7G Firewall for Nginx

gerta · July 30, 2021, 6:42am

Hi. Tell me how to properly connect 7G Firewall for Nginx to Hestia? according to the instructions, it does not work, Nginx does not restart.

Raphael · July 30, 2021, 6:04pm

I’m sorry, but this is out of the hestia support range. If you want to get it working, you should probaly start with debugging the nginx logs.

gerta · July 30, 2021, 8:56pm

well … besides you and “support” there are 1000 users, and no one knows? I do not believe.
there is nothing in the logs - it is impossible to load the configuration. it’s all.

gerta · July 30, 2021, 8:56pm

and there is no need to mark the decision. if I see a solution, I will mark it myself.

el_dibu · July 31, 2021, 3:11pm

Man, good morning…

if you load it in the way that tells you the tutorial, because you won’t be able to him to make since it doesn’t allow you to make it.
You should load apart from the block " http “, fair under include /etc/nginx/modules-enabled / * .conf”;
it is as only it will load you, but if you don’t prove and you see the logs that gives you the since servant you don’t go that is for where to begin to revizar and power to elucidate where he/she is giving problems, that it is your solution to include it where before I commented
I wait it serves you…

gerta · July 31, 2021, 3:57pm

we still ran into problems. abandoned the panel in favor of another.
the panel does not work correctly with iftop and tcpdump, something interferes with the normal operation of these utilities, causing a processor load of more than 30% (during normal operation - 0-1%), so it is impossible to configure traffic filtering.
the panel has become noticeably slower to work.
problem with nginx and php paths.
and the last straw - editing the firewall and IP List rules causes the network interface to be deleted (for example ens32), after which the server “dies”.
on versions below 1.4.0 there is no such thing, we checked it, but we do not want to use the old version.
thanks and good luck to you.

Raphael · July 31, 2021, 4:22pm

No idea why you have that amount of issues, but it doesnt also make much sense. tcpdump grabs the data from your interface and has nothing to do with hestia itself, further does iplist (and also iptables or/and fail2ban) not delete a nic aswell - you’ll find zero related codeparts in hestia. From here, it sounds more like a problem with your vps and the related network configuration than hestia - and before you answer “yes it does”, please show me one line code in our project, which contains the deletion of a nic (expect v-add/delete-sys-ip which adds/deletes new nics with a :-suffix).

But anyway, infact you already decided to search another panel, we do not need to discuss further. Wish you all the best with your new software.

gerta · July 31, 2021, 5:21pm

I didn’t say the panel is bad. it’s nice, comfortable … but you make a panel for yourself, and focus on Hetzner. there are many servers, many configurations, you cannot make a universal panel for everyone. we tested, we were not satisfied with these minor problems and problems after each update, it is scary to update. therefore we switched to an alternative panel. due to the pricing policy of cPanel, I had to look for options. problems with deleting the network are related to the iptables service (most likely), after restarting this service, the network configuration is overwritten, as if there is no network card, the configs are empty, there are no errors. there is no mood, no time to figure it out. on version 1.3.5 these problems are absent for some reason. good luck.

eris · July 31, 2021, 5:28pm

There was an bug in 1.4.0 up to 1.4.2 (That is also present in VestaCP anyway) it should be right now. We don’t receive a lot of issues reports any more any more.

Raphael · July 31, 2021, 7:01pm

Just in addition, that bug blocked the outgoing network communication, but didnt deleted any network configuration - so there needs to be something else. The upgrade to 1.4.0 was “to big”, we noticed that and as you also can see, we released already 8 new versions since then. Providing now over 12k servers with updates, the feedback about issues went since 1.4.0/1.4.2 to nearly zero - also due to drone testing setup (thanks to @eris).

Also it sounds you have had one server with hestia, which got the issues - or were you able to reproduce this on multiple systems?

And yes, we use hetzner cloudservice for drone testing, but we also have productive and testing systems on proxmox server using either lxc or kvm. We just can’t support every provider with every image - this is impossible. But when hestia runs on a iso installed debian or ubuntu under proxmox kvm, we should fit the most systems.

gerta · July 31, 2021, 7:54pm

we are using a “live” (physical) server, not virtualization. in our country it is cheaper to buy a server and place it in a data center than to rent a virtual server. we use the standard debian image. there is Mikrotik equipment between the server and the Internet, so we use the nat setting … maybe this is the problem … the server is already configured, and there is no way to do tests.

jlguerrero · November 30, 2021, 10:06pm

I just configured 7g firewall for nginx.

dowload the files from here: https://perishablepress.com/downloads/18332/
cp 7g-firewall.conf /etc/nginx/conf.d/
cp 7g.conf /etc/nginx/snippets/
edit /etc/nginx/nginx.conf add this two lines at the very beginning.
#7g Firewall
include /etc/nginx/snippets/7g.conf;

jlguerrero · May 14, 2023, 7:46pm

The automated solution is here: