Skip to main content

"File not found." instead of custom 404 file with php-fpm enabled

Comments

33 comments

  • cPanelMichael
    Hello @PeteS, I did find one report where a customer successfully used an .htaccess rule like the one below for the individual accounts as an alternative: RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f RewriteRule ^.+\.php$ /404.shtml
    Thank you.
    0
  • PeteS
    Thanks. It just seems like there should be as more universal solution, or that the above solution shouldn't break webmail. I'll post back if I find anything.
    0
  • cPanelMichael
    Thanks. It just seems like there should be as more universal solution, or that the above solution shouldn't break webmail. I'll post back if I find anything.

    Hello Pete, One possible solution here is to enable ProxyErrorOverride under the "Pre Main Include" section in "WHM Home " Service Configuration " Apache Configuration " Include Editor", but with exceptions that exclude proxy subdomains. Here's a third-party URL that may help: How to add exceptions to apache reverse proxy rules Thank you.
    0
  • PeteS
    In glancing at that page I don't see the connection. I'll have to give this further consideration after I get back in the office week after next... :)
    0
  • Rajeeva Lochana
    Add it to the post virtualhost include
    0
  • PeteS
    @rajeevacj Thanks, that works. It solves the problem without breaking webmail.domain.tld.
    0
  • SamuelM
    Hello @PeteS, I am happy to see that rajeevacj's suggestion worked for you! I will mark this thread as solved. Best regards
    0
  • PeteS
    Hello @PeteS, I am happy to see that rajeevacj's suggestion worked for you! I will mark this thread as solved. Best regards

    It would be helpful to update the solution here: so that this problem is avoided. -Pete
    0
  • Rajeeva Lochana
    What do you mean by the above, do you say that the answer should also be answered there, in that thread? I also found an old thread with the same answer by @monkey64
    0
  • PeteS
    What do you mean by the above, do you say that the answer should also be answered there, in that thread? I also found an old thread with the same answer by @monkey64

    I mean that the solution there is not entirely correct (it breaks Webmail), and it can be improved by indicating that the entry should go in post virtualhost include instead. @cPanelMichael and @cPSamuel It is frustrating that a better answer was not provided here by cPanel immediately, since it is a known problem with a solution, and is documented in other threads. (Yes, I searched for it, but was not able to find them until I knew the solution already...) It seems to me that this is a configuration bug that should be rolled into the next version, right? Why distribute something that requires us to make a special configuration to get the "normal/expected" behavior from Apache when PHPFPM in the first place? -Pete
    0
  • Rajeeva Lochana
    I'll answer the same there. Alright. Maybe webmail breaks because it also uses PHP and Apache maybe?
    0
  • Rajeeva Lochana
    And also, I am not sure about cPanel's way of using php-fpm in files, e.g using the proxypass directive
    0
  • PeteS
    Note: Today a client called and said webmail.example.com was giving the error again. I checked multiple other domains (all configured the same for FPM, etc.) and they all worked. It was only affecting one domain (that I could find). I removed the ProxyErrorOverride on directive in the section post virtualhost include of WHM Home " Service Configuration " Apache Configuration " Include Editor and then it worked. I replaced the directive and it still worked. I suspect the Apache restart was the actual solution. -Pete
    0
  • PeteS
    Update: Today most (all?) domains are giving the webmail error. I restarted Apache and can confirm that it is not the solution. I removed the line from the Include Editor and all worked. I replaced it again and some do work (that didn't), others don't. On further testing I found the sites that worked would then stop working after a while. I found that if I clear the browser history for that site ("forget about this site" in FF history, clear all cache in Chrome) that it again works. ("Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required." was my clue.) I'm not sure where to proceed on this aspect of it, because I don't know if it's an issue on the client side or the server side, but it looks like credentials are getting out of sync. Will report back if I find out more... Both these issues are reported by many. I am torn between which problem to address: the webmail subdomain issues caused by the PHP-FPM fix, or the PHP-FPM 404 issue directly. It really seems like either/both should be addressed by cPanel. @cPanelMichael Can cPanel replicate these behaviors on a test server? -Pete
    0
  • Rajeeva Lochana
    @PeteS I think that the way that Apache connects to PHP-FPM in cPanel is the problem here. I advise cPanel to use SetHandler for PHP-FPM. I am serious here. ProxyPass.. or so is sometimes not reliable. I think, SetHandler "proxy:fcgi://localhost:9000"
    is the best way of connecting to PHP-FPM from Apache. Sorry for my late reply. I was offline due to some network issues for like 20 days.
    0
  • PeteS
    Update: After doing a lot of testing I find that enabling ProxyErrorOverride under the "Pre Main Include" *OR* under "Post VirtualHost Include" section in "WHM Home " Service Configuration " Apache Configuration " Include Editor", allows for proper 404 page operation with bad *.php files, *BUT* either one breaks webmail function, and the message (at end of this post) will appear when accessing webmail.domain.tld *IF* it was previously accessed over 9 minutes prior! If the browser cache is cleared, all is well again... for 9 minutes! It appears that something happens or expires after 9 minutes that invalidates some credential. (This is not at any login time, I tested with accounts where there was no automatic webmail login enabled, though it still may be related.) Additionally, users have reported that it will work again, but a great while later (like the next day or longer). So what appears to be the case is that if PHP-FPM is enabled, and ProxyErrorOverride is enabled (to allow custom 404 pages via .htaccess), that info is set and cached in the browser that becomes stale after 9 minutes and then the connection error happens. If the browser cache is cleared, or the credential expires naturally in the browser after a long time, then access works again. Additionally, once a working connection is established, it will work indefinitely as long as the page is refreshed every <9 minutes. Error message: "Access Denied This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request." For now I have removed ProxyErrorOverride to that users can access webmail normally, but that prevents proper 404 errors under certain circumstances. I am only partially clear on how all these pieces fit together and I am not able to find a working solution. Can someone with better understanding shed any light on this? @cPanelMichael Can cPanel replicate these behaviors on a test server? -Pete
    0
  • Rajeeva Lochana
    Oh my, this is because of some some authentication between cpanel and webmail I think.
    0
  • PeteS
    @cPanelMichael can we get some input on this? We have two issues mutually exclusive solutions, it would seem. -Pete
    0
  • PeteS
    *edit* removing double post
    0
  • PeteS
    @cPanelMichael Still would like some cPanel commentary on this. (Could the >9 minute issue we related to the webmail being set to refresh every 10 minutes *I think*?)
    0
  • cPRex Jurassic Moderator
    Hey there! Just to recap, our concern is now that the system only works for 9 minutes after an Apache restart? Is that what we're seeing? Can you post the exact data you're using in the include file(s) so I can do some testing with this?
    0
  • PeteS
    Thank for stepping back into this...
    Hey there! Just to recap, our concern is now that the system only works for 9 minutes after an Apache restart? Is that what we're seeing? Can you post the exact data you're using in the include file(s) so I can do some testing with this?

