TurnKey Linux Virtual Appliance Library

Trouble accessing webmin / phpmyadmin (through a proxy)

I installed turnkey-lamp-2009.02-hardy-x86.iso on a VMware server virtual machine using a static IP address.

Opening http://<ip-address>/ or https://<ip-address>/ I get the welcome page "TurnKey LAMP works!"

Clicking phpinfo or server-status works fine, but clicking webmin or phpmyadmin only displays blank page w/o content.

 

What is ging wrong?

Alon Swartz's picture

Webmin (12321), phpMyAdmin (12322)

Webmin listens on port 12321, phpMyAdmin listens on 12322, both support SSL.
You can access them by typing their addresses into your browser as displayed in the confconsole:
https://appliance_ip:12321
https://appliance_ip:12322
With regards to the welcome page links, what URLs do the hyperlinks link to?

It is not that simple...

These two links are the destinations of the hot links on the welcome page - they are displayed in the URL line of FF after clicking them. But the result is an empty page. One is: https://172.xx.xx.xx:12321/
Liraz Siri's picture

Questions

I can't reproduce this bug, and since nobody else has reported this problem I am going to venture and guess that there is something wrong on your end that is unique to your circumstances and atypical.

It could be a any number of things and I can't even make a good guess because you haven't provded sufficient information on your setup. For example? Where is the client that is trying to access these services? Could there be some kind of firewalling between you and the virtual appliance? Can you verify (e.g., with a diagnostics tool such as netcat) that you can access the ports from your client? Can you run a sniffer (e.g., wireshark is nice and free) to see what is being transmitted on the network?

Found the bad guy

The reason was privoxy. After disabling it, I can log into webmin. But what do I need to do to get it working w/ privoxy?
Liraz Siri's picture

Whitelist

Look for a way to configure a whitelist or equivalent in Privoxy. There has to be some way to selectively disable it for a given address / website.

You know, something like this (all hail Google):

http://www.privoxy.org/faq/configuration.html#WHITELISTS

Interesting

Interrestingly, privoxy only blocks https://xx.xx.xx.xx:12321/ and https://xx.xx.xx.xx:12322/. The symbolic URLs like https://turnkey-lamp/phpinfo.php are not blocked. (turnkey-lamp is defined in /etc/hosts.) Attempts to build a white list didn't help.
Liraz Siri's picture

Ideas

Did you try https://turnkey-lamp:12321/ and https://turnkey-lamp:12322/? Worth a shot...

Your problem is interesting, but it has little to do with TurnKey Linux and unfortunately I'm not a privoxy expert. I did play with it a while back though and I'm sure there is a reasonably simple solution to the issue you are having.

If privoxy is acting up too much, you might want to try asking for help on their support forum at sourceforge or the mailing list.

Thanks

... for your help. Yes, I tried the symbolic links - it doesn't help. I'll try to get help from the privoxy guys.
Jeremy's picture

I have a simmilar problem - sort of...

I have got my testing Turnkey LAMP up and running live online beautifully, but I have noticed that if I contact it remotely the links on the "TurnKey LAMP works!" page are not all correct (I'm using a DynDNS domain). The behaviour is the same as RainGoToSpain was experiencing.

The first 2 links (phpinfo or server-status) work fine. They link to http://my.domain.name:8080/phpinfo.php and http://my.domain.name:8080/server-status respectively (I have to use 8080 as the ISP is blocking 80). But the next 2 links (Webmin and phpMyAdmin) link to https://local.lan.ip:12321/ & https://local.lan.ip:12322/ respectively. I didn't pick it up until I accessed the server remotely (as I didn't notice in the address bar that the address had changed from domain to ip).

Now its not really a biggie as Webmin seems to work ok when you type in https://my.domain.name:12321/ so when I have it all up and running I suspect it'll all be ok (cause I'll be able to make all my own internal links resolve ok) but I was wondering why it does this and if I can somehow fix it? I can see this having the potential to cause problems.
Liraz Siri's picture

I access Webmin via IP address

Strange I wonder what could be happening. During development I pretty much always access the appliance with an IP address and have never encountered any issues. Would be great if someone who is experiencing this problem could get to the bottom of it to see if maybe there is something we could do to counter it.
Jeremy's picture

When I get some time I will investigate

I'm probably not the best person for the job (due to my noobishness) but when I get a chance I'll sit down and try and work it out.

