0
Answered

403 Forbidden

Napoolion 6 years ago updated by Eugene Pankov (Project coordinator) 6 years ago 21
Hello!

Installed Ajenti to my server.
Got my wordpress website working.

Then I needed to add subdomain to main domain.Used DNS to subdomain to my server ip address where my main domain is.

Now neither of pages work. Place where I installed wordpress sites throws in 403 Forbidden error.

and subdomain throws page not found error. (needs some DNS waiting, but with pingdom you can see 403 Forbidden error aswell.

If I disable subdomain, wordpress one (main domain) starts working again.

So I am quite new in this, what I need to do?

Best wishes,
Silver
Under review
Please post your /etc/ajenti/vh.json file with subdomain enabled. (be careful to remove passwords)
Hey, thanks for support :)


{
"websites": [
{
"maintenance_mode": false,
"locations": [
{
"custom_conf_override": false,
"path_append_pattern": false,
"pattern": "[^/]\\.php(/|$)",
"custom_conf": "# Zero-day exploit defense.\n# http://forum.nginx.org/read.php?2,88845,page=3\n# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.\n# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.\ntry_files $uri =404;\nfastcgi_split_path_info ^(.+\\.php)(/.+)$;",
"path": "",
"match": "regex",
"backend": {
"params": {
"php_admin_values": "open_basedir = none;",
"php_flags": ""
},
"type": "php-fcgi"
}
}
],
"custom_conf": "# This order might seem weird - this is attempted to match last if rules below fail.\nlocation / {\n\ttry_files $uri $uri/ /index.php?$args;\n}\n\n# Add trailing slash to */wp-admin requests.\nrewrite /wp-admin$ $scheme://$host$uri/ permanent;\n\n# Directives to send expires headers and turn off 404 error logging.\nlocation ~* ^.+\\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {\n access_log off; log_not_found off; expires max;\n}\n\nlocation = /favicon.ico {\n\tlog_not_found off;\n\taccess_log off;\n}\nlocation = /robots.txt {\n\tallow all;\n\tlog_not_found off;\n\taccess_log off;\n}\n# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~ /\\. {\n\tdeny all;\n}\n# Deny access to any files with a .php extension in the uploads directory\n# Works in sub-directory installs and also in multisite network\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~* /(?:uploads|files)/.*\\.php$ {\n\tdeny all;\n}",
"ssl_key_path": "",
"owner": "root",
"ssl_cert_path": "",
"custom_conf_toplevel": "",
"name": "app.mailingboss.com",
"enabled": true,
"extensions": {
"ajenti.plugins.vh.processes.ProcessesExtension": {
"processes": []
},
"ajenti.plugins.vh-pureftpd.pureftpd.PureFTPDExtension": {
"username": "appmailingbosscom",
"password": "",
"user": null,
"created": true
},
"ajenti.plugins.vh-mysql.mysql.MySQLExtension": {
"users": [
{
"password": "",
"name": "appmailingboss"
}
],
"databases": [
{
"name": "appmailingbosscom"
}
]
}
},
"domains": [
{
"domain": "app.mailingboss.com"
}
],
"root": "/srv/app_mailingboss",
"ports": [
{
"spdy": false,
"ssl": false,
"host": "*",
"port": 80,
"default": false
}
]
},
{
"maintenance_mode": false,
"locations": [
{
"custom_conf_override": false,
"path_append_pattern": false,
"pattern": "[^/]\\.php(/|$)",
"custom_conf": "# Zero-day exploit defense.\n# http://forum.nginx.org/read.php?2,88845,page=3\n# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.\n# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.\ntry_files $uri =404;\nfastcgi_split_path_info ^(.+\\.php)(/.+)$;",
"path": "",
"match": "regex",
"backend": {
"params": {
"php_admin_values": "open_basedir = none;",
