Want more timely Centmin Mod News Updates?
Become a Member

roundcube web install 403 error

Discussion in 'Other Web Apps usage' started by hardousse, Feb 24, 2019.

  1. hardousse

    hardousse Active Member

    142
    31
    28
    Dec 15, 2015
    Sweden
    Ratings:
    +47
    Local Time:
    11:50 PM
    1.11.*
    10.1*
    hi
    i am trying to install roundcube on centminmod vhost i donlaod and extract in webfolder and give permission to file but when i want install via webinstller i get Access denied or 403 forbidden.any help ?
     
  2. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    exact steps/commands you used ?
     
  3. hardousse

    hardousse Active Member

    142
    31
    28
    Dec 15, 2015
    Sweden
    Ratings:
    +47
    Local Time:
    11:50 PM
    1.11.*
    10.1*
    Code:
    wget -c https://github.com/roundcube/roundcubemail/releases/download/1.3.8/roundcubemail-1.3.8-complete.tar.gz
    tar xzf roundcubemail-1.3.8-complete.tar.gz
    cd roundcubemail-1.3.8
    mv *  /home/nginx/domains/newdomain.com/public
    chown -R nginx:nginx /home/nginx/domains/newdomain.com/public/*
    because after mv I check permission it's was 501 and 80
     
  4. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  5. hardousse

    hardousse Active Member

    142
    31
    28
    Dec 15, 2015
    Sweden
    Ratings:
    +47
    Local Time:
    11:50 PM
    1.11.*
    10.1*
    Thank you for reply but the path of autoprotect is empty so it's not problem of autoprotect.i will try again
     
  6. eva2000

    eva2000 Administrator Staff Member

    42,079
    9,499
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,615
    Local Time:
    7:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    you may need nginx rewrite rules for web gui roundcube so ask the developers if they have nginx rules