We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Cannot access website with SSL after installing extra styles for phpBB under nginx server
Cannot access website with SSL after installing extra styles for phpBB under nginx server
I don't know if I made a clear description by the thread title, but cannot write very long in the title, so let me just describe in the post below.
I have installed two websites, https://mydomain.tld and https://bbs.mydomain.tld. bbs.mydomain.tld is the subdomain. I haven't yet figured out how to direct a subdomain to the subdirectory, so I parallel these two inside vesta as two sites under a user beside admin account.
I have mydomain.tld and *.mydomain.tld certificate and also a bbs.mydomain.tld certificate, both are valid and can be seen via vesta's website panel.
I installed vesta with nginx+php-fpm+mysql+remi+vsftpd+iptable+fail2ban on CentOS 6.9.
Initially, the two sites went smoothly, but after I installed several styles for my phpBB (the same board script as vesta's board) under https://bbs.mydomain.tld, the website just ran, say 15 to 30 minutes at most, and then crashed. Then I turned to https://mydomain.tld, and found it was not accessible.
I tried restarting nginx server, the vesta panel, and the VPS. The same result, the two sites just cannot be reached.
Then, I went to https://www.sslshopper.com/ssl-checker.html and had a check of my two domains. The report says
I then sshed to my server's console, and tried the netstat, the 443 port works correctly under nginx and was not blocked.
Well, I got lost, and guess it should be due to the certificate problem? So I deleted all the certs from /home/myusername/conf/web, and regenerated them by going to vesta panel, web->bbs.mydomain.tld->edit->SSL support tick->save button.
All the required certs were generated, and now under the conf/web dir, there are 12 files:
which should be correct, because I also tried to make soft links as below:
I can access vesta's panel webui with the certs but cannot access the website (https://mydomain.tld) with the same certificates. If the panel is accessible, then the cert itself is OK.
Finally, I thought if I made extra modifications on the SSL part, so I deleted ssl http2 from template
and now it reads
Personally, I don't think it matters much, but these are all what I can figure.
So what's on earth is or are the problem(s)?
Anyone can give me some advice?
I have installed two websites, https://mydomain.tld and https://bbs.mydomain.tld. bbs.mydomain.tld is the subdomain. I haven't yet figured out how to direct a subdomain to the subdirectory, so I parallel these two inside vesta as two sites under a user beside admin account.
I have mydomain.tld and *.mydomain.tld certificate and also a bbs.mydomain.tld certificate, both are valid and can be seen via vesta's website panel.
I installed vesta with nginx+php-fpm+mysql+remi+vsftpd+iptable+fail2ban on CentOS 6.9.
Initially, the two sites went smoothly, but after I installed several styles for my phpBB (the same board script as vesta's board) under https://bbs.mydomain.tld, the website just ran, say 15 to 30 minutes at most, and then crashed. Then I turned to https://mydomain.tld, and found it was not accessible.
I tried restarting nginx server, the vesta panel, and the VPS. The same result, the two sites just cannot be reached.
Then, I went to https://www.sslshopper.com/ssl-checker.html and had a check of my two domains. The report says
I have Cloudflare resolve my domain and it worked correctly all along, so it seemed that the only possible reason is the port issue.No SSL certificates were found on bbs.mydomain.tld. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.
I then sshed to my server's console, and tried the netstat, the 443 port works correctly under nginx and was not blocked.
