Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 22nd February 2012, 11:51
Nielsterp Nielsterp is offline
Junior Member
 
Join Date: Nov 2008
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Question Problems with Mailman on SSL site

Hi there,

I have set up ISP3, newest version, on Debian Lenny following this guide: http://www.howtoforge.com/perfect-se...ot-ispconfig-3

I have further followed the guide on how to use a SSL certificate from StartSSL. I have Webmin installed, and have given it the proper links to my certificate, and I'm using the certificate with the web interface for ISP3.

This setup works fine, I can send and recieve mails, I can administer mailing lists etc.

How ever, as soon as I enable SSL for my website, Mailman stops working. When I try to access the adm. interface at http://<my-web-site>/cgi-bin/mailman/admin/mailman, I just get an error 500 from ISP config.

When I enable SSL on my website, the "mm_cfg.py" file changes to have http:// changed to https://. Excert from the file:

Code:
DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/'
PRIVATE_ARCHIVE_URL = '/cgi-bin/mailman/private'
IMAGE_LOGOS         = '/images/mailman/'
In my despair, I tried to change this back to http://, but same error.

I have NOT enabled cgi for my website.

Can anybody help ?
Reply With Quote
Sponsored Links
  #2  
Old 22nd February 2012, 11:53
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Please post the exact error message from the error.log of the website and / or the global apache error.log.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 22nd February 2012, 12:47
Nielsterp Nielsterp is offline
Junior Member
 
Join Date: Nov 2008
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Default

/var/log/apache2/error.log:

Code:
[Tue Feb 21 14:00:08 2012] [notice] Graceful restart requested, doing restart
[Tue Feb 21 14:00:54 2012] [notice] caught SIGTERM, shutting down
[Tue Feb 21 14:17:25 2012] [notice] caught SIGTERM, shutting down
[Tue Feb 21 14:17:27 2012] [notice] Digest: done
[Tue Feb 21 16:30:11 2012] [notice] caught SIGTERM, shutting down
[Tue Feb 21 16:34:27 2012] [notice] caught SIGTERM, shutting down
[Tue Feb 21 23:31:58 2012] [notice] caught SIGTERM, shutting down
[Tue Feb 21 23:37:02 2012] [notice] caught SIGTERM, shutting down
[Tue Feb 21 23:37:04 2012] [notice] Digest: done
[Tue Feb 21 23:37:07 2012] [notice] caught SIGTERM, shutting down
[Tue Feb 21 23:37:14 2012] [notice] Digest: done
[Wed Feb 22 10:24:54 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 10:29:52 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 10:29:54 2012] [notice] Digest: done
[Wed Feb 22 10:47:07 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:26:48 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:26:55 2012] [notice] Digest: done
[Wed Feb 22 11:27:25 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:45:02 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:50:05 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:50:08 2012] [notice] Digest: done
[Wed Feb 22 11:50:14 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:50:16 2012] [notice] Digest: done
[Wed Feb 22 11:51:03 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:51:11 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 11:51:13 2012] [notice] Digest: done
[Wed Feb 22 11:54:52 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 12:27:10 2012] [notice] mod_fcgid: call /var/www/nielsterp.se/web/forside.php with wrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter
[Wed Feb 22 12:32:00 2012] [notice] caught SIGTERM, shutting down
[Wed Feb 22 12:32:00 2012] [notice] mod_fcgid: process /var/www/nielsterp.se/web/index.php(4008) exit(shutting down), terminated by calling exit(), return code: 0
[Wed Feb 22 12:32:00 2012] [notice] mod_fcgid: process /var/www/nielsterp.se/web/index.php(5846) exit(shutting down), terminated by calling exit(), return code: 0
[Wed Feb 22 12:35:57 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Wed Feb 22 12:35:57 2012] [notice] Digest: generating secret for digest authentication ...
[Wed Feb 22 12:35:57 2012] [notice] Digest: done
[Wed Feb 22 12:35:58 2012] [notice] Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2008-08-11) mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal operations
[Wed Feb 22 12:36:23 2012] [notice] mod_fcgid: call /var/www/nielsterp.se/web/index.php with wrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter
[Wed Feb 22 12:39:52 2012] [notice] mod_fcgid: call /var/www/nielsterp.se/web/Administration/index.php with wrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter
~
/var/log/ispconfig/httpd/nielsterp.se/error.log:

Code:
[Wed Feb 22 12:27:28 2012] [error] [client 83.249.50.45] Directory index forbidden by Options directive: /var/www/nielsterp.se/web/stats/, referer: https://privat.nielsterp.se/
[Wed Feb 22 12:32:06 2012] [error] Init: Private key not found
[Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218710117 error:0D094065:asn1 encoding routines:d2i_ASN1_SET:bad class
[Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Wed Feb 22 12:32:06 2012] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
[Wed Feb 22 12:35:57 2012] [warn] RSA server certificate CommonName (CN) `privat.nielsterp.se' does NOT match server name!?
[Wed Feb 22 12:35:58 2012] [warn] RSA server certificate CommonName (CN) `privat.nielsterp.se' does NOT match server name!?
[Wed Feb 22 12:36:33 2012] [error] [client 83.249.50.45] Directory index forbidden by Options directive: /var/www/nielsterp.se/web/stats/, referer: https://privat.nielsterp.se/
[Wed Feb 22 12:40:08 2012] [error] [client 83.249.50.45] suexec policy violation: see suexec log for more details
[Wed Feb 22 12:40:08 2012] [error] [client 83.249.50.45] Premature end of script headers: admin
Hope this helps ?
Reply With Quote
  #4  
Old 22nd February 2012, 14:05
Nielsterp Nielsterp is offline
Junior Member
 
Join Date: Nov 2008
Posts: 19
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi Till,

You pointed me in the right direction. There is a reference to suexec.log, wich says that the Mailman program is not in the right place.

I then disabled SUEXEC on my website, and now everything works.

The way I see it now is, that Mailman is incompatible with both SUEXEC and cgi. Is this correct ?

Thank you for your help !
Reply With Quote
  #5  
Old 22nd February 2012, 14:16
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
The way I see it now is, that Mailman is incompatible with both SUEXEC and cgi. Is this correct ?
Mailmaln is it is installed by the linux distribution is incompatible with suexec. Suexec is a security system which ensures that scripts run under the user of the website and that scripts must be located in a subdirectory of /var/www. Mailman as it is installed by the linux distribution is located in a directory outside of /var/www, so suexec prevents that the mailman cgi script is run.

The problemwith this situation is that its a security risk to run websites without suexec, but with suexec mailman stops working. The recommended worlkaoround is that you access mailman trogh the hostname of the server and not the domain name of a website, so that mailman does not collide with suexec. You can configure that in mm_cfg.py (nad its master template in /usr/local/ispconfig/server/conf/) by

DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/'

to

DEFAULT_URL_PATTERN = 'https://host.server.tld/cgi-bin/mailman/'

where host.server.tld is the hostname of your server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 20th April 2013, 22:03
HSorgYves HSorgYves is offline
Junior Member
 
Join Date: Nov 2005
Posts: 17
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Unfortunately, if there is no %s in DEFAULT_URL_PATTERN, then the mailing list is not created... :-( How to fix the URL_HOST to always the same value?

Yves

Last edited by HSorgYves; 21st April 2013 at 08:20.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help with ISPConfig 3 Update midcarolina Installation/Configuration 36 8th November 2011 22:07
When install SSL no more site access hitri Installation/Configuration 26 13th September 2011 20:27
Change from a secure ssl web site to a normal one http deco5003 Installation/Configuration 4 25th August 2011 20:23
Can't use self-signed SSL after adding real SSL cert mrjohn Installation/Configuration 1 11th January 2011 06:31
SSL Issue - Unable to connect to any site Menzor Installation/Configuration 4 27th May 2007 04:03


All times are GMT +2. The time now is 13:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.