I’m getting 503 errors on all domains on a Hestia server when trying to access webmail.domain.tld.
Can anyone point me at where I’d find the error log for that? The /var/log/roundcube error log only has a couple of entries from 2020, so guessing that’s not it.
Cheers,
Pete
Hello @Pete,
Here are the logs:
/var/log/nginx/domains/webmail.domain.tld.log
/var/log/nginx/domains/webmail.domain.tld.error.log
Cheers,
sahsanu
Thanks sahsanu,
I took a look in there and the error logs also seems to have nothing about why visiting webmail.domain.tld would throw a 503 error. Any suggestions as to where to look next?
Cheers,
Pete
/var/log/nginx/access.log
/var/log/nginx/error.log
Hmmm… nothing in there either.
So it only happens with webmail (all other http(s) connections are fine). What script runs before launching Roundcube? I wonder if there’s something up with that?
Roundcube is not launched/started, roundcube is a php app so no need to start it, but it should be installed and configured.
Did you add webmail.domain.tld manually as web domain or alias of main domain?
webmail.domain.tld is pointing to your hestia server?
Are you using some proxy like Cloudflare?
HI Sahsanu,
I didn’t add it manually, but allowed Hestia to create it when adding the domain. And, this error occurs on all domains on that server. I have 4 other Hestia servers configured in the same way (OS, Hestia version, etc), and those are all fine. It’s just this one that doesn’t seem to want to play ball with Webmail.
The global nature of it, and being a 503 error makes me think is a misconfiguration below user-level, but lack in finding a server log to understand the 503 makes it tricky to troubleshoot.
Cheers,
Pete
Hi @Pete,
Could you please show the output of this command?
v-list-mail-domain HereYourUser HereYourDomain | grep WEBMAIL
WEBMAIL_ALIAS: webmail.[domain.tld]
WEBMAIL: roundcube
That is ok,
Could you please show the output of this command?
Note: Replace example.com by your real domain. The sed part is to replace your domain by domain.tld so you don’t need to do it manually.
curl -ikL http://webmail.example.com | sed 's/example\.com/domain\.tld/g'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 162 100 162 0 0 13500 0 --:--:-- --:--:-- --:--:-- 13500
100 428 100 428 0 0 3147 0 --:--:-- --:--:-- --:--:-- 3147
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 22 Oct 2023 09:16:44 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://webmail.domain.tld/
HTTP/2 503
server: nginx
date: Sun, 22 Oct 2023 09:16:44 GMT
content-type: text/html; charset=iso-8859-1
content-length: 428
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Unavailable</title>
</head><body>
<h1>Service Unavailable</h1>
<p>The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.</p>
<p>Additionally, a 503 Service Unavailable
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
Are you using Nginx standalone or Nginx+Apache?
I did the default install of Hestia, so that’s Nginx+Apache, isn’t it?
Ok, show the content of these files (change YourUser by the real user and the same for domain.tld):
cat /home/YourUser/conf/mail/domain.tld/nginx.ssl.conf
cat /home/YourUser/conf/mail/domain.tld/apache2.ssl.conf
Also, the output of:
systemctl status nginx
systemctl status apache2
systemctl status php8.2-fpm
cat /home/username/conf/mail/domain.tld/nginx.ssl.conf
server {
listen X.X.X.X:443 ssl http2;
server_name webmail.domain.tld mail.domain.tld;
root /var/lib/roundcube;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/webmail.domain.tld.log combined;
error_log /var/log/nginx/domains/webmail.domain.tld.error.log error;
ssl_certificate /home/username/conf/mail/domain.tld/ssl/domain.tld.pem;
ssl_certificate_key /home/username/conf/mail/domain.tld/ssl/domain.tld.key;
ssl_stapling on;
ssl_stapling_verify on;
location ~ /\.(?!well-known\/) {
deny all;
return 404;
}
location ~ ^/(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
return 404;
}
location / {
proxy_pass https://X.X.X.X:8443;
try_files $uri $uri/ =404;
alias /var/lib/roundcube/;
location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
expires 7d;
fastcgi_hide_header "Set-Cookie";
}
}
location /error/ {
alias /var/www/document_errors/;
}
location @fallback {
proxy_pass https://X.X.X.X:8443;
}
proxy_hide_header Upgrade;
include /home/username/conf/mail/domain.tld/nginx.ssl.conf_*;
}
cat /home/username/conf/mail/domain.tld/apache2.ssl.conf
<VirtualHostX.X.X.X:8443>
ServerName webmail.domain.tld
ServerAlias mail.domain.tld
Alias / /var/lib/roundcube/
Alias /error/ /home/username/web/domain.tld/document_errors/
#SuexecUserGroup username username
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /home/username/conf/mail/domain.tld/ssl/domain.tld.crt
SSLCertificateKeyFile /home/username/conf/mail/domain.tld/ssl/domain.tld.key
<Directory "/usr/share/tinymce/www/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Directory /var/lib/roundcube/>
Options +FollowSymLinks
# This is needed to parse /var/lib/roundcube/.htaccess. See its
# content before setting AllowOverride to None.
AllowOverride All
order allow,deny
allow from all
</Directory>
# Protecting basic directories:
<Directory /var/lib/roundcube/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/lib/roundcube/temp>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
<Directory /var/lib/roundcube/logs>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>
IncludeOptional /home/username/conf/mail/domain.tld/apache2.ssl.conf_*
systemctl status nginx
* nginx.service - nginx - high performance web server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2023-04-15 07:52:40 BST; 6 months 8 days ago
Docs: https://nginx.org/en/docs/
Process: 5465 ExecReload=/bin/sh -c /bin/kill -s HUP $(/bin/cat /var/run/nginx.pid) (cod
Main PID: 25693 (nginx)
Tasks: 10 (limit: 4915)
CGroup: /system.slice/nginx.service
|- 5515 nginx: worker process
|- 5516 nginx: worker process
|- 5518 nginx: worker process
|- 5519 nginx: worker process
|- 5520 nginx: worker process
|- 5521 nginx: worker process
|- 5522 nginx: worker process
|- 5523 nginx: worker process
|- 5524 nginx: cache manager process
`-25693 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
Oct 21 07:52:15 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 21 07:52:15 servername.domain.tld systemd[1]: Reloaded nginx - high performance web
Oct 21 11:04:31 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 21 11:04:31 servername.domain.tld systemd[1]: Reloaded nginx - high performance web
Oct 21 11:04:55 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 21 11:04:55 servername.domain.tld systemd[1]: Reloaded nginx - high performance web
Oct 22 07:52:11 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 22 07:52:12 servername.domain.tld systemd[1]: Reloaded nginx - high performance web
Oct 23 07:52:12 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 23 07:52:12 servername.domain.tld systemd[1]: Reloaded nginx - high performance web
systemctl status apache2
* apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2023-10-21 11:04:55 BST; 1 day 22h ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 3826 ExecStop=/usr/sbin/apachectl graceful-stop (code=exited, status=0/SUCCESS)
Process: 4923 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 3831 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 3834 (apache2)
Tasks: 56 (limit: 4915)
CGroup: /system.slice/apache2.service
|-3834 /usr/sbin/apache2 -k start
|-5055 /usr/sbin/apache2 -k start
|-5065 /usr/sbin/apache2 -k start
`-5066 /usr/sbin/apache2 -k start
Oct 21 11:04:55 servername.domain.tld systemd[1]: Started The Apache HTTP Server.
Oct 22 07:52:07 servername.domain.tld systemd[1]: Reloading The Apache HTTP Server.
Oct 22 07:52:07 servername.domain.tld apachectl[15513]: AH00558: apache2: Could not reli
Oct 22 07:52:07 servername.domain.tld systemd[1]: Reloaded The Apache HTTP Server.
Oct 22 08:13:50 servername.domain.tld systemd[1]: Reloading The Apache HTTP Server.
Oct 22 08:13:50 servername.domain.tld apachectl[21218]: AH00558: apache2: Could not reli
Oct 22 08:13:50 servername.domain.tld systemd[1]: Reloaded The Apache HTTP Server.
Oct 23 07:52:07 servername.domain.tld systemd[1]: Reloading The Apache HTTP Server.
Oct 23 07:52:07 servername.domain.tld apachectl[4923]: AH00558: apache2: Could not relia
Oct 23 07:52:07 servername.domain.tld systemd[1]: Reloaded The Apache HTTP Server.
I don’t have php8.2 installed, so here’s php7.4 (do you think installing 8.2 will help?)
systemctl status php7.4-fpm
* php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled
Active: active (running) since Thu 2023-08-03 03:41:22 BST; 2 months 20 days ago
Docs: man:php-fpm7.4(8)
Process: 29486 ExecStopPost=/usr/lib/php/php-fpm-socket-helper remove /run/php/php-fpm.s
Process: 14220 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)
Process: 29489 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm
Main PID: 29487 (php-fpm7.4)
Status: "Processes active: 2, idle: 2, Requests: 3128955, slow: 0, Traffic: 0.7req/sec"
Tasks: 5 (limit: 4915)
CGroup: /system.slice/php7.4-fpm.service
|- 5541 php-fpm: pool domain.tld
|-19112 php-fpm: pool domain.tld
|-20446 php-fpm: pool domain.tld
|-21045 php-fpm: pool domain.tld
`-29487 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
Aug 03 03:41:22 servername.domain.tld systemd[1]: Starting The PHP 7.4 FastCGI Process M
Aug 03 03:41:22 servername.domain.tld systemd[1]: Started The PHP 7.4 FastCGI Process Ma
What OS and Hestia version are you using?
Show the output of these commands:
apache2ctl -M | grep mpm
cat /etc/apache2/conf.d/hestia*
lsof -Pn +c0 -i:9000
Hestia v1.7.10
apache2ctl -M | grep mpm
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using servername.domain.tld. Set the 'ServerName' directive globally to suppress this message
mpm_event_module (shared)
cat /etc/apache2/conf.d/hestia*
<IfModule mpm_event_module>
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
</IfModule>
lsof -Pn +c0 -i:9000 came back blank
Ok, one more output:
cat /etc/php/7.4/fpm/pool.d/www.conf
cat /etc/php/7.4/fpm/pool.d/www.conf
cat: /etc/php/7.4/fpm/pool.d/www.conf: No such file or directory
Create file /etc/php/7.4/fpm/pool.d/www.conf with this content:
; origin-src: deb/php-fpm/www.conf
[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = www-data
group = www-data
pm = ondemand
pm.max_children = 4
pm.max_requests = 4000
pm.process_idle_timeout = 10s
And restart php-fpm:
systemctl restart php7.4-fpm