All customer domains showing Froxlor login not website

[Lloyd Mason]

I've setup a new Froxlor installation, I have setup one in the past using Apache but that was a few years ago.

Everything is running fine except for two strange issues that I have spent probably a week or more on and off trying to solve.

Firstly every time the Froxlor CRON job is run it overwrites /etc/php/7.2/fpm/pool.d/www.conf killing the whole system as FPM won't run anymore. Quick fix is to copy a backup of that file and restart FPM, but don't seem to understand why or if it is intended.

Secondly when going to a customers domain, any domain, any customer I am shown the Froxlor login page e.g. http://test.fkd.commuter.site/. I thought this should be the default .html Froxlor generates, unless I am wrong - possible incorrect setting. I have checked NGINX records for why and can't see to find the issue.

I will keep debugging, but any help is appreciated - not sure what info to post on here, but let me know if anything is needed to assist.

Thanks in advanced, regards Lloyd

[d00p]

25 minutes ago, Lloyd Mason said:

Firstly every time the Froxlor CRON job is run it overwrites /etc/php/7.2/fpm/pool.d/www.conf killing the whole system as FPM won't run anymore. Quick fix is to copy a backup of that file and restart FPM, but don't seem to understand why or if it is intended.

Well, froxlor does not use the www.conf - also it's stated clearly in the settings, that the give path to the pool-configs in the settings is being overwritten. Froxlor generates pool-config files for each domain - so you might have done something wrong when setting up FPM.

27 minutes ago, Lloyd Mason said:

Secondly when going to a customers domain, any domain, any customer I am shown the Froxlor login page

Check whether the vhosts are being generated correctly and are in the correct folder for the webserver to include. Also check DNS records of the domains and check whether the server and/or domains might be using ipv6 but you did not add the ipv6 address to froxlor, hence a request using ipv6 is always being answered using the default/first vhost the webserver can find.

 

[Adramyttium]

On 11/3/2019 at 8:47 AM, d00p said:

Check whether the vhosts are being generated correctly and are in the correct folder for the webserver to include. Also check DNS records of the domains and check whether the server and/or domains might be using ipv6 but you did not add the ipv6 address to froxlor, hence a request using ipv6 is always being answered using the default/first vhost the webserver can find.

 

I'm totally new to this as well, and I'm experiencing a similar problem. Domains are going to the Froxlor login page. I've checked my DNS records and they are pointing to ipv4 addresses. The vhost files seems to be in place as expected (in /sites-enabled). The server itself is on a DigitialOcean and does not have ipv6 enabled. The files for the web domain seem to be in the correct document root directory. And yet, I get the login page. Any other ideas about what could check?

[d00p]

I hope you mean the files are placed in /etc/apache2/sites-enabled/ and not just /sites-enabled.

If you want you can PM me access credentials to your server and I can check what's up there because basically this runs out of the box 

[Adramyttium]

1 hour ago, d00p said:

I hope you mean the files are placed in /etc/apache2/sites-enabled/ and not just /sites-enabled.

If you want you can PM me access credentials to your server and I can check what's up there because basically this runs out of the box 

Yes, they are in /etc/apache2/sites-enabled

One more question: When I was setting things up, I changed the apache2 document root from /var/www/html to /var/www. Would that have caused some kind of issue?

(And thank you for your quick replies!)

 

[d00p]

No this is just fine that way. So sorry, without more information I cannot tell you what's wrong on your side

[Adramyttium]

No problem. I'll create a temp account for you with Sudo. I'll send you the credential via PM in a few.

[d00p]

1) the domain added by you does not resolve to any IP (www.domain.tld does though)

2) because of that, the let's encrypt ssl certificate cannot be issued

3) you have selected "SSL Redirect" for the domain, so there is a vhost for http which just redirects to https but due to no ssl-certificate, the ssl-vhost cannot be created, hence you see the froxlor-login

 

[Adramyttium]

Oh boy...

17 minutes ago, d00p said:

1) the domain added by you does not resolve to any IP (www.domain.tld does though)

As I said earlier, I'm pretty new to this stuff, but I know enough to know that I need a danged 'A' record on the domain.tld.

So if I correct that and let the Let's Encrypt cron job run a few times, should that clear up the matter?

[d00p]

Possibly yes. But most likely you've hit the ratelimit for lets encrypt requests, so you'd better deactivate that in froxlor for now until the dns is working correctly and then try again

[Adramyttium]

Will do. Thanks again!

[Adramyttium]

Well, I waited overnight for things to propagate, and I'm still getting the danged login screen. To try to further isolate the cause, I actually deleted the domain and the customer and decided to try again.

