adds /login in front of domain

Discussion in 'Installation/Configuration' started by ferra, Apr 9, 2020.

  1. ferra

    ferra Member

    Hello,
    I just installed ispconfig 3.1.15p3 on ubuntu 18.04, everytime I create a new website it adds /login in front of the web page when accessing it, like
    test.com/login
    and shows the ispconfig logo like the admin page

    cannot find the reason

    any idea?
    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe you entered port 80 or 443 instead of port 8080 during ISPConfig installation as port for the ISPConfig interface?
     
  3. ferra

    ferra Member

    I don't remember doing that. I can access ispconfig admin with port 8080, and ispconfig.vhost is configured with port 8080
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    May you please post a screenshot of that /login URL from one of the affected sites?
     
  5. ferra

    ferra Member

    Yes of course. One site we created for testing:

    upload_2020-4-9_21-25-38.png
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, very strange. Did you add any global aliases in the web server or any other manual edits in the web servers config files?
     
  7. ferra

    ferra Member

    I installed a certificate in ispconfig.vhost:

    SSLCertificateFile /usr/local/ispconfig/interface/ssl/server2.crt
    # SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/server2.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    SSLCACertificateFile /usr/local/ispconfig/interface/ssl/gd_bundle.crt

    And I edit /usr/share/phpmyadmin/libraries/sql.lib.php, to solve the phpmyadmin problem

    ((empty($analyzed_sql_results['select_expr']))
    || (count($analyzed_sql_results['select_expr']) == 1)
    && ($analyzed_sql_results['select_expr'][0] == '*'))
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    That should be ok and not causing the issue. may you please post the while ispconfig.vhost file?
     
  9. ferra

    ferra Member

    # cat ispconfig.vhost
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################

    Listen 8080
    NameVirtualHost *:8080

    <VirtualHost _default_:8080>
    ServerAdmin [email protected]

    <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>
    <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
    SetHandler None
    </FilesMatch>
    </Directory>

    <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
    Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
    AllowOverride AuthConfig Indexes Limit Options FileInfo
    <FilesMatch "\.php$">
    SetHandler fcgid-script
    </FilesMatch>
    FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
    Require all granted
    </Directory>
    IPCCommTimeout 7200
    MaxRequestLen 15728640
    </IfModule>

    <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
    # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
    Options +FollowSymLinks
    AllowOverride None
    Require all granted
    php_value magic_quotes_gpc 0
    </Directory>
    </IfModule>

    # ErrorLog /var/log/apache2/error.log
    # CustomLog /var/log/apache2/access.log combined
    ServerSignature Off

    <IfModule mod_security2.c>
    SecRuleEngine Off
    </IfModule>

    # SSL Configuration
    SSLEngine On
    SSLProtocol All -SSLv3
    # SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/server2.crt
    # SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/server2.key
    #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    SSLCACertificateFile /usr/local/ispconfig/interface/ssl/gd_bundle.crt

    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder On

    <IfModule mod_headers.c>
    # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
    Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
    Header set X-Content-Type-Options: nosniff
    Header set X-Frame-Options: SAMEORIGIN
    Header set X-XSS-Protection: "1; mode=block"
    Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
    <IfVersion >= 2.4.7>
    Header setifempty Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    <IfVersion < 2.4.7>
    Header set Strict-Transport-Security "max-age=15768000"
    </IfVersion>
    RequestHeader unset Proxy early
    </IfModule>

    SSLUseStapling On
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors Off
    </VirtualHost>

    <IfModule mod_ssl.c>
    SSLStaplingCache shmcb:/var/run/ocsp(128000)
    </IfModule>

    <Directory /var/www/php-cgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>

    <Directory /var/www/php-fcgi-scripts>
    AllowOverride None
    Require all denied
    </Directory>



    # cat ispconfig.conf
    ################################################
    # ISPConfig Logfile configuration for vlogger
    ################################################

    SetEnvIf Request_URI "^/datalogstatus.php$" dontlog

    LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
    CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig env=!dontlog

    <Directory /var/www/clients>
    AllowOverride None
    Require all denied
    </Directory>

    # Do not allow access to the root file system of the server for security reasons
    <Directory />
    Options -Indexes
    AllowOverride None
    Require all denied
    </Directory>

    <Directory /var/www/conf>
    AllowOverride None
    Require all denied
    </Directory>

    # Except of the following directories that contain website scripts
    <Directory /usr/share/phpmyadmin>
    Require all granted
    </Directory>

