Support

Hi everyone, Timothy Michel here working for Bernard Douthit.

I created a new server on Linode with an Ubuntu 18.4 LTS LAMP stack, installed a Comodo EV SSL Cert tested the server out and every thing seemed to be working without warning or error and then I restored a Joomla 3.19 website I had installed previously on a SiteGround account on this new LAMP stack.

I added xml support and edited the php,ini files so that everything was according the Akeeba installer suggestions, in other words everything was green on the test page..

I filled in the extra information like cookie path, I just created a folder in public_html called docs and set that as the cookie path.I also set cookie domain as .politea.us. I am suddenly thinking that this might be where the trouble lies.

After all was finished I got a nice landing/login page, but when I tried to login, nothing happened,

I tried to log in in as administrator and the same thing happened.

Any suggestions as to what I might try to resolve this issue?

Oh Yes, the website is https://www.politea.us

Timothy,

What sort of "nothing" happens when you try to log in?  Are you being redirected somewhere, do you get an error message, does it just stay at the landing page?

Let's edit the configuration.php file and take out the cookie settings.  Those normally don't have to be explicitly set.

If that doesn't work, edit configuration.php again and try setting debug to 1.  That won't cure anything, we're looking to force an error message.

Hi, Dale.

OK, I would get the login screen, since the site is down for maintenance, but when I would try to log in, front end or back end, nothing would happen, no error message just a reload of the login screen.

As I was going to get coffee, I thought that maybe the problem has something to do with the fact that during installation I set the cookie domain to .politea.us and the cookie folder to root/docs, which wasn't done when the site was originally installed on sitegrtound.

I deleted and reinstalled without adding cookie information and this time I was able to log into the administrator panel, but got a file not found error when trying to access pages on the front end.

I set the UFW firewall on Ubuntu to deny access to all ports and then went about allowing access to specific ports. I noticed that Joomla uses 6379 and 11211, so I am going about opening that port now. I did this to reduce the exposure to attack through unused port numbers.

So I am opening those ports now and will try again.

I moved this site from Siteground to Linode, from shared hosting to a custom LAMP stack using Ubuntu 19.4 LTS.

by the way, my direct email is [email protected]

I don't think you're on the right track with the ports.  Joomla! is just a bunch of PHP files, they aren't executable, they're just data.  Your Apache server is a program and would use ports 80 and 443.  MySQL would use 3306 (?) but it's unlikely that it needs external access.  PHP is an executable but I don't know of any ports that it uses.

You're making progress to be able to log into the back end.  Please go to Joomla!'s Global Settings and put the site into Debug mode.  See if that gives you an error on the front end.

No error on the front end, no log file generated either.

I am also seeing multiple logins for administrator both front end and back end.

You will probably get to this tomorrow Dale, but I ran the Joomla FPA and that turned up a host of things, most of which I think I can fix.

See: FPA below.

Looks like apache2handler is missing.

Config Mode is 444 Read-Only, what should this be, 644?

I see a long list of problems as well [14-Jul-2020 22:30:59 UTC] PHP Notice: Undefined property: stdClass::$name in /var/www/html/politea.us/public_html/modules/mod_improved_ajax_login/mod_improved_ajax_login.php on line 23, not sure how to fix this, perhaps the developer of this woujld know.

Looks like I am missing a couple PHP extensions: curl, mbstring

I am also missing a slew of Apache modules: mod_expires, mod_security, mod_evasive, mod_dosevasive, mod_qos, mod_userdir

And I need to create a logs/ (Does Not Exist), in web root.

I also see a lot of question marks, but I think I need to get the above things fixed first and then run the FPA again.

I have attached the FPA in BB format: I will be working on fixing as many issues as I can and then I will run the FPA again.

644 is a good permission for configuration.php.  It is sometimes restricted more than that but it is more trouble than it's worth.

I was wondering about that login module.  Please switch to the standard Joomla! module to see if that fixes the front end login problem.  I would fix the PHP and Apache missing module problems before going to that extension's author.  If fixing the modules doesn't make it go away, going to the author is the next step.

