Jump to content
Froxlor Forum

llucps

Members
  • Content Count

    38
  • Joined

  • Last visited

Posts posted by llucps


  1. DONE!!!!! :lol::lol:

    sorry you're going to kill me... I swear I thought did that step but obviously I didn't.

    Alias "/.well-known/acme-challenge" "/var/www/froxlor/.well-known/acme-challenge"
    <Directory "/var/www/froxlor/.well-known/acme-challenge">
        Require all granted
    </Directory>

    it makes total sense if that directive wasn't present.

    Thanks for your help and understanding.!

     


  2. The info:

    # 10_froxlor_ipandport_XXX.XXX.XX.XX:443.conf
    # Created 26.03.2018 16:51
    # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
    
    <VirtualHost 195.201.96.107:443>
    DocumentRoot "/var/www/"
     ServerName xxxxxxxxx.com
      FcgidIdleTimeout 30
      SuexecUserGroup "froxlorlocal" "froxlorlocal"
      <Directory "/var/www/">
        <FilesMatch "\.(php)$">
          SetHandler fcgid-script
          FcgidWrapper /var/www/php-fcgi-scripts/froxlor.panel/xxxxxxx.com/php-fcgi-starter .php
          Options +ExecCGI
        </FilesMatch>
        Require all granted
        AllowOverride All
      </Directory>
    ServerAlias www.xxxxxxxxx.com
     SSLEngine On
     SSLProtocol -ALL +TLSv1 +TLSv1.2
     SSLCompression Off
     SSLHonorCipherOrder On
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
     SSLVerifyDepth 10
     SSLCertificateFile /etc/letsencrypt/live/xxxxxxxx.com/cert.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxxx.com/privkey.pem
     SSLCACertificateFile /etc/letsencrypt/live/xxxxxxxx.com/fullchain.pem
     SSLCertificateChainFile /etc/letsencrypt/live/xxxxxxxxx.com/chain.pem
    </VirtualHost>
    # 10_froxlor_ipandport_xxx.xxx.xxx.80.conf
    # Created 26.03.2018 16:57
    # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
    
    <VirtualHost 195.201.96.107:80>
    DocumentRoot "/var/www/"
     ServerName xxxxxxx.com
      FcgidIdleTimeout 30
      SuexecUserGroup "froxlorlocal" "froxlorlocal"
      <Directory "/var/www/">
        <FilesMatch "\.(php)$">
          SetHandler fcgid-script
          FcgidWrapper /var/www/php-fcgi-scripts/froxlor.panel/xxxxxxxx.com/php-fcgi-starter .php
          Options +ExecCGI
        </FilesMatch>
        Require all granted
        AllowOverride All
      </Directory>
    ServerAlias www.xxxxxx.com
    </VirtualHost>
    # 35_froxlor_normal_vhost_xxxxxxxx.com.conf
    # Created 26.03.2018 16:57
    # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
    
    # Domain ID: 8 - CustomerID: 1 - CustomerLogin: xxxxxx
    <VirtualHost 195.201.96.107:80>
      ServerName xxxxxxxx.com
      ServerAlias www.xxxxxxx.com
      ServerAdmin xx@xxxxxx.com
      DocumentRoot "/var/customers/webs/xxxxx/xxxxxx/"
      FcgidIdleTimeout 30
      SuexecUserGroup "xxxx" "xxxx"
      <Directory "/var/customers/webs/squeaky/xxxxxx/">
        <FilesMatch "\.(php)$">
          SetHandler fcgid-script
          FcgidWrapper /var/www/php-fcgi-scripts/xxxxx/xxxxxx.com/php-fcgi-starter .php
          Options +ExecCGI
        </FilesMatch>
        Require all granted
        AllowOverride All
      </Directory>
      Alias /webalizer "/var/customers/webs/xxxx/webalizer"
      ErrorLog "/var/customers/logs/xxx-error.log"
      CustomLog "/var/customers/logs/xxxx-access.log" combined
    </VirtualHost>
    # 35_froxlor_ssl_vhost_xxxxxx.com.conf
    # Created 26.03.2018 16:57
    # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
    