    <Directory /usr/share/phpMyAdmin>
    Require all granted
    </Directory>

    <Directory /srv/www/htdocs>
    Require all granted
    </Directory>

    <Directory /usr/share/squirrelmail>
    Require all granted
    </Directory>

    # Allow access to mailman on OpenSuSE
    <Directory /usr/lib/mailman/cgi-bin>
    Require all granted
    </Directory>

    <Directory /usr/lib/mailman/icons>
    Require all granted
    </Directory>

    <Directory /var/lib/mailman/archives/>
    Options +FollowSymLinks
    Require all granted
    </Directory>

    # allow path to awstats and alias for awstats icons
    <Directory /usr/share/awstats>
    Require all granted
    </Directory>

    Alias /awstats-icon "/usr/share/awstats/icon"

    Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
    <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
    Require all granted
    <IfModule mpm_itk_module>
    AssignUserId www-data www-data
    </IfModule>
    </Directory>

    NameVirtualHost *:80
    NameVirtualHost *:443
    NameVirtualHost 192.168.133.1:80
    NameVirtualHost 192.168.133.1:443
     
  10. ferra

    ferra Member

  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The ispconfig vhost looks fine, but you should not have edited it as your changes will get removed automatically. Instead of editing the file, just replace the content of the SSL files. I'll recommend to change that now, otherwise your system will become inaccessible on next update.

    But this does not explain the issue, beside of the wrong SSL paths, the file looks ok.
     
  12. ferra

    ferra Member

    Ok, I just did it. Do you thinh if I run the update could reslove the issue?
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    I don't think so. What you might try is this:

    grep -r login /etc/apache2

    to find all apache config files that contain the word login, maybe this helps us to narrow down why this happens. And one other thing, did you try another browser or your browser in anon mode, maybe it's just some kind of cached redirect.
     
  14. ferra

    ferra Member

    # grep -r login /etc/apache2
    #
    Returns nothing
    I just clean the browser cache and change to a private windows. And still the same login page
     
  15. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    What do you get from 'apachectl -S'?
     
  16. ferra

    ferra Member

    ~# apachectl -S
    AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
    VirtualHost configuration:
    *:8081 alfa.techsul.pt (/etc/apache2/sites-enabled/000-apps.vhost:9)
    *:8080 alfa.techsul.pt (/etc/apache2/sites-enabled/000-ispconfig.vhost:9)
    *:443 techsul.pt (/etc/apache2/sites-enabled/100-techsul.pt.vhost:120)
    *:80 is a NameVirtualHost
    default server alfa.techsul.pt (/etc/apache2/sites-enabled/000-default.conf:1)
    port 80 namevhost alfa.techsul.pt (/etc/apache2/sites-enabled/000-default.conf:1)
    port 80 namevhost techsul.pt (/etc/apache2/sites-enabled/100-techsul.pt.vhost:7)
    alias www.techsul.pt
    alias www.techsul.com
    alias techsul.com
    port 80 namevhost teste.pt (/etc/apache2/sites-enabled/100-teste.pt.vhost:7)
    alias www.teste.pt
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex default: dir="/var/run/apache2/" mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex fcgid-pipe: using_defaults
    Mutex authdigest-opaque: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex authdigest-client: using_defaults
    Mutex fcgid-proctbl: using_defaults
    Mutex ssl-stapling: using_defaults
    Mutex proxy: using_defaults
    Mutex ssl-cache: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    Define: ENABLE_USR_LIB_CGI_BIN
    User: name="www-data" id=33
    Group: name="www-data" id=33
     
  17. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    Trying to run some queries there, I note that techsul.pt answers with nginx, not apache, and not at all for teste.pt; perhaps that's just how your public->private forwarding is setup.

    What is the DocumentRoot in /etc/apache2/sites-enabled/000-default.conf? What all do you have under /var/www/html ?
     
  18. ferra

    ferra Member

    Note, this is a closed environment, techsul.pt you can see is the actual site, not this one we are testing.
    To access this environment you need to include in your host file 148.69.123.106 www.teste.pt

    /etc/apache2/sites-enabled/000-default.conf
    DocumentRoot /var/www/html
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
    </VirtualHost>
     
  19. ferra

    ferra Member

    I found the problem
    Was the reverse proxy of the firewall
    Sorry for your time
    I just scolded the firewall guy
     
    till likes this.

Share This Page