How can i fix the root directory of Froxlor? - apache2.4

Migrating Froxlor from a Debian 7 to Debian 8 System.
I have now the problem, that the auto-generated vhost file of Froxlor, has vhost's in it which reference to the wrong directory. Is it possible to change them to the correct destination?
They referencing to /var/www/admin but now i only want them to reference to /var/www. I could not find it in the Database of Froxlor nor in the config Files nor in the Webinterface Settings of Froxlor itself.
The reason to change it is that I have a froxlor installation listening on www.example.com/froxlor and phpMyAdmin on www.example.com/phpmyadmin. Now I want my Overview-Page running on www.example.com.
This is the file which is not correct generated. (I replace the IP's and ServerName's)
# vhosts.conf
# Created 25.09.2016 15:31
# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.
Listen 192.168.0.1:443
<VirtualHost 192.168.0.1:443>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/3384.ssl-fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/3384.ssl-fpm.external
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/froxlor-ssl/cert.pem
SSLCertificateKeyFile /root/froxlor-ssl/key.pem
SSLCACertificateFile /root/froxlor-ssl/root_trust_chain.pem
SSLCertificateChainFile /root/froxlor-ssl/root_trust_chain.pem
</VirtualHost>
Listen 192.168.0.1:80
<VirtualHost 192.168.0.1:80>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/34d3.fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/34d3.fpm.external
</VirtualHost>
Listen [::1]:443
<VirtualHost [::1]:443>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/e36f.ssl-fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/e36f.ssl-fpm.external
SSLEngine On
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/froxlor-ssl/cert.pem
SSLCertificateKeyFile /root/froxlor-ssl/key.pem
SSLCACertificateFile /root/froxlor-ssl/root_trust_chain.pem
SSLCertificateChainFile /root/froxlor-ssl/root_trust_chain.pem
</VirtualHost>
Listen [::1]:80
<VirtualHost [::1]:80>
DocumentRoot "/var/www/admin/"
ServerName **
FastCgiExternalServer /var/www/php-fpm/froxlor.panel/**/fae9.fpm.external -socket /var/lib/apache2/fastcgi/froxlor.panel-**-php-fpm.socket -idle-timeout 1000
<Directory "/var/www/admin/">
<FilesMatch "\.(php)$">
AddHandler php5-fastcgi .php
Action php5-fastcgi /fastcgiphp
Options +ExecCGI
</FilesMatch>
Require all granted
AllowOverride All
</Directory>
Alias /fastcgiphp /var/www/php-fpm/froxlor.panel/**/fae9.fpm.external
</VirtualHost>
Is it possible to disable the root directory auto creation of froxlor? And use this solution. http to https
<VirtualHost *:80>
ServerName **
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_php5.c>
php_admin_flag display_errors off
php_admin_flag display_startup_errors off
</IfModule>
RewriteEngine on
RewriteCond %{SERVER_NAME} =**
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName **
DocumentRoot /var/www/website/silex/web/
<Directory /var/www/website/silex/web/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
DirectoryIndex /index.php
FallbackResource /index.php
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_php5.c>
php_admin_flag display_errors on
php_admin_flag display_startup_errors on
</IfModule>
SSLEngine On
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
SSLVerifyDepth 10
SSLCertificateFile /root/ssl/cert.pem
SSLCertificateKeyFile /root/ssl/key.pem
</VirtualHost>
The Alias Config Files:
# froxlor default Apache configuration
Alias /froxlor /var/www/froxlor/
<Directory /var/www/froxlor/>
Options FollowSymLinks
DirectoryIndex index.php
Require all granted
</Directory>

I found the solution.
You can set it up in the Webinterface under ips and ports. And edit the Ip Adresses their.
Ressourcen/IPs and Ports/Optionen | Edit
Their is the userdefined document root for the Website.
It was not under System Settings.

Related

Apache is not working after SSlcert configuration on alternate port

My Working url is given below which was working fine before ssl configuration. but after ssl cert configuration it is not working it is returnnig me the error
which is given below.
Url :
http://my-test-dev02.org.net:81
Error :
This page isn’t working my-test-dev02.org.net redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
Apache configuration which i have is given below :
In 000-default.conf File :
<VirtualHost *:81>
Redirect permanent / https://my-test-dev02.org.net:81
WSGIDaemonProcess skg-sa-ver12.org.net python-path=/volume/python3.8/site-packages
WSGIScriptAlias / /c/my_dashboard/my_dashboard/wsgi.py
<Directory "/c/my_dashboard/my_dashboard">
Require all granted
</Directory>
ServerAdmin webmaster#localhost
DocumentRoot /c/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
default-ssl.conf File
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
#<VirtualHost *:443>
WSGIScriptAlias / /c/my_dashboard/my_dashboard/wsgi.py
ServerAdmin nehak#org.net
<Directory "/c/my_dashboard/my_dashboard">
Require all granted
</Directory>
Alias /media/ /c/my_dashboard/my_dashboard/media/
<Directory /c/my_dashboard/my_dashboard/media>
Require all granted
</Directory>
DocumentRoot /c/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certs/my-test-dev02_org_net/my-test-dev02_org_net.cer
SSLCertificateKeyFile /etc/apache2/certs/my-test-dev02_org_net.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
In ports.conf file configuration i have :
Listen 81
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
above is my configuration for ssl cert and apache. I don't know why i am getting the error but without ssl cert i was able to access it. but after i am getting the error can anyone help me related this? what i am missing here and why this url is not securely redirecting ?

Configure multiple host in apache with ssl on different port

Hi i want to run multiple sites on same server with ssl on different ports, here is what i did so far.
default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin#admin.com
ServerName app.example.com
DocumentRoot path_to_project_directory
<Directory path_to_project_directory>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
</IfModule>
With above configuration when i run https://aap.example.com on browser it works fine now i want to run same domain on different port with ssl like https://app.example.com:8000, so for this i have made another virtual host file like this.
app.example.com.conf
<VirtualHost *:8000>
ServerAdmin admin#admin.org
ServerName app.example.com
Alias /static/ path_to_project_directory
WSGIPassAuthorization On
WSGIScriptAlias / path_to_project_directory/wsgi.py
WSGIDaemonProcess example_wsgi33 processes=3 threads=15 display-name=example_wsgi33 python-path=path_to_project_directory:path_to_project_directory/venv/lib/python3.9/site-packages
<Directory path_to_project_directory>
WSGIProcessGroup example_wsgi33
WSGIApplicationGroup %{GLOBAL}
DirectoryIndex manage.py
Require all granted
Options -Indexes -MultiViews +SymLinksIfOwnerMatch
Allow from all
</Directory>
<Directory path_to_project_directory>
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
but when i try to run https://app.example.com:8000 it shows me nothing and i'm getting error like took too long to respond..
Anybody has idea how i can run site on different ports.
Here is my ports.conf
Listen 80
Listen 8000
Listen 8001
Listen 8002
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
I have already enabled these ports on my digital ocean firewall

VPS Nginx/ Apache | multi website doesn't work

I've moved 2 domains on the VPS and they work fine, just one at a time.
If I disable one, then the other one works - not both.
dom1.com , dom2.com
have the same DNS records, except the A records with their domain-name pointing to the same IP on the VPS, their DNS records are both on CloudFlare, and they're both configured the same way on the VPS (with aaPanel).
The only difference is their site directory.
Do you know what could trigger this issue?
CentOS 8
aaPanel 6.8.21
Apache 2.4 (same issue on Nginx 1.19)
DNS manager: CloudFlare
Many Thanks
dom1.com | config
DocumentRoot "/www/wwwroot/dom1.com"
ServerName 745e5c8e.dom1.com
ServerAlias dom1.com mail.dom1.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom1.com-error_log"
CustomLog "/www/wwwlogs/dom1.com-access_log" combined
#HTTP_TO_HTTPS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{SERVER_NAME}$1 [L,R=301]
</IfModule>
#HTTP_TO_HTTPS_END
#referenced redirect rule, if commented, the configured redirect rule will be invalid
IncludeOptional /www/server/panel/vhost/apache/redirect/dom1.com/*.conf
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#PATH
<Directory "/www/wwwroot/dom1.com">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
DocumentRoot "/www/wwwroot/dom1.com/"
ServerName SSL.dom1.com
ServerAlias dom1.com mail.dom1.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom1.com-error_log"
CustomLog "/www/wwwlogs/dom1.com-access_log" combined
#SSL
SSLEngine On
SSLCertificateFile /www/server/panel/vhost/cert/dom1.com/fullchain.pem
SSLCertificateKeyFile /www/server/panel/vhost/cert/dom1.com/privkey.pem
SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLHonorCipherOrder On
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PATH
<Directory "/www/wwwroot/dom1.com/">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
dom2.com | config
ServerAdmin webmaster#example.com
DocumentRoot "/www/wwwroot/dom2.com"
ServerName 218ac146.dom2.com
ServerAlias dom2.com mail.dom2.com
#errorDocument 404 /404.html
ErrorLog "/www/wwwlogs/dom2.com-error_log"
CustomLog "/www/wwwlogs/dom2.com-access_log" combined
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
</FilesMatch>
#PATH
<Directory "/www/wwwroot/dom2.com">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
</VirtualHost>
I found the problem.
aaPanel added a wrong sub-domain in their config file.
So fixing that resolved the issue.

