mdjong
October 12, 2023, 6:18pm
1
I just installed latest HestiaCP yesterday, on debian 12. Everything seems to work perfectly, however today I noticed I can’t access phpmyadmin. When i click the button to open phpmyadmin I get an “Internal server error”. I tried the nginx log (nginx only, no apache). But i can’t find any error related to the phpmyadmin error.
So far I tried to find details through log, no luck. I also tried if maybe it was something with http / https, seems like not. Disable automatic database login, same result.
My install string:
hst-install.sh --port ‘8083’ --lang ‘en’ --apache no --phpfpm yes --multiphp yes --vsftpd yes --proftpd no --named yes --mariadb yes --mysql8 no --postgresql no --exim yes --dovecot yes --sieve no --clamav yes --spamassassin yes --iptables yes --fail2ban yes --quota no --api yes --interactive yes --force no
I searched the docs if I maybe needed to enable something, but I can’t find anything related to this problem.
mdjong
October 13, 2023, 8:19am
2
I seem to have found an error which is triggered when i try to open phpmyadmin:
2023/10/13 10:11:23 [error] 340996#340996: *14163 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: xx.xx.xx.xx, server: panel . example . com, request: “GET /phpmyadmin/ HTTP/2.0”, upstream: “fastcgi://127.0.0.1:9000”, host: “panel . example . com”, referrer: “https://panel.example.com/list/db/ ”
The spaces around panel example url are due to the forum not allowing me to post the links as I am new user.
If you want to write command outputs, logs, etc. paste the text in the post, select the text and click on button </>
so it will be formatted as code and you will avoid that issue, also, it is more readable for us.
Could you please show the output of these three commands?
ps -f "$(lsof +c0 -i:9000 | tail -n1 | cut -d ' ' -f2)"
cat /etc/nginx/conf.d/phpmyadmin.inc
ls -lh /etc/phpmyadmin/ /usr/share/phpmyadmin/ /var/lib/phpmyadmin/
mdjong
October 13, 2023, 3:01pm
4
Thank you, I will use the code format button. Regarding the commands:
ps -f "$(lsof +c0 -i:9000 | tail -n1 | cut -d ' ' -f2)"
UID PID PPID C STIME TTY STAT TIME CMD
www-data 439879 235832 0 16:56 ? S 0:00 php-fpm: pool www
cat /etc/nginx/conf.d/phpmyadmin.inc
location /phpmyadmin {
alias /usr/share/phpmyadmin/;
location ~ /(libraries|setup|templates|locale) {
deny all;
return 404;
}
location ~ /(.+\.(json|lock|md)) {
deny all;
return 404;
}
location ~ ^/phpmyadmin/(.*\.php)$ {
alias /usr/share/phpmyadmin/$1;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
location /phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|webp|js|ico|html|xml|txt))$ {
root /usr/share/phpmyadmin/;
}
}
ls -lh /etc/phpmyadmin/ /usr/share/phpmyadmin/ /var/lib/phpmyadmin//
/etc/phpmyadmin/:
total 8.0K
drwxr-x--- 2 root www-data 4.0K Oct 11 19:53 conf.d
-rw-r----- 1 root www-data 980 Oct 12 18:45 config.inc.php
/usr/share/phpmyadmin/:
total 764K
-rw-r--r-- 1 root root 69 Oct 11 19:53 babel.config.json
-rw-r--r-- 1 root root 70K Oct 11 19:53 ChangeLog
-rw-r--r-- 1 root root 5.2K Oct 11 19:53 composer.json
-rw-r--r-- 1 root root 299K Oct 11 19:53 composer.lock
-rw-r--r-- 1 root root 4.7K Oct 11 19:53 config.sample.inc.php
-rw-r--r-- 1 root root 2.6K Oct 11 19:53 CONTRIBUTING.md
drwxr-xr-x 3 root root 4.0K Oct 11 19:53 doc
drwxr-xr-x 2 root root 4.0K Oct 11 19:53 examples
-rw-r--r-- 1 root root 22K Oct 11 19:53 favicon.ico
-rw-r--r-- 1 root root 1.1K Oct 11 19:53 index.php
drwxr-xr-x 6 root root 4.0K Oct 11 19:53 js
drwxr-xr-x 4 root root 4.0K Oct 11 19:53 libraries
-rw-r--r-- 1 root root 18K Oct 11 19:53 LICENSE
drwxr-xr-x 44 root root 4.0K Oct 11 19:53 locale
-rw-r--r-- 1 root root 2.8K Oct 11 19:53 package.json
-rw-r--r-- 1 root root 1.5K Oct 11 19:53 README
-rw-r--r-- 1 root root 29 Oct 11 19:53 RELEASE-DATE-5.2.1
-rw-r--r-- 1 root root 26 Oct 11 19:53 robots.txt
drwxr-xr-x 5 root root 4.0K Oct 11 19:53 setup
-rw-r--r-- 1 root root 1.2K Oct 11 19:53 show_config_errors.php
drwxr-xr-x 2 root root 4.0K Oct 11 19:53 sql
drwxr-xr-x 25 root root 4.0K Oct 11 19:53 templates
drwxr-xr-x 6 root root 4.0K Oct 11 19:53 themes
drwxrwx--- 3 root www-data 4.0K Oct 12 18:57 tmp
-rw-r--r-- 1 root root 965 Oct 11 19:53 url.php
drwxr-xr-x 28 root root 4.0K Oct 11 19:53 vendor
-rw-r--r-- 1 root root 248K Oct 11 19:53 yarn.lock
/var/lib/phpmyadmin/:
total 4.0K
drwxrwx--- 2 root root 4.0K Oct 11 19:53 tmp
I can’t see any obvious issue, what about cpu, ram and disk in your server?
