Posts Tagged ‘proxy’

Troubleshooting “server-manager” in SME Server

Friday, November 19th, 2010

Originally this post was going to document my troubleshooting of my login problem with the web based administrative interface of SME Server 7 after my bare (virtual) metal restore. In the end, I gave up fixing the problem, and did the upgrade via CD to SME Server 8 beta 6.  This didn’t turn out to be an easy fix, and I also had my eye on some nice benefits to upgrading to SME8, such as PHP5 and MySQL5 (finally!)

The following now serves as a review of how I think the “server-manager” interface is delivered in SME’s architecture.  It’s elegant, but complex.

The exact error was:

Forbidden
You don’t have permission to access /server-manager on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Unfortunately, I just didn’t know how to troubleshoot this error.  A lot of the problem was that SME is more complex than your normal web server do to  security precautions.

This is how I think the “server-manager” GUI is hosted:

  • You normally go to https://192.168.81.1/server-manager (or whatever your server’s local IP is)
  • The web server, “httpd”, which runs as user www and group www (which I assume has minimal permissions) then reverse proxies to a second httpd process, httpd-admin
  • The second Apache server, httpd-admin, runs on port 980, and runs as user admin and group admin.
  • The 2nd web server has it’s own configuration files.
  • The web scripts are in this folder: /etc/e-smith/web/panels/manager/
  • On a fresh install, the Linux admin user is group id 101, and the admin group is id 101 (my restored server had a different group id)