Debian + HestiaCP - Issue after upgrade from v1.6.1 to v1.7.2

Renato · April 7, 2023, 10:38am

Hello!

I upgraded Debian using:

sudo apt update && sudo apt upgrade && sudo apt dist-upgrade && sudo apt full-upgrade

Everything looks updated now, HestiaCP is finally from v1.6.1 to v1.7.2, the only problem is that I have 3 services not running anymore, I tried to run them through Hestia but they keep being off, the services are the following:

Please ask for any log or info, I would be glad to provide.

Thank you very much!

Renato

ScIT · April 7, 2023, 10:40am

Check the related service logs, for nginx, probaly overwrote apache2 config files during upgrade.

Renato · April 7, 2023, 10:55am

Thank you for answering @ScIT :

[email protected]:/var/log/nginx# cat error.log
2023/04/07 09:58:10 [emerg] 411#411: open() “/etc/nginx/conf.d/cloudflare.inc” failed (2: No such file or directory) in /etc/nginx/nginx.conf:90
2023/04/07 10:14:59 [emerg] 21260#21260: “real_ip_header” directive is duplicate in /etc/nginx/conf.d/cloudflare.inc:29
2023/04/07 10:14:59 [emerg] 21267#21267: “real_ip_header” directive is duplicate in /etc/nginx/conf.d/cloudflare.inc:29
2023/04/07 10:15:24 [emerg] 30773#30773: “real_ip_header” directive is duplicate in /etc/nginx/conf.d/cloudflare.inc:29
2023/04/07 10:27:37 [emerg] 110860#110860: “real_ip_header” directive is duplicate in /etc/nginx/conf.d/cloudflare.inc:29
2023/04/07 10:29:43 [emerg] 395#395: “real_ip_header” directive is duplicate in /etc/nginx/conf.d/cloudflare.inc:29
2023/04/07 10:39:57 [emerg] 7507#7507: “real_ip_header” directive is duplicate in /etc/nginx/conf.d/cloudflare.inc:29
2023/04/07 10:42:28 [emerg] 9684#9684: “real_ip_header” directive is duplicate in /etc/nginx/conf.d/cloudflare.inc:29

[email protected]:/var/log/nginx# cat error.log.1
2023/04/07 01:54:02 [notice] 1027527#1027527: using inherited sockets from “37;38;39;”

I think these probably don’t say so much. Please could you be so kind to let me know what log file you would check? So that I can provide more info. Thank you again!

EDIT:

These are the email received:

While the duplicate header in nginx.conf is the following, and I don’t know which one is the best to comment #:

[email protected]:~# cat /etc/nginx/nginx.conf | grep header
client_header_timeout 18000s;
client_header_buffer_size 2k;
large_client_header_buffers 4 8k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
add_header X-FastCGI-Cache $upstream_cache_status;
[email protected]:~#

[email protected]:/etc/nginx/conf.d# cat cloudflare.inc

Cloudflare IP Ranges

IPv4

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;

IPv6

set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;

real_ip_header CF-Connecting-IP;

I have no idea where all these IP addresses come from.

Renato · April 7, 2023, 11:38am

@ScIT I commented this string in the file cloudflare.inc and I could successfully run the service nginx, was that something that was supposed to be there or I could let it commented?

real_ip_header CF-Connecting-IP;

Also Proftpd fixed. Now I only need to guess how to make exim4 work again.

Renato · April 7, 2023, 11:47am

@ScIT all fixed, also thanks to @eris with his answer in this post: https://forum.hestiacp.com/t/how-to-update-debian-10-to-11-and-hestia-update/4422

I just would like to know if it’s ok to leave real_ip_header CF-Connecting-IP; commented.

Thank you and happy Easter!

eris · April 8, 2023, 9:26am

Remove the real_ip_header CF-Connecting-IP; in /etc/nginx/nginx.conf so it willl not break during next updates

Renato · May 2, 2023, 4:55pm

Hi @eris, sorry if I reply only now. There is no real_ip_header CF-Connecting-IP in /etc/nginx/nginx.conf. The system tried to update Hestia automatically, and I got many issues. By the way, I could access again to HestiaCP commenting again “real_ip_header CF-Connecting-IP;” in cloudflare.inc. How can I avoid this problem in the future? /etc/nginx/nginx.conf doesn’t include that line, could I provide any further details to you? Thank you very much for your help.

eris · May 2, 2023, 5:11pm

We create it in:

/etc/nginx/conf.d/cloudflare.inc

Renato · May 2, 2023, 5:43pm

Yes exactly, that is where I comment (#) the line “real_ip_header CF-Connecting-IP” to make it work again. The problem is that if there is an automatic update of HestiaCP, that line goes back to normal and the # disappears like if the file gets regenerate from scratch somehow, but I would like to avoid this problem.

eris · May 2, 2023, 5:53pm

Does it exists somewhere else In your config file?

It should only exists once and we have +20k servers running without any issue…

Renato · May 2, 2023, 6:27pm

I didn’t configure so much, the server has HestiaCP by default. You can check the file here: https://json.ie/mynginx.txt I pasted it for you.

eris · May 2, 2023, 6:53pm

The line is duplicate…

include /etc/nginx/conf.d/cloudflare.inc;

Renato · May 2, 2023, 6:56pm

I will remove it and I’ll let you know if the issue is solved with the next update, thanks @eris.