Solved Hostname hsts header is missing when using nginx or nginx_apache

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
EDIT: I changed the title for this thread, this issue seems related to nginx or nginx_apache only webserver

ORIGINAL TITLE: Cannot access phpmyadmin via hostname

The hsts for hostname does not appear (as security header) when using nginx or nginx_apache. The other root domains have no issue with hsts.
---------------------------------------------------------------------------

Hello guys, I'm having issue where if I access phpmyadmin using a server/host domain (server.com/phpmyadmin) I will get the following ugly interface:

mismatch-cert.JPG

and some resources like js, css, are not accessible via the host/server domain but I can access using only IP address.

For example, I can browse this js file:


but if I use host/server domain in URL like below, I will get 404 not found



Other information that I can share right now:

1) I'm using nginx_apache

2) The hostname myserver.domain.com is propagated properly, it has a valid SSL certificate. For example, I can access this URL normally in the browser

Code:
https://myserver.domain.com

and I got a working page nginx is working properly with SSL latest valid certificate. When I go to ssl test the certificate test reported A (with hsts is not enabled for hostname). EDIT: seems like this is the main issue, hsts is not enabled even I set it to enable in directadmin.conf. The ssl test should report A+ like I had before.


3) This is my current httpd-alias.conf file:

Code:
RewriteEngine On
Alias /config "/var/www/html/redirect.php"
Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
Alias /phpmyadmin "/var/www/html/phpMyAdmin/"
Alias /roundcube "/var/www/html/roundcube/"


4) I don't have .htaccess redirection in phpMyAdmin (i mean no .htaccess at all). Also I don't have any other virtualhost or custom link for this phpmyadmin.

Is there anything else I can provide to debug this? Does anyone experience a similar issue? This is the first time I saw this.

EDIT

Other notes:

Note 1 this happens with roundcube too where the static links js, css and others are missing.

Note 2 this also has problem if I want use other custom links for webapps in httpd-alias.conf like below:

Code:
RewriteEngine On
Alias /config "/var/www/html/redirect.php"
Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
Alias /mydb "/var/www/html/phpMyAdmin/"
Alias /mymail "/var/www/html/roundcube/"

after that, if I navigate to custom link above for phpmyadmin ( server.domain.com/mydb ) or custom link for roundcube ( server.domain.com/mymail ), then I will get 404 not found like below:

1634258995697.png

the example error log found in nginx is like this:

Code:
2021/10/15 08:48:52 [error] 1497779#0: *5247 openat() "/var/www/html/mydb" failed (2: No such file or directory), client: 2001:*:*:*:*:*, server: _, request: "GET /dbchunk HTTP/2.0", host: "server.domain.com"


I got all custom links for webapps working before.

Also tried on alpha channel:

Compiled onLinux 64-bit
Compile DateOct 15 2021, 00:51:53
Server Version1.63.0
Current Available Version1.63.0
Last UpdatedFri Oct 15 09:39:23 2021
Last RestartFri Oct 15 09:44:02 2021
Commit SHA4d0f64c544b5c93cb868e536ed7308373506eccd
 
Last edited:

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
479
maybe we have same issued but your case cause by something else
in my case cause by second IP that linked to main IP

 

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
Is it related to the linked IP? I looked at my linked IPs and they all look good (I only have 1 IPv4 and IPv6 in the same interface eth0). I'll go through your post.


EDIT: I've gone through a little bit of your post, and you also mentioned the broken js. Seems like a similar issue.
 

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
Thanks @ikkeben, I think this might be related to hsts for hostname. all of my other normal domain is hsts enabled except the hostname that has issue even after I enabled this.
 

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
this is so weird. I enabled hsts on hostname by setting hsts=31536000 in directadmin.conf and restart directadmin ( I believe I did it before). I even do ./build rewrite_confs but hsts for hostname still not enabled (no security header). I did not have this issue before.
 

ikkeben

Verified User
Joined
May 22, 2014
Messages
1,339
Location
Netherlands Germany
Don't know only that updates DA and so do / did things with hsts in time

I do use apache only.

nginx has more problems also with Le after some updates i think while see more topics here and in other CP 's
Don't know the apache 2.51 .... while to many problems with updates apache therefore i wait longer to do them

Also i don't know about combi's with cloudflare i "hate" them... ;) they are .. with privacy
 
Last edited:

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
Switching to apache temporarily and hsts for hostname is now enabled perfectly. Now I can access back to the phpmyadmin using domain but this is apache.

With nginx_apache it has a problem enabling hsts on hostname using version 1.62.9 (no header found). So, is this a known issue?

Thanks to @jamgames2 and @ikkeben for helping.
 

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
479
Something went wrong with Location Regex
proxy_set_header X-Accel-Internal /roundcube/nginx_static_files;
Like this line
it link to Location block, But I don't know why regex failed
if I comment out, it back to work,

In the past, I not have this issued. it work well until this month or last month
I not sure when cause issued
 

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
Thanks @jamgames2, it's working. I removed the header you mentioned from webapps.ssl.conf for both roundcube and phpmyadmin and the 2 sites are working without broken js or css.


