Unable to Open Primary Script when trying to execute PHP via Apache [RESOLVED]

Discussion in 'Installation/Configuration' started by Nyx_, Oct 9, 2022.

Tags:
  1. Nyx_

    Nyx_ Member

    Hi Folks. Good day.
    I´ve been knocking my head against the table for days with a issue that I'm clueless on how to solve it.
    I'm posting it here hoping someone can shine some light on it...
    I'm trying to setup a PHP development environment in one of the domains I host on my server.
    The goal is to have the project directory under /web with the source files and point the Apache DocumentRoot in a location under it like /web/project/public for example.

    I created that structure and, once I change the DocumentRoot to /web/project/public, Apache can server the HTML and other static files with no issues. However, if I try to execute a PHP script, I get this on the logs:
    Code:
    [Sun Oct 09 00:58:37.672739 2022] [proxy_fcgi:error] [pid 7259] [client 123.45.678.90:59314] AH01071: Got error 'Primary script unknown'
    I manually modified the /etc/apache2/sites-available/domain.vhost file to change this
    Code:
    ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "/web"
    to
    Code:
    ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "/web/project/public"
    Then, when I browse the location, I get a 404 from the browser and this on the httpd error.log
    Code:
    [Sun Oct 09 01:11:28.154606 2022] [proxy_fcgi:error] [pid 9038] [client 123.45.678.90:49873] AH01071: Got error 'Unable to open primary script: /web/project/public/index.php (No such file or directory)'
    I confirmed the file exists and have the proper user:group permissions (just like the other static files on the same location that work fine).
    Searching about these errors on the web pointing to SELinux item (which is disabled on the server).
    Any ideas on how to solve it?
    Thanks a lot in advance.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Undo all other changes you made, then enter in the apache directives field:

    DocumentRoot /var/www/clients/clientX/webY/web/project/public

    just replace X with the client ID and Y with the web ID.
     
  3. Nyx_

    Nyx_ Member

    Hello @till. Thanks for the quick response.

    I've done what you said, I removed the Website, confirmed the files were removed from the server and created it again. Then I added the Apache directive as instructed.

    Unfortunately, the issue persists.
    If I place and browse a HTML or a TXT file on this new DocumentRoot location it works without problem. However, if I try a .php file, it returns a 404 with a message on the browser "File not Found".

    Browsing the Error log, I can see this:
    Code:
    user@server:/# tail -f /var/log/ispconfig/httpd/domain/error.log
    [Sun Oct 09 16:21:00.625170 2022] [proxy_fcgi:error] [pid 98373] [client 123.45.678.90:53578] AH01071: Got error 'Primary script unknown'
    [Sun Oct 09 16:34:04.114902 2022] [proxy_fcgi:error] [pid 98382] [client 123.45.678.90:51254] AH01071: Got error 'Primary script unknown'
    
    It seems some issue with the PHP interpreter, but I'm not fully sure. I'm still searching for clues.
    If there's any config file of log that helps debugging this issue, let me know and I'll post it promptly.

    Thanks a bunch.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Did you undo your modifications in that file and other files?
     
  5. Nyx_

    Nyx_ Member

    Hi @Taleman , Thanks for the reply.

    Yes, I actually removed that Website from ISPConfig interface, and re-created it. Below is the current Apache Config (with domain replaced to mydomain.com).

    Code:
    
    <Directory /var/www/mydomain.com>
           AllowOverride None
                   Require all denied
           </Directory>
    
    <VirtualHost *:80>
    
    
                       DocumentRoot /var/www/clients/client1/web53/web
           
           ServerName mydomain.com
           ServerAlias *.mydomain.com
           ServerAdmin [email protected]
    
    
           ErrorLog /var/log/ispconfig/httpd/mydomain.com/error.log
    
           Alias /error/ "/var/www/mydomain.com/web/error/"
           ErrorDocument 400 /error/400.html
           ErrorDocument 401 /error/401.html
           ErrorDocument 403 /error/403.html
           ErrorDocument 404 /error/404.html
           ErrorDocument 405 /error/405.html
           ErrorDocument 500 /error/500.html
           ErrorDocument 502 /error/502.html
           ErrorDocument 503 /error/503.html
    
    
           <Directory /var/www/mydomain.com/web>
                   # Clear PHP settings of this website
                   <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                           SetHandler None
                   </FilesMatch>
                   Options +SymlinksIfOwnerMatch
                   AllowOverride All
                                   Require all granted
                           </Directory>
           <Directory /var/www/clients/client1/web53/web>
                   # Clear PHP settings of this website
                   <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                           SetHandler None
                   </FilesMatch>
                   Options +SymlinksIfOwnerMatch
                   AllowOverride All
                                   Require all granted
                           </Directory>
    
    
    