Site port 443 can be reached by itself, but 403 Forbidden from outside ( like WAN, public IP visit )

I'm stuck around this problem for days, anyone here can point me out?
I installed Phoenix CTMS on a clean aws CentOS9 instance, now it seems okay by check from terminal:
curl -k https://localhost/login.jsf
It returns the correct html of that page. and then I did these:
Allow 80 and https 443 in security list of this instance;
confirmed tomcat8 and apache2 service are running;
but, when try to visit site https://public_ip/login.jsf it goes 403 Forbidden.
There are 4 conf under /etc/apache2/:
000-default.conf
default-ssl.conf
00_ctsms_http.conf
00_ctsms_https.conf
The last one is like
#<IfDefine SSL>
#<IfDefine !NOSSL>
<VirtualHost *:443>
ServerName localhost:443
TransferLog /var/log/apache2/access.log
ErrorLog /var/log/apache2/error.log
Include /etc/apache2/blocklist.conf
#Alias /documents /ctsms/documents/
#<Directory "/ctsms/documents">
#Options Indexes Multiviews
#AllowOverride None
#Require all granted
#</Directory>
Alias /signup/css /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/css
Alias /signup/fonts /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/fonts
Alias /signup/images /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/images
Alias /signup/js /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/js
Alias /signup/themes /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/themes
ScriptAliasMatch ^/signup(.*) /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/dispatch.fcgi$1
#DocumentRoot /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public
<Directory "/ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#Order allow,deny
#Allow from all
Require all granted
AddHandler fcgid-script .fcgi
</Directory>
SetEnvIf Request_URI "/static/*" no-jk
SetEnvIf Request_URI "/signup/*" no-jk
Alias /resources /var/lib/tomcat8/webapps/ROOT/resources
<Directory "/var/lib/tomcat8/webapps/ROOT/resources">
#Options FollowSymLinks
#allow from all
AllowOverride None
Require all granted
</Directory>
Alias / /var/lib/tomcat8/webapps/ROOT/
<Directory "/var/lib/tomcat8/webapps/ROOT">
#Options FollowSymLinks
#allow from all
AllowOverride None
Require all granted
</Directory>
<Location "/WEB-INF/">
#AllowOverride None
deny from all
</Location>
DocumentRoot /var/lib/tomcat8/webapps/ROOT
JkMount /*.jsf ajp13
JkMount /rest/* ajp13
JkMount /inputfieldimage ajp13
JkMount /file ajp13
JkMount /beacon/* ajp13
JkMount /unsubscribe/* ajp13
SSLEngine on
#SSLProtocol -ALL +SSLv3 +TLSv1
#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/ComodoIntermediateCertificates.crt
</VirtualHost>
#</IfDefine>
#</IfDefine>
I tried uncomment the line allow from all then restart apache2, still got 403 error.

multiple ports, SSL issue

I have been searching this for some time and couldn't get to a speicifc answer.
I have configured a sever in CentOS env, with the following configuration in my vhost.conf:
<VirtualHost *:80>
DocumentRoot /xyz/dir
DirectoryIndex index.html index.php
CustomLog /var/log/xyz/access.log common
ErrorLog /var/log/xyz/error.log
<Directory /xyz/dir>
Options +Includes +FollowSymLinks -Indexes -ExecCGI
AllowOverride FileInfo AuthConfig
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:83>
DocumentRoot /abc/dir
DirectoryIndex index.html index.php
CustomLog /var/log/abc/access.log common
ErrorLog /var/log/abc/error.log
<Directory /abc/dir>
Options +Includes +FollowSymLinks -Indexes -ExecCGI
AllowOverride FileInfo AuthConfig
Require all granted
</Directory>
</VirtualHost>
As you can see I have configured 2 sites on different ports with same ip. Now I am trying to configure ssl on both the sites, I want the http as well as https both activated simultaneously on both.
I did some search and configured it with ssl, and added the following :-
<VirtualHost _default_:443>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3
SSLCACertificateFile /path-to-ca-bundle
SSLCertificateFile /path-to-crt
SSLCertificateKeyFile path-to-key
SSLVerifyClient none
SSLVerifyDepth 10
DocumentRoot /xyz/dir
ServerName 1.1.1.1:80
DirectoryIndex index.html index.php
CustomLog /var/log/xyz/access.log common
ErrorLog /var/log/xyz/error.log
<Directory /xyz/dir>
Options +Includes +FollowSymLinks -Indexes -ExecCGI
AllowOverride FileInfo AuthConfig
Require all granted
</Directory>
</VirtualHost>
# Did the same for :83
Now this works fine when I hit
https://1.1.1.1/ --> points to xyz
http://1.1.1.1/ --> points to xyz
http://1.1.1.1:83/ --> points to abc
https://1.1.1.1:83/ --> throws ssl_error_rx_record_too_long error
The https on :83 is not working. Need help !
Also https://1.1.1.1:80/ --> throws ssl_error_rx_record_too_long error
On the contrary https://1.1.1.1/ --> works just fine and points to xyz