Code: Select all
[root@bbs ~]# netstat -ntpl|grep 443
tcp 0 0 myIPAddr:443 0.0.0.0:* LISTEN 1638/nginx
All the required certs were generated, and now under the conf/web dir, there are 12 files:
Code: Select all
-rw-r----- 1 root myusername 1146 Apr 6 00:55 bbs.mydomain.tld.nginx.conf
-rw-r----- 1 root myusername 3214 Apr 6 00:55 bbs.mydomain.tld.nginx.ssl.conf
-rw-r----- 1 root myusername 404 Apr 6 00:55 mydomain.tld.nginx.conf
-rw-r----- 1 root myusername 1513 Apr 6 00:55 mydomain.tld.nginx.ssl.conf
-rw-r----- 1 root root 1646 Apr 6 00:55 ssl.bbs.mydomain.tld.ca
-rw-r----- 1 root root 3439 Apr 6 00:55 ssl.bbs.mydomain.tld.crt
-rw-r----- 1 root root 1707 Apr 6 00:55 ssl.bbs.mydomain.tld.key
-rw-r----- 1 root root 5086 Apr 6 00:55 ssl.bbs.mydomain.tld.pem
-rw-r----- 1 root root 1647 Apr 6 00:55 ssl.mydomain.tld.ca
-rw-r----- 1 root root 1800 Apr 6 00:55 ssl.mydomain.tld.crt
-rw-r----- 1 root root 1678 Apr 6 00:55 ssl.mydomain.tld.key
-rw-r----- 1 root root 3448 Apr 6 00:55 ssl.mydomain.tld.pem
Code: Select all
ln -s /home/myusername/conf/web/ssl.mydomain.tld.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/myusername/conf/web/ssl.mydomain.tld.key /usr/local/vesta/ssl/certificate.key
Finally, I thought if I made extra modifications on the SSL part, so I deleted ssl http2 from template
Code: Select all
listen %ip%:%web_ssl_port% ssl http2;
Code: Select all
listen %ip%:%web_ssl_port%;
So what's on earth is or are the problem(s)?
Anyone can give me some advice?
Last edited by baoang on Fri Apr 06, 2018 6:36 am, edited 1 time in total.
Re: Cannot access website with SSL after installing extra styles for phpBB under nginx server
The following lines are from /var/log/nginx/error.log
The following lines are from /var/log/nginx/domains/bbs.mydomain.tld.error.log
I had tried to switch from socket and default in php-fpm mode, but not matter what I did in the beginning, after the websites couldn't be accessed, these two modes were the same. Switching from one to the other or vice versa, is no use.
Plus, when visiting via Internet Explorer, it said
So, still the SSL problem?
Code: Select all
2018/04/05 21:09:06 [emerg] 1678#1678: unexpected end of file, expecting ";" or "}" in /etc/nginx/conf.d/vesta.conf:5
2018/04/05 21:12:46 [emerg] 2490#2490: unexpected end of file, expecting ";" or "}" in /etc/nginx/conf.d/vesta.conf:5
2018/04/05 21:12:55 [emerg] 2664#2664: unexpected end of file, expecting ";" or "}" in /etc/nginx/conf.d/vesta.conf:5
2018/04/05 21:13:30 [emerg] 2835#2835: unexpected end of file, expecting ";" or "}" in /etc/nginx/conf.d/vesta.conf:5
2018/04/06 00:22:00 [emerg] 6415#6415: BIO_new_file("/home/myusername/conf/web/ssl.mydomain.tld.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/myusername/conf/web/ssl.mydomain.tld.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2018/04/06 00:22:44 [emerg] 1645#1645: BIO_new_file("/home/myusername/conf/web/ssl.mydomain.tld.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/myusername/conf/web/ssl.mydomain.tld.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2018/04/06 00:24:17 [emerg] 1645#1645: BIO_new_file("/home/myusername/conf/web/ssl.bbs.mydomain.tld.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/myusername/conf/web/ssl.bbs.mydomain.tld.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2018/04/06 00:25:41 [emerg] 1645#1645: BIO_new_file("/home/myusername/conf/web/ssl.bbs.mydomain.tld.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/myusername/conf/web/ssl.bbs.mydomain.tld.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2018/04/06 00:26:02 [emerg] 1645#1645: BIO_new_file("/home/myusername/conf/web/ssl.bbs.mydomain.tld.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/myusername/conf/web/ssl.bbs.mydomain.tld.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Code: Select all
PHP message: PHP Fatal error: require(): Failed opening required './config.php' (include_path='.:/usr/share/pear:/usr/share/php') in /home/myusername/web/bbs.mydomain.tld/public_shtml/phpBB3/phpbb/config_php_file.php on line 107" while reading response header from upstream, client: 180.103.134.56, server: bbs.mydomain.tld, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9002", host: "bbs.mydomain.tld"
