Tag Archives: ispconfig

Cross Origin or CORS Issue

We often get the CORS error when we try to run some code from localhost or XAMPP. The following steps will help to solve it. Please note you will need access to server side code or server configurations. 

  1. Set Access-Control-Allow-Origin to “*” in the code
  2. Set Header set Access-Control-Allow-Headers to “*” in the code 
  3. If the above didn’t work then add the same to .htaccess
  4. If still not solved then set the same in Apache / HTTPD configuration

In my case setting it in the code didn’t work. So it set it in the .htaccess but it also didn’t work. I was getting the error “Reason: header ‘access-control-allow-headers’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response“. The point to note is CORS Preflight. Which indicated that the error happened before the request reached the code. So I thought to set it in Apache config and it worked.

In my case the server had ISPConfig, so I set it through ISPConfig instead of changing the actual Apache configuration file.
The configuration needs to be put under “Sites” -> “<Site Name>” ->  “Options” -> “Apache Directives”.
The exact lines to be put
Header set Access-Control-Allow-Origin “*”
Header set Access-Control-Allow-Headers “*”

 

ISPConfig 3 Showing Default Site

After a fresh install of ISPConfig 3 I added some site. Now the strange problem was HTTP version was always opening the default Apache page. But the HTTPS version was opening the proper site.

Solution:

Disable the default website

a2dissite 000-default.conf
The reason for HTTP version opening default site and HTTPS opening proper site:

When Apache is installed it installs a default website (normally /etc/apache2/sites-enabled/000-default.conf). This default website doesn’t have any HTTPS version, only the HTTP version is installed.

Now when the HTTP version of my site was being requested it was opening the HTTP version of the default site as the HTTP version was existing. But as there was no HTTPS version of the default site so when the HTTPS version  of my site was being called no default site was matching and hence it opened the proper site.

Installing Amazon SDK on ISPConfig systems

  1. First install Composer and PHP for the jailed user. This article has the steps
  2. composer require aws/aws-sdk-php  — as the jailed user
  3. There might be an error –
    fopen(/usr/share/php/Composer/Autoload/../../../doc/composer/copyright): failed to open stream: No such file or directory
  4. You can copy the file using the root login
    1. mkdir -p /var/www/clients/client1/web1/usr/share/doc/composer
    2. cp /usr/share/doc/composer/copyright  /var/www/clients/client1/web1/usr/share/doc/composer/
    3. chown web1:client1 /var/www/clients/client1/web1/usr/share/doc/composer/copyright

ISPConfig 3.1 Automated Installation

This article is about Automated Installation of ISPConfig3.1 on Ubuntu 18.04 and the issue with Roundcube.

The installation steps can be found here and very well laid down – https://www.howtoforge.com/tutorial/ubuntu-ispconfig-automated-install-script/

I installed it on a Linode instance (the $10 instance).

The first thing I found is the softwares is better updated manually prior to the automated installation of the ISPConfig. In my case the installer script couldn’t install the updates.

The biggest problem I faced was after the installation Roundcube was neither sending or receiving any mails. Though the mailbox is opening and I can compose mails but on sending the mail it failed with a “Timed Out” error. Neither any incoming mails were received.

Upon searching and going through lots of suggestions (even a re-installation of Roundcube) ultimately found the issue was with two lines in the postfix master file (marked with red color and bold below)

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

The # infront of the submission and smtps needs to be removed.

Thanks to Till and this post on HowtoForge


One more important issue was this line in the main.cf file

mydestination = domain-name.com, localhost, localhost.localdomain

Though by default the domain name was added to the config but it prevented mails from being received. After removing the domain name and leaving only the localhost entries everything worked fine


While trying to fix the problem I found in the process – for ISPConfig based setup it is better to leave the SSL Certificate settings that the script has set. I tried changing to a purchased SSL and incoming mails stopped. It was about 4:30 AM in the morning and was too tired to do anything more. So reverted back to the original files and everything was fine.


While trying different possible solutions I had enabled the necessary ports in UFW. So is  not sure if that is really needed or not. But worth giving a try if mails are not delivered or received even after correcting the settings in the /etc/postfix/master.cf file


Roundcube errors can be found here – /var/log/roundcube/errors

ISPConfig PHP-FPM Session Problem

The problem I was facing – session variables not getting passed from page to page. On page1.php I set some session variables and then on going to page2.php all I was getting was Array() !  The problem drove me crazy as everything settings and permissions were fine.

I have ISPConfig 3 on Ubuntu 18.04 and PHP 7.2.

Session path, folder ownership, folder permission, cookie path everything was fine. On checking the Session folder found that the session file is getting created properly and the session variables also got saved in files properly. Also had session_start() at the beginning of every page. And there was no error or warnings. But when going to next page – nothing in session!

Then on further analysis found the issue is all about the PHPSESSID cookie being set by ISPConfig control panel. After logging out of ISPConfig panel when I opened my pages the SESSION variables got passed fine.

I spent a whole day trying to find issues with the setup or server configuration. Hope this saves someone else’s time.

 

 

 

 

ISPConfig with Jailkit – allowing custom or other commands for users

By default Jailkit allows certain commands or applications only. Below is the process to allow your users to access other commands or any custom command.

Here I wanted users to access PHP commandline and composer

  1. If needed then first install those applications normally as root
  2. Add entries for the applications/commands to the jailkit config file
    
     
    These block names will be used in ISPConfig.
    
    The folder/directories are important - else the necessary libraries and supporting files will not be copied and the application will not work properly for the users.
  3. Once the blocks have been added, the programs and all related files will have to be copied to the particular users webspace. 
    
    The jk_init command copies all files and related libraries with permissions. 
    
    jk_init -c /etc/jailkit/jk_init.ini -f -k -j /var/www/clients/clientXXX/webXXX php
    
    jk_init -c /etc/jailkit/jk_init.ini -f -k -j /var/www/clients/client1/web3 composer
    
  4. After copying the files update the Jailkit section of ISPConfig - add the block names of the applications that the users will be permitted to use
    System -> Server Config -> Jailkit chroot app section
    
    
    
    

If the commands are still not accessible – then the users should try relogin first.