Error: <username> user can't use IP xxx.xxx.xxx.xxx when adding domain

Community Support
1

Hi all,

I got the message Error: user can’t use IP xxx.xxx.xxx.xxx when I try to add a new domain, or I want to setup an SSL cert.
Screenshot from 2023-12-28 10-52-55

Then I tried to use the CLI but got the same error.

user@server:~# bash v-add-domain <username> <domain>
Error: <username> user can't use IP xxx.xxx.xxx.xxx
Error: can't add web domain

It will happen by all users,.

It is an server which has already some users and websites on it so it worked before.
When i take a look at the network page /list/ip/ I still see the IP address in the list with 11 domains and owner admin. But i didn’t change anything on this.

Anyone else who have seen this before and knows how to fix this?

Thank you!

2

Owner should admin
Status should be “shared”

3

Thank you for your quick response @eris

The status is shared :slight_smile:

Screenshot from 2023-12-28 11-48-05
Screenshot from 2023-12-28 11-48-051040×145 15.8 KB

4

grep “^OWNER” /usr/local/hestia/data/users/{user}/user.conf | cut -f 2 -d '

Where {user} is the “user”

5

There are no matches.
When i look at the file I see:

IP_AVAIL='1'
IP_OWNED='0'

Here is a dump of the hole file:

NAME=''
PACKAGE='default'
WEB_TEMPLATE='default'
PROXY_TEMPLATE='hosting'
BACKEND_TEMPLATE='default'
DNS_TEMPLATE='default'
WEB_DOMAINS='unlimited'
WEB_ALIASES='unlimited'
DNS_DOMAINS='unlimited'
DNS_RECORDS='unlimited'
MAIL_DOMAINS='unlimited'
MAIL_ACCOUNTS='unlimited'
RATE_LIMIT='200'
DATABASES='unlimited'
CRON_JOBS='unlimited'
DISK_QUOTA='unlimited'
BANDWIDTH='unlimited'
NS='ns1.domain.nl,ns2.domain.nl'
SHELL='nologin'
BACKUPS='1'
CONTACT='[email protected]'
CRON_REPORTS='yes'
MD5='**************************************'
RKEY='*****************'
TWOFA=''
QRCODE=''
PHPCLI=''
ROLE='user'
SUSPENDED='no'
SUSPENDED_USERS='0'
SUSPENDED_WEB='0'
SUSPENDED_DNS='0'
SUSPENDED_MAIL='0'
SUSPENDED_DB='0'
SUSPENDED_CRON='0'
IP_AVAIL='1'
IP_OWNED='0'
U_USERS='0'
U_DISK='2022'
U_DISK_DIRS='53'
U_DISK_WEB='1858'
U_DISK_MAIL='98'
U_DISK_DB='13'
U_BANDWIDTH='4210'
U_WEB_DOMAINS='5'
U_WEB_SSL='5'
U_WEB_ALIASES='4'
U_DNS_DOMAINS='3'
U_DNS_RECORDS='39'
U_MAIL_DOMAINS='4'
U_MAIL_DKIM='4'
U_MAIL_ACCOUNTS='5'
U_MAIL_SSL='1'
U_DATABASES='6'
U_CRON_JOBS='0'
U_BACKUPS='1'
LANGUAGE=''
THEME=''
NOTIFICATIONS='no'
PREF_UI_SORT='name'
LOGIN_DISABLED='no'
LOGIN_USE_IPLIST='no'
LOGIN_ALLOW_IPS=''
TIME='15:25:47'
DATE='2023-09-15'
6

This is the check that fails:

I wonder where it fails in those 2 checks…

7

It fails at https://github.com/hestiacp/hestiacp/blob/f95d4686f6fa32f95d141fc1f6583093f45ba96d/func/ip.sh#L276C3-L278C5

$ip_owner is filled with: admin
$user is empty
$owner is empty

The script i created is:

#!/bin/bash

# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
source $HESTIA/func/ip.sh
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# load config file
source_conf "$HESTIA/conf/hestia.conf"

local_ip="$1"
        if [ ! -e "$HESTIA/data/ips/$1" ]; then
                nat=$(grep -H "^NAT='$1'" $HESTIA/data/ips/*)
                if [ -z "$nat" ]; then
                        check_result "$E_NOTEXIST" "IP $1 doesn't exist"
                else
                        nat=$(echo "$nat" | cut -f1 -d: | cut -f7 -d/)
                        local_ip=$nat
                fi
        fi
        if [ -n "$2" ]; then
                if [ -z "$nat" ]; then
                        ip_data=$(cat $HESTIA/data/ips/$1)
                else
                        ip_data=$(cat $HESTIA/data/ips/$nat)
                fi
                ip_owner=$(echo "$ip_data" | grep OWNER= | cut -f2 -d \')
                ip_status=$(echo "$ip_data" | grep STATUS= | cut -f2 -d \')
                if [ "$ip_owner" != "$user" ] && [ "$ip_status" = 'dedicated' ]; then
                        check_result "$E_FORBIDEN" "$user user can't use IP $1"
                fi
                get_user_owner
                echo "$ip_owner $user $owner"
                if [ "$ip_owner" != "$user" ] && [ "$ip_owner" != "$owner" ]; then
                        check_result "$E_FORBIDEN" "$user user can't use IP $1"
                fi
        fi

Executed with: bash iptest.sh <ip> <user>
Hopefully this is helpfull?

8

Add

user=“$2”

Before
source $HESTIA/func/main.sh
other wise the look for $USER_DATA will fail as user has not been set yet…

9

I did what you said but got still the error on the same lines.

10

Execute the debug to know where exactly it fails:

bash -x iptest.sh <ip> <user>
11

That gives us a lot of data, this is the last part of the response:

++ cut -f2 -d \'
+ ip_owner=admin
++ echo 'OWNER='\''admin'\''
STATUS='\''shared'\''
NAME='\'''\''
U_SYS_USERS='\''admin,<user>,THEUSER,<user>,<user>,<user>,<user>'\''
U_WEB_DOMAINS='\''11'\''
INTERFACE='\''eth0'\''
NETMASK='\''255.255.255.0'\''
NAT='\'''\''
TIME='\''17:42:19'\''
DATE='\''2023-07-22'\'''
++ grep STATUS=
++ cut -f2 -d \'
+ ip_status=shared
+ '[' admin '!=' THEUSER ']'
+ '[' shared = dedicated ']'
+ get_user_owner
+ '[' -z '' ']'
+ owner=
+ echo 'admin THEUSER '
admin THEUSER 
+ '[' admin '!=' THEUSER ']'
+ '[' admin '!=' '' ']'
+ check_result 10 'THEUSER user can'\''t use IP XXX.XXX.XXX.XXX'
+ '[' 10 -ne 0 ']'
+ local err_code=10
+ [[ -n '' ]]
+ echo 'Error: THEUSER user can'\''t use IP XXX.XXX.XXX.XXX'
Error: THEUSER user can't use IP XXX.XXX.XXX.XXX
+ log_event 10 ' '\''XXX.XXX.XXX.XXX'\'' '\''THEUSER'\'''
+ '[' -z '' ']'
++ date '+%F %T'
++ basename iptest.sh
+ LOG_TIME='2023-12-28 15:54:03 iptest.sh'
+ '[' 10 -eq 0 ']'
+ echo '2023-12-28 15:54:03 iptest.sh  '\''XXX.XXX.XXX.XXX'\'' '\''THEUSER'\'' [Error 10]'
+ exit 10
12

Show the output of this command (replace HereYourIP with the actual ip):

cat -A /usr/local/hestia/data/ips/HereYourIP
13

Here are the results which looks fine to me?

OWNER='admin'$
STATUS='shared'$
NAME=''$
U_SYS_USERS='admin,<user>,<user>,THEUSER,<user>,<user>,<user>'$
U_WEB_DOMAINS='11'$
INTERFACE='eth0'$
NETMASK='255.255.255.0'$
NAT=''$
TIME='17:42:19'$
DATE='2023-07-22'$
14

Ok, now this:

Note: if the THEUSER is omug we can use it, I prefer to use real data:

cat -A /usr/local/hestia/data/users/omug/user.conf

Because the problem seems is in the function get_user_owner in $HESTIA/func/main.sh, it should return admin as the owner and it doesn’t:

get_user_owner() {
        if [ -z "$RESELLER_KEY" ]; then
                owner='admin'
        else
                owner=$(grep "^OWNER" $USER_DATA/user.conf | cut -f 2 -d \')
                if [ -z "$owner" ]; then
                        owner='admin'
                fi
        fi
}
15

Strange thing in both cases owner should be “admin” as $RESELLER_KEY is currently never used and even if $owner is missing it should still return “admin”

1 Like
16

Here by the data of omug.

