SOLVED - Ispconfig3 Cluster/Multiserver - Roundcube - Your session is invalid or expired

Discussion in 'General' started by ZKool, Dec 27, 2017.

  1. ZKool

    ZKool New Member

    I am having some issues with Ispconfig3 cluster and Roundcube giving errors such as "Your session is invalid or expired." after short periods of time, or even randomly.

    OS is Debian 8.
    Ispconfig3 is up to date on master + slave.
    Using memcache as backend with roundcube (using DB does the same thing).

    /var/log/roundcube/errors is empty

    /var/log/apache2/error.log does not appear to show anything relevant.

    [Wed Dec 27 11:21:25.613565 2017] [:error] [pid 1159] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'.
    [Wed Dec 27 11:21:25.616688 2017] [:error] [pid 1159] python_init: Python executable found '/usr/bin/python'.
    [Wed Dec 27 11:21:25.616715 2017] [:error] [pid 1159] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
    [Wed Dec 27 11:21:25.616769 2017] [:notice] [pid 1159] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
    [Wed Dec 27 11:21:25.616781 2017] [:notice] [pid 1159] mod_python: using mutex_directory /tmp
    [Wed Dec 27 11:21:25.831977 2017] [ssl:warn] [pid 1159] AH01909: SERVER2HOSTNAMEFQDN:8080:0 server certificate does NOT include an ID which matches the server name
    [Wed Dec 27 11:21:25.832395 2017] [ssl:warn] [pid 1159] AH01916: Init: (DOMAINNAME:443) You configured HTTP(80) on the standard HTTPS(443) port!
    [Wed Dec 27 11:21:26.189754 2017] [mpm_prefork:notice] [pid 1159] AH00163: Apache/2.4.10 (Debian) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.9 Phusion_Passenger/4.0.53 mod_python/3.3.1 Python/2.7.9 OpenSSL/1.0.1t configured -- resuming normal operations
    [Wed Dec 27 11:21:26.189940 2017] [core:notice] [pid 1159] AH00094: Command line: '/usr/sbin/apache2'
    Using DNS round robin for both servers, with HTTPS to access roundcube.

    Server1 + Server2 use the same cert, which has the domain name as SAN.
    Roundcube is accessed via https://domainname/webmail

    I think this has only been happening for a couple of months.
    Can't think of any changes that would have caused this.

    Similar issue here with no replies;

    Does anyone have any idea or may be able to point me in the right direction?

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you check that roundcube really uses a central database or central memcache instance for session storage? Such issues normally appear in software when the session storage is local and not shared in a cluster.
  3. ZKool

    ZKool New Member

    Is there a good way to verify?

    ** Just realized I actually made changes in /etc/roundcube/
    ** Copied them over to and restarted.

    Issue remains, and is actually worse at the moment.
    Getting errors as soon as I login.

    $config['session_storage'] = 'memcache';
    $config['memcache_hosts'] = array( 'localhost:11211', 'SERVER02:11211' );
    $config['memcache_pconnect'] = true;
    $config['memcache_timeout'] = 2;
    $config['memcache_retry_interval'] = 15;
    $config['imap_cache'] = 'memcache';
    $config['session_storage'] = 'memcache';
    $config['memcache_hosts'] = array( 'localhost:11211', 'SERVER01:11211' );
    $config['memcache_pconnect'] = true;
    $config['memcache_timeout'] = 2;
    $config['memcache_retry_interval'] = 15;
    $config['imap_cache'] = 'memcache';
    memcached is verified running on both servers.
    firewall is allowing port 11211.
    nmap from each server can see the port open on remote server.
    can telnet on port 11211

    # Run memcached as a daemon. This command is implied, and is not needed for the
    # daemon to run. See the README.Debian that comes with this package for more
    # information.
    # Log memcached's output to /var/log/memcached
    logfile /var/log/memcached.log
    # Be verbose
    # Be even more verbose (print client commands as well)
    # Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
    # Note that the daemon will grow to this size, but does not start out holding this much
    # memory
    -m 64
    # Default connection port is 11211
    -p 11211
    # Run the daemon as root. The start-memcached will default to running as root if no
    # -u command is present in this config file
    -u memcache
    # Specify which IP address to listen on. The default is to listen on all IP addresses
    # This parameter is one of the only security measures that memcached has, so make sure
    # it's listening on a firewalled interface.
    # Limit the number of simultaneous incoming connections. The daemon default is 1024
    # -c 1024
    # Lock down all paged memory. Consult with the README and homepage before you do this
    # -k
    # Return error when memory is exhausted (rather than removing items)
    # -M
    # Maximize core file limit
    # -r
    /var/log/memcached.log doesn't exist
    creating the file and chmod to 777, no entries are generated in the file, even with verbosity up
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You seem to use a local memcache but both servers must use the same memcache system if you want to share sessions, I understand the syntax that the second memcache is only used when the first one is unreachable? But I'm not a roundcube developer, so I don't know their code. You might ask in a roundcube support forum on how to configure their software for shared sessions.
  5. ZKool

    ZKool New Member


    This now appears to be resolved.

    Few things that needed to be done;

    1. I hadn't gone through and configured memcache for multiple servers.

    2. I was editing the wrong file to start - /etc/roundcube/ , instead of /etc/roundcube/

    3. I am using memcached package, with a d.
    /etc/php5/apache2/php.ini should reference memcached, instead of memcache

    apparently tcp:// lines should be removed from /etc/php5/apache2/php.ini if using memcached

    4. roundcube config also needed memcached, with a d - not memcache as I had based on the below
    Jesse Norell and till like this.
  6. onastvar

    onastvar Member

    Zkool, what lines did you add or remove in file /etc/roundcube/
    in your post #5 for step #2

Share This Page