Reverse-proxy NGINX + Apache on Directadmin powered server with CB 2.x

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Check nginx and apache logs for the particular domain and find lines related to roundcube. It's important to understand where 403 error is happening: at nginx or apache level.

Then it might be a good idea to make sure that you still use default templates and /usr/local/directadmin/data/templates/custom/ should be empty as well as /usr/local/directadmin/custombuild/custom/

And /etc/nginx/webapps.conf /etc/nginx/webapps.ssl.conf /etc/httpd/conf/extra/httpd-alias.conf should exist and be not empty.

By the way

- does it work /phpmyadmin and /webmail with your domains?
- do you have issues with issuing certificates from Let's Encrypt for your domains?
 

webwerken

New member
Joined
Jul 18, 2019
Messages
7
Check nginx and apache logs for the particular domain and find lines related to roundcube. It's important to understand where 403 error is happening: at nginx or apache level.

Then it might be a good idea to make sure that you still use default templates and /usr/local/directadmin/data/templates/custom/ should be empty as well as /usr/local/directadmin/custombuild/custom/

And /etc/nginx/webapps.conf /etc/nginx/webapps.ssl.conf /etc/httpd/conf/extra/httpd-alias.conf should exist and be not empty.

By the way

- does it work /phpmyadmin and /webmail with your domains?
- do you have issues with issuing certificates from Let's Encrypt for your domains?
Hi Alex,

Thanks for reaching out!

Just for testing I have set up a new domain. I had no problem generating the LetsEncrypt certificate. So domain/.well-known/acme-challenge is resolving.
Also accessing domain/phpmyadmin or via an alias domain/pma is working.
I have done no customizations on any template. Folder /usr/local/directadmin/data/templates/custom/ is empty and /usr/local/directadmin/custombuild/custom/ does not exist.

I could find the request back only in the apache logs :
Code:
85.144.14.85 - - [19/Jul/2019:07:46:52 +0200] "GET /roundcube/ HTTP/1.0" 302 522 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0"
85.144.14.85 - - [19/Jul/2019:07:46:52 +0200] "GET /roundcube/ HTTP/1.0" 403 556 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0"
One other strange thing. If I try to access roundcube not over the symlink /roundcube, but instead directly over its directory name hostname/roundcubemail-1.3.9. I'll get the php file downloaded with a random name and a .dms extention.

Hope this rings any bells.

Yeb
 

webwerken

New member
Joined
Jul 18, 2019
Messages
7
And /etc/nginx/webapps.conf /etc/nginx/webapps.ssl.conf /etc/httpd/conf/extra/httpd-alias.conf should exist and be not empty.
Forgot to respond on that part. Yes all 3 config files are there and have, as far as I can see it, valid content.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Something is really odd. I'd suggest that you open a ticket with DirectAdmin and ask them to check it on your server. If I connect to your server in order to investigate the case and fix it I will charge for this.
 

webwerken

New member
Joined
Jul 18, 2019
Messages
7
Something is really odd. I'd suggest that you open a ticket with DirectAdmin and ask them to check it on your server. If I connect to your server in order to investigate the case and fix it I will charge for this.
Yeah, odd it is. And the other thing is that both boxes suffer the same issue.

I will send you a DM.
 

copernic

Verified User
Joined
Jul 2, 2019
Messages
18
Nginx (Reverse proxy) with imunify360

I'm trying to compile Nginx as a reverse proxy and when compiling, I get the following error (Imunify360 is installed on the server):

22 21:24:06 vps.macnethost-dz.info nginx[2459043]: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/modsecurity.d/000_i360_0.conf. Line: 14. Column: 349. Expecting a variable, got: : PERF_COMBINED}',phase:2,log,deny,status:403,t:none,t:urlDecode,t:normalizePath,t:lowercase,rev:'1',maturity:'1',severity:2,ctl:RuleEngine=on" in /etc/nginx/nginx-modsecurity-enable.conf:2

Has any of you managed to configure Nginx (reverse proxy) with Imunifu 360?
Thanks for your help.
 

ardantus

New member
Joined
Sep 2, 2019
Messages
5
How to edit default vhost port 8080 to 80 and 8081 to 443, because every i create an account must manualy change that port and show Apache is fuctioning normaly
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
You don't need to change port 8080 to 80 when using Nginx+Apache. You might be trying to solve an issue a wrong way.
 

justjosh

New member
Joined
Oct 13, 2019
Messages
18
nginx_apache serving 403 errors for static files

Hi all,

I recently switched from apache to nginx_apache using CB to rewrite_confs. I'm running into a problem where static files not being served.

I checked nginx error logs and I notice that it throws permission denied errors.

2019/10/14 00:49:27 [error] 8330#0: *73 open() "/home/x/domains/x.com/public_html/testjs.js.gz" failed (13: Permission denied), client: x, server: x.com, request: "GET /testjs.js HTTP/1.1", upstream: "http://server_ip:8080/testjs.js", host: "x.com"
2019/10/14 00:49:27 [error] 8330#0: *73 open() "/home/x/domains/x.com/public_html/testjs.js" failed (13: Permission denied), client: x, server: x.com, request: "GET /testjs.js HTTP/1.1", upstream: "http://server_ip:8080/testjs.js", host: "x.com"

I created a fresh testjs.js file and filled it with plain text and the file loads fine. When I replace the contents with real javascript the 403s appear. Same issue with .css files. Image files and php scripts work ok strangely.
 

justjosh

New member
Joined
Oct 13, 2019
Messages
18
Hello,

Not sure why my earlier post didn't go through.

I switched from pure apache to nginx_apache and I ran into the problem of static files throwing up 403s. This would happen for javascript and css files but only if the content was really script. This means that if I edited the .js file to plain text contents, the file would be served perfectly. Replace that with javascript code and it would throw a 403 error. Strangely, images are served correctly.

Looking at nginx logs it shows a error 13 permission error when trying to access the files. Files are 644 so it's not a perms issue.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Try and see whether or not it helps:
Code:
/usr/local/directadmin/scripts/set_permissions.sh all
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
If nginx fails to open a file with an error 13: Permission denied it might be caused by wrong permissions on the target file or on parent folders. Check permissions and fix them.
 

justjosh

New member
Joined
Oct 13, 2019
Messages
18
If nginx fails to open a file with an error 13: Permission denied it might be caused by wrong permissions on the target file or on parent folders. Check permissions and fix them.
Perms are 644 for files and 750 for folders. Checked multiple times.

The error only shows for .js and .css files with real code. Created a fresh .js file and filled it with plain text with no issues, copy contents from 403ed .js file and immediately get 403 on the new .js file. Change it back to plain text and 403 goes away. .php files in the same directory have no problems.

Switch back to pure apache and no more 403s on the same file.

Completely lost on what's the cause.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,854
Location
GMT +7.00
Folders under public_html/private_html should have 755, permissions on other parents folders are stricter.
 

justjosh

New member
Joined
Oct 13, 2019
Messages
18
Folders under public_html/private_html should have 755, permissions on other parents folders are stricter.
The nested folders with the .js and .css are 755 but the parent folder is 750. I assume it's because the parent folder is a subdomain folder.

Folder structure:

/public_html/<subdomain_folder>/js/<problem_script>.js

Perms are:

/755/750/755/644
 
Top