            /usr/bin/php-cgi8.1   81        manual mode
    
    Press <enter> to keep the current choice[*], or type selection number:
    # update-alternatives --config php
    There are 5 choices for the alternative php (providing /usr/bin/php).
    
      Selection    Path                  Priority   Status
    ------------------------------------------------------------
      0            /usr/bin/php.default   100       auto mode
      1            /usr/bin/php.default   100       manual mode
      2            /usr/bin/php5.6        56        manual mode
    * 3            /usr/bin/php7.3        73        manual mode
      4            /usr/bin/php7.4        74        manual mode
      5            /usr/bin/php8.1        81        manual mode
    
    Press <enter> to keep the current choice[*], or type selection number:
    `/etc/php/7.3/fpm/php.ini` has relevant modified lines as of below:

    Code:
    cgi.fix_pathinfo=0
    ...
    [Date]
    date.timezone = "Europe/Rome"
    `/etc/nginx/sites-available/apps.vhost` and ispconfig.vhost in the same directory have proper pointer to php7.3-fpm path. Tried with chmod to 0660 manually to the error-spewing .sock files without a change:

    Code:
    # rg '7.3' /etc/nginx/sites-available/*
    /etc/nginx/sites-available/apps.vhost
    55:               fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock;
    102:                       fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock;
    152:                       fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock;
    
    /etc/nginx/sites-available/ispconfig.vhost
    32:               fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock;
    55:#                       fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock;
    75:#                       fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock;
    
    # chmod 0660 /var/lib/php7.3-fpm/ispconfig.sock
    # chmod 0660 /var/lib/php7.3-fpm/apps.sock
    With all the configs in right place, why the control panel is reporting '502 Bad Gateway' with critical error:

    Code:
    *507 connect() to unix:/var/lib/php7.3-fpm/ispconfig.sock failed (13: Permission denied) while connecting to upstream, client: ::1,
    server: _, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/lib/php7.3-fpm/ispconfig.sock:", host: "localhost:8080"
    Any clue? Where to look further to sort this out? Thanks.
     
    Last edited: Jan 26, 2022
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What version was ISPConfig previously?
    How come default PHP version got changed? Just updating ISPConfig should not cause that.
    What do now show commands :
    Code:
    update-alternatives --config php
    update-alternatives --config php-cgi
    If still problems, do https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
     
  3. zenny

    zenny Member


    The previous version of ISPConfig was 3.1.15.

    I have already posted the outputs of the `update-alternatives` above:

    Code:
    # update-alternatives --config php
    There are 5 choices for the alternative php (providing /usr/bin/php).
    
      Selection    Path                  Priority   Status
    ------------------------------------------------------------
      0            /usr/bin/php.default   100       auto mode
      1            /usr/bin/php.default   100       manual mode
      2            /usr/bin/php5.6        56        manual mode
    * 3            /usr/bin/php7.3        73        manual mode
      4            /usr/bin/php7.4        74        manual mode
      5            /usr/bin/php8.1        81        manual mode
    
    Press <enter> to keep the current choice[*], or type selection number:
    
    # update-alternatives --config php-cgi
    There are 4 choices for the alternative php-cgi (providing /usr/bin/php-cgi).
    
      Selection    Path                 Priority   Status
    ------------------------------------------------------------
      0            /usr/bin/php-cgi8.1   81        auto mode
      1            /usr/bin/php-cgi5.6   56        manual mode
    * 2            /usr/bin/php-cgi7.3   73        manual mode
      3            /usr/bin/php-cgi7.4   74        manual mode
      4            /usr/bin/php-cgi8.1   81        manual mode 
    I didn't see anything that is not included in the thread, however correct me in case I did. Thanks!
     
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You did chmod that but I don't see the owner/group, verify those are both ispconfig, and check permissions on the full path up to that (ie. check /, /var, and /var/lib). My next thought is to look at apparmor, but that shouldn't change if all you upgraded was ISPConfig, and nothing in the system/php.
     
  5. zenny

    zenny Member

    Thanks.

