Issue 403 nginx and Permission denied on all domains and subdomains

[MK-IT Services]

Hello Guys,

first of all:

English isn't my first language so excuse me, if the sentence construction looks a bit weird

Today i updated my Production Server from Plesk 12.5.30 to 17.0.17. No big deal i thought, but after i updated, only my first webspace act normaly. all others are showing 403 errors or they cant read any css files out of any subfolder.

The proxy_error.log and error.log are showing errors like this:

2016/11/21 22:50:56 [error] 5115#0: *563 openat() "/var/www/vhosts/teamdivinely.com/beta.teamdivinely.com/img/partners/sc_logo/1.png" failed (13: Permission denied), client: 109.91.38.234, server: beta.teamdivinely.com, request: "GET /img/partners/sc_logo/1.png HTTP/1.1", upstream: "http://62.141.41.27:7080/img/partners/sc_logo/1.png", host: "beta.teamdivinely.com", referrer: "http://beta.teamdivinely.com/"

I have tried to use

plesk repair fs

and

plesk repair web

but none of them helped me with my problem.

Advanced Informations about my System:

Plesk Before: 12.5 Last Update
Plesk Now: 17.0 Update #17
OS: Debian 7.11
Hoster: webtropia.com
Location: Dusseldorf, Germany

I hope you guys can help me

Regards,

Marcel Kuhla
MK-IT Services

 

[UFHH01]

Hi MK-IT Services,

pls. make sure that the system-user "psacln" has group-rights for the apache2/nginx - groups "www-data" ( CentOS/RHEL - based systems = apache ) and "nginx", when you use php-fpm on your (sub)domain ( PHP - requests are handled by "domain_system_user : psacln" ):

usermod -a -G psacln www-data
usermod -a -G psacln nginx

If this didn't already solved your issue, even that you restarted the depending services, pls. post the output from:

ls -la /var/www/vhosts/teamdivinely.com/beta.teamdivinely.com
ls -la /var/www/vhosts/teamdivinely.com​

... for further investigations.

 

[MK-IT Services]

Hi UFHH01,

sadly it dont do anything Here are the Requestet Outputs:

ls -la /var/www/vhosts/teamdivinely.com/beta.teamdivinely.com

drwxr-x--- 10 teamdivinely psaserv 4096 Nov  4 03:23 .
drwx--x---  6 teamdivinely psaserv 4096 Nov  4 03:23 ..
-rw-r--r--  1 teamdivinely psacln  3735 Nov  4 05:00 _functions.php
-rw-r--r--  1 teamdivinely psacln   224 Oct 12 11:08 _mysql.php
-rw-r--r--  1 teamdivinely psacln  1629 Nov  4 04:59 _settings.php
drwxr-xr-x  3 teamdivinely psacln  4096 Oct 17 09:07 cache
drwxr-xr-x  2 teamdivinely psacln  4096 Nov  3 16:56 css
-rw-r--r--  1 teamdivinely psacln   878 Oct 13 18:21 favicon.ico
drwxr-xr-x  4 teamdivinely psacln  4096 Oct 12 11:25 flags
drwxr-xr-x  3 teamdivinely psacln  4096 Oct 13 19:00 func
-rw-r--r--  1 teamdivinely psacln   641 Oct 14 09:31 history.php
-rw-r--r--  1 teamdivinely psacln   405 Nov  3 23:41 home.php
drwxr-xr-x 11 teamdivinely psacln  4096 Nov  3 23:51 img
-rw-r--r--  1 teamdivinely psacln  5311 Nov  5 22:45 index.php
drwxr-xr-x  2 teamdivinely psacln  4096 Oct 13 20:18 js
-rw-r--r--  1 teamdivinely psacln   684 Nov  4 04:25 langswitch.php
drwxr-xr-x  4 teamdivinely psacln  4096 Nov  4 03:23 languages
-rw-r--r--  1 teamdivinely psacln   750 Nov  3 23:23 media.php
-rw-r--r--  1 teamdivinely psacln   582 Nov  3 23:12 navigation.php
-rw-r--r--  1 teamdivinely psacln   119 Nov  2 12:02 news.php
-rw-r--r--  1 teamdivinely psacln  1423 Nov  2 19:44 partners.php
-rw-r--r--  1 teamdivinely psacln   507 Nov  3 23:58 sc_advt.php
-rw-r--r--  1 teamdivinely psacln   216 Nov  3 23:42 sc_facebook.php
-rw-r--r--  1 teamdivinely psacln   615 Nov  4 04:44 sc_language.php
-rw-r--r--  1 teamdivinely psacln   787 Nov  2 18:27 sc_partners.php
-rw-r--r--  1 teamdivinely psacln     0 Oct 13 17:49 sc_social.php
-rw-r--r--  1 teamdivinely psacln  1021 Nov  3 23:55 sc_streams.php
-rw-r--r--  1 teamdivinely psacln  1400 Oct 17 09:01 sc_twitter.php
-rw-r--r--  1 teamdivinely psacln  2378 Nov  3 00:38 streams-update.php
-rw-r--r--  1 teamdivinely psacln  2921 Nov  3 01:00 streams.php
-rw-r--r--  1 teamdivinely psacln  4286 Nov  3 23:04 team.php
drwxr-xr-x  2 teamdivinely psacln  4096 Nov  4 02:03 templates