    # Domain ID: 8 (SSL) - CustomerID: 1 - CustomerLogin: xxxxx
    <VirtualHost 195.201.96.107:443>
      ServerName xxxx.com
      ServerAlias www.xxxxxx.com
      ServerAdmin xxxx@xxxxxx.com
      SSLEngine On
      SSLProtocol -ALL +TLSv1 +TLSv1.2
      SSLCompression Off
      SSLHonorCipherOrder On
      SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
      SSLVerifyDepth 10
      SSLCertificateFile /etc/letsencrypt/live/xxxxx.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/xxxxx.com/privkey.pem
      SSLCACertificateFile /etc/letsencrypt/live/xxxxxx.com/fullchain.pem
      SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx.com/chain.pem
      <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=0"
      </IfModule>
      DocumentRoot "/var/customers/webs/xxxxx/xxxxxx/"
      FcgidIdleTimeout 30
      SuexecUserGroup "xxxx" "xxx"
      <Directory "/var/customers/webs/xxx/xxxxx/">
        <FilesMatch "\.(php)$">
          SetHandler fcgid-script
          FcgidWrapper /var/www/php-fcgi-scripts/squeaky/xxxxxxx.com/php-fcgi-starter .php
          Options +ExecCGI
        </FilesMatch>
        Require all granted
        AllowOverride All
      </Directory>
      Alias /webalizer "/var/customers/webs/xxx/webalizer"
      ErrorLog "/var/customers/logs/xxx-error.log"
      CustomLog "/var/customers/logs/xxxx-access.log" combined
    </VirtualHost>

     


  3. Let see... above you said:

    Validate that your acme-alias is working, put a test-file with "hello" in it into /var/www/froxlor/.well-known/acme-challenge and call http://yourdomain.com/.well-known/acme-challenge/test-file to see if it outputs "hello" 

    I'm not sure whether is a mistake or not, but I understand the the test-file would go into /var/www/froxlor/.well-known/acme-challenge folder but then It would be accesible from http://squeakyhost.com/froxlor/.well-known/acme-challenge/hello.html

    and you said https://squeakyhost.com/.well-known/acme-challenge/hello.html without the froxlor folder? the root is /var/www/ so it won't be accessible..

    Am i missing something?

    Thanks,

     


  4. Something weird is happening here.. before I paste the information. Can you tell me if you have access to http://www.squeakyhost.com/froxlor/.well-known/acme-challenge/hello.html ?

    I'm getting redirect to https://www.squeakyhost.com/froxlor... using chrome, firefox, safari, cleaning caches, cookies etc... Using my phone either wifi or 3g (another network) it doesn't redirect and works at it should to http:// without s. I removed the SSL port, and any redirect...

    I did reset the router, everything I can think of.. and still it doesn't work... if it were cache it would not owrk with the phone on wifi since is the same network... it's really strange.

    Jesus today is not my day..

    I'll paste the info right away

     

     

     


  5. 1 hour ago, d00p said:

    And again, why specify let's encrypt certificates in IP/Port when you can just check "Let's Encrypt for froxlor vhost" in the froxlor-vhost settings...

    I did it that way, because initially Froxlor didn't have the option to create Let's Encrypt certificate for the vhost, so I install certbot and created it manually and have multiple subdomains such as mail.xxx.com. so I could use it for email (dovecot) and hostname. This setup is also how I had it in my old server, and Froxlor was working perfectly and being able to renew the virtual domain certificates with no problem. Regarding the mail.xxx.com and hostname certificate I made a script and using cron to renew it.

    So, let's step back and go to process step by step of how to create certificates for virtual domains, I'm literally going in circles and getting more confused.

    It seems obvious that in IP/PORTS we need to create 2 entries one with port 80 and the other one with 443 to be used for SSL. If we setup the 443 we and check Is this an SSL Port?, then we are forced to specify the four fields (Path to the SSL Certificate etc..), otherwise when we try to create a certificate for a virtual domain Froxlor complains of xxxxx.com :: empty certificate file! Cannot create ssl-directives, and none certificate is created. Then if I specify the directory where the certificate a I manually created with certbot, then when we want to create a certificate for a virtual domain then it gets this mail.xxx.com hostname values, so it doesn't work.

    So, if we don't check the Is this an SSL Port?, then we dont have the SSL option to setup in virtual domains.. so I assume we MUST create that 443 entry in IP/ports.. but then I'm forced to specifiy the four directives I mentioned above which relate to the hostname vhost domain.

    Can you specify step by step the options I have to check in order to get the 443 SSL options in virtual domains and therefore to create its domain?

