Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: theb2b on November 05, 2019, 01:14:53 pm

Title: Webadmin not Accessible [SOLVED]
Post by: theb2b on November 05, 2019, 01:14:53 pm
Trying to access the webadmin page and getting a page not found error. I have verified nginx is running and I can access the default page handed out by nginx. The port is shown as closed when I run nmap and I have run zs webadmin restart and the command runs with no errors. Checked both the error logs for zentyal, nothing shown or listed for this process. Also checked the logs for nginx, same thing nothing in the logs, as far as I can tell.

Any suggestions on what to look for, check or some more troubleshooting steps I can take would be appreciated.
Ubuntu 16.04.5
Zentyal 5.03
nginx 1.10.3
Title: Re: Webadmin not Accessible
Post by: doncamilo on November 05, 2019, 04:01:41 pm
 :)

Did you check for some uwsgi error?

Cheers!
Title: Re: Webadmin not Accessible
Post by: theb2b on November 06, 2019, 03:04:24 am
Ok, I'm game how do I check for errors. Did a quick google for this and didn't really find anything that I believe applies to Zentyal. But then again I have no knowledge of what I looking for.

Thanks!
Title: Re: Webadmin not Accessible
Post by: doncamilo on November 06, 2019, 02:13:03 pm
 :)

Paste here a link to pastebin or similar with your /var/log/zentyal/zentyal.log file, please.

It can contain usernames, etc. Sanityze it before to share.

Cheers!
Title: Re: Webadmin not Accessible
Post by: theb2b on November 07, 2019, 12:45:54 am
Traveling today so just now seeing your request.

https://nextcloud.broughtonhome.org/index.php/s/n3q4Q8MPnccYwpg (https://nextcloud.broughtonhome.org/index.php/s/n3q4Q8MPnccYwpg)

Title: Re: Webadmin not Accessible
Post by: doncamilo on December 02, 2019, 05:14:30 pm
 :)

I forgotten to reply! ¡I'm sorry!

Please, upload your logs another time. The link you provided is time out.

Run this command too:

Code: [Select]
sudo  ps aux | grep 'uwsgi'

I'm sorry for delaying my response!

Cheers!
Title: Re: Webadmin not Accessible
Post by: scottdr on December 10, 2019, 07:15:39 pm
If you run 'sudo netstat -tulpn | grep nginx' you should get the actual port that you need to connect to,

My example is
"tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      9189/nginx: master"

So try connecting to your internal IP address with https://<internal_ip>:8443/ and see if you get the webadmin login screen.

HTH

Don
Title: Re: Webadmin not Accessible
Post by: theb2b on December 30, 2019, 03:33:27 am
:)

I forgotten to reply! ¡I'm sorry!

Please, upload your logs another time. The link you provided is time out.

Run this command too:

Code: [Select]
sudo  ps aux | grep 'uwsgi'

I'm sorry for delaying my response!

Cheers!
Crazy time of the year with family, holidays, etc so I'm the one needs to apologize, believe I have the request information.
Below is the result of sudo ps aux | grep uwsgi

zenadmin 15173  0.0  0.0  12936   948 pts/0    S+   20:24   0:00 grep --color=auto uwsgi
ebox     15860  0.0  1.8 288948 76756 ?        Ss   Dec24   0:33 /usr/bin/uwsgi --master --ignore-sigpipe --buffer-size 10240 --plugins 0:psgi --uid ebox --gid ebox --umask 000 -s /run/zentyal-webadmin/webadmin.sock --touch-reload /var/lib/zentyal/webadmin.reload --psgi /usr/share/zentyal/psgi/zentyal.psgi
ebox     15990  0.0  1.8 288948 75360 ?        S    Dec24   0:00 /usr/bin/uwsgi --master --ignore-sigpipe --buffer-size 10240 --plugins 0:psgi --uid ebox --gid ebox --umask 000 -s /run/zentyal-webadmin/webadmin.sock --touch-reload /var/lib/zentyal/webadmin.reload --psgi /usr/share/zentyal/psgi/zentyal.psgi

Here is link again, will be active until the 10th, same log file posted earlier if you need\want more recent one let me know.

https://nextcloud.broughtonhome.org/index.php/s/ypgcoAWa7HYNSEq

scottdr, ran the command;
sudo netstat -tulpn | grep nginx
Returned was nothing, no output displayed on the screen.
Title: Re: Webadmin not Accessible
Post by: doncamilo on December 30, 2019, 12:06:15 pm
 :)

First:

Each time you restart webadmin Zentyal is working in the '/lib/systemd/system/' folder

Code: [Select]
# 27114-27115 lines
/bin/chmod 0644 '/lib/systemd/system/zentyal.webadmin-nginx.service'
/bin/chown 0.0 '/lib/systemd/system/zentyal.webadmin-nginx.service'

However, services defined in '/etc/systemd/system' folder take precedence. So check this folder. Is there some zentyal.webadmin-nginx.service or zentyal.webadmin-uwsgi.service file?

(You have lots of DNS errors which produce some samba error (DNS try to update before samba have been properly restarted). But your system seems to recover afterward)

Run these commands:

Code: [Select]
sudo systemctl start zentyal.webadmin-nginx.service
sudo systemctl start zentyal.webadmin-uwsgi.service
sudo journalctl -o verbose -u zentyal.webadmin-nginx.service
sudo journalctl -o verbose -u zentyal.webadmin-uwsgi.service

Merry Christmas and Happy New Year!  ;D






Title: Re: Webadmin not Accessible
Post by: tranthithanhmo on December 31, 2019, 04:53:45 am
I have the same fault as you and I'm having a headache about it
Title: Re: Webadmin not Accessible
Post by: theb2b on December 31, 2019, 05:35:51 am
Quote
However, services defined in '/etc/systemd/system' folder take precedence. So check this folder. Is there some zentyal.webadmin-nginx.service or zentyal.webadmin-uwsgi.service file?

Services listed above are not in /etc/sysemd/system folder.

Run the commands as suggested, found or couple of issues I do believe. First Nginx was not starting, apache2 had ports 80 and 443. When I stopped apache2 then started nginx using systemctl start nginx, started up no errors. But when I ran systemctl start zentyal.webadmin-nginx.service failed to start. when I ran journalctl -o verbose -u zentyal.webadmin-nginx.service found following.

MESSAGE=nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/lib/zentyal/conf/ssl/ssl.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

Now looking at my certs, need to determine why nginx thinks they don't match. Found per the nginx manpage above error will occur if the server certificate and the bundle have been concatenated in the wrong order. The cert is created by zentyal, right? So how could they be concatenated in the wrong order or am I looking in the wrong place?
Title: Re: Webadmin not Accessible
Post by: doncamilo on December 31, 2019, 02:42:56 pm
 :)

In your case I would install the Zentyal CA module. When generated the CA you'll see a new certificate issue by the new CA to webadmin.

(https://i.ibb.co/6mDk5wt/ca.png)

Enable this certificate. Check the nginx config to confirm that it has been configured as nginx certificate:

Code: [Select]
sudo grep 'ssl_certificate' /var/lib/zentyal/conf/nginx.conf
        ssl_certificate /var/lib/zentyal/conf/ssl/ssl.pem;
        ssl_certificate_key /var/lib/zentyal/conf/ssl/ssl.pem;

sudo cat /var/lib/zentyal/conf/ssl/ssl.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2248042248811670428 (0x1f32a683c07d6b9c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Ruined, L=New York, O=mordor-corporate, CN=mordor-corporate Authority Certificate
        Validity
            Not Before: Dec 31 13:20:22 2019 GMT
            Not After : Dec 28 13:19:44 2029 GMT

Afterward, use this black magic to force nginx to use the new certificate:

Code: [Select]
sudo systemctl restart zentyal.webadmin-nginx.service
sudo systemctl daemon-reload

If the issue was due to the ssl cert. this should fix it.

Merry Christmas and Happy New Year!

 ;D

Title: Re: Webadmin not Accessible
Post by: theb2b on January 02, 2020, 06:52:31 pm
Unfortunately I don't have access to the WebAdmin GUI so I will need to figure out how to create new set of certificates from the command line that will be usable by Zentyal.

Just as a thought does Zentyal use openssl certs and if so then I should be able to run openssl to generate a cert?

I do have a wildcard cert for my web server from Lets Encrypt, I remember one contributor to this site came up with a script to incorporate Lets Encrypt certs into Zentyal I'll see if I can find that post and member and give it a go.
Title: Re: Webadmin not Accessible
Post by: doncamilo on January 03, 2020, 10:20:12 am
 :)

Upss... I'm sorry, I forgot about the main problem!

Read this: https://doc.zentyal.org/en/ca.html#let-s-encrypt-configuration (https://doc.zentyal.org/en/ca.html#let-s-encrypt-configuration)

Cheers!
Title: Re: Webadmin not Accessible
Post by: theb2b on January 05, 2020, 08:20:46 pm
That did it! Followed the directions posted by user nontrival on incorporating Lets Encrypt certs into older version of Zentyal, see this post;

[url]https://forum.zentyal.org/index.php/topic,28251.0.html[url]

Now have access to my webadmin page.

Specifically used these commands from his post
cat /etc/letsencrypt/live/blah.org/privkey.pem /etc/letsencrypt/live/blah.org/cert.pem /etc/letsencrypt/live/blah.org/fullchain.pem > /tmp/temp.pem
cp -f /tmp/temp.pem /var/lib/zentyal/conf/ssl/ssl.pem
chown ebox:adm /var/lib/zentyal/conf/ssl.pem
chmod 600 /var/lib/zentyal/conf/ssl.pem

nontrival doesn't specifically list the chown command but when I copied the ssl.pem ownership was given to zentyal admin user, so I switched it to ebox and adm as the other certs in that directory are listed as ebox and adm, thought it best to keep users the same.

Huge thank you to doncamilo for pointing me in the right direction to figure this out!
Title: Re: Webadmin not Accessible [SOLVED]
Post by: Neustradamus on January 18, 2021, 06:23:09 am
Since my first ticket for Let's Encrypt support: https://github.com/zentyal/zentyal/issues/1836 (it has been closed by Zentyal Team).

I have created a second ticket for Let's Encrypt support which has been closed by Zentyal Team too.

I have created a third ticket for Let's Encrypt support, can you like, comment on it?
- https://github.com/zentyal/zentyal/issues/2015