HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Internal 500 error on entry to setup wizard

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#105444 (In Topic #20563)
Lou
Avatar

Fan in training

Attempting to install onto a apache server. I receive the following error at the completion of the install when I attempt to go to the site.

adminzone/index.php?page=admin_setupwizard&type=misc (port 80)

Previous to this there were an fopen error ( allow_url_fopen ) and phpinfo and ini_set error that were corrected when ISP provided me with the php.ini to put in public html directory.

Other than mod_sec maybe being enable I am out of ideas.

Apache Version 2.4.10
PHP Version 5.4.33
MySQL Version 5.5.40-cll
Architecture x86_64
Operating System linux


thanks,

Lou
Back to the top
 
Posted
Rating:
#105445
Avatar

Community saint

There are 2 example htaccess files supplied in the main directory of ocPortal (although they will need renaming or the contents pasted into an existing .htaccess file), so maybe copy the contents of one of the supplied files into the one your ISP provided. Not sure if this will fix your issues, but there's a good chance it will.
Back to the top
 
Posted
Rating:
#105447
Lou
Avatar

Fan in training

Hello KingBast,

Have not tried your method yet as I have ocPortal installed now; did it via the auto installer here. I have no idea just what the problem was but I will look at the original installed files ( I saved them ) and the current installed files. Will compare the htaccess and a few other.

What I have noticed so far though is there were no .htaccess file in the original public_html folder before or after the manual install. Since letting ocPortal do the auto install there is now an .htaccess file in the public folder. So probably your were sending me down the right path.

The auto installer did give me a fopen error but after I copied the php.ini back to the server all performed normally.

If I find any thing else I will post them here. Now, off to learn about ocPortal; I have a SMF forum to take down and replace with ocPortal.

Many thanks,

Lou
Back to the top
 
Posted
Rating:
#105448
Avatar

Community saint

Hi Lou,

Yes, with the manual install you will need to rename or copy the contents of one of the htaccess files supplied. Glad you've got everything up and running now :)
Back to the top
 
Posted
Rating:
#105455
Lou
Avatar

Fan in training

OK, well guys, sorry to say I am moving away from ocPortal. It is just too much trouble to install. Way too much work in needing to edit php.ini to add or make necessary changes and copying php.ini to various directories. Needing to chmod various file permissions should be done automatically by the installer. Too many Internal Server 500 errors at the end of the install and frankly I am not in the mood to chase them down.

Fact is that on this server I can install Joomla and SMF and never have any issues during the install. I won't write ocPortal off as I like the look and potential of the software but frankly, I need to get moving on some stuff and fighting the installer and annoying my host is wearing thin on me.

 
Back to the top
 
Posted
Rating:
#105456
Avatar

Fan in action

Hi Lou,
if you are just evaluating ocPortal, may I suggest that you go for a trial?
Arvixe
is the recommended host for ocPortals and they offer a NSA trial optimised for ocP. Its a very simple set up and you can be mucking about in minuets.
Good luck
JIM

 


Arvixe Web Hosting / ocPortal Community Liaison
Looking for quality ocPortal Web Hosting Look no further than Arvixe Web Hosting!
PM me for an exclusive 20% discount code.
 
Back to the top
 
Posted
Rating:
#105459
Avatar

Okay I'll have to respond ;)

Needing to chmod various file permissions should be done automatically by the installer

This is literally an impossibility. The installer runs with the same permissions as ocPortal, so cannot assign permissions to itself. This would affect any other software too, but as a large system ocPortal likely would have a larger list of directories to chmod.
However the great majority of hosts now run on suexec-style hosting configurations, meaning no chmodding is required.

The issue with allow_url_fopen and ini_set sounds like a locked down PHP installation, possibly they are running something like Suhosin, which is basically a modified version of PHP with additional restrictions. It can cause failures when particular code patterns are running, which can stop ocPortal doing normal things. Ironically in this case it sounds like it was banning our automatic tightening of security, as we turn allow_url_fopen on and off in our code for added security, and only turn it on when absolutely necessary (when a webhost does not have the common PHP curl extension installed, which is the best way for file downloads). Often hosts will make it so the most common software their users run passes through the extra rules okay (either specifically, or just by pre-testing). But I'm afraid this kind of thing does handicap other software that wasn't tested on the particular host.

As for copying php.ini files about, this is the result of a CGI installation of PHP, which isn't ideal. I believe hosts can make it so CGI installs do parse a shared location for customised PHP files, but if not you do need to copy any PHP setting hints all over the place and I agree it's very annoying. Personally I much prefer module installs of PHP which tend to be faster and easier to configure.


I suppose we could try and detect if Suhosin is installed and blocking ini_set calls, but then we'd be lowering our security / compatibility on the host, in order to improve compatibility in a specific unofficial area on that host. It seems a dangerous approach for us to take.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#105461
Avatar

Ah, factual correction – the quick installer, running in FTP mode, will do chmodding, if the server supports doing it via FTP.

I wonder if you're using the manual installer?


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#105462
Lou
Avatar

Fan in training

Well now, just so everyone knows I am not upset, just pressed to get a site up for someone. The installation attempts failed on the auto and the manual methods.

I used cPanel and FileZilla for directory work. The
chmods done by me prior to any install were done based on information from the ocPortal help page for installations. They recommend the file changes so I did them. Probably unnecessary as it seems but I changed them anyway.

On several installs I had to edit/add on the fly the php.ini dealing with fopen, ini_set, phpinfo, and suhosin requirements. Then needed to copy the php.ini to the required directories during install.

The modified php.ini I used contained the suggestions found on the ocPortal help page.

The final attempt was with a new package loaded to the server and a modified php.ini file copied to the required directories and a edited .htaccess file. The install went well and at the end of the install where one is asked to remove the install.php file ( I did so ), I clicked to do the site set up and received a 500 Server error. I could log into the new site but honestly, I cannot turn something over to someone knowing I had that 500 error even if I can log in.

Now, not to kick sand into anyones face, but on this same server space I installed SMF 2.1 beta, Joomla 3.3 and Wordpress 4.0.1 yesterday. All installed cleanly and error free. I tried all three just to ensure my ISP/Host was up to speed on this server.

I have not given up on ocPortal but at present, I need an install that is as easy as SMF, Joomla or Wordpress ( which I do not care for ). I will wait for the 10. release of ocPortal and give it another go at that time. ocPortal does look like something I would want to use.

Kind regards,

Lou

Back to the top
 
Posted
Item has a rating of 5 (Liked by superiorpyro)  
Rating:
#105463
Avatar

Thank you for the clarifications.

I'm not annoyed about anyone being potentially annoyed, just clarifying details for the record. At core the issue is bad restrictions being added by the webhost, and the cards being stacked against us (unintentionally, but that's effect). So I have to defend our approach and software.

Example, ini_set/allow_url_fopen…

We have this code in our startup code…

Code

@ini_set('allow_url_fopen','0');

This code is there to improve security in ocPortal. If we had some bug whereby the user could specify a path of a PHP file to be included, and allow_url_fopen was turned on and left on in a server's default php.ini, it would be the biggest security hole you could possibly imagine.

So, when a webhost disables ini_set or changes to allow_url_fopen, in order to 'secure' things, they are in fact both lowering security in cases like the above, plus blocking perfectly legitimate scripts from running.
(Suhosin is not PHP, it is an unofficial modification that the PHP developers have refused to merge, because they don't agree with it).

Wherever possible we play well with suhosin, in fact we even turn certain suhosin restrictions on, but we do need to be able to call ini_set.

That said, I will look to see if we can make v10 not call ini_set if there's a suhosin block and throw a installer warning if it is disabled. That way it is at the user's own risk and it will work out-of-the-box.


Regarding the '500' thing, this is the main area where cards are stacked. Very likely the host is running mod_security, which normally has explicit rules allowing software like Joomla. i.e. it white-lists request patterns from the most popular software, and because we're not the most popular software, we don't get default consideration. mod_security is an enormous annoyance. I had a conversation with the mod_security developers, saying it breaks web standards and needs to be configurable via .htaccess, and they said it is the responsibility of whoever installs it to make sure it is configured right – while webhosts will talk of it as a standard tool they install out-of-the-box. So nobody takes responsibility for it, and the users are left in the lurch. It's a ridiculous situation.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Item has a rating of 5 (Liked by OneRingRulesLiked by superiorpyro)  
Rating:
#105464
Avatar

That said, I will look to see if we can make v10 not call ini_set and throw a installer warning if it is disabled. That way it is at the user's own risk and it will work out-of-the-box.

I've coded it up for the next patch release of v9 also. It should work okay without ini_set, bar a dozen optional security and safety checks we add through it (added layer of security, not a direct prerequisite to ocPortal being secure). The only real thing that visibly breaks without ini_set is the error log feature, so there'll be a message on there if it is disabled.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Item has a rating of 5 (Liked by superiorpyro)  
Rating:
#105465
Lou
Avatar

Fan in training

Hello Chris,

One can never be faulted for taking the high road for security, that is for certain. Sometimes it may be better to let an installer do its work and then toss out a warning to the user or place a detailed warning in the admin page as a reminder. The user can then pester their host about the matter.

I contacted my Host again today, it seems he does have mod_sec enabled. I had requested it to be disabled on a support ticket several days ago. Apparently he did not do that. Regardless, that is likely why my latest attempt failed when leaving the installer and moving to the site setup step. Honestly, I am a bit irked about this mod_sec being left on. It is what it is but at least I know for a fact the mods I did to php.ini and .htaccess were correct.

Glad to hear about the changes in the installer and I look forward to the patch release. I will be back to download that and give it a go.

Many thanks,

Lou
Back to the top
 
Posted
Item has a rating of 5 (Liked by Guest)  
Rating:
#105493
Avatar

Honoured member

Hi Lou,

I can appreciate the frustrations and struggles you've gone through to get OCP installed.  I can also sympathize with the urgency to get a solution up and running as quickly and painlessly as possible.

I'm sure you've already come to this conclusion but I would strongly urge you to retry OCP and give it another go when you have a chance.  At the bare minimum, you will NEVER have the same level of support from the actual software developer with any other title as you do with OCP, most if not all of us have benefitted tremendously from Chris Grahams knowledge and willingness to help.

Best of luck!

Mark

Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: