Trouble Setting Up Hestia CP

So i am trying to use hestia cp and I have the DNS Records set from Cloudflare and I have kept the proxy off for webmail and mail subdomain but I get


this error on opening webmail URL

1 Like

1 Like

image

1 Like

Document Followed :

1 Like

It’s a bug, to fix it execute these commands as root:

chown -R hestiamail:www-data /etc/roundcube/
find /etc/roundcube/ -type f -iname "*php" -exec chmod 640 {} \;
chown -R hestiamail:www-data /var/lib/roundcube/
chown -R hestiamail:www-data /var/log/roundcube/
3 Likes

Executed this , it returned nothing , opening the webmail after executing this , still shows the same problem, I am not able to see anything on the system log, which log am I supposed to check ?

1 Like

Show the output of this command:

ls -la /etc/roundcube/
2 Likes

image

1 Like

You didn’t execute the commands I posted previously.

Do it again, as root and one by one:

chown -R hestiamail:www-data /etc/roundcube/
find /etc/roundcube/ -type f -iname "*php" -exec chmod 640 {} \;
chown -R hestiamail:www-data /var/lib/roundcube/
chown -R hestiamail:www-data /var/log/roundcube/
2 Likes

No changes :
image

1 Like

Show the output of these commands (please, show it as text, not as a screenshot):

tail -n20 /var/log/nginx/error.log
tail -n20 /var/log/nginx/domains/webmail.asmt.edu.np.error.log
tail -n20 /var/log/apache2/domains/webmail.asmt.edu.np.error.log
2 Likes
1 Like

I am using Cloudflare Origin CA Certificates for evth else and I have webmail.domain and mail.domain proxy disabled on cloudflare and have use the letsencrypt option for the webmail domain.

1 Like

I can’t see the output of:

tail -n20 /var/log/nginx/domains/webmail.asmt.edu.np.error.log
2 Likes

thats because there is none
image

1 Like

idk if its a SSL issue or smth but lemme explain my setup,
I’ve got a server from OCI which has hestia installed on it,
the control panel is connected to src.nepms.wiki (Domain from porkbun, thus server config uses Porkbun SSL & the main control Panel domain also is set to use the same)
Have a domain user (asmt.edu.np) added
asmt.edu.np lives on the cloudflare nameservers and i have replicated the dns records given by hestia cp on the server.
from cloudflare i issued a origin server certificate and have that set as the SSL for the website asmt.edu.np
the webmail subdomain doesn’t have the cloudflare proxy enabled and thus uses the LetsEnctrypt SSL acquired from hestia control panel.

1 Like

Your webmail is using an invalid Cloudflare origin certificate and you should fix it but that is not the issue to the 500 errror when trying to access the webmail.

It is really strange that you don’t have this log file: /var/log/nginx/domains/webmail.asmt.edu.np.error.log

ls -la /var/log/nginx/domains/

Show also the output of these commands:

systemctl status apache2 --no-pager -l

systemctl status php8.2-fpm --no-pager -l

apache2ctl configtest

nginx -t

cat /home/asmt/conf/mail/asmt.edu.np/nginx.conf

cat /home/asmt/conf/mail/asmt.edu.np/apache2.conf
2 Likes

Sorry for replying from a new account , apparently discourse has a limit for brand new accounts

root@src:~# ls -la /var/log/nginx/domains/
total 80
drwxr-xr-x 2 root root  4096 May 14 19:10 .
drwxr-xr-x 3 root root  4096 May 14 19:00 ..
-rw-r--r-- 1 root root     0 May 14 19:10 webmail.asmt.edu.np.error.log
-rw-r--r-- 1 root root 68992 May 15 14:29 webmail.asmt.edu.np.log
root@src:~#

root@src:~# systemctl status apache2 --no-pager -l
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-05-15 14:27:01 +0545; 5min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 779039 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 779042 (apache2)
      Tasks: 56 (limit: 28690)
     Memory: 10.2M
        CPU: 96ms
     CGroup: /system.slice/apache2.service
             ├─779042 /usr/sbin/apache2 -k start
             ├─779043 /usr/sbin/apache2 -k start
             ├─779048 /usr/sbin/apache2 -k start
             └─779049 /usr/sbin/apache2 -k start

May 15 14:27:01 src.nepms.wiki systemd[1]: Starting The Apache HTTP Server...
May 15 14:27:01 src.nepms.wiki apachectl[779041]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using src.nepms.wiki. Set the 'ServerName' directive globally to suppress this message
May 15 14:27:01 src.nepms.wiki systemd[1]: Started The Apache HTTP Server.

root@src:~# systemctl status php8.2-fpm --no-pager -l
● php8.2-fpm.service - The PHP 8.2 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.2-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-14 19:10:07 +0545; 19h ago
       Docs: man:php-fpm8.2(8)
   Main PID: 13393 (php-fpm8.2)
     Status: "Processes active: 0, idle: 0, Requests: 114, slow: 0, Traffic: 0req/sec"
      Tasks: 1 (limit: 28690)
     Memory: 16.4M
        CPU: 5.043s
     CGroup: /system.slice/php8.2-fpm.service
             └─13393 "php-fpm: master process (/etc/php/8.2/fpm/php-fpm.conf)" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

