ISPConfig 3.0.5 RC 1 released for testing

[gjm31]

It was wrong, however corrected it, restarted httpd, still same errors.

How would simply updating from 3.0.4 to 3.0.5rc1 break it ?

[gjm31]

[root@centos httpd]# cat /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter
#!/bin/sh
PHPRC=/etc/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=1
exec /usr/bin/php -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/server/temp
[root@centos httpd]# whereis php
php: /usr/bin/php /etc/php.ini /etc/php.d /usr/lib64/php /usr/include/php /usr/share/php /usr/share/man/man1/php.1.gz
[root@centos httpd]#

[till]

The php fastcgi binary does not nescessarily has the name "php", on most distributions it is nmed php-cgi or php5-cgi while the binary with the name "php" is just the php cli version.

Quote:

How would simply updating from 3.0.4 to 3.0.5rc1 break it ?

Did you install our server exactly as described in the perfect setup guide?

[gjm31]

Still no luck here.

And yes installed it exact, and as said, worked fine on 3.0.4, but the update to 3.0.5rc1 has totally broken it

[gjm31]

[root@centos httpd]# cat /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter
#!/bin/sh
PHPRC=/etc/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=1
exec /usr/bin/php-cgi -d magic_quotes_gpc=off -d session.save_path=/usr/local/ispconfig/server/temp
[root@centos httpd]#

[root@centos httpd]# whereis php-cgi
php-cgi: /usr/bin/php-cgi
[root@centos httpd]#

[Sun Dec 30 17:21:45 2012] [warn] [client 192.168.1.4] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Sun Dec 30 17:21:45 2012] [error] [client 192.168.1.4] Premature end of script headers: index.php

[till]

Did you restart apache? A reload is not enough!

[gjm31]

yes

did a restart of apache, and still same problems, just really dont get how 3.0.4 would work and now 3.0.5 doing this?

[till]

Quote:

did a restart of apache, and still same problems, just really dont get how 3.0.4 would work and now 3.0.5 doing this?

Thousands of lines of code have been changed or added and the new setup is stricter and more secure, so this can lead to problems. We did not had such a problem in our tests, I will add your problem to our bugtracker so we can test it on centos 6.3 again.

What you can do as a workaround is to edit the /etc/httpd/sites-enabled/000-ispconfig.vhost file and remove the # in fron of the line:

# <IfModule mod_php5.c>

until:

# </IfModule>

and restart apache.

[Typhon]

This version seems to complete everything he failed to ISPConfig
This is perfect!
However I have some suggestions:
Major security problems :
-Check if the mail you want use is not already used by another
-Secure domain-management, because right now we can use any domain name that is well configured or not and the most important is that you can use the domain name of the other clients, even that is the domain of the host causing a problem with the security (easy Fishing for every one !)
-So there is a very big problem: If a client makes a false certificate SS ... all the server (apache) crash! and without exception! Without exception!
It was all i think..

[till]

Quote:

-Check if the mail you want use is not already used by another
-Secure domain-management, because right now we can use any domain name that is well configured or not and the most important is that you can use the domain name of the other clients, even that is the domain of the host causing a problem with the security (easy Fishing for every one !)

This is a configuration issue in your install and not a security issue as ispconfig has functions to protect you against this. The function is named domain limit. Go to System > Interface > Main config and enable the checkbox "Use the domain limits in client module to add new domains" to enable the domain limit function.

The domain limit function is visible then in the left menu of the client module.

Quote:

-So there is a very big problem: If a client makes a false certificate SS ... all the server (apache) crash! and without exception! Without exception!

This problem existed in 3.0.4.6 as apache is not able to skip malformed ssl certificates. It has been solved in 3.0.5 by including the ssl configuration part into the config rollback, so a client can not crahs apache anymore as ispconfig will use the last working configuration or ssl certificate.