I know real data is better but i don’t want to share all the users and personal data of them for ever on a forum. Thats why i’m replacing some data :slight_smile:

NAME='Aartsie'$
PACKAGE='default'$
WEB_TEMPLATE='default'$
PROXY_TEMPLATE='hosting'$
BACKEND_TEMPLATE='default'$
DNS_TEMPLATE='default'$
WEB_DOMAINS='unlimited'$
WEB_ALIASES='unlimited'$
DNS_DOMAINS='unlimited'$
DNS_RECORDS='unlimited'$
MAIL_DOMAINS='unlimited'$
MAIL_ACCOUNTS='unlimited'$
RATE_LIMIT='200'$
DATABASES='unlimited'$
CRON_JOBS='unlimited'$
DISK_QUOTA='unlimited'$
BANDWIDTH='unlimited'$
NS='ns1.domain.nl,ns2.domain.nl'$
SHELL='nologin'$
BACKUPS='1'$
CONTACT='[email protected]'$
CRON_REPORTS='yes'$
MD5='*********************************************'$
RKEY='****************'$
TWOFA=''$
QRCODE=''$
PHPCLI=''$
ROLE='user'$
SUSPENDED='no'$
SUSPENDED_USERS='0'$
SUSPENDED_WEB='0'$
SUSPENDED_DNS='0'$
SUSPENDED_MAIL='0'$
SUSPENDED_DB='0'$
SUSPENDED_CRON='0'$
IP_AVAIL='1'$
IP_OWNED='0'$
U_USERS='0'$
U_DISK='156'$
U_DISK_DIRS='1'$
U_DISK_WEB='155'$
U_DISK_MAIL='0'$
U_DISK_DB='0'$
U_BANDWIDTH='372'$
U_WEB_DOMAINS='1'$
U_WEB_SSL='1'$
U_WEB_ALIASES='1'$
U_DNS_DOMAINS='1'$
U_DNS_RECORDS='10'$
U_MAIL_DOMAINS='0'$
U_MAIL_DKIM='0'$
U_MAIL_ACCOUNTS='0'$
U_MAIL_SSL='0'$
U_DATABASES='3'$
U_CRON_JOBS='0'$
U_BACKUPS='1'$
LANGUAGE='en'$
THEME=''$
NOTIFICATIONS='no'$
PREF_UI_SORT='name'$
LOGIN_DISABLED='yes'$
LOGIN_USE_IPLIST='no'$
LOGIN_ALLOW_IPS=''$
TIME='22:54:42'$
DATE='2023-09-04'$
17

That is ok.

I understand but as you already posted the user in the first coment… let’s use it :wink:

As @eris said, it is really strange.

Show the entire output of (I know it could be a large output):

bash -x /usr/local/hestia/bin/v-add-web-domain omug HereTheDomain >/tmp/debug_add_web_domain 2>&1

Now edit file /tmp/debug_add_web_domain and replace sensitive data and once done send it to us or paste in in any service like gist, pastebin, termin, etc.

If you want to use termbin:

Note: if you don’t have nc you can install it: apt install netcat-openbsd

cat /tmp/debug_add_web_domain | nc termbin.com 9999

And you will receive a url that you can post here.

18

Strange, its adding the domain now with the command you send me.
But when I choose to add it by the control panel it still doesn’t work.

Here is the data its generated:
https://gitlab.com/-/snippets/3634858

19

Ok, great.

Are you proxying your Hestia’s domain with Cloudflare or similar?

Try to use other clean browser and/or use private/incognito mode.

20

Try with v-add-web-domain user domain.com ip

Panel always includes the selected ip

@Aartsie off course …

1 Like