The missing modules can cause all sorts of havoc.  You're on to something there.

You do need the log folder as defined in the configuration.php file.  That's just a matter of creating it in the proper location.

Please let me know if you need more help.

It is hard finding all the Apache modules, and then installing then requires getting intimate with them so that I can let traffic trough for the main website address for mod_security for example so that I don't get access denied when trying to access the website.

It also seems like the opensource world is in a bit of disarray, I had trouble finding mod_qos and there was no easy way to install it.

OK, that is my problem, you aren't here to tel me how to configure an Apache server.

One thing you might advise on, however, for a lot of configuration settings that are common for all sites I would be creating a virtual host for on this Apache server, what configuration information would be advisable to place in apache2.conf rather than in .htaccess for each site I create a virtual host for to simplify the .htaccess file?

Thanks, Nicholas. We will be loading other software on this server, like SocialEngline, Jitsi, Drupal/CiviCRM. The one thing that bothered me was that SocialEngine requires that mod_security and mod_evasive be disabled on the server. Can you think of any reason a piece of software would require that? When I run the Joomla FPA, it recommends that these Apache modules be present. I can configure mod_security to let specific IP's through, so I don't understand why a piece of software would want mod_security disabled entirely.

Thanks in advance, I know this is way off topic, but you are the only guy I know that really knows this stuff.

Thanks Nicholas. I was under the impression that all hosting companies had scripts that would modify mod_security2 when someone registered an new IP with them. I thought everything was tighter than a weightlifter's belt to prevent exploits, so I was going to do the same. So just enable or disable in the virtual host file on a per website basis; got it.

Last question, I know it is probably bedtime for you, but why would Joomla's FPA recommend that mod_security be installed and enabled?

And let me not forget to thank you a bunch for responding, I know you're busy and don't have the time to answer all these little arcane questions, and I really do appreciate the fact that you took the time to do so.

Tim Michel

Thanks again, I am currently using Linode to host our sites, another host we are using in Bryzar a managed solution.

What we want to do is build a site that becomes a home for Democratic candidates so that every candidate can get a shot of being elected to office. I am not sure we can do that with managed hosting; but please correct me if I am wrong.

What would you suggest for hosting, I don't want to be in a position where this whole operation could be deplatformed because some stalwart high ranking party official fearing competition uses his or her influence to put pressure on the hosting company. I have seen this happen in other contexts.

We don't have a lot of money but do have some money and need to get our concept at least well enough developed so that we get paid clients and investors to climb on board.

I upgraded to PHP 7.3 and now I have PHP errors, and there were no errors reported in the installation process or restarting Apache2 or rebooting Ubuntu 18.04. So you are right, every little change initiates a cascade of new issues. I am not afraid of learning and I have been reading a lot do far, but it looks like I have just scratched the surface, so the advice you have provided so far has been very welcomed.

Thanks again

Tim Michel

Siteground would be OK, except they just moved to Google servers, and I have no interest in supporting Google. I do use Siteground but since their move to Google, I have been looking elsewhere. BlueHost and HostGator were both purchased by EIG, so they are no longer an option. GoDaddy is a joke

That is why I turned to Linode and OVHCloud where I could have control over my own internet resources.

Never considered Rochen, looks like a choice option. I am not looking for $4.95/mo. hosting plan as that is just shared hosting and will not work in the enterprise environment.

What made me go to Linode is that I wanted to open port 5080 on Siteground to run Jitsi from within Joomla and they told me that I needed to go to a VPS plan to do so. Since I already had a dedicated server on Linode, I saw no reason to upgrade the Siteground plan, plus I already didn't like the fact that they moved to Google servers.

Securing a server is a full time job, in my opinion, and not something that should be taken casually. There are always going to be exploits and the logs need to be reviewed everyday to see what kinds of exploits have been attempted and what measures can be taken to defeat those attempts.

That is why managed hosting makes sense.

Maybe I should ask Linode how much they would charge to manage servers for us. They are a good company as far as I can tell.

Does Rochen have a managed Virtual or Dedicated Private Server option?