Jump to content
Froxlor Forum
  • 0
LukasH

Froxlor mit LetsEncrypt - Subdomains funktionieren nicht

Question

Einen wunderschönen guten Abend,

Ich habe ein kleines Problem mit Subdomains auf meinem Webserver. Ich habe für diesen Froxlor mit LetsEncrypt eingestellt und bereits RainLoop als Webmailer eingerichtet. Das hat wunderbar funktioniert über 

meinedomain.de/webmailordner.

Nun wollte ich allerdings eine Subdomain anlegen (webmail.meinedomain.de) das will aber nicht funktionieren. Die Subdomain bekommt korrekt ein SSL Zertifikat zugewiesen, allerdings wird die in dem Verzeichnis liegende PHP Datei nicht ausgeführt sondern einfach nur der Inhalt angezeigt. Somit ist das Aufrufen des Webmailers nicht möglich. Rufe ich den Webmailer wieder über "meinedomain.de/webmailordner" auf funktioniert alles ganz normal.

Ebenfalls wollte ich das Verzeichnis von meinedomain.de ändern, sobald ich das allerdings mache bekomme ich nur noch den Fehler 403 forbidden unter der Domain. Sobald ich den Pfad wieder in den Kundenroot ändere funktioniert es wieder. 

Allerdings sollen auf den Server doch diverse Domains für verschiedene Dienste umgezogen werden und die aktuelle Domain ist nur für einen Dienst gedacht soll also auf einen Unterordner verweisen, wo ist hier das Problem?

Vielen Dank für eure Hilfe! In den angehängten Screenshot ist die Konfiguration in Froxlor zu sehen, falls noch etwas benötigt wird reiche ich das natürlich sofort nach. 

1.png.fda4e69ec82019d41ee960cc8f852318.png

3.png.638325f31eda70835629067c6e93a946.png

2.png

Share this post


Link to post
Share on other sites

11 answers to this question

Recommended Posts

  • 1
19 hours ago, LuckySparkle said:

Nun wollte ich allerdings eine Subdomain anlegen (webmail.meinedomain.de) das will aber nicht funktionieren. Die Subdomain bekommt korrekt ein SSL Zertifikat zugewiesen, allerdings wird die in dem Verzeichnis liegende PHP Datei nicht ausgeführt sondern einfach nur der Inhalt angezeigt

Ist bekannt, domain einfach bearbeiten und wieder speichern, dann wird das php flag gesetzt. Alternativ aktuelle git-version nutzen (würde ich zu raten)

Share this post


Link to post
Share on other sites
  • 1

Jo, ZIP laden, Dateien überschreiben und dann fürs Update als Admin einloggen.

Share this post


Link to post
Share on other sites
  • 1

Ist denn dann vllt einfach für die Hauptdomain PHP deaktiviert? Nopaste doch einfach Mal die vhosts der betreffenden Domain. Hauptdomain sowie Subdomains davon (aus /etc/apache2/sites-enabled)

Share this post


Link to post
Share on other sites
  • 1

Du musst die Hauptdomain bearbeiten und Speichern, nicht die Subdomain (oder wars andersrum?) Na eins von beidem xD

Share this post


Link to post
Share on other sites
  • 1

K.A. was du da tust, müsst ich mir mal anschauen; kannst mir gerne Zugangsdaten per PM schicken dann guck ich ma....komisch das es "dubiose" probleme irgendwie häufig bei netcup konfigurierten Systemen/Froxlor gibt

Share this post


Link to post
Share on other sites
  • 0
vor 21 Minuten schrieb d00p:

Ist bekannt, domain einfach bearbeiten und wieder speichern, dann wird das php flag gesetzt. Alternativ aktuelle git-version nutzen (würde ich zu raten)

Okey erst einmal vielen Dank für die Antwort, ich bin beruhigt, dass ich den Fehler nicht selbst verursacht habe =) 

Kann ich also einfach Froxlor von github laden und wie ein update einspielen oder muss ich etwas spezielles beachten? 

Share this post


Link to post
Share on other sites
  • 0
vor 48 Minuten schrieb d00p:

Jo, ZIP laden, Dateien überschreiben und dann fürs Update als Admin einloggen.

Okey, ich habe Froxlor mit der Master von github geupdatet, das Update lief auch sauber durch. Allerdings besteht immer noch der gleiche Fehler. Auch bearbeiten und Speichern hat nichts gebracht :| 

Das einzige was ich nach dem aufsetzen des Servers (mit einem Image des Hosters -> Netcup) noch geändert hatte war der Hostname in den Mailserver Einstellungen auf hoerth-cloud.de (da der Standard Hostname von Netcup "v[serverID].[produktnr].de" von dein meisten Empfängern abgelehnt wird). 