"php_flags": ""
},
"type": "php-fcgi"
}
}
],
"custom_conf": "# This order might seem weird - this is attempted to match last if rules below fail.\nlocation / {\n\ttry_files $uri $uri/ /index.php?$args;\n}\n\n# Add trailing slash to */wp-admin requests.\nrewrite /wp-admin$ $scheme://$host$uri/ permanent;\n\n# Directives to send expires headers and turn off 404 error logging.\nlocation ~* ^.+\\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {\n access_log off; log_not_found off; expires max;\n}\n\nlocation = /favicon.ico {\n\tlog_not_found off;\n\taccess_log off;\n}\nlocation = /robots.txt {\n\tallow all;\n\tlog_not_found off;\n\taccess_log off;\n}\n# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~ /\\. {\n\tdeny all;\n}\n# Deny access to any files with a .php extension in the uploads directory\n# Works in sub-directory installs and also in multisite network\n# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)\nlocation ~* /(?:uploads|files)/.*\\.php$ {\n\tdeny all;\n}",
"ssl_key_path": "",
"owner": "root",
"ssl_cert_path": "",
"custom_conf_toplevel": "",
"name": "mailingboss.com",
"enabled": true,
"extensions": {
"ajenti.plugins.vh.processes.ProcessesExtension": {
"processes": []
},
"ajenti.plugins.vh-pureftpd.pureftpd.PureFTPDExtension": {
"username": "mailingbosscom",
"password": "",
"user": null,
"created": true
},
"ajenti.plugins.vh-mysql.mysql.MySQLExtension": {
"users": [
{
"password": "",
"name": "mailingbosscom"
}
],
"databases": [
{
"name": "mailingbosscom"
}
]
}
},
"domains": [
{
"domain": "mailingboss.com"
}
],
"root": "/srv/mailingboss",
"ports": [
{
"spdy": false,
"ssl": false,
"host": "*",
"port": 80,
"default": false
}
]
}
]
}
That's really strange, everything seems correct in your config. Check /var/log/nginx/<website>.error.log for both domains after you see 403 error.
Subdomain, bunch of this, is my directory in wrong place?:
2014/08/07 14:19:38 [error] 3686#0: *232 directory index of "/srv/app_mailingboss/" is forbidden, client: 84.50.5.187, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"
2014/08/07 14:22:11 [error] 3686#0: *233 directory index of "/srv/app_mailingboss/" is forbidden, client: 84.50.5.187, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"
2014/08/07 14:56:04 [error] 3686#0: *236 directory index of "/srv/app_mailingboss/" is forbidden, client: 84.50.5.187, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"
2014/08/07 15:31:23 [error] 3686#0: *237 directory index of "/srv/app_mailingboss/" is forbidden, client: 84.50.5.187, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"
2014/08/07 15:52:21 [error] 3686#0: *239 directory index of "/srv/app_mailingboss/" is forbidden, client: 84.50.5.187, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"
2014/08/07 16:47:50 [error] 3686#0: *240 directory index of "/srv/app_mailingboss/" is forbidden, client: 31.28.243.113, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "app.mailingboss.com"
2014/08/07 16:47:53 [error] 3686#0: *244 directory index of "/srv/app_mailingboss/" is forbidden, client: 31.28.243.113, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"
2014/08/07 16:47:57 [error] 3686#0: *244 directory index of "/srv/app_mailingboss/" is forbidden, client: 31.28.243.113, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"
2014/08/07 16:51:34 [error] 4257#0: *248 directory index of "/srv/app_mailingboss/" is forbidden, client: 84.50.5.187, server: app.mailingboss.com, request: "GET / HTTP/1.1", host: "www.mailingboss.com"

Main domain: 

014/08/07 12:33:42 [error] 3241#0: *140 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/var/lib/php/session/sess_37sd5j7krec22nn1ihp8anc836, O_RDWR) failed: No such file or directory (2) in /srv/mailingboss/wp-content/themes/mailingboss/header.php on line 1" while reading response header from upstream, client: 84.50.5.187, server: mailingboss.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fcgi-mailingbosscom-php-fcgi-0.sock:", host: "www.mailingboss.com", referrer: "http://www.mailingboss.com/wp-admin/themes.php?page=core_functions.php"
2014/08/07 12:33:42 [error] 3241#0: *140 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: open(/var/lib/php/session/sess_37sd5j7krec22nn1ihp8anc836, O_RDWR) failed: No such file or directory (2) in Unknown on line 0
PHP message: PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0" while reading upstream, client: 84.50.5.187, server: mailingboss.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fcgi-mailingbosscom-php-fcgi-0.sock:", host: "www.mailingboss.com", referrer: "http://www.mailingboss.com/wp-admin/themes.php?page=core_functions.php"
2014/08/07 12:33:42 [error] 3241#0: *140 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/var/lib/php/session/sess_37sd5j7krec22nn1ihp8anc836, O_RDWR) failed: No such file or directory (2) in /srv/mailingboss/wp-content/themes/mailingboss/header.php on line 1" while reading response header from upstream, client: 84.50.5.187, server: mailingboss.com, request: "GET /wp-content/plugins/ultimate-under-construction/includes/js/flipclock.min.js HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fcgi-mailingbosscom-php-fcgi-0.sock:", host: "www.mailingboss.com", referrer: "http://www.mailingboss.com/"
2014/08/07 12:33:42 [error] 3241#0: *140 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: open(/var/lib/php/session/sess_37sd5j7krec22nn1ihp8anc836, O_RDWR) failed: No such file or directory (2) in Unknown on line 0
PHP message: PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0" while reading upstream, client: 84.50.5.187, server: mailingboss.com, request: "GET /wp-content/plugins/ultimate-under-construction/includes/js/flipclock.min.js HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fcgi-mailingbosscom-php-fcgi-0.sock:", host: "www.mailingboss.com", referrer: "http://www.mailingboss.com/"

Best wishes,
Silver
Have you checked the Configuration checks on the main Websites page?
Also check if /var/lib/php/session exists
PHP-FPM service (tick)
NGINX config test (tick)
NGINX service (tick)


Also check if /var/lib/php/session exists
Can't see that one, how do create it/enable it :P?
What is the output of sudo nginx -t?
Yes, create the session dir, it should fix your main website (whose problem isn't really related to subdomain).
Also try fully restarting nginx: sudo service nginx restart.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart made

by making session dir, does that mean I needed to make new folder there named session :P? or that was what I did..

Maybe I don't have all services enabled, for example if I make restart to server, I need to start mysql again. :P





when I disable subdomain, everything starts working great for main site. :P
You did everything right, and exactly this (subdomain affecting main site) is the strangest thing. Could you please also post the generated /etc/nginx/conf.d/website.conf files with and without the subdomain website enabled?
without subdomain:
http://pastebin.com/ixwryDw8

with subdomain:
http://pastebin.com/KRp7Wang

They look quite same. I don't get the error anymore. I uploaded some random index.html.. Everything what I will put on subdomain will write over everything at main domain :P

I'm at loss... your websites are completely separated and have different roots... how can a file then appear on both at once? Can this be a browser caching issue? Do you have any extra configuration in /etc/nginx.custom.d? Other Ajenti V websites?
It's all good now. :)

I think changing something at DNS helped. I made CNAME instead of A record and it is working now. :)
Like always, morning is smarter..

Before I went to sleep yesterday, I made CName  instead of pointing A record.
Subdomain with A records is acting weird, but with Cname it works.


So I got a subdomain working, which is great! :)
Hm, I think I just need good tutorial on subdomain creation.. I am probaly just doing it wrong. :D
base on my previous experience, it relate with permission chmod / chown.
make sure your wordpress root site chown with www-data (on CentOS, don't know on ubuntu) and make sure it have read permission on chmod like 755
There's no way adding a domain can break permissions. In any case, there's a "Fix permissions" button on the website page, he might want to try that. It looks more like there's somehow some 'static files' content taking precedence, without directory index allowed.
Probably it's me being beginner :P

Site works without subdomain, but once I add subdomain, it dies :P
ahhh domain, sory not read it cleary.

btw relate with domain does it need Bind9 ? or named ?
i just install named / bind9 (DNS Server), and add domain + subdomain and install nginx, and add my dns on network config to ajenti nginx server, everything work fine without

omain registar. see picture bellow:

172.16.0.X is my testing environment






You can either configure domain and subdomain at your registrar's panel, or only set up a NS entry pointing to your DNS server, and then configure everything on your own DNS server.