Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: wdepot on August 17, 2022, 12:43:16 AM
-
We've just begun running into an odd problem with our web server, or at least I'm wondering if it is due to a recent update in SME server 10. Our server hosts three domains westerndepot.com, westerndepot.store which is just another name for westerndepot.com that we added due to problems with DNS hijacking, and sierraplaza.com. Westerndepot.com and westerndepot.store are both pointed to the Primary ibay and sierraplaza.com goes to a separate ibay.
Just today we discovered that Microsoft Edge and Google Chrome are changing westerndepot.com and westerndepot.store into the IP address for the server in the address bar and truncating anything that comes after the first / so for instance westerndepot.com/specials.php gets changed to just the IP address which means people can only access the main page of the site. However sierraplaza.com works just fine in both browsers. We also have no problem fully accessing any of the sites if we use Firefox or Opera.
The server is fully up to date and no one reported this problem until today. Is it possible that one of the recent updates for SME Server could have tweaked something and caused this problem or should I look elsewhere to find a solution.
-
any change on the Primary ibay like a new .htaccess
any contribs?
any custom-template?
what handles the dns for your clients? SME ?
are the client on wan or lan?
Installation mode for SME?
help us to help you. no crystal ball here.
-
looking at it
www.westerndepot.com. 243 IN A 172.64.80.1
westerndepot.com. 243 IN A 172.64.80.1
westerndepot.store. 243 IN A 172.64.80.1
www.westerndepot.store. 243 IN A 172.64.80.1
172.64.80.1 is cloudflare ip
http://westerndepot.com redirects 301 to https://westerndepot.com/
which 302 redirects via a cloudflare request to http://69.173.134.163
which answers 200 OK and give me a blank page
<html><head></head>
<body>
<center>
</center></body></html>
I would say you have issue with your cloudflare configuration
-
looking at it
www.westerndepot.com. 243 IN A 172.64.80.1
westerndepot.com. 243 IN A 172.64.80.1
westerndepot.store. 243 IN A 172.64.80.1
www.westerndepot.store. 243 IN A 172.64.80.1
172.64.80.1 is cloudflare ip
http://westerndepot.com redirects 301 to https://westerndepot.com/
which 302 redirects via a cloudflare request to http://69.173.134.163
which answers 200 OK and give me a blank page
<html><head></head>
<body>
<center>
</center></body></html>
I would say you have issue with your cloudflare configuration
I tried accessing our site from home last night and had no problem using Firefox while Edge and Chrome were sending me to 98.238.194.121 which is owned by Comcast (and NOT the IP assigned to our server by Comcast I might add) while the 69.173.134.163 you got sent to is owned by Oricom Internet so I think some DNS hijacking is going on somewhere in those cases.
Here at work where I was testing the issue before I posted this thread our computers get their DNS from our server since they are on the LAN side. Everyone else, including our customers who reported the issue in the first place would be getting DNS from their ISP except those few that have done a manual config of DNS to someplace else. Cloudflare proxies the IP address for our server to guard against DDOS attacks and supposedly provides some cache service for static pages which probably doesn't really apply since the site in question is entirely PHP.
I think we can rule out SME Server causing the problem since when I returned to work this morning I was able the access the site properly using both Edge and Chrome. No changes were made to the server at all. This afternoon after returning from lunch I checked again and they were both back to converting it to 74.93.177.20 (the actual external IP for the server) so I would say the problem has something to do with the Chromium based browsers. I don't know if there is a Browser directive that could be added to httpd.conf to address the issue or not but I suspect the problem is simply out of our control like the DNS hijacking issue which is highly annoying, not to mention bad for business.
-
I have tested further, and the ip it get send to is the IP of the visitor.
I was able to see your website once on multiple clients, the minute I try to access it again, I gey redirected to my own ip on every devices I tried and different connexions.
check your httaccess and website settings, I think you have set wrong a redirection to the client ip instead of one of your domain
could also be in cloudflare but I will accuse first a httaccess or custom setting on your website or webserver
no dns hijacking
-
only difference between your office and the outside is inside SME Server should be giving DNS while it is cloudflare on the outside.
Also you might have some rules in a httaccess file or in a custom template redirecting based on the ip.
-
I have tested further, and the ip it get send to is the IP of the visitor.
I was able to see your website once on multiple clients, the minute I try to access it again, I gey redirected to my own ip on every devices I tried and different connexions.
check your httaccess and website settings, I think you have set wrong a redirection to the client ip instead of one of your domain
could also be in cloudflare but I will accuse first a httaccess or custom setting on your website or webserver
no dns hijacking
There is no .htaccess file in the Primary ibay where the site resides. I was also under the impression that SME Server blocked the use of htaccess files by default.
As for custom templates causing the issue I highly doubt it but here is the list of all of them for the httpd.conf file with their contents:
35SSL10SSLHonorCipherOrder contains:
SSLHonorCipherOrder on
35SSL30SSLProtocol contains:
{
# Specify which SSL Protocols to accept for this context
}
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
75AddTypesAV contains:
# MIME-types for audio and video
#
# Audio
AddType audio/mp4 m4a f4a f4b
AddType audio/ogg oga ogg
# JavaScript
# Normalize to standard type (it's sniffed in IE anyways):
# http://tools.ietf.org/html/rfc4329#section-7.2
AddType application/javascript js jsonp
AddType application/json json
# Video
AddType video/mp4 mp4 m4v f4v f4p
AddType video/ogg ogv
AddType video/webm webm
AddType video/x-flv flv
# Web fonts
AddType application/font-woff woff
AddType application/vnd.ms-fontobject eot
# Browsers usually ignore the font MIME types and sniff the content,
# however, Chrome shows a warning if other MIME types are used for the
# following fonts.
AddType application/x-font-ttf ttc ttf
AddType font/opentype otf
# Make SVGZ fonts work on iPad:
# https://twitter.com/FontSquirrel/status/14855840545
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
90e-smithAccess40ibays contains:
#------------------------------------------------------------
# Information bay directories
# override file that defaults iBays to indexes disabled
# place this file in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
#------------------------------------------------------------
{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
$OUT = "";
foreach my $ibay ($adb->ibays)
{
my %properties = $ibay->props;
my $key = $ibay->key;
#------------------------------------------------------------
# Figure out which combination of parameters to use. If
# PublicAccess parameter is present, this is e-smith 4.0.
# Otherwise, it's e-smith 3.0.
#------------------------------------------------------------
my $allow;
my $pass;
my $satisfy;
if ($properties{'PublicAccess'})
{
if ($properties{'PublicAccess'} eq 'none')
{
next;
}
elsif ($properties{'PublicAccess'} eq 'local')
{
$allow = $localAccess;
$pass = 0;
$satisfy = 'all';
}
elsif ($properties{'PublicAccess'} eq 'local-pw')
{
$allow = $localAccess;
$pass = 1;
$satisfy = 'all';
}
elsif ($properties{'PublicAccess'} eq 'global')
{
$allow = 'all';
$pass = 0;
$satisfy = 'all';
}
elsif ($properties{'PublicAccess'} eq 'global-pw')
{
$allow = 'all';
$pass = 1;
$satisfy = 'all';
}
elsif ($properties{'PublicAccess'} eq 'global-pw-remote')
{
$allow = $localAccess;
$pass = 1;
$satisfy = 'any';
}
}
elsif ($properties {'ReadAccess'} eq 'global')
{
if ($properties {'UsePassword'} eq 'yes')
{
$allow = 'all';
$pass = 1;
$satisfy = 'all';
}
else
{
$allow = 'all';
$pass = 0;
$satisfy = 'all';
}
}
else
{
if ($properties {'UsePassword'} eq 'yes')
{
$allow = $localAccess;
$pass = 1;
$satisfy = 'all';
}
else
{
$allow = $localAccess;
$pass = 0;
$satisfy = 'all';
}
}
my $allowOverride = $properties{'AllowOverride'} || "None";
my $dynamicContent = $properties{'CgiBin'} || "disabled";
my $followSymLinks = $properties{'FollowSymLinks'} || "disabled";
my $indexes = $properties{'Indexes'} || "disabled";
$OUT .= "\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "# $key ibay directories ($properties{'Name'})\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/ibays/$key/html>\n";
$OUT .= " ErrorDocument 400 /http_error.php?error_id=400\n";
$OUT .= " ErrorDocument 401 /http_error.php?error_id=401\n";
$OUT .= " ErrorDocument 403 /http_error.php?error_id=403\n";
$OUT .= " ErrorDocument 404 /http_error.php?error_id=404\n";
$OUT .= " ErrorDocument 405 /http_error.php?error_id=405\n";
$OUT .= " ErrorDocument 408 /http_error.php?error_id=408\n";
$OUT .= " ErrorDocument 415 /http_error.php?error_id=415\n";
$OUT .= " ErrorDocument 416 /http_error.php?error_id=416\n";
$OUT .= " ErrorDocument 417 /http_error.php?error_id=417\n";
$OUT .= " ErrorDocument 500 /http_error.php?error_id=500\n";
$OUT .= " ErrorDocument 501 /http_error.php?error_id=501\n";
$OUT .= " ErrorDocument 502 /http_error.php?error_id=502\n";
$OUT .= " ErrorDocument 503 /http_error.php?error_id=503\n";
$OUT .= " ErrorDocument 504 /http_error.php?error_id=504\n";
$OUT .= " ErrorDocument 505 /http_error.php?error_id=505\n";
$OUT .= " Options None\n";
$OUT .= " Options +Indexes\n" if ($indexes eq 'enabled');
$OUT .= " Options +FollowSymLinks\n" if ($followSymLinks eq 'enabled');
if ($dynamicContent eq 'enabled')
{
$OUT .= " Options +Includes\n";
}
else
{
$OUT .= " DirectoryIndex index.htm index.html\n";
$OUT .= " Options +IncludesNOEXEC\n";
$OUT .= " <FilesMatch \"\\.(php|php3|phtml)\$\">\n";
$OUT .= " order deny,allow\n";
$OUT .= " Deny from all\n";
$OUT .= " </FilesMatch>\n";
}
$OUT .= " AllowOverride $allowOverride\n";
$OUT .= " order deny,allow\n";
$OUT .= " deny from all\n";
$OUT .= " allow from $allow\n";
if ($pass)
{
$OUT .= " AuthName \"$properties{'Name'}\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " require user $key\n";