    
           # suexec enabled
           <IfModule mod_suexec.c>
               SuexecUserGroup web53 client1
           </IfModule>
           <IfModule mod_fastcgi.c>
                   <Directory /var/www/clients/client1/web53/cgi-bin>
                                           Require all granted
                                       </Directory>
                   <Directory /var/www/mydomain.com/web>
                       <FilesMatch "\.php[345]?$">
                           <If "-f '%{REQUEST_FILENAME}'">
                               SetHandler php-fcgi
                           </If>
                       </FilesMatch>
                   </Directory>
                   <Directory /var/www/clients/client1/web53/web>
                       <FilesMatch "\.php[345]?$">
                           <If "-f '%{REQUEST_FILENAME}'">
                               SetHandler php-fcgi
                           </If>
                       </FilesMatch>
                   </Directory>
                    Action php-fcgi /php-fcgi virtual
                   Alias /php-fcgi /var/www/clients/client1/web53/cgi-bin/php-fcgi-*-80-mydomain.com
                    FastCgiExternalServer /var/www/clients/client1/web53/cgi-bin/php-fcgi-*-80-mydomain.com -idle-timeout 300 -socket /var/lib/web53.sock -pass-header Authorization  -pass-header Content-Type
           </IfModule>
           <IfModule mod_proxy_fcgi.c>
               <IfVersion >= 2.4.26>
                   ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "/web"
                   ProxyFCGISetEnvIf "true" CONTEXT_DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"
                   ProxyFCGISetEnvIf "true" HOME "%{reqenv:DOCUMENT_ROOT}"
                   ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "%{reqenv:DOCUMENT_ROOT}%{reqenv:SCRIPT_NAME}"
               </IfVersion>
               #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/web53.sock|fcgi://localhost//var/www/clients/client1/web53/web/$1
               <Directory /var/www/clients/client1/web53/web>
                   <FilesMatch "\.php[345]?$">
                       <If "-f '%{REQUEST_FILENAME}'">
                           SetHandler "proxy:unix:/var/lib/web53.sock|fcgi://localhost"
                       </If>
                   </FilesMatch>
               </Directory>
               </IfModule>
    
    
    
           # add support for apache mpm_itk
           <IfModule mpm_itk_module>
               AssignUserId web53 client1
           </IfModule>
    
           <IfModule mod_dav_fs.c>
           # Do not execute PHP files in webdav directory
               <Directory /var/www/clients/client1/web53/webdav>
                   <ifModule mod_security2.c>
                       SecRuleRemoveById 960015
                       SecRuleRemoveById 960032
                   </ifModule>
                   <FilesMatch "\.ph(p3?|tml)$">
                       SetHandler None
                   </FilesMatch>
               </Directory>
               DavLockDB /var/www/clients/client1/web53/tmp/DavLock
               # DO NOT REMOVE THE COMMENTS!
               # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
               # WEBDAV END
           </IfModule>
    
               DocumentRoot /var/www/clients/client1/web53/web/project/public
     
    
    </VirtualHost>
    
    
    <VirtualHost *:443>
    
    
                       DocumentRoot /var/www/clients/client1/web53/web
           
           ServerName mydomain.com
           ServerAlias *.mydomain.com
           ServerAdmin [email protected]
    
           <IfModule mod_http2.c>
               Protocols h2 http/1.1
           </IfModule>
    
           <IfModule mod_brotli.c>
               AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript application/xml application/xml+rss application/atom+xml application/json application/x-font-ttf application/vnd.ms-fontobject image/x-icon
           </IfModule>
    
           ErrorLog /var/log/ispconfig/httpd/mydomain.com/error.log
    
           Alias /error/ "/var/www/mydomain.com/web/error/"
           ErrorDocument 400 /error/400.html
           ErrorDocument 401 /error/401.html
           ErrorDocument 403 /error/403.html
           ErrorDocument 404 /error/404.html
           ErrorDocument 405 /error/405.html
           ErrorDocument 500 /error/500.html
           ErrorDocument 502 /error/502.html
           ErrorDocument 503 /error/503.html
    
      <IfModule mod_ssl.c>
           SSLEngine on
           SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
           # SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
           SSLHonorCipherOrder     on
           # <IfModule mod_headers.c>
           # Header always add Strict-Transport-Security "max-age=15768000"
           # </IfModule>
           SSLCertificateFile /var/www/clients/client1/web53/ssl/mydomain.com-le.crt
           SSLCertificateKeyFile /var/www/clients/client1/web53/ssl/mydomain.com-le.key
                     SSLUseStapling on
             SSLStaplingResponderTimeout 5
             SSLStaplingReturnResponderErrors off
                 </IfModule>
    