Obviously the first 2 links are relative (to the current address in your address bar) whereas the next 2 are either hard-coded from info somewhere or are for some reason relative to the LAN IP instead of the current address.
Alon Swartz's picture

True, webmin and phpmyadmin are dynamically created

The webmin and phpmyadmin links are created using the variable SERVER_ADDR.

It might be a better idea to use a different variable such as the following which are said to work correctly from behind a proxy server:
HTTP_X_FORWARDED_FOR
HTTP_X_FORWARDED_HOST
HTTP_X_FORWARDED_SERVER

It would be great if someone could test the above, and possibly other variants to find the one which works best in most situations.
Jeremy's picture

Perhaps I'm doing something wrong?

Here's the steps I took:
I edited index.php by adding 6 duplicate lines of code
but on the additional line I replaced SERVER_ADDR with
HTTP_X_FORWARDED_FOR
HTTP_X_FORWARDED_HOST
HTTP_X_FORWARDED_SERVER respectively
so I ended up with something like this:
<a href="https://<?php print $_SERVER{'HTTP_X_FORWARDED_FOR'}; ?>:12321">Web management interface (webmin)</a>

but all I get when I click the links are https://:12321/ (no server address at all, just the port)
I tried restarting the server thinking that must've been my problem but that didn't help at all.

Have I missed something? I told you I was a noob! :)
Any other ideas for me to try?
Jeremy's picture

YAY! Got it!

Awesome. I worked it out.
I had a bit of a read online and found another variable (bit of trial and error actually)

If you use HTTP_HOST instead of SERVER_ADDR it resolves properly. I double checked it using both domain and LAN IP. Works sweet. I assume it would work with a proxy too but not 100% as I haven't checked that.
Liraz Siri's picture

We'll look into changing it

Often SERVER_NAME and HTTP_HOST contain the same value but they're not the same thing. SERVER_NAME is provided by the web server (e.g., Apache configuration) while HTTP_HOST is provided by the client (the value in the Host: field) your client sends out.

HTTP_HOST is more reliable because by providing it the client verified the accessibility of the HTTP_HOST address. Watch out though, since HTTP_HOST is provided by the client you want to filter it for HTML entities before displaying it back to the user, otherwise you can create an XSS vulnerability.

Jeremy's picture

Ok thanks

I'll do some reading about it and post back when I have something that will hopefully do the trick. A quick google bought up a couple of possibilities but I couldn't get them to work.

I guess its time to learn some php!
senguptarudra's picture

How Start

 

I download & install turnkey-lamp-2009.10-2-hardy-x86.iso using VmWare

login to root

root@lamp:~#    // Now what i do to start ( means already start but i don't understand)

how go http://192.168.110.128 , it show when i finish install TUrnkey LAMP using VmWare

 

I am new in PHP & also in TURNKEY , please help me


Jeremy's picture

TKL works best as a headless server

So in your case you'll probably want to access it either from your host system (ie the system you have VMware installed on - assuming its not ESX/ESXi). To ensure trouble free access I strongly suggest you make sure the Networking setting in VMware is set to "Bridged" for your VM.

Point your web browser (on your host) to your TKL server IP which should be clearly displayed in the Config Console of your TKL appliance (in the VMware window) when running (if you don't exit out to the command prompt as it sounds like you have). It should show a welcome page (until you upload your own web page). Also use your web browser to access Webmin, phpMyAdmin and WebShell by appending the appropriate port to your IP in the browser address bar eg https://xxx.xxx.xxx.xxx:12321 (where xxx.xxx.xxx.xxx is the IP address of your TKL server - also note https) to access Webmin.

Other ways that you can access your TKL appliance are (S)FTP and SSH. FTP will allow you to access the filesystem of your appliance (handy to upload new web pages etc). I'd use a client app like Filezilla - but note when connecting use SFTP not FTP. SSH will allow you to access the command line (like where you end up if you exit out of Config Console inside your appliance). If your host system is Linux then SHH is really easy, just open a terminal window and type:

ssh root@<xxx.xxx.xxx.xxx>

If using Windows you will need a client app. PuTTY is one that I've found useful.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)