$OUT .= " Satisfy $satisfy\n";
}
if (($properties{PHPRegisterGlobals} || 'disabled') eq 'enabled')
{
$OUT .= " php_flag register_globals on\n";
}
$OUT .= "</Directory>\n";
$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/ibays/$key/cgi-bin>\n";
if ($dynamicContent eq 'enabled')
{
$OUT .= " Options ExecCGI\n";
}
$OUT .= " AllowOverride None\n";
$OUT .= " order deny,allow\n";
$OUT .= " deny from all\n";
$OUT .= " allow from $allow\n";
if ($pass)
{
$OUT .= " AuthName \"$properties{'Name'}\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " require user $key\n";
$OUT .= " Satisfy $satisfy\n";
}
$OUT .= "</Directory>\n";
$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/ibays/$key/files>\n";
$OUT .= " AllowOverride None\n";
$OUT .= " order deny,allow\n";
$OUT .= " deny from all\n";
$OUT .= " allow from $allow\n";
if ($pass)
{
$OUT .= " AuthName \"$properties{'Name'}\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " require user $key\n";
$OUT .= " Satisfy $satisfy\n";
}
$OUT .= "</Directory>\n";
}
}
91e-smithAccessPrimarysubdirs contains:
#------------------------------------------------------------
# Primary Information bay limited subdirectories
# place this file in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
#------------------------------------------------------------
<Directory /home/e-smith/files/ibays/Primary/html/adminstrator>
Options None
Options +Includes
SSLRequireSSL
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1 10.0.3.0/255.255.255.0
AuthType Basic
AuthBasicProvider external
AuthName "WD Site Admin"
AuthExternal pwauth
Require user admin
Satisfy any
</Directory>
and finally 92Expires contains:
#------------------------------------------------------------
# File Type Expiration
# place this file in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
#------------------------------------------------------------
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 10 days"
ExpiresByType text/html "access plus 2 days"
ExpiresByType image/gif "access plus 60 days"
ExpiresByType image/jpg "access plus 60 days"
ExpiresByType image/png "access plus 60 days"
ExpiresByType application/javascript "access plus 60 days"
ExpiresByType text/css "access plus 60 days"
ExpiresByType image/x-icon "access plus 60 days"
</IfModule>
Unless you count the ErrorDocument settings you can see there are no redirects of any kind in my custom templates.
Just in case it helps here are the database settings for the primary ibay:
[root@www ~]# db accounts show Primary
Primary=ibay
AllowUrlFopen=enabled
AllowUrlfOpen=enabled
CgiBin=enabled
DisabledFunctions=show_source,symlink,dl,shell_exec,passthru,escapeshellcmd,phpinfo
Group=shared
Indexes=disabled
MailForceSender=info@westerndepot.com
MaxExecutionTime=120
MaxFileUpload=50
MemoryLimit=348M
Modifiable=no
Name=Primary i-bay
PasswordSet=no
Passwordable=no
PostMaxSize=200M
PublicAccess=global
Removable=no
SSLRequireSSL=disabled
UploadMaxFilesize=40M
UserAccess=wr-admin-rd-group
Frankly I'm not seeing anything on the server that would be causing the problem. Besides that I would think a server setting would affect all browsers and not just some of them which I what I am running into when trying access from my computer on the server's local network here with only Edge and Chrome ever having any problem accessing the site.
I don't know of any contributions that would cause server redirects but here is a complete list of what is installed just in case: Sendmail-Wrapper, Letsencrypt, Webhosting, Hardware Info, AWStats, Fail2ban, Mod Deflate, PHPMyAdmin, Vacation.
I also have the scripts from the DAR2 contribution installed for better backups since they work with SME10 even though the server panel doesn't. Those were copied over from our server when it was still running SME9 and tested on our SME10 test server before I actually used them. I found I only needed to add one folder to the backup configuration for the scripts in order for them to work properly under SME10. It's too bad that contribution didn't get updated for SME10.
-
Run these and paste the output.
/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates
(The debug part in server-manager does similar)
It's too bad that contribution didn't get updated for SME10
Not sure of the status but please remember there is a collective responsibility here. It's the communities problem. Not just a few devs.
If it is important to you, get involved and help. We are few, with very limited time - most of us who are active do it in our spare time.
We do what we need first. We help those who help us out as best we can.
Everything else gets done as and when we get time or inclination to look at it. We currently have a huge list of things to do on the backend, as well as trying to build V11.
You don't have to code. There are lots of other things that need doing.
Just volunteer and get involved.
-
Run these and paste the output.
/sbin/e-smith/audittools/newrpms
/sbin/e-smith/audittools/templates
(The debug part in server-manager does similar)
[root@www ~]# /sbin/e-smith/audittools/newrpms
Loaded plugins: fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
* base: linux.mirrors.es.net
* smeaddons: mirror.canada.pialasse.com
* smeos: mirror.canada.pialasse.com
* smeupdates: mirror.canada.pialasse.com
* updates: centos-distro.cavecreek.net
Extra Packages
GeoIP.x86_64 1.6.12-9.el7.sme @smecontribs
GeoIP-GeoLite-data.noarch 2018.06-7.el7.sme @smecontribs
GeoIP-GeoLite-data-extra.noarch 2018.06-7.el7.sme @smecontribs
awstats.noarch 7.8-2.el7 @smecontribs
fail2ban-sendmail.noarch 0.11.2-3.el7 @smecontribs
fail2ban-server.noarch 0.11.2-3.el7 @smecontribs
perl-Data-Validate-IP.noarch 0.27-13.el7 @smecontribs
perl-Geo-IP.x86_64 1.45-1.of.el7 @smecontribs
phpMyAdmin.noarch 5.1.0-1.el7.sme @smecontribs
smeserver-awstats.noarch 1.4-5.el7.sme @smecontribs
smeserver-diskusage.noarch 0.2.0-5.el7.sme @smecontribs
smeserver-fail2ban.noarch 9:0.1.18-30.el7.sme @smecontribs
smeserver-hwinfo.noarch 1.2-5.el7.sme @smecontribs
smeserver-mod_dav.noarch 1.1-7.el7.sme @smecontribs
smeserver-mod_deflate.noarch 1.2-4.el7.sme @smecontribs
smeserver-phpmyadmin.noarch 4.0.10.2-11.el7.sme @smecontribs
smeserver-sendmail-wrapper.noarch 0.1-5.el7.sme @smecontribs
smeserver-vacation.noarch 1.1-34.el7.sme @smecontribs
smeserver-webhosting.noarch 0.0.9-15.el7.sme @smecontribs
[root@www ~]# /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/90e-smithAccess40ibays: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/75AddTypesAV: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/35SSL10SSLHonorCipherOrder: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/92Expires: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91e-smithAccessPrimarysubdirs: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/35SSL30SSLProtocol: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/opt/remi/php74/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/opt/remi/php80/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/opt/remi/php81/php.ini/90WesternDepotSpecific: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/qmail/control/defaulthost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/bouncehost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/envnoathost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/helohost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/doublebouncehost: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/qmail/control/me: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates/etc/dar2/dar2-backup/00setup: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Compression: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Default: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Exclude: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Prune: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Slice: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Verbose: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-backup/10Backup: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/00setup: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/10Default: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/10Restore: MANUALLY_ADDED
/etc/e-smith/templates/etc/dar2/dar2-restore/10RestoreTo: MANUALLY_ADDED
-
re dar2 :
most of the contribs that have been asked to be ported have been.
no one did asked for it until this thread
if you want it ported asap please help by opening a bug and by specifying what works and what fails.
also giving the workaround you used would make it quicker.
-
re dar2 :
most of the contribs that have been asked to be ported have been.
no one did asked for it until this thread
if you want it ported asap please help by opening a bug and by specifying what works and what fails.
also giving the workaround you used would make it quicker.
Is there a way to load an SME9 contribution into SME10 using yum? If so I would be happy to check DAR2 out to see what works in the SME control panel. I didn't know that was possible or I probably would have tried it a long time ago.
I've tested all of the scripts except the one for Midnight Commander which I never have used at any time anyway and they and the templates it installs that are used by the scripts work just fine. The only thing I had to do was add etc/backup-data.d to the list of folders being backed up by the SME9 contrib for it to properly cover SME10 which I did using
db dar2 setprop (backupname) Backup (comma separated list of folders to back up)since I didn't know I could try loading the contribution in SME10 as this is something I would have set in the SME control panel under SME9.
The main reasons I liked it rather than the built in SME backup was that I could set all aspects of the backup directly from the server manager control panel without having to manually do a db setting for some properties such as slice size like you do with the SME backup. Best of all it allowed you to set up as many different backups as you wanted, both manual and automatic, instead of just one which is my main beef with the built in SME backup. Frankly if those features of the DAR2 contribution were added to the built in SME backup I'd be happy.
-
Is there a way to load an SME9 contribution into SME10 using yum? If so I would be happy to check DAR2 out to see what works in the SME control panel. I didn't know that was possible or I probably would have tried it a long time ago.
is dar2 even a sme9 contrib? AFAIK only sme8
http://mirror.canada.pialasse.com/releases/obsolete/8/smecontribs/x86_64/RPMS/smeserver-dar2-0.0.1-34.el5.sme.noarch.rpm
wget and try a local install...not confident of success
-
aha, stephdl has an sme9 one on his repo
https://mirror.de-labrusse.fr/smeserver/6/noarch/smeserver-dar2-0.0.3-1.el6.sme.noarch.rpm
-
aha, stephdl has an sme9 one on his repo
https://mirror.de-labrusse.fr/smeserver/6/noarch/smeserver-dar2-0.0.3-1.el6.sme.noarch.rpm
Since I've never done a wget and local install before, tell me if I have correctly guessed the process for doing it.
First I cd to the folder where I want to store the RPM file.
Then Iwget https://mirror.de-labrusse.fr/smeserver/6/noarch/smeserver-dar2-0.0.3-1.el6.sme.noarch.rpmFinally I wouldyum install smeserver-dar2-0.0.3-1.el6.sme.noarch.rpm
-
panel can not load on sme10 for a sme9 or before contrib because of suid perl not available anymore
regarding your templates
- 91e-smithAccessPrimarysubdirs
will break your httpd with next update
-90e-smithAccess40ibays
will break also, and i highly suggest not overriding such essential fragment to add error page and rather add a fragment in Virtualhost folder with a condition based on domain
35SSL10SSLHonorCipherOrder exist already with a way to set what you want using db. set accordingly and remove the custom fragment to avoid issue if syntax change in a new release.
is suspect 92Expires is **part of** the problem as after 2 days i am able to see your website once and then not anymore if i hit refresh or click another link to it.
also remember you have cloudflare doing caching for you in between when not behind your lan.
speaking of cloudflare have you checked your settings there and compared to those of your other ibay which is working? I pointed multiple time in that direction and you never replied.
regarding your php.ini override remember sme is using php-fpm all you do in php.ini is overrided by php-fpm so custom fragment are probably useles and might interfer with cli calls
regarding qmail custom fragment most of then have configurable setting via db.
the more custom you do the more risk of breaking on update you have
-
Since I've never done a wget and local install before, tell me if I have correctly guessed the process for doing it.