ls -la /var/www/vhosts/teamdivinely.com

drwx--x---  6 teamdivinely psaserv 4096 Nov  4 03:23 .
drwxr-xr-x 15 root         root    4096 Nov 14 16:56 ..
drwxr-x--- 10 teamdivinely psaserv 4096 Nov  4 03:23 beta.teamdivinely.com
drwxr-xr-x  2 teamdivinely psaserv 4096 Sep 28 03:45 error_docs
drwxr-x---  3 teamdivinely psaserv 4096 Nov  2 05:05 httpdocs
drwx------  3 teamdivinely root    4096 Nov 22 01:00 logs

One more:

As it looks, it only infects css & img files on subdomains and anything on domains itself

Regards

Marcel

 

[UFHH01]

Hi MK-IT Services,

did you probably forgot, that when you use apache2 + ".htaccess" - files, in combination with NGINX, that nginx can't read ".htaccess" - files, so that you have to convert these rules with for example the free Plesk extension => "htaccess to nginx" - converter?

Btw. most "CMS" publisher ( like your "eSport CMS 1.0" version ), provide as well additional ( standard ) nginx - rewrites for their "CMS", which you could add very easily over "Home > Subscriptions > YOUR-DOMAIN.COM > Apache & nginx Settings > ( textbox at ) Additional nginx directives"

 

[MK-IT Services]

Hi MK-IT Services,

did you probably forgot, that when you use apache2 + ".htaccess" - files, in combination with NGINX, that nginx can't read ".htaccess" - files, so that you have to convert these rules with for example the free Plesk extension => "htaccess to nginx" - converter?

Btw. most "CMS" publisher ( like your "eSport CMS 1.0" version ), provide as well additional ( standard ) nginx - rewrites for their "CMS", which you could add very easily over "Home > Subscriptions > YOUR-DOMAIN.COM > Apache & nginx Settings > ( textbox at ) Additional nginx directives"

The Content Management System is my own so not really Also there are no .htaccess file in that specific folder as you can see. Also it all worked well before the update...

There are 4 different Content Management Systems installed on that machine webSPELL, Wordpress, Pagekit and my own and on the Hostdomain "mk-it-services.de" it all works just fine, but on all other domains and subdomains something doesnt work and it has something to do with the webhost proxy

Edit:

As seen on this Thread : https://talk.plesk.com/threads/webs...ond-properly-on-port-7080.340170/#post-812159

That is also my Problem. On Port 7081 the most Pages work

 

[UFHH01]

Hi MK-IT Services,

The Content Management System is my own...

source code from: http://beta.teamdivinely.com/

...
<meta name="generator" content="eSport CMS v1.0">
...

Also there are no .htaccess file in that specific folder as you can see

If that CMS is based on for example "Laravel", then you should be aware, that the recommendation is to use:

...
    if (!-d $request_filename) {
        rewrite     ^/(.+)/$ /$1 permanent;
    }
...

... as NGINX directive.

Some CMS work without additional nginx directives and some don't... it really depends on rewrites here.

Also it all worked well before the update...

Are you sure, that you you used the very same webserver - configuration(s) and the same PHP - handler before your update?

 

[MK-IT Services]

The CMS is based on pure PHP+MySQL, no additional Framework for now.

I haven't changed anything before and after the update to 17.07 so if plesk didn't changed anything, i also dont.

I now have deactivated nginx as a reserve-proxy and all is working again, so it has something to do with the nginx config