Jump to content

Install problems (admin login under OpenBsd)


fmgoodman
 Share

Recommended Posts

I'm brand new here and tried to search but couldn't find an answer to my problem.

Specs: Openbsd 6.4/Apache2.4/Php7.2 (PHP_FPM)/Mariadb10.0

Went through the install and everything went well (eventually), once i fixed any server problems re-did a clean install

Everything is up and happy except...

I can't login to the admin site:

When I click on the admin login link in the footer I get put in my credentials and get:

 ProcessWire: ProcessLogin: This request was aborted because it appears to be forged.

I'm guessing this is some kind of permission error but don't know where to look

Openbsd runs Apache in a chroot jail (/var/www) so all files need to be below that directory for apache to have access to them.

These are from phpinfo:

session.save_path /var/www/lib/php/session
session.cookie_path /var/www/lib/cookie

Any help would be greatly appreciated.

Let me know if there is more info I can provide.

Thanks,
Frank.

Link to comment
Share on other sites

Hello Frank, and welcome to the forum.

I'm going to assume that both those session paths are writable. Are other session settings set correctly, eg, referer_check, etc.?

Is your /site/config.php readable?

Is apache running as the correct user?

Other more knowledgeable people will chime in as they get here, so don't fret.

Glad to have you on board.

  • Like 2
Link to comment
Share on other sites

Thanks Rick,

Yes, the whole site is readable by apache as it's under /var/www.  Apache is running as www.www which matches the permissions.

Apache also has mod_session enabled and I've tried this with chrome and firefox with the same result. Based on the error it seems to be something to do with my session/cookie setup I think but not sure what needs a tweak to get past this.. Can't do much with PW if I can't login as admin.

I've turned on debug in config and got this back trace:

DEBUG MODE BACKTRACE ($config->debug == true):
#0 /sites/myndtyme/htdocs/wire/modules/Inputfield/InputfieldForm.module(154): ProcessWire\SessionCSRF->validate()
#1 /sites/myndtyme/htdocs/wire/core/Wire.php(383): ProcessWire\InputfieldForm->___processInput(Object(ProcessWire\WireInputData))
#2 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___processInput', Array)
#3 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\InputfieldForm), 'processInput', Array)
#4 /sites/myndtyme/htdocs/wire/modules/Process/ProcessLogin/ProcessLogin.module(217): ProcessWire\Wire->__call('processInput', Array)
#5 /sites/myndtyme/htdocs/wire/core/Wire.php(380): ProcessWire\ProcessLogin->___execute()
#6 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___execute', Array)
#7 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\ProcessLogin), 'execute', Array)
#8 /sites/myndtyme/htdocs/wire/core/ProcessController.php(333): ProcessWire\Wire->__call('execute', Array)
#9 /sites/myndtyme/htdocs/wire/core/Wire.php(380): ProcessWire\ProcessController->___execute()
#10 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___execute', Array)
#11 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\ProcessController), 'execute', Array)
#12 /sites/myndtyme/htdocs/wire/core/admin.php(135): ProcessWire\Wire->__call('execute', Array)
#13 /sites/myndtyme/htdocs/wire/modules/AdminTheme/AdminThemeUikit/controller.php(15): require('/sites/myndtyme...')
#14 /sites/myndtyme/htdocs/site/templates/admin.php(15): require('/sites/myndtyme...')
#15 /sites/myndtyme/htdocs/wire/core/TemplateFile.php(287): require('/sites/myndtyme...')
#16 /sites/myndtyme/htdocs/wire/core/Wire.php(380): ProcessWire\TemplateFile->___render()
#17 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___render', Array)
#18 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\TemplateFile), 'render', Array)
#19 /sites/myndtyme/htdocs/wire/modules/PageRender.module(514): ProcessWire\Wire->__call('render', Array)
#20 /sites/myndtyme/htdocs/wire/core/Wire.php(383): ProcessWire\PageRender->___renderPage(Object(ProcessWire\HookEvent))
#21 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___renderPage', Array)
#22 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\PageRender), 'renderPage', Array)
#23 /sites/myndtyme/htdocs/wire/core/WireHooks.php(828): ProcessWire\Wire->__call('renderPage', Array)
#24 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Page), 'render', Array)
#25 /sites/myndtyme/htdocs/wire/modules/Process/ProcessPageView.module(209): ProcessWire\Wire->__call('render', Array)
#26 /sites/myndtyme/htdocs/wire/core/Wire.php(383): ProcessWire\ProcessPageView->___execute(true)
#27 /sites/myndtyme/htdocs/wire/core/WireHooks.php(729): ProcessWire\Wire->_callMethod('___execute', Array)
#28 /sites/myndtyme/htdocs/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\ProcessPageView), 'execute', Array)
#29 /sites/myndtyme/htdocs/index.php(55): ProcessWire\Wire->__call('execute', Array)
#30 {main}
Link to comment
Share on other sites

Hi @fmgoodman

Please post the Apache and the PHP error logs.

Also, what is the ownership of /var/www/lib/php/session|cookie ?