    P.D. I also tried to createa certificate for the vhost by hecking Let's Encrypt for froxlor vhost and I also got the same error:

    Could not get Let's Encrypt certificate for hostname.com: Verification ended with error: {"identifier":{"type":"dns","value":"hostname.com"},"status":"invalid","expires":"2018-04-02T12:45:03Z","challenges":[{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/v-pYQ61JbBBJv7VPzbfNT8qjwOEiES8knQVrZa5AsrE\/112138223","token":"fkwhTv44irQxIg4ioUphc3Jyxsgf6JaLlsoI3EI0CO0"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/hostname.com\/.well-known\/acme-challenge\/PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4: \"<!DOCTYPE HTML PUBLIC \"-\/\/IETF\/\/DTD HTML 2.0\/\/EN\">\n<html><head>\n<title>404 Not Found<\/title>\n<\/head><body>\n<h1>Not Found<\/h1>\n<p\"","status":403},"uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/v-pYQ61JbBBJv7VPzbfNT8qjwOEiES8knQVrZa5AsrE\/112138224","token":"PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4","keyAuthorization":"PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4.BzA_ow8z1IpZskT_cUzCJ9D6UNIjVgvAXvemCXHMfIk","validationRecord":[{"url":"http:\/\/squeakyhost.com\/.well-known\/acme-challenge\/PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4","hostname":"hostname.com","port":"80","addressesResolved":["195.201.96.107"],"addressUsed":"195.201.96.107"}]}],"combinations":[[1],[0]]}

    Your help is and will be much appreciated.

    Thank for you patience.

     

     


  6. I don't think I have any other customization, I even remove the option Enable SSL-redirect for the froxlor vhost  in Froxlor VirtualHost settings just in case...

    On thing to blame myself was I had the configfile cronjob disabled... so that's my fault. Although all crons are active now.

    I did manage to get this:

    Skipping Let's Encrypt generation for xxxxxxxx.com due to an enabled ssl_redirect

    I thought eureka!! so I unchecked the SSL Redirect option as the warning specified, so only SSL IP Address and Use Let's Encrypt were checked.

    and I get these two errors (in chronological order):

    [Lets Encrypt self-check] Please check http://xxxxxxxx.com/.well-known/acme-challenge/YMbO1LF1jn6JTU98dFphoitPJ3Y2meOXbG05SxKQCFM - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate
    Could not get Let's Encrypt certificate for xxxxxx.com: Verification ended with error: {"identifier":{"type":"dns","value":"xxxxxxxxx.com"},"status":"invalid","expires":"2018-04-02T10:55:03Z","challenges":[{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/UIqUJNrlHmhkPEGFAWeBWfw9sNpkwMJl0xdJJ5rd0Dk\/112115765","token":"eI15xhc_QV8yOw6PA9TPNBmBeB0rQ1n3AaObdgyLruc"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/xxxxxx.com\/.well-known\/acme-challenge\/OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU: \"<!DOCTYPE HTML PUBLIC \"-\/\/IETF\/\/DTD HTML 2.0\/\/EN\">\n<html><head>\n<title>404 Not Found<\/title>\n<\/head><body>\n<h1>Not Found<\/h1>\n<p\"","status":403},"uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/UIqUJNrlHmhkPEGFAWeBWfw9sNpkwMJl0xdJJ5rd0Dk\/112115766","token":"OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU","keyAuthorization":"OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU.BmmkzlbZ7EfNABqYJGl5LskffdqisVLBzg0k5kuOB_k","validationRecord":[{"url":"http:\/\/xxxxxx.com\/.well-known\/acme-challenge\/OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU","hostname":"xxxxxxxx.com","port":"80","addressesResolved":["195.201.96.107"],"addressUsed":"195.201.96.107"}]}],"combinations":[[0],[1]]}

    Then after this error.. froxlor creates a 35_froxlor_ssl_vhost_xxxxxxxx.com.conf file with the values from the hostname certificate in IP/PORTS 443, these ones:

    5ab8d489d1daf_ScreenShot2018-03-26at10_20_58.thumb.png.527856e24ce691f8b79e506058579a7a.png

    I really don't understand... since the domain is reachable and works.. (xxxxxxxxx.com).. I don't get why froxlor can't reach the domain put the token and create the certificate.

    Sorry to be a pain but I'm trying everytinng in every way.

    Thanks,

     


  7. Mainly because I don't have the option the get mail.hostname.com subdomain.. I would get hostname.com and www.hostname.com but not mail.hostname.com.

    I made progress... the problem I believe was I have a custom apache file to redirect all calls from http://hostname.com/froxlor to http://froxlor.hostname.com..

    So, I created a hello.html in /var/www/froxlor/.well-known/acme-challenge and it works is accessible.

