Jump to content
Froxlor Forum
  • 0

fcgi: works for customers but not for froxlor itself


Daniel

Question

hi there,

 

i successfully migrated from syscp to froxlor.

today i followed this howto to enable fcgi.

it just worked until the cronjob ran. after that, i can't open the froxlor panel and get a

 

403 forbidden
You don't have permission to access /froxlor/index.php on this server

 

apache itself works fine (the static "it work's" page loads) and surprisingly suexec and fcgi are working well for customer websites.

 

so, my first idea was to check the permissions again, but they are fine.

for testing, i even did a "chmod -R a+rwX /var/www/froxlor" to give everyone permission to that directory. but i get the same forbidden again.

so i changed the owner and permissions back.

 

 

there are no errors in the suexec.log, just entries like

 

[2010-12-15 14:28:19]: uid: (10001/web1) gid: (10001/web1) cmd: php-fcgi-starter

 

and in the apache error.log are also no errors, only some of these notices:

 

[Wed Dec 15 14:07:24 2010] [notice] mod_fcgid: call /var/customers/webs/web1/index.php with wrapper /var/www/php-fcgi-scripts/web1/domain.tld/php-fcgi-starter
[Wed Dec 15 14:26:06 2010] [notice] caught SIGTERM, shutting down
[Wed Dec 15 14:26:06 2010] [notice] mod_fcgid: process /var/customers/webs/web1/index.php(3186) exit(shutting down), terminated by calling exit(), return code: 0

 

so this looks good. it seems it only does affect froxlor itself.

any idea what could be the problem here?

 

 

thanks in advance (and thanks for froxlor of course :))

 

daniel

Link to post
Share on other sites

12 answers to this question

Recommended Posts

so i changed the owner and permissions back.

 

The owner of the following should be identical:

 

- owner of froxlor panel (files)

- owner of the php-fcgi-script (normally placed in /var/www/php-fcgi-scripts/)

- SuexecUserGroup "username" "groupname"

 

Are they configured after this rules? Otherwise you get errors like "no permission" or problems to start apache/webserver..

Link to post
Share on other sites

The owner of the following should be identical:

 

- owner of froxlor panel (files)

- owner of the php-fcgi-script (normally placed in /var/www/php-fcgi-scripts/)

- SuexecUserGroup "username" "groupname"

 

Are they configured after this rules? Otherwise you get errors like "no permission" or problems to start apache/webserver..

 

thanks for the quick reply.

i have this:

 

ls -la /var/www/froxlor/index.php 
-rw-rw-rw- 1 froxlorlocal froxlorlocal 11802 15. Okt 13:48 /var/www/froxlor/index.php

and

ls -la /var/www/php-fcgi-scripts/froxlor.panel

drwxr-xr-x 2 froxlorlocal froxlorlocal 4096 15. Dez 10:15 .
drwxr-xr-x 5 root         root         4096 15. Dez 10:15 ..
-rwxr-x--- 1 froxlorlocal froxlorlocal  413 15. Dez 10:15 php-fcgi-starter
-rw-r--r-- 1 root         root         2120 15. Dez 10:15 php.ini

 

and in /etc/apache2/sites-enabled/10_froxlor_ipandport_192.168.100.8.80.conf:

 

  SuexecUserGroup "froxlorlocal" "froxlorlocal"

 

so this seems ok?

Link to post
Share on other sites

hmm. it seems, that the cronjob messed up the file /etc/apache2/sites-enabled/10_froxlor_ipandport_192.168.100.8.80.conf.

it looks like this:

 

# 10_froxlor_ipandport_192.168.100.8.80.conf
# Created 15.12.2010 10:15
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.

NameVirtualHost 192.168.100.8:80
<VirtualHost 192.168.100.8:80>
DocumentRoot "/var/www/"
ServerName cbswebserver.cbs.ag
 SuexecUserGroup "froxlorlocal" "froxlorlocal"
 <Directory "/var/www/">              <------------------------ this used to be /var/www/froxlor/ before the cron
   AddHandler fcgid-script .php
   FCGIWrapper /var/www/php-fcgi-scripts/froxlor.panel/php-fcgi-starter .php
   Options +ExecCGI
   Order allow,deny
   allow from all
 </Directory>

--------------------- iirc the following section was added by the cron?