If you restart nginx and php-fpm and immediately you try to access phpmyadmin, do you have the same problem?
systemctl restart php8.2-fpm
systemctl restart nginx
mdjong
October 14, 2023, 9:17am
6
Thank you for helping to find the issue. The problem unfortunately stays the same after restarting both services.
Its running in an vm on proxmox.
4 core cpu in proxmox (baremetal cpu is: Intel E3-1240v5)
8192MB of ram (PC4-2133P-E)
128GB SSD (Intel S4600)
sahsanu
October 14, 2023, 10:41am
7
When I said cpu, ram and disk I meant how much resources you were using, something like:
top -b -n 1
free -m
df -h
PHP is working in any other site? If you didn’t test it, try to create a php file in one of your sites:
echo '<?php phpinfo() ?>' > /home/USER/web/YOURDOMAIN/public_html/info.php
And try to access this file with your browser:
http://YOURDOMAIN/info.php
mdjong
October 14, 2023, 11:57am
8
Ah ok, the output of the commands is:
top -b -n 1
top - 13:53:34 up 2 days, 17:35, 1 user, load average: 0.00, 0.00, 0.00
Tasks: 125 total, 1 running, 124 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 25.0 sy, 0.0 ni, 50.0 id, 25.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 7940.6 total, 3295.6 free, 2457.4 used, 2529.5 buff/cache
MiB Swap: 975.0 total, 975.0 free, 0.0 used. 5483.3 avail Mem
free -m
total used free shared buff/cache available
Mem: 7940 2445 3307 69 2529 5495
Swap: 974 0 974
df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 795M 600K 794M 1% /run
/dev/sda1 125G 4.7G 114G 4% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 795M 0 795M 0% /run/user/1000
The php commands runs normally and shows the blue screen with php information.
So, I see no problem with cpu, ram nor disk. Also php is working…
Show the output of this command (is to check what is the phpmyadmin alias):
v-list-sys-config json | jq -r '.[].DB_PMA_ALIAS'
If you try to connect to phpmyadmin with one of your domains it works?
http://YOURDOAMIN/phpmyadmin/
or with https
https://YOURDOAMIN/phpmyadmin/
What is the url that appears when you click on phpMyAdmin button?
mdjong
October 14, 2023, 1:45pm
10
The output is:
v-list-sys-config json | jq -r '.[].DB_PMA_ALIAS'
phpmyadmin
Using http://YOURDOAMIN/phpmyadmin/
or https://YOURDOAMIN/phpmyadmin/
phpadmin loads normally. The button for phpmyadmin under the section database leads to:
https://main_panel_url/phpmyadmin/
I would indeed think that that url doesnt work. It should problably be ?
https://selected_domain/phpmyadmin/
eris
October 14, 2023, 1:52pm
11
Make sure main_panel_url exists as web domain in Hestia
This should be always the case for SSL reasons…
mdjong
October 14, 2023, 2:13pm
12
The main_panel_url exists as webdomain. It was created when I installed the panel several days ago.
However, the main_panel_url is panel.example.ltd. This subdomain was created automatically at install and has LE ssl cert. Also this subdomain is under the automatically created admin user. The example.ltd is under a different user (this was best practice I read?).