    So removed the file, restart the apache and launched the cron job again.. and I get this error:

    Could not get Let's Encrypt certificate for virtualdomain.com: Curl error: SSL: no alternative certificate subject name matches target host name 'virtualdomain.com'

    any idea?

    Thanks


  8. Hi,

    Finally I managed to get everything working.. except one small issue. I can't get the Virtual domains letsencrypt certificates to work, Let me explain:

    The "Enable Let's Encrypt for the froxlor vhost" is disabled because I manage the certificate for the hostname myself, I installed certbot, got the certificate, and manually insert them in IP/PORTS 443 so that's working.

    5ab8adb23c792_ScreenShot2018-03-26at10_20_58.thumb.png.eb036439ce7c8255900f3eea03d1cd5e.png

    The problem is with Virtual domains certificates. What I do is check these options for each domain:

    5ab8ac7d979c0_ScreenShot2018-03-26at10_10_10.thumb.png.d0afb173ee37dd4414c9d0228c11ad7a.png

    And then run these two scripts:

    /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force
    /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1> /dev/null

    And I get this error:

    Could not get Let's Encrypt certificate for xxxxxxx.com: Verification ended with error: {"identifier":{"type":"dns","value":"xxxxxxxx.com"},"status":"invalid","expires":"2018-04-02T07:58:01Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/xxxxxxx.com\/.well-known\/acme-challenge\/q5MgvUod6jWmc7SFqh2Ns7GzuLD20xlN7wqrXyJsf6s: \"<!DOCTYPE HTML PUBLIC \"-\/\/IETF\/\/DTD HTML 2.0\/\/EN\">\n<html><head>\n<title>404 Not Found<\/title>\n<\/head><body>\n<h1>Not Found<\/h1>\n<p\"","status":403},"uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/oNDyFaqNbifRUl6lW4cL7r_U7MeYUjGq-nz3fgcUHpk\/112085799","token":"q5MgvUod6jWmc7SFqh2Ns7GzuLD20xlN7wqrXyJsf6s","keyAuthorization":"q5MgvUod6jWmc7SFqh2Ns7GzuLD20xlN7wqrXyJsf6s.Uonnxp7enhwz-TbOBrK-RowzBK3PFDw3ntAKcOAQlx4","validationRecord":[{"url":"http:\/\/xxxxxx.com\/.well-known\/acme-challenge\/q5MgvUod6jWmc7SFqh2Ns7GzuLD20xlN7wqrXyJsf6s","hostname":"xxxxxxxxx.com","port":"80","addressesResolved":["195.201.96.107"],"addressUsed":"195.201.96.107"}]},{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/oNDyFaqNbifRUl6lW4cL7r_U7MeYUjGq-nz3fgcUHpk\/112085800","token":"xW18ZOYXgnswsfD2hLDkp-Q229wU5hp3jQb6tvLtw_U"}],"combinations":[[0],[1]]}

    Something that I realized is after activating the SSL IP address, SSL redirect and Use Let's Encrypt options for Virtual Domains and running the config job cron the outcome Apache file has the SSL certificate from froxlor hostname.. and I suspect the error could come from this side:

    # 35_froxlor_ssl_vhost_xxxxxxx.com.conf
    # Created 26.03.2018 09:57
    # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
    
    # Domain ID: 8 (SSL) - CustomerID: 1 - CustomerLogin: yyyyyy
    <VirtualHost xxx.xxx.xxx.xxx:443>
      ServerName xxxxxxxx.com
      ServerAlias www.xxxxxxxxx.com
      ServerAdmin yyy@xxxxxxxx.com
      SSLEngine On
      SSLProtocol -ALL +TLSv1 +TLSv1.2
      SSLCompression Off
      SSLHonorCipherOrder On
      SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
      SSLVerifyDepth 10
      SSLCertificateFile /etc/letsencrypt/live/froxlor_hostname.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/froxlor_hostname/privkey.pem
      SSLCACertificateFile /etc/letsencrypt/live/froxlor_hostname/fullchain.pem
      SSLCertificateChainFile /etc/letsencrypt/live/froxlor_hostname/chain.pem
      <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=0"
      </IfModule>
      DocumentRoot "/var/customers/webs/yyyyy/xxxxxxxxx/"
      FcgidIdleTimeout 30
      SuexecUserGroup "yyyyy" "yyyyy"
      <Directory "/var/customers/webs/yyyyyy/xxxxxxxxx/">
        <FilesMatch "\.(php)$">
          SetHandler fcgid-script
          FcgidWrapper /var/www/php-fcgi-scripts/squeaky/xxxxxxxx/php-fcgi-starter .php
          Options +ExecCGI
        </FilesMatch>
        Require all granted
        AllowOverride All
      </Directory>
      Alias /webalizer "/var/customers/webs/xxxxxx/webalizer"
      ErrorLog "/var/customers/logs/xxxxx-error.log"
      CustomLog "/var/customers/logs/xxxxxxx-access.log" combined
    </VirtualHost>

