Good suggestion, but it doesn't seem to help. Even with owncloud disabled and accessing via http, just a blank page. I still get the same results with the phpinfo pages, so I still think this is some kind of php issue (phpinfo page in the openmediavault-webgui directly does NOT load. same page in the owncloud directory displays fine).
Beiträge von colbond
-
-
I've been doing some troubleshooting as far as the configs go:
When owncloud and openmediavault are each configured to use their own php5 sock, neither page loads.
When owncloud is configured to use openmediavault's php5 sock, it works fine, but obviously openmediavault does not.
I have found no configuration where the openmediavault webgui loads. -
I put php5-fpm in debug. This is the only thing I've sen so far
Code[04-Oct-2015 13:26:46.898971] DEBUG: pid 21995, fpm_got_signal(), line 76: received SIGCHLD [04-Oct-2015 13:26:46.899069] DEBUG: pid 21995, fpm_children_bury(), line 254: [pool openmediavault-webgui] child 22022 has been killed by the process management after 11.262087 seconds from start [04-Oct-2015 13:26:46.899119] DEBUG: pid 21995, fpm_event_loop(), line 419: event module triggered 1 events [04-Oct-2015 13:26:47.613907] DEBUG: pid 21995, fpm_children_make(), line 421: [pool openmediavault-webgui] child 22040 started [04-Oct-2015 13:26:47.614102] DEBUG: pid 21995, fpm_pctl_on_socket_accept(), line 536: [pool openmediavault-webgui] got accept without idle child available .... I forked [04-Oct-2015 13:26:47.614159] DEBUG: pid 21995, fpm_event_loop(), line 419: event module triggered 1 events
That pattern seems to show up every 10-15 seconds. Can't tell if it's something normal or not.
-
Definitely appreciate the help you guys have provided. Unless anyone has more ideas I'm going to need to reinstall this box.
-
PHP packages in case there's a version conflict:
Code
Alles anzeigendpkg -l | grep php ii php-json-schema 0.2.0 all PHP implementation of JSON schema ii php-pear 5.4.45-1~dotdeb+7.1 all PEAR - PHP Extension and Application Repository ii php-xml-parser 1.3.4-6 all PHP PEAR module for parsing XML ii php5 5.4.45-1~dotdeb+7.1 all server-side, HTML-embedded scripting language (metapackage) ii php5-cgi 5.4.45-1~dotdeb+7.1 amd64 server-side, HTML-embedded scripting language (CGI binary) ii php5-cli 5.4.45-1~dotdeb+7.1 amd64 command-line interpreter for the php5 scripting language ii php5-common 5.4.45-1~dotdeb+7.1 amd64 Common files for packages built from the php5 source ii php5-curl 5.4.45-1~dotdeb+7.1 amd64 CURL module for php5 ii php5-fpm 5.4.45-1~dotdeb+7.1 amd64 server-side, HTML-embedded scripting language (FPM-CGI binary) ii php5-gd 5.4.45-1~dotdeb+7.1 amd64 GD module for php5 ii php5-intl 5.4.45-1~dotdeb+7.1 amd64 internationalisation module for php5 ii php5-mcrypt 5.4.45-1~dotdeb+7.1 amd64 MCrypt module for php5 ii php5-mysql 5.4.45-1~dotdeb+7.1 amd64 MySQL module for php5 ii php5-pam 1.0.3-2 amd64 pam module for PHP 5 ii php5-pgsql 5.4.45-1~dotdeb+7.1 amd64 PostgreSQL module for php5 ii php5-proctitle 0.1.2-2 amd64 proctitle module for PHP 5 ii php5-sqlite 5.4.45-1~dotdeb+7.1 amd64 SQLite module for php5
-
And here are the two .sock files just in case:
srw------- 1 www-data www-data 0 Sep 19 09:05 php5-fpm-openmediavault-owncloud.sock
srw-rw---- 1 www-data www-data 0 Sep 19 09:05 php5-fpm-openmediavault-webgui.sock -
Ok. Disabled the vhost for owncloud completely. Copied your configs and only modified enough that it should work on my host (basically the ssl cert info). The redirect happens properly, then on 6443 I get a blank page. This has to be a php issue at this point, right?
-
well now it's broken in both after changing that .sock reference, but before that it only loaded phpinfo in the owncloud directory, not openmediavault.
-
Sounds good. Thanks for your help!
No it's all always blank page now (where I'd get intermittent/regular 502s before).
-
Ok really really interesting. I changed that and now BOTH sites are blank (owncloud and omv-webui)
-
just a security.conf
Code
Alles anzeigen# PFS (Perfect Forward Secrecy) # https://mozilla.github.io/server-side-tls/ssl-config-generator ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-S HA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS- AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; # Content Security Policy (CSP) # https://www.owasp.org/index.php/Content_Security_Policy add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;"; # https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options add_header X-Frame-Options "SAMEORIGIN"; # http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx add_header X-Content-Type-Options "nosniff"; # https://wiki.mozilla.org/Security/Features/XSS_Filter # http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx add_header X-XSS-Protection "1; mode=block";
-
Ah yes. The top one above is the nginx config. Here's php5/fpm/pool.d:
Code
Alles anzeigenmore openmediavault-webgui.conf [openmediavault-webgui] user = openmediavault group = openmediavault listen = /var/run/php5-fpm-openmediavault-webgui.sock listen.owner = www-data listen.group = www-data listen.mode = 0660 pm = ondemand pm.max_children = 25 pm.process_idle_timeout = 10s chdir = / ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; OpenMediaVault php.ini settings ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories php_value[include_path] = ".:/usr/share/php:/var/www/openmediavault" ; Pam Authentication Support (see /etc/pam.d) ; php_value[pam.servicename] = "openmediavault-webgui"; ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize php_value[upload_max_filesize] = 25M ; Maximum size of POST data that PHP will accept. ; http://php.net/post-max-size php_value[post_max_size] = 25M ; Do not expose to the world that PHP is installed on the server. ; http://php.net/expose-php php_value[expose_php] = Off ; Name of the session (used as cookie name). ; http://php.net/session.name php_value[session.name] = OMVSESSID ; Default timeout for socket based streams (seconds) ; http://php.net/default-socket-timeout php_value[default_socket_timeout] = 90 ; Maximum execution time of each script, in seconds ; http://php.net/max-execution-time ; Note: This directive is hardcoded to 0 for the CLI SAPI php_value[max_execution_time] = 90
-
Code
Alles anzeigenmore openmediavault-webgui server { server_name openmediavault-webgui; root /var/www/openmediavault; index index.php; autoindex off; server_tokens off; sendfile on; large_client_header_buffers 4 32k; client_max_body_size 25M; error_log /var/log/nginx/openmediavault-webgui_error.log error; access_log /var/log/nginx/openmediavault-webgui_access.log combined; location /extjs/ { alias /usr/share/javascript/extjs5/; } location /images/ { alias /var/www/openmediavault/images/; } location ~ \.php$ { try_files $uri = 404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm-openmediavault-webgui.sock; fastcgi_index index.php; fastcgi_read_timeout 60s; include fastcgi_params; } listen [::]:8080 default_server ipv6only=off; listen [::]:443 default_server ipv6only=off ssl deferred; ssl_certificate /etc/ssl/certs/openmediavault-378223d6-e3a1-426f-ab98-3b4663594d7f.crt; ssl_certificate_key /etc/ssl/private/openmediavault-378223d6-e3a1-426f-ab98-3b4663594d7f.key; include /etc/nginx/openmediavault-webgui.d/*.conf; }
Code
Alles anzeigenupstream php-handler { server unix:/var/run/php5-fpm-openmediavault-owncloud.sock; } server { listen 8443 ssl; server_name openmediavault; # ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; # ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; # ssl_certificate /etc/ssl/certs/openmediavault-378223d6-e3a1-426f-ab98-3b4663594d7f.crt; # ssl_certificate_key /etc/ssl/private/openmediavault-378223d6-e3a1-426f-ab98-3b4663594d7f.key; ssl_certificate /etc/ssl/certs/owncloud-2015.crt; ssl_certificate_key /etc/ssl/private/owncloud-2015.key; # Path to the root of your installation root /var/www/owncloud; error_log /var/log/nginx/openmediavault-owncloud_error.log error; access_log /var/log/nginx/openmediavault-owncloud_access.log combined; client_max_body_size 10G; # set max upload size fastcgi_buffers 64 4K; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } location / { # The following 2 rules are only needed with webfinger rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ index.php; } location ~ ^(.+?\.php)(/.*)?$ { try_files $1 = 404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; fastcgi_param HTTPS on; # fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php5-fpm-openmediavault-webgui.sock; # Or use unix-socket with 'fastcgi_pass unix:/var/run/php5-fpm.sock;' } # Optional: set long EXPIRES header on static assets location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { expires 30d; # Optional: Don't log access to assets access_log off; } }
-
I'm not local at the moment so I have to do it via links.
