[SOLVED] ISPConfig3 Control Panel gives 502 error after upgrade

Discussion in 'Installation/Configuration' started by zenny, Jan 26, 2022.

Tags:
  1. zenny

    zenny Member

    Hi,

    I just upgraded the ISPConfig3 to the latest version (v3.2.7p1) in Debian buster
    Code:
    # lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster
    and encountered with `nginx` connection to `php7.3-fpm` as it appears:

    Code:
    2022/01/26 10:10:41 [crit] 21467#21467: *4 connect() to unix:/var/lib/php7.3-fpm/ispconfig.sock failed (13: Permission denied) while connecting to upstream, client: ::1, server: _, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/lib/php7.3-fpm/ispconfig.sock:", host: "localhost:8080"
    I have tried with `ispconfig_update.sh --force' and allowed to `Reconfigure Services' with no go.

    In the server `nginx` is running and there are not errors:

    Code:
    # sytemctl status nginx
-bash: sytemctl: command not found
root@server3:~# systemctl status nginx
● nginx.service - nginx - high performance web server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-01-26 10:09:39 CET; 11min ago
     Docs: https://nginx.org/en/docs/
  Process: 21465 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, stat
 Main PID: 21466 (nginx)
    Tasks: 3 (limit: 4664)
   Memory: 17.6M
   CGroup: /system.slice/nginx.service
           ├─21466 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           ├─21467 nginx: worker process
           └─21468 nginx: worker process

Jan 26 10:09:39 server3 systemd[1]: Starting nginx - high performance web server...
Jan 26 10:09:39 server3 systemd[1]: nginx.service: Can't open PID file /run/nginx.pid
Jan 26 10:09:39 server3 systemd[1]: Started nginx - high performance web server.
    `php7.3-fpm` is running without any issues:

    Code:
    # systemctl status php7.3-fpm
● php7.3-fpm.service - The PHP 7.3 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.3-fpm.service; enabled; vendor preset: ena
   Active: active (running) since Wed 2022-01-26 10:09:52 CET; 13min ago
     Docs: man:php-fpm7.3(8)
  Process: 21484 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php
 Main PID: 21477 (php-fpm7.3)
   Status: "Processes active: 0, idle: 6, Requests: 0, slow: 0, Traffic: 0req/sec"
    Tasks: 7 (limit: 4664)
   Memory: 20.0M
   CGroup: /system.slice/php7.3-fpm.service
           ├─21477 php-fpm: master process (/etc/php/7.3/fpm/php-fpm.conf)
           ├─21478 php-fpm: pool apps-{fpm_domain}
           ├─21479 php-fpm: pool apps-{fpm_domain}
           ├─21480 php-fpm: pool ispconfig
           ├─21481 php-fpm: pool ispconfig
           ├─21482 php-fpm: pool www
           └─21483 php-fpm: pool www

Jan 26 10:09:51 server3 systemd[1]: Starting The PHP 7.3 FastCGI Process Manager...
Jan 26 10:09:52 server3 systemd[1]: Started The PHP 7.3 FastCGI Process Manager.
lines 1-20/20 (END)
    No changes were made to `/etc/php/7.3/fpm/pool.d/www.conf`

    Code:
    ; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_valuep
    `/etc/php/7.3/fpm/pool.d/ispconfig.conf` is also untouched:

    Code:
    [ispconfig]

listen = /var/lib/php7.3-fpm/ispconfig.sock
listen.owner = ispconfig
listen.group = ispconfig
listen.mode = 0660

user = ispconfig
group = ispconfig

pm = dynamic
pm.max_children = 500
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 5

chdir = /

; php_admin_value[open_basedir] = /usr/local/ispconfig/interface:/usr/local/ispconfig/security:/usr/share:/var/lib/roundcube:/etc/roundcube:/usr/share/roundcube
php_admin_value[session.save_path] = /usr/local/ispconfig/interface/temp
php_admin_flag[magic_quotes_gpc] = off

php_admin_value[memory_limit] = -1
php_admin_value[max_execution_time] = 1200
    php has been defaulted to v7.3 for Debian10:

    Code:
    # update-alternatives --config php-cgi-bin
There are 4 choices for the alternative php-cgi-bin (providing /usr/lib/cgi-bin/php).

  Selection    Path                     Priority   Status
------------------------------------------------------------
  0            /usr/lib/cgi-bin/php8.1   81        auto mode
  1            /usr/lib/cgi-bin/php5.6   56        manual mode
  2            /usr/lib/cgi-bin/php7.3   73        manual mode
* 3            /usr/lib/cgi-bin/php7.4   74        manual mode
  4            /usr/lib/cgi-bin/php8.1   81        manual mode

Press <enter> to keep the current choice[*], or type selection number: 2
update-alternatives: using /usr/lib/cgi-bin/php7.3 to provide /usr/lib/cgi-bin/php (php-cgi-bin) in manual mode
You have new mail in /var/mail/root
# update-alternatives --config php-cgi
There are 4 choices for the alternative php-cgi (providing /usr/bin/php-cgi).