    The owner/group of the sockets are:
    Code:
    # ls -la /var/lib/php7.3-fpm/*
    srw-rw---- 1 ispapps   ispapps   0 Jan 26 15:15 /var/lib/php7.3-fpm/apps.sock
    srw-rw---- 1 ispconfig ispconfig 0 Jan 26 15:15 /var/lib/php7.3-fpm/ispconfig.sock
    
    # ls -la /var
    total 56
    drwxr-xr-x 14 root  root  4096 Nov 26  2016 .
    drwxr-xr-x 22 root  root  4096 Jan 26 16:56 ..
    drwxr-x--- 36 root  root  4096 Jan 26 15:14 backup
    drwxr-xr-x  2 root  root  4096 Jan 26 14:50 backups
    drwxr-xr-x 12 root  root  4096 Jan 25 20:37 cache
    drwxr-xr-x 54 root  root  4096 Jan 25 22:17 lib
    drwxrwsr-x  2 root  staff 4096 Jul 25  2016 local
    lrwxrwxrwx  1 root  root     9 Jul 25  2016 lock -> /run/lock
    drwxr-xr-x 12 root  root  4096 Jan 26 09:39 log
    drwxrwsr-x  2 root  mail  4096 Jan 26 16:56 mail
    drwxr-xr-x  2 root  root  4096 Jul 25  2016 opt
    lrwxrwxrwx  1 root  root     4 Jul 25  2016 run -> /run
    drwxr-xr-x  5 root  root  4096 Nov 25  2016 spool
    drwxrwxrwt  6 root  root  4096 Jan 26 16:39 tmp
    drwxr-xr-x  4 vmail vmail 4096 Mar 31  2016 vmail
    drwxr-xr-x  8 root  root  4096 Mar 26  2021 www
    
    # ls -la /var/lib                                             [20/49447]
    total 276
    drwxr-xr-x 54 root         root          4096 Jan 25 22:17 .
    drwxr-xr-x 14 root         root          4096 Nov 26  2016 ..
    drwxr-xr-x  9 root         root          4096 Jul 11  2017 acme
    drwxr-x---  7 amavis       amavis        4096 Jan 26 09:39 amavis
    drwxr-xr-x  6 root         root          4096 Jan 26 14:54 apt
    drwxr-xr-x  2 root         root          4096 Jan 25 19:16 aspell
    drwxr-x---  2 www-data     www-data     65536 Jan 24 00:10 awstats
    drwxrwxr-x  2 root         bind          4096 Nov 25  2016 bind
    drwxr-xr-x 17 clamav       clamav        4096 Jan 26 16:39 clamav
    drwx------  2 root         root          4096 Jul 25  2016 container
    drwxr-xr-x  3 root         root          4096 Jul 12  2017 dehydrated
    drwxr-xr-x  3 root         root          4096 Nov 25  2016 dictionaries-common
    drwxr-xr-x  2 root         root          4096 Jan 26 09:39 dovecot
    drwxr-xr-x  8 root         root          4096 Jan 26 14:54 dpkg
    drwxr-xr-x  3 root         root          4096 Nov 25  2016 emacsen-common
    drwxr-xr-x  2 root         root          4096 Jan 25 22:18 fail2ban
    drwxr-xr-x  3 root         root          4096 Jan 25 20:37 gems
    drwxr-xr-x  4 root         root          4096 Nov 25  2016 ghostscript
    drwxr-xr-x  2 root         root          4096 Mar 19  2016 git
    drwxr-xr-x  2 root         root          4096 Apr 26  2017 initramfs-tools
    drwxr-xr-x  2 root         root          4096 Jul 25  2016 initscripts
    drwxr-xr-x  2 root         root          4096 Jul 25  2016 insserv
    drwxr-xr-x  2 root         root          4096 Jan 25 19:16 ispell
    drwxr-xr-x  2 root         root          4096 Jan 24  2021 letsencrypt
    drwxr-xr-x  2 root         root          4096 Jan 26 09:39 logrotate
    drwxr-xr-x  3 root         root          4096 Nov 25  2016 mailman
    drwxr-xr-x  2 root         root          4096 Nov 25  2016 man-db
    drwxr-xr-x  2 root         root          4096 Jul 25  2016 misc
    drwx------ 18 mysql        mysql         4096 Jan 26 15:14 mysql
    drwx------  2 mysql        mysql         4096 Nov 25  2016 mysql-files
    drwxr-xr-x  7 root         root          4096 Nov 25  2016 nginx
    drwxr-xr-x  2 ntp          ntp           4096 Jan 25 19:20 ntp
    drwxr-xr-x  2 root         root          4096 Jan 25 19:16 pam
    drwxr-xr-x  4 root         root          4096 Jun 17  2019 php
    drwxr-xr-x  3 root         root          4096 Jan 25 20:44 php5
    drwxr-xr-x  2 root         root          4096 Jan 25 20:44 php5-fpm
    drwx------  2 root         root          4096 Jan 26 15:15 php7.3-fpm
    drwxr-xr-x  2 root         root          4096 Jan 25 18:50 phpmyadmin
    drwxr-xr-x  3 root         root          4096 Jan 25 18:59 polkit-1
    drwxr-xr-x  2 postfix      postfix       4096 Nov 25  2016 postfix
    drwx------  2 root         root          4096 Jan 25 19:02 private
    drwxr-xr-x  2 root         root          4096 Jan 25 20:37 python
    