2018/04/05 21:25:52 [error] 4553#4553: *10 open() "/home/myusername/web/bbs.mydomain.tld/public_html/favicon.ico" failed (2: No such file or directory), client: 180.103.134.56, server: bbs.mydomain.tld, request: "GET /favicon.ico HTTP/1.1", host: "bbs.mydomain.tld"
2018/04/05 21:26:34 [error] 4553#4553: *10 open() "/home/myusername/web/bbs.mydomain.tld/public_html/favicon.ico" failed (2: No such file or directory), client: 180.103.134.56, server: bbs.mydomain.tld, request: "GET /favicon.ico HTTP/1.1", host: "bbs.mydomain.tld"
2018/04/05 21:28:49 [error] 4818#4818: *1 FastCGI sent in stderr: "PHP message: PHP Warning: require(/home/myusername/web/bbs.mydomain.tld/public_shtml/phpBB3/config.php): failed to open stream: Permission denied in /home/myusername/web/bbs.mydomain.tld/public_shtml/phpBB3/phpbb/config_php_file.php on line 107
PHP message: PHP Fatal error: require(): Failed opening required './config.php' (include_path='.:/usr/share/pear:/usr/share/php') in /home/myusername/web/bbs.mydomain.tld/public_shtml/phpBB3/phpbb/config_php_file.php on line 107" while reading response header from upstream, client: 180.103.134.56, server: bbs.mydomain.tld, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9002", host: "bbs.mydomain.tld"
2018/04/05 23:52:55 [error] 10768#10768: *172 FastCGI sent in stderr: "PHP message: PHP Warning: require(/home/myusername/web/bbs.mydomain.tld/public_shtml/phpBB3/config.php): failed to open stream: Permission denied in /home/myusername/web/bbs.mydomain.tld/public_shtml/phpBB3/phpbb/config_php_file.php on line 107
PHP message: PHP Fatal error: require(): Failed opening required './config.php' (include_path='.:/usr/share/pear:/usr/share/php') in /home/myusername/web/bbs.mydomain.tld/public_shtml/phpBB3/phpbb/config_php_file.php on line 107" while reading response header from upstream, client: 221.225.58.179, server: bbs.mydomain.tld, request: "GET /adminer.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9002", host: "bbs.mydomain.tld"
Plus, when visiting via Internet Explorer, it said
Code: Select all
Can’t connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.
Re: Cannot access website with SSL after installing extra styles for phpBB under nginx server
Oh my...!
Crazy!
The error log comes too big and zipped. I got one and unzipped, looking into the log file and finally you guess it was because I wrongly set the config.php file to 640 causing phpbb/config_php_file.php fatal errors.
Tried to setting it to 644 and the bbs is live again!
So the style files need to read the config_php_file.php and then the ./config.php file, or otherwise such failure will stop at the SSL level accessing the website?
So complicated.
I still have no idea why such a -4 (640-644) would play a huge joke.
OK, I then try to see if I can set the subdomain to subdirectory.
Crazy!
The error log comes too big and zipped. I got one and unzipped, looking into the log file and finally you guess it was because I wrongly set the config.php file to 640 causing phpbb/config_php_file.php fatal errors.
Tried to setting it to 644 and the bbs is live again!
So the style files need to read the config_php_file.php and then the ./config.php file, or otherwise such failure will stop at the SSL level accessing the website?
So complicated.
I still have no idea why such a -4 (640-644) would play a huge joke.
OK, I then try to see if I can set the subdomain to subdirectory.
Re: Cannot access website with SSL after installing extra styles for phpBB under nginx server
Easy coming, easy go.
They stopped working again, and this time, no error log files. So bad. It looks there's nothing wrong, but they just go wrong and became not accessible. Trying to get another server and see if this problem can be replicated.
They stopped working again, and this time, no error log files. So bad. It looks there's nothing wrong, but they just go wrong and became not accessible. Trying to get another server and see if this problem can be replicated.