  Selection    Path                 Priority   Status
------------------------------------------------------------
  0            /usr/bin/php-cgi8.1   81        auto mode
  1            /usr/bin/php-cgi5.6   56        manual mode
* 2            /usr/bin/php-cgi7.3   73        manual mode
  3            /usr/bin/php-cgi7.4   74        manual mode
  4            /usr/bin/php-cgi8.1   81        manual mode

Press <enter> to keep the current choice[*], or type selection number:
# update-alternatives --config php
There are 5 choices for the alternative php (providing /usr/bin/php).

  Selection    Path                  Priority   Status
------------------------------------------------------------
  0            /usr/bin/php.default   100       auto mode
  1            /usr/bin/php.default   100       manual mode
  2            /usr/bin/php5.6        56        manual mode
* 3            /usr/bin/php7.3        73        manual mode
  4            /usr/bin/php7.4        74        manual mode
  5            /usr/bin/php8.1        81        manual mode

Press <enter> to keep the current choice[*], or type selection number:
    `/etc/php/7.3/fpm/php.ini` has relevant modified lines as of below:

    Code:
    cgi.fix_pathinfo=0
...
[Date]
date.timezone = "Europe/Rome"
    `/etc/nginx/sites-available/apps.vhost` and ispconfig.vhost in the same directory have proper pointer to php7.3-fpm path. Tried with chmod to 0660 manually to the error-spewing .sock files without a change:

    Code:
    # rg '7.3' /etc/nginx/sites-available/*
/etc/nginx/sites-available/apps.vhost
55:               fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock;
102:                       fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock;
152:                       fastcgi_pass unix:/var/lib/php7.3-fpm/apps.sock;

/etc/nginx/sites-available/ispconfig.vhost
32:               fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock;
55:#                       fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock;
75:#                       fastcgi_pass unix:/var/lib/php7.3-fpm/ispconfig.sock;

# chmod 0660 /var/lib/php7.3-fpm/ispconfig.sock
# chmod 0660 /var/lib/php7.3-fpm/apps.sock
    With all the configs in right place, why the control panel is reporting '502 Bad Gateway' with critical error:

    Code:
    *507 connect() to unix:/var/lib/php7.3-fpm/ispconfig.sock failed (13: Permission denied) while connecting to upstream, client: ::1,
server: _, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/lib/php7.3-fpm/ispconfig.sock:", host: "localhost:8080"
    Any clue? Where to look further to sort this out? Thanks.
     
    Last edited: Jan 26, 2022
    zenny, Jan 26, 2022
    #1
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What version was ISPConfig previously?
    How come default PHP version got changed? Just updating ISPConfig should not cause that.
    What do now show commands :
    Code:
    update-alternatives --config php
update-alternatives --config php-cgi
    If still problems, do https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
     
    Taleman, Jan 26, 2022
    #2
  3. zenny

    zenny Member


    The previous version of ISPConfig was 3.1.15.

    I have already posted the outputs of the `update-alternatives` above:

    Code:
    # update-alternatives --config php
There are 5 choices for the alternative php (providing /usr/bin/php).

  Selection    Path                  Priority   Status
------------------------------------------------------------
  0            /usr/bin/php.default   100       auto mode
  1            /usr/bin/php.default   100       manual mode
  2            /usr/bin/php5.6        56        manual mode
* 3            /usr/bin/php7.3        73        manual mode
  4            /usr/bin/php7.4        74        manual mode
  5            /usr/bin/php8.1        81        manual mode

Press <enter> to keep the current choice[*], or type selection number:

# update-alternatives --config php-cgi
There are 4 choices for the alternative php-cgi (providing /usr/bin/php-cgi).

  Selection    Path                 Priority   Status
------------------------------------------------------------
  0            /usr/bin/php-cgi8.1   81        auto mode
  1            /usr/bin/php-cgi5.6   56        manual mode
* 2            /usr/bin/php-cgi7.3   73        manual mode
  3            /usr/bin/php-cgi7.4   74        manual mode
  4            /usr/bin/php-cgi8.1   81        manual mode
    I didn't see anything that is not included in the thread, however correct me in case I did. Thanks!
     
    zenny, Jan 26, 2022
    #3
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You did chmod that but I don't see the owner/group, verify those are both ispconfig, and check permissions on the full path up to that (ie. check /, /var, and /var/lib). My next thought is to look at apparmor, but that shouldn't change if all you upgraded was ISPConfig, and nothing in the system/php.
     
    Jesse Norell, Jan 26, 2022
    #4
  5. zenny

    zenny Member

    Thanks.