You can also try to troubleshoot by changing the session.save_path and session.cookie_path of your php.ini file from /var/www/lib/php/session|cookie to /tmp

 

If you can't get it working, I offer you a ninja session on your server ?

  • Like 2
Link to comment
Share on other sites

2 hours ago, flydev said:

If you can't get it working, I offer you a ninja session on your serve?

OT: I'm really missing that ninja-emoji from the old invision forum. 

  • Haha 1
Link to comment
Share on other sites

Flydev,

> Please post the Apache and the PHP error logs.

I deleted the logs and restarted, php log is empty, apache log 

>  Also, what is the ownership of /var/www/lib/php/session|cookie ?

I changed the path to remove the php so it's not /var/www/lib/session|cookie

www.www own these directories (same as apache ownership)

> You can also try to troubleshoot by changing the session.save_path and session.cookie_path of your php.ini file from /var/www/lib/php/session|cookie to /tmp

Tried this to no avail.

I also inspected the cookie in Chrome and it listed the path as /var/www/lib/cookie (which is now correct since I removed the php piece from the config)

There is nothing on disk that I can find though.

 

Link to comment
Share on other sites

1 hour ago, fmgoodman said:

Flydev,

> Please post the Apache and the PHP error logs.

I deleted the logs and restarted, php log is empty, apache log is also empty

>  Also, what is the ownership of /var/www/lib/php/session|cookie ?

I changed the path to remove the php so it's now /var/www/lib/session|cookie

www.www own these directories (same as apache ownership)

> You can also try to troubleshoot by changing the session.save_path and session.cookie_path of your php.ini file from /var/www/lib/php/session|cookie to /tmp

Tried this to no avail.

I also inspected the cookie in Chrome and it listed the path as /var/www/lib/cookie (which is now correct since I removed the php piece from the config)

There is nothing on disk that I can find though.

 

4

Edited my typos in quote (see ___).

Not sure where to go from here:

If it helps I have these lines:

mod_session and mod_session_cookie are loaded.

I have the following directives in my vhost files:

Session On
SessionEnv On
SessionCookieName session domain=myndtyme.com
 

 

Link to comment
Share on other sites

1 hour ago, fmgoodman said:

If it helps I have these lines:

mod_session and mod_session_cookie are loaded.

Just a question, did you tried to unload those modules from apache and to run a new ProcessWire installation with a basic configuration to be sure that you can access the backend and login and will also confirm that the server config is ok ?

If you are sure that your apache/php(fpm) configuration is green then try what @Robin S already said, first try to track down the issue with $config->sessionFingerprint

Edit your /wwwroot/site/config.php, add/modify  the two following config vars by referring to the PHP comments below and come back to use with your results.

 

/**
 * Use session challenge?
 * 
 * Should login sessions have a challenge key? (for extra security, recommended)
 *
 * @var bool
 *
 */
$config->sessionChallenge = true; // try without here (set to false)
/**
 * Use session fingerprint?
 * 
 * Should login sessions be tied to IP and user agent?
 * IP fingerprinting may be problematic on dynamic IPs. 
 * Below are the possible values: 
 * 
 * 	0 or false: Fingerprint off
 * 	1 or true: Fingerprint on with default/recommended setting (currently 10). 
 * 	2: Fingerprint only the remote IP
 * 	4: Fingerprint only the forwarded/client IP (can be spoofed)
 * 	8: Fingerprint only the useragent
 * 	10: Fingerprint the remote IP and useragent (default)
 * 	12: Fingerprint the forwarded/client IP and useragent
 * 	14: Fingerprint the remote IP, forwarded/client IP and useragent (all). 
 * 
 * If using fingerprint in an environment where the user’s 
 * IP address may change during the session, you should
 * fingerprint only the useragent, or disable fingerprinting.
 *
 * If using fingerprint with an AWS load balancer, you should 
 * use one of the options that uses the “client IP” rather than 
 * the “remote IP”, fingerprint only the useragent, or disable 
 * fingerprinting.
 * 
 * @var int
 *
 */
$config->sessionFingerprint = 1; // try with different value here

 

Edit:

@fmgoodman Could you also adjust this directive from

SessionCookieName session domain=myndtyme.com

to

SessionCookieName session path=/;domain=myndtyme.com;

 

Edited by flydev
directive
Link to comment
Share on other sites

I changed the SessionCookieName per your instructions.

I've turned sessionChallenge to false

I've cycled through the fingerprint setting.

None of these have made a difference.

I'll try reinstalling a basic site with mod_session and mod_session_cookie not loaded and see if that makes a difference.

 

Link to comment
Share on other sites

Ok, just reinstalled with the "apache session mods" disabled in the server. Installation went fine. Site comes up. Can't login , same error:

 ProcessWire: ProcessLogin: This request was aborted because it appears to be forged.

Something is still wrong with the setup, was there some other meaning to :

1 hour ago, flydev said:

unload those modules from apache and to run a new ProcessWire installation with a basic configuration to be sure that you can access the backend and login and will also confirm that the server config is ok

I'm at a loss, something is not setup right, not sure what.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...