    I don't know if it matters, but I also checked that that the /etc/apache2/conf-enabled/acme.conf exists 

    Alias "/.well-known/acme-challenge" "/var/www/froxlor/.well-known/acme-challenge"
    <Directory "/var/www/froxlor/.well-known/acme-challenge">
    	Require all granted
    </Directory>

    One thing to mention is have the virtual domain certificates since they were created on my "old" server, so if I place them manually into /etc/ssl/froxlor-custom and add them in the apache files, the work perfectly.. Obviously the problem comes from renew them or obtain them from the "new" server.

    Any idea what could it be? I tried everything..

    Thanks!

     

     

     

     


  9. Hi,

    I'm getting there.. at the end I started the whole process from scratch.. painful but steady.

    I was about to install dkim-filter with apt-get install but the package doesn't exist anymore and according Froxlor opendkim is not supported yet. How can I install dkim-filter on Stretch?

    Thanks,

    P.D Don't worry I found the dkim-filter package, and is up and running..

     


  10. Thank you d00p,

    I'm in the process of moving all databases (mysql, froxlor etc) and maybe is stupid question. But how can I import the mysql database to into to the new server? I mean when you install mariaDB on a new server it already creates the mysql database, so I can't import using the command:

    mysql mysql < mysql.sql

    this would overwrite the root user and if I try it gets stucked.

    I couldn't find the way to import the data mainly in tables users, db, innodb_index_stats, innodb_table_stats which seems where all the data is.. Do I have to do it manually? if so, how?

    Thanks,


  11. 14 minutes ago, d00p said:

    You have a 2.6 kernel? holy....it's been YEARS since I last saw that....you should upgrade that asap

    regarding the PEAR directories -> just check your system where the php pear directories are for php7, mostly also in /usr/share/ - and yes, if php7 is working fine for you, you can safely remove 5.6

    Oh well... it seems I reached a dead end. My VPS uses OpenVZ so I can't upgrade the kernel myself it's up to the hosting provider, and it's unlikely they will do it.

    I think I better start over and move to Hetzner with a more reliable VPS platform, with snapshots and where I'll be able to update the kernel. Actually I already setup another server with them and works very well..

    It's just a lot of work... but I knew this day would come eventually.

    Just one dumb question about the migration.

    I wonder if a I can setup the new server and get ready to migrate everything carefully and pointing my xxxx.com main domain to the new nameservers in the last minute when all the services are installed.

    What I mean is whether I need the hostname to install the new sever or I can use the IP instead and when all is propery installed and working change the nameservers.. I want to make the transition as smooth as possible.

    Thanks,


  12. 1 hour ago, d00p said:

    You cannot use /usr/bin/php as FCGID binary...it has to be php-cgi and you dont seem to have php7.0-cgi installed

    Did you even try to google your postfix/systemd issue? -> https://github.com/systemd/systemd/issues/5236

    I managed to install some missing PHP7 packages and now is working well. My question is, now that PHP7 is working can I safely remove PHP5? I see two directories in :

    Global PEAR directories -> /usr/share/php/:/usr/share/php5/

    Just wondering if I remove PHP 5 whether /usr/share/php5 will be removed or I can remove it myself from the text field.

    Regarding the systemd issue.. sorry I googled but I couldn't find that information. It seems the minimum kernel supported is 3.12 and I have 2.6.32. Let's see if I can update it.

    I'm almost there.. spamassassin is not working either I'll check that too.

    Many thanks,

     

     


  13. One thing I noticed:

    /usr/bin/php-cgi says

    PHP 5.6.33-0+deb8u1 (cgi-fcgi)

    and /usr/bin/php says

    PHP 7.0.27-0+deb9u1 (cli)

    one  cgi.-fcgi and the other cli.. could it be this small detail?

    All php packages installed: (dpkg -l)

    ii  php-cli                                     1:7.0+49                   all                        command-line interpreter for the PHP scripting language (default)
    ii  php-common                                  1:49                       all                        Common files for PHP packages
    ii  php-pear                                    1:1.10.1+submodules+notgz- all                        PEAR Base System
    ii  php-xml                                     1:7.0+49                   all                        DOM, SimpleXML, WDDX, XML, and XSL module for PHP [default]
    ii  php-xml-parser                              1.3.4-7                    all                        XML parsing class based on PHP's bundled expat
    ii  php5                                        5.6.33+dfsg-0+deb8u1       all                        server-side, HTML-embedded scripting language (metapackage)
    ii  php5-apcu                                   4.0.7-1                    amd64                      APC User Cache for PHP 5
    ii  php5-cgi                                    5.6.33+dfsg-0+deb8u1       amd64                      server-side, HTML-embedded scripting language (CGI binary)
    ii  php5-cli                                    5.6.33+dfsg-0+deb8u1       amd64                      command-line interpreter for the php5 scripting language
    ii  php5-common                                 5.6.33+dfsg-0+deb8u1       amd64                      Common files for packages built from the php5 source
    ii  php5-curl                                   5.6.33+dfsg-0+deb8u1       amd64                      CURL module for php5
    rc  php5-fpm                                    5.4.4-14+deb7u8            amd64                      server-side, HTML-embedded scripting language (FPM-CGI binary)
    ii  php5-gd                                     5.6.33+dfsg-0+deb8u1       amd64                      GD module for php5
    rc  php5-imagick                                3.2.0~rc1-1                amd64                      Provides a wrapper to the ImageMagick library
    ii  php5-imap                                   5.6.33+dfsg-0+deb8u1       amd64                      IMAP module for php5
    ii  php5-intl                                   5.6.33+dfsg-0+deb8u1       amd64                      internationalisation module for php5
    ii  php5-json                                   1.3.6-1                    amd64                      JSON module for php5
    rc  php5-ldap                                   5.6.24+dfsg-0+deb8u1       amd64                      LDAP module for php5
    ii  php5-mcrypt                                 5.6.33+dfsg-0+deb8u1       amd64                      MCrypt module for php5
    ii  php5-mysql                                  5.6.33+dfsg-0+deb8u1       amd64                      MySQL module for php5
    ii  php5-pgsql                                  5.6.33+dfsg-0+deb8u1       amd64                      PostgreSQL module for php5
    rc  php5-pspell                                 5.6.30+dfsg-0+deb8u1       amd64                      pspell module for php5
    ii  php5-readline                               5.6.33+dfsg-0+deb8u1       amd64                      Readline module for php5
    ii  php5-sqlite                                 5.6.33+dfsg-0+deb8u1       amd64                      SQLite module for php5
    rc  php5-xmlrpc                                 5.6.30+dfsg-0+deb8u1       amd64                      XML-RPC module for php5
    ii  php7.0-cli                                  7.0.27-0+deb9u1            amd64                      command-line interpreter for the PHP scripting language
    ii  php7.0-common                               7.0.27-0+deb9u1            amd64                      documentation, examples and common module for PHP
    ii  php7.0-json                                 7.0.27-0+deb9u1            amd64                      JSON module for PHP
    ii  php7.0-opcache                              7.0.27-0+deb9u1            amd64                      Zend OpCache module for PHP
    ii  php7.0-readline                             7.0.27-0+deb9u1            amd64                      readline module for PHP
    ii  php7.0-xml                                  7.0.27-0+deb9u1            amd64                      DOM, SimpleXML, WDDX, XML, and XSL module for PHP

     

    Regarding the log problem... I found this error runing /etc/init.d/postfix status.. I think this could be the problem

    Mar 23 11:07:47 xxxxxxxx.com systemd[1]: postfix.service: Failed to set invocation ID on control group /system.slice/postfix.service, ignoring: Operation not permitted

     


  14. 2 minutes ago, d00p said:

    Not froxlor related, all upgrade I've done never had this issue. Disk full?

    Never had this issue either, usually debian dist-upgrade upgrades the packages, so you should have php-7 installed now

    There is plenty of disk space 52 GB.. It's strange I'll try to dig in a little more and google it.