<Directory />
	Options FollowSymLinks
	AllowOverride None
</Directory>
<Directory /var/www/>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride None
	Order allow,deny
	allow from all
</Directory>  

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
	AllowOverride None
	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
	Order allow,deny
	Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined

   Alias /doc/ "/usr/share/doc/"
   <Directory "/usr/share/doc/">
       Options Indexes MultiViews FollowSymLinks
       AllowOverride None
       Order deny,allow
       Deny from all
       Allow from 127.0.0.0/255.0.0.0 ::1/128
   </Directory>

</VirtualHost>

 

so if i change the first <directory> section to /var/www/froxlor/ i'm getting rid of the "403 forbidden"

i now get

 

No input file specified. 

 

i will have a look at this tomorrow.

 

 

daniel

Link to post
Share on other sites

1) your 10_froxlor_ipandport_192.168.100.8.80.conf looks customized because there is much more than the cronjob creates

2) it uses /var/www/ for the <Directory>-block because you didn't set "Make Froxlor reachable through the hostname directly" (you didn't read the update-steps carefully!!!)

3) from your 10_froxlor_ipandport_192.168.100.8.80.conf file i can see that you are using an INTRANET ip-address which will NOT work 100% (192.168.x.x is not an IP which is accessable from the outside!)

Link to post
Share on other sites

1) your 10_froxlor_ipandport_192.168.100.8.80.conf looks customized because there is much more than the cronjob creates

 

that's right. my first try in getting fcgi to work was to follow this screencast.

what happens if i remove or empty this file? will it be recreated the right way with the next cron run?

 

2) it uses /var/www/ for the <Directory>-block because you didn't set "Make Froxlor reachable through the hostname directly" (you didn't read the update-steps carefully!!!)

 

that may be right too. however, i migrated from syscp to froxlor earlier last summer and did an update to the latest version yesterday thru apt-get on debian lenny. i realized the massive changes in froxlor since the migration to late :(

 

3) from your 10_froxlor_ipandport_192.168.100.8.80.conf file i can see that you are using an INTRANET ip-address which will NOT work 100% (192.168.x.x is not an IP which is accessable from the outside!)

 

our router/firewall is redirecting the outside to our dmz, which worked for ages that way with all the servers. so, do i need some special configuration for froxlor here?

 

thanks for your time

 

daniel

Link to post
Share on other sites

what happens if i remove or empty this file? will it be recreated the right way with the next cron run?

 

Yes, exactly that is going to happen.

 

our router/firewall is redirecting the outside to our dmz, which worked for ages that way with all the servers. so, do i need some special configuration for froxlor here?

 

Na, if everything worked before it will continue to

Link to post
Share on other sites

thanks, i will try this tomorrow.

 

just one more question:

 

would you recommend (your personal opinion) to discard this (virtual) server and start from scratch with a clean install?

i'm just afraid there are a bunch of other changes in the meantime that will hit me and i have no good feeling with this syscp -> old froxlor -> actual froxlor installation.

actually the server is not yet in productive use. it is planned to replace our good old (non-virtual) gentoo mail/web/ftp/dns/whatever server which got a lot of custom configurations over the years. so i think, a fresh installation would be the better option?

 

thanks again

 

daniel

Link to post
Share on other sites

i just did a fresh install today and it works so far.

 

 

2) it uses /var/www/ for the <Directory>-block because you didn't set "Make Froxlor reachable through the hostname directly" (you didn't read the update-steps carefully!!!)

 

i do not have this option under Admin-Menu -> Settings -> System-Settings

and i think i need to enable this to get roundcube to work. so froxlor is reachable with http:/domain.tld/froxlor

i installed froxlor via apt like here: apt installation

is this option somewhere else now?

 

 

daniel

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...