Share this post


Link to post
Share on other sites
  • 0
# 10_froxlor_ipandport_185.16.61.72.80.conf
# Created 10.12.2017 19:25
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

<VirtualHost 185.16.61.72:80>
DocumentRoot "/var/www/"
 ServerName v22017124411557219.quicksrv.de
</VirtualHost>
# 10_froxlor_ipandport_185.16.61.72.443.conf
# Created 10.12.2017 19:25
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

<VirtualHost 185.16.61.72:443>
DocumentRoot "/var/www/"
 ServerName v22017124411557219.quicksrv.de
 SSLEngine On
 SSLProtocol -ALL +TLSv1 +TLSv1.2
 SSLCompression Off
 SSLHonorCipherOrder On
 SSLCipherSuite ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128
 SSLVerifyDepth 10
 SSLCertificateFile /etc/ssl/certs/apache.crt
 SSLCertificateKeyFile /etc/ssl/private/apache.key
</VirtualHost>
# 29_froxlor_normal_vhost_webmail.hoerth-cloud.de.conf
# Created 10.12.2017 19:25
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

# Domain ID: 3 - CustomerID: 1 - CustomerLogin: lhoerth
<VirtualHost 185.16.61.72:80>
  ServerName webmail.hoerth-cloud.de
  ServerAdmin lukas@hoerth.eu
  <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R=301;L,NE]
  </IfModule>
  <IfModule !mod_rewrite.c>
    Redirect 301 / https://webmail.hoerth-cloud.de/
  </IfModule>
</VirtualHost>
# 29_froxlor_ssl_vhost_webmail.hoerth-cloud.de.conf
# Created 10.12.2017 19:25
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

# Domain ID: 3 (SSL) - CustomerID: 1 - CustomerLogin: lhoerth
<VirtualHost 185.16.61.72:443>
  ServerName webmail.hoerth-cloud.de
  ServerAdmin lukas@hoerth.eu
  SSLEngine On
  SSLProtocol -ALL +TLSv1 +TLSv1.2
  SSLCompression Off
  SSLHonorCipherOrder On
  SSLCipherSuite ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128
  SSLVerifyDepth 10
  SSLCertificateFile /etc/ssl/froxlor-custom/webmail.hoerth-cloud.de.crt
  SSLCertificateKeyFile /etc/ssl/froxlor-custom/webmail.hoerth-cloud.de.key
  SSLCACertificateFile /etc/ssl/froxlor-custom/webmail.hoerth-cloud.de_CA.pem
  SSLCertificateChainFile /etc/ssl/froxlor-custom/webmail.hoerth-cloud.de_chain.pem
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=0"
  </IfModule>
  DocumentRoot "/var/customers/webs/lhoerth/rainloop/"
  # PHP is disabled for this vHost
  php_flag engine off
  Alias /webalizer "/var/customers/webs/lhoerth/webalizer"
  ErrorLog "/var/customers/logs/lhoerth-error.log"
  CustomLog "/var/customers/logs/lhoerth-access.log" combined
</VirtualHost>
# 35_froxlor_normal_vhost_hoerth-cloud.de.conf
# Created 10.12.2017 19:25
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

# Domain ID: 1 - CustomerID: 1 - CustomerLogin: lhoerth
<VirtualHost 185.16.61.72:80>
  ServerName hoerth-cloud.de
  ServerAlias www.hoerth-cloud.de
  ServerAdmin lukas@hoerth.eu
  <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R=301;L,NE]
  </IfModule>
  <IfModule !mod_rewrite.c>
    Redirect 301 / https://hoerth-cloud.de/
  </IfModule>
</VirtualHost>
# 35_froxlor_ssl_vhost_hoerth-cloud.de.conf
# Created 10.12.2017 19:25
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

# Domain ID: 1 (SSL) - CustomerID: 1 - CustomerLogin: lhoerth
<VirtualHost 185.16.61.72:443>
  ServerName hoerth-cloud.de
  ServerAlias www.hoerth-cloud.de
  ServerAdmin lukas@hoerth.eu
  SSLEngine On
  SSLProtocol -ALL +TLSv1 +TLSv1.2
  SSLCompression Off
  SSLHonorCipherOrder On
  SSLCipherSuite ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128
  SSLVerifyDepth 10
  SSLCertificateFile /etc/ssl/froxlor-custom/hoerth-cloud.de.crt
  SSLCertificateKeyFile /etc/ssl/froxlor-custom/hoerth-cloud.de.key
  SSLCACertificateFile /etc/ssl/froxlor-custom/hoerth-cloud.de_CA.pem
  SSLCertificateChainFile /etc/ssl/froxlor-custom/hoerth-cloud.de_chain.pem
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=0"
  </IfModule>
  DocumentRoot "/var/customers/webs/lhoerth/owncloud/"
  php_admin_value sendmail_path "/usr/sbin/sendmail -t -f lukas@hoerth.eu"
  php_admin_value open_basedir "/var/customers/webs/lhoerth/owncloud:/tmp"
  Alias /webalizer "/var/customers/webs/lhoerth/webalizer"
  ErrorLog "/var/customers/logs/lhoerth-error.log"
  CustomLog "/var/customers/logs/lhoerth-access.log" combined
</VirtualHost>

 

Share this post


Link to post
Share on other sites
  • 0
vor 13 Minuten schrieb d00p:

Du musst die Hauptdomain bearbeiten und Speichern, nicht die Subdomain (oder wars andersrum?) Na eins von beidem xD

Hmhm, auch das hab ich nun mal gemacht, immer noch der gleiche Fehler. Ich denke, da es sich hier noch um keinen Produktiv-Server handelt sondern erst einen Test-Server vor einem Umzug mach ich den nochmal komplett platt, haue gleich vor der Konfiguration das git Froxlor drauf und hoffe auf einen reibungsloseren Ablauf.

Ich werde berichten, danke schon mal =) 

Share this post


Link to post
Share on other sites
  • 0

Das vorgehen war nun wie folgt:

  • Frisches aufsetzen des Servers mit einem von Netcup bereit gestellten Images bestehend aus Debian 8 & vor installiertem Froxlor (Apache 2.4, CURL)
  • Update auf die Git Master nach offizieller Update Anleitung
  • Erstellen eines Kunden in Froxlor
  • Erstellen einer Domain (IP mit Port 80) in Froxlor
  • Erstellen eines SSL Zertifikats auf dem Server & aktivieren der SSL Funktion in Froxlor unter angabe des erstellten Zertifikats und Schlüssels
  • Schreiben der acme.conf nach Vorgaben von Froxlor
  • Kopier der IP auf Port 443
  • Aktivieren von SSL mit der kopierten IP
  • Setzen der SSL Einstellung zur Nutzung von LetsEcrypt in den Froxlor Einstellungen
  • Setzen der Einstellung Nutzung von LetsEncrypt in der Domain Einstellung
  • Erstellen einer Subdomain auf einen anderen Ordner in welchem ein Webmailer auf PHP Basis liegt

Ergebnis:

  • Unter der Subdomain wird (auch nach bearbeiten und speichern) nur der Inhalt der PHP angezeigt
  • Die Hauptdomain funktioniert nicht mit SSL obwohl im Froxlor Pannel ein Zertifikat gezogen wurde (http:// funktioniert, https:// funktioniert in keinem Browser -> der Server hat die Verbindung abgelehnt)

 

Ich weiß echt nicht mehr weiter :|

Share this post


Link to post
Share on other sites
  • 0
vor 18 Stunden schrieb d00p:

K.A. was du da tust, müsst ich mir mal anschauen; kannst mir gerne Zugangsdaten per PM schicken dann guck ich ma....komisch das es "dubiose" probleme irgendwie häufig bei netcup konfigurierten Systemen/Froxlor gibt

Ich hab dir die Zugangsdaten via PM geschickt, vielen Dank schon einmal! 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      I am proud to finally release the stable version of a new API based froxlor. Due to massive internal improvements and changes in the core (almost 600 commits since 0.9.40.1) users are now able to list/create/edit/delete resources and entities of froxlor via API (requires activation of api-usage in the settings and a user based API-key). The froxlor frontend itself uses the API backend too.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries. All required files will be included in the official tarball so you do not need to worry about installing and using composer (only if you are using / testing the git-master, see https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-git-sources).
      Most important changes:
      froxlor now requires at least php-7.0 or newer, php-5.6 is no longer supported because of its EOL almost a year ago you can access data via API, for more information see https://api.froxlor.org/doc/. An example can be found here: https://github.com/Froxlor/Froxlor/tree/master/doc/example PHPUnit tested API backend with MySQL 5.6, 5.7 and 8 as well as MariaDB 10.3 and 10.4, see https://travis-ci.com/Froxlor/Froxlor compatibility for MySQL8 2FA (two-factor-authentication) for admins/resellers/customers (email or authenticator app) all froxlor-database tables will automatically be converted to the InnoDB engine added support for Debian 10 (buster) and Ubuntu 18.04 (bionic beaver) implemented Let's Encrypt via acme.sh - Note: all your current Let's Encrypt certificates will be removed and re-created due to another structure customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) deprecated Debian 7 (wheezy) and Ubuntu 14.04 (trusty tahr) support dropped support for Ubuntu 12.04 (precise pangolin) dropped ticketsystem Changes in 0.10.1:
      allow/disallow API access on a per-customer base new API parameters for Admins.add(), Admins.update(), Customers.add() and Customers.update() bool $api_allowed (default: false for Customers, true for Admins) add explicit tlsv1.3 ciphersuite setting fixed wrong behaviour in Ftps.add() if customer is newly created and setting customer.ftpatdomain is true added expiration date to SSL certificates loaded via API request fixed wrong return in Certificates.get() if given domain does not have a certificate allow setting http2 flag for (sub)domains in customer view, fixes #725 Changes in 0.10.2:
      force Let's Encrypt ACMEv2 API, fixed #728 added default-ssl-vhost settings and optionally allow including of non-ssl default-vhost settings, fixes #727 new API parameters for Domains.add() and Domains.update() string $ssl_specialsettings bool $include_specialsettings bool $dont_use_default_ssl_ipandport_if_empty removed API parameters in Domains.add() bool $use_default_ssl_ipandport_if_empty new API parameters for IpsAndPorts.add() and IpsAndPorts.update() string $ssl_specialsettings bool $include_specialsettings string $ssl_default_vhostconf_domain bool $include_default_vhostconf_domain implemented DomainZones.listing() to return custom stored dns entries fix registration and termination date to flip between empty-value and 0000-00-00 Changes in 0.10.3:
      fallback to /tmp/froxlor.log if file-log is activated but no file given or not writeable; fixes #737 added tls-settings per domain for admins with change_serversettings-flag set; fixes #519 new API parameter for Domains.add() and Domains.update() bool $override_tls (default: false) array $ssl_protocols string $ssl_cipher_list string $tlsv13_cipher_list preserve downward compatibility for 0.10.1 updaters regarding specialsettings for ssl-enabled domains; fixes #739 Changes in 0.10.4:
      added support for CIDR/netmask in mysql-access-hosts; fixes #564 fixed invalid handling of escape-sequences in api-endpoint, fixes #746 fixed an issue with adding the default ftp user for new customer when added by admin/reseller with no ftp-resources; fixes #741 fixed nginx configuration issue with fastcgi_split_path_info option; fixes #744 Changes in 0.10.5:
      bugfix release due to errors in Let's Encrypt re-new check; fixes #747 Changes in 0.10.6:
      introducing new API parameters sql_search, sql_limit, sql_offset, sql_orderby for almost all listing() calls introducing new API method listingCount() for almost all modules to return the total number of entities available changed behavior of SubDomains.listing() to return all fields from the domain table instead of the limited ones for customers when called as admin added new API module SysLog to query froxlor logs according to permission optimized panel_admins and panel_customers table to avoid mysql/mariadb warning: Row size too large (> 8126); fixes #752 corrected update of hosting plans via interface; fixes #753 implemented API method EmailForwarders.listing(); fixes #754 fixed parameters defaults for Domains.update() parameters ssl_ipandports and add new parameter (see below); fixes #756 new API parameters for Domains.update() bool $remove_ssl_ipandport Changes in 0.10.7:
      corrected behavior when changing mysql-access-host values; fixes #758 fix UI error "API keys not accessable due to missing Paging-class" fix trauncating of SysLog using SysLog.delete() corrected UI issue of incorrect listing of domains for customers and admin, fixes #759 corrected ordering of listings in UI regarding pagination added new settings to set default value of domain-edit-settings 'Apply specialsettings to all subdomains' and 'Apply php-config to all subdomains' corrected vhost-merging of specialsettings in nginx; fixes #757 Changes in 0.10.8:
      fix duplicate domain entries in customer-domain-list when domain has aliases fix searching for alias-domains by link in customer_domains use correct apiendpoint for lets encrypt; pass debug-flag onto acme.sh; fixes #762 fix removing of ssl-ip-relation to domain if no ssl-ip is selected via interface Debian package: Move mysql server dependency to redommends; fixes #761 Changes in 0.10.9:
      fix SQL error when searching for certificates by domainname, fixes #764 fix ordering of listings when natural sorting is activated, fixes #765 check for valid result when reading database usage from information_schema; fixes #766 Changes in 0.10.10:
      add new API function Froxlor.generatePassword() to return a random password based on froxlor settings regarding min-length, included characters, etc.; fixes #768 fix mysql8 issue with group by and sorting within; fixes #774 add new 'ssl-enabled' flag for domains and subdomains so ssl can be deactivated (by a customer too) even if there are ssl-ip/ports assigned; introduce new honorcipherorder and sessiontickets flags for more control over ssl-related settings on a per domain base (admin only); fixes #767 and #769 new API parameters for Domains.add() and Domains.update() bool $sslenabled bool $honorcipherorder bool $sessiontickets new API parameters for SubDomains.add() and SubDomains.update() bool $sslenabled new API method Froxlor.generatePassword() Changes in 0.10.11:
      apply 'notryfiles', 'writeaccesslog' and 'writeerrorlog' flags to subdomains when editing a domain fix SysLog.delete(), SysLog.listing() and SysLog.listingCount() whencalled as admin/reseller withouth customers_see_all permission add option to disable SSL sessiontickets globally for older systems, fixes #784 ability to add custom config to PHPFPM version, fixes #643 new API parameters for FpmDaemons.add() and FpmDaemons.update() string $custom_config Changes in 0.10.12:
      allow using more advanced LogFormat for webserver and awstats fix issue in PhpHelper::trimArray() returning an empty array, fixes #751 fix wrong behaviour of Emails.update() which allowed setting iscatchall-flag for more than one address of the same domain fix writable-check of froxlor-logfile if logfile did not exist Changes in 0.10.13:
      validate nameserver ip-addresses for binds allow-transfer block; fixes #791 fix IpsAndPorts when checking for system.ipaddress in update() and delete() fix Domains.update() if called as admin/reseller without change_serversettings privileges, thx to rseffner fix the case that the spf record is not inserted with its quotes, and so the condition fails and 2 spf records are inserted in the domain fix wrongly initialized resource-usage when re-calculating it; fixes #797 update php-fpm defaults; update paths for current stable php-7.3; read froxlor default php.ini from file rather then using phpconfig with id=1; fixes #796 Changes in 0.10.14:
      require set password complexity for admins too when resetting password; display correct error message if password complexity is not satisfied do not require enabled vhost-container for froxlor-vhost to change sslsessiontickets-setting disable sslsessiontickets-option in domain-add/edit if globally disabled in the settings fix listing of customer email addresses if 'domain' section is hidden via settings, fixes #803 add Froxlor.integrityCheck() API call to externally run integrity/consistency check, fixes #801 new API method Froxlor.integrityCheck() make customer firstname,name,company and customer-no available for all templates; fixes #808 store ace-string of domain besides idn-converted string to have correct sorting in the frontend; fixes #809 allow private ip ranges in ips-and-ports as some configurations require that; fixes #802 Changes in 0.10.15:
      fixed temporary userdata file creation results in an empty file on installation; fixes #815 Changes in 0.10.16:
      remove ssl-certificates connected to domains that are being deleted when deleting a customer; fixes #818 fix removing ip address if ip is set as system-ipaddress but there are other entries of that ip with a different port fixed parsing due to changes in dovecots default mail_log_prefix restructure acmesh implementation and let acme.sh take care of renewing the certificates itself; fixes #792, fixes #816 Double check whether installation of acme.sh worked when not installed yet and do not continue if not; fixes #823 add optional dns validation for let's encrypt activated domains; fixes #817 let send-to-alternative-email be optional if no address is given instead of displaying error that the email address is invalid; fixes #829 Changes in 0.10.17:
      fix minor issue with let's encrypt and uppercase letters in domainnames validate we're using the required minimum version of php in frontend and cron, not only on installation adding email addresses via webinterface results in error if domains are hidden from customers; fixes #803 fix including of language-strings in reports-cron, fixes #836  
      Download: 0.10.17

