Topic: server-manager not accessible in server-only mode

[portedaix]

Hello,

My post title sounds like a well-known newbie problem  Here is my problem. I have been running for some years now my sme server in server-gateway mode quite happily, except that my sip phone lines with asterisk server are randomly disturbed by internet traffic. Hence my decision to add a router/firewall to my network which manages QoS with a ZyWall 50. My plan was to have the workstations on lan1, sip phones on lan2 and sme server in server-only mode on dmz. But anyway, after changing the server mode from server-gateway to server-only, I could not access server-manager anymore. Actually, ssl connections are not working.


• I need server-manager because asterisk control panel is not accessible (visible) from the console
• Anyway I need ssl connection because my CRM is accessible through https
• ssh connection works
• vpn connection works for a user with vpn privilege, but not for admin (still vpn is "on" for admin)
• None of https://www.mydomain.xxx/server-manager, https://ip-of-my-server/server-manager or https://name-of-my-server/server-manager work anymore
• http://www.mydomain.xxx, http://ip-of-my-serveror http://name-of-my-server works fine in server-only mode
• Just to make sure it is not a firewall/router issue, I connected a workstation directly to the server-only with static IPs. That was the same : ssh OK, ssl no.
The logs did not tell me much. /var/log/httpd/error_log tells me

[Sun Aug 05 17:13:27 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Aug 05 17:13:27 2012] [warn] RSA server certificate CommonName (CN) `name_of_my_server.name_of_my domain' does NOT match server name!?
[Sun Aug 05 17:13:27 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Aug 05 17:13:27 2012] [warn] RSA server certificate CommonName (CN) `name_of_my_server.name_of_my domain' does NOT match server name!?
[Sun Aug 05 17:13:27 2012] [warn] Init: SSL server IP/port conflict: name_of_my domaint:443 (/etc/httpd/conf/httpd.conf:632) vs. fax:443 (/etc/httpd/conf/httpd.conf:807)
[Sun Aug 05 17:13:27 2012] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
[Sun Aug 05 17:13:27 2012] [notice] Apache configured -- resuming normal operations
[Sun Aug 05 17:15:58 2012] [notice] Graceful restart requested, doing restart
[Sun Aug 05 17:15:58 2012] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 05 17:15:58 2012] [notice] Digest: done
[Sun Aug 05 17:15:59 2012] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Aug 05 17:15:59 2012] [warn] RSA server certificate CommonName (CN) `name_of_my_server.name_of_my domain' does NOT match server name!?
[Sun Aug 05 17:15:59 2012] [notice] Apache configured -- resuming normal operations

I once changed my server name. It seems that "RSA" warnings are then following, according to the bug tracks, but I do not think it is the problem.
http://bugs.contribs.org/show_bug.cgi?id=6881

Just to make sure, I removed the database entry
config show modSSL
config delprop modSSL crt
config delprop modSSL key
config show modSSL
signal-event console-save
signal-event reboot

and renewed the certificates
rm /home/e-smith/ssl.crt/*
rm /home/e-smith/ssl.key/*
rm /home/e-smith/ssl.pem/*
signal-event post-upgrade
signal-event reboot

I installed Hylafax contrib sometimes back, which adds a "fax" domain. https dos not like to have two domains. It is a known issue, but I do not think it is related to my problem. I do not use hylafax anymore, so I uninstalled it and removed the fax domain. It comes back after a "signal-event post-upgrade, signal-event reboot". I guess it is somewhere in a template...

