Hello friends,

 

In the last couple of weeks we were trying to install Froxlor on Ubuntu 20.04, with Nginx and php7.4-fpm using the following guides:

- https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-ubuntu

- https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-tarball (from step 3)

- https://github.com/Froxlor/Froxlor/wiki/nginx-with-php-fpm (this is outdated and we were configuring for libnss-extrausers from the configuration guide on the froxlor panel)

At the beginning, everything looks fine, we can create new customers, domains etc, but when the cron job executes it deletes

/etc/php/7.4/fpm/pool.d/www.conf

and we get 502 Bad Gateway.

Looking at the error logs, we can determine that the problem is somewhere in the php configuration because even though it seems that it creates the users, the log says

Feb 03 22:59:16 name_of_server php-fpm7.4[48278]: [03-Feb-2021 22:59:16] ERROR: [pool fully_qualified_domain_name] cannot get uid for user 'test'

Additionally, when we check ls -al /var/customers/webs/, the response is

drwxr-x--- 3 10000 10000 4096 Feb  3 22:54 test

which doesn't make sense to us (to be 10k).

When it deletes the www.conf, we manually put it back, so it can work again, but when the next cron job executes, it deletes from the file again.

Here is the response when we force the cron job, with debug on.

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug
[information] TasksCron: Searching for tasks to do
[information] Creating new FTP-home
[information] Task4 started - Rebuilding froxlor_bind.conf
[information] Cleaning dns zone files from /etc/bind/domains/
[debug] domId    domain                                  ismainbutsubto parent domain                           list of child domain ids
[debug] 2        xxxxx.xxxxxx.xxxxxxx                  0              -
[information] `/etc/bind/domains/xxxxx.xxxxxx.xxxxxxx.zone` written
[debug] Generating dns config for xxxxx.xxxxxx.xxxxxxx
[information] froxlor_bind.conf written
sh: 1: /etc/init.d/bind9: not found
[error] Error while running `/etc/init.d/bind9 reload`: exit code (127) - please check your system logs
[information] Task4 finished
[information] TasksCron: Task2 started - create new home
[notice] Running: mkdir -p '/var/customers/webs/test/webalizer'
[notice] Running: mkdir -p '/var/customers/mail/test/'
[notice] Running: cp -a /var/www/froxlor//templates/misc/standardcustomer/* '/var/customers/webs/test/'
[notice] Running: chown -R 10000:10000 '/var/customers/webs/test/'
[notice] Running: chown -R 2000:2000 '/var/customers/mail/test/'
[information] nginx::createIpPort: creating ip/port settings for  172.105.91.128:80
[information] nginx::writeConfigs: rebuilding /etc/nginx/sites-enabled/
[information] Froxlor\Cron\Http\NginxFcgi::reload: running service php7.4-fpm restart
Job for php7.4-fpm.service failed because the control process exited with error code.
See "systemctl status php7.4-fpm.service" and "journalctl -xe" for details.
[information] Froxlor\Cron\Http\NginxFcgi::reload: reloading Froxlor\Cron\Http\NginxFcgi
[notice] Checking system's last guid

The error log after this failed cron job is, as mentioned above:

Feb 03 22:59:16 name_of_server php-fpm7.4[48278]: [03-Feb-2021 22:59:16] ERROR: [pool fully_qualified_domain_name] cannot get uid for user 'test'

We have tried every fix that we could find, even translated topics from German, but nothing seems to work.

 

We would love to have your thoughts about a possible solution, or maybe some detailed description of how to properly install and configure Froxlor on Ubuntu 20.04, with Nginx and PHP7+-FPM.

 

Thank you,

Ilija

2 minutes ago, Ilija Ivanovski said:

At the beginning, everything looks fine, we can create new customers, domains etc, but when the cron job executes it deletes

/etc/php/7.4/fpm/pool.d/www.conf

and we get 502 Bad Gateway.

This is the default pool-config. Froxlor generates these automatically for every domain. If there are no other .conf files in there check your fpm configs for 7.4 that the path to pool config files is set to /etc/php/7.4/fpm/pool.d/

6 minutes ago, Ilija Ivanovski said:

When it deletes the www.conf, we manually put it back, so it can work again, but when the next cron job executes, it deletes from the file again.

This makes no sense because froxlor does not use the default fpm socket for its own nor the customer vhost configuration files. If you are talking about "froxlor not being accessable" then you might forgot to activate fpm for froxlor too (which is separate from the customers).

