Daniel Posted December 15, 2010 Share Posted December 15, 2010 hi there, i successfully migrated from syscp to froxlor. today i followed this howto to enable fcgi. it just worked until the cronjob ran. after that, i can't open the froxlor panel and get a 403 forbidden You don't have permission to access /froxlor/index.php on this server apache itself works fine (the static "it work's" page loads) and surprisingly suexec and fcgi are working well for customer websites. so, my first idea was to check the permissions again, but they are fine. for testing, i even did a "chmod -R a+rwX /var/www/froxlor" to give everyone permission to that directory. but i get the same forbidden again. so i changed the owner and permissions back. there are no errors in the suexec.log, just entries like [2010-12-15 14:28:19]: uid: (10001/web1) gid: (10001/web1) cmd: php-fcgi-starter and in the apache error.log are also no errors, only some of these notices: [Wed Dec 15 14:07:24 2010] [notice] mod_fcgid: call /var/customers/webs/web1/index.php with wrapper /var/www/php-fcgi-scripts/web1/domain.tld/php-fcgi-starter [Wed Dec 15 14:26:06 2010] [notice] caught SIGTERM, shutting down [Wed Dec 15 14:26:06 2010] [notice] mod_fcgid: process /var/customers/webs/web1/index.php(3186) exit(shutting down), terminated by calling exit(), return code: 0 so this looks good. it seems it only does affect froxlor itself. any idea what could be the problem here? thanks in advance (and thanks for froxlor of course ) daniel Link to comment Share on other sites More sharing options...
arnoldB Posted December 15, 2010 Share Posted December 15, 2010 so i changed the owner and permissions back. The owner of the following should be identical: - owner of froxlor panel (files) - owner of the php-fcgi-script (normally placed in /var/www/php-fcgi-scripts/) - SuexecUserGroup "username" "groupname" Are they configured after this rules? Otherwise you get errors like "no permission" or problems to start apache/webserver.. Link to comment Share on other sites More sharing options...
Daniel Posted December 15, 2010 Author Share Posted December 15, 2010 The owner of the following should be identical: - owner of froxlor panel (files) - owner of the php-fcgi-script (normally placed in /var/www/php-fcgi-scripts/) - SuexecUserGroup "username" "groupname" Are they configured after this rules? Otherwise you get errors like "no permission" or problems to start apache/webserver.. thanks for the quick reply. i have this: ls -la /var/www/froxlor/index.php -rw-rw-rw- 1 froxlorlocal froxlorlocal 11802 15. Okt 13:48 /var/www/froxlor/index.php and ls -la /var/www/php-fcgi-scripts/froxlor.panel drwxr-xr-x 2 froxlorlocal froxlorlocal 4096 15. Dez 10:15 . drwxr-xr-x 5 root root 4096 15. Dez 10:15 .. -rwxr-x--- 1 froxlorlocal froxlorlocal 413 15. Dez 10:15 php-fcgi-starter -rw-r--r-- 1 root root 2120 15. Dez 10:15 php.ini and in /etc/apache2/sites-enabled/10_froxlor_ipandport_192.168.100.8.80.conf: SuexecUserGroup "froxlorlocal" "froxlorlocal" so this seems ok? Link to comment Share on other sites More sharing options...
Daniel Posted December 15, 2010 Author Share Posted December 15, 2010 hmm. it seems, that the cronjob messed up the file /etc/apache2/sites-enabled/10_froxlor_ipandport_192.168.100.8.80.conf. it looks like this: # 10_froxlor_ipandport_192.168.100.8.80.conf # Created 15.12.2010 10:15 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. NameVirtualHost 192.168.100.8:80 <VirtualHost 192.168.100.8:80> DocumentRoot "/var/www/" ServerName cbswebserver.cbs.ag SuexecUserGroup "froxlorlocal" "froxlorlocal" <Directory "/var/www/"> <------------------------ this used to be /var/www/froxlor/ before the cron AddHandler fcgid-script .php FCGIWrapper /var/www/php-fcgi-scripts/froxlor.panel/php-fcgi-starter .php Options +ExecCGI Order allow,deny allow from all </Directory> --------------------- iirc the following section was added by the cron? <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> so if i change the first <directory> section to /var/www/froxlor/ i'm getting rid of the "403 forbidden" i now get No input file specified. i will have a look at this tomorrow. daniel Link to comment Share on other sites More sharing options...
d00p Posted December 15, 2010 Share Posted December 15, 2010 1) your 10_froxlor_ipandport_192.168.100.8.80.conf looks customized because there is much more than the cronjob creates 2) it uses /var/www/ for the <Directory>-block because you didn't set "Make Froxlor reachable through the hostname directly" (you didn't read the update-steps carefully!!!) 3) from your 10_froxlor_ipandport_192.168.100.8.80.conf file i can see that you are using an INTRANET ip-address which will NOT work 100% (192.168.x.x is not an IP which is accessable from the outside!) Link to comment Share on other sites More sharing options...
