Debian squeeze to jessie ... multiple problems with apache, ispconfig3, websites...

Discussion in 'Installation/Configuration' started by rdan, Mar 12, 2016.

  1. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

  2. rdan

    rdan Member

    As I mentioned earlier, the /etc/apache2/conf-available/roundcube.conf file is a symbolic link to /etc/roundcube/apache.conf file which I edited. On top of that, the roundcube.conf file in /etc/apache2/conf-enabled is a pointer to the one in conf-available which is a symbolic link to the /etc/roundcube/apache.conf file mentioned above.
    I didn't go into the roundcube installation procedures as outlined in Till's recent tutorial because I'm running on an installation I made back in 2011 based on Thomas' Extending Perfect Server - Debian Squeeze [ISPConfig 3]. The installation of Thomas' modifications was done after going through Till's initial instructions sometime back in 2011. It was complicated enough to Thomas' installation and I worried that going back to the "normal" installation might cause a lot of problems.
    Things have deteriorated enough that I might be better off taking out roundcube and re-installing it with the debian 8 - jessie procedure. However, once again I'm not sure that I can avoid big problems interfering with the Thomas modifications. Can you (or Till) advise me about whether or not I can get out of this mess without scrubbing everything and reinstalling ispconfig3?
    As an afterthought, my other problems with fail2ban and rkhunter might be related to the Thomas modifications too.
     
  3. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    You probably don't have to do much to your roundcube installation, just just adopt the php-related sections to the config from the howto.
    What kind of an issue you have with rkhunter and fail2ban?
     
  4. rdan

    rdan Member

    Well, I made the "require all granted/denied" edits to the configuration file, and added all the mod_php5 material. Now I get a login prompt asking for username, password and server. In my old configuration, the server was recognized, as was the port. However, now it does not recognize either category and I cannot seem to put the server name in by hand either. Of course, I had set it up last time to use the https port so that might be a problem here. Anyway, it is recognizing the mail program.
     
  5. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    Do you mean this
    Code:
    $rcmail_config['default_host'] =
    $rcmail_config['smtp_server']
     =
    
    part of the roundcube config not recognizing the correct domain?
     
  6. rdan

    rdan Member

    Thanks. Changing the hostname to my server helped eliminate the Servername line, but I still couldn't login. It could be because I'm using a non-standard ssl port. Using an ssl://...../webmail/ address didn't help, nor did an http://.....:sslport/webmail/ address. I keep coming back to questions about the modifications made in the Extending Perfect Server modifications.
    Another problem might be that I have not gone ahead and installed the recent roundcube plugin for ispconfig. I've already installed that before and (maybe incorrectly) assumed that it is already installed. Once I can successfully login with a username, maybe I have to go ahead and install the plugin before anything linked to ispconfig users can be seen.
    I think I have solved the rkhunter problem, but have made no progress on fail2ban. Ispconfig says that fail2ban is not installed, but at the command level, apt-get says that it is installed.
     
    Last edited: Mar 22, 2016
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Check if fail2ban is running e.g. with ps command. If it is running, then the ispconfig check is wrong.
     
  8. rdan

    rdan Member

    Thanks. Fail2ban is not running. Only ps, sudo and bash are running.
    Using /etc/init.d/fail2ban status, I get
    ● fail2ban.service - LSB: Start/stop fail2ban
    Loaded: loaded (/etc/init.d/fail2ban)
    Active: active (exited) since Sat 2016-03-19 02:29:26 EDT; 3 days ago
    Process: 3946 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS)
    Process: 3956 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS)

    Mar 19 02:29:26 www.xxxxxxxx.com fail2ban[3956]: Starting authentication failure monitor: fail2banERROR Found no accessible config files for 'filter.d/sasl' under /etc/fail2ban
    Mar 19 02:29:26 www.xxxxxxxx.com fail2ban[3956]: ERROR Unable to read the filter
    Mar 19 02:29:26 www.xxxxxxxx.com fail2ban[3956]: ERROR Errors in jail 'sasl'. Skipping...
    Mar 19 02:29:26 www.xxxxxxxx.com fail2ban[3956]: ERROR No file(s) found for glob /usr/local/roundcube/logs/errors
    Mar 19 02:29:26 www.xxxxxxxx.com fail2ban[3956]: ERROR Failed during configuration: Have not found any log file for roundcube jail
    Mar 19 02:29:26 www.xxxxxxxx.com fail2ban[3956]: failed!
    So sasl is not working well and I don't seem to have the log files for roundcube. Is this insurmountable or should I keep trying? If you recall, we had a conversation several years ago about the Thomas tutorial extending ispconfig. I think your point was that it was not a good idea to do it, but I had already done it and couldn't go backwards. Now I might be in enough trouble that it is no longer realistic to try to fix things and it might be better to re-install the operating system, ispconfig and my websites. I'm not sure I want to go to that trouble, but I seem to have caused ztk.me quite a bit of time on this issue. Now I am taking your time as well.
     
  9. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    Check your /etc/fail2ban/jail.local
    Change
    Code:
    [sasl]
    to
    [postfix-sasl]
    
    Make sure that

    /etc/fail2ban/filter.d/postfix-sasl.conf exists and it's last line is
    Code:
    ignoreregex =
    
    to find the roundcube config try
    Code:
    $cd /etc/fail2ban
    $grep -Hirn roundcube
    
    should reveal your roundcube config file, now go to roundcube and setup logging / path for logfile, created it if needed and give propper permissions to let roundcube write to that file and adjust the fail2ban filter.
    Maybe you need to add it to logrotate daemon, too.
     
  10. rdan

    rdan Member

    Well, it's quite awhile since your last post. I was too busy to get back to this until now and it seemed like with the exception of mail, things were more or less working. I discovered that fail2ban would not restart every week, but I could get it going by executing a /etc/init.d/fail2ban restart command every week after the log files were renewed. I managed to get rkhunter working and the logfiles rotate all right every week.
    However, I have never been able to get mail working since March. The login page to Roundcube is showing fine, but no login is executed. The message is that the connection to the IMAP server failed.
    In March I thought that all the webs were working, but one is not. No connection to the server is possible and the error message is as follows:
    PDOException: SQLSTATE[28000] [1045] Access denied for user 'xxxxxxx'@'localhost' (using password: YES) in lock_may_be_available() (line 167 of /var/www/clients/clientx/weby/web/includes/lock.inc).
    Again, I'm sorry to keep this request open. Thanks for your earlier help.
     
  11. rdan

    rdan Member

    Just wondering whether my Jun 1/16 message was received. I'm still having problems with mail (no mail since March) and two of my webs have the PDO exception.
    I made a new posting in the contributer section of IspConfig3 asking about how to re-install, but Till give me a link to a series of postings about how to save/restore an existing IspConfig system. However, since my present system is not really responding, I wasn't sure whether or not saving anything from the old system was worthwhile.
    I tried the system test (intro post for this forum). It did not work and there was no output. Again, sorry to keep this request open.
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Seems as if the mysql user or password is wrong. set a new password for this website database trough ispconfig and then set this new password in the files of this cms.

    Btw. If you can not solve this yourself, then you should consider contacting Florian @florian030 , he provides the business support for ISPConfig and might be able to fix your system by remote login.
     

Share This Page