So here is what I have:

One domain with a single "A" @ DNS record pointing to the server IP address.

I created a new customer in Froxlor.

I added the domain to Froxlor (using domain.tld)

The IP address is assigned to the domain using both ports 80 and 443.

SSL redirect is off on 443 and I'm not using Let's Encrypt.

Before clicking save, I checked the /var/customers/webs/ directory for the Customer name. It's there. I click save and a subdomain for the customer is created with /domain.ltd. The default froxlor index.html file appears, and I'm hoping to see that later on when I try to navigate to the domain.

I then double check /etc/apache2/sites-enabled subdirectory. Here are the contents:

lrwxrwxrwx 1 root root  35 Feb 20 23:49 000-default.conf -> ../sites-available/000-default.conf

-rw-r--r-- 1 root root 230 Feb 22 14:25 03_froxlor_ocsp_cache.conf

-rw-r--r-- 1 root root 264 Feb 22 14:25 05_froxlor_dirfix_nofcgid.conf

-rw-r--r-- 1 root root 790 Feb 22 14:25 10_froxlor_ipandport_142.93.66.212.443.conf

-rw-r--r-- 1 root root 621 Feb 22 14:25 10_froxlor_ipandport_142.93.66.212.80.conf

-rw-r--r-- 1 root root 774 Feb 22 14:25 35_froxlor_normal_vhost_christopherdrew.com.conf

-rw-r--r-- 1 root root 342 Feb 22 14:25 35_froxlor_ssl_vhost_christopherdrew.com.conf

-rw-r--r-- 1 root root 409 Feb 22 14:25 40_froxlor_diroption_adc68c552ae13d6eff87cd61bec19296.conf

The Listen statement for the ports are in the files prefixed with 10_

I checked the contents of the 35_froxlor_normal vhost file and the document root for the domain is exactly what I expected: /var/customers/webs/CustomerName/domain.tld/

I specified no domain alias.

I make sure all the server config jobs run. And then, I attempt to navigate to http://domain.tld. Result: The froxlor login page.

 

I'm probably missing something fundamental, but I just can't figure out what it is.

[d00p]

15 minutes ago, Adramyttium said:

The Listen statement for the ports are in the files prefixed with 10_

Are you sure this is what you want? Usually the listen entries are out of the box enabled by Apache itself (and for 443 if a2enmod ssl).

Because in that case there would be double listen-statements and Apache should either not (re)start or reload with errors

[Adramyttium]

Very interesting. I just tried restarting apache2 from the command line and, sure enough, it failed. I checked the service status:

sudo systemctl status apache2.service

● apache2.service - The Apache HTTP Server

   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)

  Drop-In: /lib/systemd/system/apache2.service.d

           └─apache2-systemd.conf

   Active: failed (Result: exit-code) since Sat 2020-02-22 17:47:15 UTC; 49s ago

  Process: 13800 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)

  Process: 11724 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=1/FAILURE)

  Process: 13854 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

 Main PID: 898 (code=exited, status=0/SUCCESS)

 

Feb 22 17:47:15 admin systemd[1]: Starting The Apache HTTP Server...

Feb 22 17:47:15 admin apachectl[13854]: AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/03_froxlor_ocsp_cache.conf:

Feb 22 17:47:15 admin apachectl[13854]: Invalid command 'SSLStaplingCache', perhaps misspelled or defined by a module not included in the server config

Feb 22 17:47:15 admin apachectl[13854]: Action 'start' failed.

Feb 22 17:47:15 admin apachectl[13854]: The Apache error log may have more information.

Feb 22 17:47:15 admin systemd[1]: apache2.service: Control process exited, code=exited status=1

Feb 22 17:47:15 admin systemd[1]: apache2.service: Failed with result 'exit-code'.

Feb 22 17:47:15 admin systemd[1]: Failed to start The Apache HTTP Server.

 

And now froxlor is down altogether. Very odd. I'll poke around some more.

[d00p]

Looks like you did not configure the services correctly. Seems SSL is not active for Apache:

13 minutes ago, Adramyttium said:

Feb 22 17:47:15 admin apachectl[13854]: Invalid command 'SSLStaplingCache', perhaps misspelled or defined by a module not included in the server config

 

[Adramyttium]

I'm going to scratch this attempt and start with a snapshot that includes LAMP. Question, if apache2 is already installed on the server, must I still run the configuration routine in Froxlor?

[d00p]

After you've adjusted the settings to your needs: yes of course

[Adramyttium]

So I started over, patiently following all of the instructions. 

It's working brilliantly. Thank you so much for Froxlor. Great product.