 

4 minutes ago, Ilija Ivanovski said:

Looking at the error logs, we can determine that the problem is somewhere in the php configuration because even though it seems that it creates the users, the log says

Feb 03 22:59:16 name_of_server php-fpm7.4[48278]: [03-Feb-2021 22:59:16] ERROR: [pool fully_qualified_domain_name] cannot get uid for user 'test'

Additionally, when we check ls -al /var/customers/webs/, the response is

drwxr-x--- 3 10000 10000 4096 Feb  3 22:54 test

which doesn't make sense to us (to be 10k).

Looks like your libnss-extrausers is not working correctly. did you a) enable libnss-extra users in froxlor and b) ran the commands from the configuration templates regarding libnss-extrausers?

And uid/gid 10000 makes total sense, as froxlor by default begins to assign uids from 10k and up

 

Hey d00p,

All of the above had been done and still it was not working.

But, we have read somewhere that maybe a restart of the server could solve our problems, and it worked.

Now, we are facing a problem with a customer creating a database.

We have configured froxlor with mysql user 'froxloruser' with GRANTS to froxlor database.

mysql> SHOW GRANTS FOR 'froxloruser'#'localhost';
+------------------------------------------------------------------+
| Grants for froxloruser#localhost                                 |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `froxloruser`#`localhost`                  |
| GRANT ALL PRIVILEGES ON `froxlor`.* TO `froxloruser`#`localhost` |
+------------------------------------------------------------------+
2 rows in set (0.00 sec)

And with 'froxloradmin' with GRANTS to everything, as a superuser.

mysql> SHOW GRANTS FOR 'froxloradmin'#'localhost';
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for froxloradmin#localhost



                                                                                                                    |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `froxloradmin`#`localhost`
                                                                                                                    |
| GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `froxloradmin`#`localhost` |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

We have changed /var/www/froxlor/lib/userdata.inc.php to use 'localhost' instead of '127.0.0.1'.

But the error we get, when we click create database is the following.

A database error occurred

SQLSTATE[42000]: Syntax error or access violation: 1044 Access denied for user 'froxloradmin'#'localhost' to database 'stagingsql1'

 

#0 /var/www/froxlor/lib/Froxlor/Database/Database.php(83): PDOStatement->execute()
#1 /var/www/froxlor/lib/Froxlor/Database/Manager/DbManagerMySQL.php(106): Froxlor\Database\Database::pexecute()
#2 /var/www/froxlor/lib/Froxlor/Database/DbManager.php(105): Froxlor\Database\Manager\DbManagerMySQL->grantPrivilegesTo()
#3 /var/www/froxlor/lib/Froxlor/Api/Commands/Mysqls.php(82): Froxlor\Database\DbManager->createDatabase()
#4 /var/www/froxlor/customer_mysql.php(150): Froxlor\Api\Commands\Mysqls->add()
#5 {main}


				GRANT ALL ON `stagingsql1`.* TO :username#:host

When we check mysql, there are database and user created, but the user's host is 127.0.0.1, not localhost.

Edited February 5, 20214 yr by Ilija Ivanovski
spam filter keeps blocking me from making a comment

10 minutes ago, Ilija Ivanovski said:

We have changed /var/www/froxlor/lib/userdata.inc.php to use 'localhost' instead of '127.0.0.1'.

well then you need to duplicate the user 'froxloradmin' not only to have permissions @localhost but also @127.0.0.1

 

11 minutes ago, d00p said:

well then you need to duplicate the user 'froxloradmin' not only to have permissions @localhost but also @127.0.0.1

 

yes, that is made
 

both froxloradmin and froxloruser are with permissions @localhost and @127.0.0.1

well the mysql root/admin user needs to have all permissions for this to work, he tries to execute "GRANT ALL ON `stagingsql1`.* TO :username#:host" but he himself does not have "ALL" so he cannot grant all permissions to another user

It seems like there are some issues with the user and group permissions that Froxlor is trying to set up. A few things to check:

1. Make sure the 10000 and 2000 uid's that are being assigned actually exist on the system. Those uid's may have been valid on a previous Ubuntu release but not 20.04. You may need to adjust them to actual uid's that exist. 

2. Double check that the file permissions Froxlor is setting (like drwxr-x)

In a thread from 2021...