Issue starting Apache2

Discussion in 'Installation/Configuration' started by Dave B, Jan 24, 2021.

  1. Dave B

    Dave B Member

    Ahh no it doesn't unfortunately
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Run a force update and let it generate a cert:
    Code:
    ispconfig_update.sh --force
     
  3. Dave B

    Dave B Member

    Hi Th0m
    I have forced an update and generated a new cert and also restarted the VPS but still getting the same error
     

    Attached Files:

    • SSL.jpg
      SSL.jpg
      File size:
      21.3 KB
      Views:
      3
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you try using a different browser/machine?
     
  5. Dave B

    Dave B Member

    Hi Th0m

    I have tried from my work pc on firefox and got the below error

    An error occurred during a connection to server1.dutyhosts.net:8080. SSL received a record that exceeded the maximum permissible length.

    Error code: SSL_ERROR_RX_RECORD_TOO_LONG
     
    Last edited: Jan 26, 2021
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Did you let ISPConfig reconfigure apache when updating?
     
  7. Dave B

    Dave B Member

    Hi, Th0m
    I did yes
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Did you change any other Apache settings?
     
  9. Dave B

    Dave B Member

    No, I followed all the recommended settings apart from those mentioned here which i followed as advised.
    Currently, if I access the ISPConfig URL via HTTP it says "The requested URL was not found on this server." is there any way I can get it working via this link just to restore access?
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I tried your dutyhosts URL, it http loads apache default page but httpS:// loads dutyhosts TK phpBB.
    Set in site Redirect tab "rewriete http to https".
     
  11. Dave B

    Dave B Member

    Yeah the main ISPConfig is setup on > https://server1.dutyhosts.net:8080/
    Not sure how i can do the rewrite as i cant currently access ISPConfig to do anything
    I tried adding the below to 000-default.conf but got an exited error on apache restart.
    Code:
    <VirtualHost *:80>
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </VirtualHost>
    
    <VirtualHost *:443>
       SSLEngine on
       SSLCertificateFile    <path to crt file>
       SSLCertificateKeyFile   <path to private key file>
    </VirtualHost>
     
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I think something is not right with your install as accessing with http on port 8080 should show you that it is a HTTPS port and you should use https. Did the panel work before, or have you never been able to access it?
     
  13. Dave B

    Dave B Member

    Hi Th0m
    Yeah the panel worked perfectly before.
    It does seem to be related to just the panel as i can access any other links on the domain.
     
  14. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you share the output of
    Code:
    ls -la /usr/local/ispconfig/interface/ssl
    ?
     
  15. Dave B

    Dave B Member

    Hi Th0m,
    Sure ..
    Code:
    [email protected]:~# ls -la /usr/local/ispconfig/interface/ssl
    total 36
    drwxr-s--- 2 root      root      4096 Jan 26 18:08 .
    drwxr-s--- 9 ispconfig ispconfig 4096 Jan 23 14:13 ..
    -rwxr-x--- 1 root      root        45 Jan 26 18:09 empty.dir
    -rwxr-x--- 1 root      root      2171 Jan 26 18:08 ispserver.crt
    -rwxr-x--- 1 root      root      1769 Jan 26 18:08 ispserver.csr
    -rwxr-x--- 1 root      root      3243 Jan 26 18:08 ispserver.key
    -rwxr-x--- 1 root      root      3311 Jan 26 18:07 ispserver.key.secure
    -rwxr-x--- 1 root      root      5414 Jan 26 18:08 ispserver.pem
    
     
  16. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    And can you share the content of /etc/apache2/sites-available/ispconfig.vhost?
     
  17. Dave B

    Dave B Member

    Sure ..

    Code:
    ######################################################
    # This virtual host contains the configuration
    # for the ISPConfig controlpanel
    ######################################################
    
     Listen 8080
    NameVirtualHost *:8080
    
    <VirtualHost _default_:8080>
      ServerAdmin [email protected]
    
      Alias /mail /var/www/ispconfig/mail
    
      <Directory /var/www/ispconfig/>
        <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      <Directory /usr/local/ispconfig/interface/web/>
        <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
    
      <IfModule mod_fcgid.c>
        DocumentRoot /var/www/ispconfig/
        SuexecUserGroup ispconfig ispconfig
        <Directory /var/www/ispconfig/>
          Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
          AllowOverride AuthConfig Indexes Limit Options FileInfo
          <FilesMatch "\.php$">
            SetHandler fcgid-script
          </FilesMatch>
          FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
                Require all granted
              </Directory>
        IPCCommTimeout  7200
        MaxRequestLen 15728640
      </IfModule>
    
      <IfModule mpm_itk_module>
        DocumentRoot /usr/local/ispconfig/interface/web/
        AssignUserId ispconfig ispconfig
        AddType application/x-httpd-php .php
        <Directory /usr/local/ispconfig/interface/web>
          # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
          Options +FollowSymLinks
          AllowOverride None
                Require all granted
                php_value magic_quotes_gpc        0
        </Directory>
      </IfModule>
    
      # ErrorLog /var/log/apache2/error.log
      # CustomLog /var/log/apache2/access.log combined
      ServerSignature Off
    
      <IfModule mod_security2.c>
        SecRuleEngine Off
      </IfModule>
    
      # SSL Configuration
      SSLEngine On
        SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
        SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
      SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
      #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    
      SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
      SSLHonorCipherOrder On
       
      <IfModule mod_headers.c>
        # ISPConfig 3.1 currently requires unsafe-line for both scripts and styles, as well as unsafe-eval
        Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'"
        Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests"
        Header set X-Content-Type-Options: nosniff
        Header set X-Frame-Options: SAMEORIGIN
        Header set X-XSS-Protection: "1; mode=block"
        Header always edit Set-Cookie (.*) "$1; HTTPOnly"
        Header always edit Set-Cookie (.*) "$1; Secure"
        <IfVersion >= 2.4.7>
            Header setifempty Strict-Transport-Security "max-age=15768000"
        </IfVersion>
        <IfVersion < 2.4.7>
            Header set Strict-Transport-Security "max-age=15768000"
        </IfVersion>
        RequestHeader unset Proxy early
      </IfModule>
    
        SSLUseStapling On
      SSLStaplingResponderTimeout 5
      SSLStaplingReturnResponderErrors Off
      </VirtualHost>
    
     
  18. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Alright, so we now know SSL is enabled and there is a SSL cert in place..... Can you verify those files are not empty? (in the ssl folder of ISPConfig)?
     
  19. Dave B

    Dave B Member

    Hi Th0m
    Well the files are definitely there and do contain content
    upload_2021-1-27_16-41-8.png
     
  20. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Is openssl up to date on your system? And other software?
     

Share This Page