    Not quite. It's not related to an Apache restart at all. The 9 minutes is in reference to the last time a browser makes connection to the wbmail page (no login required, just access to the page). I don't know what you are referring to when you asked about an include file. This quote from my 4/29/20 post sums up what appears to be the case for any domain configured as described (see that post for details): "So what appears to be the case is that if PHP-FPM is enabled, and ProxyErrorOverride is enabled (to allow custom 404 pages via .htaccess), info is set and cached in the browser that becomes stale after 9 minutes and then the connection error happens. If the browser cache is cleared, or the credential expires naturally in the browser after a long time, then access works again. Additionally, once a working connection is established, it will work indefinitely as long as the page is refreshed every <9 minutes." Steps to replicatet: 1- turn on PHP-FPM for a domain 2- set 404.php error page in .htaccess 3- go to example.com/non-existant.php (you will get "File not found") 4- enable ProxyErrorOverride under the "Pre Main Include" or "Post VirtualHost Include" in WHM Home " Service Configuration " Apache Configuration " Include Editor 5- repeat step 3 (404.php now displays as expected) 6- go to webmail.example.com (you may or may not get the error, depending on previous access to the page) 7- if you get the error, clear cache and it will load the page 8- wait more than 9 minutes (at least in my server's case, not sure if the 9 minutes is universal) and the error will appear/reappear 9- as long ar you continue to refresh each <9 minutes, connection is maintained, otherwise it is lost Please let me know if you can confirm this on a test server.
    0
  • cPRex Jurassic Moderator
    Thanks for the clear details - let me do some testing with this and I'll get back with you soon.
    0
  • cPRex Jurassic Moderator
    So I did the testing and after waiting the 9-10 minutes I get a 401 error. What process are you taking to "reset" that connection to remove the error?
    0
  • PeteS
    So I did the testing and after waiting the 9-10 minutes I get a 401 error. What process are you taking to "reset" that connection to remove the error?