phpinfo in owncloud: works fine
phpinfo in openmediavault: empty page -
-
webroot isn't publicly available at the moment so I can try that later. Cleared the logs and restarted services, then force refreshed the webui page:
Code
Alles anzeigenroot@openmediavault nginx # tail *error.log ==> error.log <== ==> openmediavault-owncloud_error.log <== ==> openmediavault-webgui_error.log <== root@openmediavault nginx # tail *access.log ==> access.log <== ==> openmediavault-owncloud_access.log <== ==> openmediavault-webgui_access.log <== ::ffff:192.168.1.150 - - [16/Sep/2015:11:41:00 -0600] "GET / HTTP/1.1" 200 31 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36" ::ffff:192.168.1.150 - - [16/Sep/2015:11:41:01 -0600] "GET /favicon.ico HTTP/1.1" 200 1150 "https://omv.<domain>.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36"
-
Yeah killed the phpinfo page, though it has never seemed to make any difference.
No errors running omv-engined -f -d that I could see.
-
I think I mentioned it farther up but I still think it's relevant. I created a phpinfo page in the owncloud directory and copied it to the openmediavault directory. The one in owncloud loads normally. The one in openmediavault shows the same blank page that the index.php file does. If I 'su - www-data' and 'php index.php':
Code$ php index.php PHP Warning: DOMDocument::load(/etc/openmediavault/config.xml): failed to open stream: Permission denied in /usr/share/php/openmediavault/config.inc on line 113 Failed to load configuration (Warning 1549: failed to load external entity "/etc/openmediavault/config.xml" (line=0, column=0)) Error #3008:<br/>exception 'OMVException' with message 'Failed to load configuration (Warning 1549: failed to load external entity "/etc/openmediavault/config.xml" (line=0, column=0))' in /usr/share/php/openmediavault/config.inc:577<br/>Stack trace:<br/>#0 /usr/share/php/openmediavault/env.inc(22): require_once()<br/>#1 /var/www/openmediavault/index.php(23): require_once('/usr/share/php/...')<br/>#2 {main}
I honestly don't know if that error is relevant (since many files are owned by openmediavault) but it's the first error I've seen that might be related.
-
99% sure I didn't, since I generally rename file backups with .bak not .save.
Moved that config, restarted services. I also stopped an owncloud client that was running so I can more clearly see what's happening in the logs.
Nothing in any of the error logs. This is what I see in the webgui_access.log when loading the webui:
Code::ffff:192.168.1.150 - - [16/Sep/2015:07:51:53 -0600] "GET / HTTP/1.1" 200 31 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36" ::ffff:192.168.1.150 - - [16/Sep/2015:07:51:53 -0600] "GET /favicon.ico HTTP/1.1" 200 1150 "https://omv.<domain>.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36"
-
Code
ls -la /etc/nginx/sites-available/ total 24 drwxr-xr-x 2 root root 4096 Sep 16 07:17 . drwxr-xr-x 7 root root 4096 Jul 4 11:05 .. -rw-r--r-- 1 root root 2163 May 4 13:02 default -rw-r--r-- 1 root root 1163 Aug 30 09:05 openmediavault-webgui -rw-r--r-- 1 root root 1865 Feb 3 2015 openmediavault-webgui.save -rw-r--r-- 1 root root 2748 Sep 15 14:55 owncloud
Codels -la /etc/nginx/sites-enabled/ total 8 drwxr-xr-x 2 root root 4096 Sep 16 07:18 . drwxr-xr-x 7 root root 4096 Jul 4 11:05 .. lrwxrwxrwx 1 root root 40 Jan 27 2015 openmediavault-webgui -> ../sites-available/openmediavault-webgui lrwxrwxrwx 1 root root 27 Sep 16 07:18 owncloud -> ../sites-available/owncloud