    I have both versions installed 5.6 and 7.0 see my /usr/bin/php*

    lrwxrwxrwx 1 root root      21 Apr  4  2014 /usr/bin/php -> /etc/alternatives/php
    -rwxr-xr-x 1 root root 9089768 Jan  5 16:13 /usr/bin/php5
    -rwxr-xr-x 1 root root 9059112 Jan  5 16:13 /usr/bin/php5-cgi
    -rwxr-xr-x 1 root root 4389936 Jan  5 14:51 /usr/bin/php7.0
    lrwxrwxrwx 1 root root      25 Apr  4  2014 /usr/bin/php-cgi -> /etc/alternatives/php-cgi

    /usr/bin/php -v

    PHP 7.0.27-0+deb9u1 (cli) (built: Jan  5 2018 13:51:52) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
        with Zend OPcache v7.0.27-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies

    /usr/bin/php-cgi -v

    PHP 5.6.33-0+deb8u1 (cgi-fcgi) (built: Jan  5 2018 15:48:20)
    Copyright (c) 1997-2016 The PHP Group
    Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
        with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

    I have two PHP configurations setup both with /usr/bin/php-cgi so PHP 5.6, all is working, but not if I change to PHP 7

    2 minutes ago, d00p said:

    Show us your php-config settings for this please (php-binary etc.)

    PHP 7 Configuration:

    PHP Binary: /usr/bin/php
    File extensions: php
    Umask (default: 022): 022
    
    
    
    allow_call_time_pass_reference = Off
    allow_url_fopen = On
    asp_tags = Off
    default_charset = UTF-8
    disable_classes =
    disable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system
    display_errors = Off
    display_startup_errors = Off
    enable_dl = Off
    error_reporting = E_ALL & ~E_NOTICE
    expose_php = Off
    file_uploads = On
    cgi.force_redirect = 1
    gpc_order = "GPC"
    html_errors = Off
    ignore_repeated_errors = Off
    ignore_repeated_source = Off
    include_path = ".:{PEAR_DIR}"
    log_errors = On
    log_errors_max_len = 1024
    magic_quotes_gpc = Off
    magic_quotes_runtime = Off
    magic_quotes_sybase = Off
    max_execution_time = 30
    max_input_time = 60
    memory_limit = 72M
    {OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"
    output_buffering = 4096
    post_max_size = 64M
    precision = 14
    register_argc_argv = Off
    register_globals = Off
    report_memleaks = On
    sendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"
    session.auto_start = 0
    session.bug_compat_42 = 0
    session.bug_compat_warn = 1
    session.cache_expire = 180
    session.cache_limiter = nocache
    session.cookie_domain =
    session.cookie_lifetime = 0
    session.cookie_path = /
    session.entropy_file = /dev/urandom
    session.entropy_length = 16
    session.gc_divisor = 1000
    session.gc_maxlifetime = 1440
    session.gc_probability = 1
    session.name = PHPSESSID
    session.referer_check =
    session.save_handler = files
    session.save_path = "{TMP_DIR}"
    session.serialize_handler = php
    session.use_cookies = 1
    session.use_trans_sid = 0
    short_open_tag = On
    suhosin.mail.protect = 1
    suhosin.simulation = Off
    track_errors = Off
    upload_max_filesize = 64M
    upload_tmp_dir = "{TMP_DIR}"
    variables_order = "GPCS"
    opcache.restrict_api = "{DOCUMENT_ROOT}"

  15. Hi,

    I updated my server from Jessie to Stretch and the process was reasonably smooth with a few little problems, mainly with fail2ban and modescurity but I figured them out and fix them.

    The first little problem is after the update all the logs (apache2, fail2ban, postfix, dovecot, spamassassin etc) stopped recording in their related files (mail.log, apache2.log etc..) if I run journalctl -xe I see all the activity such as postfix, dovecot, apache2 etc..so all the services are working but they are not translated to /var/log/*.log

    I checked all settings in froxlor and they haven't changed after the update, all of them are pointing to the correct file, for example /var/log/mail.log for postfix and dovecot. I can't see any errors on journalctl -xe  regarding this and I'm not sure where to look at.

    The other issue is regarding PHP, and that is after the update the system ended up with two PHP binaries 5.6 and 7.0, I wasn't sure whether it would install PHP 7 and delete PHP 5.6 or keep both versions. Anyway since I have the two versions installed and in PHP Configurations I'm still using version PHP 5.6 I decided to create a new configuration with PHP 7.0 to test with one of my domains and see whether was working or not, and unfortunately I get this error and obviously I get an Internal server error message if I go the the website for that domain.

