Fresh install - Permission denied to upload file to web document root, denied TLS on FTP

Discussion in 'ISPConfig 3 Priority Support' started by Oniell121, Dec 21, 2019.

  1. Oniell121

    Oniell121 New Member HowtoForge Supporter

    Hello! I'm pretty new to this. I have recently followed the perfect server ubuntu guide and everything seems to have gone well. This server is just my personal server running at home. It's under a DDNS domain of "blandranch.ddns.net". Everything installed correctly and the server is serving up well. All needed/listed ports are forwarded at my server VM instance where ISPConfig is installed.

    When I login to my server via SSH/sFTP, I can download files from "/var/www/html/" but I am getting access denied when I try to upload there via SFTP and it only works if I "sudo -i" myself and get root.

    I don't have another domain to point to myself, just the DDNS domain.

    I next created a site in ISPConfig with the domain of my DDNS address of "blandranch.ddns.net" and created an FTP user. When I try to connect to it via TLS, I get the following:
    Command: AUTH TLS
    Response: 234 AUTH TLS OK.
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Command: USER defaultnathaniel
    Error: GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated.
    Status: Server did not properly shut down TLS connection
    Error: Could not read from socket: ECONNABORTED - Connection aborted
    Error: Could not connect to server
    Status: Disconnected from server


    In addition, visiting blandranch.ddns.net still appears to point to the main web directory in /var/www/html/

    So, I've apparently misunderstood something or done something wrong. Any ideas?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The final website root is the path /var/www/yourdomain.tld/web/ This path can be accessed only by root or by the website user (the user which owns the site). If you want to access the site by SCP, create an SSH user in ISPConfig without jail. The folder /var/www/html/ is the so-called default website and it's normally not used on ISPConfig systems, the right folder will get used when we fixed the other issue that the domain does not point to the right folder.

    This might be related to the FTP client software. I guess you use FileZilla? The latest FileZilla version has some problems with the pureFTPD FTP server, the solution is either to use a different FTP client or an older FileZilla version or you have to try to install a newer pure-ftpd-mysql tthan the one that ships with Ubuntu. If using FileZilla is not a must, then using a different client is probably the easiest workaround, try using the free program WinSCP when you use Windows on the Desktop, there choose FTP as connection method and choose to encrypt with TLS in the encryption option. The general issue will probably resolve itself sooner or later when Ubuntu ships a newer pure ftpt server, but for now, the above-mentioned options are the way to solve this.


    Please post the result of the commands:

    sudo hostname

    and

    sudo hostname -f

    and which exact domain did you use for the website that you created in ISPConfig?
     
    Oniell121 likes this.
  3. Oniell121

    Oniell121 New Member HowtoForge Supporter


    Yep!

    And it did!



    As expected from during the setup, the hostnames are what I set in the hosts file. I've got both localhost and my DDNS domain with the LAN IP.

    Code:
    [email protected]:~$ sudo hostname -f
    blandranch.ddns.net
    [email protected]:~$ sudo hostname
    blandranch
    

    If it helps, my hosts file is:
    Code:
    127.0.0.1 localhost
    192.168.3.43 blandranch.ddns.net blandranch
    

    See attached screen grab for the exact fill value.
     

    Attached Files:

  4. Oniell121

    Oniell121 New Member HowtoForge Supporter

    I don't know if it matters, but DDNS only generates an "A" record in the DNS for that. Though, it should still point to the right IP.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Try selecting the IPv4 address (the internal IP) in the IPv4 field of the website instead of *.
     
  6. Oniell121

    Oniell121 New Member HowtoForge Supporter

    Boom. That did it. So, educate me, what exactly is that field doing?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The problem with your setup is that you tried to create a website that matches the server hostname, normally the server hostname is left alone and used for the default vhost in /var/www/html/ only. If you create a site for the exact same subdomain of the server hostname in apache, then this vhost can not use the * wildcard, it must use the IP address. But this also means that you have to use for all websites that you create in future the IP as well as you can't mix * and IP on a server.
     

Share This Page