ISPConfig nicht mehr verfügbar

F

flavio99

New Member
Hallo Community

Ich hoffe das ich in diesem Forum richtig bin, falls nicht, bitte verschieben.
Nun zu meinem Problem:
Ich wollte das ISPConfig auf SSL umstellen. Habe die ispconfig.vhost angepasst. Der Apache2 wurde neu gestartet und seither konnte ich den Apache2 Dienst nicht mehr starten. Nun habe ich herausgefunden, dass die ispconfig.vhost falsch ist.
Code: 
######################################################
# This virtual host contains the configuration
# for the ISPConfig controlpanel
######################################################

 Listen 80
NameVirtualHost *:80

<VirtualHost _default_:80>
  ServerAdmin webmaster@localhost

  <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
      SetHandler None
    </FilesMatch>
  </Directory>
  <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
      SetHandler None
    </FilesMatch>
  </Directory>

  <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
      <FilesMatch "\.php$">
        SetHandler fcgid-script
      </FilesMatch>
      FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
            Require all granted
          </Directory>
    IPCCommTimeout  7200
    MaxRequestLen 15728640
  </IfModule>

  <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
  AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
      # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
      Options +FollowSymLinks
      AllowOverride None
            Require all granted
            php_value magic_quotes_gpc        0
    </Directory>
  </IfModule>

  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off

  <IfModule mod_security2.c>
    SecRuleEngine Off
  </IfModule>

  # SSL Configuration
  SSLEngine On
 SSLProtocol All -SSLv3
    SSLCertificateFile /var/www/clients/client1/web5/ssl/ws01.itsupport-luzern.ch-le.crt
  SSLCertificateKeyFile /var/www/clients/client1/web5/ssl/ws01.itsupport-luzern.ch-le.key
  SSLCACertificateFile  /var/www/clients/client1/web5/ssl/ws01.itsupport-luzern.ch-le.bundle

  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-$
  SSLHonorCipherOrder On

  <IfModule mod_headers.c>
    Header always add Strict-Transport-Security "max-age=15768000"
        RequestHeader unset Proxy early
  </IfModule>

    SSLUseStapling On
  SSLStaplingResponderTimeout 5
  SSLStaplingReturnResponderErrors Off
  </VirtualHost>

<IfModule mod_ssl.c>
  SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>

<Directory /var/www/php-cgi-scripts>
  AllowOverride None
    Require all denied
  </Directory>

<Directory /var/www/php-fcgi-scripts>
  AllowOverride None
    Require all denied
  </Directory>
Sieht jmd. von euch den Fehler?

Gruss Flavio
 
T

Till

Administrator
Wenn nichts im error.log stehen sollte, dann ist vermutlich eines der ssl files nicht da (ganzen symlink pfad bis zuende prüfen).
 
F

flavio99

New Member
Das Error Log spuckt folgendes aus:
Code: 
[Tue Mar 07 16:06:01.819919 2017] [mpm_prefork:notice] [pid 24265] AH00169: caught SIGTERM, shutting down
[ 2017-03-07 16:06:02.9215 31563/7f907a987740 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'de$
[ 2017-03-07 16:06:02.9249 31566/7fc01e656740 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.31561/gen$
[ 2017-03-07 16:06:02.9325 31574/7fe8f11ae780 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.31561/g$
[ 2017-03-07 16:06:02.9326 31563/7f907a987740 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[Tue Mar 07 16:06:02.934391 2017] [ssl:warn] [pid 31561] AH01906: ws01.itsupport-luzern.ch:443:0 server certificate is a CA certificate (BasicConstraints: C$
[Tue Mar 07 16:06:02.934430 2017] [ssl:warn] [pid 31561] AH01909: ws01.itsupport-luzern.ch:443:0 server certificate does NOT include an ID which matches the$
[Tue Mar 07 16:06:02.934494 2017] [ssl:warn] [pid 31561] AH01915: Init: (ws01.itsupport-luzern.ch:80) You configured HTTPS(443) on the standard HTTP(80) por$
[Tue Mar 07 16:06:02.934515 2017] [suexec:notice] [pid 31561] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

Gruss Flavio
 
F

flavio99

New Member
Hallo Zsm.

Ich habe den Port versucht zu ändern auf 443, hatte wieder die gleiche Fehlermeldung. Ich habe nun den Pfad vom SSL noch angepasst und wieder auf Port 80 wieder umgeschaltet. Nun funktioniert der Apache2 mit der Config wieder.

000-ispconfig.vhost:
Code: 
######################################################
# This virtual host contains the configuration
# for the ISPConfig controlpanel
######################################################

 Listen 89
NameVirtualHost *:80

<VirtualHost _default_:80>
  ServerAdmin webmaster@localhost

  <Directory /var/www/ispconfig/>
    <FilesMatch "\.ph(p3?|tml)$">
      SetHandler None
    </FilesMatch>
  </Directory>
  <Directory /usr/local/ispconfig/interface/web/>
    <FilesMatch "\.ph(p3?|tml)$">
      SetHandler None
    </FilesMatch>
  </Directory>

  <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
      Options -Indexes +FollowSymLinks +MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
      <FilesMatch "\.php$">
        SetHandler fcgid-script
      </FilesMatch>
      FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
            Require all granted
          </Directory>
    IPCCommTimeout  7200
    MaxRequestLen 15728640
  </IfModule>

