open_basedir restriction in effect - File is not within the allowed path(s)

Discussion in 'Installation/Configuration' started by jaypabs, Jun 14, 2013.

  1. jaypabs

    jaypabs Member

    Hi,

    I run ISPConfig 3 by following this tutorial. I can successfully run the ISPConfig admin, phpmyadmin and I can even open php file. Except that I cannot run WordPress site. Even the installation.

    The error is:

    Code:
    2013/06/14 11:06:29 [error] 14070#0: *181 FastCGI sent in stderr: "PHP message: PHP Warning:  file_exists(): 
    open_basedir restriction in effect. 
    File(/var/www/clients/client1/web1/wp-config.php) is not within the allowed path(s): 
    (/var/www/clients/client1/web1/web:/var/www/clients/client1/web1/private:
    /var/www/clients/client1/web1/tmp:/var/www/philartist.com/web:
    /srv/www/philartist.com/web:/usr/share/php5:/usr/share/php:
    /tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:
    /usr/share/php) in /var/www/clients/client1/web1/web/wp-load.php on line 31" 
    while reading response header from upstream, client: 112.204.145.90, 
    server: philartist.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9010", 
    host: "philartist.com"
    
    I believe this error is due to the virtual host that ISPConfig created during the adding of website at the ISPConfig admin. Because I can run simple php code.

    Here's the complete virtual host file:

    Code:
    server {
            listen *:80;
    
            server_name philartist.com www.philartist.com;
    
            root   /var/www/philartist.com/web;
    
            index index.php index.htm index.html index.cgi index.pl index.xhtml;
    
            error_page 400 /error/400.html;
            error_page 401 /error/401.html;
            error_page 403 /error/403.html;
            error_page 404 /error/404.html;
            error_page 405 /error/405.html;
            error_page 500 /error/500.html;
            error_page 502 /error/502.html;
            error_page 503 /error/503.html;
            recursive_error_pages on;
            location = /error/400.html {
    
                internal;
            }
            location = /error/401.html {
    
                internal;
            }
            location = /error/403.html {
    
                internal;
            }
            location = /error/404.html {
    
                internal;
            }
            location = /error/405.html {
    
                internal;
            }
            location = /error/500.html {
    
                internal;
            }
            location = /error/502.html {
    
                internal;
            }
            location = /error/503.html {
    
                internal;
            }
    
            error_log /var/log/ispconfig/httpd/philartist.com/error.log;
            access_log /var/log/ispconfig/httpd/philartist.com/access.log combined;
    
            ## Disable .htaccess and other hidden files
            location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
            }
    
            location = /favicon.ico {
                log_not_found off;
                access_log off;
            }
    
            location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
            }
    
            location /stats {
    
                index index.html index.php;
                auth_basic "Members Only";
                auth_basic_user_file /var/www/clients/client1/web1/web/stats/.htpass                                                                                       wd_stats;
            }
    
            location ^~ /awstats-icon {
                alias /usr/share/awstats/icon;
            }
    
            location ~ \.php$ {
                try_files /c4cfab64e9a25b0c47153b4ee15079ea.htm @php;
            }
    
            location @php {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9010;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                #fastcgi_param PATH_INFO $fastcgi_script_name;
                fastcgi_intercept_errors on;
            }
    }
    
    This is the only problem I am facing wiht ISPConfig. Any help is appreciated.

    Thanks in advance
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Your script troes to access files outside of the web directory, /var/www/clients/client1/web1/wp-config.php is not a allowed path for a web file. Please upload your php files (I guess its wordpressin this case) to the "web" directory.
     
  3. jaypabs

    jaypabs Member

    Hi,

    The wp-config.php should be created automatically by installer and should be copied to /var/www/clients/client1/web1/web and not on /var/www/clients/client1/web1/.

    I manually created the wp-config.php and this time this is no error in the log file located under /var/log/ispconfig/httpd/philartist.com/error.log.

    But on my browser the error is:

    Code:
    ERROR 500 - Internal Server Error!
    
    The following error occurred:
    
    The requested URL caused an internal server error.
    
    If you get this message repeatedly please contact the webmaster.
    
    I am sure the problem is in the virtual host file.

    BTW, I am using nginx.

    While searching the forum I found so many problem similar to mine. http://www.howtoforge.com/forums/search.php?searchid=10753856

    Please help me what to do next.

     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    No, the virtual host file is correct.

    The reason for your first problem is that the wordpress installer seems to try to find a config file out of the docroot which triggered the open_basedir restriction from php.

    The second error is that the wp-config.php file that you created has a wrong owner or permissions. Ensure that the file is owned by the web user and client group of that website and not root.
     
  5. swehes

    swehes New Member

    I am running into the same issue. Only started since 3.0.5.3 upgrade and only new sites are having the issue. All my old sites are fine. The root directive in the vhost is pointing to /web as the base directory, but still the wordpress new installation that I am trying to do is pointing the wp-config file to /web17 for it's location. This doesn't make any sense.

    Any thoughts?
     
  6. RobMorin

    RobMorin New Member

    I too have this same issue while installing a fresh Wordpress site...
     
  7. cbj4074

    cbj4074 Member

    I agree with Till's assessment. The problem is not with ISPConfig; it is with WordPress.

    Are both of you sure that this behavior was introduced with ISPConfig 3.0.5.3 and not a newer version of WordPress? Because I've installed pretty new WordPress builds (3.6.0) on ISPConfig 3.0.5.3 and have not experienced this problem.

    While it is entirely possible that some aspect of ISPConfig changed, thereby causing WordPress to "guess incorrectly" or otherwise fail to auto-detect a filesystem path, the fact of the matter is that WordPress (not ISPConfig) is requesting a file from a location that is (and should be) off-limits to PHP.

    I would start with the location referenced in the error log: /var/www/clients/client1/web1/web/wp-load.php on line 31.

    Code:
    /** Define ABSPATH as this file's directory */
    define( 'ABSPATH', dirname(__FILE__) . '/' );
    
    error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR );
    
    if ( file_exists( ABSPATH . 'wp-config.php') ) {
    
    	/** The config file resides in ABSPATH */
    	require_once( ABSPATH . 'wp-config.php' );
    
    } elseif ( file_exists( dirname(ABSPATH) . '/wp-config.php' ) && ! file_exists( dirname(ABSPATH) . '/wp-settings.php' ) ) {
    
    	/** The config file resides one level above ABSPATH but is not part of another install */
    	require_once( dirname(ABSPATH) . '/wp-config.php' );
    
    } else {
            //...
    }
    
    Clearly, WordPress's logic is flawed. Both of you seem to be ending-up in the "elseif" block, which is where WordPress attempts to read the filesystem at the /var/www/example.com/ directory (one level up from the document root), thus triggering the open_basedir warning.

    Naturally, this begs the question: why is WordPress not finding the configuration file at ABSPATH . 'wp-config.php'?

    If you "var_dump(ABSPATH)", what's the value?
     
  8. ternes3

    ternes3 New Member

    Hi,
    I have the same problem.
    var_dumb= string(34) "/var/www/clients/client0/web1/web/"
    this seems to be correct, but why didnĀ“t work wordpress :(

    mfg ternes3
     
  9. cbj4074

    cbj4074 Member

    Do us one better and provide the output of the following:

    Code:
    var_dump(dirname(ABSPATH) . '/wp-config.php');
    
     

Share This Page