Could that possibly be related to the error with the url?
sahsanu
October 14, 2023, 2:27pm
13
That should work fine.
Show the output of this command (lets check whether the panel domain has the right includes for phpmyadmin):
grep -r phpmyadmin /home/admin/conf/web/panel.example.tld/
mdjong
October 14, 2023, 2:31pm
14
grep -r phpmyadmin /home/admin/conf/web/panel.example.ltd/
/home/admin/conf/web/panel.example.ltd/nginx.conf: include /etc/nginx/conf.d/phpmyadmin.inc*;
/home/admin/conf/web/panel.example.ltd/nginx.ssl.conf: include /etc/nginx/conf.d/phpmyadmin.inc*;
sahsanu
October 14, 2023, 2:36pm
15
All seems ok.
Could you please tell me what is your real domain? If you don’t want to make it public, send me a private message.
Also, show the output of this command:
v-list-web-domain admin panel.example.tld json
mdjong
October 14, 2023, 2:39pm
16
Thank you, I will send it in private message.
{
"panel.example.nl": {
"IP": "x.x.x.x",
"IP6": "",
"DOCUMENT_ROOT": "/home/admin/web/panel.example.ltd/public_html/",
"U_DISK": "1",
"U_BANDWIDTH": "0",
"TPL": "cp",
"ALIAS": "",
"STATS": "",
"STATS_USER": "",
"SSL": "yes",
"SSL_FORCE": "yes",
"SSL_HSTS": "yes",
"SSL_HOME": "same",
"LETSENCRYPT": "yes",
"FTP_USER": "",
"FTP_PATH": "",
"AUTH_USER": "",
"BACKEND": "default",
"PROXY": "default",
"PROXY_EXT": "",
"FASTCGI_CACHE": "",
"FASTCGI_DURATION": "",
"REDIRECT": "",
"REDIRECT_CODE": "",
"CUSTOM_DOCROOT": "",
"SUSPENDED": "no",
"TIME": "19:54:16",
"DATE": "2023-10-11"
}
}
sahsanu
October 14, 2023, 2:56pm
17
Well this is a bit crazy, with Firefox it gives me the 500 error but with curl from shell and with Chrome it works…
$ curl -sIkL https://panel.example.tld/phpmyadmin/
HTTP/2 200
server: nginx
date: Sat, 14 Oct 2023 14:54:38 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: pma_lang_https=en; expires=Mon, 13 Nov 2023 14:54:38 GMT; Max-Age=2592000; path=/phpmyadmin/; secure; HttpOnly; SameSite=Strict
set-cookie: phpMyAdmin_https=9lngqmb7gpatjmnhpf1cmkrrcp; path=/phpmyadmin/; secure; HttpOnly; SameSite=Strict
x-ob_mode: 1
x-frame-options: DENY
referrer-policy: no-referrer
content-security-policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
x-content-security-policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
x-webkit-csp: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
expires: Sat, 14 Oct 2023 14:54:38 +0000
cache-control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
pragma: no-cache
last-modified: Sat, 14 Oct 2023 14:54:38 +0000
vary: Accept-Encoding
strict-transport-security: max-age=31536000;
Right now, I’ve no idea why it works for curl and Chrome but not for Firefox…
mdjong
October 14, 2023, 3:00pm
19
Thank you for investigating. I use firefox as my main browser.
It’s strange indeed the it looks browser dependent.
sahsanu
October 14, 2023, 3:21pm
20
The cp template you are using, did you create both templates? cp.tpl
and cp.stpl
in /usr/local/hestia/data/templates/web/nginx/php-fpm/
dir?
sahsanu
October 14, 2023, 4:51pm
21
Well, I’ve tested it and I fixed it (or at least I think so ), edit your cp.stpl
template in /usr/local/hestia/data/templates/web/nginx/php-fpm/
and add these lines after ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
So you will have something like this:
server {
listen %ip%:%web_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
index index.php index.html index.htm;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
ssl_stapling on;
ssl_stapling_verify on;
# TLS 1.3 0-RTT anti-replay
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
if ($anti_replay = 425) { return 425; }
error_log /var/log/%web_system%/domains/%domain%.error.log error;
[... here the rest of the file ...]
Once saved the file, rebuild your site:
v-rebuild-web-domain admin panel.yourdomain.nl
And now try to access phpmyadmin again with Firefox and it should work fine… I hope so