First I cd to the folder where I want to store the RPM file.
Then Iwget https://mirror.de-labrusse.fr/smeserver/6/noarch/smeserver-dar2-0.0.3-1.el6.sme.noarch.rpmFinally I wouldyum install smeserver-dar2-0.0.3-1.el6.sme.noarch.rpm
I usually try and keep it as foolproof as possible :-) yum localinstall /tmp/rpm_name.rpm although localinstall was supposed to only be needed on el5, el6 just install
see JPs warnings, if you want to play best to use a test VM and NOT a prod system
-
DAR2 contrib has been added to smecontribs for SME10 see wiki for details https://wiki.koozali.org/DAR2
Please, any who have the need and are prepared to do a little extra curricula activity see Bug 12153 for intial port to sme10
-
panel can not load on sme10 for a sme9 or before contrib because of suid perl not available anymore
regarding your templates
- 91e-smithAccessPrimarysubdirs
will break your httpd with next update
-90e-smithAccess40ibays
will break also, and i highly suggest not overriding such essential fragment to add error page and rather add a fragment in Virtualhost folder with a condition based on domain
35SSL10SSLHonorCipherOrder exist already with a way to set what you want using db. set accordingly and remove the custom fragment to avoid issue if syntax change in a new release.
is suspect 92Expires is **part of** the problem as after 2 days i am able to see your website once and then not anymore if i hit refresh or click another link to it.
also remember you have cloudflare doing caching for you in between when not behind your lan.
speaking of cloudflare have you checked your settings there and compared to those of your other ibay which is working? I pointed multiple time in that direction and you never replied.
regarding your php.ini override remember sme is using php-fpm all you do in php.ini is overrided by php-fpm so custom fragment are probably useles and might interfer with cli calls
regarding qmail custom fragment most of then have configurable setting via db.
the more custom you do the more risk of breaking on update you have
To answer the question about Cloudflare first, I've checked those settings every time someone reported a problem to us and they have never changed. The settings on all three domains match one another so I doubt that the problem lies there.
I've dumped the custom template for mod_expires. I had added it after reading somewhere that recommended adding this to reduce file requests to the server from browsers. Since you suspected it might be causing a problem and since our server is never under much of a load anyway I figured that we could do without it.
I also took a look at the original SME CipherOrder template and found the db property to set so I've dumped that custom template as well. Since I had to copy the custom php.ini fragment into the opt/remi/php## custom template folders for those settings to work in the ibays it makes sense to do like you said and drop it from the /etc custom template. When I get a chance I'll see what I can figure out for the qmail db settings.
The questions I have are about the other two templates that you said will cause problems. For setting the custom error document I can see where that could break due to the modification of an existing SME template. Can I do something like this instead:
<Directory /home/e-smith/files/ibays/Primary/html>
ErrorDocument statements
</Directory>
<Directory /home/e-smith/files/ibays/sierraplaza/html>
ErrorDocument statements
</Directory>
and then name that custom template something like 9999ErrorDocs to make sure it gets added to the bottom of the httpd.conf file below anything written by the SME master templates?
You also say that 91e-smithAccessPrimarysubdirs will break httpd on the next update. It this due to the name of the template that will cause it to end up in the middle of some future settings that it shouldn't be in and a rename to put it below SME added items will fix it or is there another problem with it? Also are you referring to the next update of SME10 or is it the upcoming SME11 that it will break?
-
the issue with your custom template will arise with 10.1 update coming soon.
I have found what create your issue. this is the double redirection in your ibay.
I can point to the .store oneget back refresh. quit the page and come back it works everytime.
as soon as i go to the .com, first click on a link brings you to .store and from there whatever you do you get stuck with browsing your own ip.
i would either have cloudflare handle the redirection, either move the .com to another ibay and redirect from there.
you could also check how you do the redirection. apache redirect or apache mod rewrite.
-
the issue with your custom template will arise with 10.1 update coming soon.
I have found what create your issue. this is the double redirection in your ibay.
I can point to the .store one get back refresh. quit the page and come back it works everytime.
as soon as i go to the .com, first click on a link brings you to .store and from there whatever you do you get stuck with browsing your own ip.
i would either have cloudflare handle the redirection, either move the .com to another ibay and redirect from there.
you could also check how you do the redirection. apache redirect or apache mod rewrite.
I think I've got the httpd.conf custom templates figured out now. I've got it trimmed down to three of them.
75AddTypesAV which you didn't comment on so I assume it will be fine.