But this does not allow me to use custom URL for roundcube or phpmyadmin anymore. For example, I always want to use custom URL like this in httpd-alias.conf:

Code:
Alias /mydb "/var/www/html/phpMyAdmin/"
Alias /mymail "/var/www/html/roundcube/"

It will show 404 not found. It was working before until the new update came.

I hope this is fixed soon.
 

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
̶I̶ ̶t̶h̶i̶n̶k̶ ̶I̶ ̶f̶o̶u̶n̶d̶ ̶a̶n̶ ̶'̶e̶a̶s̶t̶e̶r̶ ̶e̶g̶g̶'̶ ̶w̶o̶r̶k̶a̶r̶o̶u̶n̶d̶.̶ ̶I̶ ̶s̶w̶i̶t̶c̶h̶ ̶t̶o̶ ̶d̶a̶ ̶1̶.̶6̶2̶.̶4̶ ̶w̶h̶e̶r̶e̶ ̶t̶h̶i̶s̶ ̶v̶e̶r̶s̶i̶o̶n̶ ̶d̶o̶e̶s̶ ̶n̶o̶t̶ ̶h̶a̶v̶e̶ ̶p̶r̶o̶b̶l̶e̶m̶,̶ ̶t̶h̶e̶n̶ ̶I̶ ̶s̶w̶i̶t̶c̶h̶ ̶b̶a̶c̶k̶ ̶t̶o̶ ̶1̶.̶6̶2̶.̶9̶ ̶a̶n̶d̶ ̶t̶h̶e̶ ̶i̶s̶s̶u̶e̶ ̶i̶s̶ ̶g̶o̶n̶e̶.̶ ̶S̶o̶ ̶t̶h̶i̶s̶ ̶m̶e̶a̶n̶s̶,̶ ̶i̶t̶ ̶o̶n̶l̶y̶ ̶a̶f̶f̶e̶c̶t̶e̶d̶ ̶n̶e̶w̶ ̶s̶e̶r̶v̶e̶r̶ ̶i̶n̶s̶t̶a̶l̶l̶a̶t̶i̶o̶n̶ ̶t̶h̶a̶t̶ ̶s̶t̶r̶a̶i̶g̶h̶t̶ ̶j̶u̶m̶p̶e̶d̶ ̶t̶o̶ ̶1̶.̶6̶2̶.̶9̶. I will reconfirm this again by reinstalling this server.


Another failed. So, here what I have tried:

1) I installed directadmin using auto mode, with auto mode by default DirectAdmin will install using version 1.62.9 and it includes the default server apache. Everything is working fine because the server is apache. I can access phpyadmin or roundcube normally. No issue here.

2) Now I switch to nginx_apache:

Code:
cd /usr/local/directadmin/custombuild
./build set webserver nginx_apache
./build nginx_apache
./build rewrite_confs

3) Now if I go to server.domain.com/phpmyadmin, I got the ugly interface like I posted in post #1. This also happens with roundcube .

4) Then, I go ahead switched the directadmin update channel from Current - Default release schedule to Stable - Delayed release schedule, I waited for 1 minute, refresh the page then I clicked on update directadmin to switch to old version 1.62.4.

5) After I'm on version 1.62.4, I must do ./build rewrite_confs and finally the phpmyadmin site and roundcube can be accessed normally when DA version is downgraded (even when the server is nginx)

6) After that, I switched back the update channel to Current-Default release schedule and update it to 1.62.9. But at this point I have problem when I do ./build rewrite_confs I got stuck for more than 1 hour like below:

1634280466191.png

So, yes right now I'm on version 1.62.9 and I cannot say that this is a workaround by switching version and it's working like I mentioned about 'easter egg' above. Until the ./build rewrite_confs finished its commands (it still stucked right now).

Final result: I'm going to stick with the old version 1.62.4 until you fixed the bug. I'm glad that this old version is still there.


@jamgames2 @ikkeben @fln @smtalk

You can try the step that I reproduce above. I think (not sure) this is the update that breaks this https://directadmin.com/features.php?id=3043
 
Last edited:

jamgames2

Verified User
Joined
Aug 16, 2019
Messages
479
Thanks
I already try, but not solve

In my case
there have different between
"nginx-vhost.conf" and "directadmin-ips.conf"(/usr/local/directadmin/data/template/nginx-ips.conf)

maybe it break long time ago,
 
Last edited:

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
411
Location
The Earth
I did install again directadmin and it's working again. I'm 100% sure that I did clean install more than 2 times and this problem occured. Not sure if this is also related to browser cache, I also did clear the browser cache and I haven't seen the ugly interface again. Also that time it was confirmed 100% that switching to only nginx or nginx_apache will cause the problem and when I switch back to apache it works. But this time it works perfectly on both clean install and custom installation regardless of server type.

About the hosts hsts, I also tested hsts on web and I found that it was 100% reported missing header from online web test but when I inspect directadmin.conf, the config was set perfectly.

Also solution from @jamgames2 like removing the header also straighaway solved the issue on nginx and nginx_apache. That was weird.
 
Last edited:
Top