nginx_apache config webapps not workging

G

Ghadamyari

Verified User
Joined
Aug 13, 2011
Messages
32
Hello,

I'm using nginx_apache rewrite config on my directadmin server and I see that the webapps are not working properly.

http://hostname/phpmyadmin/
http://hostname/phpmyadmin
http://hostname/phpMyAdmin
http://hostname/roundcube
http://hostname/squirrelmail



They all return 403 forbidden error and I see the following error log in nginx errorlog:

Code: 
2016/10/28 04:58:48 [error] 205947#0: *964418 open() "/var/www/html/phpMyAdmin.gz" failed (13: Permission denied), client: IP, server: DOMAIN, request: "GET /phpmyadmin HTTP/1.1", host: "DOMAIN"
2016/10/28 04:58:48 [error] 205947#0: *964418 open() "/var/www/html/phpMyAdmin" failed (13: Permission denied), client: IP, server: DOMAIN, request: "GET /phpmyadmin HTTP/1.1", host: "DOMAIN"

but these ones work:
http://hostname/phpMyAdmin/
http://hostname/roundcube/

and It also works if I run:

Code: 
chmod 755 /var/www
chmod 755 /var/www/html

but I think it's not safe to do so as the default chmod of the above folders should be 551 !
 
zEitEr said:
Hello,

What do you mean by "nginx_apache rewrite config"? How do you run PHP on your server (what mode)?
Click to expand...

by nginx_apache config I mean the *nginx as reverse proxy in front of apache* config provided in custombuild 2.x
 
OK, thank you.

Make sure you've got the latest Directadmin version and templates:

Code: 
cd /usr/local/directadmin/custombuild
./build update
./build nginx
./build rewrite_confs

and see whether or not it solves the issue. Also make sure you've got no customized versions of templates under /usr/local/directadmin/custombuild/custom/ and /usr/local/directadmin/data/templates/custom/ .
 
zEitEr said:
OK, thank you.

Make sure you've got the latest Directadmin version and templates:

Code: 
cd /usr/local/directadmin/custombuild
./build update
./build nginx
./build rewrite_confs

and see whether or not it solves the issue. Also make sure you've got no customized versions of templates under /usr/local/directadmin/custombuild/custom/ and /usr/local/directadmin/data/templates/custom/ .
Click to expand...

I'm using the latest version of directadmin 1.50.1 and I confirm that no customization is done on the default template called *enhanced* and it does have this issue. The issue seems to be related to nginx rewrites:

/etc/nginx/webapps.conf
Code: 
        location ^~ /phpMyAdmin {
                root /var/www/html/;
                index index.php index.html index.htm;
               [B][COLOR="#0000CD"] location ~ ^/phpMyAdmin[/COLOR][/B][B][COLOR="#FF0000"][SIZE=4]/[/SIZE][/COLOR][/B] [B][COLOR="#0000CD"]{[/COLOR][/B]
                        access_log off;
                set $my_server_addr $server_addr;
                if ($server_addr ~ ^[0-9a-fA-F:]+$) { set $my_server_addr [$server_addr]; }
                        proxy_pass http://$my_server_addr:8080;
                        proxy_set_header X-Client-IP      $remote_addr;
                        proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
                        proxy_set_header Host        $host;
                        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
                }
                location ~ ^/phpMyAdmin/nginx_static_files/ {
                        access_log  /var/log/nginx/access_log_proxy;
                        alias       /var/www/html/;
                        internal;
                }
        }
        location ~ ^/phpmyadmin {
                rewrite ^/* /phpMyAdmin last;
        }
        location ~ ^/pma {
                rewrite ^/* /phpMyAdmin last;
        }

I've fixed it by removing the trailing slash above. Same thing also applies to roundcube, squirrelmail, ...
 
Last edited:
zEitEr said:
It's a skin for Directadmin Web-GUI and has nothing to do with NGINX at all.
Click to expand...

It's indeed correct, the bug was related to nginx rewrite rules used by directadmin as I've explained in post #5 in this topic.. Where can I report this bug to directadmin developers so they get it fixed in future releases?
 
Hardly can it be a bug... I could not replicate the issue on my end. And if it was a bug we would have much more reports here on the forums and in tickets. So it must be something on your side.

Let's see whether or not other users and admins have the same issue.
 
zEitEr said:
Hardly can it be a bug... I could not replicate the issue on my end. And if it was a bug we would have much more reports here on the forums and in tickets. So it must be something on your side.

Let's see whether or not other users and admins have the same issue.
Click to expand...
Are you using the same nginx_apache config as mine? Please also make sure that /var/www and /var/www/html have 551 permission mode.

Code: 
cd /usr/local/directadmin/custombuild
./build update
./build set webserver nginx_apache
./build nginx_apache
./build rewrite_confs
 
Tested on two servers with nginx+apache:

Code: 
[root@server ~]# ll -d /var/www/html
drwxr-xr-x. 9 webapps webapps 4096 Oct 12 16:22 /var/www/html
[root@server ~]# ll -d /var/www/
dr-xr-x--x. 10 webapps nginx 4096 Dec 20  2014 /var/www/
[root@server ~]#

Code: 
[root@server2 ~]# ll -d /var/www/html
drwxr-xr-x 4 root root 4.0K Oct  6 15:53 /var/www/html
[root@server2 ~]# ll -d /var/www/
dr-xr-x--x 10 webapps nginx 4.0K Dec 23  2014 /var/www/
[root@server2 ~]#
 
zEitEr said:
Tested on two servers with nginx+apache:

Code: 
[root@server ~]# ll -d /var/www/html
drwxr-xr-x. 9 webapps webapps 4096 Oct 12 16:22 /var/www/html
[root@server ~]# ll -d /var/www/
dr-xr-x--x. 10 webapps nginx 4096 Dec 20  2014 /var/www/
[root@server ~]#

Code: 
[root@server2 ~]# ll -d /var/www/html
drwxr-xr-x 4 root root 4.0K Oct  6 15:53 /var/www/html
[root@server2 ~]# ll -d /var/www/
dr-xr-x--x 10 webapps nginx 4.0K Dec 23  2014 /var/www/
[root@server2 ~]#
Click to expand...

As you see the chmod of your /var/www/html folder is 755 and not 551 that's why you don't see the error. I updated the permission mode of my /var/www/html folder to 755 as well and the issue has now been fixed.
 
Same problem here: fresh centos7 with nginx

Hi,

I think i have the same problem. I tried it on 2 different providers. And even did a bad switch to cpanel (sorry sorry :eek:) because of probs like this. First cpanel looked very nice, but then we discovered how jailed we were, so running back to directadmin ;)

So we have a new vps with CentOs 7 with directadmin custombuild 2 pre-installed. I runned all updates and the plugin for custombuild 2.
We have nginx with php56 and php70. We also run postgresql and git.

It behaves very strange:
The php service starts normally although it can take a long time to start (a minute or even longer)
Then when loading phpPgAdmin (we have nothing else yet running) it sometimes loads normally and then gives 502. When checking systemctl > php-fpm56 failed. With an error like:
Code: 
unix:/usr/local/php56/sockets/webapps.sock failed (2: No such file or directory)
A minute or so later it is restarted automaticly and working again for some minutes.

At the moment i am rebuilding with all options we want. (./build all d)
php 5.6 is done already. First the service was oke
Code: 
● php-fpm56.service - The PHP FastCGI Process Manager
   Loaded: loaded (/etc/systemd/system/php-fpm56.service; enabled; vendor preset: disabled)
   Active: activating (start) since Tue 2016-11-15 17:13:13 CET; 40s ago
 Main PID: 16539 (php-fpm56)
   CGroup: /system.slice/php-fpm56.service
           └─16539 php-fpm: master process (/usr/local/php56/etc/php-fpm.conf)

And some minutes later:
Code: 
 php-fpm56.service - The PHP FastCGI Process Manager
   Loaded: loaded (/etc/systemd/system/php-fpm56.service; enabled; vendor preset: disabled)
   Active: failed (Result: timeout) since Tue 2016-11-15 17:22:42 CET; 3min 50s ago
  Process: 9353 ExecStart=/usr/local/php56/sbin/php-fpm56 --nodaemonize (code=exited, status=0/SUCCESS)
 Main PID: 9353 (code=exited, status=0/SUCCESS)


Now i get this error in the build:
Code: 
Creating symlink for /usr/local/php70/bin/php70...
Creating symlink for /usr/local/php70/bin/php-cgi70...
Creating symlink for /usr/local/php70/bin/php-config70...
Creating symlink for /usr/local/php70/bin/phpize70...
Enabling php-fpm70 in systemd...
Job for php-fpm70.service failed because a timeout was exceeded. See "systemctl status php-fpm70.service" and "journalctl -xe" for details.
PHP 7.0.13 Installed.
Can't open /etc/httpd/conf/httpd.conf: No such file or directory.
Can't open /etc/httpd/conf/httpd.conf: No such file or directory.
Can't open /etc/httpd/conf/httpd.conf: No such file or directory.

and:
Code: 
 php-fpm70.service - The PHP FastCGI Process Manager
   Loaded: loaded (/etc/systemd/system/php-fpm70.service; enabled; vendor preset: disabled)
   Active: failed (Result: timeout) since Tue 2016-11-15 17:21:12 CET; 6min ago
  Process: 9244 ExecStart=/usr/local/php70/sbin/php-fpm70 --nodaemonize (code=exited, status=0/SUCCESS)
 Main PID: 9244 (code=exited, status=0/SUCCESS)

Please help!

Thanks in advance
flexJoly
 
uh....
maybe i mixed up the forum posts about 'webapps.sock'

It would be better if i posted a new one; but i cannot delete or edit my reply.
The problem is still there :(
 
Ghadamyari said:
As you see the chmod of your /var/www/html folder is 755 and not 551 that's why you don't see the error. I updated the permission mode of my /var/www/html folder to 755 as well and the issue has now been fixed.
Click to expand...

I have the same issue on two fresh servers setup and built with nginx_apache reverse proxy.

roundcube, squirrelmail, phpmyadmin all gave same error 403.

from Apache error log.
" AH00037: Symbolic link not allowed or link target not accessible: /var/www/html/roundcube"

so i have checked folder permissions on /var/www & /var/www/html

ll -d /var/www/
dr-xr-x--x 10 webapps nginx 4096 Nov 15 23:21 /var/www/
[root@]#
[root@]# ll -d /var/www/html
drwxr-xr-x 6 root root 4096 Dec 21 02:57 /var/www/html
Click to expand...

fixed it with "[root@]# chown webapps:webapps /var/www/html"

So i assume Custombuild is not setting folder permissions correctly at install ?

Also noticed that /var/www is webapps:nginx on one server and webapps:apache on an other server ?

did something change in custombuild between my installations?

what should /var/www ownership be ? webapps:webapps ? or webapps:nginx or webapps:apache ?

permissions 551 ?

thanks!
 
bluebirdnet said:
fixed it with "[root@]# chown webapps:webapps /var/www/html"

So i assume Custombuild is not setting folder permissions correctly at install ?

Also noticed that /var/www is webapps:nginx on one server and webapps:apache on an other server ?

did something change in custombuild between my installations?

what should /var/www ownership be ? webapps:webapps ? or webapps:nginx or webapps:apache ?

permissions 551 ?

thanks!
Click to expand...

Same here with two fresh servers. John, your idea please?
 
You must log in or register to reply here.
Back
Top