ZZe-smithAccessPrimarysubdirs which contains the following to secure our web site administration page:
<Directory /home/e-smith/files/ibays/Primary/html/administration>
Options None
Options +Includes
SSLRequireSSL
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1 10.0.3.0/255.255.255.0
AuthType Basic
AuthBasicProvider external
AuthName "WD Site Admin"
AuthExternal pwauth
Require user admin
Satisfy any
</Directory>
All I did with this file was rename it to something that should place it below any templates that SME might add in future updates. Let me know if there is anything in this file that might cause problems in the future and please be specific about exactly what it is that would cause a problem.
The final custom template for httpd.conf is ZYerrorDocsibays which contains:
<Directory /home/e-smith/files/ibays/Primary/html>
ErrorDocument 400 /http_error.php?error_id=400
ErrorDocument 401 /http_error.php?error_id=401
ErrorDocument 403 /http_error.php?error_id=403
ErrorDocument 404 /http_error.php?error_id=404
ErrorDocument 405 /http_error.php?error_id=405
ErrorDocument 408 /http_error.php?error_id=408
ErrorDocument 415 /http_error.php?error_id=415
ErrorDocument 416 /http_error.php?error_id=416
ErrorDocument 417 /http_error.php?error_id=417
ErrorDocument 500 /http_error.php?error_id=500
ErrorDocument 501 /http_error.php?error_id=501
ErrorDocument 502 /http_error.php?error_id=502
ErrorDocument 503 /http_error.php?error_id=503
ErrorDocument 504 /http_error.php?error_id=504
ErrorDocument 505 /http_error.php?error_id=505
</Directory>
<Directory /home/e-smith/files/ibays/sierraplaza/html>
ErrorDocument 400 /http_error.php?error_id=400
ErrorDocument 401 /http_error.php?error_id=401
ErrorDocument 403 /http_error.php?error_id=403
ErrorDocument 404 /http_error.php?error_id=404
ErrorDocument 405 /http_error.php?error_id=405
ErrorDocument 408 /http_error.php?error_id=408
ErrorDocument 415 /http_error.php?error_id=415
ErrorDocument 416 /http_error.php?error_id=416
ErrorDocument 417 /http_error.php?error_id=417
ErrorDocument 500 /http_error.php?error_id=500
ErrorDocument 501 /http_error.php?error_id=501
ErrorDocument 502 /http_error.php?error_id=502
ErrorDocument 503 /http_error.php?error_id=503
ErrorDocument 504 /http_error.php?error_id=504
ErrorDocument 505 /http_error.php?error_id=505
</Directory>
I tested this particular code on our test server and found it correctly triggers the error page so I got rid of the 90e-smithAccess40ibays custom template that would have caused problems with future updates.
I also took a look to find the proper db settings to force the use of only TLS1.1 or higher so I was able to get rid of that custom template. I'm guessing that since openSSL was updated to version 1.1.1 that the SSL cipher list for SME10 was updated to prefer TLS1.3 ciphers first.
So that brings us back to the problem I posted about in the first place. I'm confused about what you mean by double redirection in the ibay. Other than the fact that I have pointed both westerndepot.com and westerndepot.store to the primary ibay I have set no redirects of any kind in Apache. In fact I made sure to turn off forced SSL under Apache because that immediately created problems for anyone that tried to connect without SSL. The fact that all links within the site are set as https switches to SSL soon enough to suit our needs.
Granted all of the links and the cookie domain are set as westerndepot.store by the site but I would have thought that clicking one of the links when the site is accessed as westerndepot.com would have had essentially the same effect as clicking on a link to a different site entirely. Do you think I need to have PHP check to see whether the site has been accessed as westerndepot.com or westerndepot.store and then set the links accordingly? I'd just need to check the PHP $_SYSTEM variable to see which domain was used to access the site and have it set the defines for the site domain based on that.
-
as long as you use a redirector such as cloudflare, you need to keep that simple on your side.
cloudflare is already spoofing your dns by telling he acts as your domain and then probably reverse proxy to your server.
adding more internal rewriting in the same ibay make it a reciepe for disaster. keep it simple like your other website.
put the .com ok a desicated ibay with either a php script or a httpd configuration to redirect all .store before accessing the website. I think it will be kiss and will solve the issue.
-
as long as you use a redirector such as cloudflare, you need to keep that simple on your side.
cloudflare is already spoofing your dns by telling he acts as your domain and then probably reverse proxy to your server.
adding more internal rewriting in the same ibay make it a reciepe for disaster. keep it simple like your other website.
put the .com ok a desicated ibay with either a php script or a httpd configuration to redirect all .store before accessing the website. I think it will be kiss and will solve the issue.
I think I may have found the source of the problem. I was taking a look at the contents of the PHP $_SERVER variable this morning and found three different parts of the variable that reflect the way the site was accessed: SERVER_NAME, HTTP_HOST and SCRIPT_URI. With the standard SME settings all three reflected exactly the way the site was accessed so if I used www.westerndepot.com they all three would contain www.westerndepot.com. If I used westerndepot.store they would all three contain westerndepot.store and if I directly used the IP address then all three contained the IP address.
However when I looked at the online manual for the PHP $_SERVER variable I discovered this note:
'SERVER_NAME'
The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.
Note: Under Apache 2, you must set UseCanonicalName = On and ServerName. Otherwise, this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts.
That prompted me to look at the contents of http.conf where I discovered that UseCanonicalName was turned off. I found the SME template for this setting and saw that the off is hard coded and not set by a db variable. I therefore copied that SME template to templates-custom and changed the off to on.