    Thanks for looking into this! That's the part about something being set in the browser's cache... You must either clear the browser cache, or wait (X number of hours, users reported "over night") for the credential to expire naturally in the browser, then access is restored again. Access will be maintained as long as it is refreshed every <9 minutes. Clearly, setting ProxyErrorOverride to on interferes with the normal interaction between webmail and the browser. (I wonder what else it might mess up, potentially.) If that setting is being "abused" in some way as a hack for the PHP-FPM/404 page issue then it should be abandoned as a "solution." But if that is the case, then we need to find out what needs to change with PHP-FPM to allow proper execution of .htaccess code (the real problem here, as I see it). Similarly, I'm not in favor of some "hacky" solution in .htaccess either, because I'd like to not have a special PHP-FPM version of code in them for only some accounts. That would turn into a maintenance nightmare. There are several threads on here about this marked "solved," but that's not really the case AFAIK, as it turned out with this one last year. TL;DR I'd like to get to the bottom of this, not just "make it work."
    0
  • cPRex Jurassic Moderator
    I gotcha - and I've confirmed that as well. I'll make a case with the developers and update this thread soon.
    0
  • cPRex Jurassic Moderator
    I've been doing some more research on this and our documentation at Advanced Apache Configuration | cPanel & WHM Documentation says the following: "We strongly recommend that you do not set the ProxyErrorOverride directive to On in a global include file. This may cause unexpected behavior." I added the "ProxyErrorOverride On" to a specific domain using the userdata includes outlined here:
    0
  • PeteS
    @cPRex Actually this helps a great deal! (I should have researched ProxyErrorOverride myself rather than just take the advice given, even though it was a cPanel staff member.) I agree that we should abandon that usage. I suggest noting this in the other treads that recommend this solution. I see in that doc that " On servers that run PHP-FPM, you cannot use the ErrorDocument directive unless..." I can see how that is find for a use case with one, or very few accounts, but not otherwise. It's not really maintainable solution. In my case I have no desire to customize the vhost for individual domains, and keep that synced with PHP-FPM. So that's out... ;) It just seems wrong for PHP-FPM to break the normal usage of .htaccess for .php files. Would you agree? Is that the focus of CPANEL-36086? Other than monitoring for the case number in change logs (which is kind of obsure and also after the fact), is there a way to follow that? Can you at least flag it i your system to have you update this thread about it, so we will get notified? My solution for now is to not use PHP-FPM if I care about custom php error pages (which I generally set up). Not a stellar solution, though.
    0
  • cPRex Jurassic Moderator
    It just seems wrong for PHP-FPM to break the normal usage of .htaccess for .php files. Would you agree?

    Nope - the way that PHP-FPM handles that is normal, which is why we need that custom include in the first place. The focus of the case is to why adding the customization to an individual vhost isn't working as expected. I'm monitoring that on my end for sure and I'll post something as soon as the developers have had a chance to look.
    0
  • PeteS
    Nope - the way that PHP-FPM handles that is normal, which is why we need that custom include in the first place. The focus of the case is to why adding the customization to an individual vhost isn't working as expected.

    Ok, I will accept your statement, but can you point me to docs that detail why it would be normal or desirable for FPM to prevent ErrorDocument in .htaccess from being honored for php files? I have read the FPM docs in the past (but not the one you cited above about the interaction of FPM, the ProxyErrorOverride directive, and vhost includes. (Sorry, I misunderstood what you meant about includes the firs time - I was thinking php include files. Ha!) I can see that I need to go back and re-read current FPM docs. There are also a number of changes in WHM as well since I last read up on it. More specifically, what I'm saying seems "wrong" is that enabling FPM provides such a terse unhelpful "File not found." message. Wouldn't it be good to have the ability to customize that message (per account, and at least server-wide) in WHM? I haven't found a way to do that manually either, but need to look more. Having to set that any time FPM is enabled for a php site that depends on ErrorDocument is cumbersome. For sites like a Wordpress site, a prime candidate for FPM, this is not an issue since WP handles 404 beautifully. My strategy will now be to not use FPM by default (most of my sites are built in php and expect to use ErrorDocument), but to enable FPM for Wordpress (and similar) sites. Then either add the vhost include for other sites when needed (once it works), or re-write how they handle 404s. Speaking of WHM changes and managing FPM on a per site basis, MultiPHP Manager no longer allows a sort on the PHP-FPM column. Ugh... why? (I believe we used to be able sort that column.) Docs questions: Is there any more detail on what the differnce in behavior is referenced by? "If you set the virtual host"s ProxyErrorOverride directive to On, the server"s error behavior will differ from servers that do not run PHP-FPM and those that do not set the ProxyErrorOverride directive." found Here it says "Include files with local overrides cause the system to permanently disable the Force HTTPS Redirects option in cPanel"s Domains interface (cPanel >> Home >> Domains >> Domains)." This is under "Apply to all virtual hosts on the system" but I want to confirm whether turning on this directive for individual vhosts would have the same effect on force HTTPS for that domain. Hopefully not. Thanks for the help!
    0

Please sign in to leave a comment.