Daniel Posted December 15, 2010 Author Share Posted December 15, 2010 1) your 10_froxlor_ipandport_192.168.100.8.80.conf looks customized because there is much more than the cronjob creates that's right. my first try in getting fcgi to work was to follow this screencast. what happens if i remove or empty this file? will it be recreated the right way with the next cron run? 2) it uses /var/www/ for the <Directory>-block because you didn't set "Make Froxlor reachable through the hostname directly" (you didn't read the update-steps carefully!!!) that may be right too. however, i migrated from syscp to froxlor earlier last summer and did an update to the latest version yesterday thru apt-get on debian lenny. i realized the massive changes in froxlor since the migration to late 3) from your 10_froxlor_ipandport_192.168.100.8.80.conf file i can see that you are using an INTRANET ip-address which will NOT work 100% (192.168.x.x is not an IP which is accessable from the outside!) our router/firewall is redirecting the outside to our dmz, which worked for ages that way with all the servers. so, do i need some special configuration for froxlor here? thanks for your time daniel Link to comment Share on other sites More sharing options...
d00p Posted December 15, 2010 Share Posted December 15, 2010 what happens if i remove or empty this file? will it be recreated the right way with the next cron run? Yes, exactly that is going to happen. our router/firewall is redirecting the outside to our dmz, which worked for ages that way with all the servers. so, do i need some special configuration for froxlor here? Na, if everything worked before it will continue to Link to comment Share on other sites More sharing options...
Daniel Posted December 15, 2010 Author Share Posted December 15, 2010 thanks, i will try this tomorrow. just one more question: would you recommend (your personal opinion) to discard this (virtual) server and start from scratch with a clean install? i'm just afraid there are a bunch of other changes in the meantime that will hit me and i have no good feeling with this syscp -> old froxlor -> actual froxlor installation. actually the server is not yet in productive use. it is planned to replace our good old (non-virtual) gentoo mail/web/ftp/dns/whatever server which got a lot of custom configurations over the years. so i think, a fresh installation would be the better option? thanks again daniel Link to comment Share on other sites More sharing options...
d00p Posted December 15, 2010 Share Posted December 15, 2010 would you recommend (your personal opinion) to discard this (virtual) server and start from scratch with a clean install? I'd do it I guess Link to comment Share on other sites More sharing options...
Daniel Posted December 15, 2010 Author Share Posted December 15, 2010 I'd do it I guess thanks, i think i will do it and i hope there's not that much chaos on the streets in frankfurt like in chemnitz greetings from saxony, have a nice evening. daniel Link to comment Share on other sites More sharing options...
Daniel Posted December 16, 2010 Author Share Posted December 16, 2010 i just did a fresh install today and it works so far. 2) it uses /var/www/ for the <Directory>-block because you didn't set "Make Froxlor reachable through the hostname directly" (you didn't read the update-steps carefully!!!) i do not have this option under Admin-Menu -> Settings -> System-Settings and i think i need to enable this to get roundcube to work. so froxlor is reachable with http:/domain.tld/froxlor i installed froxlor via apt like here: apt installation is this option somewhere else now? daniel Link to comment Share on other sites More sharing options...
d00p Posted December 16, 2010 Share Posted December 16, 2010 this is/was a bug which has already been fixed in SVN and will be back in with 0.9.16 Link to comment Share on other sites More sharing options...
Daniel Posted December 16, 2010 Author Share Posted December 16, 2010 this is/was a bug which has already been fixed in SVN and will be back in with 0.9.16 thanks Link to comment Share on other sites More sharing options...
Question
Daniel
hi there,
i successfully migrated from syscp to froxlor.
today i followed this howto to enable fcgi.
it just worked until the cronjob ran. after that, i can't open the froxlor panel and get a
apache itself works fine (the static "it work's" page loads) and surprisingly suexec and fcgi are working well for customer websites.
so, my first idea was to check the permissions again, but they are fine.
for testing, i even did a "chmod -R a+rwX /var/www/froxlor" to give everyone permission to that directory. but i get the same forbidden again.
so i changed the owner and permissions back.
there are no errors in the suexec.log, just entries like
and in the apache error.log are also no errors, only some of these notices:
so this looks good. it seems it only does affect froxlor itself.
any idea what could be the problem here?
thanks in advance (and thanks for froxlor of course )
daniel
Link to comment
Share on other sites
12 answers to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.