With UseCanonicalName now turned on HTTP_HOST still matches what was used to access the site but SERVER_NAME and SCRIPT_URI contain westerndepot.com if the site is accessed using westerndepot.com, www.westerndepot.com or the IP address and they contain westerndepot.store if accessed using either westerndepot.store or www.westerndepot.store.
All links on the web site are created from the following bit of code:
define('HTTP_SERVER', 'https://westerndepot.store');
define('HTTPS_SERVER', 'https://westerndepot.store');
define('HTTP_COOKIE_DOMAIN', 'westerndepot.store');
define('HTTPS_COOKIE_DOMAIN', 'westerndepot.store');
And I had been thinking of doing something like this:
if (stripos($_SERVER['SERVER_NAME'], 'westerndepot.com') !== false) {
define('HTTP_SERVER', 'https://westerndepot.com');
define('HTTPS_SERVER', 'https://westerndepot.com');
define('HTTP_COOKIE_DOMAIN', 'westerndepot.com');
define('HTTPS_COOKIE_DOMAIN', 'westerndepot.com');
} else {
define('HTTP_SERVER', 'https://westerndepot.store');
define('HTTPS_SERVER', 'https://westerndepot.store');
define('HTTP_COOKIE_DOMAIN', 'westerndepot.store');
define('HTTPS_COOKIE_DOMAIN', 'westerndepot.store');
}to match the links to the way the site was accessed but with UseCanonicalName now turned on I'm not sure that I need to do that now. What is happening with the site on your end now that the usage of Canonical Names has been forced on?
-
you are doing things to create situations like the current one and also are harming your website reputation by dividing the traffic between two domains with exactly the same content.
this is bad for two reasons :
- you get half visitor or so on each domains.
- also having a website that looks like a duplicate reduce a lot the rating for google and other search engine.
-
you are doing things to create situations like the current one and also are harming your website reputation by dividing the traffic between two domains with exactly the same content.
Yup. Almost becoming a XY Info problem.
- also having a website that looks like a duplicate reduce a lot the rating for google and other search engine.
Yup. You will get clattered for doing this. A number of years ago Google went to town on skin sites and the like. They are pretty good at spotting sites that are mainly just duplicates with maybe a thin skin on top, both at the same address, and at different addresses.
Do one site. If you want a second, you need to make it substantially different.
-
you are doing things to create situations like the current one and also are harming your website reputation by dividing the traffic between two domains with exactly the same content.
this is bad for two reasons :
- you get half visitor or so on each domains.
- also having a website that looks like a duplicate reduce a lot the rating for google and other search engine.
We never have advertised westerndepot.store or used that domain in our Google Product Feed. The only real reason we applied for it in the first place was because people were getting directed to odd places when trying to connect to westerndepot.com even though our DNS settings with Cloudflare had never changed. In those cases would tell them to try connecting to westerndepot.store instead.
I've permanently set all links on our site back to westerndepot.com and have changed the DNS records with Cloudflare for westerndepot.store from A records pointing to our server to CNAME records pointing to westerndepot.com. With that done should I delete the westerndepot.store domain from our server or do I need to leave it there?
-
with all that done you still need to setup the store domain to a separate ibay and set it the way you want to redirect to .com.
as long as you have your domain pointing to your server the default will be to point to primary ibay unless set otherwise.
again if it point to your website, google will naturally explore it and find out it is a duplicate. you do not have to declare it to google , it will occur.
wether you declare it a cname or A it wil still end to your ip and then your website unless specified otherwise to your apache config ie, having domain pointed to another ibay stating wait we redirect you to .com
-
with all that done you still need to setup the store domain to a separate ibay and set it the way you want to redirect to .com.
as long as you have your domain pointing to your server the default will be to point to primary ibay unless set otherwise.
again if it point to your website, google will naturally explore it and find out it is a duplicate. you do not have to declare it to google , it will occur.
whether you declare it a cname or A it wil still end to your ip and then your website unless specified otherwise to your apache config ie, having domain pointed to another ibay stating wait we redirect you to .com
Okay, I've created a new ibay specifically for westerndepot.store. Now how do I redirect any traffic that might go to it to the same file on westerndepot.com. In other words:
westerndepot.store/index.php?cpath=456 to westerndepot.com/index.php?cpath=456
westerndepot.store/specials.php to westerndepot.com/specials.phpand so forth.
I'm not seeing anything in server-manager under either Information Bays or I-Bays Web Hosting that would set this up so I'm assuming that I will need a custom template for Apache to add the needed redirect. I just have no idea how to word it.
Oh, and I just got a call from a guy reporting that he was getting a "server at 108.204.251.233 took too long to respond" when trying to access westerndepot.com so something is still screwed up somewhere since that IP is owned by AT&T not us. The DNS settings at Cloudflare haven't been changed so something else is causing the problem.