    drwxr-xr-x  2 root         root          4096 Nov 25  2016 quota
    drwxr-xr-x  4 root         root          4096 Nov 25  2016 rkhunter
    drwxr-xr-x  3 root         root          4096 Jun 17  2019 roundcube
    drwxr-xr-x  3 root         root          4096 Nov 25  2016 snmp
    drwxr-xr-x  2 root         root          4096 Jan 25 19:56 sntp
    drwxr-xr-x  5 debian-spamd debian-spamd  4096 Nov 25  2016 spamassassin
    drwxr-xr-x  3 root         root          4096 Jan 24 15:47 sudo
    drwxr-xr-x  7 root         root          4096 Dec  4  2016 systemd
    drwxr-xr-x  3 root         root          4096 Jan 26 14:54 ucf
    drwxr-xr-x  2 root         root          4096 Jul 25  2016 update-rc.d
    drwxr-xr-x  2 root         root          4096 Jul 25  2016 urandom
    drwxr-xr-x  3 root         root          4096 Jul 25  2016 vim
    I guess the above is what thje ownership and permisison were supposed to be.

    I have no apparmor activated nor installed:

    Code:
    # dpkg -l | grep ii | grep apparmor
    ii  libapparmor1:amd64                2.13.2-10
                              amd64        changehat AppArmor library
    The list of service enabled does not include apparmor, either:
    Code:
    # service --status-all
     [ + ]  amavis
     [ + ]  amavisd-snmp-subagent
     [ + ]  amavis-mc
     [ + ]  bastille-firewall
     [ - ]  bind9
     [ - ]  bootlogs
     [ - ]  bootmisc.sh
     [ - ]  brightness
     [ - ]  checkfs.sh
     [ - ]  checkroot-bootclean.sh
     [ - ]  checkroot.sh
     [ + ]  clamav-daemon
     [ + ]  clamav-freshclam
     [ + ]  cron
     [ + ]  dovecot
     [ + ]  fail2ban
     [ - ]  fcgiwrap
     [ - ]  gdomap
     [ - ]  haveged
     [ - ]  hostname.sh
     [ - ]  hwclock.sh
     [ ? ]  jailkit
     [ - ]  killprocs
     [ - ]  kmod
     [ + ]  memcached
     [ ? ]  modules_dep.sh
     [ - ]  mountall-bootclean.sh
     [ - ]  mountall.sh
     [ - ]  mountdevsubfs.sh
     [ - ]  mountkernfs.sh
     [ - ]  mountnfs-bootclean.sh
     [ - ]  mountnfs.sh
     [ + ]  mysql
     [ + ]  networking
     [ + ]  nginx
     [ - ]  nginx-debug
     [ + ]  ntp
     [ + ]  openbsd-inetd
     [ + ]  opendkim
     [ + ]  php5.6-fpm
     [ - ]  php5-fpm
     [ - ]  php7.1-fpm
     [ + ]  php7.3-fpm
     [ + ]  php8.1-fpm
     [ + ]  postfix
     [ + ]  procps
     [ + ]  pure-ftpd-mysql
     [ + ]  quota
     [ - ]  quotarpc
     [ - ]  rc.local
     [ - ]  rmnologin
     [ - ]  rsync
     [ + ]  rsyslog
     [ - ]  sendsigs
     [ - ]  spamassassin
     [ + ]  ssh
     [ - ]  sudo
     [ - ]  udev
     [ - ]  umountfs
     [ - ]  umountnfs.sh
     [ - ]  umountroot
     [ - ]  urandom
     [ - ]  wide-dhcpv6-client
    Or where do I have to look else? Thanks
     
    Last edited: Jan 26, 2022
  6. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    well, i'd suggest that you change the permissions for php7.3-fpm

    Code:
    drwxr-xr-x  4 root         root          4096 Jun 17  2019 php
    drwxr-xr-x  3 root         root          4096 Jan 25 20:44 php5
    drwxr-xr-x  2 root         root          4096 Jan 25 20:44 php5-fpm
    drwx------  2 root         root          4096 Jan 26 15:15 php7.3-fpm
    
    i'd say that folder should be 755, like the others, not 700
     
    Last edited: Jan 26, 2022
    ahrasis and Jesse Norell like this.
  7. zenny

    zenny Member

    Thanks that solved the problem!
     

Share This Page