Reverse-proxy NGINX + Apache on Directadmin powered server with CB 2.x


Check nginx and apache logs for the particular domain and find lines related to roundcube. It's important to understand where 403 error is happening: at nginx or apache level.

Then it might be a good idea to make sure that you still use default templates and /usr/local/directadmin/data/templates/custom/ should be empty as well as /usr/local/directadmin/custombuild/custom/

And /etc/nginx/webapps.conf /etc/nginx/webapps.ssl.conf /etc/httpd/conf/extra/httpd-alias.conf should exist and be not empty.

By the way

- does it work /phpmyadmin and /webmail with your domains?
- do you have issues with issuing certificates from Let's Encrypt for your domains?
 
Check nginx and apache logs for the particular domain and find lines related to roundcube. It's important to understand where 403 error is happening: at nginx or apache level.

Then it might be a good idea to make sure that you still use default templates and /usr/local/directadmin/data/templates/custom/ should be empty as well as /usr/local/directadmin/custombuild/custom/

And /etc/nginx/webapps.conf /etc/nginx/webapps.ssl.conf /etc/httpd/conf/extra/httpd-alias.conf should exist and be not empty.

By the way

- does it work /phpmyadmin and /webmail with your domains?
- do you have issues with issuing certificates from Let's Encrypt for your domains?

Hi Alex,

Thanks for reaching out!

Just for testing I have set up a new domain. I had no problem generating the LetsEncrypt certificate. So domain/.well-known/acme-challenge is resolving.
Also accessing domain/phpmyadmin or via an alias domain/pma is working.
I have done no customizations on any template. Folder /usr/local/directadmin/data/templates/custom/ is empty and /usr/local/directadmin/custombuild/custom/ does not exist.

I could find the request back only in the apache logs :
Code:
85.144.14.85 - - [19/Jul/2019:07:46:52 +0200] "GET /roundcube/ HTTP/1.0" 302 522 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0"
85.144.14.85 - - [19/Jul/2019:07:46:52 +0200] "GET /roundcube/ HTTP/1.0" 403 556 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0"

One other strange thing. If I try to access roundcube not over the symlink /roundcube, but instead directly over its directory name hostname/roundcubemail-1.3.9. I'll get the php file downloaded with a random name and a .dms extention.

Hope this rings any bells.

Yeb
 
And /etc/nginx/webapps.conf /etc/nginx/webapps.ssl.conf /etc/httpd/conf/extra/httpd-alias.conf should exist and be not empty.

Forgot to respond on that part. Yes all 3 config files are there and have, as far as I can see it, valid content.
 
Something is really odd. I'd suggest that you open a ticket with DirectAdmin and ask them to check it on your server. If I connect to your server in order to investigate the case and fix it I will charge for this.
 
Something is really odd. I'd suggest that you open a ticket with DirectAdmin and ask them to check it on your server. If I connect to your server in order to investigate the case and fix it I will charge for this.

Yeah, odd it is. And the other thing is that both boxes suffer the same issue.

I will send you a DM.
 
Nginx (Reverse proxy) with imunify360

I'm trying to compile Nginx as a reverse proxy and when compiling, I get the following error (Imunify360 is installed on the server):

22 21:24:06 vps.macnethost-dz.info nginx[2459043]: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/modsecurity.d/000_i360_0.conf. Line: 14. Column: 349. Expecting a variable, got: : PERF_COMBINED}',phase:2,log,deny,status:403,t:none,t:urlDecode,t:normalizePath,t:lowercase,rev:'1',maturity:'1',severity:2,ctl:RuleEngine=on" in /etc/nginx/nginx-modsecurity-enable.conf:2

Has any of you managed to configure Nginx (reverse proxy) with Imunifu 360?
Thanks for your help.
 
How to edit default vhost port 8080 to 80 and 8081 to 443, because every i create an account must manualy change that port and show Apache is fuctioning normaly
 
You don't need to change port 8080 to 80 when using Nginx+Apache. You might be trying to solve an issue a wrong way.
 
nginx_apache serving 403 errors for static files

Hi all,

I recently switched from apache to nginx_apache using CB to rewrite_confs. I'm running into a problem where static files not being served.

I checked nginx error logs and I notice that it throws permission denied errors.

2019/10/14 00:49:27 [error] 8330#0: *73 open() "/home/x/domains/x.com/public_html/testjs.js.gz" failed (13: Permission denied), client: x, server: x.com, request: "GET /testjs.js HTTP/1.1", upstream: "http://server_ip:8080/testjs.js", host: "x.com"
2019/10/14 00:49:27 [error] 8330#0: *73 open() "/home/x/domains/x.com/public_html/testjs.js" failed (13: Permission denied), client: x, server: x.com, request: "GET /testjs.js HTTP/1.1", upstream: "http://server_ip:8080/testjs.js", host: "x.com"

I created a fresh testjs.js file and filled it with plain text and the file loads fine. When I replace the contents with real javascript the 403s appear. Same issue with .css files. Image files and php scripts work ok strangely.
 
Hello,

Not sure why my earlier post didn't go through.

I switched from pure apache to nginx_apache and I ran into the problem of static files throwing up 403s. This would happen for javascript and css files but only if the content was really script. This means that if I edited the .js file to plain text contents, the file would be served perfectly. Replace that with javascript code and it would throw a 403 error. Strangely, images are served correctly.

Looking at nginx logs it shows a error 13 permission error when trying to access the files. Files are 644 so it's not a perms issue.
 
If nginx fails to open a file with an error 13: Permission denied it might be caused by wrong permissions on the target file or on parent folders. Check permissions and fix them.
 
If nginx fails to open a file with an error 13: Permission denied it might be caused by wrong permissions on the target file or on parent folders. Check permissions and fix them.

Perms are 644 for files and 750 for folders. Checked multiple times.

The error only shows for .js and .css files with real code. Created a fresh .js file and filled it with plain text with no issues, copy contents from 403ed .js file and immediately get 403 on the new .js file. Change it back to plain text and 403 goes away. .php files in the same directory have no problems.

Switch back to pure apache and no more 403s on the same file.

Completely lost on what's the cause.
 
Folders under public_html/private_html should have 755, permissions on other parents folders are stricter.
 
Folders under public_html/private_html should have 755, permissions on other parents folders are stricter.

The nested folders with the .js and .css are 755 but the parent folder is 750. I assume it's because the parent folder is a subdomain folder.

Folder structure:

/public_html/<subdomain_folder>/js/<problem_script>.js

Perms are:

/755/750/755/644
 
UPDATE #1: Real IP on Apache`s server-status page (*** ACTUAL VERSION OF APACHE SHOULD HAVE IT FIXED ALREADY ***)


Please do not follow this update #1 if you have the latest apache version with a patch that fixes the issue!

Well, I am using Apache/2.4.41 version (and also, Centos 8). Despite this, do we need that? I mean, is it necessary?
 
Hi, I have a virtual server with root and custom build 2. I don't know if config files were changed. Is it safe to use this instruction to add nginx? I have several websites running on apache and I don't want to spoil anything.
 
Back
Top