    [Fri Mar 23 09:42:48.397550 2018] [fcgid:warn] [pid 2226] (104)Connection reset by peer: [client 85.56.93.162:38001] mod_fcgid: error reading data from FastCGI server
    [Fri Mar 23 09:42:48.397669 2018] [core:error] [pid 2226] [client 85.56.93.162:38001] End of script output before headers: index.php

    My PHP configuration is the following:

    System 	Linux xxxxxxxx.com 2.6.32-042stab127.2 #1 SMP Thu Jan 4 16:41:44 MSK 2018 x86_64
    Build Date 	Jan 5 2018 15:48:20
    Server API 	CGI/FastCGI
    Virtual Directory Support 	disabled
    Configuration File (php.ini) Path 	/etc/php5/cgi
    Loaded Configuration File 	/var/www/php-fcgi-scripts/froxlor.panel/xxxxxxxx.com/php.ini
    Scan this dir for additional .ini files 	/etc/php5/cgi/conf.d
    Additional .ini files parsed 	/etc/php5/cgi/conf.d/05-opcache.ini, /etc/php5/cgi/conf.d/10-pdo.ini, /etc/php5/cgi/conf.d/20-apcu.ini, /etc/php5/cgi/conf.d/20-curl.ini, /etc/php5/cgi/conf.d/20-gd.ini, /etc/php5/cgi/conf.d/20-imap.ini, /etc/php5/cgi/conf.d/20-intl.ini, /etc/php5/cgi/conf.d/20-json.ini, /etc/php5/cgi/conf.d/20-mcrypt.ini, /etc/php5/cgi/conf.d/20-mysql.ini, /etc/php5/cgi/conf.d/20-mysqli.ini, /etc/php5/cgi/conf.d/20-pdo_mysql.ini, /etc/php5/cgi/conf.d/20-pdo_pgsql.ini, /etc/php5/cgi/conf.d/20-pdo_sqlite.ini, /etc/php5/cgi/conf.d/20-pgsql.ini, /etc/php5/cgi/conf.d/20-readline.ini, /etc/php5/cgi/conf.d/20-sqlite3.ini
    PHP API 	20131106
    PHP Extension 	20131226
    Zend Extension 	220131226
    Zend Extension Build 	API220131226,NTS
    PHP Extension Build 	API20131226,NTS
    Debug Build 	no
    Thread Safety 	disabled
    Zend Signal Handling 	disabled
    Zend Memory Manager 	enabled
    Zend Multibyte Support 	provided by mbstring
    IPv6 Support 	enabled
    DTrace Support 	enabled
    Registered PHP Streams 	https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
    Registered Stream Socket Transports 	tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
    Registered Stream Filters 	zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, mcrypt.*, mdecrypt.*

    See FCGID settings on file attached.

    I'm not quite sure what would be the best approach to transition to PHP 7, I guess first find out why is not working (it could be I need to install something else?) then decide whether to delete PHP 5.6 or keep it installed just in case.

    Any help will be appreciated!

    Thanks

    Lluc

     

     

     

     

     

     

     

    Screen Shot 2018-03-23 at 10.25.53.png


  16. Umm.. yes I'm using the latest version 0.9.37-1 from the Debian repos.

     

    If I put:

    @ IN TXT “v=spf1 a mx -all”

    It creates this line:

    @       18000   IN      TXT     "@ IN TXT “v=spf1 a mx -all”"

    If instead I put just:

    "v=spf1 a mx -all"

    It creates this line:

    @       18000   IN      TXT     "v=spf1 a mx -all"

    and then bind starts to complain and giving this warning for each domain:

    warning: zone xxxxxxxx.com/IN: 'xxxxxxxx.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record

  17. Yes you were right.. I specified all the nameservers, the AXFR, MX and imap, pop3 smtp creation and it works now..

     

    The only little warning that I get for each of the domains is this:

    warning: zone xxxxxxxx.com/IN: 'xxxxxxxx.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record

    I guess i could add the with new DNS editor integrated in Froxlor.

     

    It looks like I can't specify a SPF Type usign the DNS Editor.. although it seems it's adding the SPF anyway.

     

    Thanks a lot!


  18. Oh I wasn't aware that changed so much., good to know.

     

    This is the error I'm getting if I use the zone file generated by Froxlor 0.9.37.1:

    11-Aug-2016 12:18:32.459 general: error: zone xxxxxxxxxx.com/IN: has no NS records
    11-Aug-2016 12:18:32.459 general: error: zone xxxxxxxxxx.com/IN: not loaded due to errors.

    This is how I set up my nameserver settings initially (from 2014) which I haven't modify any setting... and I guess the problem is here... Nameserver, MX servers, AXFR servers as well as the option to create mail, imap, pop3 and smtp entries are empty... Could the problem be here?

     

    nameserver.png

     

     

    The ns-records that you mentioned is from the auto-generated zone file which are overwritten everytime Froxlor lunches the cron job.. so Froxlor had to create it.

     

    Thanks

×
×
  • Create New...