A new domain is not being opened

Debian 10 hestiacp 1.8.11 (amd64)
There are already active sites on one server. They’re working. I added another one, and it just doesn’t open, the DNS check shows availability. There are no mistakes. But if you open from the same subnet as the server, the domain opens. Help me understand what the problem is?
I checked the firewall , the settings are the same as on other domains
domain orz-design.ru

Hi @Fanuil,

Connecting to port 80 gives a 503 error and connecting to 443 a timeout:

$ curl -IkL -m 30 http://orz-design.ru/
HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Thu, 07 Dec 2023 08:00:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2869
Connection: keep-alive
Last-Modified: Wed, 06 Dec 2023 17:23:43 GMT
ETag: "b35-60bda9ce50dc7"
Accept-Ranges: bytes
$ curl -IkL -m 30 https://orz-design.ru/
curl: (28) Operation timed out after 30000 milliseconds with 0 bytes received

Show the output of:

nginx -t
systemctl status nginx

Also, check nginx logs for your domain:


Hi @sahsanu
Error log empty
nginx it s ok

systemctl status nginx says something?

Restarting nginx changes something?
systemctl restart nginx

Check general nginx logs:


Show your nginx conf:
cat /etc/nginx/conf.d/domains/orz-design.ru.conf

Show firewall rules:
iptables -S

As it is really strange that it works only on your subnet… Do you use any other external firewall and/or SPI (Stateful Packet Inspection)?


-N fail2ban-MAIL
-N hestia
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-WEB
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-WEB
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9500:9501 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A fail2ban-MAIL -j RETURN


 root@server:~# cat /etc/nginx/conf.d/domains/conf
 # Default Web Domain Template                                             #
 # https://hestiacp.com/docs/server-administration/web-templates.html      #
 server {
         server_name site www.site;
         error_log   /var/log/apache2/domains/site.error.log error;
         include /home/ct19435/conf/web/site/nginx.forcessl.conf*;
         location ~ /\.(?!well-known\/|file) {
                 deny all;
                 return 404;
         location / {
                 location ~* ^.+\.(css|htm|html|js|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
                         try_files  $uri @fallback;
                         root       /home/ct19435/web/orz-design.ru/public_html;
                         access_log /var/log/apache2/domains/site.log combined;
                         access_log /var/log/apache2/domains/site.bytes bytes;
                         expires    max;
         location @fallback {
         location /error/ {
                 alias /home/ct19435/web/site/document_errors/;
         include /home/ct19435/conf/web/site/nginx.conf_*;

I checked all the logs, there are no errors on this domain. I’ve been suffering for 3 days now. restart nginx not result

iptables looks fine.

Regarding nginx conf, did you replace your domain orz-design.ru with site?

I think the issue is not in your Hestia Server but in the router forwarding the requests to your server.


If you have an access to CLI, execute the following command:

v-change-web-domain-ip Username orz-design.ru yes
v-rebuild-user Username

Otherwise you will need to find that domain, go into the " Edit Web Domain" and then make sure that the IP Address of this domain shows exactly to Thereafter, click on Save. This should also rebuild the domain with the selected IP.

I however, prefer to execute these scripts on bash rather than depending on php web interface.

yes, I replaced it because of the limit on the number of links
I thought so too, but there are several sites on this tot server that work and they are all on the same ip address.

root@server:~# cat /usr/local/hestia/data/ips/1

v-change-web-domain-ip ct19435 orz-design.ru yes
Error: mail domain orz-design.ru doesn’t exist
grep: /usr/local/hestia/data/ips/ Нет такого файла или каталога
grep: /usr/local/hestia/data/ips/ Нет такого файла или каталога
Error: Parsing error

in the network settings in hestia, I have

Yes, that is precisely the problem. The network ens18 was not detected on this server from fastvps.

As there exists a file “1”, having wrong entries, you need to delete that IP from above and that file “1” will be removed. Thereafter, make sure that a new file is created on the server having the exact name of the IP and having certain entries for Hestia to use it.

im deleted 1 ip
ls /usr/local/hestia/data/ips/


Well you can also do (I did not try):


After doing so, you will have to edit this renamed file to remove the NAT entry and have it empty:


Thereafter, you will be able to work on that file from the hestia admin interface.

Once you will have the system IP accessible from the routers of your provider reaching your VPS, you can execute the command to rebuild the domain (CLI or WEB).

v-change-web-domain-ip Username orz-design.ru yes
v-rebuild-user Username

I think you may want to have Username substituted with ct19435 (or even pipradio for the Blog or server.DNS)

After rebuilding, you will have to check, if the following two files do exists:


Thereafter, your website will be accessible.

I did as you said, but there are no changes. Maybe time should pass? or should I reboot hestia?


Yes, rebooting may help. But I am not sure.

Here, actually it is the apache/nginx problem of binding to a specific IP.

Earlier, your entire Hestia installation was installed on localhost as the network detection did not function as designed. Now, if bot the apache/nginx files with the IP.conf got generated, then it is just the question of binding these two services to that IP reachable from the internet.

Logically, restarting both services will bind them to the public IP.

Before restarting all services, make sure that you do have respective IP inserted by rebuilding everywhere, for example in /etc/nginx/conf.d/ (and in apache2 also):

listen default_server;

I assume that you are using apache2 plus nginx. So you will have to discover everywhere in conf that a public IP is inserted by rebuilding that domain or user.

If that does not work, restart the VPS. But I doubt if that works because then there must be one more step missing and that should be taken into fuurther trouble shooting lens.

a miracle did not happen, this domain alone is still not working. all conf files are in place. Although I’m at work now and squid is standing here, you may need to wait a few hours