Error logs for webmail

I’m getting 503 errors on all domains on a Hestia server when trying to access webmail.domain.tld.

Can anyone point me at where I’d find the error log for that? The /var/log/roundcube error log only has a couple of entries from 2020, so guessing that’s not it.

Cheers,

Pete

Hello @Pete,

Here are the logs:

/var/log/nginx/domains/webmail.domain.tld.log
/var/log/nginx/domains/webmail.domain.tld.error.log

Cheers,
sahsanu

Thanks sahsanu,

I took a look in there and the error logs also seems to have nothing about why visiting webmail.domain.tld would throw a 503 error. Any suggestions as to where to look next?

Cheers,

Pete

/var/log/nginx/access.log
/var/log/nginx/error.log

Hmmm… nothing in there either.

So it only happens with webmail (all other http(s) connections are fine). What script runs before launching Roundcube? I wonder if there’s something up with that?

Roundcube is not launched/started, roundcube is a php app so no need to start it, but it should be installed and configured.

Did you add webmail.domain.tld manually as web domain or alias of main domain?

webmail.domain.tld is pointing to your hestia server?

Are you using some proxy like Cloudflare?

HI Sahsanu,

I didn’t add it manually, but allowed Hestia to create it when adding the domain. And, this error occurs on all domains on that server. I have 4 other Hestia servers configured in the same way (OS, Hestia version, etc), and those are all fine. It’s just this one that doesn’t seem to want to play ball with Webmail.

The global nature of it, and being a 503 error makes me think is a misconfiguration below user-level, but lack in finding a server log to understand the 503 makes it tricky to troubleshoot.

Cheers,

Pete

Hi @Pete,

Could you please show the output of this command?

v-list-mail-domain HereYourUser HereYourDomain | grep WEBMAIL

WEBMAIL_ALIAS: webmail.[domain.tld]
WEBMAIL: roundcube

That is ok,

Could you please show the output of this command?
Note: Replace example.com by your real domain. The sed part is to replace your domain by domain.tld so you don’t need to do it manually.

curl -ikL http://webmail.example.com | sed 's/example\.com/domain\.tld/g'

	  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
									 Dload  Upload   Total   Spent    Left  Speed
	100   162  100   162    0     0  13500      0 --:--:-- --:--:-- --:--:-- 13500
	100   428  100   428    0     0   3147      0 --:--:-- --:--:-- --:--:--  3147
	HTTP/1.1 301 Moved Permanently
	Server: nginx
	Date: Sun, 22 Oct 2023 09:16:44 GMT
	Content-Type: text/html
	Content-Length: 162
	Connection: keep-alive
	Location: https://webmail.domain.tld/
	
	HTTP/2 503 
	server: nginx
	date: Sun, 22 Oct 2023 09:16:44 GMT
	content-type: text/html; charset=iso-8859-1
	content-length: 428
	
	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
	<html><head>
	<title>503 Service Unavailable</title>
	</head><body>
	<h1>Service Unavailable</h1>
	<p>The server is temporarily unable to service your
	request due to maintenance downtime or capacity
	problems. Please try again later.</p>
	<p>Additionally, a 503 Service Unavailable
	error was encountered while trying to use an ErrorDocument to handle the request.</p>
	</body></html>

Are you using Nginx standalone or Nginx+Apache?

I did the default install of Hestia, so that’s Nginx+Apache, isn’t it?

Ok, show the content of these files (change YourUser by the real user and the same for domain.tld):

cat /home/YourUser/conf/mail/domain.tld/nginx.ssl.conf
cat /home/YourUser/conf/mail/domain.tld/apache2.ssl.conf

Also, the output of:

systemctl status nginx
systemctl status apache2
systemctl status php8.2-fpm

cat /home/username/conf/mail/domain.tld/nginx.ssl.conf

server {
	listen     X.X.X.X:443 ssl http2;
	server_name webmail.domain.tld mail.domain.tld;
	root        /var/lib/roundcube;
	index       index.php index.html index.htm;
	access_log /var/log/nginx/domains/webmail.domain.tld.log combined;
	error_log  /var/log/nginx/domains/webmail.domain.tld.error.log error;

	ssl_certificate     /home/username/conf/mail/domain.tld/ssl/domain.tld.pem;
	ssl_certificate_key /home/username/conf/mail/domain.tld/ssl/domain.tld.key;
	ssl_stapling on;
	ssl_stapling_verify on;

	location ~ /\.(?!well-known\/) {
		deny all;
		return 404;
	}

	location ~ ^/(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
		deny all;
		return 404;
	}

	location / {
		proxy_pass https://X.X.X.X:8443;
		try_files $uri $uri/ =404;
		alias /var/lib/roundcube/;
		location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
			expires 7d;
			fastcgi_hide_header "Set-Cookie";
		}
	}

	location /error/ {
		alias /var/www/document_errors/;
	}

	location @fallback {
		proxy_pass https://X.X.X.X:8443;
	}

	proxy_hide_header Upgrade;

	include /home/username/conf/mail/domain.tld/nginx.ssl.conf_*;
}

cat /home/username/conf/mail/domain.tld/apache2.ssl.conf

<VirtualHostX.X.X.X:8443>
	ServerName webmail.domain.tld
	ServerAlias mail.domain.tld
	Alias / /var/lib/roundcube/
	Alias /error/ /home/username/web/domain.tld/document_errors/
	#SuexecUserGroup username username

	SSLEngine on
	SSLVerifyClient none
	SSLCertificateFile         /home/username/conf/mail/domain.tld/ssl/domain.tld.crt
	SSLCertificateKeyFile      /home/username/conf/mail/domain.tld/ssl/domain.tld.key

	<Directory "/usr/share/tinymce/www/">
	  Options Indexes MultiViews FollowSymLinks
	  AllowOverride None
	  Order allow,deny
	  allow from all
	</Directory>

	<Directory /var/lib/roundcube/>
		Options +FollowSymLinks
		# This is needed to parse /var/lib/roundcube/.htaccess. See its
		# content before setting AllowOverride to None.
		AllowOverride All
		order allow,deny
		allow from all
	</Directory>

	# Protecting basic directories:
	<Directory /var/lib/roundcube/config>
			Options -FollowSymLinks
			AllowOverride None
	</Directory>

	<Directory /var/lib/roundcube/temp>
			Options -FollowSymLinks
			AllowOverride None
		Order allow,deny
		Deny from all
	</Directory>

	<Directory /var/lib/roundcube/logs>
			Options -FollowSymLinks
			AllowOverride None
		Order allow,deny
		Deny from all
	</Directory>

	IncludeOptional /home/username/conf/mail/domain.tld/apache2.ssl.conf_*

systemctl status nginx

* nginx.service - nginx - high performance web server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2023-04-15 07:52:40 BST; 6 months 8 days ago
	 Docs: https://nginx.org/en/docs/
  Process: 5465 ExecReload=/bin/sh -c /bin/kill -s HUP $(/bin/cat /var/run/nginx.pid) (cod
 Main PID: 25693 (nginx)
	Tasks: 10 (limit: 4915)
   CGroup: /system.slice/nginx.service
		   |- 5515 nginx: worker process
		   |- 5516 nginx: worker process
		   |- 5518 nginx: worker process
		   |- 5519 nginx: worker process
		   |- 5520 nginx: worker process
		   |- 5521 nginx: worker process
		   |- 5522 nginx: worker process
		   |- 5523 nginx: worker process
		   |- 5524 nginx: cache manager process
		   `-25693 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf

Oct 21 07:52:15 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 21 07:52:15 servername.domain.tld systemd[1]: Reloaded nginx - high performance web 
Oct 21 11:04:31 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 21 11:04:31 servername.domain.tld systemd[1]: Reloaded nginx - high performance web 
Oct 21 11:04:55 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 21 11:04:55 servername.domain.tld systemd[1]: Reloaded nginx - high performance web 
Oct 22 07:52:11 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 22 07:52:12 servername.domain.tld systemd[1]: Reloaded nginx - high performance web 
Oct 23 07:52:12 servername.domain.tld systemd[1]: Reloading nginx - high performance web
Oct 23 07:52:12 servername.domain.tld systemd[1]: Reloaded nginx - high performance web 

systemctl status apache2

* apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2023-10-21 11:04:55 BST; 1 day 22h ago
	 Docs: https://httpd.apache.org/docs/2.4/
  Process: 3826 ExecStop=/usr/sbin/apachectl graceful-stop (code=exited, status=0/SUCCESS)
  Process: 4923 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 3831 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 3834 (apache2)
	Tasks: 56 (limit: 4915)
   CGroup: /system.slice/apache2.service
		   |-3834 /usr/sbin/apache2 -k start
		   |-5055 /usr/sbin/apache2 -k start
		   |-5065 /usr/sbin/apache2 -k start
		   `-5066 /usr/sbin/apache2 -k start