-
# host westerndepot.com
westerndepot.com has address 104.21.80.147
westerndepot.com has address 172.67.223.182
westerndepot.com has IPv6 address 2606:4700:3032::ac43:dfb6
westerndepot.com has IPv6 address 2606:4700:3037::6815:5093
westerndepot.com mail is handled by 10 mail.westerndepot.com.
while round robin dns is a thing, from my experience, you should not play with that because most often than needed the browser will pick the wrong ip
if your server is 104.21.80.147 , then remove 172.67.223.182 or vice et versa.
for what I tested, this works with 172.67.223.182, so I guess you need to tidy your DNS... again at cloudflare, as they are your NS.
for the redirection check the internet for either
httpd Redirect
or
httpd mod rewrite
either put it in a htaccess file or in a template custom.
also rather than an ibray you can also set your domain with its dedicated virtual host template see wiki for that.
# host westerndepot.store
westerndepot.store has address 188.114.96.0
westerndepot.store has address 188.114.97.0
westerndepot.store has IPv6 address 2a06:98c1:3121::
westerndepot.store has IPv6 address 2a06:98c1:3120::
westerndepot.store mail is handled by 10 mail.westerndepot.com.
-
# host westerndepot.com
westerndepot.com has address 104.21.80.147
westerndepot.com has address 172.67.223.182
westerndepot.com has IPv6 address 2606:4700:3032::ac43:dfb6
westerndepot.com has IPv6 address 2606:4700:3037::6815:5093
westerndepot.com mail is handled by 10 mail.westerndepot.com.
while round robin dns is a thing, from my experience, you should not play with that because most often than needed the browser will pick the wrong ip
if your server is 104.21.80.147 , then remove 172.67.223.182 or vice et versa.
for what I tested, this works with 172.67.223.182, so I guess you need to tidy your DNS... again at cloudflare, as they are your NS.
for the redirection check the internet for either
httpd Redirect
or
httpd mod rewrite
either put it in a htaccess file or in a template custom.
also rather than an ibray you can also set your domain with its dedicated virtual host template see wiki for that.
# host westerndepot.store
westerndepot.store has address 188.114.96.0
westerndepot.store has address 188.114.97.0
westerndepot.store has IPv6 address 2a06:98c1:3121::
westerndepot.store has IPv6 address 2a06:98c1:3120::
westerndepot.store mail is handled by 10 mail.westerndepot.com.
The IP addresses you listed are all proxy IPs from Cloudflare.
I thought I found the proper code for the redirect but I am having a problem with it. I created a new custom template for httpd.conf named ZXredirectWesterndepotStore which contains the following:
<Directory /home/e-smith/files/ibays/store/html>
RewriteEngine On
RewriteRule ^(.*)$ https://westerndepot.com/$1 [R=301,L]
</Directory>
Once I did an expand-template on httpd.conf and a signal-event console-save I pointed westerndepot.store to the store ibay. The settings for this ibay are as follows:
Group admin
Write=admin Read=group
Public Access entire internet (no passwords)
Dynamic Content disabled
Force Secure disabled
and in web hosting I changed Directory Listing to disabled and left everything else at the default.
The problem now is that when I tested accessing anything using westerndepot.store all I get is a Forbidden error message. I could see a Not Found message with the redirect apparently not working properly since there is nothing in the ibay but the Forbidden message is puzzling since that ibay should be publicly readable with no password. What did I do wrong?
For now, until it can get resolved, I'm going to temporarily switch westerndepot.store back to the Primary ibay since I'm getting flooded with email messages from Fail2Ban due to this problem.
I had one thought occur to me last night. Is it possible that running westerndepot.com from the Primary ibay might have something to do with some people getting sent to odd IP addresses when trying to access the site? After all that is the ibay that is used if you put the IP address for the server into a web browser. We've been running westerndepot.com in the Primary ibay since the days of SME6 and didn't start having the problem reported to us until about halfway through the lifetime of SME9 so is it possible that some change to Apache could have started causing an occasional glitch with the IP and domain pointed to the same ibay? Would it be worth moving westerndepot.com from Primary to a new ibay?
-
thousand server are running using primary ibay without issue.
the chances are higher that the more you add layer to you setting the more you hack things to make it seem to work as you intend.
the code you show to alter the server variable might work with one situation and just fails when one arrives thru 2 proxy (one from cloudflare and their own. ) or any other situation.
regarding the current rewrite rule. what are the setting of your ibay before the rule is added?
what is the httpd error log content when trying to access?
-
thousand server are running using primary ibay without issue.
the chances are higher that the more you add layer to you setting the more you hack things to make it seem to work as you intend.
the code you show to alter the server variable might work with one situation and just fails when one arrives thru 2 proxy (one from cloudflare and their own. ) or any other situation.
regarding the current rewrite rule. what are the setting of your ibay before the rule is added?
what is the httpd error log content when trying to access?
I hadn't thought to check the http error log. The rewrite was failing because FollowSymbolicLinks was turned off for the store ibay. Once I turned that on the redirect from westerndepot.store to westerndepot.com worked fine.
After doing some reading about the difference between Rewrite and Redirect I've changed the code for the redirect to:
<Directory /home/e-smith/files/ibays/store/html>
RedirectMatch permanent ^/(.*)$ https://westerndepot.com/$1
</Directory>
since that forces the browser to immediately change from westerndepot.store to westerndepot.com rather than just connecting it to westerndepot.com via proxy.
Unfortunately here on the local end of the server Chrome is still changing westerndepot.com into the server's IP address and dropping everything after the .com. Every other web browser works fine. That makes me wonder if people from outside the local network are still going to have some problems when connecting if using Chrome. Are there any server logs you can think of that might provide some insight into this?