/var/log/httpd/admin_error_log tells me

[Sun Aug 05 17:13:23 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Sun Aug 05 17:13:23 2012] [notice] Digest: generating secret for digest authentication ...
[Sun Aug 05 17:13:23 2012] [notice] Digest: done
[Sun Aug 05 17:13:23 2012] [notice] Apache configured -- resuming normal operations
[Sun Aug 05 17:15:26 2012] [error] [client 127.0.0.1] Use of uninitialized value in substitution (s///) at (eval 28) line 44.
[Sun Aug 05 17:15:26 2012] [error] [client 127.0.0.1] Use of uninitialized value in substitution (s///) at (eval 28) line 44.
[Sun Aug 05 17:15:26 2012] [error] [client 127.0.0.1] Use of uninitialized value in print at /usr/lib/perl5/site_perl/CGI/FormMagick/HTML.pm line 161.
[Sun Aug 05 17:15:26 2012] [error] [client 127.0.0.1] Use of uninitialized value in print at /usr/lib/perl5/site_perl/CGI/FormMagick/HTML.pm line 161., referer: https://name_of_my_server.name_of_my domain/server-manager/navigation
[Sun Aug 05 17:15:41 2012] [error] [client 127.0.0.1] Use of uninitialized value in print at /usr/lib/perl5/site_perl/CGI/FormMagick/HTML.pm line 161., referer: https://name_of_my_server.name_of_my domain/server-manager/navigation
[Sun Aug 05 17:15:46 2012] [error] [client 127.0.0.1] Use of uninitialized value in print at /usr/lib/perl5/site_perl/CGI/FormMagick/HTML.pm line 161., referer: https://name_of_my_server.name_of_my domain/server-manager/navigation
[Sun Aug 05 17:15:54 2012] [error] [client 127.0.0.1] Use of uninitialized value in print at /usr/lib/perl5/site_perl/CGI/FormMagick/HTML.pm line 161., referer: https://name_of_my_server.name_of_my domain/server-manager/cgi-bin/domains
[Sun Aug 05 17:15:59 2012] [error] [client 127.0.0.1] Use of uninitialized value in print at /usr/lib/perl5/site_perl/CGI/FormMagick/HTML.pm line 161., referer: https://name_of_my_server.name_of_my domain/server-manager/cgi-bin/domains?page=0&page_stack=&Next=Next&Domain=fax&wherenext=DOMAINS_PAGE_REMOVE
[Sun Aug 05 17:38:29 2012] [error] [client 127.0.0.1] Use of uninitialized value in print at /usr/lib/perl5/site_perl/CGI/FormMagick/HTML.pm line 161., referer: https://name_of_my_server.name_of_my domain/server-manager/navigation

Same message, any server mode I use.

My server is back into server-gateway mode and everything works fine, except QoS of course. The router is just warming up at the moment, not connected 

If somebody has an idea...?

Thanks
Olivier[/list]

[larieu]

I have the feeling that your FreWall/Router get into the mix

for test purpose

first put your server in server only in the same LAN with the rest of equipments (connect them by a simple switch)
and set static IP on your computer - then try to access the server in this configuration
than after you know that it it is not from the router firewall you can continue

If you put your server in DMZ zone you'll need to set lots of rules on firewall/NAT/routes on the router

by default the router will respond on port 80 and 443 (http,https) and you could be easy mislead to another problem

[portedaix]

Thanks larieur for your answer, but I already tried that as mentionned in my first post.

Just to make sure it is not a firewall/router issue, I connected a workstation directly to the server-only with static IPs. That was the same : ssh OK, ssl no.

I add that I did it with a switch as well... The firewall/router is not the problem.

[Stefano]

My post title sounds like a well-known newbie problem  ...

If somebody has an idea...?

yes.. open a bug in bugzilla, thank you

[portedaix]

Hello Stefano,
Thanks for your answer.Bug in filezilla open. Let see...
I am wondering if I should not do a fresh install. Even if it takes time, it might be faster then trying to fix it. I use sme for soho. It took me a while to customise it to my needs (CRM, asterisk...). Maybe my server is not so correct now and this bug is really a stop for me.
Olivier

[Stefano]

please report here the bug reference for future readers, thank you

[chris burnat]

please report here the bug reference for future readers, thank you

http://bugs.contribs.org/show_bug.cgi?id=7061
Please follow there.