      Note: Debian/Ubuntu packages are available as of 21th of October 2019 - Note that there are no packages for oldoldstable (jessie) anymore

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net for support, help, participation or just a chat

      Thank you,
      d00p
    • By Michael Groß
      Hallo,
      nachdem ich meinen Froxlor-Server neu aufgesetzt habe, habe ich nun ein anderes komisches Problem.
      Ich habe die Konfigurationsschritte vollständig durchgeführt - sicherheitshalber auch zuerst "automatisch" durchführen lassen und danach noch einmal verifiziert.
      Lege ich nun einen Kunden an (http://test.computer-stube.com), verweist dies auf den Root des Servers.
      Schaue ich in die vHost-Datei, steht dort folgendes:
      # 29_froxlor_normal_vhost_test.computer-stube.com.conf # Created 07.02.2020 16:55 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. # Domain ID: 3 - CustomerID: 2 - CustomerLogin: test <VirtualHost 178.63.105.174:80> ServerName test.computer-stube.com ServerAlias *.test.computer-stube.com ServerAdmin Michael.Gross@mgw94.de DocumentRoot "/var/customers/webs/test/" FcgidIdleTimeout 30 SuexecUserGroup "test" "test" <Directory "/var/customers/webs/test/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/test/test.computer-stube.com/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> LogLevel warn ErrorLog "/var/customers/logs/test-error.log" CustomLog "/var/customers/logs/test-access.log" combined </VirtualHost> # 29_froxlor_ssl_vhost_test.computer-stube.com.conf # Created 07.02.2020 17:26 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. # Domain ID: 3 (SSL) - CustomerID: 2 - CustomerLogin: test <VirtualHost 178.63.105.174:443> ServerName test.computer-stube.com ServerAlias *.test.computer-stube.com ServerAdmin Michael.Gross@mgw94.de SSLEngine On SSLProtocol -ALL +TLSv1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder off SSLCipherSuite ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128 SSLVerifyDepth 10 SSLCertificateFile /etc/ssl/certs/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=0" </IfModule> DocumentRoot "/var/customers/webs/test/" FcgidIdleTimeout 30 SuexecUserGroup "test" "test" <Directory "/var/customers/webs/test/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/test/test.computer-stube.com/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> LogLevel warn ErrorLog "/var/customers/logs/test-error.log" CustomLog "/var/customers/logs/test-access.log" combined </VirtualHost> Also an sich ist die richtige Konfiguration hinterlegt.
      Im Cron ist folgendes konfiguriert:

      # automatically generated cron-configuration by froxlor # do not manually edit this file as it will be re-generated periodically. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --tasks 1> /dev/null 0 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --traffic 1> /dev/null 5 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --usage_report 1> /dev/null 0 */6 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --mailboxsize 1> /dev/null */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1> /dev/null 10 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --backup 1> /dev/null Auch das manuelle Ausführen mittels "
      php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force bringt bei mir leider keinen Erfolg.
      Die Ausgabe vom debug ist wie folgt:
      root@lx001:/etc/apache2/sites-enabled# php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug [information] TasksCron: Searching for tasks to do [information] Running Let's Encrypt cronjob prior to regenerating webserver config files [information] Requesting/renewing Let's Encrypt certificates [information] No new certificates or certificates due for renewal found [information] apache::createIpPort: creating ip/port settings for 178.63.105.174:80 [notice] 178.63.105.174:80 :: namevirtualhost-statement no longer needed for apache-2.4 [debug] 178.63.105.174:80 :: inserted vhostcontainer [information] apache::createIpPort: creating ip/port settings for 178.63.105.174:443 [debug] 178.63.105.174:443 :: inserted vhostcontainer [information] apache::createVirtualHosts: creating vhost container for domain 3, customer test [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/ [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] Froxlor\Cron\Http\ApacheFcgi::reload: reloading Froxlor\Cron\Http\ApacheFcgi [notice] Creating passwd file [notice] Writing 1 entries to passwd file [notice] Succesfully wrote passwd file [notice] Creating group file [notice] Writing 1 entries to group file [notice] Succesfully wrote group file [notice] Creating shadow file [notice] Writing 1 entries to shadow file [notice] Succesfully wrote shadow file [notice] Checking system's last guid  
      Ich fühle mich gerade echt dämlich, kann ja eigentlich nicht so schwer sein, da es eigentlich ja alles nur "Copy+Paste" ist
      Das Endverzeichnis wurde jedoch korrekt angelegt:
      root@lx001:/var/customers/webs# ls test root@lx001:/var/customers/webs# cd test root@lx001:/var/customers/webs/test# ls index.html webalizer Ich habe zusätzlich zur "Standardkonfiguration" noch libnss-extrausers und FCGID  eingerichtet, da ich ältere PHP Versionen benötige.
      Grüße
      Michael
    • By Pro-Webs
      Hallo,
      ich bin gerade dabei einen Shopware Shop v.5 unter nginx mit froxlor einzurichten.
      Das ist jedoch relativ problematisch.
      Aktuell habe ich im Froxlor folgende vHost Einstellung zur Domain:
      location @php { fastcgi_pass unix:/run/php/php7.2-fpm.sock; fastcgi_read_timeout 1500; } location ~ ^/(engine|files|templates|media/(archive|banner|image|music|pdf|unknown|video))/ { rewrite ^/files/documents/.* /engine last; location ~ \.(jpe?g|png|gif|css|js)$ { expires 1M; } } location / { index index.html index.php shopware.php; rewrite shopware.dll /shopware.php; rewrite files/documents/.* /engine last; #rewrite images/ayww/(.*) /images/banner/$1 last; rewrite backend/media/(.*) /media/$1 last; if (!-e $request_filename){ rewrite . /shopware.php last; } location ~ \.(jpe?g|png|gif|css|js)$ { rewrite backend/media/(.*) /media/$1 last; expires 1M; } } location ~ \.(tpl|yml|ini)$ { deny all; } location /install/ { location /install/assets { } if (!-e $request_filename){ rewrite . /install/index.php last; } } location /update/ { location /update/assets { } location /update/templates { } if (!-e $request_filename){ rewrite . /update/index.php last; } } location /recovery/install/ { location /recovery/install/assets { } if (!-e $request_filename){ rewrite . /recovery/install/index.php last; } } location /recovery/update/ { location /recovery/update/assets { } if (!-e $request_filename){ rewrite . /recovery/update/index.php last; } } location ~ ^/(logs|media/temp|bin|cache)/ { deny all; } location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS $fastcgi_https; fastcgi_param HTTP_AUTHORIZATION $http_authorization; } Diese Einstellung führt zu einem 500 error.
      Meine 35_froxlor_ssl_vhost_studio-ausruestung.de.conf sieht damit leider wie folgt aus:
      # 35_froxlor_ssl_vhost_studio-ausruestung.de.conf # Created 02.01.2020 14:30 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. server { listen 91.250.82.51:443 ssl; server_name studio-ausruestung.de www.studio-ausruestung.de xn--studio-ausrstung-tzb.de *.xn--studio-ausrstung-tzb.de studioausruestung.de *.studioausruestung.de priolite-shop.com www.priolite-shop.com sirui-shop.de www.sirui-shop.de shooting-gutschein.de *.shooting-gutschein.de shooting-gutscheine.de *.shooting-gutscheine.de; ssl_protocols TLSv1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_certificate /etc/ssl/froxlor-custom/studio-ausruestung.de.crt; ssl_certificate_key /etc/ssl/froxlor-custom/studio-ausruestung.de.key; add_header Strict-Transport-Security "max-age=0"; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/froxlor-custom/studio-ausruestung.de.crt; include /etc/apache2/conf-enabled/acme.conf; access_log /var/customers/logs/klimek-studio-ausruestung.de-access.log combined; error_log /var/customers/logs/klimek-studio-ausruestung.de-error.log error; root /var/customers/webs/klimek/studio-ausruestung.de/shopware/; location / { index index.php index.html index.htm; try_files $uri $uri/ @rewrites; index index.html index.php shopware.php; rewrite shopware.dll /shopware.php; rewrite files/documents/.* /engine last; #rewrite images/ayww/(.*) /images/banner/$1 last; rewrite backend/media/(.*) /media/$1 last; if (!-e $request_filename){ rewrite . /shopware.php last; } location ~ \.(jpe?g|png|gif|css|js)$ { rewrite backend/media/(.*) /media/$1 last; expires 1M; } } location @rewrites { rewrite ^ /index.php last; } location /webalizer { alias /var/customers/webs/klimek/webalizer/studio-ausruestung.de/; auth_basic "Restricted Area"; auth_basic_user_file /etc/nginx/htpasswd/1-c3d3ffdab2b8342809d19524c21b98c1.htpasswd; } location ~ \.php { try_files /333c3697df6a41bcc37bccd05271f644.htm @php; } location @php { fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; try_files $fastcgi_script_name =404; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_pass unix:/run/php/php7.2-fpm.sock; fastcgi_read_timeout 1500; } location ~ ^/(engine|files|templates|media/(archive|banner|image|music|pdf|unknown|video))/ { rewrite ^/files/documents/.* /engine last; location ~ \.(jpe?g|png|gif|css|js)$ { expires 1M; } } location ~ \.(tpl|yml|ini)$ { deny all; } location /install/ { location /install/assets { } if (!-e $request_filename){ rewrite . /install/index.php last; } } location /update/ { location /update/assets { } location /update/templates { } if (!-e $request_filename){ rewrite . /update/index.php last; } } location /recovery/install/ { location /recovery/install/assets { } if (!-e $request_filename){ rewrite . /recovery/install/index.php last; } } location /recovery/update/ { location /recovery/update/assets { } if (!-e $request_filename){ rewrite . /recovery/update/index.php last; } } location ~ ^/(logs|media/temp|bin|cache)/ { deny all; } } Man bemerkt u.a. das einige Konfigurationen doppelt vorhanden sind, da floxlor diese auch selbst generiert. Das könnte natürlich schon die Ursache des Fehler sein. Ich weiß nur leider nicht, wie ich es "besser" lösen kann.
      Die original .htaccess für den appache sieht folgende Konfiguration vor:
      php_value memory_limit 1024M php_value max_execution_time 600 php_value upload_max_filesize 20M php_value post_max_size 20M <IfModule mod_rewrite.c> RewriteEngine on #RewriteBase /shopware/ # Https config for the backend #RewriteCond %{HTTPS} !=on #RewriteRule backend/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteRule shopware.dll shopware.php RewriteRule files/documents/.* engine [NC,L] RewriteRule backend/media/(.*) media/$1 [NC,L] RewriteRule custom/.*(config|menu|services|plugin)\.xml$ ./shopware.php?controller=Error&action=pageNotFoundError [NC,L] RewriteCond %{REQUEST_URI} !(\/(engine|files|templates|themes|web)\/) RewriteCond %{REQUEST_URI} !(\/media\/(archive|banner|image|music|pdf|unknown|video)\/) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ shopware.php [PT,L,QSA] # Fix missing authorization-header on fast_cgi installations RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] </IfModule> <IfModule mod_alias.c> # Restrict access to VCS directories RedirectMatch 404 /\\.(svn|git|hg|bzr|cvs)(/|$) # Restrict access to root folder files RedirectMatch 404 /(autoload\.php|composer\.(json|lock|phar)|README\.md|UPGRADE-(.*)\.md|CONTRIBUTING\.md|eula.*\.txt|\.gitignore|.*\.dist|\.env.*)$ # Restrict access to shop configs files RedirectMatch 404 /(web\/cache\/(config_\d+\.json|all.less))$ # Restrict access to theme configurations RedirectMatch 404 /themes/(.*)(.*\.lock|package\.json|\.gitignore|Gruntfile\.js|all\.less|node_modules\/.*)$ </IfModule> # Staging environment #SetEnvIf Host "staging.test.shopware.in" SHOPWARE_ENV=staging # Development environment #SetEnvIf Host "dev.shopware.in" SHOPWARE_ENV=dev #SetEnv SHOPWARE_ENV dev DirectoryIndex index.html DirectoryIndex index.php DirectoryIndex shopware.php # Disables download of configuration <Files ~ "\.(tpl|yml|ini)$"> # Deny all requests from Apache 2.4+. <IfModule mod_authz_core.c> Require all denied </IfModule> # Deny all requests from Apache 2.0-2.2. <IfModule !mod_authz_core.c> Deny from all </IfModule> </Files> # Enable gzip compression <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/xml text/plain text/css text/javascript application/javascript application/json application/font-woff application/font-woff2 image/svg+xml </IfModule> <Files ~ "\.(jpe?g|png|gif|css|js|woff|woff2|ttf|svg|webp|eot|ico)$"> <IfModule mod_expires.c> ExpiresActive on ExpiresDefault "access plus 1 month" </IfModule> <IfModule mod_headers.c> Header append Cache-Control "public" Header unset ETag </IfModule> FileETag None </Files> # Match generated files like: # 1429684458_t22_s1.css # 1429684458_t22_s1.js <FilesMatch "([0-9]{10})_(.+)\.(js|css)$"> <ifModule mod_headers.c> Header set Cache-Control "max-age=31536000, public" </ifModule> <IfModule mod_expires.c> ExpiresActive on ExpiresDefault "access plus 1 year" </IfModule> </FilesMatch> # Disables auto directory index <IfModule mod_autoindex.c> Options -Indexes </IfModule> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> <IfModule mod_php5.c> # php_value memory_limit 256M # php_value max_execution_time 120 # php_value upload_max_filesize 20M php_flag phar.readonly off php_flag magic_quotes_gpc off php_flag session.auto_start off php_flag suhosin.session.cryptua off php_flag zend.ze1_compatibility_mode off php_value always_populate_raw_post_data -1 </IfModule> # AddType x-mapp-php5 .php # AddHandler x-mapp-php5 .php <IfModule mod_headers.c> Header append X-Frame-Options SAMEORIGIN </IfModule>  
      Für Ideen und Vorschläge wäre ich wie immer sehr dankbar
    • By ZARk
      Hello

      I can't renew certs (or create new certs) since the 0.10 upgrade. was working fine before on 0.9

      I'm basically getting the same output everytime i run this command.
       
      xander /var/www/froxlor # /usr/bin/php7.3 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Requesting/renewing Let's Encrypt certificates [information] Creating certificate for Westecheurope.eu [information] Adding SAN entry: Westecheurope.eu [information] Adding SAN entry: www.Westecheurope.eu [Mon 4 Nov 11:23:46 CET 2019] It is recommended to install socat first. [Mon 4 Nov 11:23:46 CET 2019] We use socat for standalone server if you use standalone mode. [Mon 4 Nov 11:23:46 CET 2019] If you don't use standalone mode, just ignore this warning. [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mon 4 Nov 11:23:45 CET 2019] Installing from online archive. [Mon 4 Nov 11:23:45 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Extracting master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Installing to /root/.acme.sh [Mon 4 Nov 11:23:46 CET 2019] Installed to /root/.acme.sh/acme.sh [Mon 4 Nov 11:23:46 CET 2019] Good, bash is found, so change the shebang to use bash as preferred. [Mon 4 Nov 11:23:47 CET 2019] OK [Mon 4 Nov 11:23:47 CET 2019] Install success! [Mon 4 Nov 11:23:47 CET 2019] Upgrade success! [Mon 4 Nov 11:23:47 CET 2019] Removing cron job [Mon 4 Nov 11:23:52 CET 2019] get to authz error. [Mon 4 Nov 11:23:52 CET 2019] _authorizations_map='www.westecheurope.eu,{"identifier":{"type":"dns","value":"www.westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/e3Lmew","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/rs0T6w","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/ZPjfSg","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"}]} westecheurope.eu,{"identifier":{"type":"dns","value":"westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/hOWGhQ","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/nj7_Ow","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/v7Bc7A","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"}]} ' [Mon 4 Nov 11:23:52 CET 2019] Please add '--debug' or '--log' to check more details. [Mon 4 Nov 11:23:52 CET 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [debug] [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [error] Could not get Let's Encrypt certificate for Westecheurope.eu: [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [information] No new certificates or certificates due for renewal found [notice] Checking system's last guid  
    • By nisamudeen97
      Hi,
      Our froxlor server is behiend NAT and it uses the local IP  192.168.73.40.  We have enabled letsencrypt module in froxlor and tried validating SSL for a domain in the server.  SSL generation is getting failed with 403 error.  See the debug log information.      Replaced domain name and main IP.    Can any one help me regarding the issue.
       
      [information] Updating Let's Encrypt certificates [information] Updating domain-name.com [information] Adding SAN entry: domain-name.com [information] Adding SAN entry: www.domain-name.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order [information] letsencrypt-v2 Requesting challenge for domain-name.com [information] letsencrypt-v2 Got challenge token for domain-name.com [information] letsencrypt-v2 Token for domain-name.com saved at /var/www/froxlor/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k and should be available at http://domain-name.com/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [information] letsencrypt-v2 Sending request to challenge [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/803008408/k46kFQ [information] letsencrypt-v2 Verification pending, sleeping 1s [information] letsencrypt-v2 Verification pending, sleeping 1s [error] Could not get Let's Encrypt certificate for domain-name.com: Verification ended with error: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [212.224.xxx.xxx]: \"<!DOCTYPE html>\\n<html lang=\\\"en-CA\\\" class=\\\"html_stretched responsive av-preloader-active av-preloader-enabled av-default-lightbox\"","status":403},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/803008408\/k46kFQ","token":"vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","validationRecord":[{"url":"http:\/\/www.domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"www.domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"},{"url":"http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"}]} [information] Let's Encrypt certificates have been updated  
×
×
  • Create New...