IspConfig + Debian 9 + Nginx 1.12 + MySQL 5.7: "/usr/local/ispconfig/interface/web/index.php" is for

Discussion in 'General' started by Abdelkarim Mateos, Feb 12, 2018.

  1. Abdelkarim Mateos

    Abdelkarim Mateos New Member

    I need work on server with latest Nginx 1.12 (installed from original source), MySQL 5.7 (json native support instead fake MariaDB JSON)
    After install al system get problem with Ispconfig Admin interface:

    2018/02/12 14:04:30 [error] 710#710: *4 "/usr/local/ispconfig/interface/web/index.php" is forbidden (13: Permission denied), client: 83.51.71.XXX, server: _, request: "GET / HTTP/1.1", host: "kvm693.XXX.XXX:8080"
    server {
            listen 8080;
            #listen [::]:8080 ipv6only=on;
        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt;
            ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key;
            ssl_prefer_server_ciphers on;
        # redirect to https if accessed with http
        error_page 497 https://$host:8080$request_uri;
            root   /usr/local/ispconfig/interface/web/;
            client_max_body_size 20M;
            location / {
                   index index.php index.html;
            # serve static files directly
            location ~* ^.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
                   access_log        off;
            location ~ \.php$ {
                   try_files $uri =404;
                   include /etc/nginx/fastcgi_params;
                   fastcgi_pass unix:/var/lib/php7.0-fpm/ispconfig.sock;
                   fastcgi_index index.php;
                   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                   #fastcgi_param PATH_INFO $fastcgi_script_name;
                   fastcgi_buffer_size 128k;
                   fastcgi_buffers 256 4k;
                   fastcgi_busy_buffers_size 256k;
                   fastcgi_temp_file_write_size 256k;
                   fastcgi_read_timeout 1200;
               fastcgi_param HTTP_PROXY "";
            location ~ /\. {
                   deny  all;
    Also try put /usr/local/ispconfig/interface/web/index.html and porblem is same.

    Server default work fine with html index.html of ngix. (Not try with php)
    Last edited: Feb 12, 2018
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This won't work as they install Nginx under a wrong user 'nginx' instead of 'www-data'. You should be able to get a more recent nginx server from dotdeb which is compatible to the standard nginx package from Debian.
  3. Abdelkarim Mateos

    Abdelkarim Mateos New Member

    Thanks for idea. I forget user question.

    But you reply for dotdeb... and dotdeb has not repor for "stretch"...
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, then your only chance is to reconfigure the nginx you use to run under the www-data user and group and to use the exact same paths and service name than the nginx that ships with Debian.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    ahrasis likes this.
  6. Loveless

    Loveless Member

    The ubuntu sources are 100% compatible with debian stretch, so you can get NGINX 1.13.x with full ALPN and HTTP 2.0 support. I have yet to encounter a bug with this version, been using 1.13.x for over a year already. Here's how to install in Debian 9.x :
    Run this to add the apt source:
    sudo bash -c 'cat << EOF >> /etc/apt/sources.list.d/nginx.list
    # stretch-backports
    deb stretch-backports main contrib non-free
    deb-src stretch-backports main contrib non-free
    # Nginx pre built packages
    deb stretch nginx
    deb-src stretch nginx
    Since I trust nginx and debian to securely maintain packages, I'll ignore the missing key, for now, and install using;
    apt-get install -t stretch-backports nginx -y --allow-unauthenticated
    As soon as the debian main package stream catches up to ubuntu, you can easily switch back to their apt sources.

Share This Page