Oct 21 11:04:55 servername.domain.tld systemd[1]: Started The Apache HTTP Server.
Oct 22 07:52:07 servername.domain.tld systemd[1]: Reloading The Apache HTTP Server.
Oct 22 07:52:07 servername.domain.tld apachectl[15513]: AH00558: apache2: Could not reli
Oct 22 07:52:07 servername.domain.tld systemd[1]: Reloaded The Apache HTTP Server.
Oct 22 08:13:50 servername.domain.tld systemd[1]: Reloading The Apache HTTP Server.
Oct 22 08:13:50 servername.domain.tld apachectl[21218]: AH00558: apache2: Could not reli
Oct 22 08:13:50 servername.domain.tld systemd[1]: Reloaded The Apache HTTP Server.
Oct 23 07:52:07 servername.domain.tld systemd[1]: Reloading The Apache HTTP Server.
Oct 23 07:52:07 servername.domain.tld apachectl[4923]: AH00558: apache2: Could not relia
Oct 23 07:52:07 servername.domain.tld systemd[1]: Reloaded The Apache HTTP Server.

I don’t have php8.2 installed, so here’s php7.4 (do you think installing 8.2 will help?)
systemctl status php7.4-fpm

* php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled
   Active: active (running) since Thu 2023-08-03 03:41:22 BST; 2 months 20 days ago
	 Docs: man:php-fpm7.4(8)
  Process: 29486 ExecStopPost=/usr/lib/php/php-fpm-socket-helper remove /run/php/php-fpm.s
  Process: 14220 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)
  Process: 29489 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm
 Main PID: 29487 (php-fpm7.4)
   Status: "Processes active: 2, idle: 2, Requests: 3128955, slow: 0, Traffic: 0.7req/sec"
	Tasks: 5 (limit: 4915)
   CGroup: /system.slice/php7.4-fpm.service
		   |- 5541 php-fpm: pool domain.tld
		   |-19112 php-fpm: pool domain.tld
		   |-20446 php-fpm: pool domain.tld
		   |-21045 php-fpm: pool domain.tld
		   `-29487 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)

Aug 03 03:41:22 servername.domain.tld systemd[1]: Starting The PHP 7.4 FastCGI Process M
Aug 03 03:41:22 servername.domain.tld systemd[1]: Started The PHP 7.4 FastCGI Process Ma

What OS and Hestia version are you using?

Show the output of these commands:

apache2ctl -M | grep mpm
cat /etc/apache2/conf.d/hestia*
lsof -Pn +c0 -i:9000

Hestia v1.7.10

apache2ctl -M | grep mpm

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using servername.domain.tld. Set the 'ServerName' directive globally to suppress this message
 mpm_event_module (shared)

cat /etc/apache2/conf.d/hestia*

<IfModule mpm_event_module>
	<FilesMatch \.php$>
		SetHandler "proxy:fcgi://127.0.0.1:9000"
	</FilesMatch>
</IfModule>

lsof -Pn +c0 -i:9000 came back blank

Ok, one more output:

cat /etc/php/7.4/fpm/pool.d/www.conf

cat /etc/php/7.4/fpm/pool.d/www.conf

cat: /etc/php/7.4/fpm/pool.d/www.conf: No such file or directory

Create file /etc/php/7.4/fpm/pool.d/www.conf with this content:

; origin-src: deb/php-fpm/www.conf

[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1

user = www-data
group = www-data

pm = ondemand
pm.max_children = 4
pm.max_requests = 4000
pm.process_idle_timeout = 10s

And restart php-fpm:
systemctl restart php7.4-fpm