May 14 19:10:07 src.nepms.wiki systemd[1]: Starting The PHP 8.2 FastCGI Process Manager...
May 14 19:10:07 src.nepms.wiki systemd[1]: Started The PHP 8.2 FastCGI Process Manager.

root@src:~# apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using src.nepms.wiki. Set the 'ServerName' directive globally to suppress this message
Syntax OK

root@src:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

server {
        listen      10.0.0.75:80;
        server_name webmail.asmt.edu.np mail.asmt.edu.np;
        root        /var/lib/roundcube;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/webmail.asmt.edu.np.log combined;
        error_log   /var/log/nginx/domains/webmail.asmt.edu.np.error.log error;

        include /home/asmt/conf/mail/asmt.edu.np/nginx.forcessl.conf*;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location ~ ^/(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
                return 404;
        }

        location / {
                alias /var/lib/roundcube/;

                try_files $uri $uri/ =404;

                proxy_pass http://10.0.0.75:8080;

                location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
                        expires 7d;
                        fastcgi_hide_header "Set-Cookie";
                }
        }

        location @fallback {
                proxy_pass http://10.0.0.75:8080;
        }

        location /error/ {
                alias /var/www/document_errors/;
        }

        include /home/asmt/conf/mail/asmt.edu.np/nginx.conf_*;
}

root@src:~# cat /home/asmt/conf/mail/asmt.edu.np/apache2.conf
<VirtualHost 10.0.0.75:8080>
    ServerName webmail.asmt.edu.np
    ServerAlias mail.asmt.edu.np
    Alias / /var/lib/roundcube/
    Alias /error/ /home/asmt/web/asmt.edu.np/document_errors/
    #SuexecUserGroup asmt asmt

    IncludeOptional /home/asmt/conf/mail/asmt.edu.np/apache2.forcessl.conf*

    <Directory "/usr/share/tinymce/www/">
      Options Indexes MultiViews FollowSymLinks
      AllowOverride None
      Order allow,deny
      allow from all
    </Directory>

    <Directory /var/lib/roundcube/>
        Options +FollowSymLinks
        # This is needed to parse /var/lib/roundcube/.htaccess. See its
        # content before setting AllowOverride to None.
        AllowOverride All
        order allow,deny
        allow from all
    </Directory>

    # Protecting basic directories:
    <Directory /var/lib/roundcube/config>
            Options -FollowSymLinks
            AllowOverride None
    </Directory>

    <Directory /var/lib/roundcube/temp>
            Options -FollowSymLinks
            AllowOverride None
        Order allow,deny
        Deny from all
    </Directory>

    <Directory /var/lib/roundcube/logs>
            Options -FollowSymLinks
            AllowOverride None
        Order allow,deny
        Deny from all
    </Directory>

    IncludeOptional /home/asmt/conf/mail/asmt.edu.np/apache2.conf_*

</VirtualHost>
1 Like

I see no problems…

Show me the output of this log:

tail -n20 /var/log/nginx/domains/webmail.asmt.edu.np.log
2 Likes
root@src:~# tail -n20 /var/log/nginx/domains/webmail.asmt.edu.np.log
88.6.133.123 - - [15/May/2024:14:23:47 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0"
129.150.35.0 - - [15/May/2024:14:23:47 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:23:47 +0545] "GET /favicon.ico HTTP/2.0" 404 1358 "https://webmail.asmt.edu.np/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:23:48 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:23:48 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:23:49 +0545] "GET /favicon.ico HTTP/2.0" 404 1358 "https://webmail.asmt.edu.np/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:23:49 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:23:49 +0545] "GET /favicon.ico HTTP/2.0" 404 1358 "https://webmail.asmt.edu.np/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:23:52 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
129.150.35.0 - - [15/May/2024:14:29:18 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
47.88.94.159 - - [15/May/2024:14:42:13 +0545] "GET / HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Linux; Android 11; M2004J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36"
47.89.195.210 - - [15/May/2024:14:42:13 +0545] "GET / HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Linux; Android 11; M2004J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36"
47.251.13.32 - - [15/May/2024:14:42:14 +0545] "GET /Public/home/js/check.js HTTP/1.1" 404 1370 "-" "Mozilla/5.0 (Linux; Android 11; M2004J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36"
47.88.94.159 - - [15/May/2024:14:42:14 +0545] "GET /Public/home/js/check.js HTTP/1.1" 404 1370 "-" "Mozilla/5.0 (Linux; Android 11; M2004J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36"
47.88.78.6 - - [15/May/2024:14:42:15 +0545] "GET /static/admin/javascript/hetong.js HTTP/1.1" 404 1370 "-" "Mozilla/5.0 (Linux; Android 11; M2004J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36"
47.251.14.232 - - [15/May/2024:14:42:15 +0545] "GET /static/admin/javascript/hetong.js HTTP/1.1" 404 1370 "-" "Mozilla/5.0 (Linux; Android 11; M2004J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36"
88.6.133.123 - - [15/May/2024:14:43:11 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0"
88.6.133.123 - - [15/May/2024:14:43:17 +0545] "GET / HTTP/2.0" 200 426 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0"
88.6.133.123 - - [15/May/2024:14:43:18 +0545] "GET /favicon.ico HTTP/2.0" 404 1358 "https://webmail.asmt.edu.np/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0"
88.6.133.123 - - [15/May/2024:14:43:27 +0545] ":" 400 150 "-" "-"

1 Like