  <IfModule mpm_itk_module>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AssignUserId ispconfig ispconfig
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
      # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp"
   Options +FollowSymLinks
      AllowOverride None
            Require all granted
            php_value magic_quotes_gpc        0
    </Directory>
  </IfModule>

   ErrorLog /var/log/apache2/error.log
   CustomLog /var/log/apache2/access.log combined
  ServerSignature Off

  <IfModule mod_security2.c>
    SecRuleEngine Off
  </IfModule>

  # SSL Configuration
  SSLEngine Off
   SSLProtocol All -SSLv3
   SSLCertificateFile /etc/letsencrypt/live/ws01.itsupport-luzern.ch/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/ws01.itsupport-luzern.ch/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/ws01.itsupport-luzern.ch/chain.pem

  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA3
 SSLHonorCipherOrder On

  <IfModule mod_headers.c>
    Header always add Strict-Transport-Security "max-age=15768000"
        RequestHeader unset Proxy early
  </IfModule>

    SSLUseStapling On
  SSLStaplingResponderTimeout 5
  SSLStaplingReturnResponderErrors Off
 </VirtualHost>

<IfModule mod_ssl.c>
#SSLStaplingCache shmcb:/var/run/ocsp(128000)
</IfModule>

<Directory /var/www/php-cgi-scripts>
  AllowOverride None
    Require all denied
  </Directory>

<Directory /var/www/php-fcgi-scripts>
  AllowOverride None
   Require all denied
  </Directory>

Jetzt aber zu meinem neuen Problem, ich komme nicht mehr via WebGUI auf ISPConfig 3.

Error Log:
Code: 
[Tue Mar 07 22:18:49.619434 2017] [mpm_prefork:notice] [pid 1518] AH00169: caught SIGTERM, shutting down
[ 2017-03-07 22:18:50.7609 1960/7f0793625740 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'defau$
[ 2017-03-07 22:18:50.7660 1963/7fb9d1b0d740 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.1958/generation-0/request
[ 2017-03-07 22:18:50.7770 1968/7fa249887780 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.1958/generation-0/logging
[ 2017-03-07 22:18:50.7772 1960/7f0793625740 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[Tue Mar 07 22:18:50.778537 2017] [ssl:warn] [pid 1958] AH01906: ws01.itsupport-luzern.ch:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 07 22:18:50.778572 2017] [ssl:warn] [pid 1958] AH01909: ws01.itsupport-luzern.ch:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 07 22:18:50.778648 2017] [suexec:notice] [pid 1958] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Tue Mar 07 22:18:50.808264 2017] [auth_digest:notice] [pid 1980] AH01757: generating secret for digest authentication ...
[Tue Mar 07 22:18:50.811334 2017] [:notice] [pid 1984] FastCGI: process manager initialized (pid 1984)
[ 2017-03-07 22:18:50.8139 1986/7f7ebd4c8740 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'defau$
[ 2017-03-07 22:18:50.8189 1989/7fc8937ba740 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.1980/generation-0/request
[ 2017-03-07 22:18:50.8300 1997/7f9ff5e16780 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.1980/generation-0/logging
[ 2017-03-07 22:18:50.8302 1986/7f7ebd4c8740 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[Tue Mar 07 22:18:50.830440 2017] [:error] [pid 1980] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'.
[Tue Mar 07 22:18:50.830489 2017] [:error] [pid 1980] python_init: Python executable found '/usr/bin/python'.
[Tue Mar 07 22:18:50.830493 2017] [:error] [pid 1980] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/p$
[Tue Mar 07 22:18:50.830509 2017] [:notice] [pid 1980] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Tue Mar 07 22:18:50.830513 2017] [:notice] [pid 1980] mod_python: using mutex_directory /tmp
[Tue Mar 07 22:18:50.838454 2017] [ssl:warn] [pid 1980] AH01906: ws01.itsupport-luzern.ch:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 07 22:18:50.838477 2017] [ssl:warn] [pid 1980] AH01909: ws01.itsupport-luzern.ch:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 07 22:18:50.840129 2017] [mpm_prefork:notice] [pid 1980] AH00163: Apache/2.4.10 (Debian) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.9 Phusion_Passenger/4.0.53 mod_pytho$
[Tue Mar 07 22:18:50.840149 2017] [core:notice] [pid 1980] AH00094: Command line: '/usr/sbin/apache2'

Fehlermeldung auf der Webseite:
Befindet sich im Anhang.

Die Fehlermeldung ist auch auf allen anderen Webseiten vorhanden, welche mit ISPConfig angelegt wurden.
Kennt jmd. von euch die Lösung für das Problem?

Gruss Flavio
 

Anhänge

  • Error_ISPConfig.PNG
    Error_ISPConfig.PNG
    20,3 KB · Aufrufe: 218
F

flavio99

New Member
Ja, habe das geändert auf 80, der Apache2 konnte danach wieder nicht gestartet werden.
Habe nun den Port auf 8080 geändert und siehe da, das GUI ist wieder erreichbar.

Muss noch ergänzen, alle Webseiten welche mit ISPConfig angelegt wurden, erhalten immer noch den Error.

Gruss Flavio
 
F

flavio99

New Member
So hab es hinbekommen mit folgendem Schnipsel:

Code: 
ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off
SSLProxyEngine On
ProxyPass / http://:8080/
ProxyPassReverse / http://:8080/

Gruss Flavio
 
Du musst dich einloggen oder registrieren, um hier zu antworten.

Werbung

Top