    The owner/group of the sockets are:
    Code:
    # ls -la /var/lib/php7.3-fpm/*
srw-rw---- 1 ispapps   ispapps   0 Jan 26 15:15 /var/lib/php7.3-fpm/apps.sock
srw-rw---- 1 ispconfig ispconfig 0 Jan 26 15:15 /var/lib/php7.3-fpm/ispconfig.sock

# ls -la /var
total 56
drwxr-xr-x 14 root  root  4096 Nov 26  2016 .
drwxr-xr-x 22 root  root  4096 Jan 26 16:56 ..
drwxr-x--- 36 root  root  4096 Jan 26 15:14 backup
drwxr-xr-x  2 root  root  4096 Jan 26 14:50 backups
drwxr-xr-x 12 root  root  4096 Jan 25 20:37 cache
drwxr-xr-x 54 root  root  4096 Jan 25 22:17 lib
drwxrwsr-x  2 root  staff 4096 Jul 25  2016 local
lrwxrwxrwx  1 root  root     9 Jul 25  2016 lock -> /run/lock
drwxr-xr-x 12 root  root  4096 Jan 26 09:39 log
drwxrwsr-x  2 root  mail  4096 Jan 26 16:56 mail
drwxr-xr-x  2 root  root  4096 Jul 25  2016 opt
lrwxrwxrwx  1 root  root     4 Jul 25  2016 run -> /run
drwxr-xr-x  5 root  root  4096 Nov 25  2016 spool
drwxrwxrwt  6 root  root  4096 Jan 26 16:39 tmp
drwxr-xr-x  4 vmail vmail 4096 Mar 31  2016 vmail
drwxr-xr-x  8 root  root  4096 Mar 26  2021 www

# ls -la /var/lib                                             [20/49447]
total 276
drwxr-xr-x 54 root         root          4096 Jan 25 22:17 .
drwxr-xr-x 14 root         root          4096 Nov 26  2016 ..
drwxr-xr-x  9 root         root          4096 Jul 11  2017 acme
drwxr-x---  7 amavis       amavis        4096 Jan 26 09:39 amavis
drwxr-xr-x  6 root         root          4096 Jan 26 14:54 apt
drwxr-xr-x  2 root         root          4096 Jan 25 19:16 aspell
drwxr-x---  2 www-data     www-data     65536 Jan 24 00:10 awstats
drwxrwxr-x  2 root         bind          4096 Nov 25  2016 bind
drwxr-xr-x 17 clamav       clamav        4096 Jan 26 16:39 clamav
drwx------  2 root         root          4096 Jul 25  2016 container
drwxr-xr-x  3 root         root          4096 Jul 12  2017 dehydrated
drwxr-xr-x  3 root         root          4096 Nov 25  2016 dictionaries-common
drwxr-xr-x  2 root         root          4096 Jan 26 09:39 dovecot
drwxr-xr-x  8 root         root          4096 Jan 26 14:54 dpkg
drwxr-xr-x  3 root         root          4096 Nov 25  2016 emacsen-common
drwxr-xr-x  2 root         root          4096 Jan 25 22:18 fail2ban
drwxr-xr-x  3 root         root          4096 Jan 25 20:37 gems
drwxr-xr-x  4 root         root          4096 Nov 25  2016 ghostscript
drwxr-xr-x  2 root         root          4096 Mar 19  2016 git
drwxr-xr-x  2 root         root          4096 Apr 26  2017 initramfs-tools
drwxr-xr-x  2 root         root          4096 Jul 25  2016 initscripts
drwxr-xr-x  2 root         root          4096 Jul 25  2016 insserv
drwxr-xr-x  2 root         root          4096 Jan 25 19:16 ispell
drwxr-xr-x  2 root         root          4096 Jan 24  2021 letsencrypt
drwxr-xr-x  2 root         root          4096 Jan 26 09:39 logrotate
drwxr-xr-x  3 root         root          4096 Nov 25  2016 mailman
drwxr-xr-x  2 root         root          4096 Nov 25  2016 man-db
drwxr-xr-x  2 root         root          4096 Jul 25  2016 misc
drwx------ 18 mysql        mysql         4096 Jan 26 15:14 mysql
drwx------  2 mysql        mysql         4096 Nov 25  2016 mysql-files
drwxr-xr-x  7 root         root          4096 Nov 25  2016 nginx
drwxr-xr-x  2 ntp          ntp           4096 Jan 25 19:20 ntp
drwxr-xr-x  2 root         root          4096 Jan 25 19:16 pam
drwxr-xr-x  4 root         root          4096 Jun 17  2019 php
drwxr-xr-x  3 root         root          4096 Jan 25 20:44 php5
drwxr-xr-x  2 root         root          4096 Jan 25 20:44 php5-fpm
drwx------  2 root         root          4096 Jan 26 15:15 php7.3-fpm
drwxr-xr-x  2 root         root          4096 Jan 25 18:50 phpmyadmin
drwxr-xr-x  3 root         root          4096 Jan 25 18:59 polkit-1
drwxr-xr-x  2 postfix      postfix       4096 Nov 25  2016 postfix
drwx------  2 root         root          4096 Jan 25 19:02 private
drwxr-xr-x  2 root         root          4096 Jan 25 20:37 python

drwxr-xr-x  2 root         root          4096 Nov 25  2016 quota
drwxr-xr-x  4 root         root          4096 Nov 25  2016 rkhunter
drwxr-xr-x  3 root         root          4096 Jun 17  2019 roundcube
drwxr-xr-x  3 root         root          4096 Nov 25  2016 snmp
drwxr-xr-x  2 root         root          4096 Jan 25 19:56 sntp
drwxr-xr-x  5 debian-spamd debian-spamd  4096 Nov 25  2016 spamassassin
drwxr-xr-x  3 root         root          4096 Jan 24 15:47 sudo
drwxr-xr-x  7 root         root          4096 Dec  4  2016 systemd
drwxr-xr-x  3 root         root          4096 Jan 26 14:54 ucf
drwxr-xr-x  2 root         root          4096 Jul 25  2016 update-rc.d
drwxr-xr-x  2 root         root          4096 Jul 25  2016 urandom
drwxr-xr-x  3 root         root          4096 Jul 25  2016 vim
    I guess the above is what thje ownership and permisison were supposed to be.

    I have no apparmor activated nor installed:

    Code:
    # dpkg -l | grep ii | grep apparmor
ii  libapparmor1:amd64                2.13.2-10
                          amd64        changehat AppArmor library
    The list of service enabled does not include apparmor, either:
    Code:
    # service --status-all
 [ + ]  amavis
 [ + ]  amavisd-snmp-subagent
 [ + ]  amavis-mc
 [ + ]  bastille-firewall
 [ - ]  bind9
 [ - ]  bootlogs
 [ - ]  bootmisc.sh
 [ - ]  brightness
 [ - ]  checkfs.sh
 [ - ]  checkroot-bootclean.sh
 [ - ]  checkroot.sh
 [ + ]  clamav-daemon
 [ + ]  clamav-freshclam
 [ + ]  cron
 [ + ]  dovecot
 [ + ]  fail2ban
 [ - ]  fcgiwrap
 [ - ]  gdomap
 [ - ]  haveged
 [ - ]  hostname.sh
 [ - ]  hwclock.sh
 [ ? ]  jailkit
 [ - ]  killprocs
 [ - ]  kmod
 [ + ]  memcached
 [ ? ]  modules_dep.sh
 [ - ]  mountall-bootclean.sh
 [ - ]  mountall.sh
 [ - ]  mountdevsubfs.sh
 [ - ]  mountkernfs.sh
 [ - ]  mountnfs-bootclean.sh
 [ - ]  mountnfs.sh
 [ + ]  mysql
 [ + ]  networking
 [ + ]  nginx
 [ - ]  nginx-debug
 [ + ]  ntp
 [ + ]  openbsd-inetd
 [ + ]  opendkim
 [ + ]  php5.6-fpm
 [ - ]  php5-fpm
 [ - ]  php7.1-fpm
 [ + ]  php7.3-fpm
 [ + ]  php8.1-fpm
 [ + ]  postfix
 [ + ]  procps
 [ + ]  pure-ftpd-mysql
 [ + ]  quota
 [ - ]  quotarpc
 [ - ]  rc.local
 [ - ]  rmnologin
 [ - ]  rsync
 [ + ]  rsyslog
 [ - ]  sendsigs
 [ - ]  spamassassin
 [ + ]  ssh
 [ - ]  sudo
 [ - ]  udev
 [ - ]  umountfs
 [ - ]  umountnfs.sh
 [ - ]  umountroot
 [ - ]  urandom
 [ - ]  wide-dhcpv6-client
    Or where do I have to look else? Thanks
     
    Last edited: Jan 26, 2022
    zenny, Jan 26, 2022
    #5
  6. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    well, i'd suggest that you change the permissions for php7.3-fpm

    Code:
    drwxr-xr-x  4 root         root          4096 Jun 17  2019 php
drwxr-xr-x  3 root         root          4096 Jan 25 20:44 php5
drwxr-xr-x  2 root         root          4096 Jan 25 20:44 php5-fpm
drwx------  2 root         root          4096 Jan 26 15:15 php7.3-fpm
    i'd say that folder should be 755, like the others, not 700
     
    Last edited: Jan 26, 2022
    nhybgtvfr, Jan 26, 2022
    #6
    ahrasis and Jesse Norell like this.
  7. zenny

    zenny Member

    Thanks that solved the problem!
     
    zenny, Jan 26, 2022
    #7

Share This Page