Debian 10 hestiacp 1.8.11 (amd64)
There are already active sites on one server. They’re working. I added another one, and it just doesn’t open, the DNS check shows availability. There are no mistakes. But if you open from the same subnet as the server, the domain opens. Help me understand what the problem is?
I checked the firewall , the settings are the same as on other domains
domain orz-design.ru
Hi @Fanuil,
Connecting to port 80 gives a 503 error and connecting to 443 a timeout:
$ curl -IkL -m 30 http://orz-design.ru/
HTTP/1.1 503 Service Unavailable
Server: nginx
Date: Thu, 07 Dec 2023 08:00:34 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2869
Connection: keep-alive
Last-Modified: Wed, 06 Dec 2023 17:23:43 GMT
ETag: "b35-60bda9ce50dc7"
Accept-Ranges: bytes
$ curl -IkL -m 30 https://orz-design.ru/
curl: (28) Operation timed out after 30000 milliseconds with 0 bytes received
Show the output of:
nginx -t
systemctl status nginx
Also, check nginx logs for your domain:
/var/log/nginx/domains/orz-design.ru.log
/var/log/nginx/domains/orz-design.ru.error.log
Hi @sahsanu
Error log empty
nginx it s ok
systemctl status nginx says something?
Restarting nginx changes something?
systemctl restart nginx
Check general nginx logs:
/var/log/nginx/access.log
/var/log/nginx/error.log
Show your nginx conf:
cat /etc/nginx/conf.d/domains/orz-design.ru.conf
Show firewall rules:
iptables -S
As it is really strange that it works only on your subnet… Do you use any other external firewall and/or SPI (Stateful Packet Inspection)?
iptables
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-MAIL
-N hestia
-N fail2ban-RECIDIVE
-N fail2ban-SSH
-N fail2ban-FTP
-N fail2ban-HESTIA
-N fail2ban-WEB
-A INPUT -p tcp -m multiport --dports 25,465,587,110,995,143,993 -j fail2ban-MAIL
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-WEB
-A INPUT -p tcp -m tcp --dport 8083 -j fail2ban-HESTIA
-A INPUT -p tcp -m tcp --dport 21 -j fail2ban-FTP
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A INPUT -p tcp -m multiport --dports 1:65535 -j fail2ban-RECIDIVE
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -s 192.168.1.5/32 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9500:9501 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A fail2ban-MAIL -j RETURN
/etc/nginx/conf.d/domains/site.conf
root@server:~# cat /etc/nginx/conf.d/domains/conf
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://hestiacp.com/docs/server-administration/web-templates.html #
#=========================================================================#
server {
listen 192.168.1.5:80;
server_name site www.site;
error_log /var/log/apache2/domains/site.error.log error;
include /home/ct19435/conf/web/site/nginx.forcessl.conf*;
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
location / {
proxy_pass http://192.168.1.5:8080;
location ~* ^.+\.(css|htm|html|js|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
try_files $uri @fallback;
root /home/ct19435/web/orz-design.ru/public_html;
access_log /var/log/apache2/domains/site.log combined;
access_log /var/log/apache2/domains/site.bytes bytes;
expires max;
}
}
location @fallback {
proxy_pass http://192.168.1.5:8080;
}
location /error/ {
alias /home/ct19435/web/site/document_errors/;
}
include /home/ct19435/conf/web/site/nginx.conf_*;
}
I checked all the logs, there are no errors on this domain. I’ve been suffering for 3 days now. restart nginx not result
iptables looks fine.
Regarding nginx conf, did you replace your domain orz-design.ru with site?
I think the issue is not in your Hestia Server but in the router forwarding the requests to your server.
If you have an access to CLI, execute the following command:
v-update-sys-ip
v-change-web-domain-ip Username orz-design.ru 95.165.101.59 yes
v-rebuild-user Username
Otherwise you will need to find that domain, go into the " Edit Web Domain" and then make sure that the IP Address of this domain shows exactly to 95.165.101.59. Thereafter, click on Save. This should also rebuild the domain with the selected IP.
I however, prefer to execute these scripts on bash rather than depending on php web interface.
@sahsanu
yes, I replaced it because of the limit on the number of links
I thought so too, but there are several sites on this tot server that work and they are all on the same ip address.
@Deepak
root@server:~# cat /usr/local/hestia/data/ips/1
127.0.0.1 192.168.1.5
v-change-web-domain-ip ct19435 orz-design.ru 95.165.101.59 yes
Error: mail domain orz-design.ru doesn’t exist
grep: /usr/local/hestia/data/ips/95.165.101.59: Нет такого файла или каталога
grep: /usr/local/hestia/data/ips/95.165.101.59: Нет такого файла или каталога
Error: Parsing error
in the network settings in hestia, I have
Yes, that is precisely the problem. The network ens18 was not detected on this server from fastvps.
As there exists a file “1”, having wrong entries, you need to delete that IP from above and that file “1” will be removed. Thereafter, make sure that a new file is created on the server having the exact name of the IP and having certain entries for Hestia to use it.
im deleted 1 ip
ls /usr/local/hestia/data/ips/
192.168.1.5
OWNER=‘admin’
STATUS=‘shared’
NAME=‘’
U_SYS_USERS=‘admin,ct19435,pipradio’
U_WEB_DOMAINS=‘9’
INTERFACE=‘ens18’
NETMASK=‘255.255.255.0’
NAT=‘95.165.101.59’
TIME=‘12:21:50’
DATE=‘2021-05-10’
Well you can also do (I did not try):
mv 192.168.1.5 95.165.101.59
After doing so, you will have to edit this renamed file to remove the NAT entry and have it empty:
NAT=‘’
Thereafter, you will be able to work on that file from the hestia admin interface.
Once you will have the system IP accessible from the routers of your provider reaching your VPS, you can execute the command to rebuild the domain (CLI or WEB).
v-change-web-domain-ip Username orz-design.ru 95.165.101.59 yes
v-rebuild-user Username
I think you may want to have Username substituted with ct19435 (or even pipradio for the Blog or server.DNS)
After rebuilding, you will have to check, if the following two files do exists:
/etc/apache2/conf.d/95.165.101.59.conf
/etc/nginx/conf.d/95.165.101.59.conf
Thereafter, your website will be accessible.
I did as you said, but there are no changes. Maybe time should pass? or should I reboot hestia?
Yes, rebooting may help. But I am not sure.
Here, actually it is the apache/nginx problem of binding to a specific IP.
Earlier, your entire Hestia installation was installed on localhost as the network detection did not function as designed. Now, if bot the apache/nginx files with the IP.conf got generated, then it is just the question of binding these two services to that IP reachable from the internet.
Logically, restarting both services will bind them to the public IP.
Before restarting all services, make sure that you do have respective IP inserted by rebuilding everywhere, for example in /etc/nginx/conf.d/95.165.101.59.conf (and in apache2 also):
listen 88.151.32.52:80 default_server;
I assume that you are using apache2 plus nginx. So you will have to discover everywhere in conf that a public IP is inserted by rebuilding that domain or user.
If that does not work, restart the VPS. But I doubt if that works because then there must be one more step missing and that should be taken into fuurther trouble shooting lens.
a miracle did not happen, this domain alone is still not working. all conf files are in place. Although I’m at work now and squid is standing here, you may need to wait a few hours