           <Directory /var/www/mydomain.com/web>
                   # Clear PHP settings of this website
                   <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                           SetHandler None
                   </FilesMatch>
                   Options +SymlinksIfOwnerMatch
                   AllowOverride All
                                   Require all granted
                           </Directory>
           <Directory /var/www/clients/client1/web53/web>
                   # Clear PHP settings of this website
                   <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                           SetHandler None
                   </FilesMatch>
                   Options +SymlinksIfOwnerMatch
                   AllowOverride All
                                   Require all granted
                           </Directory>
    
    
    
    
           # suexec enabled
           <IfModule mod_suexec.c>
               SuexecUserGroup web53 client1
           </IfModule>
           <IfModule mod_fastcgi.c>
                   <Directory /var/www/clients/client1/web53/cgi-bin>
                                           Require all granted
                                       </Directory>
                   <Directory /var/www/mydomain.com/web>
                       <FilesMatch "\.php[345]?$">
                           <If "-f '%{REQUEST_FILENAME}'">
                               SetHandler php-fcgi
                           </If>
                       </FilesMatch>
                   </Directory>
                   <Directory /var/www/clients/client1/web53/web>
                       <FilesMatch "\.php[345]?$">
                           <If "-f '%{REQUEST_FILENAME}'">
                               SetHandler php-fcgi
                           </If>
                       </FilesMatch>
                   </Directory>
                    Action php-fcgi /php-fcgi virtual
                   Alias /php-fcgi /var/www/clients/client1/web53/cgi-bin/php-fcgi-*-443-mydomain.com
                    FastCgiExternalServer /var/www/clients/client1/web53/cgi-bin/php-fcgi-*-443-mydomain.com -idle-timeout 300 -socket /var/lib/web53.sock -pass-header Authorization  -pass-header Content-Type
           </IfModule>
           <IfModule mod_proxy_fcgi.c>
               <IfVersion >= 2.4.26>
                   ProxyFCGISetEnvIf "true" DOCUMENT_ROOT "/web"
                   ProxyFCGISetEnvIf "true" CONTEXT_DOCUMENT_ROOT "%{reqenv:DOCUMENT_ROOT}"
                   ProxyFCGISetEnvIf "true" HOME "%{reqenv:DOCUMENT_ROOT}"
                   ProxyFCGISetEnvIf "true" SCRIPT_FILENAME "%{reqenv:DOCUMENT_ROOT}%{reqenv:SCRIPT_NAME}"
               </IfVersion>
               #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/web53.sock|fcgi://localhost//var/www/clients/client1/web53/web/$1
               <Directory /var/www/clients/client1/web53/web>
                   <FilesMatch "\.php[345]?$">
                       <If "-f '%{REQUEST_FILENAME}'">
                           SetHandler "proxy:unix:/var/lib/web53.sock|fcgi://localhost"
                       </If>
                   </FilesMatch>
               </Directory>
               </IfModule>
    
    
    
           # add support for apache mpm_itk
           <IfModule mpm_itk_module>
               AssignUserId web53 client1
           </IfModule>
    
           <IfModule mod_dav_fs.c>
           # Do not execute PHP files in webdav directory
               <Directory /var/www/clients/client1/web53/webdav>
                   <ifModule mod_security2.c>
                       SecRuleRemoveById 960015
                       SecRuleRemoveById 960032
                   </ifModule>
                   <FilesMatch "\.ph(p3?|tml)$">
                       SetHandler None
                   </FilesMatch>
               </Directory>
               DavLockDB /var/www/clients/client1/web53/tmp/DavLock
               # DO NOT REMOVE THE COMMENTS!
               # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
               # WEBDAV END
           </IfModule>
    
       DocumentRoot /var/www/clients/client1/web53/web/project/public
    
    
    </VirtualHost>
    
    <IfModule mod_ssl.c>
            SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>
    
    

    Thanks for helping with this issue.
     
    Last edited: Oct 11, 2022
  6. Nyx_

    Nyx_ Member

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Ubuntu 20.04.5 LTS
    [INFO] uptime:  01:11:27 up 1 day, 29 min,  6 users,  load average: 0.18, 0.04, 0.02
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:          3.8Gi       1.9Gi       924Mi        30Mi       1.0Gi       1.8Gi
    Swap:         1.9Gi        71Mi       1.8Gi
    [INFO] systemd failed services status:
      UNIT LOAD ACTIVE SUB DESCRIPTION
    0 loaded units listed.
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.8p2
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.4.32
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.32
    
    ##### PORT CHECK #####
    
    [WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening
    [WARN] Port 21 (FTP server) seems NOT to be listening
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
       Apache 2 (PID 98369)
    [INFO] I found the following mail server(s):
       Postfix (PID 3162)
    [INFO] I found the following pop3 server(s):
       Dovecot (PID 1533)
    [INFO] I found the following imap server(s):
       Dovecot (PID 1533)
    [WARN] I could not determine which ftp server is running.
    
    ##### LISTENING PORTS #####
    (only       ()
    Local       (Address)
    [anywhere]:22       (1618/sshd:)
    [anywhere]:25       (3162/master)
    [anywhere]:110       (1533/dovecot)
    [anywhere]:111       (1/init)
    [anywhere]:143       (1533/dovecot)
    ***.***.***.***:53       (680/systemd-resolve)
    [localhost]:3306       (1691/mysqld)
    [anywhere]:465       (3162/master)
    [localhost]:10024       (13381/amavisd-new)
    [localhost]:10025       (3162/master)
    [localhost]:10026       (13381/amavisd-new)
    [localhost]:10027       (3162/master)
    [localhost]:10023       (1743/postgrey)
    ***.***.***.***:53       (1540/named)
    [anywhere]:587       (3162/master)
    [anywhere]:995       (1533/dovecot)
    [anywhere]:993       (1533/dovecot)
    [localhost]:53       (1540/named)
    [localhost]:953       (1540/named)
    [localhost]:11211       (1539/memcached)
    *:*:*:*::*:22       (1618/sshd:)
    *:*:*:*::*:25       (3162/master)
    *:*:*:*::*:80       (98369/apache2)
    [localhost]10       (1533/dovecot)
    [localhost]11       (1/init)
    [localhost]43       (1533/dovecot)
    *:*:*:*::*:10023       (1743/postgrey)
    *:*:*:*::*:10024       (13381/amavisd-new)
    *:*:*:*::*:10026       (13381/amavisd-new)
    *:*:*:*::*:443       (98369/apache2)
    *:*:*:*::*:465       (3162/master)
    *:*:*:*::*:587       (3162/master)
    *:*:*:*::*:995       (1533/dovecot)
    *:*:*:*::*:993       (1533/dovecot)
    *:*:*:*::*:953       (1540/named)
    *:*:*:*::*:53       (1540/named)
    *:*:*:*::*:8080       (98369/apache2)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    f2b-apache-404  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 80,443
    f2b-postfix  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25,465,587,143,993,110,995
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    f2b-roundcube-auth  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 80,443
    ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-before-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0           
    ufw-track-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-apache-404 (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-postfix (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-roundcube-auth (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination         
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
    ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
    ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
    ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    
    Chain ufw-after-logging-forward (1 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-input (1 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-after-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-after-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-forward (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-input (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
    ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
    ufw-not-local  all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
    ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
    ufw-user-input  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-before-logging-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-logging-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-before-output (1 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
    ufw-user-output  all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-logging-allow (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
    
    Chain ufw-logging-deny (2 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
    
    Chain ufw-not-local (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
    RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
    ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-reject-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-reject-output (1 references)
    target     prot opt source               destination         
    
    Chain ufw-skip-to-policy-forward (0 references)
    target     prot opt source               destination         
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-input (7 references)
    target     prot opt source               destination         
    DROP       all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-skip-to-policy-output (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-track-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-input (1 references)
    target     prot opt source               destination         
    
    Chain ufw-track-output (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
    
    Chain ufw-user-forward (1 references)
    target     prot opt source               destination         
    
    Chain ufw-user-input (1 references)
    target     prot opt source               destination         
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
    ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
    ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
    
    Chain ufw-user-limit (0 references)
    target     prot opt source               destination         
    LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable
    
    Chain ufw-user-limit-accept (0 references)
    target     prot opt source               destination         
    ACCEPT     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain ufw-user-logging-forward (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-input (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-logging-output (0 references)
    target     prot opt source               destination         
    
    Chain ufw-user-output (1 references)
    target     prot opt source               destination         
    
    
    
    
    ##### LET'S ENCRYPT #####
    Certbot is installed in /usr/bin/letsencrypt
    
    
    
     
  7. Nyx_

    Nyx_ Member

    Folks, Good day.
    Any idea regarding this issue?
    I even build another server with standard Ubuntu + Apache + PHP (without IPSConfig) to test it. It worked without problem, so, definitely it's something specific to the ISPConfig install I have. Issue is that I don't know much more where to look.
    Appreciate if you guys can shine some light on it.
    Thanks a lot.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Try disabling the php chroot option on the options tab of the website.
     
    Nyx_ likes this.
  9. Nyx_

    Nyx_ Member

    HI @till Good day.
    Thanks for the quick reply.
    It worked! Thanks a bunch.
    If it's not too much of a trouble, can you give me a little bit more info of what does that option do and why it works when it's disabled?
    Thank you very much.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    This option enforces php-fpm to run in a chroot, but this will most likely work only in case you don't alter the DocumentRoot.
     
    Nyx_ likes this.
  11. Nyx_

    Nyx_ Member

    Thanks a lot for the Information and for the work you and the team do.
    I'm a proud supporter of this group.
     
    till likes this.

Share This Page